Search Results

Search found 1177 results on 48 pages for 'ips'.

Page 13/48 | < Previous Page | 9 10 11 12 13 14 15 16 17 18 19 20  | Next Page >

  • Multiple data centers and HTTP traffic: DNS Round Robin is the ONLY way to assure instant fail-over?

    - by vmiazzo
    Hi, Multiple A records pointing to the same domain seem to be used almost exclusively to implement DNS Round Robin as a cheap load balancing technique. The usual warning against DNS RR is that it is not good for high availability. When 1 IP goes down clients will continue to use it for minutes. A load balancer is often suggested as a better choice. Both claims are not completely true: When the traffic is HTTP then, most of the HTML browsers are able to automatically try the next A record if the previous is down, without a new DNS look-up. Read here chapter 3.1 and here. When multiple data centers are involved then, DNS RR is the only option to distribute traffic across them. So, is it true that, with multiple data centers and HTTP traffic, the use of DNS RR is the ONLY way to assure instant fail-over when one data center goes down? Thanks, Valentino Edit: Off course each data center has a local Load Balancer with hot spare. It's OK to sacrifice session affinity for an instant fail-over. AFAIK the only way for a DNS to suggest a data center instead of another is to reply with just the IP (or IPs) associated to that data center. If the data center becomes unreachable then all those IP are also unreachables. This means that, even if smart HTML browsers are able to instantly try another A record , all the attempts will fail until the local cache entry expires and a new DNS lookup is done, fetching the new working IPs (I assume DNS automatically suggests to a new data center when one fail). So, "smart DNS" cannot assure instant fail-over. Conversely a DNS round-robin permits it. When one data center fail, the smart HTML browsers (most of them) instantly try the other cached A records jumping to another (working) data center. So, DNS round-robin doesn't assure session affinity or the lowest RTT but seems to be the only way to assure instant fail-over when the clients are "smart" HTML browsers. Edit 2: Some people suggest TCP Anycast as a definitive solution. In this paper (chapter 6) is explained that Anycast fail-over is related to BGP convergence. For this reason Anycast can employ from 15 minutes to 20 seconds to complete. 20 seconds are possible on networks where the topology was optimized for this. Probably just CDN operators can grant such fast fail-overs. Edit 3:* I did some DNS look-ups and traceroutes (maybe some expert can double check) and: The only CDN using TCP Anycast seems to be CacheFly, other operators like CDN networks and BitGravity use CacheFly. Seems that their edges cannot be used as reverse proxies. Therefore, they cannot be used to grant instant failover. Akamai and LimeLight seems to use geo-aware DNS. But! They return multiple A records. From traceroutes seems that the returned IPs are on the same data center. So, I'm puzzled on how they can offer a 100% SLA when one data center goes down.

    Read the article

  • What networking hardware do I need in this situation (Fairpoint [ISP] "E-DIA" connection)?

    - by Tegeril
    Right away you'd probably want to say, "Well just ask Fairpoint." I've done that, a number of times in as many different ways I can phrase it and just keep hitting a brick wall where they will not commit to giving any useful information and instead recommend contracting an outside firm and spending a pile of money. Anyway... I'm trying to help a family member out with an office connection that is being setup. I've managed to scrape tiny details here and there from our discussions with the ISP (Fairpoint in Maine) about what is going to be done and what is going to be needed. This is the connection that is being setup: http://www.fairpoint.com/enterprise/vantagepoint/e-dia/index.jsp Information I have been given: Via this connection I can get IPs across different C blocks if that were necessary (it is not) Fairpoint is bringing hardware with them that they claim simply does the conversion from whatever line is coming in the building to ethernet, they have referred to this as the "Fairpoint Netvanta" which I know suggests a line of products that I have looked up, but some (most? all?) of those seems to handle all the routing that I saw. Fairpoint says that I need to bring my own router to sit behind their device. They have literally declined to even suggest products that have worked for other clients in the past and fall back on "any business router works, not a home router." That alone makes my head spin. Detail and clarity hit a brick wall from there. At one moment I got them to cough up that the router I provide needs to be able to do VPN tunneling but they typically fall back to "not a home router" and I was even given "just a business router, Cisco or something, it'll be $500-$1000". Now I know that VPN tunneling routers exist well below that price point and since this connection is going to one machine, possibly two only via ethernet, my desire to purchase networking hardware that over-delivers what I need is not very high. They are literally setting all this up, have provided no configuration details for after they finish, and expect me to just plunk a $500+ router behind it and cross my fingers or contract out to a third party company. If there were other options available for the location, I would have dropped them in a second, but there aren't. The device that is connected requires a static IP and I'm honestly a bit hazy on the necessity of an additional router behind their device and generally a bit over my head. I presume that the router needs to be able to serve external static IPs to its clients, but I really don't know what is going to show up when they come to do the install. This was originally going to be run via an ADSL bridge modem with a range of static IPs (which is easy and is currently setup properly) but the location is too far from the telco to get speeds that we really want for upload and this is also a connection that needs high availability. Any suggestions would be greatly appreciated (I see a number of options in the Cisco Small Business line and other competitors that aren't going to break the bank…), especially if you've worked with Fairpoint before! Thanks for reading my wall of text.

