Search Results

Problem vsftpd in user chroot mode. When logging in, you get: 500 OOPS: chroot Solution You have selinux enabled. In RedHat Enterprise 7.3, the selinux boolean ftp_home_dir was removed. So your choices are either: disable selinux; or grant ftpd full access t...

(2020-05-03) Docker on CentOS 8 # dnf config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo # dnf install https://download.docker.com/linux/centos/7/x86_64/stable/Packages/containerd.io-1.2.6-3.3.el7.x86_64.rpm # dnf install docker-...

(2021-08-17) Problem: Some variety of libGL error: MESA-LOADER: failed to open swrast: /usr/lib64/dri/swrast_dri.so: cannot open shared object file: No such file or directory (search paths /usr/lib64/dri) libGL error: failed to load driver: swrast In my case ...

(2021-02-17) Problem A system between me and my destination is doing proxying for the destination IP. In practice: A firewall was showing all IPs it could route to as having SIP and Cisco-CSSP services enabled. Configuration changes to the firewall were necess...

(2022-02-01) Problem # sudo dnf (operation) Error: Failed to download metadata for repo 'appstream': Cannot prepare internal mirrorlist: No URLs in mirrorlist # Solution CentOS-8 is end of life. If you want to use the last released version of everything that'...

Installing Unifi Controller on Docker on CentOS 8 (or probably any docker installation at this point but anyways) Create: #!/bin/bash docker create \ --name=unifi-controller \ -e PUID=1000 \ -e PGID=1000 \ -e MEM_LIMIT=1024M `#optional` \ -p 3478:347...

(Note: may not be relevant to CentOS-4, I stuck this here because the dates (2008) kinda lined up?) Creating custom CentOS kernel RPMs Source I need to build a custom kernel A...

(2013 March 8) Useful commands for a v9.x VPN debug Phase 1: you want to see MM_ACTIVE in the State ciscoasa# show crypto isakmp sa IKEv1 SAs: Active SA: 1 Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey) T...

Problem Port-forward firewall outside, port 5000 to inside IP 192.168.1.100, port 8080. Solution conf t static (inside,outside) tcp interface 5000 192.168.1.100 8080 netmask 255.255.255.255 0 0 access-list outside_acl extended permit tcp any host $OUTSIDEIP eq...

(2013-12-05) Problem You have an ASA running 8.2(something). You have a l2l VPN with a remote peer. That remote peer is changing its IP address. Solution Here's what I did: create a new name object for the new peer IP create a new tunnel-group definition with...

(2013-11-12) Problem Site to site VPN with an ASA running 8.2. Solution The local network is 192.168.50.0/24; the network on the far side of the VPN is 172.17.64.0/24. ! This ACL controls access to the NAT-exemption rule access-list VPN extended permit ip 192....

Problem Setting up a site-to-site VPN using your shiny ASA running 8.2. Your peer has a bunch of remote networks for you to connect to, and wants you to NAT all traffic from your end to a particular source IP. Note that your partner will not be able to connect...

(2015-06-05) Seems like a terribly late date to still be messing around with clunkers like these, but oh well Problem ASA 5505 factory default, can't ssh in, ssh client gets error ssh_exchange_identification: Connection closed by remote host Solution Generate...

(2013 March 08) Example VPN Configuration ! Enable ISAKMP crypto isakmp enable outside ! ! Object definitions object network net-local subnet 192.168.101.0 255.255.255.0 ! object network net-remote subnet 192.168.102.0 255.255.255.0 ! ! This access list pe...

(2013-05-08) Sorry, no detailed notes (too busy right now) but this seems to work. If you read my notes for other versions of ASA you should be able to figure out what is going on. crypto isakmp enable outside object network net-local subnet 10.179.8.0 255.2...

(2013-07-05) Problem Brand-new out-of-box ASA (5512 in my case) won't permit the ASDM to run. Error is: Unable to load resource: https://192.168.1.1/admin/public/startup.jnlp Solution What is probably happening is the SSL Cipher settings on your browser are n...

(2015-10-01) Problem ASDM 7.1(3) on Windows 10. Solution Install 32-bit and 64-bit Java-JRE. I installed jre-8u60-windows-i586 and jre-8u60-windows-x64. Go to the ASDM web page and click the Install ASDM Launcher and let it install. In C: Program Files (x86)C...

(2021-02-25) DHCP Reservations This feature is now supported on ASA in version 9.13(1) and later Example: Magnus-5506-Desk# sh run dhcpd dhcpd dns 192.168.1.22 dhcpd domain cisco.com dhcpd option 4 ip 172.18.124.1 ! dhcpd address 192.168.100.100-192.168.100.20...

(2017-02-28) Problem I have firewall with public IP 1.2.3.4. I need to expose ssh the private server 192.168.1.1 on IP 1.2.3.5 to the internet peer at 1.9.1.1/ Solution conf t object SERVER-NAT host 192.168.1.1 object INTERNETPEER host 1.9.1.1 access-list in...

(2017-05-31) Problem I have a server on my dmz at 192.168.1.10, with a public IP of 1.1.1.1. I need another server on the 192.168.1.0/24 network to be able to access .10 through its public IP. Solution object network LAN subnet 192.168.1.0 255.255.255.0 objec...