jamieb's questions

I have an AWS EC2 instance, running Amazon Linux, that has two Elastic Network Interfaces (ENIs) attached: eth0 and eth1. I am connecting to the public IP on eth0. Everything works great, except I would like to route unencrypted traffic out of the eth1. i.e. Client connects to eth0 to setup an encrypted VPN tunnel, then his/her unencrypted internet traffic is routed in/out of eth1 and back across the tunnel on eth0.

I don't know enough about iptables to get this config working, despite trying for several hours. I'm hoping this is a simple one?

I've installed the latest version of OpenVPN from source and done the following:

1. Disabled source/dest check on the interfaces
2. Added the following to "rc.local": echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward
3. Added the following iptables commands: iptables -A INPUT -i eth0 -m state --state NEW -p tcp --dport 443 -j ACCEPT iptables -A INPUT -i tun+ -j ACCEPT iptables -A FORWARD -i tun+ -j ACCEPT iptables -A FORWARD -i tun+ -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -i eth0 -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -t nat -A POSTROUTING -s 10.18.14.0/24 -o eth0 -j MASQUERADE

My server config file looks like this:

port 443
proto tcp-server
dev tun
tls-server
server 10.18.14.0 255.255.255.0

ca /etc/openvpn/pki/ca.crt
cert /etc/openvpn/pki/vpnserver.crt
key /etc/openvpn/pki/vpnserver.key
dh /etc/openvpn/pki/dh.pem

ifconfig-pool-persist ipp2.txt 
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"

keepalive 5 15
comp-lzo
max-clients 5
persist-key
persist-tun
status openvpn-status.log
log-append  /var/log/openvpn_road.log
verb 6 
mute 20

tun-mtu 1500
auth SHA1
keysize 128
cipher BF-CBC

I'm setting up an IPSec VPN using a Cisco router. The relevant part of the config:

crypto map MYVPN 10 ipsec-isakmp 
 set peer 173.1.2.3
 set transform-set my-transform 
 set pfs group2
 match address 103

access-list 103 permit ip 84.9.208.128 0.0.0.63 192.168.77.0 0.0.0.255
access-list 103 permit ip 192.168.77.0 0.0.0.255 84.9.208.128 0.0.0.63
access-list 103 permit ip 84.9.206.104 0.0.0.7 192.168.77.0 0.0.0.255
access-list 103 permit ip 192.168.77.0 0.0.0.255 84.9.206.104 0.0.0.7

This allows traffic to/from 192.168.77.0/24 behind the peer. However, I also have another subnet, 192.168.122.0/24 behind the same peer that I would like to allow access. So I've had to modify my ACL to include 192.168.0.0/16:

access-list 103 permit ip 84.9.208.128 0.0.0.63 192.168.0.0 0.0.255.255
access-list 103 permit ip 192.168.0.0 0.0.255.255 84.9.208.128 0.0.0.63
access-list 103 permit ip 84.9.206.104 0.0.0.7 192.168.0.0 0.0.255.255
access-list 103 permit ip 192.168.0.0 0.0.255.255 84.9.206.104 0.0.0.7

Ideally, I don't want this large of a range specified. Is there any way I can specifically configure 192.168.77.0/24 and 192.168.122.0/24?

I'm planning on stacking Dell PowerConnect 6248 switches together. I know that I need one stacking module in each switch, but I'm uncertain about the cabling. Since I only have two switches, do I need to loop them using two cables or will one stacking cable suffice? Thanks!

I used yum to update from kernel 2.6.32-220 to 2.6.32-200.23.1 on my CentOS 6 x64 system. I now receive the following message on the console at boot:

mknod: '/dev/null' : File exists
mknod: '/dev/console: File exists
/init: 102: cannot open /proc/cmdline: No such file
mkdir: cannot create directory '/dev/pts': File exists
dracut: FATAL: No or empty root= argument
dracut: Refusing to continue


Kernel panic - not syncing: Attempted to kill init!

Selecting the older kernel version at boot allows me to boot normally. This problem is reproducible across all four of the VMs I've tried the upgrade on. They're all CentOS 6.2 x64 guests on the same CentOS 6.2 x64 host. The filesystem for each VM lives on a iSCSI SAN volume. Here is the VM's /etc/grub.conf file:

default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title CentOS (2.6.32-220.23.1.el6.x86_64)
        root (hd0,0)
        kernel /vmlinuz-2.6.32-220.23.1.el6.x86_64 ro root=/dev/mapper/vg_main-lv_root rd_NO_LUKS LANG=en_US.UTF-8 rd_LVM_LV=vg_main/lv_swap rd_NO_MD quiet SYSFONT=latarcyrhe
b-sun16 rhgb crashkernel=auto rd_LVM_LV=vg_main/lv_root  rhgb crashkernel=auto quiet  KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM
        initrd /initramfs-2.6.32-220.23.1.el6.x86_64.img
title CentOS (2.6.32-220.7.1.el6.x86_64)
        root (hd0,0)
        kernel /vmlinuz-2.6.32-220.7.1.el6.x86_64 ro root=/dev/mapper/vg_main-lv_root rd_NO_LUKS LANG=en_US.UTF-8 rd_LVM_LV=vg_main/lv_swap rd_NO_MD quiet SYSFONT=latarcyrheb
-sun16 rhgb crashkernel=auto rd_LVM_LV=vg_main/lv_root  rhgb crashkernel=auto quiet  KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM
        initrd /initramfs-2.6.32-220.7.1.el6.x86_64.img
title CentOS (2.6.32-220.4.2.el6.x86_64)
        root (hd0,0)
        kernel /vmlinuz-2.6.32-220.4.2.el6.x86_64 ro root=/dev/mapper/vg_main-lv_root rd_NO_LUKS LANG=en_US.UTF-8 rd_LVM_LV=vg_main/lv_swap rd_NO_MD quiet SYSFONT=latarcyrheb
-sun16 rhgb crashkernel=auto rd_LVM_LV=vg_main/lv_root  rhgb crashkernel=auto quiet  KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM
        initrd /initramfs-2.6.32-220.4.2.el6.x86_64.img
title CentOS (2.6.32-220.el6.x86_64)
        root (hd0,0)
        kernel /vmlinuz-2.6.32-220.el6.x86_64 ro root=/dev/mapper/vg_main-lv_root rd_NO_LUKS LANG=en_US.UTF-8 rd_LVM_LV=vg_main/lv_swap rd_NO_MD quiet SYSFONT=latarcyrheb-sun
16 rhgb crashkernel=auto rd_LVM_LV=vg_main/lv_root  rhgb crashkernel=auto quiet  KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM
        initrd /initramfs-2.6.32-220.el6.x86_64.img

And here is the VM configuration file on the host:

