Search Results

Search found 11363 results on 455 pages for 'elastic ip'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 173/455 | < Previous Page | 169 170 171 172 173 174 175 176 177 178 179 180  | Next Page >

  • OpenSWAN KLIPS not working

    - by bonzi
    I am trying to setup IPSec between 2 VM launched by OpenNebula. I'm using OpenSWAN for that. This is the ipsec.conf file config setup oe=off interfaces=%defaultroute protostack=klips conn host-to-host left=10.141.0.135 # Local IP address connaddrfamily=ipv4 leftrsasigkey=key right=10.141.0.132 # Remote IP address rightrsasigkey=key ike=aes128 # IKE algorithms (AES cipher) esp=aes128 # ESP algorithns (AES cipher) auto=add pfs=yes forceencaps=yes type=tunnel I'm able to establish the connection with netkey but klips doesnt work. ipsec barf shows #71: ERROR: asynchronous network error report on eth0 (sport=500) for message to 10.141.0.132 port 500, complainant 10.141.0.135: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)] Tcpdump shows 22:50:20.592685 IP 10.141.0.132.isakmp > 10.141.0.135.isakmp: isakmp: phase 1 I ident 22:50:25.602182 ARP, Request who-has 10.141.0.135 tell 10.141.0.132, length 46 22:50:26.602082 ARP, Request who-has 10.141.0.135 tell 10.141.0.132, length 46 22:50:27.601985 ARP, Request who-has 10.141.0.135 tell 10.141.0.132, length 46 ipsec eroute shows 0 10.141.0.135/32 -> 10.141.0.132/32 => %trap What could be the problem?

    Read the article

  • Amazon AWS VPN how to open a port?

    - by Victor Piousbox
    I have a VPN with public and private subnets; I am considering only public subnet for now. The node 10.0.0.23, I can ssh into it. Let's say I want to connect to MySQL on the node using its private address: ubuntu@ip-10-0-0-23:/$ mysql -u root -h 10.0.0.23 ERROR 2003 (HY000): Can't connect to MySQL server on '10.0.0.23' (111) ubuntu@ip-10-0-0-23:/$ mysql -u root -h localhost Welcome to the MySQL monitor. Commands end with ; or \g. --- 8< --- snip --- 8< --- mysql> The port 3306 is not reachable if I use the private IP? My security group allows port 3306 inbound from 0.0.0.0/0 AND from 10.0.0.0/24. Outbound, allowed all. The generic setup done by Amazon through their wizard does not work... I add ACL that allows everything for everybody, still does not work. What am I missing?

    Read the article

  • Setting up a network where packets are traced

    - by Marcus
    My situation is the following: I have an internet connection, which is shared between people. More or less obviously, people is using it to download illegal stuff. Since I'm the owner of the connection, I want to avoid being sued. I don't want to prevent the people from doing the things they want, but I want to be legally safe. Now, I have relatively little competences in network administration, so I was wondering: is it possible to setup a network, where the source and destination of the packets are logged? I would use this to prove, in case of lawsuit, that the traffic was coming from a given machine. if the idea is feasible, is there any wireless router on which I can install linux, where I can install the packet sniffer? how much space could the logs take (containing only the timestamp/source/destination), per GB of traffic? a very rough estimation would be very helpful. if a machine on my network is sending bittorrent packets to a certain IP, would this log be able to reflect the time, source ip and destination ip? I assume that obviously the torrent data would be encrypted and un-decryptable. Am I missing something? Is there a better strategy? Any pointer to documentation would be helpful as well - in that case, I would use this as starting point.

    Read the article

  • WRT54GL Tomato Router in Client wireless mode to an iPhone Personal Hotspot

    - by Gordo
    I am trying to connect a router with Tomato firmware to an iPhone 4. The goal is to connect to the Personal Hotspot in Client Wireless mode. This should allow wired and wireless users to connect to the router rather then the iPhone. In theory this should be possible but I am having difficulty. Router Linksys WRT54GL Tomato 1.28.1816 firmware iPhone iPhone 4 iOS 5.1 (9B176) Carrier Rogers Wireless Personal Hotspot works with other devices, wifi/bluetooth/usb iPhone Personal Hotspot settings Mode: B/G Security: WPA or WPA2 Personal Encryption: AES Router IP: 172.20.10.1 Subnet: 172.20.10.0 Min IP: 172.20.10.2 Max IP: 172.20.10.14 maximum number of wireless tethered hosts is 5 I have followed the directions here: http://www.wi-fiplanet.com/tutorials/article.php/3810281 Ensured that the router subnet does not 'collide' with the iPhone subnet. Here is the configuration of the Tomato 'Basic - Network - Wireless' section: http://i.stack.imgur.com/pbmTB.png I have tried several variations of this configuration, but nothing seems to work. NOTE: I have successfully connected to my own wifi network in Wireless Client mode, so I am confident that there are no bad cables or other hardware issues. I would prefer to use Tomato, but DD-WRT maybe my only other option. Thanks!

