why do I need virtual table?
- by lego69
I was looking for some information about virtual table, but can't find something easy to understand, can somebody give me good example(not from Wiki, please), with explanations, or link, thanks in advance
Search Results
Search found 19703 results on 789 pages for 'virtual ip'.
Page 154/789 | < Previous Page | 150 151 152 153 154 155 156 157 158 159 160 161 | Next Page >
-
-
How to get client machine ip address in custom realm? [on hold]
- by Sumit
I want to get client machine ip address in my custom Realm when client attempt to login basically here is detail requirement of project User having role 'Admin' can add new users and assign multiple roles and permission ,and at the same time specify list of ip address and countries to restrict them to access website. All these information i am storing in database. So basically till now i am using shiro default 'authc' filter but now i want ip address of client machine and get country from where request is coming and check it against database and then and then only allow access to website. Any help..? Thanks and regardsRead the article
-
is 'protected' ever reasonable outside of virtual methods and destructors?
- by notallama
so, suppose you have some fields and methods marked protected (non-virtual). presumably, you did this because you didn't mark them public because you don't want some nincompoop to accidentally call them in the wrong order or pass in invalid parameters, or you don't want people to rely on behaviour that you're going to change later. so, why is it okay for that nincompoop to use those fields and methods from a subclass? as far as i can tell, they can still screw up in the same ways, and the same compatibility issues still exist if you change the implementation. the cases for protected i can think of are: non-virtual destructors, so you can't break things by deleting the base class. virtual methods, so you can override 'private' methods called by the base class. constructors in c++. in java/c# marking the class as abstract will do basically the same. any other use cases?Read the article
-
How to whitelist external access to an internal webserver via Cisco ACLs?
- by Josh
This is our company's internet gateway router. This is what I want to accomplish on our Cisco 2691 router: All employees need to be able to have unrestricted access to the internet (I've blocked facebook with an ACL, but other than that, full access) There is an internal webserver that should be accessible from any internal IP address, but only a select few external IP addresses. Basically, I want to whitelist access from outside the network. I don't have a hardware firewall appliance. Until now, the webserver has not needed to be accessible externally... or in any case, the occasional VPN has sufficed when needed. As such, the following config has been sufficient: access-list 106 deny ip 66.220.144.0 0.0.7.255 any access-list 106 deny ip ... (so on for the Facebook blocking) access-list 106 permit ip any any ! interface FastEthernet0/0 ip address x.x.x.x 255.255.255.248 ip access-group 106 in ip nat outside fa0/0 is the interface with the public IP However, when I add... ip nat inside source static tcp 192.168.0.52 80 x.x.x.x 80 extendable ...in order to forward web traffic to the webserver, that just opens it up entirely. That much makes sense to me. This is where I get stumped though. If I add a line to the ACL to explicitly permit (whitelist) an IP range... something like this: access-list 106 permit tcp x.x.x.x 0.0.255.255 192.168.0.52 0.0.0.0 eq 80 ... how do I then block other external access to the webserver while still maintaining unrestricted internet access for internal employees? I tried removing the access-list 106 permit ip any any. That ended up being a very short-lived config :) Would something like access-list 106 permit ip 192.168.0.0 0.0.0.255 any on an "outside-inbound" work?Read the article
-
RESOLVED Why does IPtables's NAT stop working when I enable the firewall's third interface?