    Read the article

  • Set up two IP addresses with one gateway?

    - by Ahmed
    I would like to ask if it is possible to set up two static IPs from same subnet through one gateway? and How if it is? What I am interested in is described here Routing for multiple uplinks/providers, but in my case I have two IP addresses from one provider, both are on same subnet and off course I have internet access on both. I have two NICs, but I don't mind to go with one if that makes it possible. Any thought is appreciated!

    Read the article

  • How to Assign a Static IP to an Ubuntu 10.04 Desktop Computer

    - by Mysticgeek
    If you have a home network with several computers, assigning them static IP addresses can make troubleshooting easier. Today we take a look at switching from DHCP to a static IP in Ubuntu. Assign a Static IP Using Static IPs prevents address conflicts between machines and can allow easier access to them. If you have a small home network and are satisfied with the machines getting their IP address automatically via DHCP, there won’t be anything gained by using static addresses. Using Static IPs isn’t necessarily for the average user, but if you’re a geek who wants to know the address assigned to each machine, it can allow for faster troubleshooting.  To change your Ubuntu machine to a Static IP go to System \ Preferences \ Network Connections. In our example, we’re on a wired system so click on the Wired tab, then select Auto eth0 and click on Edit. Select the IPv4 settings tab, change Method to Manual, click the Add button. Then type in the Static IP Address, Subnet Mask, DNS Servers, and Default Gateway. Then click Apply when you’re finished. Make sure to hit Enter after typing in the Default Gateway otherwise it will revert back to 0.0.0.0 You’ll need to enter in your admin password before the changes go into affect. To verify the changes have been made successfully launch a Terminal session and type in ifconfig at the command prompt, or follow these directions. You also might want to ping the address from another machine to make sure everything is communicating. If you want to assign a Static IP to your Windows machines, check out our article on how to assign a Static IP on Windows systems (make sure to browse the comments as our readers have some good suggestions).  Whether you have a small office or home network set up with a server and several machines, using a Static IP on each device can help you manage them easily. Again, it isn’t for everyone as it really depends on how your network is setup and the way you use it. Similar Articles Productive Geek Tips Change Ubuntu Desktop from DHCP to a Static IP AddressAllow Remote Control To Your Desktop On UbuntuAssign Custom Shortcut Keys on Ubuntu LinuxKeyboard Ninja: 21 Keyboard Shortcut ArticlesChange Ubuntu Server from DHCP to a Static IP Address TouchFreeze Alternative in AutoHotkey The Icy Undertow Desktop Windows Home Server – Backup to LAN The Clear & Clean Desktop Use This Bookmarklet to Easily Get Albums Use AutoHotkey to Assign a Hotkey to a Specific Window Latest Software Reviews Tinyhacker Random Tips HippoRemote Pro 2.2 Xobni Plus for Outlook All My Movies 5.9 CloudBerry Online Backup 1.5 for Windows Home Server TubeSort: YouTube Playlist Organizer XPS file format & XPS Viewer Explained Microsoft Office Web Apps Guide Know if Someone Accessed Your Facebook Account Shop for Music with Windows Media Player 12 Access Free Documentaries at BBC Documentaries

