Search Results

Search found 12089 results on 484 pages for 'rule of three'.

Page 115/484 | < Previous Page | 111 112 113 114 115 116 117 118 119 120 121 122  | Next Page >

  • Forwarding udp ports iptables packets "lost"?

    - by Dindihi
    I have a Linux router (Debian 6.x) where i forward some ports to internal services. Some tcp ports (like 80, 22...) are OK. I have one Application listening on port 54277udp. No return is coming from this app, i only get Data on this port. Router: cat /proc/sys/net/ipv4/conf/all/rp_filter = 1 cat /proc/sys/net/ipv4/conf/eth0/forwarding = 1 cat /proc/sys/net/ipv4/conf/ppp0/forwarding = 1 $IPTABLES -t nat -I PREROUTING -p udp -i ppp0 --dport 54277 -j DNAT --to-destination $SRV_IP:54277 $IPTABLES -I FORWARD -p udp -d $SRV_IP --dport 54277 -j ACCEPT Also MASQUERADING internal traffic to ppp0(internet) is active & working. Default Policy INPUT&OUTPUT&FORWARD is DROP What is strange, when i do: tcpdump -p -vvvv -i ppp0 port 54277 I get a lot of traffic: 18:35:43.646133 IP (tos 0x0, ttl 57, id 0, offset 0, flags [DF], proto UDP (17), length 57) source.ip > own.external.ip..54277: [udp sum ok] UDP, length 29 18:35:43.652301 IP (tos 0x0, ttl 57, id 0, offset 0, flags [DF], proto UDP (17), length 57) source.ip > own.external.ip..54277: [udp sum ok] UDP, length 29 18:35:43.653324 IP (tos 0x0, ttl 57, id 0, offset 0, flags [DF], proto UDP (17), length 57) source.ip > own.external.ip..54277: [udp sum ok] UDP, length 29 18:35:43.655795 IP (tos 0x0, ttl 57, id 0, offset 0, flags [DF], proto UDP (17), length 57) source.ip > own.external.ip..54277: [udp sum ok] UDP, length 29 18:35:43.656727 IP (tos 0x0, ttl 57, id 0, offset 0, flags [DF], proto UDP (17), length 57) source.ip > own.external.ip..54277: [udp sum ok] UDP, length 29 18:35:43.659719 IP (tos 0x0, ttl 57, id 0, offset 0, flags [DF], proto UDP (17), length 57) source.ip > own.external.ip..54277: [udp sum ok] UDP, length 29 tcpdump -p -i eth0 port 54277 (on the same machine, the router) i get much less traffic. also on the destination $SRV_IP there are only a few packets coming in, but not all. INTERNAL SERVER: 19:15:30.039663 IP source.ip.52394 > 192.168.215.4.54277: UDP, length 16 19:15:30.276112 IP source.ip.52394 > 192.168.215.4.54277: UDP, length 16 19:15:30.726048 IP source.ip.52394 > 192.168.215.4.54277: UDP, length 16 So some udp ports are "ignored/dropped" ? Any idea what could be wrong? Edit: This is strange: The Forward rule has data packets, but the PREROUTING rule has 0 packets... iptables -nvL -t filter |grep 54277 Chain FORWARD (policy DROP 0 packets, 0 bytes) 168 8401 ACCEPT udp -- * * 0.0.0.0/0 192.168.215.4 state NEW,RELATED,ESTABLISHED udp dpt:54277 iptables -nvL -t nat |grep 54277 Chain PREROUTING (policy ACCEPT 405 packets, 24360 bytes) 0 0 DNAT udp -- ppp0 * 0.0.0.0/0 my.external.ip udp dpt:54277 state NEW,RELATED,ESTABLISHED to:192.168.215.4

    Read the article

  • Disabling Windows Server 2008 firewall

    - by Vladimir Georgiev
    I am very stupid. I applied a windows firewall rule that blocks all tcp connection and thus kicking me out of remote desktop on a dedicated server. I managed to get into recovery via VNC, which is basically a windows xp recovery system. I have access to the physical files of the Windows Server 2008 R2 installation, but I don't know how to disable the firewall so I can reboot from recovery and connect to the W2K8 via remote desktop. Please, help.

