Search Results

Search found 7415 results on 297 pages for 'man behind'.

Page 211/297 | < Previous Page | 207 208 209 210 211 212 213 214 215 216 217 218  | Next Page >

• Site to Site VPN with Fault Tolerence

  - by Nordberg

  Hello, I have a situation where I require an IPSEC tunnel between two sites. Site 2 is a small branch office with basic (ADSL) connectivity and Site 1 is the "main" office with SDSL and ADSL for redundancy should the SDSL fail. From Site 1, all traffic bound for the 172.0.0.0 network will then be sent down another IPSEC tunnel to a supplier's Remote Server. See this page for the basic premise (this is a rough idea and things can be moved about etc...) I am considering specifying Cisco ASA devices as the firewalls for both sites for all connections. Would it be possible to employ something like HSRC to provide a backup at Site 1 should the SDSL go down? I suppose the key aims here are that Site 2 can somehow failover to initiate a VPN to the ASA behind the ADSL at Site 1. I will have a 21 subnet mask on all internet connections so can play with Class C routing if need be... If I'm barking up the wrong tree with HSRC, is there another way I can acheive this without massive expenditure on Barracuda routers et al? Many Thanks.

  Read the article

• OpenVPN and TomatoVPN

  - by Bill Johnson

  Wondering if someone can help me with the following. I have updated my Linksys router with TomatoVPN and used the following config: Interface Type:TAP Protocol:UDP Port:1195 Firewall Custom Authorization Mode:Static Key I have then inserted the static key generated in OpenVPN saved and started the service. connect.ovpn. # Use the following to have your client computer send all traffic through your router # (remote gateway) remote (entered my DNS/DHCP servers external IP address here) port 1195 dev tap secret static.key.txt proto udp comp-lzo route-gateway 192.168.1.1 redirect-gateway float I've then placed my static key in a file in the same directory as your connect.ovpn (static.key.txt) Now OpenVPN is installed on a laptop that I use at home. I have plugged in the laptop to my home connection and started connect.ovpn The Local Area Connection is connected as 'Home Network 3' - and when I start OpenVPN it is connected as 'Local Area Connection 2' and this is showing as 'Unidentified Network' and it appears there is no network access. TAP-Win32 Adapter V9 appears to be the adaptors name and the IP and DNS properties are set to automatic. If I open up the OpenVPN GUI it shows an error message saying "Connecting to connect has failed". Looking at the error message behind this pop-up one line says "TCP/UDP Socket bind failed on local address [undef]:1195 Address already in use [WSAEADDRINUSE] Could anyone possibly help me further with this please?

  Read the article

• Upgrading Ubuntu 9.04 to 9.10 when Update Manager doesn't let you

  - by nickf

  I've been trying to upgrade my installation of Ubuntu 9.04 to 9.10, but all of the instructions I've found haven't been helping. They mostly say to run the update manager and it'll tell you that there's a new distribution ready. Well, mine doesn't say that. Things I've run or checked: update-manager -d says: Your system is up-to-date The package information was last updated less than one hour ago. I've set it to get all new distributions, not just LTS $ cat /etc/update-manager/release-upgrades [DEFAULT] # default prompting behavior, valid options: # never - never prompt for a new distribution version # normal - prompt if a new version of the distribution is available # lts - prompt only if a LTS version of the distribution is available Prompt=normal I'm definitely running 9.04 $ lsb_release -r Distributor ID: Ubuntu Description: Ubuntu 9.04 Release: 9.04 Codename: jaunty Even running the release upgrade from console doesn't help: $ sudo do-release-upgrade Checking for a new ubuntu release No new release found This is running from behind a proxy, but I've set it up such that the regular upgrades and apt-get etc doesn't complain. (export http_proxy=http://myuser:mypass@myserver:8080/) Could you think of anything else which might be stopping me from upgrading?

