Re: Unable to boot BIOS/GPT system.
Hi, Pascal Hambourg wrote: > If the EFI firmware can boot in legacy BIOS compatibility mode, it may > require to set the boot flag on the protective GPT partition entry in the > protective MBR. According to user reports on grub-devel mailing list about grub-mkrescue ISOs, the boot flag must not be set on the protective MBR partition. But some BIOS implementations wont't regard the medium as bootable if there is no boot flag set at all. The compromise that finally worked for those who tested, was to create an MBR partition of type 0x00 starting at LBA 0, having only one block, and bearing the boot flag. The tested EFIs and operating systems still recognized GPT if an additional partiton of type 0x00 was present. But doubts remain. YMMV. The decision with grub-mkrescue was to omit the boot flag by default and to leave it to the user whether add-on xorrisofs option --mbr-force-bootable shall cause the boot flag to be set on a dummy partition. Have a nice day :) Thomas
Re: VLC doesn't shutdown when closed
On 2018-11-22, Gary Dale wrote: > On 2018-11-22 10:26 a.m., Curt wrote: >> On 2018-11-22, Gary Dale wrote: >>> I looked for a keep running option (and VLC does have a lot of options) >>> but couldn't find one. >>> >> If in 'Simple Preferences' under 'Playlists and instances' 'use only one >> instance when started from file manager' isn't checked the phenomenon >> has been known to occur (if you're starting VLC from a file >> manager). >> >> If not and on the other hand this appears to be a known bug. How you are >> closing the app might be pertinent. 'Ctrl Q' after stopping the video? >> Or some other way? Have you experimented in this regard? >> > Interesting - if I press the stop button on the player, vlc terminates > properly. > We live in an imperfect world, though this isn't exactly what you'd call counter-intuitive, either. Maybe the VLC people would argue this isn't a bug, as you might be streaming to your Aunt Tilly in the other bedroom and only want to free up screen real estate by closing the video's window on the source machine. -- He used sentences differently from any other prose writer. He always sounded like a slightly drunk man who is very melancholy, who has no illusions about life, who is very strong but whose strength is entirely unnecessary. --Krasznahorkai on Krúdy
Wireless card on New users computer
Greetings Greetings Am writing from Cameroon and am a FOSS enthusiast. I wish to receive assistance for me t install the wireless drivers of my laptop. I also admit being a complete beginner and I wonder in case there's a self-learning program I can follow to have my feet wet with the system? My goals are to be deploying hybrid cloud solutions (software that can be installed on a server with the internet ). Thanks Marc Stephan Nkouly Digital Consultant bp: 5180 Nkwen Bamenda Cameroon Mobile: 00 237 6 77 95 77 55 00 237 6 90 89 51 52 "Technical people tend to fall into two categories: Specialists and Generalists. The Specialist learns more and more about a narrower and narrower field, until he eventually, in the limit, knows everything about nothing. The Generalist learns less and less about a wider and wider field until eventually, he knows nothing about everything." - William Stucke - AfrISPA
Re: Install openssh-server jessie version deb package on stretch
Il giorno gio 22 nov 2018 alle ore 20:50 owl...@gmail.com ha scritto: > > Il giorno gio 22 nov 2018 alle ore 20:48 Roberto C. Sánchez > ha scritto: > > > > On Thu, Nov 22, 2018 at 08:40:52PM +0100, owl...@gmail.com wrote: > > > Thanks Roberto, > > > > > > I have tried also the latest dropbear server but this is incompatible too > > > > > > Do you have idea how can I find appropriate key exchange and cipher > > > algorithms? > > > > > Please don't top post. It is considered impolite. > > > > I do not use dropbear, but I would expect its documentation should > > provide a list of supported key exchange and cipher algorithms. You > > could then look at the output of 'ssh -Q kex' and 'ssh -Q cipher' for > > lists of key exchange and cipher algorithms supported by ssh on your > > system, respectively. > > > > I also forgot to mention in my earlier reply that you might need to > > specify weaker MAC algorithms. Available MAC algorithms can be obtained > > with 'ssh -Q mac'. > > > > Regards, > > > > -Roberto > > > > -- > > Roberto C. Sánchez > > > > Thanks Roberto, tomorrow ill'try I have tried to use the right KexAlgorithm and Ciphers, but dropbear client fail always myhostname sshd[3905]: debug1: SSH2_MSG_KEXINIT sent [preauth] There aren't other debug messages Only for test purpose i have add all options i can in /etc/sshd_config, but nothing, what am I doing wrong? Ciphers 3des-cbc,blowfish-cbc,cast128-cbc,arcfour,arcfour128,arcfour256,aes128-cbc,aes192-cbc,aes256-cbc,rijndael-...@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr,aes128-...@openssh.com,aes256-...@openssh.com,chacha20-poly1...@openssh.com HostbasedAcceptedKeyTypes ssh-ed25519,ssh-ed25519-cert-...@openssh.com,ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa-cert-...@openssh.com,ssh-dss-cert-...@openssh.com,ecdsa-sha2-nistp256-cert-...@openssh.com,ecdsa-sha2-nistp384-cert-...@openssh.com,ecdsa-sha2-nistp521-cert-...@openssh.com HostKeyAlgorithms ssh-ed25519,ssh-ed25519-cert-...@openssh.com,ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa-cert-...@openssh.com,ssh-dss-cert-...@openssh.com,ecdsa-sha2-nistp256-cert-...@openssh.com,ecdsa-sha2-nistp384-cert-...@openssh.com,ecdsa-sha2-nistp521-cert-...@openssh.com KexAlgorithms diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha...@libssh.org MACs hmac-sha1,hmac-sha1-96,hmac-sha2-256,hmac-sha2-512,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd...@openssh.com,umac...@openssh.com,umac-...@openssh.com,hmac-sha1-...@openssh.com,hmac-sha1-96-...@openssh.com,hmac-sha2-256-...@openssh.com,hmac-sha2-512-...@openssh.com,hmac-md5-...@openssh.com,hmac-md5-96-...@openssh.com,hmac-ripemd160-...@openssh.com,umac-64-...@openssh.com,umac-128-...@openssh.com PubkeyAcceptedKeyTypes ssh-ed25519,ssh-ed25519-cert-...@openssh.com,ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa-cert-...@openssh.com,ssh-dss-cert-...@openssh.com,ecdsa-sha2-nistp256-cert-...@openssh.com,ecdsa-sha2-nistp384-cert-...@openssh.com,ecdsa-sha2-nistp521-cert-...@openssh.com
Re: grub tries to read outside of a disk.
On 23/11/2018 03.09, Daniel Fishman wrote: Hello, I am trying to install Debian on a 4TB external HDD, and want to be able to boot it both on UEFI and BIOS systems. Using a simple BIOS/GPT configuration (GPT partitioning with BIOS boot) didn't work out - after receiving some important tips from this mailing list about problems that I had with this configuration I succeeded to boot on BIOS system, but not on UEFI system. Therefore I tried to combine BIOS+UEFI boots by creating both EFI and BIOS boot partitions, and then installing grub into both. Here is how the HDD was partitioned: [root@arch]# parted /dev/sdb print Model: WD Elements 25A1 (scsi) Disk /dev/sdb: 4001GB Sector size (logical/physical): 512B/4096B Partition Table: gpt Disk Flags: Number Start End Size File system Name Flags 1 1049kB 2097kB 1049kB bios_grub 2 2097kB 202MB 200MB fat32 boot, esp 3 202MB 714MB 512MB ext4 4 714MB 8714MB 8000MB linux-swap(v1) 5 8714MB 4001GB 3992GB ext4 Partition 1 is intended for BIOS boot partition (for Stage 1.5 loader), partition 2 is the EFI partition, partition 3 is intended for the /boot (as was suggested previously on this mailing list) so that grub-related files will be located inside the 2TB limit and therefore be accessible to Stage 1.5 loader in BIOS mode, partition 4 is a swap, and 5 is the /. I performed Debian installation on a UEFI machine, and after an installation succeeded to boot the HDD. After that I installed grub into MBR: grub-install --target=i386-pc --recheck /dev/sdb Then I tried to boot on BIOS machine, and got the following error from grub: "error: attempt to read or write outside of disk 'hd0'" and was dropped into grub's rescue shell. I tried the following command: ls (hd0,gpt3)/ which listed the expected contents of the /boot partition. Then: set root=(hd0,gpt3) set prefix=(hd0,gpt3)/grub insmod normal and again I get the error message "error: attempt to read or write outside of disk 'hd0'" As far as I could find, usually this kind of an error happens when grub's files are located on a partition which is far from the beginning of a disk, but in my case this is not so. And since grub can list contents of a partition from a rescue shell, then it has access to the file system. Then what is the problem here? Eventually I succeeded to solve the problem, though I still don't understand the reason for it - and maybe the solution will be useful for somebody else. I repeated the whole installation process from the beginning, and this time used a bit different partitioning scheme, where locations of /boot and EFI partitions were switched, so that /boot partition (with all the files needed by the grub) are now located immediately after BIOS boot partition, or in other words: [root@arch]# parted /dev/sdb print Model: WD Elements 25A1 (scsi) Disk /dev/sdb: 4001GB Sector size (logical/physical): 512B/4096B Partition Table: gpt Disk Flags: Number Start End SizeFile system Name Flags 1 1049kB 2097kB 1049kB BIOS boot partition bios_grub 2 2097kB 539MB 537MB ext4Linux filesystem 3 539MB 749MB 210MB fat32 EFI System boot, esp 4 749MB 9339MB 8590MB linux-swap(v1) Linux swap 5 9339MB 4001GB 3991GB ext4Linux filesystem The idea was that maybe somehow (maybe due to a buggy BIOS) the fact that EFI partition was located before /boot partition confused BIOS and therefore prevented it from being able to access files on /boot partition. There was a number of other small things that I did somewhat differently (for example, this time a partitioning was done with gdisk instead of with parted, and I think that I used a bit older Debian's installation media), but they don't seem significant enough.
Re: Wireless card on New users computer
Marc Stephan Nkouly wrote: > Greetings > Greetings > Am writing from Cameroon and am a FOSS enthusiast. > I wish to receive assistance for me t install the wireless drivers of my > laptop. > I also admit being a complete beginner and I wonder in case there's a > self-learning program I can follow to have my feet wet with the system? > My goals are to be deploying hybrid cloud solutions (software that can be > installed on a server with the internet ). You may wish to read http://www.catb.org/~esr/faqs/smart-questions.html which is a guide on how to ask questions in a way which will get the best answers. -dsr-
openvpn over ipv6 /65
Hi, I have a Stretch VPServer with a /64 netbloch, of which only the first 2 addresses are used. I've been struggling for some time to get the right stanza to split that into two /65s, using the upper half for openvpn. There are many 'quick config' tutorials on the web, but none seem to suit my objectives, the most enlightened being https://community.openvpn.net/openvpn/wiki/IPv6, but I'm tripping over the stanza: ### check this on your OS! # ifconfig igb0 inet6 2001:db8:0:123::/64 -alias # ifconfig igb0 inet6 2001:db8:0:123::/65 ### ### re-assign the other aliases previously set under the /64 block # ifconfig igb0 inet6 2001:db8:0:123::dead/128 alias # ifconfig igb0 inet6 2001:db8:0:123::ea:beef/128 alias # ... which seems to apply to FreeBSD. Could some knowledgeable person please give me the equivalent contents and where to put them for Debian Linux. TIA, Tony
Still unable to restart networking on Debian 9 text mode only
Good morning, IMPORTANT: Network Manager was not being installed automatically by the Debian DVD when I do not mark the graphical interface. I tried a fresh Debian install without graphical interface but using the graphical installator I am running Debian 9.6. Then I edited /etc/network/interfaces and restart the system, to see if the ip was changed. And yes, it worked. So this file is still being used in some way - humm that seems to be the correct place to configure my interface isn't? Well, I edited it again, now to try change the ip but without restarting the system - like in all servers real situation, you don't want to go after the server. First of all I tried all this solutions: #systemctl daemon-reload (nothing happens ip didnt change) #systemctl networking restart (the ip did not change and the connection breaks you need to go phisicial and ip address shows the same ip configured) #nmcli connection reload nmcli connection reload The program 'nmcli' is currently not installed. You can install it by typing: apt install network-manager nmcli: command not found. (my comment: well it seems NetworkManager was not installed is that right?) # nmtui The program 'nmtui' is currently not installed. You can install it by typing: apt install network-manager nmtui: command not found The solution that i found is this (but i think that is not a real solution): ip address delete theoldip/mask dev enp0s3 ifdown enp0s3 ifup enp0s3 But if for example i do it partially, it does not work... for example: ip address delete theoldip/mask dev enp0s3 ifup enp0s3 The interface is already... blabla ifdown enp0s3 ifup enp0s3 (a new ip is added to the interface, but now two ips are configured and the network is broken again) Is that a bug? -- Luciano Andress Martini - Analista UNIX
Still unable to restart networking on Debian 9 text mode only
Good morning, IMPORTANT: Network Manager was not being installed automatically by the Debian DVD when I do not mark the graphical interface. I tried a fresh Debian install without graphical interface but using the graphical installator I am running Debian 9.6. Then I edited /etc/network/interfaces and restart the system, to see if the ip was changed. And yes, it worked. So this file is still being used in some way - humm that seems to be the correct place to configure my interface isn't? Well, I edited it again, now to try change the ip but without restarting the system - like in all servers real situation, you don't want to go after the server. First of all I tried all this solutions: #systemctl daemon-reload (nothing happens ip didnt change) #systemctl networking restart (the ip did not change and the connection breaks you need to go phisicial and ip address shows the same ip configured) #nmcli connection reload nmcli connection reload The program 'nmcli' is currently not installed. You can install it by typing: apt install network-manager nmcli: command not found. (my comment: well it seems NetworkManager was not installed is that right?) # nmtui The program 'nmtui' is currently not installed. You can install it by typing: apt install network-manager nmtui: command not found The solution that i found is this (but i think that is not a real solution): ip address delete theoldip/mask dev enp0s3 ifdown enp0s3 ifup enp0s3 But if for example i do it partially, it does not work... for example: ip address delete theoldip/mask dev enp0s3 ifup enp0s3 The interface is already... blabla ifdown enp0s3 ifup enp0s3 (a new ip is added to the interface, but now two ips are configured and the network is broken again) Is that a bug? -- Luciano Andress Martini - Analista UNIX
Re: openvpn over ipv6 /65
Hi. On Fri, Nov 23, 2018 at 01:18:45PM +0100, tony wrote: > Hi, > > I have a Stretch VPServer with a /64 netbloch, of which only the first 2 > addresses are used. I've been struggling for some time to get the right > stanza to split that into two /65s, using the upper half for openvpn. I'd check first that some other addresses from this /64 range are routed by your VPS provider. > There are many 'quick config' tutorials on the web, but none seem to > suit my objectives, the most enlightened being > https://community.openvpn.net/openvpn/wiki/IPv6, but I'm tripping over > the stanza: > > ### check this on your OS! > # ifconfig igb0 inet6 2001:db8:0:123::/64 -alias > # ifconfig igb0 inet6 2001:db8:0:123::/65 > ### > ### re-assign the other aliases previously set under the /64 block > # ifconfig igb0 inet6 2001:db8:0:123::dead/128 alias > # ifconfig igb0 inet6 2001:db8:0:123::ea:beef/128 alias > # ... > > which seems to apply to FreeBSD. Yep. > Could some knowledgeable person please give me the equivalent contents > and where to put them for Debian Linux. Ad-hoc configuration: ### check this on your OS! # ip a d igb0 2001:db8:0:123::/64 # ip a a igb0 2001:db8:0:123::/65 ### ### re-assign the other aliases previously set under the /64 block # ip a a igb0 2001:db8:0:123::dead/128 # ip a a igb0 2001:db8:0:123::ea:beef/128 As for the persistent configuration, that depends on the contents of /etc/network/interfaces. Can be static (it's straightforward then), DHCPv6 (you won't be able to do the split) or RA (ditto). Reco
Re: Still unable to restart networking on Debian 9 text mode only
Hi. On Fri, Nov 23, 2018 at 10:31:28AM -0200, Luciano Andress Martini wrote: > Good morning, > > IMPORTANT: Network Manager was not being installed automatically by > the Debian DVD when I do not mark the graphical interface. An excellent news. Let's hope that Debian continues to behave this way. > Then I edited /etc/network/interfaces and restart the system, to see > if the ip was changed. And yes, it worked. So this file is still being > used in some way - humm that seems to be the correct place to > configure my interface isn't? So, in plain English, you have ifupdown installed. > Well, I edited it again, now to try change the ip but without > restarting the system - like in all servers real situation, you don't > want to go after the server. First of all I tried all this solutions: > > #systemctl daemon-reload > (nothing happens ip didnt change) And it should not. ifupdown provides networking service, and "daemon-reload" forces systemd to re-read own config only, not to restart services. > #systemctl networking restart > (the ip did not change and the connection breaks you need to go > phisicial and ip address shows the same ip configured) "networking restart" invokes "ifdown" first, and "ifup" next. And systemd restarts most of the network services by dependency. The problem is - once they invoke ifdown, there's no network connection to invoke "ifup", hence you have no network-listening services. Do it from BMC/ILOM/HMC (it's not a server if it does not have one), or install screen/tmux and do it from there. > #nmcli connection reload > # nmtui Please leave these Finely Designed Executables™ to a desktop installation. > The solution that i found is this (but i think that is not a real solution): > > ip address delete theoldip/mask dev enp0s3 > ifdown enp0s3 > ifup enp0s3 ifdown/ifup combo should be sufficient. Just don't do it via plain ssh connection. > But if for example i do it partially, it does not work... for example: > > ip address delete theoldip/mask dev enp0s3 > ifup enp0s3 > The interface is already... blabla ifup/ifdown have their own special way to track which interface was touched by them. ifup will rightfully refuse to bring network interface UP if it considers that it's UP already. > > ifdown enp0s3 > ifup enp0s3 > (a new ip is added to the interface, but now two ips are configured > and the network is broken again) You mean, two new IPv6 ips? Can you provide a 'correct' and a 'broken' example via 'ip a l' please? And, while we're at it, the contents of /etc/network/interfaces? > Is that a bug? Short of the last part everything else can be classified as an operator's error, or a lack of knowledge. Reco
Re: need google chrome installation instructions that work
On Thu, Nov 22, 2018 at 10:07:51AM -0600, David Wright wrote: > It works fine for me, as shown by the output below. However, I notice > there's a line: > > Note, selecting 'xtoolwait' instead of ' … … /xtoolwait_1.3-6.2_amd64.deb' Yeah, my own tests always gave me that too, so I decided not to post my results here. Apparently the only way I can *test* this and *post* my results would be if I use a .deb file that does *not* correspond to a package that is known to apt on my system. Which would mean either I'd have to find a random third-party repository that has a *small* package that I could download and install with apt-get install ./ for testing purposes, or I would have to purge my web browser, purge the Google repository from my sources.list.d, apt-get update to purge it from the cached lists, and then repeat the basic procedure of installing google-chrome-stable from scratch. I was not willing to do all of that just to prove people wrong on the Internet. I have some limits. If someone still claims that it "doesn't work", then for the love of RMS, post: * which VERSION of Debian you are using, * the EXACT command you used, and * the FULL and EXACT output of that command. One person who claimed it "didn't work" went through those steps and discovered that the wrong command had been used.