    Read the article

  • port forwarding problem

    - by Claudiu
    I want to set up an svn server on my computer, so it's available from anywhere. I think I set up the repository correctly, using CollabSVN. If I go to Repo-Browser with TortoiseSVN and point it to svn://localhost:3690, it shows the proper repository. The problem now is that I'm behind a router. My local IP is 192.168.1.45 . Doing svn://192.168.1.45:3690 also works. My global IP is, say, x.x.x.x. Just doing svn://x.x.x.x:3690 doesn't work, which makes sense, since I have to set up port forwarding. I'm using a Verizon router. Using their web interface (on 192.168.1.1) I added the following port forwarding rule: IP Address forward to: 192.168.1.45 Source Ports: Any Dest Ports: 3690 Forward to: 3690 Protocol: TCP However, even after applying this rule, going to svn://x.x.x.x:3690 doesn't work. It takes a few seconds to fail, then says that the connection couldn't be established because the server connected to didn't respond properly after a period of time. What's interesting is that a random port, like svn://x.x.x.x:36904 fails immediately, saying that the target machine actively refused the connection. So I figure that the forwarding rule did something, but not fully what was necessary. Any ideas on how to get this working? The router model is MI424-WR and the firmware version is 4.0.16.1.56.0.10.12.3. UPDATE: I also tried setting destination port to 45000, and still forwarding to 3690, in case something was wrong w/ the lower-numbered ports, but to no avail. I also tried port 80 to port 3690, still all in vain.

    Read the article

  • iptables to block non-VPN-traffic if not through tun0

    - by dacrow
    I have a dedicated Webserver running Debian 6 and some Apache, Tomcat, Asterisk and Mail-stuff. Now we needed to add VPN support for a special program. We installed OpenVPN and registered with a VPN provider. The connection works well and we have a virtual tun0 interface for tunneling. To archive the goal for only tunneling a single program through VPN, we start the program with sudo -u username -g groupname command and added a iptables rule to mark all traffic coming from groupname iptables -t mangle -A OUTPUT -m owner --gid-owner groupname -j MARK --set-mark 42 Afterwards we tell iptables to to some SNAT and tell ip route to use special routing table for marked traffic packets. Problem: if the VPN failes, there is a chance that the special to-be-tunneled program communicates over the normal eth0 interface. Desired solution: All marked traffic should not be allowed to go directly through eth0, it has to go through tun0 first. I tried the following commands which didn't work: iptables -A OUTPUT -m owner --gid-owner groupname ! -o tun0 -j REJECT iptables -A OUTPUT -m owner --gid-owner groupname -o eth0 -j REJECT It might be the problem, that the above iptable-rules didn't work due to the fact, that the packets are first marked, then put into tun0 and then transmitted by eth0 while they are still marked.. I don't know how to de-mark them after in tun0 or to tell iptables, that all marked packet may pass eth0, if they where in tun0 before or if they going to the gateway of my VPN provider. Does someone has any idea to a solution? Some config infos: iptables -nL -v --line-numbers -t mangle Chain OUTPUT (policy ACCEPT 11M packets, 9798M bytes) num pkts bytes target prot opt in out source destination 1 591K 50M MARK all -- * * 0.0.0.0/0 0.0.0.0/0 owner GID match 1005 MARK set 0x2a 2 82812 6938K CONNMARK all -- * * 0.0.0.0/0 0.0.0.0/0 owner GID match 1005 CONNMARK save iptables -nL -v --line-numbers -t nat Chain POSTROUTING (policy ACCEPT 393 packets, 23908 bytes) num pkts bytes target prot opt in out source destination 1 15 1052 SNAT all -- * tun0 0.0.0.0/0 0.0.0.0/0 mark match 0x2a to:VPN_IP ip rule add from all fwmark 42 lookup 42 ip route show table 42 default via VPN_IP dev tun0

    Read the article

  • VPN on a ubuntu server limited to certain ips

    - by Hultner
    I got an server running Ubuntu Server 9.10 and I need access to it and other parts of my network sometimes when not at home. There's two places I need to access the VPN from. One of the places to an static IP and the other got an dynamic but with DynDNS setup so I can always get the current IP if I want to. Now when it comes to servers people call me kinda paranoid but security is always my number one priority and I never like to allow access to the server outside the network therefor I have two things I have to have on this VPN. One it shouldn't be accessiable from any other IP then these 2 and two it has to use a very secure key so it will be virtually impossible to bruteforce even from the said IP´s. I have no experience what so ever in setting up VPNs, I have used SSH tunneling but never an actuall VPN. So what would be the best, most stable, safest and performance effiecent way to set this up on a Ubuntu Server? Is it possible or should I just set up some kind of SSH Tunnel instead? Thanks on beforehand for answers.

    Read the article

  • Tomato/DD-WRT router to act as switch & only NAT some port

    - by fseto
    BACKGROUND: I have a device that must use a real IP address. Currently, my ISP uses DHCP and I can have up to 4 real IP address assigned. However, the cable modem only have 1 ethernet port and it's connected to my router (running Tomato, but can run DD-wrt or other Openwrt if required). Question stems from how I can connect the additional device, requiring a real IP? EASY SOLUTION: would be to get a switch and connect to the CM, Router, and Device. But alas, I want to avoid this route, since: my wiring cabinet in my home is drawing lots of power and heat already Device will be unprotected by any firewall unable to monitor the traffic to/from device. Besides, what would be the FUN in that? =) IDEA: So what I want to do is to configure the router, so that one of the switchport is removed from the normal br0 bridge. Instead, I want to make it behave like a switch on the WAN port. What's the best way of doing this? Should I create another bridge on the WAN & the device port? Can a single port belongs to two bridges? or would I need to create a subinterface first? Would I need a DHCP-relay? Am I expecting too much from my poor cheapie router? +------+ | CM | +--++--+ || +----WAN---------------+ | / \ Router | | BR1? BR0 | | | \ | | | {NAT} | | | / | | \ | +-P0----P1-P2-P3-Wifi--+ | +------+ |Device| +------+

    Read the article

  • Configuring network route between two routers on home network

    - by Paul
    I have a home network - the main router connected to the internet (and has wifi) is a Netopia box. Connected to it is a Linksys router. Everything currently works - I can connect via the wireless network and get to the internet. Machines connected to the Linksys can connect with each other and connect to the internet. Both routers are configured to serve addresses via DHCP (Netopia 192.168.1.1 - 192.168.1.99), Linksys (192.168.0.1 - 192.168.0.100). Here's how they are connected: Internet <-> Netopia w/wifi (192.168.1.254) <-> Linksys (192.168.0.1) I decided I really need to allow wireless connections to also communicate with machines behind the Linksys router. Currently the Linksys is configured to obtain an IP address via DHCP. I thought this would be straightforward. I configured the Linksys to have a static IP address: IP: 192.168.1.100 Mask: 255.255.255.0 GW: 192.168.1.254 Then I configured a static route on the Netopia: Network: 192.168.0.0 Mask: 255.255.255.0 GW: 192.168.1.100 So it should now look like this: Internet <-> Netopia w/wifi (192.168.1.254) <-> (192.168.1.100) Linksys (192.168.0.1) I reset both routers. I cannot ping the Netopia (192.168.1.254) from inside the Linksys network, and if I attempt to ping 192.168.0.1 from a wifi connection I get a "Destination host not available" error. Obviously I'm missing something, but I'm not sure where. Any ideas on what I'm missing?

    Read the article

  • How to place a virtual machine in DMZ?

    - by Giordano
    I have an Ubuntu 12.04 server running few virtual machines with KVM. I would like to expose some of these virtual machines on the internet, to make it possible for customers to test the products we're developing and make available other products for demo purposes. One of the server NICs is configured with a public IP. However before exposing anything on the web I would like to be sure that if one of the virtual machines get compromised, the attacker doesn't reach the rest of the hosts. What I would like to do is to put these virtual machines into a DMZ. These are the steps I'm planning to do: Create a tap interface in the virtualization host (let's say tap1) Create a bridge using tap1 and give it an IP in a subnet separate from the other hosts. Let's say 10.0.0.1 Attach the DMZ virtual machines to the bridge and configure their IP statically (10.0.0.2, 10.0.0.3, etc...) Using UFW, forbid any traffic from 10.0.0.0/24 to any of the internal hosts, allow the traffic from the internal hosts towards 10.0.0.0/24 and expose the virtual machines on the web using port forwarding. Do you think this setup is safe? Can you suggest any improvement or a better/safer approach? Thanks in advance!

    Read the article

  • Once VPN connection is done, how do I proceed reaching the other side address space?

    - by sports
    I'm using Windows Azure and I created a VPN Site To Site, configured like this: My virtual network: My address space: 10.2.0.0/16 (65531) Subnet1: 10.2.1.0/24 (251) Subnet2: 10.2.2.0/24 (251) Gateway: 10.2.3.0/29 (3) My public gateway IP: 137.135.x.z (I wont show x and z for security reasons) This public gateway uses, as you can see, 5 IPs on subnet1 and 5 IPs on subnet2, and 5 IPs on the gateway "Their" virtual network (in azure this would be a "Local network") Their address space: 172.60.100.67/32, 172.60.100.68/32, 172.60.100.69/32 Their device public IP: x.x.x.x (ommited for security reasons) Notice their address space are 3 IPs So: the VPN is "in green" (in Azure is showing up green, literally, like these two are connected) and now my question is: How do I proceed to reach their address space? I've tried creating a virtual machine (Windows Server 2008, but it could be an Ubuntu) on "my" virtual network and it is automatically "placed" on subnet1 or subnet2. So it gets the IP 10.2.1.0 (valid example), I can't choose to place the virtual machine in the gateway address space. How do I "reach" any of the IPs 172.60.100.67, 172.60.100.68, 172.60.100.69 ? In other words: How can I telnet any of these IPs? or ping? or see them in my network? Please provide me answers for Windows Server 2008 or for an Ubuntu. I'm open to create any virtual machine.

    Read the article

  • Setup a Reverse Proxy with Nginx and Apache on EC2

    - by heavymark
    Good Day, I am currently using the free Amazon EC2 micro instance to learn Linux and server setup. I wish to setup Nginx as a reverse web proxy. I found a great article on mediatemple on how to do it: http://wiki.mediatemple.net/w/Using_Nginx_as_a_Reverse_Web_Proxy The directions work for most any server except for EC2.One difference between EC2 and MediaTemple is how IPs work. Overall EC2 instances do not know their elastic IP. So when following the wiki directions in the virtual hosts for instance instead of myip:80 for instance I put *:80. When just using Apache this works perfectly. In the apache virtual hosts I did "127.0.0.1:80" and in the Nginx I put *:80. Apache restarts, by Nginx provides an error that it cannot bind because the ip is already in use. If I could add an actual IP in the Nginx file it would work but since EC2 requires me to put in the asterisk it ends up conflicting with the apache virtual hosts entry. Anyone know a simple way around this (other than not using EC2) ;-) Thank you! Cheers, Christopher

    Read the article

  • Connect linux server to VPN server via PPTP

    - by wowpatrick
    I'm trying to connect a Linux (Ubuntu 10.04 LST) server to a VPN server via the PPTP client to an VPN server. I configured the PPTP client as said in the documentation. The connection is correctly added as an interface, but somehow the connection dose not work. ping -I ppp0 google.com dose not return anything and traceroute -i ppp0 only shows the first hop, and then displays nothing. Any ideas of what is going wrong? Incorrect routing configuration? ifconfig output for the configured interface: ppp0 Link encap:Point-to-Point Protocol inet addr:xx.x.xxx.xxx P-t-P:10.0.0.1 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1496 Metric:1 RX packets:415 errors:0 dropped:0 overruns:0 frame:0 TX packets:468 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:3 RX bytes:31428 (31.4 KB) TX bytes:32394 (32.3 KB) route output Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface xx.x.x.1 * 255.255.255.255 UH 0 0 0 ppp0 xx.xxx.xxx.xx sp.ip 255.255.255.255 UGH 0 0 0 eth1 192.168.3.0 * 255.255.255.0 U 0 0 0 eth2 192.168.2.0 * 255.255.255.0 U 0 0 0 eth1 default sp.ip 0.0.0.0 UG 100 0 0 eth1

