Search Results

Search found 1102 results on 45 pages for 'udp'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 17/45 | < Previous Page | 13 14 15 16 17 18 19 20 21 22 23 24  | Next Page >

  • DHCP forwarding behind access list on a Cisco Catalyst

    - by Ásgeir Bjarnason
    I'm having some trouble with forwarding DHCP from a subnet behind an access list on a Cisco Catalyst 4500 switch. I'm hoping somebody can see the mistake I'm making. The subnet is defined like this: (first three octets of IP addresses and vrf name anonymized) interface Vlan40 ip vrf forwarding vrf_name ip address 10.10.10.126 255.255.255.0 secondary ip address 10.10.10.254 255.255.255.0 ip access-group 100 out ip helper-address 10.10.20.36 no ip redirects I tried turning on a VMWare machine on this subnet that was configured to use DHCP, but I never got a DHCP response and the DHCP server didn't receive a request. I tried putting the following in the access-list: access-list 100 permit udp host 10.10.10.254 host 10.10.20.36 eq bootps access-list 100 permit udp host 10.10.10.254 host 10.10.20.36 eq bootpc access-list 100 permit udp host 10.10.20.36 host 10.10.10.254 eq bootps access-list 100 permit udp host 10.10.20.36 host 10.10.10.254 eq bootpc That didn't help. Can anybody see what the problem is? I know that the DHCP server works; our whole network is running off of this DHCP server I also know that the subnet works because we have active servers running on the network The DHCP scope is already defined on the DHCP server The subnet is correctly defined on the VMWare server (already servers running on the subnet on VMWare) Edit 2012-10-19: This is solved! The subnet had formerly been defined as a /25 network, but was then expanded into a /24 network. When the DHCP scope was altered after this change it was done incorrectly; the gateway was moved to .254, the leasable IP range was in the lower half of the /24 subnet but we forgot to change the CIDR prefix from /25 into /24. This happened some 2 years ago, and we didn't need to use DHCP on this server network again until this week. Thank you MDMarra and Jason Seemann for looking at the question and trying to troubleshoot. Now I'm wondering if I should mark Jason's answer as the accepted answer (I am new to the Stack Exchange network, so I don't know the etiquette of what to do if I misstated the question like in this case).

    Read the article

  • Unable to logon to vpn

    - by nitin pande
    My openvpn client log file- The interesting bit: Tue Oct 26 12:32:49 2010 TLS Error: cannot locate HMAC in incoming packet from 67.228.223.12:3389 Tue Oct 26 12:32:49 2010 Fatal TLS error (check_tls_errors_co), restarting Tue Oct 26 12:32:49 2010 TCP/UDP: Closing socket The rest of the log just in case: Tue Oct 26 12:32:35 2010 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006 Tue Oct 26 12:32:48 2010 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port. Tue Oct 26 12:32:48 2010 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file Tue Oct 26 12:32:48 2010 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Tue Oct 26 12:32:48 2010 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Tue Oct 26 12:32:48 2010 LZO compression initialized Tue Oct 26 12:32:48 2010 Control Channel MTU parms [ L:1544 D:168 EF:68 EB:0 ET:0 EL:0 ] Tue Oct 26 12:32:48 2010 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ] Tue Oct 26 12:32:48 2010 Local Options hash (VER=V4): 'ee93268d' Tue Oct 26 12:32:48 2010 Expected Remote Options hash (VER=V4): 'bd577cd1' Tue Oct 26 12:32:48 2010 Attempting to establish TCP connection with 67.228.223.12:3389 Tue Oct 26 12:32:48 2010 TCP connection established with 67.228.223.12:3389 Tue Oct 26 12:32:48 2010 TCPv4_CLIENT link local: [undef] Tue Oct 26 12:32:48 2010 TCPv4_CLIENT link remote: 67.228.223.12:3389 Tue Oct 26 12:32:49 2010 TLS: Initial packet from 67.228.223.12:3389, sid=bd5f79fe 8475497f Tue Oct 26 12:32:49 2010 TLS Error: cannot locate HMAC in incoming packet from 67.228.223.12:3389 Tue Oct 26 12:32:49 2010 Fatal TLS error (check_tls_errors_co), restarting Tue Oct 26 12:32:49 2010 TCP/UDP: Closing socket Tue Oct 26 12:32:49 2010 SIGUSR1[soft,tls-error] received, process restarting Tue Oct 26 12:32:49 2010 Restart pause, 5 second(s) Tue Oct 26 12:32:54 2010 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port. Tue Oct 26 12:32:54 2010 Re-using SSL/TLS context Tue Oct 26 12:32:54 2010 LZO compression initialized Tue Oct 26 12:32:54 2010 Control Channel MTU parms [ L:1544 D:168 EF:68 EB:0 ET:0 EL:0 ] Tue Oct 26 12:32:54 2010 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ] Tue Oct 26 12:32:54 2010 Local Options hash (VER=V4): 'ee93268d' Tue Oct 26 12:32:54 2010 Expected Remote Options hash (VER=V4): 'bd577cd1' Tue Oct 26 12:32:54 2010 Attempting to establish TCP connection with 67.228.223.12:3389 Tue Oct 26 12:32:54 2010 TCP connection established with 67.228.223.12:3389 Tue Oct 26 12:32:54 2010 TCPv4_CLIENT link local: [undef] Tue Oct 26 12:32:54 2010 TCPv4_CLIENT link remote: 67.228.223.12:3389 Tue Oct 26 12:32:54 2010 TLS: Initial packet from 67.228.223.12:3389, sid=1643b931 ce240d5f Tue Oct 26 12:32:54 2010 TLS Error: cannot locate HMAC in incoming packet from 67.228.223.12:3389 Tue Oct 26 12:32:54 2010 Fatal TLS error (check_tls_errors_co), restarting Tue Oct 26 12:32:54 2010 TCP/UDP: Closing socket Tue Oct 26 12:32:54 2010 SIGUSR1[soft,tls-error] received, process restarting Tue Oct 26 12:32:54 2010 Restart pause, 5 second(s) Tue Oct 26 12:32:59 2010 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port. Tue Oct 26 12:32:59 2010 Re-using SSL/TLS context Tue Oct 26 12:32:59 2010 LZO compression initialized Tue Oct 26 12:32:59 2010 Control Channel MTU parms [ L:1544 D:168 EF:68 EB:0 ET:0 EL:0 ] Tue Oct 26 12:32:59 2010 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ] Tue Oct 26 12:32:59 2010 Local Options hash (VER=V4): 'ee93268d' Tue Oct 26 12:32:59 2010 Expected Remote Options hash (VER=V4): 'bd577cd1' Tue Oct 26 12:32:59 2010 Attempting to establish TCP connection with 67.228.223.12:3389 Tue Oct 26 12:33:00 2010 TCP connection established with 67.228.223.12:3389 Tue Oct 26 12:33:00 2010 TCPv4_CLIENT link local: [undef] Tue Oct 26 12:33:00 2010 TCPv4_CLIENT link remote: 67.228.223.12:3389 Tue Oct 26 12:33:00 2010 TLS: Initial packet from 67.228.223.12:3389, sid=cd439fb2 d625ca0d Tue Oct 26 12:33:00 2010 TLS Error: cannot locate HMAC in incoming packet from 67.228.223.12:3389 Tue Oct 26 12:33:00 2010 Fatal TLS error (check_tls_errors_co), restarting Tue Oct 26 12:33:00 2010 TCP/UDP: Closing socket Tue Oct 26 12:33:00 2010 SIGUSR1[soft,tls-error] received, process restarting Tue Oct 26 12:33:00 2010 Restart pause, 5 second(s) Tue Oct 26 12:33:05 2010 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port. Tue Oct 26 12:33:05 2010 Re-using SSL/TLS context Tue Oct 26 12:33:05 2010 LZO compression initialized Tue Oct 26 12:33:05 2010 Control Channel MTU parms [ L:1544 D:168 EF:68 EB:0 ET:0 EL:0 ] Tue Oct 26 12:33:05 2010 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ] Tue Oct 26 12:33:05 2010 Local Options hash (VER=V4): 'ee93268d' Tue Oct 26 12:33:05 2010 Expected Remote Options hash (VER=V4): 'bd577cd1' Tue Oct 26 12:33:05 2010 Attempting to establish TCP connection with 67.228.223.12:3389 Tue Oct 26 12:33:06 2010 TCP connection established with 67.228.223.12:3389 Tue Oct 26 12:33:06 2010 TCPv4_CLIENT link local: [undef] Tue Oct 26 12:33:06 2010 TCPv4_CLIENT link remote: 67.228.223.12:3389 Tue Oct 26 12:33:06 2010 TLS: Initial packet from 67.228.223.12:3389, sid=28f0cb87 69c90cde Tue Oct 26 12:33:06 2010 TLS Error: cannot locate HMAC in incoming packet from 67.228.223.12:3389 Tue Oct 26 12:33:06 2010 Fatal TLS error (check_tls_errors_co), restarting Tue Oct 26 12:33:06 2010 TCP/UDP: Closing socket Tue Oct 26 12:33:06 2010 SIGUSR1[soft,tls-error] received, process restarting Tue Oct 26 12:33:06 2010 Restart pause, 5 second(s) Tue Oct 26 12:33:11 2010 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port. Tue Oct 26 12:33:11 2010 Re-using SSL/TLS context Tue Oct 26 12:33:11 2010 LZO compression initialized Tue Oct 26 12:33:11 2010 Control Channel MTU parms [ L:1544 D:168 EF:68 EB:0 ET:0 EL:0 ] Tue Oct 26 12:33:11 2010 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ] Tue Oct 26 12:33:11 2010 Local Options hash (VER=V4): 'ee93268d' Tue Oct 26 12:33:11 2010 Expected Remote Options hash (VER=V4): 'bd577cd1' Tue Oct 26 12:33:11 2010 Attempting to establish TCP connection with 67.228.223.12:3389 Tue Oct 26 12:33:11 2010 TCP connection established with 67.228.223.12:3389 Tue Oct 26 12:33:11 2010 TCPv4_CLIENT link local: [undef] Tue Oct 26 12:33:11 2010 TCPv4_CLIENT link remote: 67.228.223.12:3389 Tue Oct 26 12:33:12 2010 TLS: Initial packet from 67.228.223.12:3389, sid=128becf9 f62adf0c Tue Oct 26 12:33:12 2010 TLS Error: cannot locate HMAC in incoming packet from 67.228.223.12:3389 Tue Oct 26 12:33:12 2010 Fatal TLS error (check_tls_errors_co), restarting Tue Oct 26 12:33:12 2010 TCP/UDP: Closing socket Tue Oct 26 12:33:12 2010 SIGUSR1[soft,tls-error] received, process restarting Tue Oct 26 12:33:12 2010 Restart pause, 5 second(s) Tue Oct 26 12:33:17 2010 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port. Tue Oct 26 12:33:17 2010 Re-using SSL/TLS context Tue Oct 26 12:33:17 2010 LZO compression initialized Tue Oct 26 12:33:17 2010 Control Channel MTU parms [ L:1544 D:168 EF:68 EB:0 ET:0 EL:0 ] Tue Oct 26 12:33:17 2010 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ] Tue Oct 26 12:33:17 2010 Local Options hash (VER=V4): 'ee93268d' Tue Oct 26 12:33:17 2010 Expected Remote Options hash (VER=V4): 'bd577cd1' Tue Oct 26 12:33:17 2010 Attempting to establish TCP connection with 67.228.223.12:3389 Tue Oct 26 12:33:20 2010 TCP/UDP: Closing socket Tue Oct 26 12:33:20 2010 SIGTERM[hard,init_instance] received, process exiting Guys I am extremely sorry for not presenting my error Log properly, please forgive me and give me your valuable advice. I am using windows 7 and I am using openvpn mainly to bypass censorship at UAE. I am using only client config file. Ca.crt file is in config folder Thanks and regards Nitin My error Log with Config1 file Tue Oct 26 21:24:34 2010 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006 Tue Oct 26 21:24:46 2010 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port. Tue Oct 26 21:24:46 2010 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file Tue Oct 26 21:24:46 2010 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Tue Oct 26 21:24:46 2010 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Tue Oct 26 21:24:46 2010 LZO compression initialized Tue Oct 26 21:24:46 2010 Control Channel MTU parms [ L:1544 D:168 EF:68 EB:0 ET:0 EL:0 ] Tue Oct 26 21:24:46 2010 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ] Tue Oct 26 21:24:46 2010 Local Options hash (VER=V4): 'ee93268d' Tue Oct 26 21:24:46 2010 Expected Remote Options hash (VER=V4): 'bd577cd1' Tue Oct 26 21:24:46 2010 Attempting to establish TCP connection with 67.228.223.12:3389 Tue Oct 26 21:24:47 2010 TCP connection established with 67.228.223.12:3389 Tue Oct 26 21:24:47 2010 TCPv4_CLIENT link local: [undef] Tue Oct 26 21:24:47 2010 TCPv4_CLIENT link remote: 67.228.223.12:3389 Tue Oct 26 21:24:47 2010 TLS: Initial packet from 67.228.223.12:3389, sid=4244e662 e5a0572a Tue Oct 26 21:24:47 2010 TLS Error: cannot locate HMAC in incoming packet from 67.228.223.12:3389 Tue Oct 26 21:24:47 2010 Fatal TLS error (check_tls_errors_co), restarting Tue Oct 26 21:24:47 2010 TCP/UDP: Closing socket Tue Oct 26 21:24:47 2010 SIGUSR1[soft,tls-error] received, process restarting client config file: client dev tun proto tcp remote openvpn1.flashvpn.com 3389 float resolv-retry infinite nobind persist-key persist-tun ca ca.crt ns-cert-type server tls-auth ta.key 1 comp-lzo verb 3 mute 20 auth-user-pass route-method exe route-delay 2