Re: Still unable to restart networking on Debian 9 text mode only
On Fri, Nov 23, 2018 at 10:31:28AM -0200, Luciano Andress Martini wrote: > Then I edited /etc/network/interfaces and restart the system, to see > if the ip was changed. And yes, it worked. So this file is still being > used in some way - humm that seems to be the correct place to > configure my interface isn't? /etc/network/interfaces is the primary, supported means of configuring network interfaces in Debian. It's the best choice for standard server and workstation setups. Network-Manager may also be installed (it's optional). As you've already seen, it is installed when choosing a "desktop environment" during the Debian installation, and skipped if no DE is chosen. N-M is apparently the tool of choice for configuring wireless interfaces on laptops. Interfaces that are configured in /e/n/i are skipped by N-M. Thus, you could think of it as "/e/n/i has priority, and N-M gets whatever /e/n/i didn't get". Then there's some bizarre systemd network interface thing. It's not used by default in Debian. I can't imagine anyone ever using it. You can simply ignore it.
Re: Wireless card on New users computer
On Fri, Nov 23, 2018 at 10:24:52AM +0100, Marc Stephan Nkouly wrote: > Greetings > Greetings > Am writing from Cameroon and am a FOSS enthusiast. > I wish to receive assistance for me t install the wireless drivers of my > laptop. Apart from Dan's (which is good advice, anyway), to be able to help you, people here at least need to know: - do you already have installed some GNU/Linux distribution on your laptop? If yes, we could find out more about your wireless hardware, and what would be necessary to get it running. - Which distribution you have installed/want to install? (I'm assuming it is some Debian or one of its derivatives -- after all, you are posing your questions in a Debian mailing list). - What kind of laptop you have (brand, model number, etc.) Cheers... and keep on hacking :-) -- tomás signature.asc Description: Digital signature
Re: Still unable to restart networking on Debian 9 text mode only
Thank you Greg i would not like to use NetworkManager, i just tried it because all the other ways that i tried did not worked in new Debian Versions, after a fresh install so i am searching for a correct way of doing things.. (i read documentation, but maybe i am missing something) ifdown and ifup work partially instead of changing the ip, and it is adding a new ip to the interface. service networking restart - just brokes the network connection. Em sex, 23 de nov de 2018 às 11:02, Greg Wooledge escreveu: > > On Fri, Nov 23, 2018 at 10:31:28AM -0200, Luciano Andress Martini wrote: > > Then I edited /etc/network/interfaces and restart the system, to see > > if the ip was changed. And yes, it worked. So this file is still being > > used in some way - humm that seems to be the correct place to > > configure my interface isn't? > > /etc/network/interfaces is the primary, supported means of configuring > network interfaces in Debian. It's the best choice for standard server > and workstation setups. > > Network-Manager may also be installed (it's optional). As you've already > seen, it is installed when choosing a "desktop environment" during the > Debian installation, and skipped if no DE is chosen. N-M is apparently > the tool of choice for configuring wireless interfaces on laptops. > > Interfaces that are configured in /e/n/i are skipped by N-M. Thus, > you could think of it as "/e/n/i has priority, and N-M gets whatever > /e/n/i didn't get". > > Then there's some bizarre systemd network interface thing. It's not > used by default in Debian. I can't imagine anyone ever using it. > You can simply ignore it. > -- Luciano Andress Martini - Analista UNIX
Re: Still unable to restart networking on Debian 9 text mode only
If i am phisically logged the behavior are like to be the same. Em sex, 23 de nov de 2018 às 11:09, Luciano Andress Martini escreveu: > > Thank you Greg i would not like to use NetworkManager, i just tried it > because all the other ways that i tried did not worked in new Debian > Versions, after a fresh install so i am searching for a correct way of > doing things.. (i read documentation, but maybe i am missing > something) > > ifdown and ifup work partially instead of changing the ip, and it is > adding a new ip to the interface. > > service networking restart - just brokes the network connection. > Em sex, 23 de nov de 2018 às 11:02, Greg Wooledge > escreveu: > > > > On Fri, Nov 23, 2018 at 10:31:28AM -0200, Luciano Andress Martini wrote: > > > Then I edited /etc/network/interfaces and restart the system, to see > > > if the ip was changed. And yes, it worked. So this file is still being > > > used in some way - humm that seems to be the correct place to > > > configure my interface isn't? > > > > /etc/network/interfaces is the primary, supported means of configuring > > network interfaces in Debian. It's the best choice for standard server > > and workstation setups. > > > > Network-Manager may also be installed (it's optional). As you've already > > seen, it is installed when choosing a "desktop environment" during the > > Debian installation, and skipped if no DE is chosen. N-M is apparently > > the tool of choice for configuring wireless interfaces on laptops. > > > > Interfaces that are configured in /e/n/i are skipped by N-M. Thus, > > you could think of it as "/e/n/i has priority, and N-M gets whatever > > /e/n/i didn't get". > > > > Then there's some bizarre systemd network interface thing. It's not > > used by default in Debian. I can't imagine anyone ever using it. > > You can simply ignore it. > > > > > -- > Luciano Andress Martini - Analista UNIX -- Luciano Andress Martini - Analista UNIX
Re: Still unable to restart networking on Debian 9 text mode only