    Read the article

  • I've just set up FreeBSD 8.0 and can't login with ssh

    - by Matt
    /etc/hosts.allow is set to allow any protocol from anywhere. I can "ssh localhost" and it works. I simply get "connection refused" from putty on another machine. Any ideas? Will try to get a copy of the sshd_server.conf file as soon as I can find a flash disk to copy it to, but I thought someone might know what you need to set initially to permit login. EDIT: I think I can see why it's not working now. If I telnet to the IP address of the server I'm seeing MGE UPS SYSTEMS SNMP Web/Agent configuration menu. Enter Password: Doh. Ok, so the IP address is assigned by DHCP, but it seems there is already a device statically assigned to that address. I'll put in a reservation and try again. ok, sorted now. It was an ip address conflict. Windows DHCP isn't smart enough to check if there is something listening on the address before first assigning it.

    Read the article

  • Route through site-to-site VPN not working

    - by Jonathan
    I'm trying to set up a site-to-site VPN using RRAS on two 2K8r2 servers since yesterday. The connection is working at this point, but I can't get it to send traffic from one site to the other one. Set up: the set up is the same on both sites: the server is connected to a router that's connected to a modem. The routers act like a DHCP-server and assign IP addresses from the range subnet.21-subnet-.100. Both servers use a static IP address, subnet.11, and are set up as DMZ. Configuration: the servers are configured using the wizard to set up a site-to-site connection. This works with a demand-dial interface and a PPTP VPN connection. As mentioned, the VPN connection work properly. Problem: I can't get the servers to send the traffic for the other site, to be sent through the VPN connection. I added a static route on both server (home, office 1) and I can see the result in the IP routing table (home, office 1). I did this because the route didn't show up automatically. My guess is that this last step isn't right, for example because the routing table states "non demand-dial", which seems not correct. Home: Subnet: 10.0.1.0/24 Router: 10.0.1.1 Server: 10.0.1.11 (DMZ) DHCP: 10.0.1.21-10.0.1.100 RRAS DHCP: 10.0.1.101-10.0.1.150 Office 1: Subnet: 10.0.2.0/24 Router: 10.0.2.1 Server: 10.0.2.11 (DMZ) DHCP: 10.0.2.21-10.0.2.100 RRAS DHCP: 10.0.2.101-10.0.2.150 I hope someone has an idea to get this route working!

    Read the article

  • Apache reverse proxy with VirtualHost not serving a page

    - by Mr Aleph
    I have an Apache reverse proxy set to move requests to a Tomcat Applet. The config is similar to: <VirtualHost 100.100.100.100:80> ProxyPass /AppName/App http://1.1.1.1/AppName/App ProxyPassReverse /AppName/App http://1.1.1.1/AppName/App </VirtualHost> I also have a page called summary.html that exists on 1.1.1.1 as: http://1.1.1.1/AppName/summary.html When I browse directly to it I have no problem viewing it, however if I try to get there via the reverse proxy I get a blank page. Wireshark shows me a 503, but this one is coming from the Apache reverse proxy (IP 100.100.100.100) and not the Tomcat (IP 1.1.1.1). Should I add http://1.1.1.1/AppName/ to the config? How? I tried it but I get a blank page, however this one shows on the URL bar of the browser the internal IP of the Tomcat, so, no go. Help is appreciated. Thanks. EDIT: This is the dump from Wireshark: GET /AppName/ HTTP/1.1 Host: 100.100.100.100 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.52.7 (KHTML, like Gecko) Version/5.1.2 Safari/534.52.7 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Cache-Control: max-age=0 Accept-Language: en-us Accept-Encoding: gzip, deflate Connection: keep-alive HTTP/1.1 404 Not Found Date: Tue, 30 Jan 2012 09:08:51 GMT Server: Apache Content-Length: 1 Connection: close Content-Type: text/html; charset=iso-8859-1

    Read the article

  • Someone from china wants kill my entry bandwidth??

    - by yes123
    Hi guys. Someoen from china with two different ip is downloading the same big file from my server. Their ip are: 122.89.45.210 60.210.7.62 They requesting this file and downloading more than 20 times per minute. What Can I do to prevent this? (I am on gentoo with root access) And WHY they do this to a site that doesn't have nothing to do with china ? ADD1: Other ips: 221.8.60.131 124.67.47.56 119.249.179.139 60.9.0.176 ADD2: the stupid thing is they are requesting only 1 single file lol. Or they want that file removed (tho i don't see why) Or they are pretty stupid ADD3: Situation is getting worse. IP are spreading from other countries too (usa and korea if www.geobytes.com/iplocator.htm it's right) And now they are requesting another file. ADD4: it seems after they realized i removed that file they stopped attacking me. I will monitor the situation. They started again after a sleep of 3-4 mintues with the same file (lucky me). Hard to say why this is happening

    Read the article

  • Varnish with multiple sites/boxes

    - by jerhinesmith
    Is it possible for Varnish to redirect traffic to different IPs based on the url? For example, is the following setup feasible (and if so, what would the VCL look like): *.example.com points to Varnish IP address When a request is made to foo.example.com, varnish checks the cache and sends the request to Server1's IP address on a cache miss. When a request is made to bar.example.com, varnish checks the cache and sends the request to Server2's IP address on a cache miss. foo and bar are (for the most part) completely unrelated sites. They use the engine, but have different content and their own distinct database. Since there previously was no penalty for doing so (other than cost) we split them up into two separate boxes so that a ton of traffic to foo won't have a negative impact on visitors browsing around bar. I could set up two instances of varnish and have one serve up foo's static content and the other serve up bar's, but as there doesn't seem to be much overhead to running Varnish, I think (perhaps mistakenly) that it would make more sense to go with one Varnish server that redirects the traffic to the appropriate box on a cache miss.

    Read the article

  • Thomson router reboots unexpectedly with an apparent remote connection attempt

    - by ChrisF
    I've got a weird problem. Every so often my rooter (a Thomson TG585 v8 running version 8.2.7.8 of it's firmware) reboots itself. It seems to be associated with this message in the event log: FIREWALL replay check (1 of 2): Protocol: ICMP Src ip: 183.178.144.177 Dst ip: xxx.xxx.xxx.xxx Type: Destination Unreachable Code: Host Unreacheable xxx.xxx.xxx.xxx is my external IP address 183.178.144.177 resolves to 183178144177.ctinets.com We've got a student from Hong Kong staying with us at the moment and the reboots seem coincidental with him starting up his laptop. I say this because a check on ctinets.com shows it to be based in Hong Kong, though our guest's laptop doesn't appear to have any software related to this company installed. I say "apparently" as he is running the Chinese version of Windows and his English doesn't cover technical subjects like this. I know this is an incoming message but I was assuming that it was in response to something on the student's laptop which is why the first thought was malware, but we've got anti virus on all the other machines and have run malwarebytes on his with a negative result so I don't think the problem is due to a virus or (known) trojan. What else can I do to stop this and identify the cause?

    Read the article

  • iptables to block VPN-traffic if not through tun0

    - by dacrow
    I have a dedicated Webserver running Debian 6 and some Apache, Tomcat, Asterisk and Mail-stuff. Now we needed to add VPN support for a special program. We installed OpenVPN and registered with a VPN provider. The connection works well and we have a virtual tun0 interface for tunneling. To archive the goal for only tunneling a single program through VPN, we start the program with sudo -u username -g groupname command and added a iptables rule to mark all traffic coming from groupname iptables -t mangle -A OUTPUT -m owner --gid-owner groupname -j MARK --set-mark 42 Afterwards we tell iptables to to some SNAT and tell ip route to use special routing table for marked traffic packets. Problem: if the VPN failes, there is a chance that the special to-be-tunneled program communicates over the normal eth0 interface. Desired solution: All marked traffic should not be allowed to go directly through eth0, it has to go through tun0 first. I tried the following commands which didn't work: iptables -A OUTPUT -m owner --gid-owner groupname ! -o tun0 -j REJECT iptables -A OUTPUT -m owner --gid-owner groupname -o eth0 -j REJECT It might be the problem, that the above iptable-rules didn't work due to the fact, that the packets are first marked, then put into tun0 and then transmitted by eth0 while they are still marked.. I don't know how to de-mark them after in tun0 or to tell iptables, that all marked packet may pass eth0, if they where in tun0 before or if they going to the gateway of my VPN provider. Does someone has any idea to a solution? Some config infos: iptables -nL -v --line-numbers -t mangle Chain OUTPUT (policy ACCEPT 11M packets, 9798M bytes) num pkts bytes target prot opt in out source destination 1 591K 50M MARK all -- * * 0.0.0.0/0 0.0.0.0/0 owner GID match 1005 MARK set 0x2a 2 82812 6938K CONNMARK all -- * * 0.0.0.0/0 0.0.0.0/0 owner GID match 1005 CONNMARK save iptables -nL -v --line-numbers -t nat Chain POSTROUTING (policy ACCEPT 393 packets, 23908 bytes) num pkts bytes target prot opt in out source destination 1 15 1052 SNAT all -- * tun0 0.0.0.0/0 0.0.0.0/0 mark match 0x2a to:VPN_IP ip rule add from all fwmark 42 lookup 42 ip route show table 42 default via VPN_IP dev tun0