  Read the article

• Mod_Proxy_AJP set up issues

  - by TripWired

  I'm trying to set up Tomcat behind Apache using mod_proxy_ajp. After tons of messing around with the configs I am stuck at a 403 page when trying to access tomcat. I had a 404 before but apparently something I changed along the way fixed that. I'm not sure which setting to change at this point. Could anyone look over the configs I have and see if anything is missing. httpd.conf <IfModule mod_proxy.c> ProxyRequests Off <Proxy *> Order deny,allow Deny from all Allow from localhost </Proxy> proxy_ajp.conf LoadModule proxy_ajp_module modules/mod_proxy_ajp.so # # When loaded, the mod_proxy_ajp module adds support for # proxying to an AJP/1.3 backend server (such as Tomcat). # To proxy to an AJP backend, use the "ajp://" URI scheme; # Tomcat is configured to listen on port 8009 for AJP requests # by default. # # # Uncomment the following lines to serve the ROOT webapp # under the /tomcat/ location, and the jsp-examples webapp # under the /examples/ location. # ProxyPass /tomcat ajp://127.0.0.1:8009/ ProxyPassReverse /tomcat ajp://127.0.0.1:8009/ ProxyPass /examples/ ajp://localhost:8009/jsp-examples/

  Read the article

• Configure APE-Server on Ubuntu10.10 webserver

  - by sadmicrowave

  I'm having problems configuring my ape-server. First, I reside behind a corporate firewall where our own DNS servers are maintained. I requested a domain name for my server and was provided uslonsweb003.us.mycompany.com from my IT group. Therefore, my website works and can be accessed via (intranet only) at http://uslonsweb003.us.mycompany.com/test.php. I followed the instructions at ape-project.org and run the Check Tool at the end only to find I get an error stating: Running test : Contacting APE Server (adding frequency) Can't contact APE Server. Please check the folowing url is pointing to your APE server : http://0.uslonsweb003.us.mycompany.com:6969 my /etc/apache2/apache2.conf module looks as follows: <VirtualHost *:80> Servername uslonsweb003.us.mycompany.com ServerAlias ape.uslonsweb003.us.mycompany.com ServerAlias *.ape.uslonsweb003.us.mycompany.com DocumentRoot "/var/www/" </VirtualHost> my /var/www/ape-jsf/Demos/config.js config section looks as follows: APE.Config.baseUrl = 'http://uslonsweb003.us.mycompany.com/ape-jsf'; APE.Config.domain = 'uslonsweb003.us.mycompany.com'; APE.Config.server = 'uslonsweb003.us.mycompany.com:6969'; The instructions at ape-project.org tell me that the APE.Config.server should be `ape.mydomain.com:6969'; but that does not work (I'm assuming because my corporate DNS does not understand the 'ape' before the domain name since 'ape' was not registered with the IT DNS). So therefore, I changed it to what you see above. Please help!! Thanks in advance UPDATE 1 per the installation instructions located on this page http://www.ape-project.org/wiki/index.php/Advanced_APE_configuration under 'Configure your Server/Computer' (I'm running it on a server obviously) It says I need to add some lines to my DNS config file. It sounds like (since I'm within a corporate network) I would ask my IT group to add the following lines to the DNS configuration file on their end: ape IN A x.x.x.x ; IP address of my APE server *.ape IN CNAME ape I just want to make sure this is all I have to have them add (or if this is even correct) before I ask them.

  Read the article

• How to know if your computer is hit by a dnschanger virus?

  - by kira

  The Federal Bureau of Investigation (FBI) is on the final stage of its Operation Ghost Click, which strikes against the menace of the DNSChanger virus and trojan. Infected PCs running the DNSChanger malware at unawares are in the danger of going offline on this coming Monday (July 9) when the FBI plans to pull down the online servers that communicate with the virus on host computers. After gaining access to a host PC, the DNSChanger virus tries to modify the DNS (Domain Name Server) settings, which are essential for Internet access, to send traffic to malicious servers. These poisoned web addresses in turn point traffic generated through infected PCs to fake or unsafe websites, most of them running online scams. There are also reports that the DNSChanger virus also acts as a trojan, allowing perpetrators of the hack attack to gain access to infected PCs. Google issued a general advisory for netizens in May earlier this year to detect and remove DNSChanger from infected PCs. According to our report, some 5 lakh PCs were still infected by the DNSChanger virus in May 2012. The first report of the DNSChanger virus and its affiliation with an international group of hackers first came to light towards the end of last year, and the FBI has been chasing them down ever since. The group behind the DNSChanger virus is estimated to have infected close to 4 million PCs around the world in 2011, until the FBI shut them down in November. In the last stage of Operation Ghost Click, the FBI plans to pull the plug and bring down the temporary rogue DNS servers on Monday, July 9, according to an official announcement. As a result, PCs still infected by the DNSChanger virus will be unable to access the Internet. How do you know if your PC has the DNSChanger virus? Don’t worry. Google has explained the hack attack and tools to remove the malware on its official blog. Trend Micro also has extensive step-by-step instructions to check if your Windows PC or Mac is infected by the virus. The article is found at http://www.thinkdigit.com/Internet/Google-warns-users-about-DNSChanger-malware_9665.html How to check if my computer is one of those affected?

  Read the article

• Web server with static IP from cable provider

  - by Dmitri

  I have a subscription to 5 static IP addresses. I want to run a web server from behind a router. My network config is as follows: Server's local address is 10.1.10.2, has IIS running on it, port 80 and 443 (IIS is not my fault, had to be done) the server's ip address is static, the subnet mask is 255.255.255.0, gateway is 10.1.10.1, which is the local address of the cable modem / router / gateway thingy. All looks to be in textbook order as far as the LAN goes. I can get to anything on my LAN from any computer on my LAN, whether they have static IP or get it through DHCP from the cable modem/router thingy. however, I have no internet access form any of my LAN computers. I called Comcast tech support and they say they can connect to my modem/router just fine and can actually use it to ping any computer on the internet or any computer on my LAN from the router/modem (i checked, myself, this is in fact the case). However, nothing on my LAN has internet connectivity. I tried pinging the DNS servers, nothing. I tried directly typing in web sites' IP addresses, nothing, so doesn't seem to be a DNS issue. Any Ideas? What malfunction of a router could be causing such weird behavior? nay ideas or educated guesses are very much appreciated.

  Read the article

• 16-bit MS-DOS Subsystem: csrss.exe

  - by Wesley

  Hi all, I just booted up my Samsung N120 netbook (with Windows XP Home SP3) and a dialog box came up with a command prompt window behind it. The dialog box is titled 16 bit MS-DOS Subsystem and the message is as follows: C:\DOCUME~1\SAMSUNG\csrss.exe The NTVDM CPU has encountered an illegal instruction. CS:0544 IP:0117 OP:63 00 64 00 34 Choose 'Close' to terminate the application. This only started on my most recent boot-up. One thing to note is that when I downloaded the Dropbox installer and opened it up, Panda Cloud Antivirus detected a suspicious file, which was csrss.exe and "neutralized it." However, an actual virus or trojan was not detected immediately before the file was detected and neutralized. Just under two weeks ago, a trojan and two viruses were detected for some odd reason. (I only went to website I knew and I do not torrent or browse adult sites.) Anyhow, the two viruses came up in temporary files and the trojan was "neutralized." Anyways, the main question is: How can I repair the csrss.exe file such that Windows XP starts up properly? A screenshot could be posted upon request. Thanks in advance!

  Read the article

• Weird mouse/keyboard freezups when using PowerPoint 2007 with IBM/Lenovo docking station

  - by DanM

  I'm not sure what part of my system is responsible for this, but when using PowerPoint, I have problems when trying to resize drawing objects. I'll be dragging the handle and suddenly, the object will deselect and whatever is behind the object will select and start moving around. Next thing I know, the keyboard won't type anymore, and the only way to fix it is to unplug the USB and plug it back in. In case it's hardware related, I'm using an IMB Thinkpad T60P in a docking station. My keyboard is a Microsoft Natural Keyboard Pro. My OS is Windows XP SP3. I've never noticed this happening in anything besides PowerPoint, and I don't know anyone else who has this problem (even people with similar setups). Any ideas what it could be? Edit Well, it looks like I only get the problem if I plug the mouse into my docking station's USB. If I plug directly into the laptop's USB, everything works fine. And, again, this problem is only with PowerPoint. I tried playing with some drawing objects in Word and had no issue no matter where my mouse was plugged in. I should also mention I tried a different mouse (a standard Microsoft corded mouse instead of my Logitech trackball), but that made no difference. So, I don't think it's anything specific with the trackball or the trackball's driver. I tried searching Google but came up empty, so I'm guessing this problem is something unique to my setup. If you have any thoughts or ideas to try, I'd love to hear them.

  Read the article

• Best Firewall product for hosting/housing environment?