Additional information - Again Debian 9.6 Fresh Install without graphical interface: cat /etc/network/interfaces: # This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). source /etc/network/interfaces.d/* # The loopback network interface auto lo iface lo inet loopback # The primary network interface allow-hotplug enp0s3 iface enp0s3 inet static address 10.5.0.2/24 gateway 10.5.0.1 # dns-* options are implemented by the resolvconf package, if installed dns-nameservers 8.8.8.8 dns-search neoconsig.local Just changed 10.5.0.2 to 10.5.0.3 #ifdown enp0s3 #ifup enp0s3 Results in two ips configured instead of changing it: #ip a 2: enp0s3: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 08:00:27:7a:16:16 brd ff:ff:ff:ff:ff:ff inet 10.5.0.2/24 brd 10.5.0.255 scope global enp0s3 valid_lft forever preferred_lft forever inet 10.5.0.3/24 brd 10.5.0.255 scope global secondary enp0s3 valid_lft forever preferred_lft forever inet6 fe80::a00:27ff:fe7a:1616/64 scope link valid_lft forever preferred_lft forever Now lets restart the system and try it again but now using systemctl restart networking: After the full reboot the ip changed to 10.5.0.3, respecting /etc/network/interfaces. So, Lets try to change it again from 10.5.0.3 to 10.5.0.2 #systemctl restart networking (connection just disconnected instead of changing the ip) #ping 8.8.8.8 (eternally waiting...) #ip address Still shows the correct information (the ip did not change) Em sex, 23 de nov de 2018 às 11:10, Luciano Andress Martini escreveu: > > If i am phisically logged the behavior are like to be the same. > Em sex, 23 de nov de 2018 às 11:09, Luciano Andress Martini > escreveu: > > > > Thank you Greg i would not like to use NetworkManager, i just tried it > > because all the other ways that i tried did not worked in new Debian > > Versions, after a fresh install so i am searching for a correct way of > > doing things.. (i read documentation, but maybe i am missing > > something) > > > > ifdown and ifup work partially instead of changing the ip, and it is > > adding a new ip to the interface. > > > > service networking restart - just brokes the network connection. > > Em sex, 23 de nov de 2018 às 11:02, Greg Wooledge > > escreveu: > > > > > > On Fri, Nov 23, 2018 at 10:31:28AM -0200, Luciano Andress Martini wrote: > > > > Then I edited /etc/network/interfaces and restart the system, to see > > > > if the ip was changed. And yes, it worked. So this file is still being > > > > used in some way - humm that seems to be the correct place to > > > > configure my interface isn't? > > > > > > /etc/network/interfaces is the primary, supported means of configuring > > > network interfaces in Debian. It's the best choice for standard server > > > and workstation setups. > > > > > > Network-Manager may also be installed (it's optional). As you've already > > > seen, it is installed when choosing a "desktop environment" during the > > > Debian installation, and skipped if no DE is chosen. N-M is apparently > > > the tool of choice for configuring wireless interfaces on laptops. > > > > > > Interfaces that are configured in /e/n/i are skipped by N-M. Thus, > > > you could think of it as "/e/n/i has priority, and N-M gets whatever > > > /e/n/i didn't get". > > > > > > Then there's some bizarre systemd network interface thing. It's not > > > used by default in Debian. I can't imagine anyone ever using it. > > > You can simply ignore it. > > > > > > > > > -- > > Luciano Andress Martini - Analista UNIX > > > > -- > Luciano Andress Martini - Analista UNIX -- Luciano Andress Martini - Analista UNIX
Possible BUG: Unable to change the ip of network interfaces without reboot in text mode
I am not sure if my answers are reaching the users because i did not received it back so sorry to creating a new thread, but i think this is very important, please follow this steps to emulate it: 1- Install Debian 9.6 without graphical interface. 2- Try to change the ip in /etc/network/interfaces 3- Run systemctl restart networking ping 8.8.8.8 (network stopped working!) If system is restarted everything is ok again, and ip is changed properly . New try, now with ifdown and ifup: 1- Install Debian 9.6 without graphical interface. 2- Try to change the ip in /etc/network/interfaces 3- Run ifdown enp0s3 4- Run ifup enp0s3 5- That's right ,but now you have two ips configured instead of changing it. Is this is expected, i am so sorry for boring you, i will get out of here the faster as i can. -- Luciano Andress Martini - Analista UNIX
SSH & X11 forwarding
Hi list members, I have not used X11 over ssh for years now. But today is the day! And it does not work The remote console tells me 'Xt error: Can't open display: :0'. X11Forwarding is enabled on client and server, 'xhost +' on the client, DISPLAY is set. IPv6 is disabled on both ends with sysctl and in sshd_config. Client runs with xfce. What did I miss?
Re: Still unable to restart networking on Debian 9 text mode only
Here we try to post our e-mails to the list, so the whole community would benefit from the answers. Sending a email directly to the list subscriber is fine if you want to discuss something in private, which is clearly not the case here. And please do not top post. Now, to the problem at hand. On Fri, Nov 23, 2018 at 11:05:51AM -0200, Luciano Andress Martini wrote: > You say that ifdown and ifup is just enough, Yup. > So lets try it: > #editor /etc/network/interfaces > Changed the ip. > #ifdown enp0s3 > RTNETLINK answers: Cannot assign requested address And that's where you're doing it wrong. ifdown tries to remove the IP listed at /etc/network/interfaces first, and to bring the interface down next. Basically you've just asked ifdown to remove a non-configured address, but do nothing for the configured one. > #ifup enp0s3 A correct sequence to do this is: ifdown edit /etc/network/interfaces ifup > Alternatively, > #service networking restart > Does not make the ip to change and brokes the network. Please do not do this unless you have BMC/ILOM/ASMI/direct console access to the server. Reco
Re: Possible BUG: Unable to change the ip of network interfaces without reboot in text mode
On Fri, Nov 23, 2018 at 11:39:48AM -0200, Luciano Andress Martini wrote: > 2- Try to change the ip in /etc/network/interfaces > 3- Run ifdown enp0s3 > 4- Run ifup enp0s3 Perhaps you want to do it this way instead: 2- ifdown enp0s3 3- edit /etc/network/interfaces 4- ifup enp0s3
Re: SSH & X11 forwarding
Am Freitag, 23. November 2018, 14:48:09 CET schrieb Martin: Hi Martin, did you try ssh -X -l yourusername 192.168.what_ip.whatever? This should work by default. Any graphical application should then show on your client (as fas as you have linux on it at all). Running this from Windows, you need an extra X-Server. Hope this helps. Best Hans > Hi list members, > > I have not used X11 over ssh for years now. But today is the day! And it > does not work The remote console tells me 'Xt error: Can't open > display: :0'. > X11Forwarding is enabled on client and server, 'xhost +' on the client, > DISPLAY is set. IPv6 is disabled on both ends with sysctl and in > sshd_config. Client runs with xfce. > > What did I miss?
Re: SSH & X11 forwarding
Le 23-11-2018, à 14:48:09 +0100, Martin a écrit : Hi list members, I have not used X11 over ssh for years now. But today is the day! And it does not work The remote console tells me 'Xt error: Can't open display: :0'. X11Forwarding is enabled on client and server, 'xhost +' on the client, DISPLAY is set. IPv6 is disabled on both ends with sysctl and in sshd_config. Client runs with xfce. Did you use the '-X' switch ?
Re: SSH & X11 forwarding
Hi. On Fri, Nov 23, 2018 at 02:48:09PM +0100, Martin wrote: > Hi list members, > > I have not used X11 over ssh for years now. But today is the day! And it does > not work > The remote console tells me 'Xt error: Can't open display: :0'. What does it exactly say while logging you in? > X11Forwarding is enabled on client and server, 'xhost +' on the client, > DISPLAY is set. IPv6 is disabled on both ends with sysctl and in sshd_config. > Client runs with xfce. Every position in this list seems redundant to me, short of xfce part. You definitely do not need to run X server at the host to which ssh connnects to, X11 Forwarding works perfectly via IPv6, and you definitely do not need to set $DISPLAY by hand in the ssh connection. > What did I miss? A wild guess - installing xauth. And running sshd -Xv. Reco
Re: openvpn over ipv6 /65
Thanks for your quick response, Reco, On 23/11/2018 13:33, Reco wrote: > Hi. > > On Fri, Nov 23, 2018 at 01:18:45PM +0100, tony wrote: >> Hi, >> >> I have a Stretch VPServer with a /64 netbloch, of which only the first 2 >> addresses are used. I've been struggling for some time to get the right >> stanza to split that into two /65s, using the upper half for openvpn. > > I'd check first that some other addresses from this /64 range are routed > by your VPS provider. > I'm not sure I understand what you mean. As far as I'm aware, my VPS provider furnishes a full native /64 netblock for my exclusive use. They'll provide more, at a cost, but I see no point in that. > [snip] > Ad-hoc configuration: > > ### check this on your OS! > # ip a d igb0 2001:db8:0:123::/64 > # ip a a igb0 2001:db8:0:123::/65 > ### > ### re-assign the other aliases previously set under the /64 block > # ip a a igb0 2001:db8:0:123::dead/128 > # ip a a igb0 2001:db8:0:123::ea:beef/128 > I'm not using any addresses other than the ::1 and ::2 in the /64 block, so presumably the last two lines are redundant. > As for the persistent configuration, that depends on the contents of > /etc/network/interfaces. Can be static (it's straightforward then), > DHCPv6 (you won't be able to do the split) or RA (ditto). > No, it's all static: auto lo iface lo inet loopback auto eth0 iface eth0 inet static address 188.246.204.210 netmask 255.255.255.0 gateway 188.246.204.1 iface eth0 inet6 static address 2a03:9800:10:54::2 netmask 64 gateway 2a03:9800:10:54::1 So what is igb0? What do you mean by ad-hoc and persistent configuration? Thanks again, Tony
Re: Wireless card on New users computer
On Fri, Nov 23, 2018 at 02:30:42PM +0100, Marc Stephan Nkouly wrote: > Sorry for not giving enough details initially. No worries. > My laptop is LENOVO IDEA PAD 300 > INTEL PROCESSOR of 64 Bits with 4 G Ram & 500 HDD > Is true I had installed UBUNTU 18.04 But didn't appreciate it's sluginesh > Ànd now am running DEBIAN 9 with GNOME 3 Desktop environment. > Is true while doing the installation I saw a warning message that my > Wireless card require a non free driver with bthe name " iw l wifi-3160-17 " Thanks for the details. I see. This is actually the info needed here (actually the driver is probably called "iwlwifi-3160-17", see below). > But I didn't had the disc with it as the system asked me to insert it. > I have done my installation using NET INSTALL and got all the packages from > the Wired connection. Asking "apt-file" (this is a very useful command, which is found in a package with the same name): tomas@trotzki:~$ apt-file search iwlwifi-3160 firmware-iwlwifi: /lib/firmware/iwlwifi-3160-12.ucode firmware-iwlwifi: /lib/firmware/iwlwifi-3160-14.ucode firmware-iwlwifi: /lib/firmware/iwlwifi-3160-16.ucode firmware-iwlwifi: /lib/firmware/iwlwifi-3160-17.ucode firmware-iwlwifi: /lib/firmware/iwlwifi-3160-9.ucode (Apt-file searches for packages containing a file with that name) reveals that iwlwifi-3160-17.ucode is contained in a package named "firmware-iwlwifi" (the suffix .ucode suggests that those are "microcode files", i.e. firmware to be loaded onto the processor embedded in your wifi hardware. So installing the package "firmware-iwlwifi" should get you going. Note that the package itself is in the non-free repository (hardware vendors sometimes distribute non-free software and don't document their hardware in a way that would allow us to write software for it, alas). So possibly you would have to enable the non-free repository. Don't hesitate to ask if you are unsure. > I also admit that am a beginners and don't feel comfortable enough to edit > files using the command line. Nevertheless am here because I want to learn. > Am also attaching what I had snap during the installation. Don't worry. We all have things to learn -- actually that is part of the fun. Cheers -- tomás signature.asc Description: Digital signature
Got it: SSH & X11 forwarding
Stupid as it can be: X is running with -nolisten. Thanks good it's Friday, cheers.