    Read the article

  • Only tunnel certain applications via OpenVPN

    - by jinjin
    Hi, I've purchased a VPN solution, it works correctly when I have "redirect-gateway def1" in the configuration file (routing all traffic through the VPN). However when I remove that line from the configuration file, I am still able to ping-out of the machine (ping -I tap0), however I cannot ping the IP assigned to the machine (it's a public ip), i get the error: Destination Host Unreachable. I only want to have certain applications sending traffic through the VPN tunnel (eg: ZNC, irssi), all of which i can select which IP they use. However they can't recieve any data, making the tunnel essentially useless to me when disabling redirect-gateway. Any ideas on how to allow specific applications use the tunnel, without of forcing everything to go through it? My configuration file is as follows: dev tap remote #.#.#.# float #.#.#.# port 5129 comp-lzo ifconfig #.#.#.# 255.255.255.128 route-gateway #.#.#.# #redirect-gateway def1 secret key.txt cipher AES-128-CBC The output of ifconfig -a when the tunnel is connected: tap0 Link encap:Ethernet HWaddr 00:ff:47:d3:6d:f3 inet addr:#.#.#.# Bcast:#.#.#.# Mask:255.255.255.255 inet6 addr: <snip> Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:612 errors:0 dropped:0 overruns:0 frame:0 TX packets:35 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:25704 (25.1 KiB) TX bytes:6427 (6.2 KiB) EDIT: the Bcast:#.#.#.# (ifconfig) is different from route-gateway #.#.#.# (openvpn) if that makes any difference.

    Read the article

  • Automated Linux VMs on Hyper-V 2012

    - by Mick
    I have a requirement to create a ton of linux VMs for our customers (we run managed infrastructure) on Hyper-V 2012 in the coming months and I have an issue with automating it. Here is how I need it to work: User accesses their web page and creates a VM. VM is created with a unique IP and name User logs in over SSH I know Hyper-V quite well and can work with powershell and am a C# programmer so the development side of things is taken care of. I also know enough about Linux to be at least competent: I have used it on and off for a number of years but not done anything Enterprise-level with it. All this can be done easily by manual processes but I need to be able to script or program this to automate it as there could be hundreds of them being created but I don't know how. My first thought is to have a database with random-generated names and IPs already created but I don't know how to get a Linux VM to boot up and grab one from the database... I suppose a Kickstart script would take care of it but I don't know what to do from there. Here is what is bouncing around in my head: Create a std linux build. - Easy to do Someone clicks "Create VM" and I pull a name and IP from the database and write it to a kickstart script. - Easy to do I could then open the template VHDX file and copy in the script and then save it. - Not sure if possible User boots up new VM and the kickstart script gives it the name and IP I assigned it. My problem is that I don't know how to open a VHDX file and insert a kickstart script into it... can't figure it out. I am reaching here and this solution may be miles off... I am more used to creating Windows VMs with scripts and so on which i am more familiar with... any help would be appreciated. Thanks Mick

