Search Results

Search found 10501 results on 421 pages for 'hardware firewall'.

Page 11/421 | < Previous Page | 7 8 9 10 11 12 13 14 15 16 17 18  | Next Page >

  • Linux - real-world hardware RAID controller tuning (scsi and cciss)

    - by ewwhite
    Most of the Linux systems I manage feature hardware RAID controllers (mostly HP Smart Array). They're all running RHEL or CentOS. I'm looking for real-world tunables to help optimize performance for setups that incorporate hardware RAID controllers with SAS disks (Smart Array, Perc, LSI, etc.) and battery-backed or flash-backed cache. Assume RAID 1+0 and multiple spindles (4+ disks). I spend a considerable amount of time tuning Linux network settings for low-latency and financial trading applications. But many of those options are well-documented (changing send/receive buffers, modifying TCP window settings, etc.). What are engineers doing on the storage side? Historically, I've made changes to the I/O scheduling elevator, recently opting for the deadline and noop schedulers to improve performance within my applications. As RHEL versions have progressed, I've also noticed that the compiled-in defaults for SCSI and CCISS block devices have changed as well. This has had an impact on the recommended storage subsystem settings over time. However, it's been awhile since I've seen any clear recommendations. And I know that the OS defaults aren't optimal. For example, it seems that the default read-ahead buffer of 128kb is extremely small for a deployment on server-class hardware. The following articles explore the performance impact of changing read-ahead cache and nr_requests values on the block queues. http://zackreed.me/articles/54-hp-smart-array-p410-controller-tuning http://www.overclock.net/t/515068/tuning-a-hp-smart-array-p400-with-linux-why-tuning-really-matters http://yoshinorimatsunobu.blogspot.com/2009/04/linux-io-scheduler-queue-size-and.html For example, these are suggested changes for an HP Smart Array RAID controller: echo "noop" > /sys/block/cciss\!c0d0/queue/scheduler blockdev --setra 65536 /dev/cciss/c0d0 echo 512 > /sys/block/cciss\!c0d0/queue/nr_requests echo 2048 > /sys/block/cciss\!c0d0/queue/read_ahead_kb What else can be reliably tuned to improve storage performance? I'm specifically looking for sysctl and sysfs options in production scenarios.

    Read the article

  • How to have internet connection over VPN while "Microsoft Firewall Client for ISA server" is running

    - by blocked
    I have the software mentioned in the title running on my machine. When I connect over VPN to my company's network, my internet connection gets borked, because somehow the ISA firewall blocks it. This is completely idiotic, because my work involves extensive use of the internet, so having to disconnect and reconnect continuously seriously cripples my productivity. (Meaning: I'm tearing my hair out here.) Can I have my VPN connection and somehow still have my internet connection too? I'm open to any solution.

    Read the article

  • FortiGate firewall configuration with /30 and /28 networks

    - by slyderc
    I have fiber coming in from a new ISP which is being handed off via Ethernet on a single physical port. I'm having doubts about how to approach the configuration on my FortiGate 200A firewall because I've been given a /30 containing the ISP's gateway and another /28 for external IPs I can use: x.y.76.12/30 (.13 is the GW) x.y.76.64/28 (public IP space) How do I configure the FG200A's WAN1 interface to be aware of the two networks? As I only have one physical ISP port, will I need to plug it into a switch to break-out two cables and use a DMZ port on the FG200A for setting up the /28? Thanks in advance for your insight!

    Read the article

  • Packet logging on PIX firewall

    - by georged.id.auindex.htm
    We have a Cisco PIX 515 firewall and I would like to set up a simple logging that would give us a traffic breakdown for billing by: source destination protocol port size time PIX is plugged into Catalyst 2970 and I was told that the best thing since sliced bread for logging is to get Netflow and get Catalyst to log. My concern, however, (besides the Netflow cost) is that I really don't want to "listen" to the internal noise and all I'm interested in are the external traffic stats above for billing and analysis purposes. What would be the simplest and the easiest solution? Cheers George

    Read the article

  • Is opening ports in the firewall bad?