  - by Raffael Luthiger

  I am searching for a firewall product (appliance or software) for an hosting/housing environment. The biggest problem is that the rules get very complex as more customers are behind the firewall. Some have only one server, others have a whole subnet. Some need NAT, some a VPN endpoint. Some customers want to only allow port http, others ssh as well. So the device needs to be able to support VLANs and it should be possible to group the rules per customer. Speed is another important point. And being able to manage redundant devices easily. I am searching for something that doesn't have all the extras like spam filter etc. I was searching a lot on the net but either they had all those extras as well (and with is an overloaded configuration interface) or they missed some of the features I need (e.g. VLAN). The VPN endpoint is not the an important criteria. We were thinking about a separate machine for it.

  Read the article

• What's the risk of running a Domain Controller so that it is accessible from the internet?

  - by Adrian Grigore

  I have three remote dedicated web servers at different webhosts. Adding them to a common domain would make a lot of administration tasks much easier. Since two of the servers are running Windows 2008 R2 Standard, I thought about promoting them to Domain Controllers in order to set up the windows domain. There's another thread at Serverfault that recommends this. At the same time I've read a lot of times on different websites that this is not a good idea because an domain controller should always be behind a firewall LAN. But I can't set up something like this because I don't have a LAN with a static IP accessible from the internet. In fact I don't even have a windows server in my LAN. What I have not found out is why exposing a DC to the Internet would be bad idea. The only risk I can see is that if someone penetrates one of my webservers, it should be much easier to penetrate the others as well. But as far as I can see that's the worst case scenario since I am only going my web servers to that domain, not any computers from my local network. Is this the only downside or does it also make it easier to penetrate one of my web servers in the first place? Thanks, Adrian

  Read the article

• error 20014 with mod_proxy

  - by punkish

  I have strange situation. I need to call a program in cgi-bin from within a perl script. When I try to do that with exec($program), I get (20014)Internal error: proxy: error reading status line from remote server proxy: Error reading from remote server returned by ... The long story... I am calling mapserv (http://mapserver.org) as a cgi program from OpenLayers (http://openlayers.org). Ordinarily, my web site is served by Perl Dancer, but the mapserver calls are made directly to http://server/cgi-bin/mapserv from JavaScript. The Dancer web site is served by Starman behind an Apache2 proxy front-end. This is how it looks [browser] -> http://server/app -> [apache2] -> proxy port 5000 -> Starman | | +-> http://server/cgi-bin/mapserv -> [apache2] -> cgi-bin -> mapserv This is what I am trying to accomplish [browser] -> http://server/app -> [apache2] -> proxy port 5000 -> Starman | | mapserv <-- cgi-bin <-- [apache2] <--+ I saw this question re: 20014 error, but that suggested solution didn't help. Any other hints?

  Read the article

• Short POST data in HTTP

  - by Matt

  We're hosting a customer's Debian Linux web server. It's running a PHP based web application. The server is sitting behind our firewall with it's own virtual interface and port 80 is forwarded internally to a machine sitting in the DMZ. The issue we're having is that when data is posted to the server it seems to be being cut short for some users. It's reproducable for some users on the same box. But the same user sending the same data on the same lan on another PC it works. The data gets cut to around 1140 bytes I'm told. Any idea why this might be happening? The customer is blaming our firewall, but then surely we'd have issues with other services. I'm suspecting it's a problem with the website itself. Suggestions on how to isolate the problem would be of help. Our firewall is Astaro. EDIT: A customer has set the ethernet frame size temporarily to 500bytes on the server. This made it work for now! I know some of the customers are using an internet provider that runs PPPoE

  Read the article

• Two domains, two servers, one dynamic IP address

  - by giantman

  I have two domains hi.org and bye.net and one dynamic IP address and two servers. I want to attach one domain bye.net to server1 and hi.org to server2. I'm using Apache wamp 2.0i. I have two servers behind one router with a dynamic IP address #httpd.conf file additions <IfModule mod_proxy.c> ProxyRequests Off <Proxy *> Order deny,allow Allow from all </Proxy> </IfModule> #vhost file additions NameVirtualHost *:80 #default <VirtualHost *:80> DocumentRoot "c:/wamp/www/fallback" </VirtualHost> # Server 1 <VirtualHost *:80> DocumentRoot "c:/wamp/www" ServerName h**p://bye.net ServerAlias bye.net </VirtualHost> # Server 2 <VirtualHost *:80> ProxyPreserveHost On ProxyPass / h**p://192.168.1.119/ DocumentRoot "g:/wamp/www" ServerName h**p://hi.org ServerAlias hi.org </VirtualHost> After doing all this I fallback to server1 only I don't get the page hi.org I only get the page bye.net, I don't even get the default fallback page which gets executed when a person enters IP address but not the domain name. I use Windows 7 (server 2) and Windows XP (server 1) UPDATE: I needed to remove DocumentRoot "g:/wamp/www" line :D it was there by mistake! things are working fine now. But one thing: the URL gets replaced by the local ip address any way to not make that happen?