    Read the article

  • Flushing iptables broke my pipe, how can I save my instance?

    - by Niels
    I was setting up my iptables when I performed a iptables -F and my ssh pipe broke. This is the last output of my session: root@alfapaints:~# iptables -L Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT tcp -- anywhere anywhere state NEW,ESTABLISHED tcp dpt:2222 ACCEPT tcp -- li465-68.members.linode.com anywhere state NEW,ESTABLISHED tcp dpt:nrpe ACCEPT tcp -- anywhere anywhere tcp dpt:9200 state NEW,ESTABLISHED ACCEPT tcp -- anywhere anywhere tcp dpt:http state NEW,ESTABLISHED ACCEPT udp -- anywhere anywhere udp spt:domain Chain FORWARD (policy DROP) target prot opt source destination Chain OUTPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT tcp -- anywhere anywhere state ESTABLISHED tcp spt:2222 ACCEPT tcp -- anywhere anywhere state ESTABLISHED tcp spt:nrpe ACCEPT tcp -- anywhere anywhere tcp spt:9200 state ESTABLISHED ACCEPT tcp -- anywhere anywhere tcp spt:http state ESTABLISHED ACCEPT udp -- anywhere anywhere udp dpt:domain root@alfapaints:~# iptables -F Write failed: Broken pipe I tested my connection just before and I was able to connect with ssh. Now I did a nmap scan and not a single port is open anymore. I know my VPS is running on VMWare ESXi, could a reboot help? Or if not could I attach and mount the disk to another vm to save the data? Does anybody have some advise? And maybe an explanation what happend or what could have cause my pipe to break? ps: I didn't save my rules on the config directories of iptables. But used a file I stored in ~/rules.config to apply my rules like this: iptables-restore < rules.config So probably a reboot would help? Thanks a lot in advance.