    - by Steven
    From what little I know about networking, opening ports lets external data get sent in. But how that data is handled is entirely up to the applications running on my machine. So if I'm not running any malicious applications, there should be nothing wrong with disabling the firewall, right? Also, how do applications work when ports aren't forwarded? For example, I need to forward port TCP 6112 to host Blizzard games, but I've heard that HTTP uses port 80, but I haven't forwarded that port, yet Firefox still works. Btw I'm using Windows Vista.

    Read the article

  • Exposing a WebServer behind a firewall without Port Forwarding

    - by pbreault
    We are deploying web applications in java using tomcat on client machines across the country. Once they are installed, we want to allow a remote access to these web applications through a central server, but we do not want our clients to have to open ports on their routers. Is there a way to tunnel the http traffic so that people connected to the central server can access the web applications that are behind a firewall ? The central server has a static ip address and we have full control over it. Right now, it is a windows box but it could be changed to a linux box if necessary. Our clients are running windows xp and up. We don't need to access the filesystem, we only want to access the web application through a browser. We have looked at reverse ssh tunneling but it shows scaling problem since every packet would have to pass through the central server.

    Read the article

  • What tangible security are gained by blocking all but a few outgoing ports in a firewall

    - by Frankie Dintino
    Our current hardware firewall allows for blocking incoming and outgoing ports. We have two possibilities: Block certain troublesome ports (unsecured smtp, bittorrent, etc.) Block all but a few approved ports (http, https, ssh, imap-ssl, etc.) I see several downsides with option 2. Occasionally web servers are hosted on non-standard ports and we would have to deal with the resulting issues. Also, there is nothing preventing a malicious or unwanted service from being hosted on port 80, for instance. What are are the upsides?

    Read the article

  • Firewall to block traffic to specific websites

    - by Ctroy
    I have recently switched from MAC to Windows Vista. I used to have LittleSnitch on Mac where I can create filters and disable browsing to other websites. I mean, I can create filters so that LittleSnitch will not send traffic to specific websites like Google Analytics etc. However, I cannot find a similar software on Windows. I tried Zone Alarm firewall, but it doesn't let you add filters to stop traffic to specific websites. Are there any software available on windows which are similar to LittleSnitch?

    Read the article

  • Good 1U Rack Firewall

    - by AX1
    Hello, I'm trying to find a good 1U rack firewall at a reasonable price. Most pricing is completely out of space (thousands of dollars? Why?). I don't want to list all features I need/want (there are too many variations but I don't care about most of them) - I'm just looking for something simple and not overly expensive. I've looked at the WatchGuard XTM 505 which is more reasonably priced -- are there any other firewalls in that range or even less expensive that are good for a small company?

    Read the article

  • PSAD Firewall/ UDP flood?

    - by Asad Moeen
    Well I'm actually trying to block a UDP Flood on the Application port because the string "getstatus" is causing my application to make large output due to a small input to the attacker's IP. I installed PSAD firewall to do the job. psad -S shows 3000,000 logged packets at the application port and top ports in Scan but does not block the IP of the attacker however other IP Addresses with small number of connections are dropped. I'm thinking that since output is also being made to the attacker, this is why its not getting blocked because iptables rate-limiting is also exactly doing the same thing and not blocking the IP where outgoing connection is also made. Any guesses why it won't work?

    Read the article

  • How to know currently open ports on the Windows Firewall?

    - by QIU Quan
    On Windows XP and Windows Server 2003, I can know currently open ports on the Windows Firewall using the following command: netsh firewall show state However, on Windows 7 and Hyper-V Server 2008 R2, when I give that command, it says: No ports are currently open on all network interfaces. IMPORTANT: Command executed successfully. However, "netsh firewall" is deprecated; use "netsh advfirewall firewall" instead. Apparently there are ports open because services such as NetBIOS NS, Remote Desktop, and Hyper-V remote administration are functioning. I tried a few 'netsh advfirewall' show commands, but didn't get a way to find out which ports are permit by Windows Firewall. Knowing the currently open ports, I can be sure that I'm permitting necessary and sufficient traffic to pass in, no more, no less. Going through the whole set of advanced firewall rules is so tedious and error-prone. Is there a command on Windows 7 and Windows Server 2008 to do this efficiently?

