1
Virtualization 虛擬化技術 / Vsphere 5 即將上市...
« 於: 2011-05-25 11:35 »
近日突然想到Vsphere 4.1發布快一年了,代表五也該有消息...一Google還真的有...
各位有興趣的可以去Google探訪一下
某部分的功能真的有正到...
PS:據悉,大概七、八月會上市
各位有興趣的可以去Google探訪一下
某部分的功能真的有正到...
PS:據悉,大概七、八月會上市
這裡允許您檢視這個會員的所有文章。請注意, 您只能看見您有權限閱讀的文章。
[2007/08/02 14:50:50, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
Failed to verify incoming ticket!
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = SUNDC.SUNCOLOR.COM.TW
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
forwardable = yes
[realms]
SUNCOLOR.COM.TW = {
kdc = server.mydomain.com.tw:88
admin_server = SERVER.MYDOMAIN.COM.TW:749
default_domain = MYDOMAIN.COM.TW
}
[domain_realm]
.mydomain.com.tw = MYDOMAIN.COM.TW
mydomain.com.tw = MYDOMAIN.COM.TW
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
[global]
workgroup = SUN1
realm = MYDOMAIN.COM.TW
netbios name = sunma
server string = SMB
security = ads
password server = server.mydomain.com.tw
encrypt passwords = yes
idmap uid = 16777000-33550000
idmap gid = 16777000-33550000
template shell = /bin/bash
winbind use default domain = yes
template homedir = /home/winnt/%D/%U
winbind enum groups = yes
winbind enum users = yes
winbind separator = /
domain master = no
domain logons = no
preferred master = no
[homes]
comment = Public
path = /home/winnt/%D/%U
browseable = no
valid users = %U
writable = yes
<?php
# insert.php
$MyData ="";
$fd = fopen ("/tmp/myfile", "r");
while (!feof ($fd))
{
$buffer = fgets($fd, 40960);
#echo $buffer;}
$MyData=$MyData.$buffer;
}
fclose ($fd);
$today = date("Y").date("m").date("d").date("H").date("i");
$comm = mssql_pconnect('DBServer','sa','123456');
mssql_select_db("SC_EIP") ;
$str = "insert into MsnLog_Tmp (InsertDate,MyData) values ('$today','$MyData')";
mssql_query($str) or die("資料庫新增記錄失敗<br>");
?>
:
%rules-dir% = /etc/MailScanner/rules
Archive Mail = %rules-dir%/archive.rules
To: @abc.idv.tw yes
To: * yes forward andy@abc.idv.tw
[root@MyServer root]# vi /usr/sbin/firewall
#!/bin/sh
NAT=1
NATSRC="192.168.3.0/24"
EXTIF="eth0"
INTIF="eth1"
BADIPS="12.34.56.78 123.100.200.0/24"
TCP_PORTALLOWED="20 21 22 25 53 80 110 3306 10000"
UDP_PORTALLOWED="53"
ICMPALLOWED="0 3 8 11"
modprobe ip_tables
modprobe ip_conntrack
modprobe ip_conntrack_ftp
modprobe ip_conntrack_irc
echo -n "Initiating iptables..."
iptables -t filter -F
iptables -t nat -F
iptables -t filter -X
iptables -t nat -X
echo "ok"
if [ "$NAT" = "1" ]; then
echo -n "Setting NAT..."
echo "1" > /proc/sys/net/ipv4/ip_forward
modprobe ip_nat_ftp
iptables -t nat -A POSTROUTING -o $EXTIF -s $NATSRC -j MASQUERADE
echo "ok"
fi
echo -n "Setting rules..."