    Read the article

  • Simulated NAT Traversal on Virtual Box

    - by Sumit Arora
    I have installed virtual box ( with Two virtual Adapters(NAT-type)) - Host (Ubuntu -10.10) - Guest-Opensuse-11.4 . Objective : Trying to simulate all four types of NAT as defined here : https://wiki.asterisk.org/wiki/display/TOP/NAT+Traversal+Testing Simulating the various kinds of NATs can be done using Linux iptables. In these examples, eth0 is the private network and eth1 is the public network. Full-cone iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source iptables -t nat -A PREROUTING -i eth0 -j DNAT --to-destination Restricted cone iptables -t nat POSTROUTING -o eth1 -p tcp -j SNAT --to-source iptables -t nat POSTROUTING -o eth1 -p udp -j SNAT --to-source iptables -t nat PREROUTING -i eth1 -p tcp -j DNAT --to-destination iptables -t nat PREROUTING -i eth1 -p udp -j DNAT --to-destination iptables -A INPUT -i eth1 -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -i eth1 -p udp -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -i eth1 -p tcp -m state --state NEW -j DROP iptables -A INPUT -i eth1 -p udp -m state --state NEW -j DROP Port-restricted cone iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source Symmentric echo "1" /proc/sys/net/ipv4/ip_forward iptables --flush iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE --random iptables -A FORWARD -i eth1 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT What I did : OpenSuse guest with Two Virtual adapters - eth0 and eth1 -- eth1 with address 10.0.3.15 /eth1:1 as 10.0.3.16 -- eth0 with address 10.0.2.15 now running stund(http://sourceforge.net/projects/stun/) client/server : Server eKimchi@linux-6j9k:~/sw/stun/stund ./server -v -h 10.0.3.15 -a 10.0.3.16 Client eKimchi@linux-6j9k:~/sw/stun/stund ./client -v 10.0.3.15 -i 10.0.2.15 On all Four Cases It is giving same results : test I = 1 test II = 1 test III = 1 test I(2) = 1 is nat = 0 mapped IP same = 1 hairpin = 1 preserver port = 1 Primary: Open Return value is 0x000001 Q-1 :Please let me know If any has ever done, It should behave like NAT as per description but nowhere it working as a NAT. Q-2: How NAT Implemented in Home routers (Usually Port Restricted), but those also pre-configured iptables rules and tuned Linux

    Read the article

  • L2TP over IPSec VPN with OpenSwan and XL2TPD can't connect, timeout on Centos 6

    - by Disco
    I'm setting up LT2p over IPSec on my Centos 6.3 fresh install. I have iptables flushed, permit all. Whenever I try to connect, i get a 'no reply from vpn' and nothi Here's my ipsec.conf file (Server is 1.2.3.4) : config setup nat_traversal=yes virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12 oe=off protostack=netkey conn L2TP-PSK-NAT rightsubnet=vhost:%priv also=L2TP-PSK-noNAT conn L2TP-PSK-noNAT authby=secret pfs=no auto=add keyingtries=3 rekey=no ikelifetime=8h keylife=1h type=transport left=1.2.3.4 leftprotoport=17/1701 right=%any rightprotoport=17/%any My /etc/ipsec.secrets 1.2.3.4 %any: PSK "password" My sysctl.conf (appened lines) net.ipv4.ip_forward = 1 net.ipv4.conf.default.rp_filter = 0 net.ipv4.conf.all.send_redirects = 0 net.ipv4.conf.default.send_redirects = 0 net.ipv4.conf.all.log_martians = 0 net.ipv4.conf.default.log_martians = 0 net.ipv4.conf.default.accept_source_route = 0 net.ipv4.conf.all.accept_redirects = 0 net.ipv4.conf.default.accept_redirects = 0 net.ipv4.icmp_ignore_bogus_error_responses = 1 Here's what 'ipsec verify' gives: # ipsec verify Checking your system to see if IPsec got installed and started correctly: Version check and ipsec on-path [OK] Linux Openswan U2.6.32/K2.6.32-279.19.1.el6.x86_64 (netkey) Checking for IPsec support in kernel [OK] SAref kernel support [N/A] NETKEY: Testing for disabled ICMP send_redirects [OK] NETKEY detected, testing for disabled ICMP accept_redirects [OK] Checking that pluto is running [OK] Pluto listening for IKE on udp 500 [OK] Pluto listening for NAT-T on udp 4500 [OK] Checking for 'ip' command [OK] Checking /bin/sh is not /bin/dash [WARNING] Checking for 'iptables' command [OK] Opportunistic Encryption Support [DISABLED] And I see xl2tpd is listening on 1701/udp : udp 0 0 1.2.3.4:1701 0.0.0.0:* 2096/xl2tpd

    Read the article

  • Server 2012, Jumbo Frames - should I expect problems?

    - by TomTom
    Ok, this sound might stupid - but is there any negative on just enabling jumbo frames in practice? From what I understand: Any switch or ethernet adapter that sees a jumbo frame it can not handle will just drop it. TCP is not a problem as max frame size is negotiated in the setinuo phase. UCP is a theoretical problem as a server may just send a LARGE UDP packet that gets dropped on the way. Practically though, as UDP is packet based, I do not really think any software WOULD send a UDP packet larger than 1500 bytes net without app level configuration changes - at least this is how I do my programming, as it is quite hard to get a decent MTU size for that without testing yourself, so you fall back in programming to max 1500 packets. The network in question is a standard small business network - we upgraded now from a non managed 24 port switch to a 52 port switch with 4 10g ports (netgear - quite cheap) and will mov a file server to 10g for also ISCSI serving. All my equipment on the Ethernet level can handle minimum 9000 bytes and due to local firewalls I really want to get packets larger (less firewall processing), but the network is also NAT'ed to the internet. On top, different machines move around (download) large files (multi gigabyte area) quite often for processing. The question is - can I expect problems when I just enable jumbo frames? Again, this is not totally ignorance - I just don't see programs sending more than 1500 byte UDP packets (if that is a practical problem please tell me) and for TCP the MTU is negotiated anyway. if there is a problem I can move to a dedicated VLAN, but this has it's own shares of problems as basically most workstations must then be on both VLAN's.

    Read the article

  • Bypassing SQUID on freebsd with PF

    - by epema
    I have PF+SQUID31 on FREEBSD-9.0, and I want to have some hosts(aka goodguys) to bypass the proxy, so that torrents are not logged. Also, I am not sure about transparent. It means that I dont have to configure proxy settings on the client side right? I have tried doing a redirect no rdr on $int_if inet proto {tcp,udp} from 192.168.1.233/32 to any However, no luck :( Here is a quick look of my conf files: SQUID /usr/local/etc/squid/squid.conf http_port 192.168.1.1:8080 transparent RC /etc/rc.conf: gateway_enable="YES" pf_enable="YES" pf_rules="/usr/local/etc/pf.conf" pflog_enable="YES" squid_enable="YES" I have squid31 installed from ports with SQUID_PF "Enable transparent proxying with PF" on PF /usr/loca/etc/pf.conf: int_if="re0" ext_if="bge0" localnet="{ 192.168.1.0/24 }" table <goodguys> const { "192.168.1.219", "192.168.1.233" } set block-policy drop set skip on lo0 scrub in all fragment reassemble scrub out all random-id max-mss 1440 block in on $ext_if pass out on $ext_if keep state block in on $int_if pass in on $int_if inet proto tcp from $int_if:network to $int_if port 8080 keep state pass in on $int_if inet proto udp from $int_if:network to $int_if port 21 keep state pass in on $int_if inet proto udp from $int_if:network to $int_if port 22 keep state pass in on $int_if inet proto udp from $int_if:network to $int_if port 53 keep state pass in on $int_if inet proto tcp from $int_if:network to any port { smtp, pop3 } keep state pass in on $int_if inet proto icmp from $int_if:network to $int_if keep state pass out on $int_if keep state What lines should I add in conf files? I am assuming that the problem is on the firewall(pf).

    Read the article

  • Can't access Port 80 from external

    - by dewacorp.alliances
    Hi there I have configuration like this: NETGEAR MODEM LINKSYS ROUTER SERVERS In the modem, I've setup as bridging and all the traffic is controlling by this ROUTER. Prior to this setup, I can access website from external (port 80) plus exchange servers (mail) and https. But now with this configuration, I can only send/receive using Exhcange servers and access OWA (Outlook web access using port 443) .... and no internal websites from outside. This is my config for LINKSYS ROUTER Application | Start | End | Protocol | IP Address Ms Exchange | 25 | 25 | Both (TCP/UDP) | 192.168.100.8 Internets | 80 | 80 | Both (TCP/UDP) | 192.168.100.11 SSL | 443 | 443 | Both (TCP/UDP) | 192.168.100.8 Exchange | 110 | 110 | Both (TCP/UDP) | 192.168.100.8 192.168.100.11 is a UBUNTU web server that running the apache which controlling the virtual name (extranet, cms, test) to redirect to the different servers. As you can see, the home internet is only allowing public IP address. Now I test this schenarion in internal network work nicely. For instance. If I type in extranet.XXX.local it goes to the right applicatios or if I try CMS.XXX.local again it goes to the right one. I also asked to ISP just in case if they are blocking the inbound port 80 for unknown reason. They said no. So I didn't understand why this happens. I suspect the configuration that I have between MODEM ROUTER but I counldn't work what it is. I don't have a documentation of previous settings and I don't know if there is a port that I need to open as well. I am appreciated your comment

    Read the article

  • Sendmail doesn't work with iptables, even though smtp and dns are allowed

    - by tom
    I have sendmail installed on Ubuntu 10.04 solely for the use of the php mail() function. This works fine unless iptables is running (I've been using sendmail [email protected] to test this). I think that I have allowed SMTP and DNS (the script I am using to test iptables rules is below, in my version are the actual IPs of my hosts nameservers), but to no avail! iptables --flush iptables -A INPUT -p tcp --dport 22 -j ACCEPT iptables -A INPUT -p tcp --dport 80 -j ACCEPT iptables -A INPUT -p tcp --dport 443 -j ACCEPT # Postgres iptables -A INPUT -p tcp --dport 5432 -j ACCEPT # Webmin iptables -A INPUT -p tcp --dport 10000 -j ACCEPT # Ping iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT # sendmail iptables -A INPUT -p tcp --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -p tcp --sport 25 -m state --state ESTABLISHED -j ACCEPT # DNS iptables -A INPUT -p udp --sport 53 -s <nameserver1> -j ACCEPT iptables -A INPUT -p udp --sport 53 -s <nameserver2> -j ACCEPT iptables -A INPUT -p tcp --sport 53 -s <nameserver1> -j ACCEPT iptables -A INPUT -p tcp --sport 53 -s <nameserver2> -j ACCEPT iptables -A OUTPUT -p udp --dport 53 -d <nameserver1> -j ACCEPT iptables -A OUTPUT -p udp --dport 53 -d <nameserver2> -j ACCEPT iptables -A OUTPUT -p tcp --dport 53 -d <nameserver1> -j ACCEPT iptables -A OUTPUT -p tcp --dport 53 -d <nameserver2> -j ACCEPT iptables -A INPUT -j DROP # Add loopback iptables -I INPUT 1 -i lo -j ACCEPT

    Read the article

  • CentOS 5.7 issues with iptables

    - by Corey Whitaker
    I'm trying to set up IPTables on a new CentOS server. This server will function as an FTP server that I need to be accessible from the outside, however, I want to lock down SSH to only accept internal IP connections. I need to allow SSH for 10.0.0.0/8 and 172.16.132.0/24. Below I've posted my /etc/sysconfig/iptables file. Whenever I apply this, I essentially lock myself out and I have to access it via console using Vsphere. Can somebody show me what I'm doing wrong? I'm connecting from my laptop with an IP of 172.16.132.226. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [115:15604] :RH-Firewall-1-INPUT - [0:0] -A INPUT -j RH-Firewall-1-INPUT -A FORWARD -j RH-Firewall-1-INPUT -A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT -A RH-Firewall-1-INPUT -p esp -j ACCEPT -A RH-Firewall-1-INPUT -p ah -j ACCEPT -A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A RH-Firewall-1-INPUT -s 10.0.0.0/8 -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A RH-Firewall-1-INPUT -s 172.16.132.0/24 -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 20 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT

    Read the article

  • Connecting to SVN server from a computer outside of my LAN

    - by Tom Auger
    I've got a Fedora server running Subversion and svnserve on port 3690. My repo is at /var/svn/project_name. I have my router forwarding port 3690 to the local server (as well as port 80, 21, 22 and a few others). When I connect locally to svn://192.168.0.2/project_name it works great. When I connect from an external server to svn://my.static.ip/project_name I get a time out connecting to the host. However, if I http://my.static.ip there is no problem, so port forwarding is working (at least for port 80). I don't want to run WebDAV or svn via HTTP/s. I'd like it to work using svnserve, as documented in the svn book. What have I misconfigured? EDIT Here is the last part of my iptables dump. I'm not an expert, but it looks OK to me: ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:svn ACCEPT udp -- anywhere anywhere state NEW udp dpt:svn ACCEPT tcp -- anywhere anywhere state NEW tcp dpts:6680:6699 ACCEPT udp -- anywhere anywhere state NEW udp dpts:6680:6699 REJECT all -- anywhere anywhere reject-with icmp-host-prohibited EDIT 2 Results from sudo netstat -tulpn tcp 0 0 0.0.0.0:3690 0.0.0.0:* LISTEN 1455/svnserve

    Read the article

  • iptables: How to combine DNAT and SNAT to use a secondary IP address?

    - by Que_273
    There are lots of questions on here about iptables DNAT/SNAT setups but I haven't found one that solves my current problem. I have services bound to the IP address of eth0 (e.g. 192.168.0.20) and I also have a IP address on eth0:0 (192.168.0.40) which is shared with another server. Only one server is active, so this alias interface comes and goes depending on which server is active. In order to get traffic accepted by the service a DNAT rule is used to change the destination IP. iptables -t nat -A PREROUTING -d 192.168.0.40 -p udp --dport 7100 -j DNAT --to-destination 192.168.0.20 I also wish all outbound traffic from this service to appear to come from the shared IP, so that return responses will work in the event of a active-standby failover. iptables -t nat -A POSTROUTING -p udp --sport 7100 -j SNAT --to-source 192.168.0.40 My problem is that the SNAT rule is not always run. Inbound traffic causes a connection tracking entry like this. [root]# conntrack -L -p udp udp 17 170 src=192.168.0.185 dst=192.168.0.40 sport=7100 dport=7100 src=192.168.0.20 dst=192.168.0.185 sport=7100 dport=7100 [ASSURED] mark=0 secmark=0 use=2 which means the POSTROUTING chain is not run and outbound traffic leaves with the real IP address as the source. I am thinking I can set up a NOTRACK rule in the raw table to prevent conntracking for this port number, but is there a better or more efficient way to make this work? Edit - Alternative question: Is there a way (in CentOS/Linux) to have an interface that can be bound to but not used, such that it can be attached to the network or detached when a shared IP address is swapped between servers?

    Read the article

  • Using u32 together with extension headers (how to jump over them?)

    - by bortzmeyer
    I'm trying to filter on some parts of the payload, for an IPv6 packet with extension headers (for instance Destination Options). ip6tables works fine with conditions like --proto udp or --dport 109, even when the packet has extension headers. Netfilter clearly knows how to jump over Destination Options to find the UDP header. Now, I would like to use the u32 module to match a byte in the payload (say "I want the third byte of the payload to be 42). If the packet has no extension headers something like --u32 "48&0x0000ff00=0x2800"` (48 = 40 bytes for the IPv6 header + 8 for the UDP header) works fine, If the packet has a Destination Options, it no longer matches. I would like to write a rule that will work whether the packet has Destination Options or not. I do not find a way to tell Netfilter to parse until the UDP header (something that it is able to do, otherwise --dport 109 would not work) then to leave u32 parse the rest. I'm looking for a simple way, otherwise, as BatchyX mentions, I could write a kernel module doing what I want.

    Read the article

  • ip6tables blocking output traffic

    - by jmccrohan
    My OpenVZ VPS is blocking outbound IPv6 traffic, but correctly filtering inbound IPv6 traffic. Below is my ip6tables-restore script. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -i lo -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p ipv6-icmp -j ACCEPT -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT -A INPUT -p udp -m udp --dport 1194 -j ACCEPT -A INPUT -p tcp -m tcp --dport 51413 -j ACCEPT -A INPUT -p udp -m udp --dport 51413 -j ACCEPT -A INPUT -m limit --limit 5/min -A INPUT -j REJECT --reject-with icmp6-adm-prohibited -A FORWARD -j ACCEPT -A OUTPUT -j ACCEPT COMMIT ICMPv6 traffic is still able to pass both inbound and outbound. When I flush these rules using -F, outbound traffic flows fine. What am I missing here? EDIT: It appears that ip6tables is marking ESTABLISHED packets as INVALID. Consequently, the outbound traffic is NOT actually being blocked. The reply packets are not allowed inbound again, hence appearing like blocked outbound traffic. Allowing INVALID packets inbound solves the outbound issue, but also renders the inbound filter useless.

    Read the article

  • Windows 7 cannot join samba domain

    - by Antonis Christofides
    I have a 3.5.6 samba server with a LDAP backend (both on Debian 6.0). I've been successfully adding Windows XP machines to the domain for years. I now try to add Windows 7. I have made the recommended registry changes, but I don't have any success so far. Here is what happens: 1. I go to computer name, select "Domain" instead of "Workgroup", type in the domain name, click OK. It asks me for the username and password of an account that can add computers to the domain; I enter them. After about 40 seconds, I get the following message: The following error occurred attempting to join the domain "ITIA": The specified computer account could not be found. Contact an administrator to verify the account is in the domain. If the account has been deleted unjoin, reboot, and rejoin the domain. Despite this, the samba server successfully creates the computer account. 2. Therefore, if I try again a second time, without deleting the already created computer account, I get a different error: The following error occurred attempting to join the domain "ITIA": The specified account already exists. (Note that until a while ago samba wasn't configured to automatically create computer accounts. What I did whenever I wanted an XP to join was to manually create it. When I first attempted to solve the Windows 7 join problem, I setup samba to do this automatically, as this is what most people do, as I understand, and I thought that it might be related. I haven't attempted to add an XP since I made this change, so I don't know if it works, but whether it works or not, the problem remains.) Update 1: Here are the relevant parts of smb.conf: [global] panic action = /usr/share/samba/panic-action %d workgroup = ITIA server string = Itia file server announce as = NT interfaces = 147.102.160.1 volume = %h passdb backend = ldapsam:ldap://ldap.itia.ntua.gr:389 ldap admin dn = uid=samba,ou=daemons,dc=itia,dc=ntua,dc=gr ldap ssl = off ldap suffix = dc=itia,dc=ntua,dc=gr ldap user suffix = ou=people ldap group suffix = ou=groups ldap machine suffix = ou=computers unix password sync = no add machine script = smbldap-useradd -w -i %u log file = /var/log/samba/samba-log.all log level = 3 max log size = 5000 syslog = 2 socket options = SO_KEEPALIVE TCP_NODELAY encrypt passwords = true password level = 1 security = user domain master = yes local master = no wins support = yes domain logons = yes idmap gid = 1000-2000 Update 2: The server has a single network interface eth1 (also an unused eth0 that shows up only in the kernel boot messages) and two ip addresses; the main, 147.102.160.1, and an additional one, 147.102.160.37, that comes up with "ip addr add 147.102.160.37/32 dev eth1" (used only for a web site that has a different certificate than other web sites served from the same machine). One of the problems I recently faced was that samba was using the latter IP address. I fixed that by adding the "interfaces = 147.102.160.1" statement in smb.conf. Now: acheloos:/etc/apache2# tcpdump host 147.102.160.40 and not port 5900 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes 13:13:56.549048 IP lithaios.itia.civil.ntua.gr.netbios-dgm > 147.102.160.255.netbios-dgm: NBT UDP PACKET(138) 13:13:56.549056 ARP, Request who-has acheloos2.itia.civil.ntua.gr tell lithaios.itia.civil.ntua.gr, length 46 13:13:56.549091 ARP, Reply acheloos2.itia.civil.ntua.gr is-at 00:10:4b:b4:9e:59 (oui Unknown), length 28 13:13:56.549324 IP acheloos.itia.civil.ntua.gr.netbios-dgm > lithaios.itia.civil.ntua.gr.netbios-dgm: NBT UDP PACKET(138) 13:13:56.549608 IP lithaios.itia.civil.ntua.gr.netbios-dgm > acheloos2.itia.civil.ntua.gr.netbios-dgm: NBT UDP PACKET(138) 13:13:56.549741 IP acheloos.itia.civil.ntua.gr.netbios-dgm > lithaios.itia.civil.ntua.gr.netbios-dgm: NBT UDP PACKET(138) 13:13:56.550364 IP lithaios.itia.civil.ntua.gr.netbios-dgm > acheloos.itia.civil.ntua.gr.netbios-dgm: NBT UDP PACKET(138) 13:13:56.550468 IP acheloos.itia.civil.ntua.gr.netbios-dgm > lithaios.itia.civil.ntua.gr.netbios-dgm: NBT UDP PACKET(138) (acheloos2 is the second IP address, 147.102.160.37). The above dump occurs when I click "OK" (to join the domain), until it asks me for the username and password of a user that can join the domain. I don't know why the client is contacting the second IP address. I tried temporarily deactivating it, but I still had some related ARP traffic (though I think not IP traffic).

    Read the article

  • How to have 2 windows machines on the same network with the same IP address

    - by Stu
    I have a custom made ADC device that is spitting out data by addressed UDP packets. I have that device plugged into a 4 port switch. I have one windows embedded standard 7 machine which is the normal recipient of that data. To be able to receive the data (Using LabVIEW) the windows network adapter IPv4 settings must have a static IP address that corresponds to the UDP packet destination. I would like to add a second windows machine (This one is just regular Win 7 Pro) to simultaneously catch the data, however with all devices connected to the switch, the Win 7 Pro machine recognizes an IP address conflict and will not take the setting for the required static IP address. (The network adaptor settings show that the correct value has been entered but ipconfig shows that it is not actually set.) Neither windows machine needs to transmit network data, they only need to be able to receive the UDP data from the ADC device. Is there any way to disable this IP address conflict detection 'feature' of windows networking?

    Read the article

  • OpenVPN on port 53

    - by TossUser
    I have an openvpn server setup on UDP port 53 on a public IP. All the connecting clients gets pushed external DNS servers such as 8.8.8.8 and opendns. Sometimes the resolution stops working on the connected vpn clients and I get strange packets in the openvpn log. Now my question is why is that? When a VPN client, let's say 192.168.1.22 does a DNS query that query should go to 8.8.8.8:53 and then an UDP response packet should be sent back to 192.168.1.22 on a high UDP port. Any ideas? Thanks

    Read the article

  • Perl IO modules possibly causing issues in Net::DNS module

    - by Rich
    Hi! I’m porting some software that I wrote for a White Russian OpenWRT system to a new Kamikaze 8.09.1 OpenWRT system but I am having some serious issues that I’m hoping you can help me with. Old system Linux kernel 2.4.34 MIPSEL arch Perl 5.8.7 Net::DNS 0.48 IO 1.21 IO::Socket 1.28 IO::Socket::INET 1.28 New system Linux kernel 2.6.26.8 MIPS arch Perl 5.10.0 Net::DNS 0.66 IO 1.23_01 IO::Socket 1.30_01 IO::Socket::INET 1.31 First, let me provide some background information… I am trying to resolve my server (clearprobe.winbeam.com) from within my Perl program and see the following if I enable debugging in Net::DNS: resolve: Server 'clearprobe-ddns.winbeam.com' ;; query(clearprobe-ddns.winbeam.com) ;; setting up an AF_INET() family type UDP socket ;; send_udp(192.168.88.1:53) ;; send_udp(4.2.2.2:53) ;; send_udp(192.168.88.1:53) ;; send_udp(4.2.2.2:53) resolve: res->errorstring: query timed out Both of these servers resolve clearprobe.winbeam.com fine from the command line: root@cwb-2-11:~# echo “nameserver 192.168.88.1” > /etc/resolv.conf root@cwb-2-11:~# nslookup clearprobe-ddns.winbeam.com Server: 192.168.88.1 Address 1: 192.168.88.1 router Name: clearprobe-ddns.winbeam.com Address 1: 64.13.48.40 64-13-48-40.war.clearwire-dns.net root@cwb-2-11:~# echo “nameserver 4.2.2.2” > /etc/resolv.conf root@cwb-2-11:~# nslookup clearprobe-ddns.winbeam.com Server: 4.2.2.2 Address 1: 4.2.2.2 vnsc-bak.sys.gtei.net Name: clearprobe-ddns.winbeam.com Address 1: 64.13.48.40 64-13-48-40.war.clearwire-dns.net Using Perl’s call to the C gethostbyaddr() function works fine, but I need to do another lookup later in the software which requires that I specify the nameserver (clearprobe-ddns.winbeam.com is the authority for my internal DNS zone), hence my Net::DNS requirement. Now, here is the IO module-specific information: What I am seeing is that the reply is coming back from the nameserver (confirmed via tcpdump – I can send the captures if you’d like), but the UDP packets are sitting in the process’s UDP receive queue pending reception by Net::DNS (the approx 1752 bytes per response stay queued waiting for $sel-can_read()): root@cwb-2-11:~# netstat -una Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State udp 1752 0 0.0.0.0:52680 0.0.0.0:* root@cwb-2-11:~# netstat -una Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State udp 5256 0 0.0.0.0:52680 0.0.0.0:* If I force $sock[AF_INET]-recv($buf, $self-_packetsz) around line 803 of /usr/lib/perl5/5.10/Net/DNS/Resolver/Base.pm, instead of waiting for IO::Select’s can_read() function ( @ready = $sel-can_read($timeout)) to populate @ready, the response is received and processed. Any idea what could be causing this issue? In a possibly related matter, I noticed in another script that the following code fails in the same manner (network responses stay in the process’s TCP receive queue) with the new system: $sock = new IO::Socket::INET( PeerAddr => "$server", PeerPort => 37, Proto => 'tcp', Timeout => 5 ); Whereas the following code works: $sock = new IO::Socket::INET( PeerAddr => "$server", PeerPort => 37, Proto => 'tcp' ); I have looked through the NET::DNS code and don’t see a timeout passed for the UDP sockets, so I am not sure if that this is related or not. Please let me know if I can provide you with any further information in order to help diagnose this issue. Thanks! -Rich

    Read the article

  • Solution for lightweight LAN peer discovering?

    - by DevilWithin
    I built a library for purely cross-platform programming. My games made with it run fine in Android , Pc, Linux, Mac etc. The networking capabilities are provided by ENET library, therefore all communication between my apps is not TCP or UDP compatible, but only in the custom protocol, even tough its based on the UDP ultimately. I don't think its possible to do what i want with ENET, thats why I ask here for help! Lets say I have the same game running in my Android phone, my laptop and my pc. They are all in the same wifi network, and therefore in a LAN, whether its Wifi hotspot(?) or the household router. I need each of those 3 peers to discover the other two in the network. This is meant only to find the IP of alive apps in the LAN network, to be able to host multiplayer games between them. I can only think of one effective way to do this, UDP broadcast, wait responses, but if that is the solution, i need something small, since its the only purpose of the implementation. Other way could be to try to connect to all IPs in the LAN address subrange, but I don't think the OS would be with me on this one :p Sorry for the long question!

    Read the article

  • Correct usage of socket_select().

    - by Mark Tomlin
    What is the correct way to use socket_select within PHP to send and receive data? I have a connection to the server that allows for both TCP & UDP packet connections, I am utilizing both. Within these connections I'm both sending and receiving packets on the same port, but the TCP packet will be sent on one port (29999) and UDP will be sent on another port (30000). The transmission type will be that of AF_INET. The IP address will be loopback 127.0.0.1. I have many questions on how to create a socket connection within this scenario. For example, is it better to use socket_create_pair to make the connection, or use just socket_create followed by socket_connect, and then implement socket_select? There is a chance that no data will be sent from the server to the client, and it is up to the client to maintain the connection. This will be done by utilizing the time out function within the socket_select call. Should no data be sent within the time limit, the socket_select function will break and a keep alive packet can then be sent. The following script is of the client. // Create $TCP = socket_create(AF_INET, SOCK_STREAM, SOL_TCP); $UDP = socket_create(AF_INET, SOCK_DGRAM, SOL_UDP); // Misc $isAlive = TRUE; $UDPPort = 30000; define('ISP_ISI', 1); // Connect socket_connect($TCP, '127.0.0.1', 29999); socket_connect($UDP, '127.0.0.1', $UDPPort); // Construct Parameters $recv = array($TCP, $UDP); $null = NULL; // Make The Packet to Send. $packet = pack('CCCxSSxCSa16a16', 44, ISP_ISI, 1, $UDPPort, 0, '!', 0, 'AdminPass', 'SocketSelect'); // Send ISI (InSim Init) Packet socket_write($TCP, $packet); /* Main Program Loop */ while ($isAlive == TRUE) { // Socket Select $sock = socket_select($recv, $null, $null, 5); // Check Status if ($sock === FALSE) $isAlive = FALSE; # Error else if ($sock > 0) # How does one check to find what socket changed? else # Something else happed, don't know what as it's not in the documentation, Could this be our timeout getting tripped? }