    Read the article

  • Configuring linux server firewall to allow access from a certain range of IP addresses

    - by eggman20
    Hi Guys, I'm new to linux server. I'm currently trying to get an Ubuntu 10.10 server up and running for the first time and I'm using Webmin for administration. I'm stuck on the setting up the firewall. What I need to do is to ONLY allow a range of IPs (e.g 128.171.21.1 - 128.171.21.100) to access the HTTP server and Webmin. I've seen a lot of tutorials but none of them fits what I needed. Thanks in advance!

    Read the article

  • Is SmoothWall a good firewall alternative?

    - by Oden
    I found this linux distribution, called SmoothWall. I read its documentation and it looks pretty for me. The only problem is, that I'm not a big linux professional and I have also not a lot of experience but I want to know your thoughts about this "Firewall OS"! Can it be used for small-business environment, with 15-17 PC-s? I would use the server also as cache proxy. Is this a good idea? (I mean, using one server for two things)

    Read the article

  • VMware virtual network adapters and Windows Firewall

    - by anonymous
    I am running VMware Workstation 7.1.4 on Windows 7 Enterprise SP1-U (x64). Aside from the physical network adapter, I have created a single virtual network adapter (VMware Virtual Ethernet Adapter for VMnet1) which is connected to (can be seen by) the host and the guests. My problem is, even after applying the "*NdisDeviceType = 1" tweak to the virtual adapter, making it disappear from the Network and Sharing Center, I still can't connect to programs running in the host from the guests, unless I specifically "allowed the program to communicate with the public network" using the Windows Firewall (which I don't want to do). This happens to all the programs and services running in the host (File and Printer Sharing, Database server, HTTP proxy, etc.) I am getting the impression that applying the "*NdisDeviceType = 1" tweak only hides a network from the Network and Sharing Center but not actually making it private. Any hints and suggestions?

    Read the article

  • How to have internet connection over VPN while "Microsoft Firewall Client for ISA server" is running

    - by blocked
    I have the software mentioned in the title running on my machine. When I connect over VPN to my company's network, my internet connection gets borked, because somehow the ISA firewall blocks it. This is completely idiotic, because my work involves extensive use of the internet, so having to disconnect and reconnect continuously seriously cripples my productivity. (Meaning: I'm tearing my hair out here.) Can I have my VPN connection and somehow still have my internet connection too? I'm open to any solution.

    Read the article

  • Opening firewall to incoming port 443

    - by jrdioko
    I recently set up the ufw firewall on a Linux machine so that outgoing connections are allowed, incoming connections are denied, and denied connections are logged. This seems to work fine for most cases, but I see many denied connections that are incoming on port 443 (many with IPs associated with Facebook). I can open that port to incoming connections, but first wanted to ask what these could be. Shouldn't HTTPS requests be initiated by me and be treated as outbound, not inbound connections? Is it typical to open incoming port 443 on consumer firewalls?

    Read the article

  • configuring linux server firewall to allow acces on a certain range of IP addresses

    - by eggman20
    Hi Guys, I'm new to linux server. I'm currently trying to get an Ubuntu 10.10 server up and running for the first time and I'm using Webmin for administration. I'm stuck on the setting up the firewall. What I need to do is to ONLY allow a range of IPs (e.g 128.171.21.1 - 128.171.21.100) to access the HTTP server and Webmin. I've seen a lot of tutorials but none of them fits what I needed. Thanks in advance!

    Read the article

  • configuring linux server firewall to allow acces on a certain range of IP addresses

    - by eggman20
    Hi Guys, I'm not sure if this is the right place to ask this but I'm currently trying to get an Ubuntu 10.10 server up and running for the first time and I'm using Webmin for administration. I'm stuck on the setting up the firewall. What I need to do is to ONLY allow a range of IPs (e.g 128.171.21.1 - 128.171.21.100) to access the HTTP server and Webmin. I've seen a lot of tutorials but none of them fits what I needed. Thanks in advance!