for ip in $BADIPS ; do
iptables -A INPUT -i $EXTIF -s $ip -j DROP
done
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
#iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
#iptables -A OUTPUT -p udp -m state --state NEW --dport 53 -j ACCEPT
#iptables -A OUTPUT -m owner ! --uid-owner 0 -j DROP
iptables -N other
for type in $ICMPALLOWED ; do
iptables -A other -p icmp -m state --state NEW --icmp-type $type -j ACCEPT
done
for port in $TCP_ALLOWED ; do
iptables -A other -p tcp --dport $port --syn -m state --state NEW -i $EXTIF -j ACCEPT
done
for port in $UDP_PORTALLOWED ; do
iptables -A other -p udp --dport $port -m state --state NEW -i $EXTIF -j ACCEPT
done
#iptables -t nat -A PREROUTING -d 220.229.37.48 -p tcp --dport 3389 -j DNAT --to 192.168.3.252:3389
#iptables -t nat -A PREROUTING -p tcp --dport 3389 -i eth0 -j DNAT --to 192.168.3.252:3389
#iptables -t nat -A PREROUTING -p tcp -i eth1 -d 220.229.37.48 --dport 3389 -j DNAT --to 192.168.3.252:3389
#iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 3389 -j DNAT --to 192.168.3.252
#iptables -t nat -A PREROUTING -p tcp --dport 3389 -i eth0 -j DNAT --to 192.168.3.252
iptables -A INPUT -p tcp -i $EXTIF --dport 20 -j ACCEPT
iptables -A INPUT -p tcp -i $EXTIF --dport 21 -j ACCEPT
iptables -A INPUT -p tcp -s 220.228.54.189 -i $EXTIF --dport 22 -j ACCEPT
iptables -A INPUT -p tcp -i $EXTIF --dport 25 -j ACCEPT
iptables -A INPUT -p tcp -i $EXTIF --dport 53 -j ACCEPT
iptables -A INPUT -p tcp -i $EXTIF --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -i $EXTIF --dport 110 -j ACCEPT
iptables -A INPUT -p tcp -s 220.228.54.189 -i $EXTIF --dport 3306 -j ACCEPT
iptables -A INPUT -p tcp -i $EXTIF --dport 3389 -j ACCEPT
iptables -t nat -A PREROUTING -d 220.229.37.48 -p tcp --dport 3389 -j DNAT --to 192.168.3.252:3389
iptables -A INPUT -p tcp -s 220.228.54.189 -i $EXTIF --dport 10000 -j ACCEPT
iptables -A other -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A other -m state --state NEW,INVALID -i $EXTIF -j DROP
iptables -A other -m state --state NEW -i ! $EXTIF -j ACCEPT
iptables -A INPUT -j other
iptables -A OUTPUT -j other
iptables -A FORWARD -j other
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
iptables -t nat -I PREROUTING -m mac --mac-source 00:00:00:00:00:00 -j DROP
echo "ok"
if [ "$1" = "start" ]; then exit ;fi
echo -e "\n TEST MODE"
echo -n "ALL chains will be cleand after 7 sec."
i=1;while [ "$i" -le "7" ]; do
echo -n "."
i=`expr $i + 1`
sleep 1
done
echo -en "\nFlushing ruleset..."
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -t filter -F
iptables -t nat -F
iptables -t filter -X
iptables -t nat -X
echo "ok"
[root@MyServer root]# iptables-save
# Generated by iptables-save v1.2.7a on Thu Jan 13 15:49:06 2005
*nat
:PREROUTING ACCEPT [10522:674050]
:POSTROUTING ACCEPT [7392:468700]
:OUTPUT ACCEPT [7412:469704]
-A PREROUTING -m mac --mac-source 00:00:00:00:00:00 -j DROP
-A PREROUTING -d 220.229.37.48 -p tcp -m tcp --dport 3389 -j DNAT --to-destination 192.168.3.252:3389
-A POSTROUTING -s 192.168.3.0/255.255.255.0 -o eth0 -j MASQUERADE
COMMIT
# Completed on Thu Jan 13 15:49:06 2005
# Generated by iptables-save v1.2.7a on Thu Jan 13 15:49:06 2005
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
:other - [0:0]
-A INPUT -s 12.34.56.78 -i eth0 -j DROP
-A INPUT -s 123.100.200.0/255.255.255.0 -i eth0 -j DROP
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 20 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 21 -j ACCEPT
-A INPUT -s 220.228.54.189 -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 25 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 110 -j ACCEPT
-A INPUT -s 220.228.54.189 -i eth0 -p tcp -m tcp --dport 3306 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 3389 -j ACCEPT
-A INPUT -s 220.228.54.189 -i eth0 -p tcp -m tcp --dport 10000 -j ACCEPT
-A INPUT -j other
-A FORWARD -j other
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -j other
-A other -p icmp -m state --state NEW -m icmp --icmp-type 0 -j ACCEPT
-A other -p icmp -m state --state NEW -m icmp --icmp-type 3 -j ACCEPT
-A other -p icmp -m state --state NEW -m icmp --icmp-type 8 -j ACCEPT
-A other -p icmp -m state --state NEW -m icmp --icmp-type 11 -j ACCEPT
-A other -i eth0 -p udp -m udp --dport 53 -m state --state NEW -j ACCEPT
-A other -m state --state RELATED,ESTABLISHED -j ACCEPT
-A other -i eth0 -m state --state INVALID,NEW -j DROP
-A other -i ! eth0 -m state --state NEW -j ACCEPT
COMMIT
# Completed on Thu Jan 13 15:49:06 2005
[root@MyServer root]# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DROP all -- anywhere anywhere MAC 00:00:00:00:00:00
DNAT tcp -- anywhere adsl-220-229-37-48.NH.sparqnet.nettcp dpt:3389 to:192.168.3.252:3389
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 192.168.3.0/24 anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination