Search Results

Search found 4786 results on 192 pages for 'traffic shaping'.

Page 122/192 | < Previous Page | 118 119 120 121 122 123 124 125 126 127 128 129 | Next Page >

VPN Split Tunneling - Pros and Cons and how to achieve?

- by Theveloper

Well this is the dilemma, I want remote clients to connect to my network and only route local access through the VPN. This is split tunneling, the client uses its internet connection for all other internet requests and the VPN tunnel to my network for local requests. There's a couple of issues that arise: split tunneling in Windows is achieved by unticking an option which reads "Use default gateway on remote network" in the TCP/IP settings of the client VPN connection. At any point the user can tick it and route all his internet traffic through my network eating away at my bandwidth and being cloaked by my IP address. This is unacceptable. Issue number 2 is that if the client is split tunneling, he becomes a gateway between the internet and my network, this is also unacceptable. My questions are: how does one achieve split tunneling serverside? And is the latter issue a valid con worthy of worry? Any thoughts would be appreciated!

Read the article
EC2 custom topology

- by Methos

Is there any way to create a desired topology of EC2 instances? For example, can I create a 3 node topology of nodes A, B, C where C gets the public IP address and B and A are connected to it. Something like: Internet <-- C <-- B <-- A B and A only get private IP addresses and there is no way for the traffic to reach A before hitting B and C. This means I can install whatever I want to install on C and B to filter, cache etc. I'm going through EC2 documentation but so far I have not seen anything that talks about it. I will really appreciate if anyone knows how to do this on EC2

Read the article
Should I use an ssl terminator or just haproxy?

- by Justin Meltzer

I'm trying to figure out how to set up my architecture for a socket.io app that will require both https and wss connections. I've found many tutorials on the web suggesting that you use something like stud or stunnel in front of haproxy, which then routes your unencrypted traffic to your app. If I were to go this route, is it suggested that haproxy and the ssl terminator be on separate instances, or is it fine if they are on the same EC2 server instance? If I do not want to use a separate ssl terminator, could I use haproxy to terminate the ssl? Or instead would it be possible to proxy these https and wss connections to my application and have the node app terminate the ssl itself?

Read the article
Cookies blocked by router?

- by Martin wiboe

Hello, My friend has a D-Link DI-524 router that she uses for her home broadband. It's a pretty vanilla setup with the standard firewall settings, DHCP enabled etc. However, recently she has experienced something strange - cookies are not working on every computer on her LAN, whether using FF3.5 or IE8. I tried viewing the HTTP traffic using Fiddler2, and the requests come through fine (mind you, Internet browsing still works flawlessly) but whenever a website tries to set a cookie using the "Set-Cookie:" header, my computer sees that line as "Set-*ookie:" with the cookie contents removed. I have never seen anything like this - do you have any idea? Regards, Martin

Read the article
Windows 2008 server hosting in Europe

- by Lasse P

Hi, I'm searching for a Windows 2008 server in Europe, preferably in Germany or UK or anything with good routing to Denmark (as its where the primary traffic will be generated from). The server will be used as web server (asp.net mvc, php), mail server and database server. We are running a few sites with around 200 concurrent users, which isn't much, but we intend to expand in the near future and the server should be easy to scale in form of adding more RAM and HDD space - if its possible. I think a virtual server may be the best choice - hyper-v or virtuozzo? - considering cost vs specs - but i'm open to suggestions. The max budget is in the range of $1000-1200/year. You guys have any suggestions? Let me know if you need further info.

Read the article
Socksify TCP connections reaching a gateway IP -- preferably without iptables

- by Alexandra Neagu

I have Virtualbox installed on Debian with a few virtual machines. I can't install anything in the guests, and I use host only networking, vboxnet0. The host IP in the host network is 192.168.56.1, and the guests have static IPs in 192.168.56.0/24. I access Internet with a SOCKS proxy (without authentication) and I would like the Virtualbox guests TCP connections to be sent through the SOCKS proxy. This would also be useful for socksifying external TCP reaching a gateway network card or wireless access point. I looked at transocks, tun2socks, with dante-client, etc., but I don't know how can I achieve this without enabling IP forwarding in the host and using iptables. Maybe to attach somehow the Virtualbox vboxnet0 network to the tunnel tun0 used by tun2socks? Or maybe there is a way to do NAT to tun0 in Virtualbox? I only need TCP traffic and I don't need UDP, not even for DNS.

Read the article
Can I use a Mac Mini as a web server and database server? What are the pros and cons?

