Is there a way to make a global alias in Sendmail so it would send email to all users? I tried to create an alias and included the list of all my users, but when I try to process it by m4, I receive an error that the line is too long.
I am new to powershell, but I've been reading manuals and practiced a little bit. My objective is to List all users in all Security Groups under specified path. I have found the way to do it:
get-adgroup -Filter * -SearchBase "OU=Groups,DC=corp,DC=ourcompany,DC=Com" | %{Get-ADGroupMember $_.name} | ft name
But the problem is I do not see the group name. All I get is a bunch of users. It would be nice if someone could tell me how to display the group name before all the members of this group get listed. Thanks.
At my company we have a single Cisco 3925sec/k9 router running BGP with 2 ISPs. Now we want to purchase a redundant router of the same model to eliminate a single point of failure.
I can set up BGP between routers and ISPs no problems. We plan to send out all traffic through ISP A and receive all traffic through ISP B (ISPs send us only default gateways and we can play around with as-prepends and local_pref attributes for that).
So my question is, what is the best solution to make sure I keep the state of static NAT and stateful firewall rules (not ZBF) on both routers at the same time? Again, I want traffic to leave through ISP A and return through ISP B.
Is it possible at all or do you think it would be better to purchase a pair of ASA 5500 series with Active/Active support and do NAT and inspection on them?
We have a couple of branch offices that need to connect to a main site.
We plan to use Cisco ASAs 5515 to establish VPN connections. We would also like to have 2 ISPs at each location to make the connection redundant. Here is the image:
I am a bit new to ASAs so far, so my question is "Is it possible to set up ASA 5515 to use 2 ISPs to have VPN connection with a remote site and in case of the main ISP's failure switch over to backup ISP automatically and then to return back to the main one when the link is reestablished ?"
I have a question about correct isc-dhcp configuration. I want to lease ip addresses to users based on switch port. For this I use DLink DES-3200 series switches. Everything works well, but recently I've decided to lease particular subnet to all unknown user, i.e. not explicitly specified in dhcpd.conf file. Here is a config example: # dhcpd.conf
default-lease-time 30;
max-lease-time 60;
authoritative;
log-facility local7;
option domain-name-servers 8.8.8.8;
include "/usr/local/etc/dhcpd/dhcpd.classes";
shared-network "clients"
{
subnet 10.5.20.0 netmask 255.255.255.0 {}
include "/usr/local/etc/dhcpd/dhcpd.networks";
}
dhcpd.classes
class "10.5.20.4_2" { match if ( substring(option agent.remote-id,2,15)="10.5.20.4" and binary-to-ascii(10, 16, "", substring(option agent.circuit-id, 4, 2)) = "2" ); }
class "10.5.20.4_1" { match if ( substring(option agent.remote-id,2,15)="10.5.20.4" and binary-to-ascii(10, 16, "", substring(option agent.circuit-id, 4, 2)) = "1" ); }
class "10.5.20.2_1" { match if ( substring(option agent.remote-id,2,15)="10.5.20.2" and binary-to-ascii(10, 16, "", substring(option agent.circuit-id, 4, 2)) = "1" ); }
class "10.5.20.2_3" { match if ( substring(option agent.remote-id,2,15)="10.5.20.2" and binary-to-ascii(10, 16, "", substring(option agent.circuit-id, 4, 2)) = "3" ); }
class "10.5.20.2_2" { match if ( substring(option agent.remote-id,2,15)="10.5.20.2" and binary-to-ascii(10, 16, "", substring(option agent.circuit-id, 4, 2)) = "2" ); }
class "10.5.20.2_4" { match if ( substring(option agent.remote-id,2,15)="10.5.20.2" and binary-to-ascii(10, 16, "", substring(option agent.circuit-id, 4, 2)) = "4" ); }
dhcpd.networks
subnet 172.30.20.0 netmask 255.255.255.0
{
option subnet-mask 255.255.255.0;
option routers 172.30.20.1;
pool {range 172.30.20.3; allow members of "10.5.20.4_2"; }
pool {range 172.30.20.2; allow members of "10.5.20.4_1"; }
}
subnet 172.30.160.0 netmask 255.255.255.0
{
option subnet-mask 255.255.255.0;
option routers 172.30.160.1;
pool {range 172.30.160.3; allow members of "10.5.20.2_1"; }
pool {range 172.30.160.4; allow members of "10.5.20.2_3"; }
pool {range 172.30.160.10; allow members of "10.5.20.2_2"; }
pool {range 172.30.160.12; allow members of "10.5.20.2_4"; }
}
So if add add let's say:
subnet 172.20.111.0 netmask 255.255.255.0 {
option routers 172.20.111.1;
max-lease-time 60;
min-lease-time 30;
range 172.20.111.10 172.20.111.20 ;
}
at the end of dhcpd.networks file (which I include into shared-network 'clients' clause, see above), all my clients start getting ip addresses from 172.20.111.0 range, regardless if they have a class specified for their port.
Is there a way to make dhcpd server first look at class declarations and then subnet ?
I'm setting up a freebsd router and want certain IPs on my network to be forwarded to our local webserver if they make port 80 requests. An example would be - banned user tries to surf the web, but all his requests are forwarded to the web page which notifies him that he is banned. As I understand I can use IPFW for this and maybe NATD.
I would be grateful if someone could show me a good example on how to do it.
I'm trying to find live hosts on the network with nmap:
nmap -sP 192.168.3.0/24
Starting Nmap 5.21 ( http://nmap.org ) at 2012-04-10 10:28 EEST
Nmap scan report for km-localhost (192.168.3.1)
Host is up.