    Read the article

  • Would a switch be covered by a router's firewall

    - by Uh-yeah...
    So... Hopefully; this is the right place for this question. I need more Ethernet ports on my home network. Sadly, we already have an old router connected to the main router and we still need more ports. I feel dumb for asking; but, I just would like to double check. Would the devices connected to the switch be "protected" by the Main router's firewall? ? Up to this point I have assumed that was the case; but, a co-worker is convinced that is not the case [ I believe he is thinking of a situation in which the switch (un-managed) is before an access point]. [It would go modem to main router; main router then has the switch and old router connected to it.

    Read the article

  • Single PC Satellite Office Firewall

    - by Carl
    We are setting up a small, single PC office about 200 miles away. We plan on getting a cable internet connection but need some advice on a sufficient firewall. We would like to keep it under $100 if possible. 2 options we are considering are: Cisco RVS4000 (got some bad reviews) Linksys WRT120N (running DD-WRT) We need the ability for VPN but other than that we don't need anything special. We just want to keep that PC as safe as possible but easily maintainable because most work will be done remotely. What suggestions or solutions can you recommend for this application?

    Read the article

  • ??????????? Database Firewall ??????????

    - by ???02
    ??????????? Database Firewall ??????????SQL?????????????????SQL????????????WEB?????HTTP??????SQL??????????????????????????????????????????????SQL????????????????WEB??????????????????????????????????SQL??????????????????????Oracle Database Firewall????????????????????SQL?????SQL?????????·???????????????????????????????????Databese Firewall ???????????????Oracle Database Firewall???????????????????????????????·??SQL???????????????·Database ?????????????????·SQL??????Database??????·????·?????????????????????·Oracle Database Firewall ???????Oracle Databese Firewall ?????????? ?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????_DBFW????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? ???????????????·?????????????????????3?????????????·???????????????????????????????????????????????????????????? ·???????????????????90?????????????????????????????????????????????????????·????????????????????????????????????????????????? ·???????????????????????????????????????????????????????????????????????????????????????????????????????? Web????????????????????????????????????1~4????????????????????———?????———?????????????? 1.????????? : 2.??????(????) : 3.??????(????) : 4.??????? :———?????———?????????????? 1.????????? : ????????????????2.??????(????) :         2011?11?15? 13:00-14:303.??????(????) :         2011?11?17? 15:00-16:304.??????? : ?????????????? ???????????????????????????? ?????? Oracle Direct

    Read the article

  • Watchguard Firewall WebBlocker Regular Expression for Multiple Domains?

    - by Eric
    I'm pretty sure this is really a regex question, so you can skip to REGEX QUESTION if you want to skip the background. Our primary firewall is a Watchguard X750e running Fireware XTM v11.2. We're using webblocker to block most of the categories, and I'm allowing needed sites as they arise. Some sites are simple to add as exceptions, like Pandora radio. That one is just a pattern matched exception with "padnora.com/" as the pattern. All traffic from anywhere on pandora.com is allowed. I'm running into trouble on more sophisticated domains that reference content off of their base domains. We'll take GrooveShark as a sample. If you go to http://grooveshark.com/ and view page source, you'll see hrefs referring to gs-cdn.net as well as grooveshar.com. So adding a WebBlocker exception to grooveshark.com/ is not effective, and I have to add a second rule allowing gs-cdn.net/ as well. I see that the WebBlocker allows regex rules, so what I'd like to do in situations like this is create a single regex rule that allows traffic to all the needed domains. REGEX QUESTION: I'd like to try a regex that matches grooveshark.com/ and gs-cdn.net/. If anybody can help me write that regex, I'd appreciate it. Here is what is in the WatchGuard documentation from that section: Regular expression Regular expression matches use a Perl-compatible regular expression to make a match. For example, .[onc][eor][gtm] matches .org, .net, .com, or any other three-letter combination of one letter from each bracket, in order. Be sure to drop the leading “http://” Supports wild cards used in shell script. For example, the expression “(www)?.watchguard.[com|org|net]” will match URL paths including www.watchguard.com, www.watchguard.net, and www.watchguard.org. Thanks all!