Re: openvpn over ipv6 /65
HI. On Fri, Nov 23, 2018 at 03:07:01PM +0100, tony wrote: > Thanks for your quick response, Reco, > > On 23/11/2018 13:33, Reco wrote: > > Hi. > > > > On Fri, Nov 23, 2018 at 01:18:45PM +0100, tony wrote: > >> Hi, > >> > >> I have a Stretch VPServer with a /64 netbloch, of which only the first 2 > >> addresses are used. I've been struggling for some time to get the right > >> stanza to split that into two /65s, using the upper half for openvpn. > > > > I'd check first that some other addresses from this /64 range are routed > > by your VPS provider. > > > I'm not sure I understand what you mean. As far as I'm aware, my VPS > provider furnishes a full native /64 netblock for my exclusive use. > They'll provide more, at a cost, but I see no point in that. > > > [snip] Assign some other IPv6 address from your range to your VPS. Ensure that it's reachable from the outside world. For instance, I do not get any response from your gateway while I'm pinging 2a03:9800:10:54::dead (which you do not have), and get a reply from 2a03:9800:10:54::2 (which belongs to your VPS). > > Ad-hoc configuration: > > > > ### check this on your OS! > > # ip a d igb0 2001:db8:0:123::/64 > > # ip a a igb0 2001:db8:0:123::/65 > > ### > > ### re-assign the other aliases previously set under the /64 block > > # ip a a igb0 2001:db8:0:123::dead/128 > > # ip a a igb0 2001:db8:0:123::ea:beef/128 > > > I'm not using any addresses other than the ::1 and ::2 in the /64 block, > so presumably the last two lines are redundant. Yes, you do not need them. > > As for the persistent configuration, that depends on the contents of > > /etc/network/interfaces. Can be static (it's straightforward then), > > DHCPv6 (you won't be able to do the split) or RA (ditto). > > > No, it's all static: That simplifies things greatly. Replace this: iface eth0 inet6 static address 2a03:9800:10:54::2 netmask 64 gateway 2a03:9800:10:54::1 with this: iface eth0 inet6 static address 2a03:9800:10:54::2 netmask 65 gateway 2a03:9800:10:54::1 Leave all the other entries intact. Then invoke this as root (one-time only): ip a d dev eth0 2a03:9800:10:54::2/64 ip a a dev eth0 2a03:9800:10:54::2/65 ip ro d default via 2a03:9800:10:54::1 > So what is igb0? A name of interface that's used in OpenVPN documentation. Yours is called eth0. > What do you mean by ad-hoc and persistent configuration? ad-hoc means that you're using certain OS binaries (in this case - ip) to create a network configuration that does not survive the reboot. persistent means the opposite - you're trying to create a configuration that should reproduce itself after the reboot (in this case - e/n/i). Reco
Re: Install openssh-server jessie version deb package on stretch
On Fri, Nov 23, 2018 at 12:29:41PM +0100, owl...@gmail.com wrote: > > I have tried to use the right KexAlgorithm and Ciphers, but dropbear > client fail always > Do you have "LogLevel DEBUG3" in sshd_config? Can you specify a high debug log level on the dropbear side? Regards, -Roberto -- Roberto C. Sánchez
Re: Got it: SSH & X11 forwarding
On Fri, Nov 23, 2018 at 03:16:31PM +0100, Martin wrote: > Stupid as it can be: X is running with -nolisten. > > Thanks good it's Friday, cheers. > If you are not logging in with 'ssh -X ' or 'ssh -Y ' then you are not X forwarding over ssh. In particular, X forwarding does not require the Xserver to listen for any connections. As others have pointed out, you should be able to ssh in then execute the command for graphical application and that application should present itself on your desktop, from where you initiated the ssh connection. It sounds like what you are doing is using ssh to access the remote machine and then launching whatever X application you need in such a way that it simply connects back directly to the X server on your machine rather than traversing the ssh tunnel. Regards, -Roberto -- Roberto C. Sánchez
Re: Still unable to restart networking on Debian 9 text mode only
On 23.11.2018 17:31, Luciano Andress Martini wrote: > Good morning, > > IMPORTANT: Network Manager was not being installed automatically by > the Debian DVD when I do not mark the graphical interface. > > I tried a fresh Debian install without graphical interface but using > the graphical installator I am running Debian 9.6. > > Then I edited /etc/network/interfaces and restart the system, to see > if the ip was changed. And yes, it worked. So this file is still being > used in some way - humm that seems to be the correct place to > configure my interface isn't? > > Well, I edited it again, now to try change the ip but without > restarting the system - like in all servers real situation, you don't > want to go after the server. If you have NetworkManager installed and connection was already setup and working, this task is accomplished by only 2 commands: # nmcli con mod "MyConnectionName" ipv4.addresses "10.0.0.5/24" # nmcli con up "MyConnectionName" That's it. After that your ip address will be set to "10.0.0.5". No need to take your interface down, restart networking or reboot system. And of course this method works over ssh connection. Any information about connection names, available configurable properties, etc could be done via nmcli with bash auto-complete being a convenient helper. NM is great. I really don't understand why people think it's only for systems with GUI and hate it, while having trouble with editing /e/n/i for anything more complex than changing ip address. -- With kindest regards, Alexander. ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system ⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org ⠈⠳⣄
Re: openvpn over ipv6 /65
> with this: > > iface eth0 inet6 static >address 2a03:9800:10:54::2 >netmask 65 >gateway 2a03:9800:10:54::1 > > Leave all the other entries intact. > Then invoke this as root (one-time only): > > ip a d dev eth0 2a03:9800:10:54::2/64 > ip a a dev eth0 2a03:9800:10:54::2/65 > ip ro d default via 2a03:9800:10:54::1 This will need to be repeated at every reboot, better to use `up`, for example: iface eth0 ... ... gateway ... up ip -6 addr .. "up" will run the given command after the interface is brought up, as per "man 5 interfaces". Steve --
Re: openvpn over ipv6 /65
Hi. On Fri, Nov 23, 2018 at 03:39:16PM +, Steve Kemp wrote: > > with this: > > > > iface eth0 inet6 static > >address 2a03:9800:10:54::2 > >netmask 65 > >gateway 2a03:9800:10:54::1 > > > > Leave all the other entries intact. > > Then invoke this as root (one-time only): > > > > ip a d dev eth0 2a03:9800:10:54::2/64 > > ip a a dev eth0 2a03:9800:10:54::2/65 > > ip ro d default via 2a03:9800:10:54::1 > > This will need to be repeated at every reboot, No, it won't. OP has two stanzas regarding eth0 in e/n/i already - one for inet and another one for inet6. The whole point of this exercise is to get persistent configuration for /65 netmask *and* to avoid ifdown/ifup sequence to implement it now. And, of course, do the thing without the reboot. Reco
Apache Segmentation Fault
Hi, I have a web server running Testing with apache 2.4.37 and php 7.3. The purpose of the server is to run owncloud. However, after the nightly restart the server stops working. The logs show the following: /var/log/apache2/error.log.1 [Fri Nov 23 00:00:01.526101 2018] [mpm_prefork:notice] [pid 2858] AH00171: Graceful restart requested, doing restart /var/log/apache2/error.log [Fri Nov 23 00:00:01.622137 2018] [mpm_prefork:notice] [pid 2858] AH00163: Apache/2.4.37 (Debian) OpenSSL/1.1.1 configured -- resuming normal operations [Fri Nov 23 00:00:01.622156 2018] [core:notice] [pid 2858] AH00094: Command line: '/usr/sbin/apache2' [Fri Nov 23 00:00:01.626193 2018] [core:notice] [pid 2858] AH00052: child pid 5383 exit signal Segmentation fault (11) [Fri Nov 23 00:00:01.626217 2018] [core:notice] [pid 2858] AH00052: child pid 5384 exit signal Segmentation fault (11) [Fri Nov 23 00:00:01.626222 2018] [core:notice] [pid 2858] AH00052: child pid 5385 exit signal Segmentation fault (11) [Fri Nov 23 00:00:01.626227 2018] [core:notice] [pid 2858] AH00052: child pid 5386 exit signal Segmentation fault (11) These segmentation faults keep going so that the error.log file grows to hundreds of MB within a few hours. When I do "service apache2 restart" the server works properly again until the next nightly restart. Any idea what could cause this problem? Package versions: libapache2-mod-php7.3/testing,now 7.3.0~rc4-1 amd64 php-apcu/testing,now 5.1.12+4.0.11-2 amd64 php-redis/testing,now 4.2.0~rc2-1 amd64 php7.3-opcache/testing,now 7.3.0~rc4-1 amd64 certbot/testing,now 0.28.0-1 all First I had the opcache enabled in /etc/php/7.3/apache2/php.ini, but then I disabled it since many people reported issues with opcache causing segfaults. However, the problem still persists. I also tried to switch the memcache setting of owncloud from APCu to Redis, but also no effect. Owncloud's cron.php is executed via www-data's crontab. I also ran "certbot renew", but it does nothing because the server's certificate is still valid and thus the server keeps running. Best regards, Dino
Re: openvpn over ipv6 /65
> Hi. > > > This will need to be repeated at every reboot, > > No, it won't. OP has two stanzas regarding eth0 in e/n/i already - one > for inet and another one for inet6. You're right; I'm clearly not having a good day! Thank-you for the correction. Steve -- https://www.steve.org.uk/
Re: SSH & X11 forwarding
Am 23. Nov, 2018 schwätzte Martin so: moin moin, please don't 'xhost +', that should not be needed. The application being tunneled comes from localhost, so you shouldn't need any xhost adjustment. ciao, der.hans Hi list members, I have not used X11 over ssh for years now. But today is the day! And it does not work The remote console tells me 'Xt error: Can't open display: :0'. X11Forwarding is enabled on client and server, 'xhost +' on the client, DISPLAY is set. IPv6 is disabled on both ends with sysctl and in sshd_config. Client runs with xfce. What did I miss? -- # https://www.LuftHans.com https://www.PhxLinux.org # "If you want to build a ship, don’t drum up people to collect wood, and # don’t assign them tasks and work, but rather teach them to long for the # endless immensity of the sea." - Antoine de Saint-Exupéry
Re: Unable to boot BIOS/GPT system.
Le 23/11/2018 à 09:11, Thomas Schmitt a écrit : Pascal Hambourg wrote: If the EFI firmware can boot in legacy BIOS compatibility mode, it may require to set the boot flag on the protective GPT partition entry in the protective MBR. According to user reports on grub-devel mailing list about grub-mkrescue ISOs, the boot flag must not be set on the protective MBR partition. Yes, the protective partition should have the boot flag cleared for compliance with the GPT specification. But that's the theory, and there is the practice. For example I have come across an UEFI firmware implementation on a very old Intel board which required the boot flag to be cleared for EFI boot but set for legacy BIOS boot... But some BIOS implementations wont't regard the medium as bootable if there is no boot flag set at all. IME, many Dell and HP's are among these. The compromise that finally worked for those who tested, was to create an MBR partition of type 0x00 starting at LBA 0, having only one block, and bearing the boot flag. Indeed it worked for me too, and even allowed booting either in EFI or BIOS mode with the above board. At least until parted (or, I guess, any other libparted-based partition manager such as partman, the partitioning program part of the Debian installer) is used on the disk and resets the partition table to a standard protective MBR. Same if you set up a hybrid MBR with gdisk. So make sure to never use parted & Co. on such a disk or make sure you set the boot flag again afterwards.
Any directional antennas recommendations?
Hello! I need to connect to a distant Wi-Fi network. I consider buying a parabolic antenna. I want to have 10 km range and long amplification. Will TP-Link TL-ANT2424B be a good aerial? -- Best wishes, Hubert.
Squid HTTPS
Como dice el asunto quiero implementar una acl que impida por ejemplo descargar ficheros mp3, zip, rar etc desde squi proxy. Lo he logrado con http mas no con https aqui va algo del codigo que funciona con http acl blockfiles urlpath_regex -i "C:\\Squid\\etc\\squid\\blocks_files.txt" error_directory C:\Squid\usr\share\squid\errors\en deny_info ERR_BLOCKED_FILES blockfiles http_access deny blockfiles
Re: Any directional antennas recommendations?
On 11/23/2018 05:41 PM, Hubert Hauser wrote: Hello! I need to connect to a distant Wi-Fi network. I consider buying a parabolic antenna. I want to have 10 km range and long amplification. Will TP-Link TL-ANT2424B be a good aerial? -- Best wishes, Hubert. It's doubtful that you can reach a 10KM network with any kind of antenna unless there is an equal one at the far end. Then you might try the parabloic at each end.
Re: Squid HTTPS
On Fri, Nov 23, at 5:58 PM Eriel Perez wrote (Translated into English): > As the subject says I want to implement an acl that prevents for example > > download files mp3, zip, rar etc from squi proxy. I have achieved it with > > http but not with https > > I'm not a full expert on https, but think that the encryption aspect might prevent determining file types. here goes something of the code that works with http >> > >> acl blockfiles urlpath_regex -i "C: \\ Squid \\ etc \\ squid \\ >> blocks_files.txt" > > error_directory C: \ Squid \ usr \ share \ squid \ errors \ en > > deny_info ERR_BLOCKED_FILES blockfiles > > http_access deny blockfiles > > I'm not sure you *know* file types, due to the Encryption. In fact, isn't this one way people get around Political Censorship? Best regards, Kenneth Parker
Re: Squid HTTPS
On Fri, Nov 23, 2018 at 05:58:23PM -0500, Eriel Perez wrote: > Como dice el asunto quiero implementar una acl que impida por ejemplo > descargar ficheros mp3, zip, rar etc desde squi proxy. Lo he logrado con > http mas no con https > > > aqui va algo del codigo que funciona con http > > acl blockfiles urlpath_regex -i "C:\\Squid\\etc\\squid\\blocks_files.txt" > error_directory C:\Squid\usr\share\squid\errors\en > deny_info ERR_BLOCKED_FILES blockfiles > http_access deny blockfiles > Para poder filtrar tráfico HTTPS, hace falta configurar los clientes para utilizar el proxy para tráfico HTTPS. Además, te hace falta configurar un certificado SSL para squid e instalar ese certificado en los clientes y también configurar los clientes para confiar en ese certificado. No es posible hacer de proxy tráfico HTTPS de manera transparente. Saludos, -Roberto -- Roberto C. Sánchez