- by Christopher Altman

We are a bootstrapped web start up. We have a LAMP web application that we expect relatively low to mid traffic because users need an account to log in. Our current approach is to colocate two servers, a web and mysql database server. We are planning to use Ubuntu Server 9.04. We have shopped around for dedicated servers but the price range from $900 to $1500 per month, therefore we are exploring the colocation approach. We are considering purchasing two Mac Minis (2.0GHz Intel Core 2 Duo 2 Gb RAM) because we are familiar with the machines are the prices are relatively inexpensive. What are the pros and cons of using these 'non-server' grade machines? We would install Ubuntu Sever and attach firewire external hard drives. Any advice on how to set up 'good-and-economic' web/database servers is welcomed.

Read the article
www a-record vs cname-record

- by Sorin Buturugeanu

Hi! I have a website that I will be hosting DNS for (testing purposes at first and then it will have some limited traffic). I have set up DNS so that site.tld has an A record to the actual IP but I don't know what to do about www.site.tld. Both site.tld and www.site.tld will point to the same server / application so my logic tells me to add a cname record so that www.site.tld becomes an alias for site.tld, BUT, I've been checking my settings with intodns.com and if I only add a CNAME for the www.site.tld it gives me the following error: ERROR: I could not get any A records for www.cexa.ro! (the error clears once I do an A record for www.site.tld to point to the actual IP) I don't know if there is a "rule" that "www." should always be an A record even though it's actually pointing to the same IP / application. Thanks for helping me understand this!

Read the article
Security log overflowing with filtering blocks

- by Jacob

I have a Windows 7 workstation whose security log is overflowing with the following errors: Audit Failure 3/31/2010 2:00:50 PM Microsoft-Windows-Security-Auditing 5157 Filtering Platform Connection "The Windows Filtering Platform has blocked a connection." Audit Failure 3/31/2010 2:00:50 PM Microsoft-Windows-Security-Auditing 5152 Filtering Platform Packet Drop "The Windows Filtering Platform has blocked a packet." These are not unexpected events; the firewall is expected to drop unsolicited traffic. However, I can't figure out how to tell Windows to stop writing these events to the security log. I've seen this problem before and have been able to find an answer with the use of Google, but I wasn't able to locate on this this time. Thanks!

Read the article
Linux Transparent Bridge for Network

- by Blackninja543

I am attempting to set up a semi-transparent bridge. I say semi because I want it to act as a transparent tap for all traffic moving through both sides of the bridge. What I also want is to have the "green zone" accessible to a web interface for the bridge that will display all results of the IDS and other network monitoring tools. My example would be as such: eth0 <--> bridge(br0) <--> eth1 The entire network would be on the same subset however anything coming from eth0 to eth1 would be accepted. The only time anything would be drop is if the eth0 attempted to access br0. If someone attempts to access the web interface on br0 through eth1 it will succeed. My biggest problem I feel is if I attempt to block anything from eth0 to br0 this will drop the bridge all together.

Read the article
Firewall Authentication - logon failed

- by RoseofPurple

I am attempting to use a Watchguard firebox 550e with Fireware XTM 11 to authenticate incoming traffic for RDP access. I have configured the firewall to use my domain controller for Active directory authentication with a Windows 2000 server farm and added a couple of user accounts to the users list in the firewall, but when I attempt to log onto the authentication page for the firewall, I get Logon failed. I know that the user names work and that the passwords are correct. I am also certain that I have told it to log on using Active Directory instead of the FireboxDB. I have tried using the username alone, the domain\username, and the email address. I believe that the Search base is correct (DC=mydomainname,DC=com), and I did not change any defaults for sAMAccountName (and I do not recall making any changes to those items when configuring the domain structure). Any assistance would be appreciated.

Read the article
Hyper-V 2012 and VM web server http

- by Syrus

I have a a few windows 2008 R2 Datacenter machines and a few windows 2012 Datacenter machines. I was runnin RedHat 6.2 VM on 2008 and all my other servers could access it over http until I put a VM up on 2012. No mater what I have done, (turned off selinux, firewall, iptables), on both RedHat servers has allowed them to pass http traffic. They can ping each other and ssh to each other but not http. I tried turning off the windows firewalls to, but no joy. I then moved the RedHat VM to the 2012 server and now the two RedHat VM's can http to each other, but none of the other vm's on other 2012 and 2008 servers can communicate over http. Anyone have some insight?