    Read the article

  • DirectAccess Server firewall rules blocking ports

    - by StormPooper
    I have configured DirectAccess on my Server 2012 Essentials box and most of it works great - I can remotely access the server via RDP and the default IIS website on port 80. However, I can't access anything that uses other ports. For this example, the Team Foundation Server website. The only way to access it is by accessing http://localhost:8080/tfs on the server directly - even when using http://servername:8080/tfs or http://192.168.1.100:8080/tfs won't work. I've tried adding the ports to the NAT exceptions using Set-NetNatTransitionConfiguration –IPv4AddressPortPool and while that has allowed some ports used internally (Deluge, for example) it hasn't allowed me access to the URL. I think I've narrowed it down to the "DirectAccess Server Settings" Group Policy that is created when configuring DirectAccess. When I disable the link for this GPO, the TFS site works again, but the default IIS site stops working (but RDP still works). I already have rules in the firewall on the server for TFS and before enabling this Group Policy (so before configuring DirectAccess) I could access both sites. Does anybody have any suggestions for things I can change to allow access to both? I've uploaded the full GPO report and my Remote Access Configuration Summary for more details.

    Read the article

  • pfsense 2.0.1 Firewall SMB Share not showing up under network

    - by atrueresistance
    I have a freenas NAS with a SMB share running at 192.168.2.2 of a 192.168.2.0/28 network. Gateway is 192.168.2.1. Originally this was running on a switch with my LAN, but now having upgraded to new hardware the Freenas has it's own port on the firewall. Before the switch the freenas would show up under Network on a windows 7 box and an OSX Lion box as freenas{wins} or CIFS shares on freenas{osx} so I know it doesn't have anything do to with the freenas. Here are my pfsense rules. ID Proto Source Port Destination Port Gateway Queue Schedule Description PASS TCP FREENAS net * LAN net 139 (NetBIOS-SSN) * none cifs lan passthrough PASS TCP FREENAS net * LAN net 389 (LDAP) * none cifs lan passthrough PASS TCP FREENAS net * LAN net 445 (MS DS) * none cifs lan passthrough PASS UDP FREENAS net * LAN net 137 (NetBIOS-NS) * none cifs lan passthrough PASS UDP FREENAS net * LAN net 138 (NetBIOS-DGM) * none cifs lan passthrough BLOCK * FREENAS net * LAN net * * none BLOCK * FREENAS net * OPTZONE net * * none BLOCK * FREENAS net * 192.168.2.1 * * none PASS * FREENAS net * * * * none BLOCK * * * * * * none I can connect if I use \\192.168.2.2 and enter the correct login details. I would just like this to show up on the network. Nothing in the log seems to be blocked when I filter by 192.168.2.2. What port am I missing for SMB to show up under the network and not have to connect by IP? ps. Do I really need the LDAP rule?

    Read the article

  • Centos IPTables configuration for external firewall

    - by user137974
    Current setup Centos which is a Web, Mail (Postfix,Dovecot), FTP Server and Gateway with public ip and private ip (for LAN Gateway). We are planning to implement external firewall box and bring the server to LAN Please guide on configuring IPTables... Unable to receive mail and outgoing mail stays in postfix queue and is sent after delaying... The local ip of the server is 192.168.1.220 iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT DROP incoming HTTP iptables -A INPUT -i eth0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -o eth0 -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT iptables -A INPUT -i eth0 -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -o eth0 -p tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT outgoing HTTP iptables -A OUTPUT -o eth0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -i eth0 -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT FTP iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d 192.168.1.220 --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -p tcp -s 192.168.1.220 --sport 21 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d 192.168.1.220 --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A OUTPUT -p tcp -s 192.168.1.220 --sport 1024:65535 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT SMTP iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d 192.168.1.220 --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -p tcp -s 192.168.1.220 --sport 25 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT iptables -A OUTPUT -p tcp -s 192.168.1.220 --sport 1024:65535 -d 0/0 --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp -s 0/0 --sport 25 -d 192.168.1.220 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT POP3 iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d 192.168.1.220 --dport 110 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -p tcp -s 192.168.1.220 --sport 110 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT

    Read the article

< Previous Page | 7 8 9 10 11 12 13 14 15 16 17 18  | Next Page >