  Read the article

• IIS6 Multiple SSL websites to a single HTTP website?

  - by docflabby

  Running a IIS6 server on Windows 2003. All the websites use ASP.NET I have a number of websites all running separate HTTP websites: www.domain1.com www.domain2.com www.domain3.com I have a separate HTTPS website www.secure.com These websites are all running on the same server. I now wish to intergrate the content of www.secure.com into each of the domains in a transparent way. Such that each website despite having its own SSL connection displays the same website. The complicatrion is www.secure.com needs to know which website the connection has come from to apply the appropriate branding. The idea behind this is to have only one website, and location, but it keeps the core website brand. https://domain1.com looks alot better from a marketing point of view (and avoids users getting confused about what our secure website is) SSL www.domain1.com/secure - displays www.secure.com (branded domain1) SSL www.domain2.com/secure - displays www.secure.com (branded domain2) SSL www.domain3.com/secure - displays www.secure.com (branded domain3) How would the best way of achieving this, i'm open to using additional software if necessery. Would a reverse proxy be sutible for this situation?

  Read the article

• Application losing Printer within Terminal Services for remote users

  - by Richard

  Question: What I need to do is have a permanent link to a printer, normally only accessible through Terminal Services (Printer Redirect), to allow Sage Line 50 layouts to see that printer persistently, even after users have disconnected and reconnected to the Terminal Services session? Although the printer is accessible each time a user connects to the Sage Server via Terminal Services, it is given a different session number and therefore the Sage Layout sees it as a different printer. History behind question: Users using Terminal Services connecting to a Sage Server on a different site Using Sage Line 50 v 15 on that Server Users want to print invoices (sage layouts) locally Sage Server cannot see the users local printers, to get around this user uses the Print redirect features of Terminal Services The individual reports can be edited to point to a specific printer by default. This means the user just has to select an invoice and click print, then select the layout/report wanted and it auto prints that invoice to the default printer specified. The problem occurs because the layouts are edited to point to the users local printer "Ricoh 1018d (session#)", note the "(session#)" as this is the users local printer being redirected through the terminal services session. Users are able to print using the sage layouts once the default printer is setup within the layout and saved, but as soon as the users disconnects from the Terminal Services session and then reconnect in the morning go to print, it has lost the connection to that printer. I understand why its failed, because that the printer is on a per session basis and the layout would not be able to hold on to the connection from a previous session. Thanks in advance for any assistance...

  Read the article

• Lion server profile manager, device enrollment doesn't work

  - by user964406

  I am in the process of setting up Lion Servers profile manager to manage iPads on our local school network. I don't need to manage them while they are outside the network. I have successfully had it working on my personal network. The school network is behind a proxy which we have no control over. I can get the iPads to view the mydevices page and install a trust cert. I have managed to get an iPad to successfully install the remote management profile. After this the profile manager bugs out. It will list the active task of 'new device (sending)' but it's unable to complete the task. If I click on the device on profile manager and try any of the actions out they will all fail to complete. I am using the auto generated certificates and this works if I bring the server and iPad outside of the school network. Shortly after device enrollment the system log on the Lion server reports the following Replaced the actual ip address with INTERNALIP Jun 4 08:40:53 mini sandboxd[760] ([778]): applepushservice(778) deny network-outbound INTERNALIP:8080 Jun 4 08:40:53 mini sandboxd[760] ([778]): applepushservice(778) deny network-outbound INTERNALIP:8080 Jun 4 08:40:53 mini applepushserviced[778]: Got connection error Error Domain=NSPOSIXErrorDomain Code=1 "The operation couldn\u2019t be completed. Operation not permitted" UserInfo=0x7fa483b1a340 {NSErrorFailingURLStringKey=https://albert.apple.com/WebObjects/ALUnbrick.woa/wa/deviceActivation?device=Mac OS, NSErrorFailingURLKey=https://albert.apple.com/WebObjects/ALUnbrick.woa/wa/deviceActivation?device=Mac OS} Jun 4 08:40:53 mini applepushserviced[778]: Failed to get client cert on attempt 2, will retry in 15 seconds Does anyone have any ideas on how to get past this stage? Thanks in advance.