Read the article
One domain hiding two servers

- by George DSeas

For our SaaS web-app we have two identical servers in two geographically separated data centers. FOO_1 is the production server and does real-time (MySQL master-slave) replication to its backup F00_2. We want our users to always go to THEFOO.COM which somehow points to the production server. So even if FOO_1 dies, we can just switch THEFOO.COM to redirect to FOO_2 so the failure is transparent. This switch can be manual or automatic but without failback (if FOO_1 somehow becomes available again). Is there a way to do this with DNS? I am getting stuck with ANAME and CNAMEs configuration. We don't use sub-domains, just straight domains. If not, what are other options? Does it make sense to just have a web server at LOVELY_FOO.COM and just redirect all traffic? I also looked at load balancers but didn't see a solution for across data centers/network providers.

Read the article
Huawei b260a gsm modem not forwarding gre for pptp tunnel

- by Priit

I have a huawei gsm modem that does not want to let gre through. The goal is to connect into a pptp server thats behind the huawei. In the modems port forwarding settings theres a ready made profile for pptp (1723). After activating that the MS pptp test tools show that connection is being initiated but no gre packets make it to the server. After taking a closer look into the modems iptables rules theres nothing in there about gre. So I tried making gre rules manualy into forward and preroute chains without any success what so ever. As far as I can tell theres no ip_gre module present on the device is that needed for gre forwarding? Thats what I'm afraid of that it doesn't support gre in NAT but how would I turn it into a bridge? The wan interface is ppp0 so bridging it with eth0 would not work right? Is there some iptables rule I could use to make the modem let all the traffic just straight through?

Read the article
Blocking internet poker applications

- by Matthew Savage

I 'look after' the wireless internet for a cafe where I live, and we've noticed that there's quite a substantial slow down of internet speeds when certain users are playing internet poker. I've put in filters to block any HTTP traffic referencing gambling and poker etc, however I want to be able to block any applications (i.e. poker clients) which don't use HTTP. I've tried searching around for a list of poker clients and perhaps their ports, but have had no real luck. Does anyone know what these might be?

Read the article
Detecting man-in-the-middle attacks?

- by Ilari Kajaste

There seem to be many possible ways to create man-in-the-middle attacks on public access points, by stealing the access point's local IP address with ARP spoofing. The possible attacks range from forging password request fields, to changing HTTPS connections to HTTP, and even the recently discovered possibilit of injecting malicious headers in the beginning of secure TLS connections. However, it seems to be claimed that these attacks are not very common. It would be interesting to see for myself. What ways are there to detect if such an attack is being attempted by someone on the network? I guess getting served a plain HTTP login page would be an obvious clue, and of course you could run Wireshark and keep reading all the interesting ARP traffic... But an automated solution would be a tiny bit more handy. Something that analyzes stuff on the background and alerts if an attack is detected on the network. It would be interesting to see for myself if these attack are actually going on somewhere.

Read the article
amazon ec2 pricing

- by Pradyut Bhattacharya

I m really confused. I was trying to buy hosting at amazon ec2. My site will not be having much of a traffic and i will be installing glassfish and mysql. Usage will be 1gb of ram and around less than 5gb of hardisk and same bandwidth. As mine is a startup, the number of hits per day would be less than 20hits per day, each hit having around 10mins time. How should i calculate the price on the ec2 calculator. Thanks

Read the article
Connect iPad to windows 7 VPN

- by Linuz

My iPad keeps spitting out the error: "A connection could not be established to the PPP server." I am trying to connect it to a VPN I set up with Windows 7 as an incoming connection. On the iPad, I went into the VPN settings, added a new PPTP VPN with the following information Server: Windows 7 Computer's IP RSA SecurID: OFF Account: Account Username Password: Account Password Encryption Level: Auto Send All Traffic: ON Proxy: Off Now I know that it is making some connection to the Windows 7 Computer because whenever I intentionally put in the wrong VPN password on the iPad, it makes me put in the correct one before trying to connect again. All the ports are forwarded on my router for PPTP, and my Windows 7 Firewall is even off to try to get this to work. Any help would be greatly appreciated, thanks.

Read the article
Forcing logon to Air Watch server upon joining wifi

- by DKNUCKLES

I'm setting up a wireless controller that I would like to leave as unsecured. When a user connects to this network they need to be forwarded to a specific page where they can authenticate with the Air Watch system they have in place. Once authentication takes place, a profile will be downloaded to their device and we can administer the devices accordingly. I'm mulling over how I can force the page to the user when they log in. The methodology I'm thinking about working with is creating a NAT rule for that VSC that would forward all port 80 and 443 traffic to the airwatch server. Once they authenticate, a profile will be downloaded which will connect the devices to an Virtual Access Point who's SSID isn't broadcasted. Is this methodology correct or can someone think of an easier / more efficient way of accomplishing this? The controller is an HP MSM720 for what it's worth.

