syn4k's questions

I know for a fact that iptables running is causing my instance of Apache Solr to be inaccessible. How do I know this? Because I ran:

/sbin/service iptables save && /sbin/service iptables stop

Once I did this, everything worked flawlessly.

I would like to continue using my firewall however, adding the necessary rules for it doesn't seem to be working. I have exhausted what I thought would work:

/sbin/service iptables start
/sbin/iptables -A RH-Firewall-1-INPUT -p tcp -s 127.0.0.1 --dport 8983 -j ACCEPT
/sbin/service iptables save

Still not working

/sbin/iptables -D RH-Firewall-1-INPUT -p tcp -s 127.0.0.1 --dport 8983 -j ACCEPT
/sbin/iptables -A RH-Firewall-1-INPUT -p tcp --dport 8983 -j ACCEPT
/sbin/service iptables save

Still not working

I even tried doing a general ACCEPT on the 8983 port:

/sbin/iptables -A INPUT -p tcp --dport 8983 -j ACCEPT
/sbin/service iptables save

Still not working!

Ideas?

**/sbin/iptables -L -n -v**

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 215K   50M RH-Firewall-1-INPUT  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:8983 

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 RH-Firewall-1-INPUT  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT 279K packets, 286M bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain RH-Firewall-1-INPUT (2 references)
 pkts bytes target     prot opt in     out     source               destination         
14286   19M ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
    8   672 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 255 
    0     0 ACCEPT     esp  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     ah   --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            224.0.0.251         udp dpt:5353 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:631 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:631 
 181K   29M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    2   164 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:55 
  148  7676 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:8008 
    2   120 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22 
11208  621K ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:80 
 2202  123K ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:443 
 5372  951K REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited

UPDATE (added before last rule):

*# /sbin/iptables -L -n -v --line-numbers*
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1     585K  123M RH-Firewall-1-INPUT  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 RH-Firewall-1-INPUT  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT 782K packets, 822M bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain RH-Firewall-1-INPUT (2 references)
num   pkts bytes target     prot opt in     out     source               destination         
1    31867   43M ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
2       27  2232 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 255 
3        0     0 ACCEPT     esp  --  *      *       0.0.0.0/0            0.0.0.0/0           
4        0     0 ACCEPT     ah   --  *      *       0.0.0.0/0            0.0.0.0/0           
5        0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            224.0.0.251         udp dpt:5353 
6        0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:631 
7        0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:631 
8     502K   76M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
9        4   268 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:55 
10     189  9780 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:8008 
11       8   480 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22 
12   29633 1656K ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:80 
13    6138  345K ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:443 
14   14841 2635K REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

*# /sbin/iptables --insert RH-Firewall-1-INPUT 14 -p tcp --dport 8983 -j ACCEPT
# /sbin/iptables -L -n -v --line-numbers*
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1     599K  127M RH-Firewall-1-INPUT  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 RH-Firewall-1-INPUT  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT 801K packets, 841M bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain RH-Firewall-1-INPUT (2 references)
num   pkts bytes target     prot opt in     out     source               destination         
1    32631   44M ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
2       27  2232 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 255 
3        0     0 ACCEPT     esp  --  *      *       0.0.0.0/0            0.0.0.0/0           
4        0     0 ACCEPT     ah   --  *      *       0.0.0.0/0            0.0.0.0/0           
5        0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            224.0.0.251         udp dpt:5353 
6        0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:631 
7        0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:631 
8     514K   78M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
9        4   268 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:55 
10     292 15136 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:8008 
11       8   480 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22 
12   30425 1701K ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:80 
13    6304  355K ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:443 
14       0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:8983 
15   15130 2690K REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited

Even though the ACCEPT rule was added before the last line of the RH-Firewall-1-INPUT Chain, it is still not working

I have successfully implemented expires headers however, for several days I have been stumped by one thing. This article: http://www.tipsandtricks-hq.com/how-to-add-far-future-expires-headers-to-your-wordpress-site-1533 states

Keep in mind that when you use expires header the files are cached in the browser until it expires so do not use this on files that changes frequently.

