Commenting out everything in /etc/resolv.conf will deny you access to all DNS, pretty much cutting your guest from accessing the internet outside. It's showing what IP ranges get routed into what interfaces, and which gateway it uses as a catchall, which seems to be 192.168.56.1.
It's trying to do a DNS lookup on you when you login and failing to do so. Which are you logging into, eth0 or eth1?
192.168.56.1 is the address of the VBox adapter running on the host os (remember, the machine in question is a vm running under VirtualBox). That is the same address I specify as the gateway on the several OL 5.x vms I also have running on this system. From the host os:
The vm has two nics. The first is configured in VBox as NAT, is assigned to eth0, and is DHCP. The second is configured as host-only, is assgned to eth1 with a fixed ip address of 192.168.56.102. That is the address used to connect to it. My hosts file (on the host os, from where I am executing putty) has this entry:
I stupidly changed the shell of the root user to one that does not exist, and now when I try to lgon it says it cannot find the path to my shell and will not let me proceed any further. Is there any way I can get round this without re-installing the OS?
Thanks for any replies. (8 Replies)
Hi, I need to run a command remotely, rsh is disabled so I'm trying to do this:
ssh myserver ls -lst /work/jsf
The problem is that this prompts for a password and I want to do it in a shell script. How can I pass the password without user interaction? I tried "echo mypass | ssh_command" and... (1 Reply)
hi
how can I know abt the details of current user who are logged on and as well as those users who currently have an account but are not logged on?
Thanks (1 Reply)
Hi
I am envountring a problem while I login using ssh on a sun box to a remote box.
I use ssh user@server and it takes long time to ask for a password..
does anyone knows the reason behind this? or is there a way that this could be solved
Thanks,
Antony (8 Replies)
Hi, We currently have a problem on a centos server when i try to ssh to it there is a significant delay in getting a login prompt. What would be the steps in troubleshooting this issue? I have try to narrow down a possible network issue but cannot see anything obviously wrong in the routing table,... (4 Replies)
Hi im trying to write a script to logon to list of servers with same userID. I have no option/plan to implement ssh-keygen sharing between the systems, so i have written script creating 2 files,
file1 holds list of hosts
host1
host2
host3
file2 has following script
for i in `cat file1`... (1 Reply)
We have an OpenServer 5.0.5 system that has worked forever, but I'm hearing complaints of logon delays for users now. Normally they would telnet in and the logon screen would pop up, but now it sometimes takes a minute or more, and the user must hit the enter key to get it to appear. Everything... (11 Replies)
I'm having an issue with SSH on a server that hasn't had any configuration changes made on it in a long time. I SSH to the server and it hangs at "debug1: SSH2_MSG_KEXINIT sent" for exactly 40 seconds then connects fine after that pause. Everything I have found points to DNS, but I use host files... (19 Replies)
Hi guys.
You'd have to excuse me a bit, as I'm a noob. I really try to avoid asking questions and do research for whatever linux issues that may arise.
I am experiencing a long wait for the shell to come up when I ssh or telnet into a Sunos 5.10 environment.
It takes 70 seconds to give me... (12 Replies)
Discussion started by: gpenco
12 Replies
LEARN ABOUT DEBIAN
shorewall-exclusion
SHOREWALL-EXCLUSION(5) [FIXME: manual] SHOREWALL-EXCLUSION(5)NAME
exclusion - Exclude a set of hosts from a definition in a shorewall configuration file.
SYNOPSIS
!address-or-range[,address-or-range]...
!zone-name[,zone-name]...
DESCRIPTION
The first form of exclusion is used when you wish to exclude one or more addresses from a definition. An exclaimation point is followed by
a comma-separated list of addresses. The addresses may be single host addresses (e.g., 192.168.1.4) or they may be network addresses in
CIDR format (e.g., 192.168.1.0/24). If your kernel and iptables include iprange support, you may also specify ranges of ip addresses of the
form lowaddress-highaddress
No embedded whitespace is allowed.
Exclusion can appear after a list of addresses and/or address ranges. In that case, the final list of address is formed by taking the first
list and then removing the addresses defined in the exclusion.
Beginning in Shorewall 4.4.13, the second form of exclusion is allowed after all and any in the SOURCE and DEST columns of
/etc/shorewall/rules. It allows you to omit arbitrary zones from the list generated by those key words.
Warning
If you omit a sub-zone and there is an explicit or explicit CONTINUE policy, a connection to/from that zone can still be matched by the
rule generated for a parent zone.
For example:
/etc/shorewall/zones:
#ZONE TYPE
z1 ip
z2:z1 ip
...
/etc/shorewall/policy:
#SOURCE DEST POLICY
z1 net CONTINUE
z2 net REJECT
/etc/shorewall/rules:
#ACTION SOURCE DEST PROTO DEST
# PORT(S)
ACCEPT all!z2 net tcp 22
In this case, SSH connections from z2 to net will be accepted by the generated z1 to net ACCEPT rule.
In most contexts, ipset names can be used as an address-or-range. Beginning with Shorewall 4.4.14, ipset lists enclosed in +[...] may also
be included (see shorewall-ipsets[1] (5)). The semantics of these lists when used in an exclusion are as follows:
o !+[set1,set2,...setN] produces a packet match if the packet does not match at least one of the sets. In other words, it is like NOT
match set1 OR NOT match set2 ... OR NOT match setN.
o +[!set1,!set2,...!setN] produces a packet match if the packet does not match any of the sets. In other words, it is like NOT match set1
AND NOT match set2 ... AND NOT match setN.
EXAMPLES
Example 1 - All IPv4 addresses except 192.168.3.4
!192.168.3.4
Example 2 - All IPv4 addresses except the network 192.168.1.0/24 and the host 10.2.3.4
!192.168.1.0/24,10.1.3.4
Example 3 - All IPv4 addresses except the range 192.168.1.3-192.168.1.12 and the network 10.0.0.0/8
!192.168.1.3-192.168.1.12,10.0.0.0/8
Example 4 - The network 192.168.1.0/24 except hosts 192.168.1.3 and 192.168.1.9
192.168.1.0/24!192.168.1.3,192.168.1.9
Example 5 - All parent zones except loc
any!loc
FILES
/etc/shorewall/hosts
/etc/shorewall/masq
/etc/shorewall/rules
/etc/shorewall/tcrules
SEE ALSO shorewall(8), shorewall-accounting(5), shorewall-actions(5), shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5),
shorewall-ipsets(5), shorewall-maclist(5), shorewall-masq(5), shorewall-nat(5), shorewall-netmap(5), shorewall-params(5),
shorewall-policy(5), shorewall-providers(5), shorewall-proxyarp(5), shorewall-rtrules(5), shorewall-routestopped(5), shorewall-rules(5),
shorewall.conf(5), shorewall-secmarks(5), shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5), shorewall-tos(5),
shorewall-tunnels(5), shorewall-zones(5)NOTES
1. shorewall-ipsets
http://www.shorewall.net/manpages/shorewall-ipsets.html
[FIXME: source] 06/28/2012 SHOREWALL-EXCLUSION(5)