Read the article
Changing the mac address in a libvirt xml config file breaks network connectivity for the guest

- by foob

I'm using Xen with libvirt and trying to set it up on a bridged interface. I am able to install an OS and everything works as I would expect. If I save the xml output from "virsh dumpxml guest", edit the mac address for the interface, and then define the domU with this new xml file I find that traffic is no longer forwarded from the vif0.0 interface to br0. The ifcfg-eth0 file on the guest was automatically updated to reflect the new mac address and the ifconfig output looks the same. Does anyone know why this is happening or how to properly change the mac address for a libvirt configuration?

Read the article
How is virtual machine port opening works

- by Xianlin

I have a question regarding VM port. Say I have a Virtual Machine and a Host Machine. The opening ports on Host are 80, 22, 443 only. if I opened ports 80, 22, 443 VM it should be working. However if I opened port 21 on VM, will it work? If it works, does it mean the port 21 on Host is opened also? My understanding is that the network traffic goes from VM's virtual network adapter to Host's physical network adapter. So the ports on these 2 network adapters should match. Am I correct to say this?

Read the article
Bridging VirtualBox over OpenVPN TAC adapter on Windows

- by Sean Edwards

I'm trying to configure a virtual machine (VirtualBox guest running Backtrack 4) with a bridged adapter over a VPN connection. The VPN is is hosted by the cybersecurity club at my university, and connects to a sandboxed LAN designed for penetration testing against various servers that the club has built. My host (Windows 7 Ultimate) connects to the VPN fine and is assigned an IP through DHCP, but for some reason the VM can't do the same thing, and I'm not sure why. It's like OpenVPN is filtering out packets from the MAC address it doesn't recognize. I want the virtual machine to bridge over the VPN connection, because our IT office has very strict policies about what you can and can't do on the network. I want to be able to run active attacks (ARP spoofing, nmap, Nessus scans) in the sandbox environment without risking the traffic accidentally going over the university network and getting my internet access revoked. Bridging over the VPN connection and running all attacks from inside the VM would solve that problem. Any idea why the host can use this interface, but the VM can't?

Read the article
How to grow from single server setup

- by Jenkz

I'm looking for resources on how to grow our server setup. We currently have one dedicated server with Rackspace in the UK of the following spec: HPDL385_G2_PrevGen HP Single Dual Core Opteron 2214 (2.2Ghz) 4GB RAM 2x 10,000 SCSI Drives in RAID 1 Our traffic is up to 550,000 UVs per month. The site runs off a PHP and MySQL setup. The database gets an absolute hammering, we have many complex queries joining multilpe tables. We are using APC for PHP caching. I'm getting to the stage where I've done as much DB and query optimisation as I can and wonder what the next step should be...... I've looked at memcache, but I've got the impression that his requires a large amount of RAM and ideally a dedicated box.... So is the next step to have two boxes; one for database, one for Apache? Or is there a step I've overlooked. Our load is usually around the 2 mark, but right now it's up at 20!

Read the article
How to grow from single server setup

- by Jenkz

I'm looking for resources on how to grow our server setup. We currently have one dedicated server with Rackspace in the UK of the following spec: HPDL385_G2_PrevGen HP Single Dual Core Opteron 2214 (2.2Ghz) 4GB RAM 2x 10,000 SCSI Drives in RAID 1 Our traffic is up to 550,000 UVs per month. The site runs off a PHP and MySQL setup. The database gets an absolute hammering, we have many complex queries joining multilpe tables. We are using APC for PHP caching. I'm getting to the stage where I've done as much DB and query optimisation as I can and wonder what the next step should be...... I've looked at memcache, but I've got the impression that his requires a large amount of RAM and ideally a dedicated box.... So is the next step to have two boxes; one for database, one for Apache? Or is there a step I've overlooked. Our load is usually around the 2 mark, but right now it's up at 20!

Read the article
How well will ntpd work when the latency is highly variable?

- by JP Anderson

I have an application where we are using some non-standard networking equipment (cannot be changed) that goes into a dormant state between traffic bursts. The network latency is very high for the first packet since it's essentially waking the system, waiting for it to reconnect, and then making the first round-trip. Subsequent messages (provided they are within the next minute or so) are much faster, but still highly-latent. A typical set of pings will look like 2500ms, 900ms, 880ms, 885ms, 900ms, 890ms, etc. Given that NTP uses several round trips before computing the offset, how well can I expect ntpd to work over this kind of link? Will the initially slow first round trip be ignored based on the much different (and faster) following messages to/from the ntp server? Thanks and Regards.

Read the article

< Previous Page | 118 119 120 121 122 123 124 125 126 127 128 129 | Next Page >