Search Results

Search found 10501 results on 421 pages for 'hardware firewall'.

Page 127/421 | < Previous Page | 123 124 125 126 127 128 129 130 131 132 133 134  | Next Page >

• Routing multiple static IPs from ISP at the cable modem?

  - by Jakobud

  I'm taking over IT responsibilities for a previous IT guy. We have a 50mb cable modem connection from Comcast along with 5 static IP addresses: XXX.XXX.XXX.180 XXX.XXX.XXX.181 XXX.XXX.XXX.182 XXX.XXX.XXX.183 XXX.XXX.XXX.184 We are in the process of replacing our firewall machine. Currently the firewall box is the only thing connected to the cable modem. However the cable modem has multiple ethernet ports on it, similarly to a router. I have assembled a new firewall machine and its time to start testing and configuring it. So that means that I also need it plugged into the cable modem (remember it has multiple ethernet ports on it). So now with multiple computer plugged into the cable modem, how does the cable modem know where to route the traffic? If some request on the internet is made to XXX.XXX.XXX.181, which goes to our cable modem, how does the cable modem know which connected computer that traffic is supposed to be sent? Looking at the web interface for the cable modem, there doesn't seem to be anything special setup on it with regards to routing or NATing IP addresses. Is that because when there is only one computer connected to the modem, all traffic is sent to it by default? Now that I am going to (temporarily) have multiple computers plugged into the cable modem, do I need to specify routing or NAT rules on the modem itself? I am going to speak to Comcast about this next, but I figured I'd ask here first just so I can get a better grasp on how this type of thing generally plays out.

  Read the article

• ScreenOS MIP selection for outbound connections

  - by David Mackintosh

  Given a ScreenOS 6.3.0 firewall with this configuration: unset flow reverse-route clear-text set interface "ethernet0/0" zone "Trust" set interface ethernet0/0 ip 192.168.1.1/24 set interface ethernet0/2 ip 10.0.0.1/24 set interface ethernet0/2 mip 10.9.9.10 host 192.168.1.10 netmask 255.255.255.255 vr trust-vr set interface ethernet0/2 mip 10.8.8.10 host 192.168.1.10 netmask 255.255.255.255 vr trust-vr set route 0.0.0.0/0 interface ethernet0/2 gateway 10.0.0.254 ... (and assuming appropriate policies) is there a way to control which MIP the firewall selects for outbound connections initiated by 192.168.1.10? (presumably because I want the upstream 10.0.0.254 to do different things with the packet depending on what its source IP is). Update: OK, my scenario is this: I have two ISP uplinks, each giving me a different IP space. Each ISP will only route the IP space they have assigned me. So in order for the server to be reachable by both ISPs, I need two MIPs for the same server, one on each interface. Inbound traffic will work fine with the 'unset flow reverse-route clear-text' option in use. But for outbound (think an email server sending a message) I need a way to select an appropriate MIP depending on which outbound link I want the system to use, and I want this to be resiliant so that if the link the firewall prefers goes down overnight I don't have to manually flip something to keep the mail flowing. Basically I'm trying to avoid having to buy a link-balancer appliance (or two since I'll need a cluster). Is there a way to do this?

  Read the article

• Windows update stuck. Fixt it stuck. So is KB947821. What should I do?

  - by Jim Thio

  I installed a new computer. After I installed I update everything and let the computer runs for days. Then I don't know what my daughter do. The computer stop responding. Windows update no longer work. People said to run fix it. Fix it run and after that the problem still persist and it still doesn't work. The problem changes though. Before there is some error code. Now windows update simply "updating" never end. So I downloaded KB947821. It's been 3 hour and it's still installing. Looks like it hit firewall or something. i don't see windows update on firewall exception list. However, I've never heard that this is an issue. Firewall only protect against incoming transaction, not outgoing right? Or what am I missing. What should I do?