- by Kronick
On my firewall I've three interfaces : eth0 : public IP (46.X.X.X.) eth0:0 public IP (46.X.X.Y.) eth1 : public IP (88.X.X.X.) eth2 : private LAN (172.X.X.X) I've setup a basic NAT which works great until I turn on the eth1 interface, I basically loose the connectivity. When I turn off the interface (ifconfig eth1 down) then the NAT re-work. I've added some policy routing via iproute, which makes my three public IP's available. I don't understand why turning on eth1 on makes the LAN unavailable. PS : weirder ; when I turn on eth1 BUT remove the NAT, then the firewall is accessible by using the public IPS. So to me it's exclusively a NAT issue, since without the NAT the network works while with the NAT without the second public interface, the NAT does work. Regards EDIT : I've been able to make it work by using iproute2 rules. That was definitely a routing issue. Here is what I did : ip rule add prio 50 table main ip rule add prio 201 from ip1/netmask table 201 ip rule add prio 202 from ip2/netmask table 202 ip route add default via gateway1 dev interface1 src ip1 proto static table 201 ip route append prohibit default table 201 metric 1 proto static ip route add default via gateway2 dev interface2 src ip2 proto static table 202 ip route append prohibit default table 202 metric 1 proto static # mutipath ip rule add prio 221 table 221 ip route add default table 221 proto static \ nexthop via gateway1 dev interface1 weight 2\ nexthop via gateway2 dev interface2 weight 3Read the article
-
Hyper-V virtual machine unable to get IP address from DHCP server running on same physical box
- by Bronumski
We have a Windows server 2008 R2 with two network cards running AD, DHCP, DNS and Hyper-V The first nic is setup with a static IP address and DHCP, WDS, and DNS are bound to it. The second nic is configured in Hyper-V to be only used by Hyper-V and has been automatically configured so that only the virtual switch is enabled on the adapter. DHCP and DNS work fine for all physical machines on the network. It also works for Virtual Machines running on another physical box. Virtual machines that are bound to the virtual switch network adapter are unable to get a IP address. If the virtual machine is given a static IP address with correct subnet, gateway and dns everything works. Has anyone else got this working?Read the article
-
Multiple SSL domains on the same IP address and same port?
- by johnlai2004
I set up an ubuntu 9.10 - apache2 - php5 server. I was under the impression that each valid SSL certificate (no domain wild cards) required it's own unique IP address and port number combination. But the answer to a previous question I posted is at odds with this claim: http://serverfault.com/questions/109766/ssl-site-not-using-the-correct-ip-in-apache-and-ubuntu Using the accepted answer, I was able to get multiple domains, each with it's own valid SSL to work on the same IP address and on port 443. I am very confused as to why the above answer works, especially after hearing from others that each SSL domain website on the same server requires its own IP+port combination. I am suspicious that I did something wrong. Can someone clear up the confusion? Websites currently using different SSL but on the same IP and Port are: https://www.yummyskin.com/ https://staging.bossystem.org/Read the article
-
how to? 1 domain name, 1 ISP Static IP, 1 router, 3 physical web Servers
- by buliwyf
I have 1 Static IP from my ISP, 58.59.60.61 I have 3 local physical web servers: Win2008 IIS 7, local IP 192.168.10.11, mydomain.com Ubuntu Apache2, local IP 192.168.10.12, subdomain1.mydomain.com Win2003 IIS 6, local IP 192.168.10.13, subdomain2.mydomain.com I have 1 domain name, mydomain.com. It is configured this way: Host(A), @, 58.59.60.61 Host(A), subdomain1, 58.59.60.61 Host(A), subdomain2, 58.59.60.61 My router is a pfSense box. It forwards all port 80 traffic to a group alias called "WebServers," which is my 3 web server IP's. This setup should work right? I believe I need to set the "host header names" in my web servers. In IIS I know how to do this. How do I do this in Apache2?Read the article
-
Why isn't 'ether proto \ip host host' a legal tcpdump expression?
- by Ezequiel Garzon
In its description of valid tcpdump expressions, the pcap-filter man pages state: The filter expression consists of one or more primitives. Primitives usually consist of an id (name or number) preceded by one or more qualifiers. In turn, these qualifiers are type, dir and proto. So far so good, but further down we find this: ip host host which is equivalent to: ether proto \ip and host host In the first case, ip and host are, respectively, proto and type. What pattern does ether proto \ip follow? Isn't that, as a whole, a proto qualifier? If so, why isn't (a properly escaped) 'ether proto \ip host host' legal (no and)?Read the article
-
Why can't all zeros in the host portion of IP address be used for a host?
- by Grezzo
I know that if I have a network 83.23.159.0/24 then I have 254 usable host IP addresses because: 83.23.159.0 (in binary: host portion all zeros) is the subnet address 83.23.159.1-254 are host addresses 83.23.159.255 (in binary: host portion all ones) is the broadcast address I understand the use for a broadcast address, but I don't understand what the subnet address is ever used for. I can't see any reason that an IP packet's destination address would be set to the subnet address, so why does the subnet itself need an address if it is never going to be the endpoint for AN IP flow? To me it seems like a waste to not allow this address to be used as a host address. To summarise, my questions are: Is an IP packet's destination ever set to the subnet IP address? If yes, in what cases and why? If no, then why not free up that address for any host to use?Read the article
-
Does connecting to the default host via public IP from within its subnet cause any issues?
- by username
I'm setting up a small office network with a single public IP (let's say it's 69.16.230.117). I've configured NAT on the router with incoming traffic forwarded to the server (say the server has a private IP of 192.168.0.2). Is it okay to configure the client machines on the same subnet to access the server via the router's public IP (69.16.230.117)? In practice it's never caused me problems, but I've heard, here and there, that it is a bad idea, and one should use the private IP (192.168.0.2). Does connecting to the default host via public IP from within its subnet cause any issues? Please refrain from writing "never! it breaks the intranet!" ;-)Read the article
-
How do I change the .NET Framework version of a virtual directory without the ASP.NET tab?
- by Brandon
I have a website running v2.0 but I want the virtual directory running under it to use v4.0. I've already set the virtual directory as an application and gave it it's own application pool. The server is running Windows Server 2003 SP2 (64-bit). However it has the Enable32BitAppOnWin64 flag enabled which means the ASP.NET tabs on the properties dialog of the websites/virtual directories are missing. .NET 4.0 is installed, aspnet_regiis -lv lists the 32-bit and 64-bit versions of .NET 2.0 and .NET 4.0 and the Web Server Extensions are enabled. I can't disable the Enable32BitAppOnWin64 flag to get the ASP.NET tab back, so is there a way to do this from the command line without potentially breaking something? I ran aspnet_regiis -lk to find the paths so I could try aspnet_regiis -sn, but it only returns one record W3SVC/ 2.0.50727.0 (There are 3 separate websites and a virtual directory running on the server though) How can I change the framework version of the virtual directory without the ASP.NET tab?Read the article
-
WCF, Metadata and BIGIP - Can I force the correct url for the WSDL items?
- by Yossi Dahan
We have a WCF service hosted on ServerA which is a server with no-direct Internet access and has a non-Internet routable IP address. The service is fronted by BIGIP which handles SSL encryption and decryption and forwards the unencrypted request to ServerA (at the moment it does NOT actually do any load balancing, but that is likely to be added in the future) on a specific port. What that means is that our clients would be calling the service through https://www.OurDomain.com/ServiceUrl and would get to our service on http://SeverA:85/ServiceUrl through the BIGIP device; When we browse to the WSDL published on https://www.OurDomain.com/ServiceUrl all the addresses contained in the WSDL are based on the http://SeverA:85/ServiceUrl base address We figured out that we could use the host headers setting to set the domain, but our problem is that while this would sort out the domain, we would still be using the wrong scheme – it would use http://www.OurDomain.com/ServiceUrl while we need it to be Https. Also – as we have other services (asmx based) hosted on that server we had some issues setting the host headers, and so we thought we could get away with creating another site on the server (using, say, port 82) and set the host header on that; now, on top of the http/https problem we have an issue as the WSDL contains the port number in all the urls, where BigIP works on port 443 (for the SSL) Is there a more flexible solution than implementing Host Headers? Ideally we need to retain flexibility and ease of supportability. Thanks for any help…Read the article
-
Google app engine issue 777 particular solution?