Nmap scan report for km-localhost (192.168.3.6)
Host is up (0.00067s latency).
MAC Address: 00:26:18:B8:4E:B8 (Asustek Computer)
Nmap scan report for 192.168.3.7
Host is up (0.00016s latency).
MAC Address: 00:0E:2E:2B:E7:BD (Edimax Technology Co.)
Nmap scan report for km-localhost (192.168.3.11)
Host is up (-0.10s latency).
MAC Address: 6C:F0:49:74:3A:A2 (Giga-byte Technology Co.)
Nmap scan report for 192.168.3.15
Host is up (0.00057s latency).
MAC Address: 00:1F:C6:CF:76:48 (Asustek Computer)
Nmap scan report for km-localhost (192.168.3.22)
Host is up (0.0030s latency).
MAC Address: 00:12:17:6B:0C:DF (Cisco-Linksys)
Nmap scan report for 192.168.3.24
Host is up (-0.10s latency).
MAC Address: 00:02:B3:65:2D:1B (Intel)
Nmap scan report for km-localhost (192.168.3.25)
Host is up (0.00014s latency).
MAC Address: 00:C0:26:A7:6B:0F (Lans Technology CO.)
Nmap done: 256 IP addresses (8 hosts up) scanned in 4.08 seconds
So nmap discovers 8 hosts. Now the problem comes when I'm trying to use IP list instead of cidr.
nmap -sP 192.168.3.1 192.168.3.6 192.168.3.7 192.168.3.11 192.168.3.15 192.168.3.22 192.168.3.24 192.168.3.25
Starting Nmap 5.21 ( http://nmap.org ) at 2012-04-10 10:33 EEST
Nmap scan report for km-localhost (192.168.3.1)
Host is up.
Nmap scan report for km-localhost (192.168.3.15)
Host is up (-0.10s latency).
MAC Address: 00:1F:C6:CF:76:48 (Asustek Computer)
Nmap done: 8 IP addresses (2 hosts up) scanned in 0.24 seconds
Here I supply the list of IP addresses that are all alive, as you can see in previous command, but only 2 hosts out of 8 show up as alive. Can anyone explain this behavior of nmap and maybe tell the work around ?
I want to use nmap in the shell script to quickly determine alive hosts. Previously I used 'fping -a' command, but nmap seems to be better at discovering hosts behind the firewall, so I would like to switch to it without modifying my script too much. Any help will be appreciated.
We have 2 upstreams ISP A and ISP B. ISP A (10Mb/s) is our main upstream with good bandwidth. It sends us default route over bgp. ISP B (2Mb/s) is our backup upstream with a small bandwidth, but it sends us Full Routing Table. I am new to BGP so I'm looking for a way to make sure that most of the inbound and outbound traffic would use ISP A and fail-over to ISP B. What are the best ways to do it?
I've installed squid proxy server for a company and now they ask me to add blacklisting capabilities for squid.
The most obvious thing that comes to mind is just to find a huge blacklist file on the internet and hook it up to squid configuration as external file.
The other option is to use dedicated solution like squidguard.
I also want to include ability to edit and add entries to a black list through web interface. Although it's not strictly necessarily since I can write it myself with php.
I would welcome any suggestions. My main priority is performance and reliability and if possible I'd like to keep it simple.
We've purchased 3 hp proliant dl120 servers. They come with 2 integrated network adapters - HP NC107i PCIe Gigabit Server Adapter which is based on BCM5723.
After Freebsd 9 installation I've discovered a few problems.
After setting up bge0 network interfaces, I've noticed that I was temporarily losing connection with a server for short periods of time. /var/log/messages was filled up with "bge0: watchdog timeout -- resetting" messages.
I've switched to bge1 interface and after a few hours I've noticed that my server froze completely. I tried to do the same on the other server and got the same result.
I'm trying to understand what's going on and can provide more info on request. If anyone could give me a clue if there is a way to fix this problem by patching bge driver or making some tweaks in BIOS ?
Alternatively I could install some linux version on that server instead of freebsd 9 or add discreet intel network adapter.
I've got a brand new cisco router 3925/k9. I wanted to set up a router on a stick on my network, but it turns out it doesn't support vlan sub-interfaces. I did it multiple times in gns3 simulator on other routers, so I am familiar with IOS commands and concepts. I believe this must be a licensing issue, but so far I couldn't find anything on cisco website that explains it. Here is some info from "show version":
ROM: System Bootstrap, Version 15.0(1r)M13, RELEASE SOFTWARE (fc1)
System image file is "flash0:c3900-universalk9-mz.SPA.151-4.M2.bin"
3 Gigabit Ethernet interfaces
1 terminal line
1 Virtual Private Network (VPN) Module
DRAM configuration is 72 bits wide with parity enabled.
255K bytes of non-volatile configuration memory.
250880K bytes of ATA System CompactFlash 0 (Read/Write)
License Info:
-----------------------------------------------------------------
Technology Technology-package Technology-package
Current Type Next reboot
------------------------------------------------------------------
ipbase ipbasek9 Permanent ipbasek9
security securityk9 Permanent securityk9
uc None None None
data None None None
I would appreciate if anyone could give me a clue what I can do to enable vlan support on this router.
Does Freebsd 9 support Z68 chipset like in Intel DZ68BC motherboard? Will I have any "unrecognized device" issues ? What about Freebsd 8? What's the best way to find it out ?