Article title: Linux application Q & A-network. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
Q: As long as there is a conflict between the IP address and the gateway IP address in the Lan, the network is interrupted instantly. Is there a solution?
A: change the LAN to DHCP. in the DHCP configuration, remove the gateway IP address.
Q: Squid has been started. Set the proxy server and port to 192.168.1.1: 3128 in IE on the client. the client can browse the webpage normally. When used as a transparent proxy, the proxy settings of the client are canceled. Add
Iptables-t nat-a postrouting-o eth0-p ALL-j SNAT -- to 10.1.1.112
In this case, you can ping the IP address on the client but cannot browse the webpage. how can this problem be solved?
A: Try the following settings:
Httpd_accel_host virtual
Httpd_accel_port 80
Httpd_accel_with_proxy on
Httpd_accel_uses_host_header on
Q: There is a Linux server that starts two mail ports. SMTP of Sendmail is enabled on port 1025 and SMTP of Qmail is started on port 25. The running result is that Qmail has no problem. because many websites use the anti-spam function, Sendmail cannot receive emails from non-port 25. That is to say, normal mail servers can receive mails sent by Sendmail, but those email servers that use the anti-spam function cannot receive mails. How can this problem be solved?
A: After you use the "iptables-t nat-a postrouting-p tcp -- sport 1025-j SNAT-to 211.163.76.1: 25" rule, the syn group sent from Port 1025 on the local machine is mapped to port 25 and then sent out. Leave the following conntrack in/proc/net/ip_conntrack. assume that the IP address is 222.222.222.222 and is a mail server using the anti-spam function:
When the syn/ack of 222.222.222.222 arrives, the above conntrack will be found in 222.222.222.222.222: 25 211.163.76.1: 25 syn and ACK groups, unless the user uses Qmail to connect 222.222.222.222.222 at. Nat should submit this group to Sendmail on port 1025. The same is true for other data groups. If Qmail and Sendmail connect to 222.222.222.222 at the same time, you can only write your own program to determine the number based on the serial number and confirmation number.
Q: After compiling kernel 2.4.9, there is no Iptables and only Ipchains. Is it a kernel problem?
A: Is there any Iptables that is irrelevant to the kernel? it may be that the Iptables application is not installed in the system. If "incompatible kernel" is reported during Iptables command execution, it indicates that the core does not enable the Netfilter option to support Iptables command execution.
Q: How can I use Iptables to disable port 443 on the local machine?
A: If you do not want others to connect to port 443, follow these steps:
# Iptables-a input-p (tcp/udp/all) -- dport 443-j DROP
To prevent yourself from sending messages out through port 443, do the following:
# Iptables-a output-p (tcp/udp/all) -- sport 443-j DROP
Q: there is a set of software in the Lan 192.168.0.2 machine that uses port 9.0 of the Red Hat Linux 7001 proxy server to connect to the outside for data transmission, it also allows external machines to access my machine through Port 7001. How do I perform Port ing (nic ip address of the Internet: A, B, C, and D intranet NIC IP address: 192.168.0.1 )?
A: The Port ing method is generally as follows:
Iptables-t nat-a prerouting-d $ yourWan -- dport $ yourPort-j dnat -- to $ yourLan
Iptables-t nat-a postrouting-s $ youLan -- sport $ yourPort-j snat -- to $ yourWan
$ YourWan = your public IP address
$ YourLan = IP address of your internal server
$ YourPort = Service port.
Q: The newly installed Red Hat 9.0 comes with OpenSSH. I put the public key that I usually use in the. ssh Directory of the user directory, and remotely connect using the key method according to the default configuration. Why is the key error reported in the result?
A: After creating the. ssh directory, you must run the "chmod 700. ssh" command to change the directory permission to 700. Ensure that the key is written to the AuthorizedKeysFile. ssh/authorized_keys file specified in/etc/ssh/sshd_config. Make sure that you can use the key method for SSh connection.
Q: How to make the user unable to see the welcome information when telnet to the mail server, as shown below:
A: modify the SmtpGreetingMessage option in/etc/mail/sendmail. cf. Change "O SmtpGreetingMessage = $ j Sendmail $ v/$ Z; $ B" to "O SmtpGreetingMessage = test"
", And then restart Sendmail. Telnet to the email server again. The following content appears to prevent some malicious users from obtaining the mail system version:
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