<domain type='kvm' id='117'>
  <name>test1</name>
  <uuid>6b783832-bb85-6a8e-2dad-5898d3c87259</uuid>
  <memory>1048576</memory>
  <currentMemory>1048576</currentMemory>
  <vcpu>1</vcpu>
  <os>
    <type arch='x86_64' machine='rhel6.2.0'>hvm</type>
    <boot dev='hd'/>
  </os>
  <features>
    <acpi/>
    <apic/>
    <pae/>
  </features>
  <clock offset='utc'/>
  <on_poweroff>destroy</on_poweroff>
  <on_reboot>restart</on_reboot>
  <on_crash>restart</on_crash>
  <devices>
    <emulator>/usr/libexec/qemu-kvm</emulator>
    <disk type='block' device='disk'>
      <driver name='qemu' type='raw' cache='none' io='native'/>
      <source dev='/dev/disk/by-path/ip-192.168.200.1:3260-iscsi-iqn.2012-02.net.mydomain.storage1:test1-lun-1'/>
      <target dev='vda' bus='virtio'/>
      <alias name='virtio-disk0'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
    </disk>
    <interface type='bridge'>
      <mac address='52:54:00:5b:71:43'/>
      <source bridge='br0'/>
      <target dev='vnet5'/>
      <model type='virtio'/>
      <alias name='net0'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
    </interface>
    <serial type='pty'>
      <source path='/dev/pts/6'/>
      <target port='0'/>
      <alias name='serial0'/>
    </serial>
    <console type='pty' tty='/dev/pts/6'>
      <source path='/dev/pts/6'/>
      <target type='serial' port='0'/>
      <alias name='serial0'/>
    </console>
    <input type='tablet' bus='usb'>
      <alias name='input0'/>
    </input>
    <input type='mouse' bus='ps2'/>
    <graphics type='vnc' port='5905' autoport='yes' listen='127.0.0.1'>
      <listen type='address' address='127.0.0.1'/>
    </graphics>
    <video>
      <model type='cirrus' vram='9216' heads='1'/>
      <alias name='video0'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
    </video>
    <memballoon model='virtio'>
      <alias name='balloon0'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/>
    </memballoon>
  </devices>
</domain>

My company currently uses Google Apps for email. I can configure Google Apps to forward all outgoing email through a relay server. I can also point my MX records at this server and have it forward incoming mail onto Google. Therefore I can configure Postfix act as a proxy for all email that is both sent to and from our users. This part is done and works fine. However, I'm not sure how to retain a full copy of each message that passes through it.

I'm interested in doing this so that all email to/from customers can be dumped into our CRM system so they're searchable by everyone in our company who might talk to a customer. The most common way of doing this is to have a "always BCC" setting specified in Postfix. However, this would only archive email sent to customers, not email received from them. Does anyone have any suggestions? Thank you!

This is seems like it would be a very common configuration question, but I don't know how phrase it properly enough for Google to help.

I am using a server with NFS to serve up both home directories and a shared documents directory mounted as /opt/shared. When a user creates a file in his home directory, I'd like the default file mode to be 600. However, if he creates a file in /opt/shared, it should be set to 660. Is this even possible?

I've been trying to get LDAP authentication and NFS exported home directories on CentOS 6 working for a few days now. I've gotten to the point that I can now login to the client machine using the username and password in LDAP. On the client, /home and /opt are mounted in the fstab over NFS. However, every file in both /opt and /home is owned by nobody:nobody (uid: 99, gid: 99) on the client.

However my uid and gid appear to be properly set:

-bash-4.1$ id
uid=3000(myusername) gid=3000(employees) groups=3000(employees)

What else can I check? Here are some the config files on my client:

/etc/nsswitch.conf

passwd:     files sss
shadow:     files sss
group:      files sss

hosts:      files dns

bootparams: nisplus [NOTFOUND=return] files

ethers:     files
netmasks:   files
networks:   files
protocols:  files
rpc:        files
services:   files

netgroup:   files sss

publickey:  nisplus

automount:  files ldap
aliases:    files nisplus

/etc/sssd/sssd.conf

[sssd]
config_file_version = 2
services = nss, pam

domains = default
[nss]

[pam]


[domain/default]
auth_provider = ldap
ldap_id_use_start_tls = True
chpass_provider = ldap
cache_credentials = True
krb5_realm = EXAMPLE.COM
ldap_search_base = dc=mycompany,dc=com
id_provider = ldap
ldap_uri = ldaps://server.subdomain.mycompany.com
krb5_kdcip = kerberos.example.com
ldap_tls_cacertdir = /etc/openldap/cacerts

# Configure client certificate auth.
ldap_tls_cert = /etc/openldap/cacerts/client.pem
ldap_tls_key = /etc/openldap/cacerts/client.pem
ldap_tls_reqcert = demand

/etc/fstab

/dev/mapper/vg_main-lv_root /                       ext4    defaults        1 1
UUID=4e43a15d-4dc0-4836-8fa6-c3445fde756c /boot                   ext4    defaults        1 2
/dev/mapper/vg_main-lv_swap swap                    swap    defaults        0 0
tmpfs                   /dev/shm                tmpfs   defaults        0 0
devpts                  /dev/pts                devpts  gid=5,mode=620  0 0
sysfs                   /sys                    sysfs   defaults        0 0
proc                    /proc                   proc    defaults        0 0
storage1:/nas/home  /home  nfs   soft,intr,rsize=8192,wsize=8192
storage1:/nas/opt  /opt  nfs   soft,intr,rsize=8192,wsize=8192

authconfig output:

[root@test1 ~]# authconfig --test
caching is disabled
nss_files is always enabled
nss_compat is disabled
nss_db is disabled
nss_hesiod is disabled
 hesiod LHS = ""
 hesiod RHS = ""
nss_ldap is enabled
 LDAP+TLS is enabled
 LDAP server = "ldaps://server.subdomain.mycompany.com"
 LDAP base DN = "dc=mycompany,dc=com"
nss_nis is disabled
 NIS server = ""
 NIS domain = ""
nss_nisplus is disabled
nss_winbind is disabled
 SMB workgroup = ""
 SMB servers = ""
 SMB security = "user"
 SMB realm = ""
 Winbind template shell = "/bin/false"
 SMB idmap uid = "16777216-33554431"
 SMB idmap gid = "16777216-33554431"
nss_sss is disabled by default
nss_wins is disabled
nss_mdns4_minimal is disabled
DNS preference over NSS or WINS is disabled
pam_unix is always enabled
 shadow passwords are enabled
 password hashing algorithm is sha512
pam_krb5 is disabled
 krb5 realm = "EXAMPLE.COM"
 krb5 realm via dns is disabled
 krb5 kdc = "kerberos.example.com"
 krb5 kdc via dns is disabled
 krb5 admin server = "kerberos.example.com"
pam_ldap is enabled
 LDAP+TLS is enabled
 LDAP server = "ldaps://server.subdomain.mycompany.com"
 LDAP base DN = "dc=mycompany,dc=com"
 LDAP schema = "rfc2307"
pam_pkcs11 is disabled
 use only smartcard for login is disabled
 smartcard module = ""
 smartcard removal action = ""
pam_fprintd is enabled
pam_winbind is disabled
 SMB workgroup = ""
 SMB servers = ""
 SMB security = "user"
 SMB realm = ""
pam_sss is disabled by default
 credential caching in SSSD is enabled
 SSSD use instead of legacy services if possible is enabled
pam_cracklib is enabled (try_first_pass retry=3 type=)
pam_passwdqc is disabled ()
pam_access is disabled ()
pam_mkhomedir or pam_oddjob_mkhomedir is enabled ()
Always authorize local users is enabled ()
Authenticate system accounts against network services is disabled

I have a dual-port Intel Pro/1000 (82571EB) PCIe card. I've installed in into a Dell PowerEdge 1950 running CentOS 6.2 x64. The card is detected and the kernel module is loaded, but a start-up script is not created in /etc/sysconfig/network-scripts. Manually creating a startup script doesn't help; I get an error about the device not being detected.

