Search Results

Search found 18976 results on 760 pages for 'ash machine'.

Page 158/760 | < Previous Page | 154 155 156 157 158 159 160 161 162 163 164 165  | Next Page >

  • Is this iptables NAT exploitable from the external side?

    - by Karma Fusebox
    Could you please have a short look on this simple iptables/NAT-Setup, I believe it has a fairly serious security issue (due to being too simple). On this network there is one internet-connected machine (running Debian Squeeze/2.6.32-5 with iptables 1.4.8) acting as NAT/Gateway for the handful of clients in 192.168/24. The machine has two NICs: eth0: internet-faced eth1: LAN-faced, 192.168.0.1, the default GW for 192.168/24 Routing table is two-NICs-default without manual changes: Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 (externalNet) 0.0.0.0 255.255.252.0 U 0 0 0 eth0 0.0.0.0 (externalGW) 0.0.0.0 UG 0 0 0 eth0 The NAT is then enabled only and merely by these actions, there are no more iptables rules: echo 1 > /proc/sys/net/ipv4/ip_forward /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE # (all iptables policies are ACCEPT) This does the job, but I miss several things here which I believe could be a security issue: there is no restriction about allowed source interfaces or source networks at all there is no firewalling part such as: (set policies to DROP) /sbin/iptables -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT /sbin/iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT And thus, the questions of my sleepless nights are: Is this NAT-service available to anyone in the world who sets this machine as his default gateway? I'd say yes it is, because there is nothing indicating that an incoming external connection (via eth0) should be handled any different than an incoming internal connection (via eth1) as long as the output-interface is eth0 - and routing-wise that holds true for both external und internal clients that want to access the internet. So if I am right, anyone could use this machine as open proxy by having his packets NATted here. So please tell me if that's right or why it is not. As a "hotfix" I have added a "-s 192.168.0.0/24" option to the NAT-starting command. I would like to know if not using this option was indeed a security issue or just irrelevant thanks to some mechanism I am not aware of. As the policies are all ACCEPT, there is currently no restriction on forwarding eth1 to eth0 (internal to external). But what are the effective implications of currently NOT having the restriction that only RELATED and ESTABLISHED states are forwarded from eth0 to eth1 (external to internal)? In other words, should I rather change the policies to DROP and apply the two "firewalling" rules I mentioned above or is the lack of them not affecting security? Thanks for clarification!

    Read the article

  • Moving a Domain Controller VM from one server to another

    - by Mike
    I have a Hyper-V Virtual Machine that is a Domain Controller, specifically it is our main DC and holds all 5 FSMO roles. If I wanted to move this Virtual Machine to another VM Server than the one it is on currently, is it as simple as taking the .VHD, moving it to another server, and creating a VM in Hyper-V on the new server for it? Or are there other things to consider that could get screwed up from doing this? Thanks

    Read the article

  • Hard Drive Won't Boot After OS Install

    - by Chris
    This is my step by step process on a Dell Inspiron 6000 with a brand new 320 HD: Turn on Laptop Insert Xubuntu 9.1 disc Boot to CD-rom After boot has finished, I install and instance of Xubuntu on the machine After install (without any errors), I reboot the the machine On reboot, the BIOS claims to be unable to read from device What could this be? (Feel free to ask for more information to perform a proper diagnosis)

    Read the article

  • For how long should I expect my hardware to work?

    - by Makach
    I got this old box with windows xp home. It works perfectly, except the occasional blue-screen when shutting down the machine. How long should I expect this, or any, machine to work, when will the hardware start failing and should I worry about silly things like upgrading the os? What is the TTL on HW you purchase today?

    Read the article

  • Deny Home-Directory-Access for root

    - by theomega
    Hy, a friend and me want to share a Linux-Machine. We both need to get root-rights via sudo for administering that machine. Is it somehow possible to deny the access to the home-folder for the other one, although he can become root? Thanks!