  Read the article

• Unable to access stackexchange sites from this system

  - by Sandeepan Nath

  Earlier, I was not able to access most of the stackexchange sites like stackoverflow, programmers.SE etc. on my home Windows XP system. I was able to access only a few like http://meta.stackexchange.com and not even http://www.meta.stackexchange.com (note the www). I tried many other sites like http://www.stackoverflow.com, http://area51.stackexchange.com/ but was getting page not found errors on all browsers. Even pinging from terminal was saying destination host unreachable. I did not check recently but may be all SE sites are unreachable now. I was clueless about what could be the issue. I thought some firewall issue? So, I stopped AVG antivirus's firewall, then completely uninstalled it and even turned of windows firewall. But still not reachable even after fresh installation of Windows 7. Then I noticed a "Too many requests" notice on google. This page - http://www.google.co.in/sorry/?continue=http://www.google.co.in/# I don't know why this appeared but I guess somehow too many requests might have been sent to these sites and they blocked me. But in that case, SE would be smart enough to show a captcha like google. So, how to confirm the problem and fix it. Similar questions like these don't look solved yet - Unable to access certain websites Unable to Access Certain Websites I have lately started actively participating in lots of SE sites. There are new new questions popping up in my mind every time and I am not able to ask them. Please help! Thanks

  Read the article

• Firebird database corruption causes

  - by Rytis

  I am running several different Firebird versions (2.0, 2.1) on multiple entry level Windows-based servers with wildly varying hardware. The only matching thing between them is that they are running same home built application with the same database structure. Lately I've been seeing massive slowdowns on multiple servers. Turns out that database gets corrupted, so each time it breaks, I get to mend, backup and restore the database, and it all is fine for some time (1-2 weeks), and then it repeats once again. Thankfully, I haven't seen any data loss or damage... yet. The thing is that every such downtime results in lost productivity, and often quite some driving for me as some of the databases are in remote locations. I've been trying to find out what's causing the corruption, but I haven't been able to. The fact that it's running on different hardware hints that it should not be a hardware based problem. If we rule out hardware issues, I have a bad feeling that it's a bug in Firebird as I'm not doing anything fancy via SQL. Do you have any idea how to find out exactly what's causing the corruption and hopefully fix the problem?

  Read the article

• Providing access to a Samba server for VPN clients

  - by Kamil Kisiel

  We have some Windows users that connect to our network via VPN from home. They need to be able to connect to our Samba server and access a mapped network drive just as they do as when they are on our LAN. The complication is that VPN clients are placed on a subnet other than our office LAN, and behind a firewall. What's the easiest way for me to allow them to still connect to the network share? The solutions I've currently seen involve setting up a WINS server for name resolution purposes and then tunnelling a bunch of the NetBIOS stuff through the firewall. However that means I'd have to set up the VPN DHCP server to hand out the WINS address, something I'm not even sure is possible on the Cisco hardware we have. I'm thinking there must be an easier way. Should I use an LMHOSTS file? Or just map by IP address? Also, I'm not terribly familiar with Windows networking, so which ports would I need to pass through my firewall in order to get the file sharing through?

  Read the article

• Hyper-V 2008 R2 synthetic networking stops working with linux 2.6.32.15

  - by luxifer

  Hi there, so I thought I'd give Hyper-V on Windows Server 2008 R2 Enterprise a try on my Homeserver (yes, it's legit... got it from msdnaa). First thing to throw at it was my firewall which runs IPFire. This distribution currently uses the kernel version 2.6.32.15 and comes with the Hyper-V drivers. So I enabled them and at first they work just fine but after a few minutes they just fail. There are no packages going in or out anymore until I reboot the VM but sometimes even that won't work so the VM just keeps "Stopping" like forever. Emulated networking works fine but it slow and uses more CPU. That way my firewall routes slower than when running under virtualbox on an atom N270. My server has an E6750; VM is limited to 25%, but that should still outperform this atom CPU especially since it's never going anywhere near 100% CPU load, so give me a break! A quick google search led me to people having the same problem (even with other distributions and kernel versions that include those drivers) but no solution yet... I already found this but I can't quite follow the author on the part where he solved the issue - especially since I need two virtual nics for my firewall distro to work (obviously one internal and one external) What am I missing here?