Thinking it might be a bad card, I tried another card (same model) and even put it in a different slot. No help. However, the strange thing is that this card works without issue in a PowerEdge 2950. Does anyone have any suggestions? Thanks!

dmesg output:

[root@rbn1 ~]# dmesg | grep e1000
e1000e: Intel(R) PRO/1000 Network Driver - 1.9.5-NAPI
e1000e: Copyright(c) 1999 - 2011 Intel Corporation.
e1000e 0000:0e:00.0: Disabling ASPM  L1
e1000e 0000:0e:00.0: PCI INT A -> GSI 16 (level, low) -> IRQ 16
e1000e 0000:0e:00.0: setting latency timer to 64
e1000e 0000:0e:00.0: irq 95 for MSI/MSI-X
e1000e 0000:0e:00.0: eth0: (PCI Express:2.5GT/s:Width x4) 00:15:17:3d:19:0c
e1000e 0000:0e:00.0: eth0: Intel(R) PRO/1000 Network Connection
e1000e 0000:0e:00.0: eth0: MAC: 1, PHY: 4, PBA No: C57721-005
e1000e 0000:0e:00.1: Disabling ASPM  L1
e1000e 0000:0e:00.1: PCI INT B -> GSI 17 (level, low) -> IRQ 17
e1000e 0000:0e:00.1: setting latency timer to 64
e1000e 0000:0e:00.1: irq 96 for MSI/MSI-X
e1000e 0000:0e:00.1: eth1: (PCI Express:2.5GT/s:Width x4) 00:15:17:3d:19:0d
e1000e 0000:0e:00.1: eth1: Intel(R) PRO/1000 Network Connection
e1000e 0000:0e:00.1: eth1: MAC: 1, PHY: 4, PBA No: C57721-005

lspci output:

[root@rbn1 ~]# lspci -vv -s 0e:00.0  
0e:00.0 Ethernet controller: Intel Corporation 82571EB Gigabit Ethernet Controller (rev 06)
        Subsystem: Intel Corporation PRO/1000 PT Dual Port Server Adapter
        Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr+ Stepping- SERR+ FastB2B- DisINTx+
        Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
        Latency: 0, Cache Line Size: 64 bytes
        Interrupt: pin A routed to IRQ 95
        Region 0: Memory at fc3e0000 (32-bit, non-prefetchable) [size=128K]
        Region 1: Memory at fc3c0000 (32-bit, non-prefetchable) [size=128K]
        Region 2: I/O ports at ece0 [size=32]
        Capabilities: [c8] Power Management version 2
                Flags: PMEClk- DSI+ D1- D2- AuxCurrent=0mA PME(D0+,D1-,D2-,D3hot+,D3cold+)
                Status: D0 NoSoftRst- PME-Enable- DSel=0 DScale=1 PME-
        Capabilities: [d0] MSI: Enable+ Count=1/1 Maskable- 64bit+
                Address: 00000000feeff00c  Data: 41a9
        Capabilities: [e0] Express (v1) Endpoint, MSI 00
                DevCap: MaxPayload 256 bytes, PhantFunc 0, Latency L0s <512ns, L1 <64us
                        ExtTag- AttnBtn- AttnInd- PwrInd- RBE- FLReset-
                DevCtl: Report errors: Correctable- Non-Fatal- Fatal+ Unsupported-
                        RlxdOrd+ ExtTag- PhantFunc- AuxPwr- NoSnoop+
                        MaxPayload 256 bytes, MaxReadReq 512 bytes
                DevSta: CorrErr- UncorrErr+ FatalErr- UnsuppReq+ AuxPwr+ TransPend-
                LnkCap: Port #6, Speed 2.5GT/s, Width x4, ASPM L0s L1, Latency L0 <4us, L1 <64us
                        ClockPM- Surprise- LLActRep- BwNot-
                LnkCtl: ASPM Disabled; RCB 64 bytes Disabled- Retrain- CommClk-
                        ExtSynch- ClockPM- AutWidDis- BWInt- AutBWInt-
                LnkSta: Speed 2.5GT/s, Width x4, TrErr- Train- SlotClk+ DLActive- BWMgmt- ABWMgmt-
        Capabilities: [100] Advanced Error Reporting
                UESta:  DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq+ ACSViol-
                UEMsk:  DLP- SDES- TLP- FCP- CmpltTO+ CmpltAbrt+ UnxCmplt+ RxOF- MalfTLP- ECRC- UnsupReq+ ACSViol-
                UESvrt: DLP+ SDES- TLP+ FCP+ CmpltTO- CmpltAbrt- UnxCmplt- RxOF+ MalfTLP+ ECRC- UnsupReq- ACSViol-
                CESta:  RxErr- BadTLP- BadDLLP- Rollover- Timeout- NonFatalErr-
                CEMsk:  RxErr+ BadTLP+ BadDLLP+ Rollover+ Timeout+ NonFatalErr-
                AERCap: First Error Pointer: 14, GenCap- CGenEn- ChkCap- ChkEn-
        Capabilities: [140] Device Serial Number 00-15-17-ff-ff-3d-19-0c
        Kernel driver in use: e1000e
        Kernel modules: e1000e

modinfo output:

[root@rbn1 ~]# modinfo e1000
filename:       /lib/modules/2.6.32-220.4.2.el6.x86_64/kernel/drivers/net/e1000/e1000.ko
version:        7.3.21-k6-1-NAPI
license:        GPL
description:    Intel(R) PRO/1000 Network Driver
author:         Intel Corporation, <[email protected]>
srcversion:     1E2D367750FBA71152AA4A7
alias:          pci:v00008086d00002E6Esv*sd*bc*sc*i*
alias:          pci:v00008086d000010B5sv*sd*bc*sc*i*
alias:          pci:v00008086d00001099sv*sd*bc*sc*i*
alias:          pci:v00008086d0000108Asv*sd*bc*sc*i*
alias:          pci:v00008086d0000107Csv*sd*bc*sc*i*
alias:          pci:v00008086d0000107Bsv*sd*bc*sc*i*
alias:          pci:v00008086d0000107Asv*sd*bc*sc*i*
alias:          pci:v00008086d00001079sv*sd*bc*sc*i*
alias:          pci:v00008086d00001078sv*sd*bc*sc*i*
alias:          pci:v00008086d00001077sv*sd*bc*sc*i*
alias:          pci:v00008086d00001076sv*sd*bc*sc*i*
alias:          pci:v00008086d00001075sv*sd*bc*sc*i*
alias:          pci:v00008086d00001028sv*sd*bc*sc*i*
alias:          pci:v00008086d00001027sv*sd*bc*sc*i*
alias:          pci:v00008086d00001026sv*sd*bc*sc*i*
alias:          pci:v00008086d0000101Esv*sd*bc*sc*i*
alias:          pci:v00008086d0000101Dsv*sd*bc*sc*i*
alias:          pci:v00008086d0000101Asv*sd*bc*sc*i*
alias:          pci:v00008086d00001019sv*sd*bc*sc*i*
alias:          pci:v00008086d00001018sv*sd*bc*sc*i*
alias:          pci:v00008086d00001017sv*sd*bc*sc*i*
alias:          pci:v00008086d00001016sv*sd*bc*sc*i*
alias:          pci:v00008086d00001015sv*sd*bc*sc*i*
alias:          pci:v00008086d00001014sv*sd*bc*sc*i*
alias:          pci:v00008086d00001013sv*sd*bc*sc*i*
alias:          pci:v00008086d00001012sv*sd*bc*sc*i*
alias:          pci:v00008086d00001011sv*sd*bc*sc*i*
alias:          pci:v00008086d00001010sv*sd*bc*sc*i*
alias:          pci:v00008086d0000100Fsv*sd*bc*sc*i*
alias:          pci:v00008086d0000100Esv*sd*bc*sc*i*
alias:          pci:v00008086d0000100Dsv*sd*bc*sc*i*
alias:          pci:v00008086d0000100Csv*sd*bc*sc*i*
alias:          pci:v00008086d00001009sv*sd*bc*sc*i*
alias:          pci:v00008086d00001008sv*sd*bc*sc*i*
alias:          pci:v00008086d00001004sv*sd*bc*sc*i*
alias:          pci:v00008086d00001001sv*sd*bc*sc*i*
alias:          pci:v00008086d00001000sv*sd*bc*sc*i*
depends:        
vermagic:       2.6.32-220.4.2.el6.x86_64 SMP mod_unload modversions 
parm:           TxDescriptors:Number of transmit descriptors (array of int)
parm:           RxDescriptors:Number of receive descriptors (array of int)
parm:           Speed:Speed setting (array of int)
parm:           Duplex:Duplex setting (array of int)
parm:           AutoNeg:Advertised auto-negotiation setting (array of int)
parm:           FlowControl:Flow Control setting (array of int)
parm:           XsumRX:Disable or enable Receive Checksum offload (array of int)
parm:           TxIntDelay:Transmit Interrupt Delay (array of int)
parm:           TxAbsIntDelay:Transmit Absolute Interrupt Delay (array of int)
parm:           RxIntDelay:Receive Interrupt Delay (array of int)
parm:           RxAbsIntDelay:Receive Absolute Interrupt Delay (array of int)
parm:           InterruptThrottleRate:Interrupt Throttling Rate (array of int)
parm:           SmartPowerDownEnable:Enable PHY smart power down (array of int)
parm:           KumeranLockLoss:Enable Kumeran lock loss workaround (array of int)
parm:           copybreak:Maximum size of packet that is copied to a new buffer on receive (uint)
parm:           debug:Debug level (0=none,...,16=all) (int)

Manually created init script:

[root@rbn1 network-scripts]# cat ifcfg-p1p1 
DEVICE="p1p1"
HWADDR="00:15:17:3d:19:0c"
ONBOOT=yes
USERCTL=no
NM_CONTROLLED="no"
BOOTPROTO=none
TYPE=Ethernet
IPADDR=192.168.200.2
NETMASK=255.255.255.0

[root@rbn1 network-scripts]# ifup p1p1 
Device p1p1 does not seem to be present, delaying initialization.

ip link output:

[root@rbn1 network-scripts]# ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: p2p1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
    link/ether 00:15:17:3d:19:0c brd ff:ff:ff:ff:ff:ff
3: p2p2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
    link/ether 00:15:17:3d:19:0d brd ff:ff:ff:ff:ff:ff
4: eth0: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc mq master bond0 state UP qlen 1000
    link/ether 00:1d:09:69:1a:26 brd ff:ff:ff:ff:ff:ff
5: eth1: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc mq master bond0 state UP qlen 1000
    link/ether 00:1d:09:69:1a:26 brd ff:ff:ff:ff:ff:ff
6: bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP 
    link/ether 00:1d:09:69:1a:26 brd ff:ff:ff:ff:ff:ff
7: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN 
    link/ether 00:1d:09:69:1a:26 brd ff:ff:ff:ff:ff:ff
8: virbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN 
    link/ether 52:54:00:7b:e9:cb brd ff:ff:ff:ff:ff:ff
9: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 500
    link/ether 52:54:00:7b:e9:cb brd ff:ff:ff:ff:ff:ff
10: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 500
    link/ether fe:54:00:c5:40:3f brd ff:ff:ff:ff:ff:ff
11: vnet1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 500
    link/ether fe:54:00:4f:2d:4c brd ff:ff:ff:ff:ff:ff
12: vnet2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 500
    link/ether fe:54:00:fc:5e:7f brd ff:ff:ff:ff:ff:ff
14: vnet3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 500
    link/ether fe:54:00:56:4b:33 brd ff:ff:ff:ff:ff:ff

Edit: I see that the device is showing up as "p2p1" in the ip link. I altered my manually created init script and the interface now comes online with an ifup command. I can ping myself too. Working to get it online in the proper VLAN now. I will update this post again with the results.

Edit: Very cool. It's now working! I wish I knew why a) the device name is "p2p1" and b) the OS didn't automatically add the init script? Thanks again for your suggestions!

As part of a pilot project, I am attempting to set-up a thin client environment for a team of developers using NoMachine. Each developer will login to the same Linux box and do development via an X session. Currently, each developer runs their own HTTP daemon on their local workstation that listens on 127.0.0.1:5000. However, if I move everyone onto the same machine this obviously creates a problem with port conflicts.

Ideally, I'd like to keep their workflow the same. If I have to assign everyone a unique port, it's just going to create a lot of grief and confusion. Is there a way to do this? Can different processes bind to the same port on a per-user basis? I discovered a way to use iptables to do port redirection on a per-user basis, but this only solves part the problem:

iptables -t nat -I OUTPUT --src 0/0 --dst 127.0.0.1 -p tcp --dport 5000 -m owner --uid-owner userA -j REDIRECT --to-ports 5001

This solution still doesn't allow different processes to bind to the same port. And I'm not even sure that I'm on the right track here by looking for an iptables solution. Any suggestions? Is there maybe a hack that be applied in userland? Thanks!

Someone installed the 32-bit version of MS SQL Server 2005 on a 64-bit OS with 16GB of RAM. Two instances of SQL Server are running, but each process is only using about 1.7GB of RAM. Combined, this equals about 3.2GB, or the hard limit of 32-bit applications.

I'm trying to figure out why each instance isn't using it's own 3.2GB max address space?

I have a Dell PowerEdge with a 8x backplane and a PERC 5i RAID controller. I'd like to configure two disks in a RAID1 array and four other disks in a RAID5+1 array. I'm pretty sure this is possible using a single controller, but I wanted to make sure first. Thanks!

The Environment

I have a small, dual-core Intel Atom-based server running CentOS 5.5 x64 with a slightly customized Xen kernel. It also has one on-board 10/100 NIC with an additional 3-port 10/100 NIC. Within this server, I also run a single Xen domU which functions as a firewall, DHCP server, and caching DNS forwarder. The domU is running CentOS 5.5 x64 as well, but with a stock Xen kernel.

I'm using the pciback kernel module to hide the 3-port NIC from the dom0 and assign it to my virtualized firewall. Eth1 is my public interface and the on-board NIC (eth0) is my private interface, which is on a XEN bridge and shared between both the Dom0 and DomU.

The Problem

The problem is that eth1 (the public interface on my virtualized firewall) decides to stop working several times a day. It seems to be related to usage: if I barely run much traffic across that interface, it might last a couple days. Heavy web browsing though will take it down in a couple hours. When it dies, this is the error in /var/log/messages on my firewall:

Jul 30 14:17:48 fw kernel: irq 18: nobody cared (try booting with the "irqpoll" option)
Jul 30 14:17:48 fw kernel: 
Jul 30 14:17:48 fw kernel: Call Trace:
Jul 30 14:17:48 fw kernel:  <IRQ>  [<ffffffff802b3d60>] __report_bad_irq+0x30/0x7d
Jul 30 14:17:48 fw kernel:  [<ffffffff802b3f97>] note_interrupt+0x1ea/0x22b
Jul 30 14:17:48 fw kernel:  [<ffffffff802b348f>] __do_IRQ+0xbd/0x103
Jul 30 14:17:48 fw kernel:  [<ffffffff80290319>] _local_bh_enable+0x61/0xc5
Jul 30 14:17:48 fw kernel:  [<ffffffff8026df48>] do_IRQ+0xe7/0xf5
Jul 30 14:17:48 fw kernel:  [<ffffffff803b3eca>] evtchn_do_upcall+0x13b/0x1fb
Jul 30 14:17:48 fw kernel:  [<ffffffff802608d6>] do_hypervisor_callback+0x1e/0x2c
Jul 30 14:17:48 fw kernel:  <EOI>  [<ffffffff802063aa>] hypercall_page+0x3aa/0x1000
Jul 30 14:17:48 fw kernel:  [<ffffffff802063aa>] hypercall_page+0x3aa/0x1000
Jul 30 14:17:48 fw kernel:  [<ffffffff8026f4eb>] raw_safe_halt+0x84/0xa8
Jul 30 14:17:48 fw kernel:  [<ffffffff8024ad2e>] cpu_idle+0x4a/0xba
Jul 30 14:17:48 fw kernel:  [<ffffffff8026ca80>] xen_idle+0x38/0x4a
Jul 30 14:17:48 fw kernel:  [<ffffffff8024ad7b>] cpu_idle+0x97/0xba
Jul 30 14:17:48 fw kernel:  [<ffffffff8064cb0f>] start_kernel+0x21f/0x224
Jul 30 14:17:48 fw kernel:  [<ffffffff8064c1e5>] _sinittext+0x1e5/0x1eb
Jul 30 14:17:48 fw kernel: 
Jul 30 14:17:48 fw kernel: handlers:
Jul 30 14:17:48 fw kernel: [<ffffffff8811b8dd>] (rtl8139_interrupt+0x0/0x421 [8139too])
Jul 30 14:17:48 fw kernel: Disabling IRQ #18
Jul 30 14:18:02 fw kernel: NETDEV WATCHDOG: eth1: transmit timed out
Jul 30 14:18:05 fw kernel: eth1: link up, 100Mbps, full-duplex, lpa 0x41E1
Jul 30 14:18:17 fw kernel: NETDEV WATCHDOG: eth1: transmit timed out
Jul 30 14:18:20 fw kernel: eth1: link up, 100Mbps, full-duplex, lpa 0x41E1
Jul 30 14:18:32 fw kernel: NETDEV WATCHDOG: eth1: transmit timed out

I get a similar story in the Dom0's log. But as you can see, it completely disables the NIC's IRQ and shuts down the interface.

Jul 30 13:46:54 server kernel: irq 18: nobody cared (try booting with the "irqpoll" option)
Jul 30 13:46:54 server kernel: 
Jul 30 13:46:54 server kernel: Call Trace:
Jul 30 13:46:54 server kernel:  <IRQ>  [<ffffffff802b3e13>] __report_bad_irq+0x30/0x7d
Jul 30 13:46:54 server kernel:  [<ffffffff802b404a>] note_interrupt+0x1ea/0x22b
Jul 30 13:46:54 server kernel:  [<ffffffff802b3542>] __do_IRQ+0xbd/0x103
Jul 30 13:46:54 server kernel:  [<ffffffff8029044e>] _local_bh_enable+0x61/0xc5
Jul 30 13:46:54 server kernel:  [<ffffffff8026df5a>] do_IRQ+0xe7/0xf5
Jul 30 13:46:54 server kernel:  [<ffffffff803b3993>] evtchn_do_upcall+0x13b/0x1fb
Jul 30 13:46:54 server kernel:  [<ffffffff802608d6>] do_hypervisor_callback+0x1e/0x2c
Jul 30 13:46:54 server kernel:  <EOI>  [<ffffffff802063aa>] hypercall_page+0x3aa/0x1000
Jul 30 13:46:54 server kernel:  [<ffffffff802063aa>] hypercall_page+0x3aa/0x1000
Jul 30 13:46:54 server kernel:  [<ffffffff8026f4fd>] raw_safe_halt+0x84/0xa8
Jul 30 13:46:54 server kernel:  [<ffffffff8026ca92>] xen_idle+0x38/0x4a
Jul 30 13:46:54 server kernel:  [<ffffffff8024b0b6>] cpu_idle+0x97/0xba
Jul 30 13:46:54 server kernel:  [<ffffffff8064cb0f>] start_kernel+0x21f/0x224
Jul 30 13:46:54 server kernel:  [<ffffffff8064c1e5>] _sinittext+0x1e5/0x1eb
Jul 30 13:46:54 server kernel: 
Jul 30 13:46:54 server kernel: handlers:
Jul 30 13:46:54 server kernel: [<ffffffff803e7b6c>] (usb_hcd_irq+0x0/0x55)
Jul 30 13:46:54 server kernel: Disabling IRQ #18
Jul 30 14:26:06 server kernel: xenbr0: port 3(vif1.0) entering disabled state
Jul 30 14:26:06 server kernel: device vif1.0 left promiscuous mode
Jul 30 14:26:06 server kernel: xenbr0: port 3(vif1.0) entering disabled state
Jul 30 14:26:06 server kernel: ACPI: PCI interrupt for device 0000:02:04.0 disabled
Jul 30 14:26:06 server kernel: ACPI: PCI interrupt for device 0000:02:06.0 disabled
Jul 30 14:26:06 server kernel: ACPI: PCI interrupt for device 0000:02:07.0 disabled

The obvious answer is to do what the error message suggests and boot with the "irqpoll" option. However that has no affect, regardless of whether I boot the dom0 or the domU with "irqpoll". Does anyone have any suggestions? I'm getting somewhat desperate here...