    Read the article

  • OpenBSD pf 'match in all scrub (no-df)' causes HTTPS to be unreachable on mobile network

    - by Frank ter V.
    First of all: excuse me for my poor usage of the English language. For several years I'm experiencing problems with the 'match in all scrub (no-df)' rule in pf. I can't find out what's happening here. I'll try to be clear and simple. The pf.conf has been extremely shortened for this forum posting. Here is my pf.conf: set skip on lo0 match in all scrub (no-df) block all block in quick from urpf-failed pass in on em0 proto tcp from any to 213.125.xxx.xxx port 80 synproxy state pass in on em0 proto tcp from any to 213.125.xxx.xxx port 443 synproxy state pass out on em0 from 213.125.xxx.xxx to any modulate state HTTP and HTTPS are working fine. Until the moment a customer in France (Wanadoo DSL) couldn't view HTTPS pages! I blamed his provider and did no investigation on that problem. But then... I bought an Android Samsung Galaxy SII (Vodafone) to monitor my servers. Hours after I walked out of the telephone store: no HTTPS-connections on my server! I thought my servers were down, drove back to the office very fast. But they were up. I discovered that disabling the rule match in all scrub (no-df) solves the problem. Android phone (Vodafone NL) and Wanadoo DSL FR are now OK on HTTPS. But now I don't have any scrubbing anymore. This is not what I want. Does anyone here understand what is going on? I don't. Enabling scrubbing causes HTTPS webpages not to be loaded on SOME ISP's, but not all. In systat, I strangely DO see a state created and packets received from those ISP's... Still confused. I'm using OpenBSD 5.1/amd64 and OpenBSD 5.0/i386. I have two ISP's at my office (one DSL and one cable). Affects both. This can be reproduced quite easily. I hope someone has experience with this problem. Greetings, Frank

    Read the article

  • SSH into VirtualBox Guest: Connection Refused

    - by Eric J.
    Setup Windows 7 64-bit host OS running VirtualBox 4.2, with Ubuntu 12.04 guest OS. OpenSSH server is installed and running (ssh -v localhost connects locally in the guest machine). Can SSH to external servers (no outbound Windows firewall rule blocking port 22) Can ping the IP of the guest (192.168.56.101) Problem Using PuTTY to SSH to the IP of the guest OS (192.168.56.101), PuTTY returns almost immediately with Network error: connection refused How can I diagnose & resolve this issue?

    Read the article

  • Packet dropped even when firewall is turned off in windows server 2008

    - by LightX
    We have a windows 2008 server and lately we have started seeing a lot of 5152 Events logged in the server (Windows Filtering Platform blocked a packet). We have an inbound rule configured to allow connections to the port which was working fine earlier. I'm not sure what changed lately. But this doesn't make any sense. The packet is dropped even when windows firewall is disabled. What am I missing?

    Read the article

  • Are these the correct instructions to backup TFS 2010?

    - by Keith Sirmons
    Howdy, I am working on a backup plan for TFS 2010. I found this site http://msdn.microsoft.com/en-us/library/ms253070(VS.100).aspx that details a complex backup solution. Has anyone tested these procedures and can confirm they are accurate? There are a couple of steps that violate the SharePoint rule "Do Not Modify the Database!" Thank you, Keith

    Read the article

  • Stop squid caching 302 and 307 with deny_info

    - by 0xception
    TLDR: 302, 307 and Error pages are being cached. Need to force a refresh of the content. Long version: I've setup a very minimal squid instance running on a gateway which shouldn't not cache ANYTHING but needs to be solely used as a domain based web filter. I'm using another application which redirects un-authenticated users to the proxy which then uses the deny_info option redirects any non-whitelisted request to the login page. After the user has authenticated the firewall rule gets placed so they no longer get sent to the proxy. The problem is that when a user hits a website (xkcd.com) they are unauthenticated so they get redirected via the firewall: iptables -A unknown-user -t nat -p tcp --dport 80 -j REDIRECT --to-port 39135 to the proxy at this point squid redirects the user to the login page using a 302 (i've also tried 307, and i've also make sure the headers are set to no-cache and/or no-store for Cache-Control and Pragma). Then when the user logs into the system they get firewall rule which no longer directs them to the squid proxy. But if they go to xkcd.com again they will have the original redirection page cached and will once again get the login page. Any idea how to force these redirects to NOT be cached by the browser? Perhaps this is a problem w/ the browsers and not squid, but not sure how to get around it. Full squid config below. # # Recommended minimum configuration: # acl manager proto cache_object acl localhost src 127.0.0.1/32 ::1 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 acl localnet src 192.168.182.0/23 # RFC1918 possible internal network acl localnet src fc00::/7 # RFC 4193 local private network range acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines acl https port 443 acl http port 80 acl CONNECT method CONNECT # # Disable Cache # cache deny all via off negative_ttl 0 seconds refresh_all_ims on #error_default_language en # Allow manager access only from localhost http_access allow manager localhost http_access deny manager # Deny access to anything other then http http_access deny !http # Deny CONNECT to other than secure SSL ports http_access deny CONNECT !https visible_hostname gate.ovatn.net # Disable memory pooling memory_pools off # Never use neigh cache objects for cgi-bin scripts hierarchy_stoplist cgi-bin ? # # URL rewrite Test Settings # #acl whitelist dstdomain "/etc/squid/domains-pre.lst" #url_rewrite_program /usr/lib/squid/redirector #url_rewrite_access allow !whitelist #url_rewrite_children 5 startup=0 idle=1 concurrency=0 #http_access allow all # # Deny Info Error Test # acl whitelist dstdomain "/etc/squid/domains-pre.lst" deny_info http://login.domain.com/ whitelist #deny_info ERR_ACCESS_DENIED whitelist http_access deny !whitelist http_access allow whitelist http_port 39135 transparent ## Debug Values access_log /var/log/squid/access-pre.log cache_log /var/log/squid/cache-pre.log # Production Values #access_log /dev/null #cache_log /dev/null # Set PID file pid_filename /var/run/gatekeeper-pre.pid SOLUTION: I believe I might have found a solution to this. After days and days trying to figure it out, only through a random stumble I found client_persistent_connections off server_persistent_connections off This did the trick. So it wasn't so much cache as it was a single persistent connection messing things up. W000T!

    Read the article

  • Rewrite a Wordpress URL on .htaccess

    - by Rifki
    I'm using this permalink structure on my wordpress site : mysitedotcom/2011/09/mypost and i'm using rewrite rule to visit another site on .htaccess, <IfModule mod_rewrite.c> RewriteEngine on RewriteRule ([0-9]+)/([0-9]+)/(.*)/visit visit-site.php?siteurl=$3 [NC] </IfModule> so i can visit the site with this link mysitedotcom/2011/09/mypost/visit, sometime i want to change my permalink with structure like mysitedotcom/item/mypost when i can visiting another site with mysitedotcom/item/mypost/visit, please help me to change the .htaccess code above so I can access with mysitedotcom/item/mypost/visit link.

    Read the article

  • Excel Conditional Formatting Escaping a Question Mark

    - by kzh
    I would like to use a conditional formatting rule in an excel file that would color any box with a question mark in it red. It seems that Excel is using a question mark as a wild card and will turn all cells with at least one character in them red. How can i escape the question mark? These don't seem to work: "?" \? '?' ??

    Read the article

  • How do I redirect all requests to files in the root folder to point to another folder?

    - by purpletonic
    I've moved all of my files from the root of my website into a subfolder, I'd like to do an Apache redirect to point to the files without affecting the other subfolders in my site. E.g. /index.html -- redirect to -- /subfolder1/index.html /file1.html -- redirect to -- /subfolder1/index.html /subfolder2/index.html -- No redirect Can anyone help me with the redirect rule that I need to write for this. Thanks,

    Read the article

  • Squidguard (or equivalent) for IPv6

    - by Matthew Iselin
    We have recently implemented (native) IPv6 in our network. Everything is working very well so far, but our IPv4 network passes all HTTP traffic through Squid (2.7.STABLE6 on Ubuntu Server) + SquidGuard for filtering purposes. This is all managed via a redirect rule on the firewall (via Shorewall). I'm wondering now if it's possible to do the same thing with IPv6 at all. If it's any help we're using Shorewall6 for IPv6 traffic.