  Read the article

• OpenSwan (IPSEC) on Fedora 13 with Snow Leopard as a client

  - by sicn

  I recently installed OpenSwan on my Fedora 13 machine. I want to use it to connect with Mac OS X with L2TP over IPSEC, unfortunately I am already stuck on the IPSEC-negotation part. My server is running behind a NATted firewall so my external IP differs from the server's IP. The server has a fixed IP on the network and the same is almost always valid for the clients (they are usually behind a NATted firewall). I installed OpenSwan on Fedora 13 and have following configuration: config setup protostack=netkey nat_traversal=yes virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12 oe=off nhelpers=0 conn L2TP-PSK-NAT rightsubnet=vhost:%priv also=L2TP-PSK-noNAT conn L2TP-PSK-noNAT authby=secret pfs=no auto=add keyingtries=3 rekey=no ikelifetime=8h keylife=1h type=transport left=my.servers.external.ip leftprotoport=17/1701 right=%any rightprotoport=17/0 IPSEC starts fine and listens to UDP 500 and 4500. These two ports are opened in the firewall and are forwarded fine to the server. In my /etc/ipsec.secrets file I have my.servers.external.ip %any: "LongAndDifficultPassword" And finally in my sysctl.conf (the redirect-entries are there because OpenSwan was strongly protesting about send/accept_redirects being active) I have net.ipv4.ip_forward = 1 net.ipv4.conf.all.send_redirects = 0 net.ipv4.conf.all.accept_redirects = 0 Running "ipsec verify" gives me "all greens" (except Opportunistic Encryption Support, which is DISABLED), however, when trying to connect my Mac gives me following in the logs: Nov 1 19:30:28 macbook pppd[4904]: pppd 2.4.2 (Apple version 412.3) started by user, uid 1011 Nov 1 19:30:28 macbook pppd[4904]: L2TP connecting to server 'my.servers.ip.address' (my.servers.ip.address)... Nov 1 19:30:28 macbook pppd[4904]: IPSec connection started Nov 1 19:30:28 macbook racoon[4905]: Connecting. Nov 1 19:30:28 macbook racoon[4905]: IKE Packet: transmit success. (Initiator, Main-Mode message 1). Nov 1 19:30:31 macbook racoon[4905]: IKE Packet: transmit success. (Phase1 Retransmit). Nov 1 19:30:38: --- last message repeated 2 times --- Nov 1 19:30:38 macbook pppd[4904]: IPSec connection failed Any ideas at all?

  Read the article

• Wireless Activity Monitoring for PCI DSS Compliance

  - by dkusleika

  In an effort to be PCI DSS compliant, I took a trustkeeper.net questionnaire. I failed the question that asks Is the presence of wireless access points tested for by using a wireless analyzer at least quarterly or by deploying a wireless IDS/IPS to identify all wireless devices in use? (SAQ #11.1) My only wireless access point is outside my firewall, so even if you cracked my wireless you couldn't get inside my domain (unless you crack that too). My firewall doesn't have IPS and I couldn't tell if it had IDS. I looked around for a wireless analyzer, but what I found was $500, which is a little pricey for my size business. And even if I got it, I'm not sure I would understand what it tells me. Surely there are smaller/less sophisticated businesses that take credit cards and have solved this. My questions are: What are the risks if someone were to crack my wireless? (Could they read all internet traffic? Just wireless traffic? Just use my internet connection?) And what is the best/cheapest way to test my connection point quarterly? Should I buy the $500 analyzer? Domain is Windows Server 2000. Firewall is Sonicwall Pro 2040. Router is 8 port D-link.

  Read the article

• Cisco Catalyst 4500 Policy Based Routing

  - by Logan

  In order to test a new firewall I just set up I'm trying to implement policy based routing on our core switch. I want traffic from certain vlans to be routed to the new firewall while everything else continues being routed through the old firewall. I was trying to use this guide. Everything from that guide works fine except trying to run the "ip policy route-map" command in the interface configuration mode. IOS is telling me that such a command doesn't exist. A "show ip interface vlan" command says that policy routing is disabled. Any ideas? Output of "show ver": Cisco IOS Software, Catalyst 4500 L3 Switch Software (cat4500-IPBASEK9-M), Version 12.2(53)SG, RELEASE SOFTWARE (fc3) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2009 by Cisco Systems, Inc. Compiled Thu 16-Jul-09 19:49 by prod_rel_team Image text-base: 0x10000000, data-base: 0x11D1E3CC ROM: 12.2(31r)SG2 Dagobah Revision 226, Swamp Revision 34 RTTMCB2223-1 uptime is 3 years, 22 weeks, 2 days, 19 hours, 28 minutes Uptime for this control processor is 51 weeks, 2 days, 18 hours, 2 minutes System returned to ROM by power-on System restarted at 19:22:02 UTC Tue Jul 12 2011 System image file is "bootflash:cat4500-ipbasek9-mz.122-53.sg.bin" ... cisco WS-C4510R (MPC8245) processor (revision 4) with 524288K bytes of memory. Processor board ID FOX103703W3 MPC8245 CPU at 400Mhz, Supervisor V Last reset from PowerUp 42 Virtual Ethernet interfaces 244 Gigabit Ethernet interfaces 511K bytes of non-volatile configuration memory. Configuration register is 0x2

  Read the article

• I have added a port to the public zone in firewalld but still can't access the port

  - by mikemaccana

  I've been using iptables for a long time, but have never used firewalld until recently. I have enabled port 3000 TCP via firewalld with the following command: # firewall-cmd --zone=public --add-port=3000/tcp --permanent However I can't access the server on port 3000. From an external box: telnet 178.62.16.244 3000 Trying 178.62.16.244... telnet: connect to address 178.62.16.244: Connection refused There are no routing issues: I have a separate rule for a port forward from port 80 to port 8000 which works fine externally. My app is definitely listening on the port too: Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name tcp 0 0 0.0.0.0:3000 0.0.0.0:* LISTEN 99 36797 18662/node firewall-cmd doesn't seem to show the port either - see how ports is empty. You can see the forward rule I mentioned earlier. # firewall-cmd --list-all public (default, active) interfaces: eth0 sources: services: dhcpv6-client ssh ports: masquerade: no forward-ports: port=80:proto=tcp:toport=8000:toaddr= icmp-blocks: rich rules: However I can see the rule in the XML config file: # cat /etc/firewalld/zones/public.xml <?xml version="1.0" encoding="utf-8"?> <zone> <short>Public</short> <description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description> <service name="dhcpv6-client"/> <service name="ssh"/> <port protocol="tcp" port="3000"/> <forward-port to-port="8000" protocol="tcp" port="80"/> </zone> What else do I need to do to allow access to my app on port 3000? Also: is adding access via a port the correct thing to do? Or should I make a firewalld 'service' for my app instead?

  Read the article

• How to subnet hosted VMs

  - by bwizzy

  I have a network of VMs each having a LAN IP address and a public IP address. They each have a 1:1 NAT map for public access via the public IP for HTTP, SSH etc. I'm trying to figure out a way to restrict the LAN IPs from talking to each other, but there are some cases where a group of LAN IPs will need to communicate. I'm using pfSense as a firewall / router on a 192.168.0.0/24 configuration. It seems like I could assign each VM it's own subnet and add a static route to the firewall for that VM to get back to the firewall for internet access / other fw rules. Is that right? I assigned 1 VM with: address 192.168.1.2 netmask 255.255.255.254 gateway 192.168.1.1 Then added a static route on the FW's LAN interface using 192.168.1.0/30 as the destination network and 192.168.1.1 as the gateway. Nothing appears to be working, anyone have any ideas? Please be aware I'm not that familiar with subnets. Thanks!

  Read the article

• How can you connect to a SQL Server not on your domain?

  - by scotty2012

  I have a test machine that's not allowed on our domain because we are testing corporately unsupported applications (SQL 2008 and Server 2008). I want to use management studio to connect to the SQL2008 server but can't get it working. I have authentication set to mixed-mode, I've checked 'allow remote connections to this server', but when I try to access it, I get the error A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server) (Microsoft SQL Server, Error: 53) Since it says the provider is Named Pipes, I enabled Named Pipes on the server, but still no dice. I've tried connecting to the system name, the IP, the system name\instance and IP\instance, all to no avail. Is what I'm trying to do not possible? Edit: Well, through some basic troubleshooting, I've found that I can't ping the server from my client computer, but I can ping the client computer from the server? They are both plugged into the same switch, and are sitting next to each other. The windows firewall on the server is turned on, is there some specific settings I need to enable? DAH! So it was the firewall blocking me. How can I enable the firewall and still connect?