Additional Technical Details

Truncated "lspci -vv" output on dom0:

02:04.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL-8139/8139C/8139C+ (rev 10)
        Subsystem: Realtek Semiconductor Co., Ltd. RTL-8139/8139C/8139C+
        Control: I/O- Mem- BusMaster- SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B-
        Status: Cap+ 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR-
        Interrupt: pin A routed to IRQ 18
        Region 0: I/O ports at de00 [disabled] [size=256]
        Region 1: Memory at fdeff000 (32-bit, non-prefetchable) [disabled] [size=256]
        Capabilities: [50] Power Management version 2
                Flags: PMEClk- DSI- D1+ D2+ AuxCurrent=375mA PME(D0-,D1+,D2+,D3hot+,D3cold+)
                Status: D0 PME-Enable- DSel=0 DScale=0 PME-

cat /proc/interrupts on dom0:

           CPU0              CPU1              CPU2              CPU3              
  1:          8          0          0          0        Phys-irq  i8042
  4:         10          0          0          0        Phys-irq  serial
  8:          0          0          0          0        Phys-irq  rtc
  9:          0          0          0          0        Phys-irq  acpi
 12:          4          0          0          0        Phys-irq  i8042
 14:     162844          0       1910          0        Phys-irq  ata_piix
 15:          0          0          0          0        Phys-irq  ata_piix
 16:          0          0          0          0        Phys-irq  uhci_hcd:usb5
 17:          0          0          0          0        Phys-irq  uhci_hcd:usb3
 18:     200001          0          0          0        Phys-irq  uhci_hcd:usb4
 19:          2          0          0          0        Phys-irq  ehci_hcd:usb1, uhci_hcd:usb2
254:     515869          0          0         33        Phys-irq  peth0
256:   26214795          0          0          0     Dynamic-irq  timer0
257:      26047          0          0          0     Dynamic-irq  resched0
258:         54          0          0          0     Dynamic-irq  callfunc0
259:          0      15252          0          0     Dynamic-irq  resched1
260:          0        176          0          0     Dynamic-irq  callfunc1
261:          0     768956          0          0     Dynamic-irq  timer1
262:          0          0      96066          0     Dynamic-irq  resched2
263:          0          0        175          0     Dynamic-irq  callfunc2
264:          0          0    2193136          0     Dynamic-irq  timer2
265:          0          0          0      30317     Dynamic-irq  resched3
266:          0          0          0        132     Dynamic-irq  callfunc3
267:          0          0          0     904610     Dynamic-irq  timer3
268:        371          0        512          0     Dynamic-irq  xenbus
NMI:          0          0          0          0 
LOC:          0          0          0          0 
ERR:          0

Truncated "/boot/grub/grub.conf" on dom0:

title CentOS (2.6.18-194.3.1.el5.sb_iq1xen)
        root (hd0,0)
        kernel /xen.gz-2.6.18-194.3.1.el5.sb_iq1
        module /vmlinuz-2.6.18-194.3.1.el5.sb_iq1xen ro root=/dev/VolGroup00/LogVol00 xencons=off console=ttyS0,38400 irqpoll
        module /initrd-2.6.18-194.3.1.el5.sb_iq1xen.img

I'm using CentOS 5.5 x64 on both the dom0 and domU. I am attempting to pass-through a 3-port NIC (Realtek Semiconductor Co., Ltd. RTL-8110SC/8169SC Gigabit Ethernet (rev 10)) to the domU using pciback. However, when the first port on the NIC is brought online, it causes the domU to crash. Any suggestions? (eth0 is the on-board NIC, which works fine).

Edit: By the way, adding 'swiotlb=force' to the domU kernel line (as recommended in the dump) causes the domU to fail with the same error, only it happens immediately upon launching the vm.

Bringing up interface eth0:  
Determining IP information for eth0... done.    [  OK  ]
Bringing up interface eth1:  
Determining IP information for eth1...Fatal DMA error! Please use 'swiotlb=force'
----------- [cut here ] --------- [please bite here ] ---------
Kernel BUG at arch/x86_64/kernel/../../i386/kernel/pci-dma-xen.c:394
invalid opcode: 0000 [1] SMP 
last sysfs file: /class/net/eth1/address
CPU 0 
Modules linked in: be2iscsi ib_iser rdma_cm ib_cm iw_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp bnx2i cnic ipv6 xfrm_nalgo crypto_api uio cxgb3i cxgb3 8021q libiscsi_tcp libiscsi2 scsi_transport_iscsi2 scsi_transport_iscsi loop dm_mirror dm_multipath scsi_dh scsi_mod parport_pc lp parport r8169 mii pcspkr xennet dm_raid45 dm_message dm_region_hash dm_log dm_mod dm_mem_cache xenblk ext3 jbd uhci_hcd ohci_hcd ehci_hcd
Pid: 1359, comm: ip Not tainted 2.6.18-194.el5xen #1
RIP: e030:[<ffffffff802723ff>]  [<ffffffff802723ff>] dma_map_single+0x12d/0x17d
RSP: e02b:ffff880014bedcb8  EFLAGS: 00010282
RAX: 000000000000002f RBX: ffff880014a60012 RCX: ffff880017f01870
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: 0000000003724012 R08: 000000000000002c R09: ffff880000def000
R10: 000000000000002d R11: ffff880015d091e0 R12: 0000000000003fff
R13: ffff880017f01870 R14: 0000000000000000 R15: 0000000000003fff
FS:  00002ad23cbecaf0(0000) GS:ffffffff805d2000(0000) knlGS:0000000000000000
CS:  e033 DS: 0000 ES: 0000
Process ip (pid: 1359, threadinfo ffff880014bec000, task ffff8800144b77a0)
Stack:  0000000000000002  ffff880015e304c0  ffff880011f61000  0000000000000000 
 0000000000000002  ffffffff8810b474  0000001e00000000  0000000000000100 
 ffff880016f64000  ffff880016f64500 
Call Trace:
 [<ffffffff8810b474>] :r8169:rtl8169_rx_fill+0x11e/0x188
 [<ffffffff8810c6c6>] :r8169:rtl8169_init_ring+0x70/0x9f
 [<ffffffff8810c9a3>] :r8169:rtl8169_open+0x9f/0x1c6
 [<ffffffff80420ace>] dev_open+0x58/0x97
 [<ffffffff8041e9d8>] dev_change_flags+0x5a/0x11a
 [<ffffffff804534d2>] devinet_ioctl+0x235/0x59c
 [<ffffffff804162b2>] sock_ioctl+0x1c1/0x1e5
 [<ffffffff80244265>] do_ioctl+0x21/0x6b
 [<ffffffff80231924>] vfs_ioctl+0x457/0x4b9
 [<ffffffff8024ea38>] sys_ioctl+0x59/0x78
 [<ffffffff80260106>] system_call+0x86/0x8b
 [<ffffffff80260080>] system_call+0x0/0x8b