    Read the article

  • 501 Error during Libjingle PCP on Amazone EC2 running Openfire

    - by AeroBuffalo
    I am trying to implement Google's Libjingle (version: 0.6.14) PCP example and I am getting a 501: feature not implemented error during execution. Specifically, the error occurs after each "account" has connected, been authenticated and began communicating with the other. An abbreviated log of the interaction is provided at the end. I have set up my own jabber server (using OpenFire on an Amazon EC2 server), have opened all of the necessary ports and have added each "account" to the other's roster. The server has been set to allow for file transfers. My being new to working with servers, I am not sure why this error is occur and how to go about fixing it. Thanks in advance, AeroBuffalo P.S. Let me know if there is any additional information needed (i.e. the full program log for either/both ends). Receiving End: [018:217] SEND >>>>>>>>>>>>>>>>>>>>>>>>> : Thu Jul 5 14:17:15 2012 [018:217] <iq to="[email protected]/pcp" type="set" id="5"> [018:217] <jingle xmlns="urn:xmpp:jingle:1" action="session-initiate" sid="402024303" initiator="[email protected]/pcp"> [018:217] <content name="securetunnel" creator="initiator"> [018:217] <description xmlns="http://www.google.com/talk/securetunnel"> [018:217] <type>send:winein.jpeg</type> [018:217] <client-cert>--BEGIN CERTIFICATE--END CERTIFICATE--</client-cert> [018:217] </description> [018:217] <transport xmlns="http://www.google.com/transport/p2p"/> [018:217] </content> [018:217] </jingle> [018:217] <session xmlns="http://www.google.com/session" type="initiate" id="402024303" initiator="[email protected]/pcp"> [018:217] <description xmlns="http://www.google.com/talk/securetunnel"> [018:217] <type>send:winein.jpeg</type> [018:217] <client-cert>--BEGIN CERTIFICATE--END CERTIFICATE--</client-cert> [018:217] </description></session> [018:217] </iq> [018:217] RECV <<<<<<<<<<<<<<<<<<<<<<<<< : Thu Jul 5 14:17:15 2012 [018:217] <presence to="[email protected]/pcp" from="forgesend" type="error"> [018:217] <error code="404" type="cancel"> [018:217] <remote-server-not-found xmlns="urn:ietf:params:xml:ns:xmpp-stanzas"/> [018:217] </error></presence> [018:218] RECV <<<<<<<<<<<<<<<<<<<<<<<<< : Thu Jul 5 14:17:15 2012 [018:218] <presence to="[email protected]/pcp" from="forgesend" type="error"> [018:218] <error code="404" type="cancel"> [018:218] <remote-server-not-found xmlns="urn:ietf:params:xml:ns:xmpp-stanzas"/> [018:218] </error></presence> [018:264] RECV <<<<<<<<<<<<<<<<<<<<<<<<< : Thu Jul 5 14:17:15 2012 [018:264] <iq type="result" id="3" to="[email protected]/pcp"> [018:264] <query xmlns="google:jingleinfo"> [018:264] <stun> [018:264] <server host="stun.xten.net" udp="3478"/> [018:264] <server host="jivesoftware.com" udp="3478"/> [018:264] <server host="igniterealtime.org" udp="3478"/> [018:264] <server host="stun.fwdnet.net" udp="3478"/> [018:264] </stun> [018:264] <publicip ip="65.101.207.121"/> [018:264] </query></iq> [018:420] RECV <<<<<<<<<<<<<<<<<<<<<<<<< : Thu Jul 5 14:17:15 2012 [018:420] <iq to="[email protected]/pcp" type="set" id="5" from="[email protected]/pcp"> [018:420] <jingle xmlns="urn:xmpp:jingle:1" action="session-initiate" sid="3548650675" initiator="[email protected]/pcp"> [018:420] <content name="securetunnel" creator="initiator"> [018:420] <description xmlns="http://www.google.com/talk/securetunnel"> [018:420] <type>recv:wineout.jpeg</type> [018:420] <client-cert>--BEGIN CERTIFICATE--END CERTIFICATE--</client-cert> [018:420] </description> [018:420] <transport xmlns="http://www.google.com/transport/p2p"/> [018:420] </content></jingle> [018:420] <session xmlns="http://www.google.com/session" type="initiate" id="3548650675" initiator="[email protected]/pcp"> [018:420] <description xmlns="http://www.google.com/talk/securetunnel"> [018:420] <type>recv:wineout.jpeg</type> [018:420] <client-cert>--BEGIN CERTIFICATE--END CERTIFICATE--</client-cert> [018:420] </description></session></iq> [018:421] TunnelSessionClientBase::OnSessionCreate: received=1 [018:421] Session:3548650675 Old state:STATE_INIT New state:STATE_RECEIVEDINITIATE Type:http://www.google.com/talk/securetunnel Transport:http://www.google.com/transport/p2p [018:421] TunnelSession::OnSessionState(Session::STATE_RECEIVEDINITIATE) [018:421] SEND >>>>>>>>>>>>>>>>>>>>>>>>> : Thu Jul 5 14:17:15 2012 [018:421] <iq to="[email protected]/pcp" id="5" type="result"/> [018:465] RECV <<<<<<<<<<<<<<<<<<<<<<<<< : Thu Jul 5 14:17:15 2012 [018:465] <iq to="[email protected]/pcp" id="5" type="result" from="[email protected]/pcp"/> [198:665] RECV <<<<<<<<<<<<<<<<<<<<<<<<< : Thu Jul 5 14:20:15 2012 [198:665] <iq type="get" id="162-10" from="forgejabber.com" to="[email protected]/pcp"> [198:665] <ping xmlns="urn:xmpp:ping"/> [198:665] /iq> [198:665] SEND >>>>>>>>>>>>>>>>>>>>>>>>> : Thu Jul 5 14:20:15 2012 [198:665] <iq type="error" id="162-10" to="forgejabber.com"> [198:665] <ping xmlns="urn:xmpp:ping"/> [198:665] <error code="501" type="cancel"> [198:665] <feature-not-implemented xmlns="urn:ietf:params:xml:ns:xmpp-stanzas"/> [198:665] </error> [198:665] </iq> Sender: [019:043] SEND >>>>>>>>>>>>>>>>>>>>>>>>> : Thu Jul 5 14:17:15 2012 [019:043] <iq type="get" id="3"> [019:043] <query xmlns="google:jingleinfo"/> [019:043] </iq> [019:043] SEND >>>>>>>>>>>>>>>>>>>>>>>>> : Thu Jul 5 14:17:15 2012 [019:043] <iq to="[email protected]/pcp" type="set" id="5"> [019:043] <jingle xmlns="urn:xmpp:jingle:1" action="session-initiate" sid="3548650675" initiator="[email protected]/pcp"> [019:043] <content name="securetunnel" creator="initiator"> [019:043] <description xmlns="http://www.google.com/talk/securetunnel"> [019:043] <type>recv:wineout.jpeg</type> [019:043] <client-cert>--BEGIN CERTIFICATE----END CERTIFICATE--</client-cert> [019:043] </description> [019:043] <transport xmlns="http://www.google.com/transport/p2p"/> [019:043] </content> [019:043] </jingle> [019:043] <session xmlns="http://www.google.com/session" type="initiate" id="3548650675" initiator="[email protected]/pcp"> [019:043] <description xmlns="http://www.google.com/talk/securetunnel"> [019:043] <type>recv:wineout.jpeg</type> [019:043] <client-cert>--BEGIN CERTIFICATE--END CERTIFICATE--</client-cert> [019:043] </description></session></iq> [019:043] RECV <<<<<<<<<<<<<<<<<<<<<<<<< : Thu Jul 5 14:17:15 2012 [019:043] <presence to="[email protected]/pcp" from="forgereceive" type="error"> [019:043] <error code="404" type="cancel"> [019:043] <remote-server-not-found xmlns="urn:ietf:params:xml:ns:xmpp-stanzas"/> [019:043] </error></presence> [019:044] RECV <<<<<<<<<<<<<<<<<<<<<<<<< : Thu Jul 5 14:17:15 2012 [019:044] <presence to="[email protected]/pcp" from="forgereceive" type="error"> [019:044] <error code="404" type="cancel"> [019:044] <remote-server-not-found xmlns="urn:ietf:params:xml:ns:xmpp-stanzas"/> [019:044] </error></presence> [019:044] RECV <<<<<<<<<<<<<<<<<<<<<<<<< : Thu Jul 5 14:17:15 2012 [019:044] <iq to="[email protected]/pcp" type="set" id="5" from="[email protected]/pcp"> [019:044] <jingle xmlns="urn:xmpp:jingle:1" action="session-initiate" sid="402024303" initiator="[email protected]/pcp"> [019:044] <content name="securetunnel" creator="initiator"> [019:044] <description xmlns="http://www.google.com/talk/securetunnel"> [019:044] <type>send:winein.jpeg</type> [019:044] <client-cert>--BEGIN CERTIFICATE--END CERTIFICATE--</client-cert> [019:044] </description> [019:044] <transport xmlns="http://www.google.com/transport/p2p"/> [019:044] </content></jingle> [019:044] <session xmlns="http://www.google.com/session" type="initiate" id="402024303" initiator="[email protected]/pcp"> [019:044] <description xmlns="http://www.google.com/talk/securetunnel"> [019:044] <type>send:winein.jpeg</type> [019:044] <client-cert>--BEGIN CERTIFICATE--END CERTIFICATE--</client-cert> [019:044] </description></session></iq> [019:044] TunnelSessionClientBase::OnSessionCreate: received=1 [019:044] Session:402024303 Old state:STATE_INIT New state:STATE_RECEIVEDINITIATE Type:http://www.google.com/talk/securetunnel Transport:http://www.google.com/transport/p2p [019:044] TunnelSession::OnSessionState(Session::STATE_RECEIVEDINITIATE) [019:044] SEND >>>>>>>>>>>>>>>>>>>>>>>>> : Thu Jul 5 14:17:15 2012 [019:044] <iq to="[email protected]/pcp" id="5" type="result"/> [019:088] RECV <<<<<<<<<<<<<<<<<<<<<<<<< : Thu Jul 5 14:17:15 2012 [019:088] <iq type="result" id="3" to="[email protected]/pcp"> [019:088] <query xmlns="google:jingleinfo"> [019:088] <stun> [019:088] <server host="stun.xten.net" udp="3478"/> [019:088] <server host="jivesoftware.com" udp="3478"/> [019:088] <server host="igniterealtime.org" udp="3478"/> [019:088] <server host="stun.fwdnet.net" udp="3478"/> [019:088] </stun> [019:088] <publicip ip="65.101.207.121"/> [019:088] </query> [019:088] </iq> [019:183] RECV <<<<<<<<<<<<<<<<<<<<<<<<< : Thu Jul 5 14:17:15 2012 [019:183] <iq to="[email protected]/pcp" id="5" type="result" from="[email protected]/pcp"/> [199:381] RECV <<<<<<<<<<<<<<<<<<<<<<<<< : Thu Jul 5 14:20:15 2012 [199:381] <iq type="get" id="474-11" from="forgejabber.com" to="[email protected]/pcp"> [199:381] <ping xmlns="urn:xmpp:ping"/> [199:381] </iq> [199:381] SEND >>>>>>>>>>>>>>>>>>>>>>>>> : Thu Jul 5 14:20:15 2012 [199:381] <iq type="error" id="474-11" to="forgejabber.com"> [199:381] <ping xmlns="urn:xmpp:ping"/> [199:381] <error code="501" type="cancel"> [199:381] <feature-not-implemented xmlns="urn:ietf:params:xml:ns:xmpp-stanzas"/> [199:382] </error></iq>

    Read the article

  • Expert iptables help needed?

    - by Asad Moeen
    After a detailed analysis, I collected these details. I am under a UDP Flood which is more of application dependent. I run a Game-Server and an attacker is flooding me with "getstatus" query which makes the GameServer respond by making the replies to the query which cause output to the attacker's IP as high as 30mb/s and server lag. Here are the packet details, Packet starts with 4 bytes 0xff and then getstatus. Theoretically, the packet is like "\xff\xff\xff\xffgetstatus " Now that I've tried a lot of iptables variations like state and rate-limiting along side but those didn't work. Rate Limit works good but only when the Server is not started. As soon as the server starts, no iptables rule seems to block it. Anyone else got more solutions? someone asked me to contact the provider and get it done at the Network/Router but that looks very odd and I believe they might not do it since that would also affect other clients. Responding to all those answers, I'd say: Firstly, its a VPS so they can't do it for me. Secondly, I don't care if something is coming in but since its application generated so there has to be a OS level solution to block the outgoing packets. At least the outgoing ones must be stopped. Secondly, its not Ddos since just 400kb/s input generates 30mb/s output from my GameServer. That never happens in a D-dos. Asking the provider/hardware level solution should be used in that case but this one is different. And Yes, Banning his IP stops the flood of outgoing packets but he has many more IP-Addresses as he spoofs his original so I just need something to block him automatically. Even tried a lot of Firewalls but as you know they are just front-ends to iptables so if something doesn't work on iptables, what would the firewalls do? These were the rules I tried, iptables -A INPUT -p udp -m state --state NEW -m recent --set --name DDOS --rsource iptables -A INPUT -p udp -m state --state NEW -m recent --update --seconds 1 --hitcount 5 --name DDOS --rsource -j DROP It works for the attacks on un-used ports but when the server is listening and responding to the incoming queries by the attacker, it never works. Okay Tom.H, your rules were working when I modified them somehow like this: iptables -A INPUT -p udp -m length --length 1:1024 -m recent --set --name XXXX --rsource iptables -A INPUT -p udp -m string --string "xxxxxxxxxx" --algo bm --to 65535 -m recent --update --seconds 1 --hitcount 15 --name XXXX --rsource -j DROP They worked for about 3 days very good where the string "xxxxxxxxx" would be rate-limited, blocked if someone flooded and also didn't affect the clients. But just today, I tried updating the chain to try to remove a previously blocked IP so for that I had to flush the chain and restore this rule ( iptables -X and iptables -F ), some clients were already connected to servers including me. So restoring the rules now would also block some of the clients string completely while some are not affected. So does this mean I need to restart the server or why else would this happen because the last time the rules were working, there was no one connected?