    Read the article

  • nginx problem accessing virtual hosts

    - by Sc0rian
    I am setting up nginx as a reverse proxy. The server runs on directadmin and lamp stack. I have nginx running on port 81. I can access all my sites (including virtual ips) on the port 81. However when I forward the traffic from port 80 to 81, the virtual ips have a message saying "Apache is running normally". Server IPs are fine, and I can still access virtual IP's on 81. [root@~]# netstat -an | grep LISTEN | egrep ":80|:81" tcp 0 0 <virtual ip>:81 0.0.0.0:* LISTEN tcp 0 0 <virtual ip>:81 0.0.0.0:* LISTEN tcp 0 0 <serverip>:81 0.0.0.0:* LISTEN tcp 0 0 :::80 :::* LISTEN apache 24090 0.6 1.3 29252 13612 ? S 18:34 0:00 /usr/sbin/httpd -k start -DSSL apache 24092 0.9 2.1 39584 22056 ? S 18:34 0:00 /usr/sbin/httpd -k start -DSSL apache 24096 0.2 1.9 35892 20256 ? S 18:34 0:00 /usr/sbin/httpd -k start -DSSL apache 24120 0.3 1.7 35752 17840 ? S 18:34 0:00 /usr/sbin/httpd -k start -DSSL apache 24495 0.0 1.4 30892 14756 ? S 18:35 0:00 /usr/sbin/httpd -k start -DSSL apache 24496 1.0 2.1 39892 22164 ? S 18:35 0:00 /usr/sbin/httpd -k start -DSSL apache 24516 1.5 3.6 55496 38040 ? S 18:35 0:00 /usr/sbin/httpd -k start -DSSL apache 24519 0.1 1.2 28996 13224 ? S 18:35 0:00 /usr/sbin/httpd -k start -DSSL apache 24521 2.7 4.0 58244 41984 ? S 18:35 0:00 /usr/sbin/httpd -k start -DSSL apache 24522 0.0 1.2 29124 12672 ? S 18:35 0:00 /usr/sbin/httpd -k start -DSSL apache 24524 0.0 1.1 28740 12364 ? S 18:35 0:00 /usr/sbin/httpd -k start -DSSL apache 24535 1.1 1.7 36008 17876 ? S 18:35 0:00 /usr/sbin/httpd -k start -DSSL apache 24536 0.0 1.1 28592 12084 ? S 18:35 0:00 /usr/sbin/httpd -k start -DSSL apache 24537 0.0 1.1 28592 12112 ? S 18:35 0:00 /usr/sbin/httpd -k start -DSSL apache 24539 0.0 0.0 0 0 ? Z 18:35 0:00 [httpd] <defunct> apache 24540 0.0 1.1 28592 11540 ? S 18:35 0:00 /usr/sbin/httpd -k start -DSSL apache 24541 0.0 1.1 28592 11548 ? S 18:35 0:00 /usr/sbin/httpd -k start -DSSL root 24548 0.0 0.0 4132 752 pts/0 R+ 18:35 0:00 egrep apache|nginx root 28238 0.0 0.0 19576 284 ? Ss May29 0:00 nginx: master process /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf apache 28239 0.0 0.0 19888 804 ? S May29 0:00 nginx: worker process apache 28240 0.0 0.0 19888 548 ? S May29 0:00 nginx: worker process apache 28241 0.0 0.0 19736 484 ? S May29 0:00 nginx: cache manager process here is my nginx conf: cat /usr/local/nginx/conf/nginx.conf user apache apache; worker_processes 2; # Set it according to what your CPU have. 4 Cores = 4 worker_rlimit_nofile 8192; pid /var/run/nginx.pid; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] ' '"$request" $status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; server_tokens off; access_log /var/log/nginx_access.log main; error_log /var/log/nginx_error.log debug; server_names_hash_bucket_size 64; sendfile on; tcp_nopush on; tcp_nodelay off; keepalive_timeout 30; gzip on; gzip_comp_level 9; gzip_proxied any; proxy_buffering on; proxy_cache_path /usr/local/nginx/proxy_temp levels=1:2 keys_zone=one:15m inactive=7d max_size=1000m; proxy_buffer_size 16k; proxy_buffers 100 8k; proxy_connect_timeout 60; proxy_send_timeout 60; proxy_read_timeout 60; server { listen <server ip>:81 default rcvbuf=8192 sndbuf=16384 backlog=32000; # Real IP here server_name <server host name> _; # "_" is for handle all hosts that are not described by server_name charset off; access_log /var/log/nginx_host_general.access.log main; location / { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://<server ip>; # Real IP here client_max_body_size 16m; client_body_buffer_size 128k; proxy_buffering on; proxy_connect_timeout 90; proxy_send_timeout 90; proxy_read_timeout 120; proxy_buffer_size 16k; proxy_buffers 32 32k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; } location /nginx_status { stub_status on; access_log off; allow 127.0.0.1; deny all; } } include /usr/local/nginx/vhosts/*.conf; } here is my vhost conf: # cat /usr/local/nginx/vhosts/1.conf server { listen <virt ip>:81 default rcvbuf=8192 sndbuf=16384 backlog=32000; # Real IP here server_name <virt domain name>.com ; # "_" is for handle all hosts that are not described by server_name charset off; access_log /var/log/nginx_host_general.access.log main; location / { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://<virt ip>; # Real IP here client_max_body_size 16m; client_body_buffer_size 128k; proxy_buffering on; proxy_connect_timeout 90; proxy_send_timeout 90; proxy_read_timeout 120; proxy_buffer_size 16k; proxy_buffers 32 32k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; } }

    Read the article

  • Prevent virtual host on same server interact on apache [closed]

    - by Soosoo Soo
    Possible Duplicate: Prevent virtual host on same server interact on apache I have a vps apache 2.0 webserver, with multiple domains and multiple IPs set. In document root /var/www/html/ I have http://serverA.com, and I create a virtual host in folder /var/www/html/serverB for http://serverB.com. They work great for both, but the problem is I can access serverB files with the URL http://serverA.com/serverB/, which I don't want to happen. How do I prevent that?

    Read the article

  • Prevent virtual host on same server interact on apache

    - by soosooo
    good day i Have a vps apache 2.0 webserver, with multiple domains and multiple ips set. In document root :/var/www/html/ -- i have http:// serverA.com and i create virtual host on folder :/var/www/html/serverB --- http:// serverB.com They work great for both. but the problem is, i can access serverB files with url http: // serverA.com/ serverB / (which i dont want that happen) how to prevent that ? thx in advance

    Read the article

  • What bots are really worth letting onto a site?

    - by blunders
    Having written a number of bots, and seen the massive amounts of random bots that happen to crawl a site, I am wondering if the goal of the site allowing bots is for the potential for the bot to send real traffic back to the site if there is any reason to allow bots that are not known to be sending real traffic back, and how to spot these "good" bots; based on how they ID themselves, IPs they come from, behaviors, etc.

    Read the article

  • [MISC GEEKERY] How To Easily Access Your Home Network From Anywhere With DDNS

    - by YatriTrivedi
    Whether you’re hosting a web page or running a Minecraft server, it’s a pain to keep track of IP addresses. Using a free dynamic DNS, you can turn 174.45.19.242 into mygeekydns.dyndns.org and be free from changing IPs.How To Recover After Your Email Password Is CompromisedHow to Clean Your Filthy Keyboard in the Dishwasher (Without Ruining it)Learn How to Make HDR Images in Photoshop or GIMP With a Simple Trick

    Read the article

  • Oracle Solaris 11 ?????????:?Oracle Solaris 11 ?????·????·??? ?2????

    - by kazun
    2012?2?20???????????? ??13F????????????Oracle Solaris 11???????????Oracle Solaris 11 ?????·????·????????????????????????2??????????Automated Installer(AI)???Distribution Constructor??????????????????????????????50????????????????????????????????? Oracle Solaris 11 ????????? - ?????????????????? - ???????????????????????? - 2????????????????? ???? Oracle 11 ??????? ?Oracle Solaris 11 ??????????????·??????????(???????? ??????????? ????????????? ??? ??? ??:???)???Oracle Solaris 11????????????????????????? Oracle Solaris 11 ???Oracle Solaris 10 ??????????????????????????2?????????????????(????????GUI???)???????????????????????????????????????????????????????????????????????????????????????????????????????????? ?????????? ???????????????:Automated Installer ????????"hands-free"??????????? Automated Installer?(?? ???????????? ??????????? ?????????????? ??????????????:???)???Oracle Solaris 11 ???????Automated Installer (AI)????????? AI????????????????????Solaris Zones ???????????????????????????????????????????????????????????????????????????????????????Jumpstart ?????????????????? AI?Image Packaging System (IPS)????????????????????????????????????OS???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????AI??????(XML?????????????)?SC???????????????????????????????????????????????????????????????????????? ??????????????????????????????????AI ???????????DHCP ????????????????????????????? VirtualBox ??????????????? ?:Oracle Solaris Studio ??? AI??????????????????????? ?????????? ???????????????????:Distribution Constructor ?????????????????????????????????????????????? Distribution Constructor?(?? ???????????? ??????????? ????????????? ??????????????:???)???? ?????????Oracle Solaris 11 ????????????????????????????????????? "Distribution Constructor" ?????????????"Distribution Constructor" ???????????????????????????????????????????????????????????????????????????"Distribution Constructor"???LiveCD/USB???????????????ISO?????3???OS?????????????????????Distribution Constructor?????????????????????????????????????????????????????????????????????Distribution Constructor??Solaris ?ZFS???????????AI??????????????????????????XML??????????? ?????????3??????????????????????????????????????????????????????IPS??????????????custom-script????????????????????????????????????????????????????????????????????????? ???????????????????????????????? ?????????? Oracle Solaris ??????? ??????????Installer Disk(3??DVD)????????????????????????Oracle Solaris Live CD(x86)??1???Oracle Solaris 11 Interactive Text Installer??SPARC??x86?????1???????????Live CD??????????Solaris 11 ?????????????????????Interactive Text Installer ??????????????(???????????????????????????????)?Interactive Text Installer ???????????????????????????????????? ???Solaris 11 VM???? for Oracle VM VirtualBox ?????????????????????(?Solaris 11 VM ???? for Oracle VM VirtualBox ???????Oracle VM for x86 ????????)? Oracle VM VirtualBox??????? Solaris 11 VM???? for Oracle VM VirtualBox??????? Oracle Solaris 11?????????????????????????? ?????? Oracle Solaris 10 JumpStart ?? Oracle Solaris 11 ???????????? ???? Oracle Solaris 11 ????????????? Oracle Solaris 11 ???????????

    Read the article

  • ???????/???Oracle Solaris 11?????????????????

    - by user788995
    ????? ??:2012/05/14 ??:??????/?? Oracle Solaris 11 ?????????????????????????????????????? IPS????????????Solaris11??????Oracle Solaris ZonesVirtualBox in Solaris 11ZonesAppndix /Oracle Solaris 10?Oracle Solaris 11 ??? ????????? ????????????????? http://otndnld.oracle.co.jp/ondemand/otn-seminar/movie/D3-03.wmv http://otndnld.oracle.co.jp/ondemand/otn-seminar/movie/mp4/D3-03.mp4 http://www.oracle.com/technetwork/jp/ondemand/os-vm/d3-03-dl-1626604-ja.pdf

    Read the article

  • ??????????

    - by user762552
    ?????????????????????????????????????????????????????????????????????11/9???12/7?2??????????????????????????????????????????????????4???????3??????1??????2???????·?????IDS/IPS???????? ????????????????(JNSA)???????·??/??WG????????????????????????????????????????????2???????????????????????2????(90?×2)???????????????????????????????????···????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????(?????)????????????AKB48????????????????????????????(?)??????IP????????????ACL???????????????????????????????????????????????????????????????????????????????????????????????????????????

    Read the article

  • Routing static IP traffic on a Comcast Business Class IP Gateway (SMCD3G-CCR)

    - by Jakobud
    We are in the process of replacing our firewall, which is currently the only thing connected to our Comcast Business Class modem. Comcast gives us 5 static IP addresses. Currently, all traffic to all 5 static IPs goes directly to the existing firewall. Eventually, obviously all traffic will goto the new firewall, once the old firewall is removed from the network. But in the meantime, as we will have two firewalls plugged into the same Comcast modem, I need to route certain traffic to the new firewall instead of the old one. The firewall switchover is going to be slow and gradual as I am testing it, so I can't simply unplug the existing firewall and plug in the new one. So my question is, how do I tell the modem to route all traffic that goes to a specific IP to goto the new firewall instead of the old one? I've logged into the web interface for the modem, but the available options aren't very clear. There is a 1-to-1 NAT option (which I can't seem to get the interface for it to work properly) but I also see a "Static Routing" section. I always understood Static Routing to refer to routing data within the LAN though, so I'm not sure if that's what I'm looking for or not. Keep in mind, I'm not looking to do simple port forwarding. I'm wanting 100% of traffic to certain public static IPs to go to the specified connected firewall (I'll deal with service policies there). The modem is an SMC SMCD3G-CCR and is labeled as a Comcast Business Class Business IP Gateway. Any help or direction would be greatly appreciated.

    Read the article

  • subneting .. is 192.168.0.1/24 different than 192.168.0.1/25

    - by SM
    So i am trying to understand subnetting. I understand that you can take 192.168.0.0/24 domain and break it up in 2 subnets. 192.168.0.0/25 and 192.168.0.128/25 .. so what if i need to create 2 more subnets inside both of those above subnets. What if i need to create 2 subnets, which have 2 more subnets inside them and each of those 2 subnets have 2 hosts. As per my calculation, this would be something like. top 2 subnets: 192.168.0.0/25 and 192.168.0.128/25 subnets of 192.168.0.0/25: 192.168.0.0/26 - 192.168.0.128/26 subnets of 192.168.0.128/25: 192.168.0.128/26 - 192.168.0.192/26 hosts of 192.168.0.0/25: 192.168.0.1/25 - 192.168.0.2/25 hosts of 192.168.0.128/25: 192.168.0.129/25 - 192.168.0.130/25 hosts of 192.168.0.0/26: 192.168.0.1/26 - 192.168.0.2/26 hosts of 192.168.0.128/26: 192.168.0.129/26 - 192.168.0.130/26 hosts of 192.168.0.128/26: 192.168.0.129/26 - 192.168.0.130/26 hosts of 192.168.0.192/26: 192.168.0.193/26 - 192.168.0.194/26 The above doesnt seem right, i am moving down like a tree, however the subnet mask and IPs are being repeated, i am just add 1 to /x and making the ips from there. Can anyone please tell me if this is correct The scenario i am trying to understand is similar to this, however i just want to add hosts on each level as well. http://www.ciscotrick.com/wp-content/uploads/2008/08/the_mathematical_relationship_between_network_block_sizes.jpg

    Read the article

  • What is Apache Synapse?