    Read the article

  • Xen command xl doesn't create a vm but xend/xm does

    - by ineff
    I'm a newbie to Xen, and I've recently installed Xen 4.2 by sources on my system. I've found a strange thing I've a VM when I start it via the command "xm create machine.cfg" all work fine, but if I use "xl create machine.cfg" it gives me the following error xc: error: panic: xc_dom_core.c:442: xc_dom_alloc_segment: segment ramdisk too large (0x4ba 0x2000 - 0x1bd9 pages): Out of memory libxl: error: libxl_dom.c:208:libxl__build_pv xc_dom_build_image failed: Invalid argument cannot (re-)build domain: -3 xenconsole: Could not read tty from store: No such file or directory What could be the problem? Any idea?

    Read the article

  • Remote Server: Please wait for the System Event Notification Service

    - by Jeff Handley
    I was rebooting a remote server (Windows Server 2008 R2 Standard) over remote desktop and the session now shows the blue screen during the shutdown sequence, and the message "Please wait for the System Event Notification Service..." It seems that everything is still running on the server (for instance, http://jeffhandley.com is still responding), but I need to get the machine to finish the reboot sequence. How can I force the machine past this point? It's been stuck there for about 30 minutes.

    Read the article

  • get the list of open applications on windows

    - by noam
    I want to have a script that does the following thing: connect to a remote windows machine get the list of applications that are currently open on the machine, e.g exactly what I would get in the "applications" tab in the task manager, and print it. Is it possible to do that in batch? If not, what other options do I have?

    Read the article

  • Outlook 2007 + Windows 7 + Exchange Server = slow sync

    - by wacky_doug
    I just upgraded a Vista machine to Windows 7. The machine is running Outlook 2007 SP2 with the KB970944 performance hot fix. Now, syncing to the Exchange server can take 20 minutes, whereas it was very fast before the Windows 7 upgrade. I believe we're running Exchange 2003, but I'm not 100% sure. Anyone else seeing this? Any fixes yet?

    Read the article

  • What are the most common dangerous domains that I should block?

    - by Dalia
    I am trying to configure my wireless router to block domains that are potentially dangerous to privacy, security, and bandwidth-hogs. Is there a list of domains that I can block at the router level? On a machine level, I have set the hosts file from www.mvps.org and that works on my machine. However, I want to implement something at the router level too - so that all computers in my household are somewhat protected.

    Read the article

  • Access Windows from Mac via Remote Dekstop Connection using hostname

    - by stevekuo
    I'm using Snow Leopard with Remote Desktop Connection attempting to access a Windows XP machine on a home network. If I specify the Windows PC's hostname it won't connect. Only by specifying the IP address does it connect. It's the same issue when trying to ping the Windows machine - IP address works, hostname doesn't. Both machines are on the same subnet connecting with a wireless router. Is there way to get OSX to resolve the Windows PC by its hostname?

    Read the article

  • debugging JBoss 100% CPU usage

    - by Nate
    We are using JBoss to run two of our WARs. One is our web app, the other is our web service. The web app accesses a database on another machine and makes requests to the web service. The web service makes JMS requests to other machines, aggregates the data, and returns it. At our biggest client, about once a month the JBoss Java process takes 100% of all CPUs. The machine running JBoss has 8 CPUs. Our web app is still accessible during this time, however pages take about 3 minutes to load. Restarting JBoss restores everything to normal. The database machine and all the other machines are fine, only the machine running JBoss is affected. Memory usage is normal. Network utilization is normal. There are no suspect error messages in the JBoss logs. I have set up a test environment as close as possible to the client's production environment and I've done load testing with as much as 2x the number of concurrent users. I have not gotten my test environment to replicate the problem. Where do we go from here? How can we narrow down the problem? Currently the only plan we have is to wait until the problem occurs in production on its own, then do some debugging to determine the cause. So far people have just restarted JBoss when the problem occurred to minimize down time. Next time it happens they will get a developer to take a look. The question is, next time it happens, what can be done to determine the cause? We could setup a separate JBoss instance on the same box and install the web app separately from the web service. This way when the problem next occurs we will know which WAR has the problem (assuming it is our code). This doesn't narrow it down much though. Should I enable JMX remote? This way the next time the problem occurs I can connect with VisualVM and see which threads are taking the CPU and what the hell they are doing. However, is there a significant down side to enabling JMX remote in a production environment? Is there another way to see what threads are eating the CPU and to get a stacktrace to see what they are doing? Any other ideas? Thanks!

