Love you guys, but now that I'm getting email alerts I had to stop watching this thread, LOL!

@Minion-Queen said in Email Issue:

You can unfollow certain threads you know

I figured. I'm going to learn how to do that next.

Hmm...I might regret this though.

YAY!!!!!! I'm getting the emails! Thanks @scottalanmiller for the quick fix!! You will find that with these alerts I'll be much more active with the threads I start and/or contribute to.

@anthonyh said in Email Issue:

@scottalanmiller said in Email Issue:

A Record added. Let's see what it does.

I see the record...let's see if I get the emails...

But may mail server doesn't yet....but that's my problem.

@scottalanmiller said in Email Issue:

A Record added. Let's see what it does.

I see the record...let's see if I get the emails...

@scottalanmiller Totally understood, which is why I suggested what I suggested...

I stumbled across this by complete coincidence. I was looking at our mail server logs for an unrelated issue and noticed that messages from ML were getting rejected.

Hold the phone...I'm supposed to be receiving email alerts from ML?!

Here is the "reject" pulled from my mail server log (with slight modification):

Sep  1 08:33:24 mail postfix/smtpd[15760]: NOQUEUE: reject: RCPT from so254-54.mailgun.net[198.61.254.54]: 450 4.1.8 <[email protected]>: Sender address rejected: Domain not found; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<so254-54.mailgun.net>

Looks like it's bouncing the message(s) because "mg.mangolassi.it" does not exist. This is because we have "reject_unknown_sender_domain" set in our Postfix config.

To make sure it wasn't our mail server doing something funky, I did some DNS lookups outside of the scope our mail server sees, and sure enough, there is no A or MX record for this domain.

Not sure if this is a known issue or not, but wanted to share just in case.

Without knowing the details behind ML's infrastructure, I think simply adding an A record that points "mg.mangolassi.it" to the IP(s) that "mangolassi.it" points to will fulfill this spam check. You can then configure the web server to redirect "mg.mangolassi.it" to "mangolassi.it" if someone ever decides to type it into a web browser. Creating an A or MX record to just about anywhere would be sufficient, I believe, as that will constitute as the domain "existing" to this spam check, but I think this is the most thoughtful approach (to me, anyway).

Just FYI!

Ha. One of those "well, I feel stupid" moments. Specifying the source interface in the tftp command resolved the problem!

copy tftp://serverIP/filename.bin;int=inside flash: 

The new ASA software version is copying over. Though it's quite slow. I'll have to see what tweaks I can make there...definitely not an issue for this thread.

I have an ASA 5505 at one of our remote sites that is used to form a VPN tunnel between that site and our main office. The VPN tunnel itself works beautifully. No issues with the tunnel. The clients on either side of the tunnel can reach each other, no problems there.

Where I'm having a problem is getting the ASA itself to reach clients across the VPN tunnel. This was never an issue until now. I'd like to update the software on the ASA (it's a bit behind running 8.2(5), but it cannot reach the TFTP server I have set up at the main office.

In doing a traceroute for networks across the VPN tunnel, it wants to use the default route which is to the Internet.

For what it's worth, I can reach the ASA via it's inside IP address from my workstation and any other client on the other side of the VPN.

Thoughts?

Here is the configuration of said ASA:

: Saved
:
ASA Version 8.2(5) 
!
hostname BRANCHFW01
enable password nope encrypted
passwd nope encrypted
names
!
interface Ethernet0/0
 description Connection to Comcast
 switchport access vlan 20
!
interface Ethernet0/1
 description Connection to Branch Router
 switchport access vlan 10
!
interface Ethernet0/2
 shutdown
!
interface Ethernet0/3
 shutdown
!
interface Ethernet0/4
 shutdown
!             
interface Ethernet0/5
 shutdown
!
interface Ethernet0/6
 shutdown
!
interface Ethernet0/7
 shutdown
!
interface Vlan1
 no nameif
 no security-level
 no ip address
!
interface Vlan10
 nameif inside
 security-level 100
 ip address 192.168.254.253 255.255.255.248 
!
interface Vlan20
 nameif outside
 security-level 0
 ip address X.X.X.X 255.255.255.248 
!             
ftp mode passive
clock timezone PST -8
clock summer-time PDT recurring
same-security-traffic permit intra-interface
object-group network HQ-VPN-NETWORKS
 network-object 172.16.0.0 255.240.0.0
 network-object 10.0.0.0 255.0.0.0
 network-object 192.168.0.0 255.255.0.0
object-group network BRANCH-VPN-NETWORKS
 network-object 10.39.126.0 255.255.255.0
 network-object 10.39.226.0 255.255.255.0
 network-object 10.39.136.0 255.255.255.0
 network-object 10.39.8.144 255.255.255.240
 network-object 192.168.254.248 255.255.255.248
access-list VPN extended permit ip object-group BRANCH-VPN-NETWORKS object-group HQ-VPN-NETWORKS 
access-list NO-NAT extended permit ip object-group BRANCH-VPN-NETWORKS object-group HQ-VPN-NETWORKS 
access-list inbound extended permit icmp any any time-exceeded 
access-list inbound extended permit icmp any any unreachable 
access-list inbound extended permit icmp any any echo-reply 
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list NO-NAT
nat (inside) 1 0.0.0.0 0.0.0.0
access-group inbound in interface outside
route outside 0.0.0.0 0.0.0.0 X.X.X.X 1
route inside 10.39.8.144 255.255.255.240 192.168.254.254 1
route inside 10.39.126.0 255.255.255.0 192.168.254.254 1
route inside 10.39.136.0 255.255.255.0 192.168.254.254 1
route inside 10.39.226.0 255.255.255.0 192.168.254.254 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication serial console LOCAL 
aaa authentication telnet console LOCAL 
aaa authentication ssh console LOCAL 
http server enable
http 192.168.0.0 255.255.255.0 inside
http 0.0.0.0 0.0.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac 
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac 
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac 
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac 
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac 
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac 
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac 
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac 
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac 
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac 
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map outside_map 1 match address VPN
crypto map outside_map 1 set peer X.X.X.X 
crypto map outside_map 1 set transform-set ESP-AES-256-SHA
crypto map outside_map 1 set security-association lifetime seconds 28800
crypto map outside_map 1 set security-association lifetime kilobytes 4608000
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
 authentication pre-share
 encryption aes-256
 hash sha
 group 2
 lifetime 86400
telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
management-access inside
dhcpd dns 8.8.8.8 8.8.4.4
!
dhcpd dns 10.39.254.21 10.39.218.20 interface inside
dhcpd domain domain.com interface inside
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 10.39.226.45
webvpn
 anyconnect-essentials
group-policy GroupPolicy1 internal
group-policy GroupPolicy1 attributes
 vpn-tunnel-protocol IPSec 
username nope password nope encrypted privilege 15
username nope attributes
 service-type admin
username nope password nope encrypted privilege 15
tunnel-group X.X.X.X type ipsec-l2l
tunnel-group X.X.X.X ipsec-attributes
 pre-shared-key *****
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum client auto
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map 
  inspect ftp 
  inspect h323 h225 
  inspect h323 ras 
  inspect ip-options 
  inspect netbios 
  inspect rsh 
  inspect skinny  
  inspect esmtp 
  inspect sqlnet 
  inspect sunrpc 
  inspect tftp 
  inspect xdmcp 
!
service-policy global_policy global
prompt hostname context 
no call-home reporting anonymous
call-home
 profile CiscoTAC-1
  no active
  destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
  destination address email [email protected]
  destination transport-method http
  subscribe-to-alert-group diagnostic
  subscribe-to-alert-group environment
  subscribe-to-alert-group inventory periodic monthly
  subscribe-to-alert-group configuration periodic monthly
  subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:nope
: end

@RamblingBiped said in Bandwidth Usage By Host:

I use iftop: http://www.ex-parrot.com/pdw/iftop/

@Romo said in Bandwidth Usage By Host:

I use iftop as well.

Oooh, so if I mirror the port connecting to our WAN and put the NIC in promiscuous mode, iftop should give me what I'm looking for?

Hey All,

We have a relatively small Internet connection compared to today's standards (30 Mbps), and recently we've been maxing it out. I want to determine if this is legitimate usage, or if there is something abnormal going on.

I have Zenoss set up which gives me pretty MRTG graphs for the interfaces on our routers and switches, but I'm looking to collect more granular data. This is what is showing me we're using basically all of our Internet bandwidth. It is only during business hours, so it's not some host going rogue at night...which makes me feel a little better.

I think the next step is to mirror the port that connects our LAN to our firewall and monitor that traffic. I'm looking for something that'll basically tell me bandwidth usages based on source/destination IPs.

Any recommendations? My preference would be free and Linux based, but inexpensive and/or Windows based can work if I have to...

For what it's worth, we're using a Cisco ASA 5510 for our firewall. I'm sure it has a feature that will assist me with this that I just don't know about.

Thanks!

@tonyshowoff

That makes sense, but I still don't understand how an SSH session changes the behavior of telnet. Wouldn't be the same as if I'm executing telnet on the workstation itself?

Here is where I'm boggled that I think some are missing...

If I am using telnet directly on my workstation, I get a 10 or so second delay before the session starts.

If I SSH into my workstation, then use telnet, the session starts instantly.

If I SSH into my workstation, from my workstation (e.g. ssh 127.0.0.1), then use telnet, the session starts instantly.

What would an SSH session change to remove the delay?

You want to know what's even weirder?! If I SSH into my box, while I'm ON that box (ssh 127.0.0.1), I can start a telnet session without any sort of delay.

What...the...heck???

@scottalanmiller said in Weird telnet Issue:

Definitely a weird one. I can't think of why it would do that. Is it possible that it is somehow related to Reverse DNS lookups, that your workstation is not listed in DNS and the machines into which you are remoting are trying to look it up?

That would make sense, except when I SSH into my box from another box, then start a telnet session without any delay. That's where I'm confused!

@travisdh1 I always use the IP, so DNS should be out of the mix. SSH does not have this issue.

My primary workstation is a Fedora 24 box. I'm working on migrating management access to our switches and routers from telnet to SSH, but in the mean time I'm still doing a bit of telnet-ing into these devices.

For some strange reason, when I do "telnet x.x.x", it takes 10-15 seconds for me to get a login prompt. If I do it from another workstation (Fedora or other), I do not have this issue. I'm pretty sure it's specific to my workstation, but I haven't a clue what is causing this. What's stranger is that I can ssh into my box from home (also Fedora 24), then telnet into our network equipment without any delay. So needless to say...I'm confused.

I'm using Terminator as the terminal application. However, using the terminal that comes default with Fedora exhibits the same problem.

Any ideas?

@scottalanmiller said in FreePBX Direct RTP Setup:

Why the heck does it show the network in KB instead of Kb. How silly.

That shows your average at pretty close to 100Kb/s. Just eyeballing it.

No idea. It's been this way since I've been here.

Here's a screen shot of the dashboard. How do I interpret what I'm seeing?