serverfault.com

I am trying to create some firewall rules for a VPS I rent, on which I host WireGuard, NginxProxyManager and PiHole. Now I want to limit the NginxProxyManager's web UI which runs on port 81, PiHole's web UI which runs on port 8080 and port 53 to be only accessible when I connect to VPN, in other words I want the web UI of NginxProxyManager, PiHole and the DNS port 53 to be only accessible when I connect to VPN. So I wrote some iptables rules, but for some reason they do not seem to work. Here are the rules as I have in order, *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [0:0] # Drop invalid packets -A INPUT -m conntrack --ctstate INVALID -j DROP # Allow loopback interface -A INPUT -i lo -j ACCEPT # Allow established connections -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT # Allow SSH on port 22 -A INPUT -p tcp --dport 22 -j ACCEPT # Allow HTTP/HTTPS -A INPUT -p tcp --dport 80 -j ACCEPT -A INPUT -p tcp --dport 443 -j A

I’m encountering an issue with my HAProxy setup. I have configured HAProxy to load balance multiple backends (web, API, and IoT services) using primary and secondary servers. The problem is: when I access the backend through HAProxy (e.g., using the port HAProxy is listening on), I frequently receive a 503 Service Unavailable error. However, if I access the backend server directly via its IP address (bypassing HAProxy), everything works perfectly and the backend responds as expected. Here is a relevant snippet of my HAProxy configuration for the primary and secondary backend servers: backend http_backend_api_master mode http option httpchk GET / timeout check 30s server web_server1 xx.xx.xx.xx:4000 check inter 10s fall 3 rise 1 server web_server2 xx.xx.xx.xx:4000 check backup inter 10s fall 3 rise 2 And the frontend: frontend http_front_api_master bind *:4000 mode http default_backend http

A router OS that I want to use supports Hifn, SafeNet etc crypto-accelerators. It is clear that if I buy one and insert into PCIe on the physical host, then it will be utilized by the router OS running on that physical host. But will it be utilized, if the router OS instead runs in a Hyper-V VM? How is that supposed to be set up? I read this article about VMConnect and tried to check it out, but the UI that leads to screens 3-7 is missing, and I do not have any 'Show options' UI elements, so am not able to follow it to find out myself whether the card will be available for pass-through under 'Other supported plug and play devices'. All I can do is select a VM and connect:

I am writing to request assistance regarding an issue with a Google-managed SSL certificate that is currently in a FAILED_NOT_VISIBLE state. Certificate ID: cred-dlg8888cc Domain: dlg8888.cc Status: FAILED_NOT_VISIBLE Created: Approximately 2 days ago I have already configured a Google Cloud CDN and set up the Load Balancer for the domain. The DNS records (A or CNAME) have been properly pointed to the Google CDN IP address, but the certificate remains in the FAILED_NOT_VISIBLE state. Could you please help clarify whether this status indicates that Google is unable to verify the domain's visibility or if there are any additional configurations required on my end? Any guidance you can provide on resolving this issue would be greatly appreciated. Thank you very much for your support.

I have created two subdomains on this Apache server: <VirtualHost *:80> ServerName test1.domain.com DocumentRoot /var/www/html/FIRST ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined RewriteEngine on RewriteCond %{SERVER_NAME} =bipard-exam-form.thecodebucket.com RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent] </VirtualHost> <VirtualHost *:80> ServerName test2.domain.com DocumentRoot /var/www/html/TEST1 ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost> But the issue is that whenever I try to visit the 2nd subdomain: test2.domain.com, it always loads the first one - test1.domain.com. The DNS is properly configured too.

I'm running a small Linux-device on an ST32 MCU. This board comes with an USB OTG port. Now I want to configure this port to let it act as serial device, means when I connect it to an other PC via that USB-port, I like to appear it as COM or /dev/ttY* there. What I have so far is a script which should do the trick: mkdir -p /sys/kernel/config/usb_gadget/g1 cd /sys/kernel/config/usb_gadget/g1 echo 0x1111 > idVendor echo 0x2222 > idProduct mkdir strings/0x409 echo "0DEADBEEF" > strings/0x409/serialnumber echo "Me, myself and I" > strings/0x409/manufacturer echo "MyDevice" > strings/0x409/product mkdir configs/c.1 echo 120 > configs/c.1/MaxPower modprobe usb_f_acm mkdir functions/acm.0 ln -s functions/acm.0 configs/c.1 echo 0000:01:00.0 > UDC The mkdir command works only when I execute this as root and with sudo. But my problem is the last line: It always fails with an sh: write error: Devi

Using PowerShell and the BEMCLI module, $f01 = New-BeLinuxMacSelection -Path "/somethingA/*" -Recurse $g01 = New-BeLinuxMacSelection -Path "/somethingB/*" -Recurse $selection1 = New-BEBackupSelection -AgentServer (Get-BEAgentServer -Name "server1") -Selection ($f01) $selection2 = New-BEBackupSelection -AgentServer (Get-BEAgentServer -Name "server2") -Selection ($g01) New-BEBackupDefinition -BackupJobDefault BackupToDisk -SelectionList $selection1,$selection2 -Name "BackupJob" | Save-BEBackupDefinition Error message: Save-BEBackupDefinition : Backup definition 'BackupJob' cannot be saved because it does not contain valid selections. I have it working without issues when the selection is from a single server, as I can add the selection to the New-BeBackupDefinition, but when job has multiple servers that does not work as there isn't a way to pair the path selection to a

How can I uninstall winlogbeat Windows Service? A sample script can be find below: https://github.com/elastic/beats/blob/master/dev-tools/packaging/templates/windows/uninstall-service.ps1.tmpl But how can it be used to remove winlogbeat on Windows?

Remote a computer in a notebook by RDP, but the computer stuck at "Unlock the PC Welcome" page. Both computer and notebook were not shut down. enter image description here

We are currently exceeding our Cisco Umbrella DNS query license by 3x due to all DNS traffic—internal and external—being sent directly to Umbrella and it forwards internal to DC and external to cloud DNS. One solution is to configure BIND with checkpoint firewall but what other solution can be done?. Is there any other way to decrease traffic on DNS? Another thing, if I want to decrease external queries going to Cisco Umbrella, should I use Checkpoint features instead?