Sverre's questions

I have a cloudformation script in AWS that creates an EC2 instance, with some firewall rules, S3 mappings and other stuff.. and I create a DNS record in route53 for the public ip of the instance, this works well.

Now I need to create another record in DNS of the internal ip of the host (for internal use, so that other instances can talk to this instance without going via the public ip).

I have not found a way to do this. is it possible? does anyone have an example cloudformation script?

I have a juniper SRX340 running as default gateway, I have a linux server (virtual machine actually) running debian 8.

juniper ip: 192.168.1.1 Debian ip: 192.168.1.101 (eth0)

I would like to add more ip addresses on my Debian box, so I create a new sub-interface and give it an ip

debian ip2: 192.168.1.102 (eth0:1)

when I do this, I can not ping the juniper box from the new ip address.. and juniper can not ping the new ip address.

I CAN ping other hosts on the same network from the new ip address and they can ping it... all is well.

so.. the new ip address can not see juiper box, and the juniper box can not see the other ip... so then I try something.

I change the ip address of eth0 to be 192.168.1.102 and now I can ping the juniper box, and the juniper box can ping me back.

then I change it back so that eth0: 192.168.1.101 and eth0:1: 192.168.1.101 and now juniper can ping both ip addresses, and both ip addresses can ping juniper.

so.. then I take the test further and add a 3rd interface eth0:2 and give it the ip 192.168.1.103 and I have the same problem... I can not see juniper, and juniper can not see new ip...

again, if I change the original eth0 to use 103 as ip first, then go back, it works again.. this is very confusing.

any suggestions what is going on here?

junos version 15.1X49-D100.6

PS: this was originally posted in the Network Engineering site, but they refused to look at it, I hope that this community can help me more.

edit: more info on request:

interfaces {
        fxp0 {
            unit 0 {
                family inet {
                    address 10.208.20.17/24;
                }
            }
        }
    }
}
node0 {
    system {
        host-name WON-OSLO-FWA;
    }
    interfaces {
        fxp0 {
            unit 0 {
                family inet {
                    address 10.208.20.16/24;
                }
            }
        }
    }
}

reth2 {
    redundant-ether-options {
        redundancy-group 1;
    }
    unit 0 {
        description ORANGE;
        family inet {
            address 192.168.1.1/24;
        }
    }
}

We have a QNAP QTS TS-451U version 4.3.3.0.229, we have an openLDAP server running version v. 2.4.40 (on Debian 8 server).

I can log in to the web interface with my LDAP user, and I can connect to the NAS using WebDAV (from windows, linux and mac), and that seems fine, (also using LDAP user) but maybe a little slow... The problem is that syslog on the openLDAP server gets 1500 log entries per second! So, I am afraid that if I scale up this system the LDAP server will die on me. The log looks like this:

Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080615 SRCH base="ou=Groups,dc=mycompany,dc=net" scope=1 deref=0 filter="(&(objectClass=posixGroup)(memberUid=admin))"
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080615 SRCH attr=gidNumber
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080615 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080616 SRCH base="ou=Groups,dc=mycompany,dc=net" scope=1 deref=0 filter="(&(objectClass=posixGroup)(memberUid=admin))"
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080616 SRCH attr=gidNumber
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080616 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080617 SRCH base="ou=Groups,dc=mycompany,dc=net" scope=1 deref=0 filter="(&(objectClass=posixGroup)(memberUid=admin))"
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080617 SRCH attr=gidNumber
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080617 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080618 SRCH base="ou=Groups,dc=mycompany,dc=net" scope=1 deref=0 filter="(&(objectClass=posixGroup)(memberUid=admin))"
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080618 SRCH attr=gidNumber
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080618 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080619 SRCH base="ou=Groups,dc=mycompany,dc=net" scope=1 deref=0 filter="(&(objectClass=posixGroup)(memberUid=admin))"
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080619 SRCH attr=gidNumber
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080619 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080620 SRCH base="ou=Groups,dc=mycompany,dc=net" scope=1 deref=0 filter="(&(objectClass=posixGroup)(memberUid=admin))"
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080620 SRCH attr=gidNumber
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080620 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080621 SRCH base="ou=Groups,dc=mycompany,dc=net" scope=1 deref=0 filter="(&(objectClass=posixGroup)(memberUid=admin))"
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080621 SRCH attr=gidNumber
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080621 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080622 SRCH base="ou=Groups,dc=mycompany,dc=net" scope=1 deref=0 filter="(&(objectClass=posixGroup)(memberUid=admin))"
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080622 SRCH attr=gidNumber
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080622 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080623 SRCH base="ou=Groups,dc=mycompany,dc=net" scope=1 deref=0 filter="(&(objectClass=posixGroup)(memberUid=admin))"
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080623 SRCH attr=gidNumber
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080623 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080624 SRCH base="ou=Groups,dc=mycompany,dc=net" scope=1 deref=0 filter="(&(objectClass=posixGroup)(memberUid=admin))"
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080624 SRCH attr=gidNumber
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080624 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080625 SRCH base="ou=Groups,dc=mycompany,dc=net" scope=1 deref=0 filter="(&(objectClass=posixGroup)(memberUid=admin))"
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080625 SRCH attr=gidNumber
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080625 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080626 SRCH base="ou=Groups,dc=mycompany,dc=net" scope=1 deref=0 filter="(&(objectClass=posixGroup)(memberUid=admin))"
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080626 SRCH attr=gidNumber
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080626 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080627 SRCH base="ou=Groups,dc=mycompany,dc=net" scope=1 deref=0 filter="(&(objectClass=posixGroup)(memberUid=admin))"
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080627 SRCH attr=gidNumber
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080627 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080628 SRCH base="ou=Groups,dc=mycompany,dc=net" scope=1 deref=0 filter="(&(objectClass=posixGroup)(memberUid=admin))"
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080628 SRCH attr=gidNumber
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080628 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080629 SRCH base="ou=Groups,dc=mycompany,dc=net" scope=1 deref=0 filter="(&(objectClass=posixGroup)(memberUid=admin))"
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080629 SRCH attr=gidNumber
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080629 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080630 SRCH base="ou=Groups,dc=mycompany,dc=net" scope=1 deref=0 filter="(&(objectClass=posixGroup)(memberUid=admin))"
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080630 SRCH attr=gidNumber
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080630 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080631 SRCH base="ou=Groups,dc=mycompany,dc=net" scope=1 deref=0 filter="(&(objectClass=posixGroup)(memberUid=admin))"
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080631 SRCH attr=gidNumber
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080631 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080632 SRCH base="ou=Groups,dc=mycompany,dc=net" scope=1 deref=0 filter="(&(objectClass=posixGroup)(memberUid=admin))"
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080632 SRCH attr=gidNumber
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080632 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jun 29 15:24:24 MyServer slapd[7328]: conn=1746191 op=1080633 SRCH base="ou=Groups,