- by Niklas R
I use 64.202.189.170 (godaddy) for a HTTP access to a www...on google app engine like GAE issue 777 so that a blank subdomain forwards to www.domain I get the blank to respond by output "This website is temporarily unavailable, please try again later. " There's info about this issue here http://knol.google.com/k/google-apps-discussion-group#view and here http://code.google.com/p/googleappengine/issues/detail?id=777 Since I managed to do it with a .com domain (The godaddy DNS hosted gralumo.com correctly responds to www..) I now want to do it with an off-site DNS managed domain getting the following info about servers: $ ping montao.com.br PING montao.com.br (64.202.189.170) 56(84) bytes of data. 64 bytes from pwfwd-v01.prod.mesa1.secureserver.net (64.202.189.170): icmp_seq=1 ttl=113 time=188 ms 64 bytes from pwfwd-v01.prod.mesa1.secureserver.net (64.202.189.170): icmp_seq=2 ttl=113 time=188 ms ^C --- montao.com.br ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1001ms rtt min/avg/max/mdev = 188.459/188.692/188.926/0.493 ms ubuntu@ubuntu:~$ ping www.montao.com.br PING ghs.l.google.com (74.125.43.121) 56(84) bytes of data. 64 bytes from bw-in-f121.1e100.net (74.125.43.121): icmp_seq=1 ttl=56 time=30.2 ms 64 bytes from bw-in-f121.1e100.net (74.125.43.121): icmp_seq=2 ttl=56 time=28.0 ms 64 bytes from bw-in-f121.1e100.net (74.125.43.121): icmp_seq=3 ttl=56 time=24.2 ms ^C --- ghs.l.google.com ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2003ms rtt min/avg/max/mdev = 24.201/27.522/30.282/2.514 ms So it looks to me these are the same IP numbers whether or not it's off-site DNS. It's just that it works for one domain and not the other. Could it be just resetting the appspot app ie removing and adding it? Can you recommend how to proceed? Thanks in advanceRead the article
-
Block facebook from my website
- by Joseph Szymborski
I have a secure link direction service I'm running (expiringlinks.co). If I change the headers in php to redirect my visitors, then facebook is able to show a preview of the website I'm redirecting to when users send links to one another via facebook. I wish to avoid this. Right now, I'm using an AJAX call to get the URL and javascript to redirect, but it's causing problems for users who don't use javascript. Here are a number of ways I'd like to block facebook, but I can't seem to get working: I've tried blocking the facebook bot (facebookexternalhit/1.0 and facebookexternalhit/1.1) but it's not working, I don't think they're using them for this functionality. I'm thinking of blocking the facebook IP addresses, but I can't find all of them, and I don't think it'll work unless I get all of them. I've thought of using a CAPTCHA or even a button, but I can't bring myself to do that to my visitors. Not to mention I don't think anyone would use the site. I've searched the facebook docs for meta tags that would "opt-me out", but haven't found one, and doubt that I would trust it if I had. Any creative ideas or any idea how to implement the ones above? Thank you so much in advance!Read the article
-
c++ connect() keeps returning WSATIMEDOUT over internet but not localy
- by KaiserJohaan
Hello, For some reason, my chat application always gets WSATIMEDOUT when trying to connect to another person over the internet. int len_ip = GetWindowTextLength(GetDlgItem(hWnd,ID_EDIT_IP)); char ipBuffer[16]; SendMessage(GetDlgItem(hWnd,ID_EDIT_IP),WM_GETTEXT,16,(LPARAM)ipBuffer); long host_ip = inet_addr(ipBuffer); int initializeConnection(long host_ip, HWND hWnd) { // initialize winsock WSADATA wdata; int result = WSAStartup(MAKEWORD(2,2),&wdata); if (result != 0) { return 0; } // setup socket tcp_sock = socket(AF_INET,SOCK_STREAM,IPPROTO_TCP); if (tcp_sock == INVALID_SOCKET) { return 0; } // setup socket address SOCKADDR_IN tcp_sock_addr; tcp_sock_addr.sin_family = AF_INET; tcp_sock_addr.sin_port = SERVER_TCP_PORT; tcp_sock_addr.sin_addr.s_addr = host_ip; // connect to server if (connect(tcp_sock,(SOCKADDR*)&tcp_sock_addr,sizeof(tcp_sock_addr)) == SOCKET_ERROR) { return 0; } HRESULT hr = WSAGetLastError(); // set socket in asynchronous mode if (WSAAsyncSelect(tcp_sock,hWnd,SOCKET_TCP, FD_READ | FD_WRITE | FD_CONNECT | FD_CLOSE) == SOCKET_ERROR) { return 0; } return 1; } For some reason it works perfectly fine on local network between computers, but totally screws up over the internet. WSATIMEDOUT is always returned (not connection refused, so its not a port problem). It makes me believe something is wrong with the IP but why on earth can it work on local addresses (like 192.168.2.4) Any ideas? CheersRead the article
-
C++, generic programming and virtual functions. How do I get what I want?
- by carleeto
This is what I would like to do using templates: struct op1 { virtual void Method1() = 0; } ... struct opN { virtual void MethodN() = 0; } struct test : op1, op2, op3, op4 { virtual void Method1(){/*do work1*/}; virtual void Method2(){/*do work2*/}; virtual void Method3(){/*do work3*/}; virtual void Method4(){/*do work4*/}; } I would like to have a class that simply derives from a template class that provides these method declarations while at the same time making them virtual. This is what I've managed to come up with: #include <iostream> template< size_t N > struct ops : ops< N - 1 > { protected: virtual void DoStuff(){ std::cout<<N<<std::endl; }; public: template< size_t i > void Method() { if( i < N ) ops<i>::DoStuff(); } //leaving out compile time asserts for brevity } struct test : ops<6> { }; int main( int argc, char ** argv ) { test obj; obj.Method<3>(); //prints 3 return 0; } However, as you've probably guessed, I am unable to override any of the 6 methods I have inherited. I'm obviously missing something here. What is my error? No, this isn't homework. This is curiosity.Read the article
-
Getting a stream back from a .Net remoting service that is accessible with IP v4 and v6
- by jon.ediger
My company has an existing .Net Remoting service that listens on a port, fronting interfaces used by external systems. This all works great with IP v4 based communications. However, this service now needs to support both IP v4 communications and IP v6 communications. I have found info that the system.runtime.remoting section of the app.config should include two channels as follows: <channel ref="tcp" name="tcp6" port="9000" bindTo="[::]" /> <channel ref="tcp" name="tcp4" port="9000" bindTo="0.0.0.0" /> The above config file changes to the System.Runtime.Remoting config section will get the remoting service responding to non-stream functions on both ip v4 and ip v6. The issue comes only when attempting to get a stream back, used to upload or download large files. In this case, instead of getting a usable stream back, the following ArgumentException is thrown instead: IPv4 address 0.0.0.0 and IPv6 address ::0 are unspecified addresses that cannot be used as a target address. Parameter name: hostNameOrAddress Is there a way to modify the app.config (in the system.runtime.remoting section, or another section) so that the service will return a stream mapped to a real ip so the client can actually upload/download files while maintaining the ability to use both IP v4 and IP v6?Read the article
-
Can I execute a "variable statements" within a function and without defines.
- by René Nyffenegger
I am facing a problem that I cannot see how it is solvable without #defines or incuring a performance impact although I am sure that someone can point me to a solution. I have an algorithm that sort of produces a (large) series of values. For simplicity's sake, in the following I pretend it's a for loop in a for loop, although in my code it's more complex than that. In the core of the loop I need to do calculations with the values being produced. Although the algorithm for the values stays the same, the calculations vary. So basically, what I have is: void normal() { // "Algorithm" producing numbers (x and y): for (int x=0 ; x<1000 ; x++) { for (int y=0 ; y<1000 ; y++) { // Calculation with numbers being produced: if ( x+y == 800 && y > 790) { std::cout << x << ", " << y << std::endl; } // end of calculation }} } So, the only part I need to change is if ( x+y == 800 && y > 790) { std::cout << x << ", " << y << std::endl; } So, in order to solve that, I could construct an abstract base class: class inner_0 { public: virtual void call(int x, int y) = 0; }; and derive a "callable" class from it: class inner : public inner_0 { public: virtual void call(int x, int y) { if ( x+y == 800 && y > 790) { std::cout << x << ", " << y << std::endl; } } }; I can then pass an instance of the class to the "algorithm" like so: void O(inner i) { for (int x=0 ; x<1000 ; x++) { for (int y=0 ; y<1000 ; y++) { i.call(x,y); }} } // somewhere else.... inner I; O(I); In my case, I incur a performance hit because there is an indirect call via virtual function table. So I was thinking about a way around it. It's possible with two #defines: #define OUTER \ for (int x=0 ; x<1000 ; x++) { \ for (int y=0 ; y<1000 ; y++) { \ INNER \ }} // later... #define INNER \ if (x + y == 800 && y > 790) \ std::cout << x << ", " << y << std::endl; OUTER While this certainly works, I am not 100% happy with it because I don't necessarly like #defines. So, my question: is there a better way for what I want to achieve?Read the article
-
Calculate directed broadcast address given IP address and subnet in PowerShell
- by halr9000
My goal is to calculate the directed broadcast address when given the IP and subnet mask of a host node. I know, sounds like homework. Once I reasoned through my task and boiled it down to this, I was amused with myself. Anyway, the solution will look something like the one in this question I suppose, but I'm not a math major and my C sucks. I could do with a PowerShell (preferred) or C# example to get me going. thanks!Read the article
-
faking a filesystem / virtual filesystem
- by attwad
I have a web service to which users upload python scripts that are run on a server. Those scripts process files that are on the server and I want them to be able to see only a certain hierarchy of the server's filesystem (best: a temporary folder on which I copy the files I want processed and the scripts). The server will ultimately be a linux based one but if a solution is also possible on Windows it would be nice to know how. What I though of is creating a user with restricted access to folders of the FS - ultimately only the folder containing the scripts and files - and launch the python interpreter using this user. Can someone give me a better alternative? as relying only on this makes me feel insecure, I would like a real sandboxing or virtual FS feature where I could run safely untrusted code.Read the article
-
HttpWebRequest to different IP than the domain resolves to
- by fyjham
Hey, Long story short an API I'm calling's different environments (dev/staging/uat/live) is set up by putting a host-record on the server so the live domain resolves to their other server in for the HTTP request. The problem is that they've done this with so many different environments that we don't have enough servers to use the server-wide host files for it anymore (We've got some environments running off the same servers - luckily not dev and live though :P). I'm wondering if there's a way to make WebRequest request to a domain but explicitly specify the IP of the server it should connect to? Or is there any way of doing this short of going all the way down to socket connections (Which I'd really prefer not to waste time/create bugs by trying to re-implementing the HTTP protocol). PS: I've tried and we can't just get a new sub-domain for each environment.Read the article
-
How to share cookies across multiple Apache Virtual Hosts
- by puk
This question is generally phrased as "How to share cookies across multiple subdomains" and the answer is generally to use the leading dot like so setcookie( 'id', 0, time()+30*3600, '/', '.example.com' ); which means that the cookie is available to all subdomains of example.com. However, the / path I suspect adds the constraint that all subdomains must be physically under the same tree. The PHP documentation states path The path on the server in which the cookie will be available on. If set to '/', the cookie will be available within the entire domain. If set to '/foo/', the cookie will only be available within the /foo/ directory and all sub-directories such as /foo/bar/ of domain. The default value is the current directory that the cookie is being set in. Is it possible to share cookies if one has two (Apache) Virtual Hosts set up with document roots at, for example www.one.example.com ? /var/www/example1 www.two.example.com ? /var/www/example2Read the article
-
client ip address in ASP.NET (.asmx) webservices
- by Zain Shaikh
I am using ASP.Net (.asmx) web services with Silverlight. since there is no way to find client ip address in Silverlight, therefore I had to log this on service end. these are some methods I have tried: Request.ServerVariables(”REMOTE_HOST”) HttpContext.Current.Request.ServerVariables["REMOTE_ADDR"] HttpContext.Current.Request.ServerVariables["HTTP_X_FORWARDED_FOR"]; Request.UserHostAddress() Request.UserHostName() string strHostName = System.Net.Dns.GetHostName(); string clientIPAddress = System.Net.Dns.GetHostAddresses(strHostName).GetValue(0).ToString(); All the above methods work fine on my local system, but when I publish my service on production server. it starts giving errors. Error: Object reference not set to an instance of an object. StackTrace: at System.Web.Hosting.ISAPIWorkerRequestInProc.GetAdditionalServerVar(Int32 index) at System.Web.Hosting.ISAPIWorkerRequestInProc.GetServerVariable(String name) at System.Web.Hosting.ISAPIWorkerRequest.GetRemoteAddress() at System.Web.HttpRequest.get_UserHostAddress()Read the article
-
How to stop a ICMP attack?