  Read the article

• IIS rewrite rule to check for querystring and add it if its not there

  - by M.R.

  I'm trying to make a IIS URL rewrite rule that appends an URL parameter to the URL. The url parameter is hssc. So, any url that is processed through the server, needs that parameter. Keeping in mind that some urls will have their own params already, and other urls won't, and root urls, etc, sometimes it will need to add ?hssc=1 or &hssc= - so, if I have a URL that is as such: http://www.blah.com should become http://www.blah.com/?hssc=1 http://www.blah.com/index.html should become http://www.blah.com/index.html?hssc=1 http://www.blah.com/?q=5 should become http://www.blah.com/q=5&hssc=1 http://www.blah.com/index.html?q=5 should become http://www.blah.com/index.html?q=5&hssc=1 http://www.blah.com/index.html?q=5&hssc=1 should be left alone I also want it that the URL should not be hidden (as in a backend rewrite behind the scenes). I need the URL to appear in the URL, so when users copy the URL, or bookmark it, the parameter is there. I've set the condition to match it \&hssc|\?hssc - now I just need a way to write the URL, so it appears and keeps the part of the original URL that is already there.

  Read the article

• Clicking a link in IE6 doesn't load page (internal DNS entry on our intranet)

  - by Callum

  I have a very strange problem that is only affecting some versions of IE6. The problem does affect IE 6.0.2900.5512, but does not seem to affect 6.0.3790.3959 Basically I work for a company and we have an intranet. While I'm not an expert on "internal DNS pointers", what I was able to do was create a website (let's say about football), and when an employee who is sitting behind the company firewall types the word "football" in to the web address bar of their web browser, they get redirected to a particular server. I am told this is some kind "internally pointing DNS entry". So, I've set one of these up, and I have a placed a link to it on our company intranet page. However, when the link is clicked in IE6.0.2900.5512, the page goes blank. Clicking "refresh" then loads the correct page (the one specified in the link). Can anyone help me out here. I have tried changing the way URL is formed, everything from //football to http://football/ etc. The link works fine in every other browser and IE7+, but unfoturnatly, IE6 is still the most common browser in use at my organisation.

  Read the article

• Apache2, making my site publicly available

  - by Shackler

  Hello, I want to make my apache 2 development server public to the internet, it is a Django based website. Here is my apache2 config: <VirtualHost *:80> Alias /media /home/user/myproject/statics Alias /admin_media /home/myuser/django/Django-1.1.1/django/contrib/admin/media WSGIScriptAlias / /home/myuser/myproject/myproject_wsgi.py WSGIDaemonProcess myproject user=myuser group=myuser threads=25 WSGIProcessGroup myproject </VirtualHost> When I do netstat -lntup I get: Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN - tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN - tcp6 0 0 :::80 :::* LISTEN - tcp6 0 0 :::22 :::* LISTEN - tcp6 0 0 ::1:631 :::* LISTEN - udp 0 0 0.0.0.0:5353 0.0.0.0:* - udp 0 0 0.0.0.0:38582 0.0.0.0:* I connect with ADSL thus I am behind a router. For this I have made my computer DMZ enabled to my machine. What can be the problem? When I try to login with my ip, I get my routers config page, when a friend tries to connect to me from internet, he gets "not authorized".

  Read the article

• Chroot jail of Nginx and php

  - by sqren

  I'm hosting multiple websites on one VPS, and want to chroot each website, eg. /chroot/website1 /chroot/website2 I'm using makejail, which is a highlevel tool, for creating the jails, and copying the libraries and dependencies. Easy peasy. Each website will need nginx, php and mysql. For php I'm using php5-fpm which actually supports chroot by configuration, however I'm not using this (maybe I should?) My question is which approach of the following three is the better: 1) Every website will have its own seperated instance of nginx, php and mysql. The downside is, that each webserver + php has to listen to a different port. I also need a "master" nginx web server in front of them, reverse proxying to the chrooted servers behind it. Probably most secure, but also most advanced. 2) I don't make any chroot jails manually. I setup one nginx web server, that proxies php requests to php-fpm, on different ports. I can have multiple php-fpm configurations each with is own chroot'ed folder. This is quite managable - however only php will be chrooted. Not the actual webserver. Is this secure enough. Also, I tried this option out, and it seems I will need to use TCP instead of sockets for connecting to MySQL. 3) You tell me ;) I'm quite new to chroot jailing, so please correct me if I'm wrong in my assumptions. I've been reading all the tutorials I could find, however, I find the market for chroot guides very scarce. Any help or inputs much appreciated!