    Read the article

  • mod_rewrite for selectors with .html

    - by user1720607
    We have a website where the URL looks something like, www.example.com/about.smart.html ( "smart" being selector added on the app server based on the useragent if its a smart phone device) We need to redirect the page to 404 if the URL is changed by the user as like below: www.example.com/about.abc.xyz.smart.html www.example.com/about.smart.abc.html I tried with the below rule, but this redirects to 404 only for 1) and not for 2) RewriteCond %{REQUEST_URI} !^(.*)(-)\.html$ RewriteRule (.*)\.(.*).smart.html$ - [R=404,L] Any pointers on this would be of great help.

    Read the article

  • Using Chinese Characters With Mod_Rewrite

    - by Moak
    I'm trying to create a rule using Chinese characters #RewriteRule ^zh(.*) /???$1 [L,R=301] creates error 500 when i change the file to UTF-8 #RewriteRule ^zh(.*) /%E4%B8%AD%E6%96%87%E7%89%88$1 [L,R=301] redirects to /%25E4%25B8%25AD%25E6%2596%2587%25E7%2589%2588 (basically replacing % with %25) Anybody familiar with this problem?

    Read the article

  • Apache Forbidden: httpd.conf or File Permissions

    - by Alan Storm
    When setting up an Apache virtual host, I'll occasionally get the following error when attempting to access the site. Forbidden You don't have permission to access / on this server. Is there any method to (or tool that will) tell me why Apache is denying access? (local rule in httpd.conf, file permissions, etc. I'm not looking for help with a specific configuration, instead I'm looking for a way to have the computer tell me what's wrong with my system and/or configuration.

    Read the article

  • 301 Htaccess Redirect

    - by Mike Ei
    Need help with an 301 htaccess redirect cond and rule doing the following for all the files in these paths: www.name.com/wordA/wordB/* to www.name.com/new_word/wordA/wordB/* we are basically adding "new_word" to the new url string.

    Read the article

  • ftp 7.5 windows server 2008 I can not upload files

    - by rtwPhoenix
    I am using FTP 7.5 created virtual directory, gave user write permission under FTP for that directory. User logs in fine see everything however user can not upload any files. Keeps saying user does not have permission but they do in FTP. I have tried everything I know inclduing giving user permission on the directory itself. ISA 2006 in front of server I unchekced the READ box so I think that is OK (Publishing Rule) ANY HELP WOULD BE APPRECIATED. RTW

    Read the article

  • How to unblock outgoing HTTP and HTTPS traffic in iptables?

    - by EApubs
    With the following iptable rules, I was unable to do an apt update and ping a website. Whats wrong with the rules? How to fix it? What is the exact rule to fix it? Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:325 DROP all -- anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination

    Read the article

  • Exim backscatter

    - by asrijaal
    One of my relays has been listed on backscatter.org, now I'm trying to configure our existing config only to send bounces to local users only. Does anyone knows how I deal with this issue? I've added following rule in my acl_check_rcpt deny senders = : dnslists = ips.backscatterer.org log_message = $sender_host_address listed at $dnslist_domain message = Backscatter: $dnslist_text Would this be enough not get listed again?

    Read the article

  • Remapping Linux serial port device names

    - by davefiddes
    I have a server running Debian Linux which has a built in serial port which is coming up as ttyS0. I have a plug in PCI card with two serial ports that are being registered with Linux as ttyS2 and ttyS3. Unfortunately I am trying to run some software which assumes that ttyS0 and ttyS1 are available. Is it possible to remap the serial port device names (using a udev rule?) such that ttyS0 remains as it is and ttyS2 becomes ttyS1?

    Read the article

  • how to block https sites on netgear router?

    - by Karthick88it
    I am using NETGEAR Wireless-N-300 Router Model among couple of peoples to sahre internet connectivity. I have a problem, on my company i blocked facebook.com, but the users are access on protocol https, i blocked some ip´s of facebook but they haves a lot ip, please, how to block facebook on https protocol...?? Can anybody help me for creating the block HTTPS traffic rule. Like I need to block: https://www.facebook.com/ many thanks Karthick

    Read the article

< Previous Page | 111 112 113 114 115 116 117 118 119 120 121 122  | Next Page >