Re: [CentOS] ICMP outoging traffic at centos 6.7
Thanks, Dropped the ICMP type 3 port. Now question to find the cause. On Wed, Jan 6, 2016 at 6:49 PM, Gordon Messmer <gordon.mess...@gmail.com> wrote: > On 01/06/2016 04:45 AM, Shital Sakhare wrote: > >> I have blocked icmp ports in iptables and if I execute the Ping manualy >> its >> blocking. >> > ... > >> How this can be controlled ? >> > > Drop the incoming traffic in iptables, rather than rejecting it? > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] ICMP outoging traffic at centos 6.7
Hi, >From last some days I am facing the unexpected huge ICMP traffic is going out from Server. I have blocked icmp ports in iptables and if I execute the Ping manualy its blocking. Some process is send this huge traffic. Below is tcpdump output. 16:23:27.817856 IP (tos 0xc0, ttl 64, id 55278, offset 0, flags [none], proto ICMP (1), length 104) example.com > ***.***.***.***: ICMP host example.com unreachable - admin prohibited, length 84 IP (tos 0x0, ttl 56, id 52085, offset 0, flags [DF], proto TCP (6), length 76) ***.***.***.***.5189 > example.com.https: Flags [P.], cksum 0xa427 (correct), seq 2571871600:2571871636, ack 1159342022, win 65535, length 36 How this can be controlled ? Thanks, Shital ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ICMP outoging traffic at centos 6.7
Yes, now I am dropping packets in OUTPUT chain for type 3. Initially, I implemented the chain to drop type 0 and 8. But it wont worked and the packets were hitting at firewall for multiple ICMP requests. I didn't Understand the problem. After posting here I go through all the types of ICMP types where I understand to drop packets for "Host unreachability" . Thanks for your help Mr. Gordon . On Wed, Jan 6, 2016 at 8:47 PM, Gordon Messmer <gordon.mess...@gmail.com> wrote: > On 01/06/2016 05:47 AM, Shital Sakhare wrote: > >> Thanks, Dropped the ICMP type 3 port. Now question to find the cause. >> > > Well, based on your tcpdump output, it looks like your rules were > rejecting unrelated packets, or tcp/443 packets. It's hard to be sure > since the ICMP was the first packet, so you didn't show the packet it was > actually replying to. > > The ICMP traffic is a result of rejecting rather than dropping that > traffic. That is, I think you're looking at the problem wrong. The ICMP > traffic is simply the result of a choice you made. Are you dropping type 3 > in the output chain? > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] machine check exception
Hi, After reboot I checked the mcelog and found no logs presents. On Mon, Oct 13, 2014 at 7:23 PM, Shital Sakhare shital.sakha...@gmail.com wrote: Hello, Today, I got the below error server Console, Cpu 1:machine check exception Tcs c7f3d370acf17a ADDR 112d6c00040288 MISC c453176c00040200 This is not a softeware problem Run through mcelog ascii to decode and contact your hW vendor Kernel panic not syncing :machine check Can anybody please provide the meaning of this. How can I pull the logs from server ? Still not able to understand the exact cause of it. Please help. Thanks and Regards, Shital ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] machine check exception
Thanks Ilyas/ Peter, Unfortunately, No iLO Event Logs and IML Logs configured on the server. Can anybody suggest which tools on the server I can configure so next time server will have all the log records. Its really hard to prove to the peoples that the issue is at hardware level (When the Hardware vendor and Application Owners are from different companies ). Thanks and Regards, Shital On Tue, Oct 14, 2014 at 4:48 PM, Ilyas -- umas...@gmail.com wrote: Hi, Do you have IPMI on other management (iLo, eLOM, iLOM, iRMC etc) interface on your server? Just try: # modprobe ipmi_si # modprobe ipmi_devintf # ipmitool sel elist May be you can find something about hardware problems. On Tue, Oct 14, 2014 at 2:15 PM, Shital Sakhare shital.sakha...@gmail.com wrote: Hi, After reboot I checked the mcelog and found no logs presents. On Mon, Oct 13, 2014 at 7:23 PM, Shital Sakhare shital.sakha...@gmail.com wrote: Hello, Today, I got the below error server Console, Cpu 1:machine check exception Tcs c7f3d370acf17a ADDR 112d6c00040288 MISC c453176c00040200 This is not a softeware problem Run through mcelog ascii to decode and contact your hW vendor Kernel panic not syncing :machine check Can anybody please provide the meaning of this. How can I pull the logs from server ? Still not able to understand the exact cause of it. Please help. Thanks and Regards, Shital ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- GPG Key ID: 6EC5EB27 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] machine check exception
Hello, Today, I got the below error server Console, Cpu 1:machine check exception Tcs c7f3d370acf17a ADDR 112d6c00040288 MISC c453176c00040200 This is not a softeware problem Run through mcelog ascii to decode and contact your hW vendor Kernel panic not syncing :machine check Can anybody please provide the meaning of this. How can I pull the logs from server ? Still not able to understand the exact cause of it. Please help. Thanks and Regards, Shital ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] wget: unable to resolve host address “xxxxx”
Hello again.. you can use the Subnet IP to 192.168.0 and Mask to 255.255.255.0 into the NAT setting of Virtual Network Editor provided by vmware. On Thu, Jul 31, 2014 at 4:55 PM, Shital Sakhare shital.sakha...@gmail.com wrote: Hello, PFA. This may resolve your issue. Because this settings works for me everytime. On Wed, Jul 30, 2014 at 10:41 AM, Theodore Si sjyz...@gmail.com wrote: Hi all, I find that in my CentOS, which is installed in vmware, I can use yum to install software from Internet, and I can also ping websites, but I cannot download stuff using wget. I receive error msg unable to resolve host address “x”. The IP address is 192.168.80.128, and this is the content of /etc/resolv.conf # Generated by NetworkManager domain localdomain search localdomain nameserver 192.168.80.2 I'd appreciate your help. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] How to Stop the Image URL in apache
Hi, While clicking on the image it opens into the browser. I dont want to allow client to open the image in browser as separate url. I have blocked the /image/ directory from access/listing , but the image is opening. ex. http://example.com/images/1.jpg . The image should not open in browser with this URL. How to stop that in apache. Please help me. Shital S. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to Stop the Image URL in apache
Thanks Peter, But I get it resolved. The setting is in Apache server itself. By adding rewrite rule into apache or .htaccess. Below is the code and it worked. RewriteEngine On Options -Indexes RewriteBase / RewriteCond %{HTTP_REFERER} !^%{HTTP_HOST}$ [NC] RewriteRule \.(swf|gif|png|jpg|doc|xls|pdf|html|htm|xlsx|docx)$ [R,L] -- Shital S On Mon, Jul 28, 2014 at 2:05 PM, Peter pe...@pajamian.dhs.org wrote: On 07/28/2014 08:08 PM, Shital Sakhare wrote: While clicking on the image it opens into the browser. I dont want to allow client to open the image in browser as separate url. Not possible. There is nothing in the http protocol that differentiates between a file being displayed inline inside other content and being downloaded separately. All the webserver knows is that the file was requested from the server and it delivers that file. There are tricks you can do with client-side javascript, or with checking the referrer or user agent, etc. but all of them are easy to circumvent, and note that regardless of what you do that file has to be downloaded in order to be displayed in any capacity. Peter ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos