In Debian Lenny (stable as of 2009) this file contains mappings for ethernet drivers that will be persistent across boots:
/etc/udev/rules.d/70-persistent-net.rules
If you change nics (netgear natsemi for an intel e100) for example, you will need to edit this file and remove the stanza (1 comment and 1device line that begins with SUBSYSTEM=="net",....)
Reboot, and the new nic should be detected as eth0
Customer has 2 physical circuits, Comcast Business Cable with 1 static IP, and a multi-t1 bundle to Verizon Business. Comcast will be used as the primary egress for internet browsing. Inbound email, web, and RDP services are mapped via static nats on a Cisco ASA that handles the Verizon connection. The Comcast connection has its own ASA for firewalling. Traffic needs to be sticky (i.e. it must go back out the same firewall it came in on or else the stateful packet inspection on the ASAs as well as the outbound NATs will break and the traffic will drop.
Ran into a strange issue with crypto maps and ipsec tunnel failover on an 1841. We had a t1 link between the HQ site and the remote site. EIGRP routing protocol was running across the WAN link. A backup DR ipsec tunnel was configured using a crypto ma (standard config, no tunnel interface) across a comcast cable link. DR tunnel came up as soon as the t1 went down, and traffic failed over. But when the t1 was restored, the specific ip address that had been used as a test case on the 1841 router would not flow back across the ipsec tunnel.
Had a situation on debian stable sgw firewall running rinetd tcp proxy to redirect smtp, rdp and web traffic on a backup t1 connection where millions of log entries like this were being created:
Dec 1 19:40:21 server-name.domain.com rinetd[28467]: accept(0): Socket operation on non-socket
A hyperthreaded processor has the same number of function units as an older, non-hyperthreaded processor. It just has two execution contexts, so it can maybe achieve better function unit utilization by letting more than one program execute concurrently. On the other hand, if you're running two programs which compete for the same function units, there is no advantage at all to having both running "concurrently." When one is running, the other is necessarily waiting on the same function units.
enable_dl = Off
max_execution_time = 15
max_input_time = 15
memory_limit = 32M
log_errors = On
track_errors = On
error_log = /var/log/apache2/error.log
post_max_size = 32M
upload_max_filesize = 32M
mysql.allow_persistent = Off
mysql.connect_timeout = 10
session.save_path = /var/lib/php5
register_globals = Off
sendmail_path = /usr/sbin/sendmail -t -i -f www@www.thissite.com
Apache settings to match nginx reverse proxy:
ServerRoot "/etc/apache2"
AcceptMutex flock
LockFile /var/lock/apache2/accept.lock
PidFile /var/run/apache2.pid
Timeout 10
KeepAlive Off
We have been rolling out nginx to help scale up our websites that use apache and php:
http://www.richweb.com/postfix_dovecot_ssl
Works well for a small to medium sized installation (5 to 50 accounts). A database backend would be better for larger installations to make provisioning easier. This is good for clients that want a small mail server + web site.
Caused by incorrect time on sending SMTP client (PC). Mail was relayed thru an SMTP auth postfix server which had correct time. Yahoo is scanning all of the SMTP headers, not just the host that is sending the email inbound to their MX.
Place these settings in the ssh server (sshd) configuration file and restart sshd:
/etc/ssh/sshd_config
ClientAliveInterval 120
ClientAliveCountMax 3
TCPKeepAlive yes
The other way, and easier and safer way is for your desktop machine to send those keep alive messages. As root on your desktop (or client) machine, edit /etc/ssh/ssh_config and add the line:
ServerAliveInterval 60
"Switching over to Richweb was the best decision I've ever made with this site (uhnd.com). You're on your game."