    Read the article

  • How to limit network usage for concrete application in linux that is running in it?

    - by B14D3
    I'm looking for something like nice for cpu, but for network usage that will limit application network consumption to level that will configure. I have problems with xapian-replicate-server that is consuming 80 % of my network. It's causing mysql connections problem (mysql server is working on this machine too). I can't move xapian or mysql to other machine so i need to limit xapian network usage to a decent level. Is there any tool that will help me do this ?

    Read the article

  • How can I backup my windows XP drivers?

    - by Tal Galili
    Hello all, I've got a new (well, used) laptop. I wish to format and reinstall the windows OS on it. On the machine I've got several drivers which I would like to transport to the new machine, but I don't have the original drivers CD's. Is there a software that can backup my drivers, and then later let me reinstall them on the new windows installation? Thanks.

    Read the article

  • Three monitor setup not working on Server 2012

    - by maxp
    Using an ATI firepro 4800 card, with three monitors connected (1 dvi, 2 displayport) on Server 2008 R2 worked fine. Ive now moved to a new machine, although identical spec, with a fresh Server 2012 install, and cannot get a three display output - only two. When I try to extend the display on to the third monitor, I get the message "The display settings could not be saved. Please try a different combination of display settings" The machine is a Dell Precision T1600. Any help appreciated.

    Read the article

  • VPN connection over apache mod_proxy

    - by This is it
    Hi We have several virtual machines which are connected in a private virtual network connection. Internet access for these machines is provided via dedicated virtual machine which has apache proxy server on it (they all use this machine as proxy). The problem now is that from several machines we need to connect to external VPN Server, but it seems that VPN connections don't work over apache proxy. Any suggestions on how to enable VPN connection over apache proxy (or some other proxy)? Some other solution? Thanks

    Read the article

  • Port-Forwarding in Virtual Box

    - by davidzaz
    I have Virtual Box setup with the following commands: vboxmanage setextradata myVm "VBoxInternal/Devices/pcnet/0/LUN#0/Config/transfer/HostPort" 50000 vboxmanage setextradata myVm `"VBoxInternal/Devices/pcnet/0/LUN#0/Config/transfer/GuestPort" 50000 vboxmanage setextradata myVm "VBoxInternal/Devices/pcnet/0/LUN#0/Config/transfer/Protocol" TCP On the host machine, the following command times out: telnet localhost 50000 What am I doing wrong? The above command does work on the guest machine.

    Read the article

  • Integration features enabled but drives not available

    - by dsjbirch
    Frustratingly, after a recent update to Windows XP mode integration features, the availability of shared disks from the hosts has been impaired. Does anyone know any kind of workaround or fix (excluding dropbox et al)? I have tried completely uninstalling and reinstalling as per http://www.sevenforums.com/virtualization/63710-refreshing-xp-mode.html#post568715 At one point restarting the machine appeared to have worked, but today again I am without access to my host. Interestingly audio and copy and paste to and from the machine are working.

    Read the article

  • vmdk to live cd - VMware vmxnet virtual NIC driver Kernel panic

    - by ronalchn
    Task I am trying to convert a virtual machine to a live CD. Specifically, the virtual machine I am trying to convert is the IOI 2013 Competition Environment. In this task, I am aided by a guide Converting a virtual disk image: VDI or VMDK to an ISO you can distribute. Symptoms However, after getting through all the instructions, the live CD causes a kernel panic on boot on bare metal. In particular, the screen shows: [0.737348] cdrom: Uniform CD-ROM driver Revision: 3.20 [0.737503] sr 3:0:0:0: >Attached scsi CD-ROM sr0 [0.737638] sr 3:0:0:0: >Attached scsi generic sg2 type 5 [0.737771] Freeing unused kernel memory: 756k freed [0.738093] Write protecting the kernel text: 5960k [0.738155] Write protecting the kernel read-only data: 2424k [0.738224] NX-protecting the kernel data: 4280k Loading, please wait... [0.752252] udevd[100]: starting version 175 [0.768708] VMware vmxnet3 virtual NIC driver - version 1.1.29.0-k-NAPI [0.781204] VMware PVSCSI driver - version 1.0.2.0-k [0.789555] VMware vmxnet virtual NIC driver [0.799356] Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000200 [0.799356] [0.799472] Pid: 1, comm: init Tainted: G 0 3.5.0-17-generic #28-Ubuntu [0.799549] Call Trace: [0.799603] [<c15bf0ec>] panic+0x81/0x17b [0.799654] [<c104a6a5>] do_exit+0x745/0x7a0 [0.799707] [<c104a9a4>] do_group_exit+0x34/0xa0 [0.799760] [<c104aa28>] sys_exit_group+0x18/0x20 [0.799813] [<c15cff5f>] sysenter_do_call+0x12/0x28 Possible problem I suspect that the problem is the VMware vmxnet virtual NIC driver - however, I do not know how I can uninstall it, and possibly install one for a bare metal machine. If anyone knows which packages needs installing/uninstalling at the .rootfs/ chroot directory stage, please let me know. Details on procedure Do note that after importing the .ova file into Virtualbox, the virtual machine is stored as a .vmdk file already, and not a .vdi file. I would like to point out some results of the procedure followed in case of any questions. This is after extracting the filesystem from the .raw file to the .rootfs/ directory mentioned in the blog. I changed the filesystem table as mentioned in the blog, then looked at the possible "kernel optimized for virtualization". However, I found that linux-image-generic was already installed. Also, when running the command dpkg-query --showformat='${Package}\n' -W 'vmware-tools*' (or dpkg-query --showformat='${Package}\n' -W '*-virtual'), no packages were found. Thus, I did not find any virtualization specific packages. I proceeded to generate the iso following the steps in the blog, and burned it to a DVD.

    Read the article

  • Samba deny host not blocking that host

    - by datadevil
    I want to block access to some Samba shares from a certain machine, but somehow I can't get it to work: the machine can still access the shares, and I did restart and reload the samba daemon. Here is a part of my configuration: security = share hosts allow = 127.0.0.1 192.168.1.0/24 interfaces = 127.0.0.1 eth1 192.168.1.2 bind interfaces only = yes hosts deny = 192.168.1.251 encrypt passwords = yes guest ok = yes The shares themselves look like this: [examples] comment = Example path = /foo/bar read only = No guest ok = yes What am I doing wrong here?

    Read the article

  • How do I restore a Dell Inspiron 1521 laptop to facotry defaults

    - by Solignis
    I got a Dell Inspiron 1521 laptop from the local computer store, it is obviously a used machine. When I got it the data from the previous user was on it they did not do a wipe. Anyhow Dell was not being any help to me on wiping the data. Does anyone know how I get the machine to restore Windows to the factory settings. Also I do not have the system disc that come with the computer, I just have the computer and the power cord.

    Read the article

  • Running Virtualbox as a Transparent Bridge

    - by Goats
    I am setting up Untangle in a Sun VirtualBox VM. I plan on using this machine as a transparent bridge to filter and monitor traffic on my network. I'm not sure how to configure the network adapters for the virtual machine under the Virtualbox's "Devices" menu so that it will function as a transparent bridge. I guess what I'm asking is, should both adapter 1 & 2 be set as Bridged adapters or what? Any help is greatly appreciated.

    Read the article

  • Lost data after removing USB stick...

    - by Jivings
    I foolishly removed my USB stick from a Windows XP machine seemingly without unmounting it (or whatever the Window equivalent is..). Anyway, on inserting the stick into my linux machine, the file I was working on shows up, but it is completely empty (0KB). Since I'm pretty much a Windows novice these days, I'd like to know if there is any temporary location where I will still be able to find this file, or is it now lost permanently?

    Read the article

< Previous Page | 154 155 156 157 158 159 160 161 162 163 164 165  | Next Page >