    Read the article

  • Managing persistent data on an Amazon EC2 web server

    - by Derek
    I've just started trying out Amazon's EC2 service for running an asp.net web app which uses a SQL Server 2005 Express database. I have some questions about how to configure and operate it best for reliability, and I'm hoping to tap into some collective wisdom here as this is my first foray into EC2. Here's how I have it configured currently: OS: Windows 2003 SQL Server Express 2005 Web content stored on an EBS Volume (E Drive) Database Data stored on an EBS Volume (E Drive) Database backups to "C Drive" and then copied off to S3. Elastic IP Address attached to the production instance. Now when I make a change to the OS configuration, I make a new AMI using the bundle feature. Unfortunately, I found that this results in significant downtime. While the bundle is created and the new instance is started. It seems that when I'm ready to make a new AMI, I should: Start up a new temporary instance. Detach the EBS volume from the production instance. Detach the IP Address from the production instance. Attach the IP Address to the temporary instance. Attach the EBS volume to the temporary instance. Create an AMI from the production instance. After the production instance restarts, reverse the attach/detach steps to put it back in production. Is this the right order of events to prevent any chance to corrupt the EBS volume? Will the EBS volume become corrupt if I detach it while a database Write is taking place? Should I snapshot the EBS volume of the production instance and attach it to the temporary instance instead? Or could taking a snapshot of the EBS volume while it's in use cause corruption? Any suggestions to improve the reliability and operations?

    Read the article

  • Unable to mount root fs over NFS [on hold]

    - by johnmadrak
    I am attempting to set up a Raspberry Pi running Pidora to boot from an NFS share. My configuration in cmdline.txt is: dwc_otg.lpm_enable=0 console=ttyAMA0,115200 console=tty1 root=/dev/nfs nfsroot=<serverip>:/fake/path,nfsvers=3,rw,nolock nfsrootdebug ip=dhcp elevator=deadline rootwait On the Pi, the output I see is: IP-Config: Got DHCP answer from <router>, my address is <clientip> IP-Config: Complete: device=eth0, hwaddr=<macaddress>, ipaddr=<clientip>, mask=255.255.255.0, gw=<routerip> host=<clientip>, domain=, nis-domain=(none) bootserver=<routerip>, rootserver=<serverip>, rootpath= nameserver0=<routerip> (It pauses for a bit here) VFS: Unable to mount root fs via NFS, trying floppy VFS: Cannot open root device "nfs" or unknown-block(2,0); error -6 Please append a correct "root=" boot option; here are the available partitions: ..... On the NFS Server (an OpenVZ Container), the output I see in the /var/log/messages is: Aug 22 23:24:01 vps-4178 rpc.mountd[928]: authenticated mount request from <clientip>:783 for /fake/path (/fake/path) Aug 22 23:24:38 vps-4178 rpc.mountd[928]: authenticated mount request from <clientip>:741 for /fake/path (/fake/path) Aug 22 23:25:25 vps-4178 rpc.mountd[928]: authenticated mount request from <clientip>:752 for /fake/path (/fake/path) Aug 22 23:26:12 vps-4178 rpc.mountd[928]: authenticated mount request from <clientip>:876 for /fake/path (/fake/path) To test, I've made sure I can mount (non-root) from both the Pi and another machine and it worked. Does anyone have an idea on what could be wrong or how to narrow it down? Thank you in advanced for your help.

    Read the article

  • Moving Microsoft Exchange server to the private network.

    - by Alexey Shatygin
    In one of the offices, we have a 50-computers network, which had only one server machine: Windows 2003 Server Microsoft ISA Server Microsoft Exchange 2003 This server worked as a gateway (proxy server), mail server, file server, firewall and domain controller. It had two network interfaces, one for WAN (let's say 222.222.222.222) and one for LAN (192.168.1.1). I set up a Linux box to be the gateway (without a proxy), so the Linux box now has the following interfaces: 222.222.222.222 (our external IP, we removed it from the Windows machine) and 192.168.1.100 (internal IP), but we need to keep the old Windows server as a mail server and a proxy for some of our users, until we prepare another Linux machine for that, so I need the mail server on that machine to be available from the Internet. I set up iptables rules to redirect all the incoming connections on the 25th and 110th ports of our external IP to 192.168.1.1:25 and 192.168.1.1:110 and when I try to telnet our SMTP service telnet 222.222.222.222 25 I get the greetings from our windows server's (192.168.1.1) SMTP service, and that's works fine. But when I telnet POP3 service telnet 222.222.222.222 110 I only get the blank black screen and the connection seem to disappear if I press any button. I've checked the ISA rules - everything seems to be the same for 110th and 25th ports. When I telnet on 110th ports of our Windows server from our new gateway machine like this: telnet 192.168.1.1 110 I get the acces to it's POP3 service: +OK Microsoft Exchange Server 2003 POP3 server version 6.5.7638.1 (...) ready. What sould I do, to make the POP3 service available through our new gateway?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 169 170 171 172 173 174 175 176 177 178 179 180  | Next Page >