Other sites indicate the same in my reading. But this doesn't seem to be true. I have updated an image, using the same name, several times. Each time I update and refresh my browser, the new image (with the same name) displays. I understand from this article that the old image should display unless I use a new name.

Do you happen to know where the misunderstanding is?

I have verified that the image in question has expires headers set on it:

Request Headers:

Host               domain.com
User-Agent         Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.28) Gecko/20120306 Firefox/3.6.28 FirePHP/0.5
Accept             image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language    en-us,en;q=0.5
Accept-Encoding    gzip,deflate
Accept-Charset     ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive         115
Connection         keep-alive
Referer            http://domain.com/index.php
Cookie             __utma=1.61479883.1332439113.1332783348.1332796726.4;     __utmz=1.1332439113.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);PHPSESSID=lv2hun9klt2nhrdkdbqt8abug7; __utmb=1.33.10.1332796726; __utmc=1; ck_authorized=true
x-insight          activate
If-Modified-Since  Mon, 26 Mar 2012 21:55:33 GMT
Cache-Control      max-age=0

Response Headers:

Date           Mon, 26 Mar 2012 22:06:50 GMT
Server         Apache/2.2.3 (CentOS)
Connection     close
Expires        Wed, 25 Apr 2012 22:06:50 GMT
Cache-Control  max-age=2592000

Relevant config (.htaccess):

<IfModule mod_expires.c>
    # Enable Expires Headers for this directory and sub directories that don't override it
    ExpiresActive on

    # Set default expiration for all files
    ExpiresDefault "access plus 24 hours"

    # Add Proper MIME-Type for Favicon
    AddType image/x-icon .ico

    # Set specific expriation by file type
    ExpiresByType application/javascript "access plus 1 month"
    ExpiresByType application/x-javascript "access plus 1 month"
    ExpiresByType text/javascript "access plus 1 month"
    ExpiresByType image/jpg "access plus 1 month"
    ExpiresByType image/gif "access plus 1 month"
    ExpiresByType image/jpeg "access plus 1 month"
    ExpiresByType image/png "access plus 1 month"
    ExpiresByType image/x-icon "access plus 1 month"
    ExpiresByType image/ico "access plus 1 month"
    ExpiresByType image/icon "access plus 1 month"
</IfModule>

I am running MAMP Pro on my machine with all empty Postfix values. Yet, whenever my PHP application calls mail(), mail is being sent out from my machine. In a production environment this would be fine but I am in a development environment. how can i disable outbound mail in postfix? discusses setting the default_transport = error. However, this setting does not appear in /private/etc/postfix/main.cf, additionally, I cannot verify that this is infact what I need. I want to be absolutely sure that mail is disabled. I do want to be able to receive mail from my Entourage client but that's it.

Can anyone help? Many thanks!

Supposedly, if you install a cron and the cron job has an output >/dev/null, it will be sent to the system administrator. Is this true? Where does the email get setup? I don't see anything in /etc/mail.rc on this and there is nothing about mail in the crontab either.

Help?

I was using df -h to print out human readable disk usage. I would like to figure out what is taking up so much space. For instance, is there a way to pipe this command so that it prints out files that are larger than 1GB in size? Other ideas?

Thanks

I have Investigated enabling MySQL query logging. At some point, soon, it would be nice to enable this on my companies production server so that if there is ever a question about queries run against the database, we can see them.

I have found: Add the following line to /etc/my.cnf: log=/var/log/mysql_query.log and restart the MySQL server. I could also profile slow queries: log-slow-queries = /var/log/mysql_slow_queries.log long_query_time = 1.

I have not yet found any documentation detailing log file size capping to ensure that the file does not continue to grow past a certain point. Is anyone aware of such a thing?