  Read the article

• Cannot find wireless driver for HP laptop

  - by rodey

  I have an HP laptop (model: dv7-1267cl, Windows 7 64-bit Home Premium) and I cannot find the wireless driver for the laptop. I am need of a different version because my wireless connection under Windows is flaky and unreliable. I have problems printing to my wireless printer and logging in to and using several sites like reddit.com, phoenix.edu and facebook.com - I get several "page cannot be displayed" messages while using my wireless connection. I disable my wireless adapter and use an ethernet cable and it all works fine. I also used an Ubuntu Live CD to confirm that there is not a problem with the hardware. This is software/driver issue. The drivers were auto installed by the OS. The Device Manager shows the wireless adapter as Atheros AR5009 802.11 a/g/n WiFi Adapter. I have checked the HP website for my laptop and they do not have wireless drivers listed for that model wireless adapter. I have also checked with atheros.com and I do not see my model adapter on their list of available hardware. Device Manager lists the Hardware ID's for my adapter as: PCI\VEN_168C&DEV_002A&SUBSYS_1381103C&REV_01 PCI\VEN_168C&DEV_002A&SUBSYS_1381103C PCI\VEN_168C&DEV_002A&CC_028000 PCI\VEN_168C&DEV_002A&CC_0280 A search for the first Hardware ID turned up this question from experts-exchange.com. tl;dr A driver does not exist for that model adapter.

  Read the article

• Completely remove and freshly install MySql on XP?

  - by Corey Ogburn

  I have read this question and have not found it as a solution and I have even attempted much more. I've uninstalled MySql 5.5.18 and deleted: C:\Program Files\MySql C:\Documents and Settings\All Users\Application Data\MySql After uninstalling, I restart the computer. When I reinstall, in the MySql Server Instance Configuration Wizard I leave everything to their defaults except: I add a firewall exception I check Launch MySQL Server Automatically I check Include BIN directory in windows path Enable root access from remote machines (I'll lock that down later, just debugging for now, I have also tried installing without this option to no avail) I've tried Typical and Complete while installing, as well as with and without strict mode. No combination shows a difference. After all this, it cannot Apply Security Settings and I get a 10061 error (it also said error number 2003) and this article didn't help. I've tried everything I can to completely uninstall and successfully reinstall so I can start from scratch. I've uninstalled and reinstalled about a dozen times with minor changes (including turning off the firewall at times), each time deleting the above folders and any proper registry entries with no success. Note by success, applying security settings and a working remote connection. I can connect locally every time, but it's remotely that counts. I have tried to look for exterior problems such as port forwarding in the router and (even though the installer should add it) I do double check the firewall settings, which have always allowed the default port. I'm out of ideas.

  Read the article

• Cannot find wireless driver for HP laptop

  - by rodey

  I have an HP laptop (model: dv7-1267cl, Windows 7 64-bit Home Premium) and I cannot find the wireless driver for the laptop. I am need of a different version because my wireless connection under Windows is flaky and unreliable. I have problems printing to my wireless printer and logging in to and using several sites like reddit.com, phoenix.edu and facebook.com - I get several "page cannot be displayed" messages while using my wireless connection. I disable my wireless adapter and use an ethernet cable and it all works fine. I also used an Ubuntu Live CD to confirm that there is not a problem with the hardware. This is software/driver issue. The drivers were auto installed by the OS. The Device Manager shows the wireless adapter as Atheros AR5009 802.11 a/g/n WiFi Adapter. I have checked the HP website for my laptop and they do not have wireless drivers listed for that model wireless adapter. I have also checked with atheros.com and I do not see my model adapter on their list of available hardware. Device Manager lists the Hardware ID's for my adapter as: PCI\VEN_168C&DEV_002A&SUBSYS_1381103C&REV_01 PCI\VEN_168C&DEV_002A&SUBSYS_1381103C PCI\VEN_168C&DEV_002A&CC_028000 PCI\VEN_168C&DEV_002A&CC_0280 A search for the first Hardware ID turned up this question from experts-exchange.com. tl;dr A driver does not exist for that model adapter.

  Read the article

• Relaying to tech "support" that computer is actually broken.

  - by Sion

  First some background: I have a Dell Inspiron 15R M050, it is still under the Dell limited warranty and the Best Buy Extended warranty. I am currently dual booting Debian Squeeze and Windows 7, the only reason I go into Windows is to play video games specifically steam games. Issue: When I play my games in Windows I am capable of playing for anywhere from 5 minutes to 2 hours before I suffer a hard-lock. I cannot alt-tab, ctrl-alt-delete, ctrl-shift-escape do anything for 2-3 minutes. After this hard-lock period everything runs fine, I can continue the game for probably another hour at least before I suffer another lock. Games: Borderlands, Splinter Cell: Chaos Theory, Starcraft 2, Garrys Mod What I have tried: Running the diagnostic suite in the dell bios, restoring the OEM Windows recovery partition on the HD, fresh installing Windows 7 Professional, updating BIOS, Calling tech support and having them run a software Hardware Diagnostics suite. The question: I think from the research that I have performed that it might be a lack of thermal paste on the CPU, would I be able to go to Best Buy and have them do a hardware diagnostic from the hardware level then have them be able to tell Dell that there is a hardware issue? Or would there be a different problem?

  Read the article

• VLAN for WiFi traffic separation (new to VLANing)

  - by Philip

  I run a school network with switches in different departments. All is routed through to a central switch to access the servers. I would like to install WiFi access points in the different departments and have this routed through the firewall (an Untangle box that can captive-portal the traffic, to provide authentication) before it gets onto the LAN or to the Internet. I know that the ports that the APs connect to on the relevant switches need to be set to a different VLAN. My question is how do I configure these ports. Which are tagged? Which are untagged? I obviously don't want to interrupt normal network traffic. Am I correct in saying: The majority of the ports should be UNTAGGED VLAN 1? Those that have WiFi APs attached should be UNTAGGED VLAN 2 (only) The uplinks to the central switch should be TAGGED VLAN 1 and TAGGED VLAN 2 The central switch's incoming ports from the outlying switches should also be TAGGED VLAN 1 and TAGGED VLAN 2 There will be two links to the firewall (each on its own NIC), one UNTAGGED VLAN 1 (for normal internet access traffic) and one UNTAGGED VLAN 2 (for captive portal authentication). This does mean that all wireless traffic will be routed over a single NIC which will also up the workload for the firewall. At this stage, I'm not concerned about that load.

  Read the article

• How to Deploy an ASP.NET Web API- and Browser-based Application to a Production Environment [closed]

  - by lmttag

  Possible Duplicate: How to Deploy an ASP.NET Web API- and Browser-based Application to a Production Environment We have an ASP.NET Web API server that serves up a SQL Server data driven website. The API uses JSON to transfer data from SQL Server to the front end. We need to move it to an internal production environment (nothing will be exposed on the public Internet) and we’re having problems - or just not understanding what needs to be done. There are two domains: The corporate domain - where all users login normally. The process domain - contains the database the Web API needs to access. The IT staff wants to put a DMZ between the two domains to house the IIS app and shield the users on the corporate domain from having access into the process domain directly. The ideal configuration is: corp domain (end users) <–> firewall (open port 80) <–> DMZ (web server running IIS) <–> firewall (open port 80 or 1433????) <–> process domain (IIS for Web API and SQL Server) We don’t really understand how to deploy our browser/Web API application in this scenario. Do we need to break up our application so that all the client code is on the IIS server in the DMZ, while the Web API gets installed on the server in the process domain? Does the entire app (client code and Web API) stay together on the IIS server in the DMZ, which then somehow accesses the SQL Server instance to get data? From the IIS server and app in the DMZ, would you simply access the Web API on the server in the process domain by going to http://server/appname/api/getitmes? In the second firewall between the DMZ and the process domain, would you have to open port 1433 or just port 80 since the Web API is a HTTP endpoint? Or, is there some better way of deployment (i.e., how ASP.NET Web API single page applications written all in HTML5 and JavaScript supposed to be deployed to production environments?)? NB: The servers are Win2k8 R2, SQL Server 2k8 R2, and IIS 7.5.

  Read the article

• Intermittently uncommunicative subnets

  - by mhd

  Last week proved me a veritable Cassandra: I've always said that it's a bad idea to have only one firewall/router, without a backup or failover. And thus our Cisco PIX went haywire, refusing to route properly. And of course, the only one available here on short notice is me, and while I'm quite grounded in Linux, I'm really a developer not a sysadmin (the fact that this hit me on sysadmin appreciation day is a bit ironic). Anyway, this weekend I tried to hack up a temporary solution: I used an old server with enough NICs (two built-in, four on a card) to serve as a gateway and firewall. Due to some problems with the raid controller, I got only two router distros running, and between Untangle and Ebox I decided for the latter. Now everything is quite okay. I've got all the different subnets we've got here (all with separate switches) talking to each other and even to the internet (Cisco 2800 router, T1 lines). But from time to time (20-60 minute intervals), I get a total routing failure. Our main, office subnet can't talk to our server subnet and can't connect to the internet. This is not the end of a gradual slowdown, either everything's working perfectly or I get a total lack of communication for about two minutes each time. Now I'm a bit at wits end what to check. At least with the default EBox setup, nothing in /var/log shows anything weird and it doesn't exactly have lots of built-in monitoring tools. So I'm hoping someone here could give me some pointers about what to look out for. I did change the ethernet cable from the office switch to the firewall, with no results. I might change switches, although within the switch it seems to work ok enough. Edit: I'm not sure whether this is the sole cause of the problem, but after I noticed a few DHCP entries just before the last drop of connectivity, I tried to reproduce that. And alas, whenever I renew a DHCP connection, I can't access other subnets anymore. Running ISC DHCPD 3.0.6.

  Read the article

• connecting to server with multiple nics in other vlan

  - by Thierry

  I have a windows 2003 server with 3 nics on 3 vlan's (this is in domain 1). nic 1 has a default gateway to my router/firewall (sonicwall). In nic 2 and 3 I have left it empty, because it is advised like that everywhere. Within this domain and VLAN's 1-3 everything works fine. BUT... I have a second domain (domain 2) with a 4th Vlan (all 4 VLAN's connected to the same router/firewall) from which my clients need to access the 2003 server in domain 1 (it's my antivirus management console for both domains). when i ping the server from my vlan4 by it's FQDN, it randomly chooses ip from nic 1, 2 or 3 from my 2003 server. (logically because that server is know in DNS with it's 3 IP-addresses. And that is needed for my VLAN's 1-3) I don't really have a problem with that. BUT, I only get an answer of NIC1 (which sounds logically to me, because it's the only one with a gateway). It is not a router problem, because I'm testing in this phase and ping from vlan4 to any machine in vlan1, 2 or 3 that has 1 nic works just fine. If i add a gateway to nic2 and nic3, I get answer from all 3 nics and this works fine. But I know it's adviced to not do that. Can anyone give me advice in this particular case? Would it really be a problem to add a gateway to nic 2 and 3? They would be pointing to the same router/firewall (only with different ip-address, based on the vlan). Or is there another good solution to fix this problem? Thank's in advance, Thierry.

  Read the article

• Am I able to forward traffic from an external subdomain to a specific local host?

  - by George Bowman

  I apologise in advance if the question doesn't make sense, please let me know. I've got a small LAN (~10 Virtual Servers) using Win Server 2008 as a DNS server. This is behind a smoothwall express 3.0 firewall with ports forwarded for specific services. I have a domain (123-reg) with the NS's that of afraid.org (DynamicDNS) and subdomains pointed to my (Dynamic) IP address e.g. subdomain1.example.com - 123.456.789.101. I think that adequately explains my set up. My question is, am I able to have subdomains e.g. subdomain1.example.com only point to a specific local host? Like so: subdomain1.example.com:80 - firewall(external facing) - server1.example.com:80 subdomain2.example.com:80 - firewall(external facing) - server2.example.com:80 I don't actually necessarily want to use port 80, otherwise I would just use VirtualHosts on apache, it is just an example port. Currently I can use either subdomain1.example.com OR subdomain2.example.com and they will both point to server1.example.com:80 I do not have to stay using Win Server 2008 for DNS, I am more than happy to move over to BIND if needs be, it was just easier to use Win Server 2008's DNS. I do not know if this is even possible, I have a feeling it isn't as I've only got one external IP address but any information is useful!

  Read the article

• Advertise a subnet route with radvd

  - by Thomas Berger

  we have set up a small IPv6 Testing network. The setup looks like this: ::/0 +----------+ | Firewall | Router to the public net +----------+ | 2001:...::/106 | +----------+ +-------| SIT GW | sit Tunnel gatway to the some test users | +----------+ | +----------+ | Test Sys | Testsystem +----------+ The idea is to advertise the default route from the firewall and the route for the SIT subnets from the sit gateway. The configurations for radvd are: # Firewall interface eth0 { AdvSendAdvert on; route ::/0 { }; }; # SIT Gatway interface eth0 { AdvSendAdvert on; route 2001:...::/106 { }; }; We have captured the adv. packages with tcpdump and the packages looks good. We see a default route from the fw, and the subnet route from the SIT gatway. But if we look on the testsystem there are two default routes over both gateways. There is no subnet route. The routing does not work of course. Here the routes we get: 2001:.....::/64 dev eth0 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 4294967295 fe80::/64 dev eth0 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 4294967295 default via fe80::baac:6fff:fe8e:XXXX dev eth0 proto kernel metric 1024 expires 0sec mtu 1500 advmss 1440 hoplimit 64 default via fe80::e415:aeff:fe12:XXXX dev eth0 proto kernel metric 1024 expires 0sec mtu 1500 advmss 1440 hoplimit 64 Any Idea?