Code: 0f 0b 68 f6 7e 49 80 c2 8a 01 4d 85 ed 74 11 49 8b 85 18 02 
RIP  [<ffffffff802723ff>] dma_map_single+0x12d/0x17d
 RSP <ffff880014bedcb8>
 <0>Kernel panic - not syncing: Fatal exception

I'm using CentOS 5.4 on my dom0 with a stock Xen kernel. I'm attempting to use the pciback module to hide some of the Ethernet ports from the host and reserve them for a domU I intend to use for a firewall (process described here and here). However, when I launch the domU, I get the following error message:

Using config file "/etc/xen/firewall".
Error: pci: improper device assignment specified: pci: 0000:01:04.0 must be co-assigned to the same guest with 0000:01:06.0, but it is not owned by pciback.

lspci gives me the following output:

00:00.0 Host bridge: Intel Corporation 82945G/GZ/P/PL Memory Controller Hub (rev 02)
00:02.0 VGA compatible controller: Intel Corporation 82945G/GZ Integrated Graphics Controller (rev 02)
00:1d.0 USB Controller: Intel Corporation 82801G (ICH7 Family) USB UHCI Controller #1 (rev 01)
00:1d.1 USB Controller: Intel Corporation 82801G (ICH7 Family) USB UHCI Controller #2 (rev 01)
00:1d.2 USB Controller: Intel Corporation 82801G (ICH7 Family) USB UHCI Controller #3 (rev 01)
00:1d.3 USB Controller: Intel Corporation 82801G (ICH7 Family) USB UHCI Controller #4 (rev 01)
00:1d.7 USB Controller: Intel Corporation 82801G (ICH7 Family) USB2 EHCI Controller (rev 01)
00:1e.0 PCI bridge: Intel Corporation 82801 PCI Bridge (rev e1)
00:1f.0 ISA bridge: Intel Corporation 82801GB/GR (ICH7 Family) LPC Interface Bridge (rev 01)
00:1f.2 IDE interface: Intel Corporation 82801GB/GR/GH (ICH7 Family) SATA IDE Controller (rev 01)
00:1f.3 SMBus: Intel Corporation 82801G (ICH7 Family) SMBus Controller (rev 01)
01:04.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL-8139/8139C/8139C+ (rev 10)
01:06.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL-8139/8139C/8139C+ (rev 10)
01:07.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL-8139/8139C/8139C+ (rev 10)

From the sound of the error message, it seems like I also need to dedicate eth0 (PCI ID 01:04.0) to the domU. Am I correct? If not, what am I doing wrong? Thanks!

I am building a CentOS 5.4 system that boots off a compact flash card using a card reader that emulates an IDE drive. It literally takes about an hour to boot. The ultra-slow part occurs when Grub is loading the kernel. Once that's done, the rest of the boot process only takes about a minute to get to a login prompt. Does anyone have any suggestions?

I suspect that it may have to do with UDMA. Everything IDE-related in my BIOS seems to checkout. The read performance hdparm is telling me 1.77 MB/s. Ouch! (But even at that rate, it still shouldn't take an hour to decompress and load the kernel)

 [root@server ~]# hdparm -tT /dev/hdc

/dev/hdc:
 Timing cached reads:   2444 MB in  2.00 seconds = 1222.04 MB/sec
 Timing buffered disk reads:    6 MB in  3.39 seconds =   1.77 MB/sec

Trying to enable DMA is a no-go though:

[root@server ~]# hdparm -d1 /dev/hdc

/dev/hdc:
 setting using_dma to 1 (on)
 HDIO_SET_DMA failed: Operation not permitted
 using_dma    =  0 (off)

Here's some command outputs that might help:

System

[root@server ~]# uname -a
Linux server.localdomain 2.6.18-164.el5xen #1 SMP Thu Sep 3 04:47:32 EDT 2009 i686 i686 i386 GNU/Linux

PCI info:

[root@server ~]# lspci -v
00:00.0 Host bridge: Intel Corporation 82945G/GZ/P/PL Memory Controller Hub (rev 02)
        Subsystem: Intel Corporation 82945G/GZ/P/PL Memory Controller Hub
        Flags: bus master, fast devsel, latency 0
        Capabilities: [e0] Vendor Specific Information

00:02.0 VGA compatible controller: Intel Corporation 82945G/GZ Integrated Graphics Controller (rev 02) (prog-if 00 [VGA controller])
        Subsystem: Intel Corporation 82945G/GZ Integrated Graphics Controller
        Flags: bus master, fast devsel, latency 0, IRQ 10
        Memory at fdf00000 (32-bit, non-prefetchable) [size=512K]
        I/O ports at ff00 [size=8]
        Memory at d0000000 (32-bit, prefetchable) [size=256M]
        Memory at fdf80000 (32-bit, non-prefetchable) [size=256K]
        Capabilities: [90] Message Signalled Interrupts: 64bit- Queue=0/0 Enable-
        Capabilities: [d0] Power Management version 2

00:1d.0 USB Controller: Intel Corporation 82801G (ICH7 Family) USB UHCI Controller #1 (rev 01) (prog-if 00 [UHCI])
        Subsystem: Intel Corporation 82801G (ICH7 Family) USB UHCI Controller #1
        Flags: bus master, medium devsel, latency 0, IRQ 16
        I/O ports at fe00 [size=32]

00:1d.1 USB Controller: Intel Corporation 82801G (ICH7 Family) USB UHCI Controller #2 (rev 01) (prog-if 00 [UHCI])
        Subsystem: Intel Corporation 82801G (ICH7 Family) USB UHCI Controller #2
        Flags: bus master, medium devsel, latency 0, IRQ 17
        I/O ports at fd00 [size=32]

00:1d.2 USB Controller: Intel Corporation 82801G (ICH7 Family) USB UHCI Controller #3 (rev 01) (prog-if 00 [UHCI])
        Subsystem: Intel Corporation 82801G (ICH7 Family) USB UHCI Controller #3
        Flags: bus master, medium devsel, latency 0, IRQ 18
        I/O ports at fc00 [size=32]