- by cumhur onat
We are under a heavy icmp flood attack. Tcpdump shows the result below. Altough we have blocked ICMP with iptables tcpdump still prints icmp packets. I've also attached iptables configuration and "top" result. Is there any thing I can do to completely stop icmp packets? [root@server downloads]# tcpdump icmp -v -n -nn tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 03:02:47.810957 IP (tos 0x0, ttl 49, id 16007, offset 0, flags [none], proto: ICMP (1), length: 56) 80.227.64.183 > 77.92.136.196: ICMP redirect 94.201.175.188 to host 80.227.64.129, length 36 IP (tos 0x0, ttl 124, id 31864, offset 0, flags [none], proto: ICMP (1), length: 76) 77.92.136.196 > 94.201.175.188: [|icmp] 03:02:47.811559 IP (tos 0x0, ttl 49, id 16010, offset 0, flags [none], proto: ICMP (1), length: 56) 80.227.64.183 > 77.92.136.196: ICMP redirect 94.201.175.188 to host 80.227.64.129, length 36 IP (tos 0x0, ttl 52, id 31864, offset 0, flags [none], proto: ICMP (1), length: 76) 77.92.136.196 > 94.201.175.188: [|icmp] 03:02:47.811922 IP (tos 0x0, ttl 49, id 16012, offset 0, flags [none], proto: ICMP (1), length: 56) 80.227.64.183 > 77.92.136.196: ICMP redirect 94.201.175.188 to host 80.227.64.129, length 36 IP (tos 0x0, ttl 122, id 31864, offset 0, flags [none], proto: ICMP (1), length: 76) 77.92.136.196 > 94.201.175.188: [|icmp] 03:02:47.812485 IP (tos 0x0, ttl 49, id 16015, offset 0, flags [none], proto: ICMP (1), length: 56) 80.227.64.183 > 77.92.136.196: ICMP redirect 94.201.175.188 to host 80.227.64.129, length 36 IP (tos 0x0, ttl 126, id 31864, offset 0, flags [none], proto: ICMP (1), length: 76) 77.92.136.196 > 94.201.175.188: [|icmp] 03:02:47.812613 IP (tos 0x0, ttl 49, id 16016, offset 0, flags [none], proto: ICMP (1), length: 56) 80.227.64.183 > 77.92.136.196: ICMP redirect 94.201.175.188 to host 80.227.64.129, length 36 IP (tos 0x0, ttl 122, id 31864, offset 0, flags [none], proto: ICMP (1), length: 76) 77.92.136.196 > 94.201.175.188: [|icmp] 03:02:47.812992 IP (tos 0x0, ttl 49, id 16018, offset 0, flags [none], proto: ICMP (1), length: 56) 80.227.64.183 > 77.92.136.196: ICMP redirect 94.201.175.188 to host 80.227.64.129, length 36 IP (tos 0x0, ttl 122, id 31864, offset 0, flags [none], proto: ICMP (1), length: 76) 77.92.136.196 > 94.201.175.188: [|icmp] 03:02:47.813582 IP (tos 0x0, ttl 49, id 16020, offset 0, flags [none], proto: ICMP (1), length: 56) 80.227.64.183 > 77.92.136.196: ICMP redirect 94.201.175.188 to host 80.227.64.129, length 36 IP (tos 0x0, ttl 52, id 31864, offset 0, flags [none], proto: ICMP (1), length: 76) 77.92.136.196 > 94.201.175.188: [|icmp] 03:02:47.814092 IP (tos 0x0, ttl 49, id 16023, offset 0, flags [none], proto: ICMP (1), length: 56) 80.227.64.183 > 77.92.136.196: ICMP redirect 94.201.175.188 to host 80.227.64.129, length 36 IP (tos 0x0, ttl 120, id 31864, offset 0, flags [none], proto: ICMP (1), length: 76) 77.92.136.196 > 94.201.175.188: [|icmp] 03:02:47.814233 IP (tos 0x0, ttl 49, id 16024, offset 0, flags [none], proto: ICMP (1), length: 56) 80.227.64.183 > 77.92.136.196: ICMP redirect 94.201.175.188 to host 80.227.64.129, length 36 IP (tos 0x0, ttl 