    Read the article

  • Cablemodem (SBG6580) firewall denying some outbound traffic? Why? Not configured [migrated]

    - by lairdb
    I finally got around to turning the syslog on for my cablemodem (Motorola Surfboard SBG6580) and I'm seeing about the expected amount of inbound attackage being blocked... 2014-05-30 21:59:02 Local0.Alert 192.168.111.1 May 31 04:58:56 2014 SYSLOG[0]: [Host 192.168.111.1] UDP 12.230.209.198,4500 --> 66.27.xx.xx,61459 DENY:Firewall interface [IP Fragmented Packet] attack 2014-05-30 21:59:02 Local0.Alert 192.168.111.1 May 31 04:58:56 2014 SYSLOG[0]: [Host 192.168.111.1] TCP 17.172.232.109,5223 --> 66.27.xx.xx,53814 DENY:Firewall interface access request 2014-05-30 21:59:02 Local0.Alert 192.168.111.1 May 31 04:58:57 2014 SYSLOG[0]: [Host 192.168.111.1] UDP 12.230.209.198,443 --> 66.27.xx.xx,53385 DENY: Firewall interface [IP Fragmented Packet] attack 2014-05-30 21:59:02 Local0.Alert 192.168.111.1 May 31 04:58:57 2014 SYSLOG[0]: [Host 192.168.111.1] UDP 12.230.209.198,4500 --> 66.27.xx.xx,61459 DENY:Firewall interface [IP Fragmented Packet] attack 2014-05-30 21:59:10 Local0.Alert 192.168.111.1 May 31 04:59:04 2014 SYSLOG[0]: [Host 192.168.111.1] UDP 12.230.209.198,443 --> 66.27.xx.xx,59960 DENY: Firewall interface [IP Fragmented Packet] attack 2014-05-30 21:59:10 Local0.Alert 192.168.111.1 May 31 04:59:04 2014 SYSLOG[0]: [Host 192.168.111.1] UDP 12.230.209.198,4500 --> 66.27.xx.xx,61459 DENY:Firewall interface [IP Fragmented Packet] attack ...and that's great. (Sad, but great.) But I'm also seeing a HUGE amount of what appears to be denied outbound connectivity: 2014-05-30 16:30:10 Local0.Alert 192.168.111.1 May 30 23:30:04 2014 SYSLOG[0]: [Host 192.168.111.1] TCP 192.168.111.100,58969 --> 38.81.66.127,443 DENY: Inbound or outbound access request 2014-05-30 16:30:10 Local0.Alert 192.168.111.1 May 30 23:30:04 2014 SYSLOG[0]: [Host 192.168.111.1] TCP 192.168.111.100,58969 --> 38.81.66.127,443 DENY: Inbound or outbound access request 2014-05-30 16:30:10 Local0.Alert 192.168.111.1 May 30 23:30:04 2014 SYSLOG[0]: [Host 192.168.111.1] TCP 192.168.111.100,58965 --> 162.222.41.13,443 DENY: Inbound or outbound access request 2014-05-30 16:30:10 Local0.Alert 192.168.111.1 May 30 23:30:04 2014 SYSLOG[0]: [Host 192.168.111.1] TCP 192.168.111.100,58965 --> 162.222.41.13,443 DENY: Inbound or outbound access request 2014-05-30 16:30:10 Local0.Alert 192.168.111.1 May 30 23:30:04 2014 SYSLOG[0]: [Host 192.168.111.1] TCP 192.168.111.100,58964 --> 38.81.66.179,443 DENY: Inbound or outbound access request 2014-05-30 16:30:10 Local0.Alert 192.168.111.1 May 30 23:30:04 2014 SYSLOG[0]: [Host 192.168.111.1] TCP 192.168.111.100,58964 --> 38.81.66.179,443 DENY: Inbound or outbound access request ...and Spot checking suggests that it's all legitimate traffic (Opening connections to CrashPlan, etc.), I have no restrictions configured in the modem; I don't see why it should be blocking anything. Am I misreading the log entry, and it's not actually being denied? (Seems unlikely.) Is the ISP (TWC) pushing deny tables that are not exposed in the UI? (Tinfoil hat too tight.) I'm confused. (The good news, such as it is, is that AFAIK I'm not experiencing any actual issues... but maybe I am; tough to tell.) Thanks.

    Read the article

  • Receiving broadcast messages

    - by Prasad
    Hi, I'm trying to receive broadcast messages using C# code in an ISDN network with BRI interface at my end. I see the packets sent to the broadcast ip address (239.255.255.255) on some ports using Comm View tool. But when I try to listen to this IP address, it says the address is not in a valid context. But when I send broadcast messages to 255.255.255.255 on a port, I can receive those messages with the below code.. What could be the problem with this ip address - 239.255.255.255 ? The code I use to listen to broadcast messages is.. UdpClient udp = new UdpClient(); IPEndPoint receiveEndPoint = new IPEndPoint(IPAddress.Any, 8013); // If I use IPAddress.Parse("239.255.255.255") to listen to, // it says "the address is not in a valid // context." udp.Client.Bind(receiveEndPoint); udp.BeginReceive(_Callback, udp); static private void _Callback(IAsyncResult iar) { try { UdpClient client = (UdpClient)iar.AsyncState; client.BeginReceive(_Callback, client); IPEndPoint ipRemote = new IPEndPoint(IPAddress.Any, 8013); byte[] rgb = client.EndReceive(iar, ref ipRemote); Console.WriteLine("Received {0} bytes: \"{1}\"", rgb.Length.ToString(), Encoding.UTF8.GetString(rgb)); } catch (ObjectDisposedException) { Console.WriteLine("closing listening socket"); } catch (Exception exc) { Console.WriteLine("Listening socket error: \"" + exc.Message + "\""); } } There are packets sent to the broadcast ipaddress (239.255.255.255) which I can see in Commview tool, but can't receive them from the code... Can anybody help me out please? Thanking you in advance, Prasad Kancharla.

    Read the article

  • Python - How to wake up a sleeping process- multiprocessing?

    - by user1162512
    I need to wake up a sleeping process ? The time (t) for which it sleeps is calculated as t = D/S . Now since s is varying, can increase or decrease, I need to increase/decrease the sleeping time as well. The speed is received over a UDP procotol. So, how do I change the sleeping time of a process, keeping in mind the following:- If as per the previous speed `S1`, the time to sleep is `(D/S1)` . Now the speed is changed, it should now sleep for the new time,ie (D/S2). Since, it has already slept for D/S1 time, now it should sleep for D/S2 - D/S1. How would I do it? As of right now, I'm just assuming that the speed will remain constant all throughout the program, hence not notifying the process. But how would I do that according to the above condition? def process2(): p = multiprocessing.current_process() time.sleep(secs1) # send some packet1 via UDP time.sleep(secs2) # send some packet2 via UDP time.sleep(secs3) # send some packet3 via UDP Also, as in threads, 1) threading.activeCount(): Returns the number of thread objects that are active. 2) threading.currentThread(): Returns the number of thread objects in the caller's thread control. 3) threading.enumerate(): Returns a list of all thread objects that are currently active. What are the similar functions for getting activecount, enumerate in multiprocessing?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 13 14 15 16 17 18 19 20 21 22 23 24  | Next Page >