00:1d.3 USB Controller: Intel Corporation 82801G (ICH7 Family) USB UHCI Controller #4 (rev 01) (prog-if 00 [UHCI])
        Subsystem: Intel Corporation 82801G (ICH7 Family) USB UHCI Controller #4
        Flags: bus master, medium devsel, latency 0, IRQ 19
        I/O ports at fb00 [size=32]

00:1d.7 USB Controller: Intel Corporation 82801G (ICH7 Family) USB2 EHCI Controller (rev 01) (prog-if 20 [EHCI])
        Subsystem: Intel Corporation 82801G (ICH7 Family) USB2 EHCI Controller
        Flags: bus master, medium devsel, latency 0, IRQ 16
        Memory at fdfff000 (32-bit, non-prefetchable) [size=1K]
        Capabilities: [50] Power Management version 2
        Capabilities: [58] Debug port

00:1e.0 PCI bridge: Intel Corporation 82801 PCI Bridge (rev e1) (prog-if 01 [Subtractive decode])
        Flags: bus master, fast devsel, latency 0
        Bus: primary=00, secondary=01, subordinate=01, sec-latency=32
        I/O behind bridge: 0000d000-0000dfff
        Memory behind bridge: fde00000-fdefffff
        Prefetchable memory behind bridge: 00000000fdd00000-00000000fdd00000
        Capabilities: [50] #0d [0000]

00:1f.0 ISA bridge: Intel Corporation 82801GB/GR (ICH7 Family) LPC Interface Bridge (rev 01)
        Subsystem: Intel Corporation 82801GB/GR (ICH7 Family) LPC Interface Bridge
        Flags: bus master, medium devsel, latency 0
        Capabilities: [e0] Vendor Specific Information

00:1f.2 IDE interface: Intel Corporation 82801GB/GR/GH (ICH7 Family) SATA IDE Controller (rev 01) (prog-if 80 [Master])
        Subsystem: Intel Corporation 82801GB/GR/GH (ICH7 Family) SATA IDE Controller
        Flags: bus master, 66MHz, medium devsel, latency 0, IRQ 17
        I/O ports at <unassigned>
        I/O ports at <unassigned>
        I/O ports at <unassigned>
        I/O ports at <unassigned>
        I/O ports at f800 [size=16]
        Capabilities: [70] Power Management version 2

00:1f.3 SMBus: Intel Corporation 82801G (ICH7 Family) SMBus Controller (rev 01)
        Subsystem: Intel Corporation 82801G (ICH7 Family) SMBus Controller
        Flags: medium devsel, IRQ 17
        I/O ports at 0500 [size=32]

01:04.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL-8139/8139C/8139C+ (rev 10)
        Subsystem: Realtek Semiconductor Co., Ltd. RTL-8139/8139C/8139C+
        Flags: bus master, medium devsel, latency 32, IRQ 18
        I/O ports at de00 [size=256]
        Memory at fdeff000 (32-bit, non-prefetchable) [size=256]
        Capabilities: [50] Power Management version 2

01:06.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL-8139/8139C/8139C+ (rev 10)
        Subsystem: Realtek Semiconductor Co., Ltd. RTL-8139/8139C/8139C+
        Flags: bus master, medium devsel, latency 32, IRQ 17
        I/O ports at dc00 [size=256]
        Memory at fdefe000 (32-bit, non-prefetchable) [size=256]
        Capabilities: [50] Power Management version 2

01:07.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL-8139/8139C/8139C+ (rev 10)
        Subsystem: Realtek Semiconductor Co., Ltd. RTL-8139/8139C/8139C+
        Flags: bus master, medium devsel, latency 32, IRQ 19
        I/O ports at da00 [size=256]
        Memory at fdefd000 (32-bit, non-prefetchable) [size=256]
        Capabilities: [50] Power Management version 2

hdparm ouput:

[root@server ~]# hdparm  /dev/hdc   

/dev/hdc:
 multcount    =  0 (off)
 IO_support   =  0 (default 16-bit)
 unmaskirq    =  0 (off)
 using_dma    =  0 (off)
 keepsettings =  0 (off)
 readonly     =  0 (off)
 readahead    = 256 (on)
 geometry     = 8146/16/63, sectors = 8211168, start = 0

[root@server ~]# hdparm -I /dev/hdc

/dev/hdc:

ATA device, with non-removable media
        Model Number:       InnoDisk Corp. - iCF4000 4GB            
        Serial Number:      20091023AACA70000753
        Firmware Revision:  081107  
Standards:
        Supported: 5 
        Likely used: 6
Configuration:
        Logical         max     current
        cylinders       8146    8146
        heads           16      16
        sectors/track   63      63
        --
        CHS current addressable sectors:    8211168
        LBA    user addressable sectors:    8211168
        device size with M = 1024*1024:        4009 MBytes
        device size with M = 1000*1000:        4204 MBytes (4 GB)
Capabilities:
        LBA, IORDY(can be disabled)
        Standby timer values: spec'd by Vendor
        R/W multiple sector transfer: Max = 2   Current = 2
        DMA: mdma0 mdma1 mdma2 udma0 udma1 *udma2 udma3 udma4 
             Cycle time: min=120ns recommended=120ns
        PIO: pio0 pio1 pio2 pio3 pio4 
             Cycle time: no flow control=120ns  IORDY flow control=120ns
Commands/features:
        Enabled Supported:
           *    Power Management feature set
           *    WRITE_BUFFER command
           *    READ_BUFFER command
           *    NOP cmd
           *    CFA feature set
           *    Mandatory FLUSH_CACHE
HW reset results:
        CBLID- above Vih
        Device num = 0
CFA power mode 1:
        enabled and required by some commands
        Maximum current = 100ma
Checksum: correct

Edit: It's taking about 5 minutes to just get past the "GRUB loading stage 2..." message. I've come to the conclusion that the problem is likely either: bootloader, BIOS/firmware, or a hardware issue. I've played with all relevant BIOS settings without any luck and replaced my IDE cable in case I had a bad one. I have a new compact flash card (a different brand) on order, but it'll be a few days before it gets here. I'm also currently running Memtest86 to see if I have an odd issue with my RAM. Once that's done, I'll see if there's a firmware update available for my motherboard.

I'm a developer working from home on an application. One of the features of my app is that it sends outgoing notification emails. I'm attempting to relay these messages through one of our company's public servers. I've configured sendmail on said server to accept connections from my IP address at home. However, my ISP blocks outgoing connections to TCP port 25.

I'd like to use iptables on the public server to accept incoming connections on port 2525 and redirect them to port 25. How do I do this? Thanks!

I have a single server that functions as both a mail and web server. I'd like to use iptables to permit all incoming and outgoing connections, except to incoming port 25. I only want one remote host to be able to connect to port 25 (in order to relay mail).

Essentially, I'd like a wide open server without turning it into a spam relay. Any suggestions? Thanks!