I have talked to QNAP support for a couple weeks, but they do not seem to be able to help me.

Maybe you can help?

Extra Note:

If I log in with a local user, WebDAV is much faster, for exmple, I browsed in the explore rand it took 5 seconds with a local user, the same path with an LDAP user took 22 seconds.

but copying a file from my PC to the NAS is about the same speed for both local user and LDAP user.

also, the web-interface is similar speed.. it seems that the worst part is browsing in WebDAV with LDAP user.

I have had this problem a lot, and I was wondering if anyone knows the way to do this. WHAT information do I need to get my warranty lookup for HP(E) Harddrives for proliant servers. so. if you go to this webpage:

http://h20564.www2.hpe.com/hpsc/wc/public/home you can enter 3 pieces of information:

A) Product serial number. B) Product number (this one is only needed if (A) above is not enough). C) Country of purchase.

on the harddrive itself I see about 13 different numbers that could be Serial numbers or Product numbers, and nothing that seem to reflect country. (I have numbered them 1-13 on the screen shot below, please refer to that number if you can help me).

My HDD was purchased from a Norwegian Company, that has its storage/mother company in England, and I know they purchase these all over Europe if not the world.

does anyone has any good way for me to choose what number goes where?

the IKE seems to fail, and I can not figure out why... here is ike log:

Jun 13 10:38:28 No proposal selected in first phase for local=ipv4(any:0,[0..3]=X.X.X.X) remote=ipv4(udp:500,[0..3]=Y.Y.Y.Y)
Jun 13 10:38:32 Phase-1 negotiation failed with error Timeout for p1_local=ipv4(any:0,[0..3]=X.X.X.X) p1_remote=ipv4(udp:500,[0..3]=Y.Y.Y.Y)
Jun 13 10:39:03 The remote server at Y.Y.Y.Y:500 is 'draft-ietf-ipsec-nat-t-ike-02'
Jun 13 10:39:03 Not setting PMDATA_PEER_IS_OURS for Y.Y.Y.Y
Jun 13 10:39:03 The remote server at Y.Y.Y.Y:500 is 'draft-ietf-ipsec-nat-t-ike-03'
Jun 13 10:39:03 Not setting PMDATA_PEER_IS_OURS for Y.Y.Y.Y
Jun 13 10:39:03 The remote server at Y.Y.Y.Y:500 is '4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f'
Jun 13 10:39:03 The remote server at Y.Y.Y.Y:500 is '40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 c0 00 00 00'
Jun 13 10:39:03 No proposal selected in first phase for local=ipv4(any:0,[0..3]=X.X.X.X) remote=ipv4(udp:500,[0..3]=Y.Y.Y.Y)

what I think is stragne is that there are 2x "The remote server at" is that normal?

any suggestions?

In recent weeks I have seen this type of error many times on my debian 6 servers.