  Read the article

• Plesk FTP not working but SFTP and Shell is working

  - by shamittomar

  I am facing a strange problem. The FTP on my Plesk VPS is not working. Whenever I try to connect, FileZilla FTP client says: Status: Resolving address of xxxxxxxxxxxxx.com Status: Connecting to xxx.xxx.xxx.xxx:21... Status: Connection established, waiting for welcome message... Error: Could not connect to server So, it's not even going to the step of asking username/password. So, it's something else. The SFTP on port 22 is working fine. Also, I can successfully do shell access and run commands. But, I NEED FTP access too on port 21. I have searched everywhere but can not find any setting to enable it. This is the Plesk version info: Parallels Plesk Panel version 9.5.2 Operating system Linux 2.6.26.8-57.fc8 CPU GenuineIntel, Intel(R) Pentium(R) 4 CPU 3.00GHz Any help is appreciated. [EDIT]: The firewall is not blocking it. I have checked it on server and there are absolutely no blocking rule. Firewall states: All incoming/outgoing connections are accepted on FTP And on client-side (my PC), I can connect to other FTP servers so this is not an issue in my PC's firewall. Moreover, I can not even connect to the FTP from online FTP clients like net2ftp.

  Read the article

• iptables drops some packets on port 80 and i don't know the cause.

  - by Janning

  Hi, We are running a firewall with iptables on our Debian Lenny system. I show you only the relevant entries of our firewall. Chain INPUT (policy DROP 0 packets, 0 bytes) target prot opt in out source destination ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 state NEW Chain OUTPUT (policy DROP 0 packets, 0 bytes) target prot opt in out source destination ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED LOGDROP all -- * * 0.0.0.0/0 0.0.0.0/0 Some packets get dropped each day with log messages like this: Feb 5 15:11:02 host1 kernel: [104332.409003] dropped IN= OUT=eth0 SRC= DST= LEN=1420 TOS=0x00 PREC=0x00 TTL=64 ID=18576 DF PROTO=TCP SPT=80 DPT=59327 WINDOW=54 RES=0x00 ACK URGP=0 for privacy reasons I replaced IP Addresses with and This is no reason for any concern, but I just want to understand what's happening. The web server tries to send a packet to the client, but the firewall somehow came to the conclusion that this packet is "UNRELATED" to any prior traffic. I have set a kernel parameter ip_conntrack_ma to a high enough value to be sure to get all connections tracked by iptables state module: sysctl -w net.ipv4.netfilter.ip_conntrack_max=524288 What's funny about that is I get one connection drop every 20 minutes: 06:34:54 droppedIN= 06:52:10 droppedIN= 07:10:48 droppedIN= 07:30:55 droppedIN= 07:51:29 droppedIN= 08:10:47 droppedIN= 08:31:00 droppedIN= 08:50:52 droppedIN= 09:10:50 droppedIN= 09:30:52 droppedIN= 09:50:49 droppedIN= 10:11:00 droppedIN= 10:30:50 droppedIN= 10:50:56 droppedIN= 11:10:53 droppedIN= 11:31:00 droppedIN= 11:50:49 droppedIN= 12:10:49 droppedIN= 12:30:50 droppedIN= 12:50:51 droppedIN= 13:10:49 droppedIN= 13:30:57 droppedIN= 13:51:01 droppedIN= 14:11:12 droppedIN= 14:31:32 droppedIN= 14:50:59 droppedIN= 15:11:02 droppedIN= That's from today, but on other days it looks like this, too (sometimes the rate varies). What might be the reason? Any help is greatly appreciated. kind regards Janning

  Read the article

< Previous Page | 123 124 125 126 127 128 129 130 131 132 133 134  | Next Page >