120, id 31864, offset 0, flags [none], proto: ICMP (1), length: 76) 77.92.136.196 > 94.201.175.188: [|icmp] 03:02:47.815579 IP (tos 0x0, ttl 49, id 16025, offset 0, flags [none], proto: ICMP (1), length: 56) 80.227.64.183 > 77.92.136.196: ICMP redirect 94.201.175.188 to host 80.227.64.129, length 36 IP (tos 0x0, ttl 50, id 31864, offset 0, flags [none], proto: ICMP (1), length: 76) 77.92.136.196 > 94.201.175.188: [|icmp] 03:02:47.815726 IP (tos 0x0, ttl 49, id 16026, offset 0, flags [none], proto: ICMP (1), length: 56) 80.227.64.183 > 77.92.136.196: ICMP redirect 94.201.175.188 to host 80.227.64.129, length 36 IP (tos 0x0, ttl 50, id 31864, offset 0, flags [none], proto: ICMP (1), length: 76) 77.92.136.196 > 94.201.175.188: [|icmp] 03:02:47.815890 IP (tos 0x0, ttl 49, id 16027, offset 0, flags [none], proto: ICMP (1), length: 56) 80.227.64.183 > 77.92.136.196: ICMP redirect 94.201.175.188 to host 80.227.64.129, length 36 iptables configuration: [root@server etc]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ofis tcp -- anywhere anywhere tcp dpt:mysql ofis tcp -- anywhere anywhere tcp dpt:ftp DROP icmp -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination DROP icmp -- anywhere anywhere Chain ofis (2 references) target prot opt source destination ACCEPT all -- OUR_OFFICE_IP anywhere DROP all -- anywhere anywhere top: top - 03:12:19 up 400 days, 15:43, 3 users, load average: 1.49, 1.67, 2.61 Tasks: 751 total, 3 running, 748 sleeping, 0 stopped, 0 zombie Cpu(s): 8.2%us, 1.0%sy, 0.0%ni, 87.9%id, 2.1%wa, 0.1%hi, 0.7%si, 0.0%st Mem: 32949948k total, 26906844k used, 6043104k free, 4707676k buffers Swap: 10223608k total, 0k used, 10223608k free, 14255584k cached PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 36 root 39 19 0 0 0 R 100.8 0.0 17:03.56 ksoftirqd/11 10552 root 15 0 11408 1460 676 R 5.7 0.0 0:00.04 top 7475 lighttpd 15 0 304m 22m 15m S 3.8 0.1 0:05.37 php-cgi 1294 root 10 -5 0 0 0 S 1.9 0.0 380:54.73 kjournald 3574 root 15 0 631m 11m 5464 S 1.9 0.0 0:00.65 node 7766 lighttpd 16 0 302m 19m 14m S 1.9 0.1 0:05.70 php-cgi 10237 postfix 15 0 52572 2216 1692 S 1.9 0.0 0:00.02 scache 1 root 15 0 10372 680 572 S 0.0 0.0 0:07.99 init 2 root RT -5 0 0 0 S 0.0 0.0 0:16.72 migration/0 3 root 34 19 0 0 0 S 0.0 0.0 0:00.06 ksoftirqd/0 4 root RT -5 0 0 0 S 0.0 0.0 0:00.00 watchdog/0 5 root RT -5 0 0 0 S 0.0 0.0 1:10.46 migration/1 6 root 34 19 0 0 0 S 0.0 0.0 0:01.11 ksoftirqd/1 7 root RT -5 0 0 0 S 0.0 0.0 0:00.00 watchdog/1 8 root RT -5 0 0 0 S 0.0 0.0 2:36.15 migration/2 9 root 34 19 0 0 0 S 0.0 0.0 0:00.19 ksoftirqd/2 10 root RT -5 0 0 0 S 0.0 0.0 0:00.00 watchdog/2 11 root RT -5 0 0 0 S 0.0 0.0 3:48.91 migration/3 12 root 34 19 0 0 0 S 0.0 0.0 0:00.20 ksoftirqd/3 13 root RT -5 0 0 0 S 0.0 0.0 0:00.00 watchdog/3 uname -a [root@server etc]# uname -a Linux thisis.oursite.com 2.6.18-238.19.1.el5 #1 SMP Fri Jul 15 07:31:24 EDT 2011 x86_64 x86_64 x86_64 GNU/Linux arp -an [root@server downloads]# arp -an ? (77.92.136.194) at 00:25:90:04:F0:90 [ether] on eth0 ? (192.168.0.2) at 00:25:90:04:F0:91 [ether] on eth1 ? (77.92.136.193) at 00:23:9C:0B:CD:01 [ether] on eth0Read the article