I have seen different exit status, 1, 2, 25, 255

 Errors when running cron:
grandchild #10010 failed with exit status 2: 1 Time(s)
grandchild #10042 failed with exit status 2: 1 Time(s)
grandchild #10062 failed with exit status 2: 1 Time(s)
grandchild #10080 failed with exit status 2: 1 Time(s)

or

Errors when running cron:
grandchild #23015 failed with exit status 25: 1 Time(s)
grandchild #23115 failed with exit status 25: 1 Time(s)
grandchild #23223 failed with exit status 25: 1 Time(s)
grandchild #23319 failed with exit status 25: 1 Time(s)
grandchild #23432 failed with exit status 25: 1 Time(s)
grandchild #23510 failed with exit status 25: 1 Time(s)

looking at syslog it looks like this:

Mar  6 06:41:01 myhost /USR/SBIN/CRON[10548]: (www-data) CMD (cd /home/httpd/cgi/inst && /usr/bin/perl /home/httpd/cgi/inst/scheduler.cgi > /dev/null
Mar  6 06:41:01 myhost /USR/SBIN/CRON[10546]: (CRON) error (grandchild #10548 failed with exit status 2)

I have seen this on many servers, with different cronjobs, and I have not yet found out what is going on. so, I have two questions:

1. the exit status codes, what do they mean? (1, 2, 25 or 255).
2. what can I do to test this further? have anyone seen this before?

note: yes I have googled this, but have not found any solution that fits my case.

some of these cron jobs gives error like this every time, others do this only occationally.

the jobs are not all the same, but they would look something like this:

*/1 * * * * www-data cd /home/httpd/sites/cust/cgi/ && perl /home/httpd/sites/cust/mysoft/core/bin/scheduler.pl >> /home/httpd/sites/cyst/logs/scheduler_cron.log 2>&1

let me know if there is any more information I can give you.

I have an apache server with one ip address. (on a debian server).

I have several virtualhosts for http and one virtualhost for https

one vhost, redirect traffic to the https vhost and this works fine, something like this

<VirtualHost *:80>
ServerName mymainsite.com
ServerAlias www.mymainsite.com
ServerAlias myothersite.org
ServerAlias www.myothersite.org
    RewriteEngine on
    RewriteRule ^(.*)$ https://www.mymainsite.com$1 [L,R=301]
(...)

I have another vhost for https, like this

<VirtualHost *:443>
ServerName www.mymainsite.com
(...)

and this works fine, all non https is forwared to https, and that is super.. but then the problem.

some times people go to this url https://www.myothersite.org

and this is answered by the https vhost, and creates a "wrong certificate" error.

Question is: is there a way to prevent this, without using a 2nd ip address, or buying a multi url or wildcard SSL certificate?

edit: just remove some extra text

I am running a box with debian 6.0.8, and DNSMasq 2.55 (from Debian repository).

I use it to resolve some local hostnames, and it mostly works fine. but some times, it will fail to answer requests for a few seconds, and then gets back to normal again.

I am just wondering what could cause these "gaps"?

I have not seen anything wrong in syslog or anything.

We have a HP Proliant Dl360 Gen8 server with the 420i 2Gg disk controller. (646905-421)

we have a couple of the HP Gen8 200GB 6G SAS SLC SSDs (653078-B21), (they run in RAID1)

We run Debian6 on this server, and HP says that the "trim" command is not supported on this controller.

-How will this affect the speed and lifetime of the SSD? -Does anyone know any controller that might do a better job? -has anyone run similar configuration, can you say anything on the lifetime of disks?

I had a Host with Ubuntu 12.10 installed, and the entire harddrive was encrypted (with LUKS it appears), I remember the passphrase, but I have trouble to "open it".

I am now on a beta version of Ubuntu 14.04, installed on a new harddrive. the old hard-drive is also still connected. the new drive is sda and the old drive is sdb

when I try to open the drive in "files" it ask for the passphrase, and when entered says that it does not find a filesystem.

I googled it and found this:

sudo cryptsetup luksOpen /dev/sdb5 myopen

and

sudo mount /mnt/open

with a fstab like this

/dev/mapper/myopen /mnt/open ext4 defaults,noauto 0 1

but I get this error:

mount: wrong fs type, bad option, bad superblock on /dev/mapper/myopen,
       missing codepage or helper program, or other error
       In some cases useful info is found in syslog - try
       dmesg | tail  or so

I would like to connect to a remote MySQL from my host, but the host is behind a ssh proxy, like this.

I have 3 hosts in this problem

• A: my local machine (that can ssh to B)
• B: Intermediate machine that can SSH to C
• C: a remote server running MySQL and allows only connections from localhost (grant)

I use ~/.ssh/config to allow me to ssh directly from A to C (using B as proxy).

Host B
    ProtocolKeepAlives 30
    HostName hostnameofB

Host C
    ProtocolKeepAlives 30
    ProxyCommand ssh -q B nc -q0 hostnameofC 22
    LocalForward 3336 localhost:3306
    Port 21343

I open a ssh from A to C with -vvv and see this:

debug1: Local connections to LOCALHOST:3336 forwarded to remote address localhost:3306

I then try to login to MySQL from A:

mysql -uMyUsername -pMyPassword  DatabaseName -P3336 -h127.0.0.1
ERROR 2013 (HY000): Lost connection to MySQL server at 'reading initial communication packet', system error: 0

(if I try to use -hlocalhost it will try to log in to my local MySQL server, even if I use different ports)

in my SSH -vvv window I also see this:

client-session (t4 r0 i0/0 o0/0 fd 7/8 cc -1)

there is no logs on the C MySQL server.

any good suggestions?