    - by Aren B
    My website keeps getting hit by odd requests with the following user-agent string: Mozilla/4.0 (compatible; Synapse) Using our friendly tool Google I was able to determine this is the hallmark calling-card of our friendly neighborhood Apache Synapse. A 'Lightweight ESB (Enterprise Service Bus)'. Now, based on this information I was able to gather, I still have no clue what this tool is used for. All I can tell is that is has something to do with Web-Services, and supports a variety of protocols. The Info page only leads me to conclude it has something to do with proxies, and web-services. The problem I've run into is that while normally I wouldn't care, we're getting hit quite a bit by Russian IPs (not that russian's are bad, but our site is pretty regionally specific), and when they do they're shoving wierd (not xss/malicious at least not yet) values into our query string parameters. Things like &PageNum=-1 or &Brand=25/5/2010 9:04:52 PM. Before I go ahead and block these ips/useragent from our site, I'd like some help understanding just what is going on. Any help would be greatly appreciated :)

    Read the article

  • IPCop Packet Mangling

    - by Zenham
    I've found myself in a pickle replacing an old firewall for a client this afternoon. I'm configuring their new IPCop firewall (1.4.21), Zerina OpenVPN addon is installed. What I need to do: There are three network interfaces, currently set up as red (WAN), green (LAN, 192.168.20.0/24) and orange (remote network 10.1.20.0/24). The orange interface is a direct fiber link to another organization. Simple description: Traffic and networks appear to be properly configured at this point, but I have many (150+) specific IPs on the LAN which, when accessing the resources on the 10.1.20.x network, need to be mangled to appear to be coming from the 10.1.20.0/24 network (and return traffic properly delivered). The routing on the far side was configured earlier and should be fine, but I need to redirect any packets coming across destined for those IPs to end up at their proper destination. The addressing is fixed and predictable (ie. 192.168.20.125 - 10.1.20.125). I need to insert whatever rules I have into the IPCop ruleset through /etc/rc.local I know, I'm just not sure about how I should structure this. There's CUSTOMOUTPUT and CUSTOMINPUT targets, both which currently just consist of the single rule redirecting packets to the OVPNOUTPUT/OVPNINPUT targets, so I'm guessing I should insert a rule matching outbound packets destined for the 10.1.20.x network and redirecting to a new target (maybe called TO-ORANGE) and a rule at the top of CUSTOMINPUT which redirects to a FROM-ORANGE target. Under those targets, I would have rules which do the IP matching and mangling. Am I approaching this right? If so, I'm not very familiar with mangle, and would appreciate seeing examples of how to write that source-IP rewrite. If not, how would you suggest doing this? TIA! edit: I notice additionally that the nat table has CUSTOMPREROUTING and CUSTOMPOSTROUTING targets, I guess I could alternatively post the rules in there....

    Read the article

  • Distributed development staff needing a common IP range

    - by bakasan
    I work on a development staff that is geographically distributed, mostly all throughout the state of CA, but several key members also must travel frequently. We rely quite heavily on a 3rd party provider API for a great deal of our subsystems (can't get into who it is or what they do). The 3rd party however is quite stringent on network access and have no notion of a development sandbox. Access is restricted to 2, 3 IP numbers and that's about it. Once we account for our production servers, that leaves us with an IP or two to spare for our dev team--which is still problematic as people's home IP changes, people travel, we have more than 2 devs, etc. Wide IP blocks are not permitted by the 3rd party. Nor will they allow dynamic DNS type services. There is no simple console to swap IPs on the fly either (e.g. if a dev's IP at home changes or they are on the road). As none of us are deep network experts, I'm wondering what our viable options are? Are there such things as 3rd party hosts to VPNs? Generally I think of a VPN as a mechanism to gain access to a home office, but the notion would be a 3rd party VPN that we'd all connect to and we'd register this as an IP origin w/ our 3rd party. We've considered using Amazon EC2 to effectively host a dev environment for each dev and using that to connect. Amazon only gives you so many static IPs however (I believe 5?) so this would only be a stop gap solution until our team size out strips our IP count at Amazon. Those were the only viable thoughts that I had, but again, I'm far from a networking guy. Tried searching for similar threads, but I'm not even sure I know the right vernacular to look around for.

    Read the article

  • monitoring a /21 for potential bad guys with snort and port mirroring

    - by Adeodatus
    Hi all, I want/need to start monitoring our network a bit better. Its an odd network in that it comprises 2 /22 public IPs and a slew of private admin IPs. I do have one point in the network where it all comes together and I can turn on port mirroring on the catalyst. From that port, I'd like to turn up a box running various utilities. Snort is high on my list but it'd be nice to also get some networking statistics with something like Netflow. So, what are peoeple's thoughts. I can turn up a box needed for this with a bit of ease. We have the hardware available. What should I run? I'd love to know what kind of nasty things are potentially going on but I'd also like to see statistics on what people are doing on the network so I can better tweak our systems to handle it better and improve performance. I'm open so please, give me some ideas to go along with what I've got.

    Read the article

  • How do I get a Mac to request a new IP address from another DHCP server running in parallel while Ne

    - by huyqt
    Hello, I have an interesting situation. I'm trying to us a Linux based machine to allow Mac's to Netboot (similiar to PXE boot) by running a DHCP service in parallel with the "global" DHCP server. The local DHCP server hands out IPs in a private subnet, e.g., 10.168.0.10-10.168.254-254, while the "global" DHCP server hands out IPs from the IP range 10.0.0.1 - 10.0.1.254. The local DHCP range is only supposed to be used in Preboot Execution Environment and Netboot. The local DHCP server is something I have control over, but I do not have access to the global DHCP server. I have a filter to only allow members with the vendor strings "AAPLBSDPC/i386" and "PXEClient". PXE works fine, but Netboot has a quirk. The Apple systems that haven't been connected to the network yet can Netboot fine. But once it grabs a "real" IP address from the global DHCP server, it will "save" it and request it the next time we want it to netboot (which the local dhcp server won't give it). This is what I want: Mar 30 10:52:28 dev01 dhcpd: DHCPDISCOVER from 34:15:xx:xx:xx:xx via eth1 Mar 30 10:52:29 dev01 dhcpd: DHCPOFFER on 10.168.222.46 to 34:15:xx:xx:xx:xx via eth1 Mar 30 10:52:31 dev01 dhcpd: DHCPREQUEST for 10.168.222.46 (10.168.0.1) from 34:15:xx:xx:xx:xx via eth1 Mar 30 10:52:31 dev01 dhcpd: DHCPACK on 10.168.222.46 to 34:15:xx:xx:xx:xx via eth1 Mar 30 10:52:32 dev01 in.tftpd[5890]: tftp: client does not accept options Mar 30 10:52:53 dev01 in.tftpd[5891]: tftp: client does not accept options Mar 30 10:52:53 dev01 in.tftpd[5893]: tftp: client does not accept options Mar 30 10:52:54 dev01 in.tftpd[5895]: tftp: client does not accept options This is what I get when it already has a "stored" IP: Mar 30 10:51:29 dev01 dhcpd: DHCPDISCOVER from 00:25:xx:xx:xx:xx via eth1 Mar 30 10:51:30 dev01 dhcpd: DHCPOFFER on 10.168.222.45 to 00:25:xx:xx:xx:xx via eth1 Mar 30 10:51:31 dev01 dhcpd: DHCPREQUEST for 10.0.0.61 (10.0.0.1) from 00:25:xx:xx:xx:xx via eth1: ignored (not authoritative). Do you have any suggestions? It would be much appreciated.

    Read the article

  • Debian/OVH: How to configure multiple Failover IP on the same Xen (Debian) Virtual Machine?

    - by D.S.
    I have a problem on a Xen virtual machine (running latest Debian), when I try to configure a second failover IP address. OVH reports that my IP is misconfigured and they complaint they receive a massive quantity of ARP packets from this IPs, so they are going to block my IP unless I fix this issue. I suspect there's a routing issue, but I don't know (and can't find any useful info on the provider's website, and their support doesn't provide me a valid solution, just bounce me to their online - useless - guides). My /etc/network/interfaces look like this: # The loopback network interface auto lo iface lo inet loopback # The primary network interface auto eth0 iface eth0 inet static address AAA.AAA.AAA.AAA netmask 255.255.255.255 broadcast AAA.AAA.AAA.AAA post-up route add 000.000.000.254 dev eth0 post-up route add default default gw 000.000.000.254 dev eth0 # Secondary NIC auto eth0:0 iface eth0:0 inet static address BBB.BBB.BBB.BBB netmask 255.255.255.255 broadcast BBB.BBB.BBB.BBB And the routing table is: Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 000.000.000.254 0.0.0.0 255.255.255.255 UH 0 0 0 eth0 0.0.0.0 000.000.000.254 0.0.0.0 UG 0 0 0 eth0 In these examples (true IP addresses are replaced by fake ones, guess why :)), 000.000.000.000 is my main server's IP address (dom0), 000.000.000.254 is the default gateway OVH recommends, AAA.AAA.AAA.AAA is the first IP Failover and BBB.BBB.BBB.BBB is the second one. I need both AAA.AAA.AAA.AAA and BBB.BBB.BBB.BBB to be publicly reachable from Internet and point to my domU, and to be able to access Internet from inside the virtual machine (domU). I am using eth0 and eth0:0 because due to OVH support, I have to assign both IPs to the same MAC address and then create a virtual eth0:0 interface for the second IP. Any suggestion? What am I doing wrong? How can I stop OVH complaining about ARP flood? Many thanks in advance, DS

    Read the article

  • Wireless Activity Monitoring for PCI DSS Compliance

    - by dkusleika
    In an effort to be PCI DSS compliant, I took a trustkeeper.net questionnaire. I failed the question that asks Is the presence of wireless access points tested for by using a wireless analyzer at least quarterly or by deploying a wireless IDS/IPS to identify all wireless devices in use? (SAQ #11.1) My only wireless access point is outside my firewall, so even if you cracked my wireless you couldn't get inside my domain (unless you crack that too). My firewall doesn't have IPS and I couldn't tell if it had IDS. I looked around for a wireless analyzer, but what I found was $500, which is a little pricey for my size business. And even if I got it, I'm not sure I would understand what it tells me. Surely there are smaller/less sophisticated businesses that take credit cards and have solved this. My questions are: What are the risks if someone were to crack my wireless? (Could they read all internet traffic? Just wireless traffic? Just use my internet connection?) And what is the best/cheapest way to test my connection point quarterly? Should I buy the $500 analyzer? Domain is Windows Server 2000. Firewall is Sonicwall Pro 2040. Router is 8 port D-link.

    Read the article

  • Is it worthwhile to block malicious crawlers via iptables?

    - by EarthMind
    I periodically check my server logs and I notice a lot of crawlers search for the location of phpmyadmin, zencart, roundcube, administrator sections and other sensitive data. Then there are also crawlers under the name "Morfeus Fucking Scanner" or "Morfeus Strikes Again" searching for vulnerabilities in my PHP scripts and crawlers that perform strange (XSS?) GET requests such as: GET /static/)self.html(selector?jQuery( GET /static/]||!jQuery.support.htmlSerialize&&[1, GET /static/);display=elem.css( GET /static/.*. GET /static/);jQuery.removeData(elem, Until now I've always been storing these IPs manually to block them using iptables. But as these requests are only performed a maximum number of times from the same IP, I'm having my doubts if it does provide any advantage security related by blocking them. I'd like to know if it does anyone any good to block these crawlers in the firewall, and if so if there's a (not too complex) way of doing this automatically. And if it's wasted effort, maybe because these requests come from from new IPs after a while, if anyone can elaborate on this and maybe provide suggestion for more efficient ways of denying/restricting malicious crawler access. FYI: I'm also already blocking w00tw00t.at.ISC.SANS.DFind:) crawls using these instructions: http://spamcleaner.org/en/misc/w00tw00t.html

    Read the article

  • RRAS Public Address Pool on Windows Server 2008

    - by Art
    I have a Windows 2008 server with two NICs running RRAS and a small public website. It also does NAT for several other PCs on my network and everything works great. I have a block of 5 public static IPs from my ISP, one of which is bound to the public NIC in the Windows 2008 server. I would like to assign one of the remainging 4 public IPs to a machine on my private network. I thought I could do this by going into RRAS, selecting NAT under IPv4 and then adding the public IP address to the address pool and specifying a reservation for the machine I would like to use that address by adding its private ip address. When I do this, the machine I reserved the public IP address for seems to loose all outside network connectivity. I can still ping other PCs on my 192.168.0.* net, but anything outside is no longer reachable. When I remove the reservation, everything seems to work. After setting the reservation and right clicking on the external public interface and selecting 'Show Mappings' I can see outbound requests from my private address with the desired associated private address, however I do not see any inbound requests. What am I doing wrong/missing?

    Read the article

  • Configuration Help for Sendmail Required

    - by Vinayak Mahadevan
    Hi I need some help with respect to sendmail configuration. The basic problem is that I have some employees working from other places and they need access to their mail. So what I have done right now is whatever mails which are meant for them which are generated from within the company and collected by my internal mail server is bounced to an external mail server from where the employees access it. This is done through a email id on a different domain. This was working fine till I restricted the external mailing access for certain users using rulesets in sendmail.cf. Once I had put that in place only people who had external mailing rights could send mails to people outside the office. What I would like to know is that is there anyway where I can expose sendmail on two different ips and thereby configure everybody's email id to point to the same internal mail server using 2 different ips. one ip when inside the company and one ip outside the company. Is it possible that I have one static ip configured for both internal access and external access or is there any otherway it can be done with sendmail. Can anybody help me Sorry for the long post Regards Vinayak

    Read the article

< Previous Page | 9 10 11 12 13 14 15 16 17 18 19 20  | Next Page >