  Read the article

• iPhone Remote with iTunes Library via VPN

  - by sudo work

  Alright, so I'm currently behind a network router (not under my control). The router performs NAT and somehow prevents a computer from scanning other nodes. At least, you're unable, in this instance, to locate an iTunes library. You can, however, communicate with a node's open ports if the local IP address is known, as well as the port. I haven't actually tried port scanning a specific IP using nmap or another tool yet. So I've tried one solution to remove the contribution of the router entirely (to verify that it works without the influence of the routers). I set up an access point using my iPhone and tethered my computer (with the library) to it. From here, I was able to pair my library and the iPhone Remote application. Control of the library was normal as well. This solution is not ideal, however, because I am actively using bandwidth with my computer and cannot afford to be tethered to my 3G connection. A viable solution for me is to use a common VPN connection, which I have set up on a Ubuntu (Intrepid) server that is remote. Both my computer and iPhone are able to access the VPN via PPTP. The server is setup with PPTPD as the VPN-server; I'm using IPTables to perform IP masquerading and forwarding traffic. I however, still cannot connect the library to the phone. I can however, see both devices on the VPN subnet (192.168.0.0/24). SSH'ing and such works fine. What settings on the VPN server must I change to get this to work? Also, how can I assign static IP addresses to various PPTP clients based on MAC addresses?

  Read the article

• How to remove request blocking on apache reverse proxy after failure of backend before asking backen

  - by matnagel

  I am working on an apache2 reverse proxy vhost. When the server behind apache is down, the first request to apache shows the error page of course. But at subsequent requests it seems apache delays for some time before asking the backend server again. During all this time (which is short but in development I don't want a delay at all) only the apache error page is shown to the browser, although the backend server is already up. Where is this setting in apache, what is this behaviour, and how can I set the delay time to zero? Edit: I am not trying to change the timeout for a single request. I want to change the blocking time. It is my experience that apache blocks further requests for a certain time before asking a backend server again that has failed once. Edit2: This is what apache delivers: Service Temporarily Unavailable The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later. Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.7 with Suhosin-Patch proxy_html/3.0.0 Server at localhost Port 80 After hitting Ctrl-R in firefox for 60 seconds the page finally appears.

  Read the article

• iptables (NAT/PAT) setup for SSH & Samba

  - by IanVaughan

  I need to access a Linux box via SSH & Samba that is hidden/connected behind another one. Setup :- A switch B C |----| |---| |----| |----| |eth0|----| |----|eth0| | | |----| |---| |eth1|----|eth1| |----| |----| Eg, SSH/Samba from A to C How does one go about this? I was thinking that it cannot be done via IP alone? Or can it? Could B say "hi on eth0, if your looking for 192.168.0.2, its here on eth1"? Is this NAT? This is a large private network, so what about if another PC has that IP?! More likely it would be PAT? A would say "hi 192.168.109.15:1234" B would say "hi on eth0, traffic for port 1234 goes on here eth1" How could that be done? And would the SSH/Samba demons see the correct packet header info and work?? IP info :- A - eth0 - 192.168.109.2 B - eth0 - 192.168.109.15 - eth1 - 192.168.0.1 C - eth1 - 192.168.0.2 A, B & C are RHEL (RedHat) But Windows computers can be connected to the switch. I configured the 192.168.0.* IPs, they are changeable. Any help?

  Read the article

• Accessing network shares on Windows7 via SonicWall VPN client

  - by Jack Lloyd

  I'm running Windows7 x64 (fully patched) and the SonicWall 4.2.6.0305 client (64-bit, claims to support Windows7). I can login to the VPN and access network resources (eg SSH to a machine that lives behind the VPN). However I cannot seem to be able to access shared filesystems. Windows is refusing to do discovery on the VPN network. I suspect part of the problem is Windows persistently considers the VPN connection to be a 'public network'. Normally, you can open the network and sharing center and modify this setting, however it does not give me a choice for the VPN. So I did the expedient thing and turned on file sharing for public networks. I also disabled the Windows firewall for good measure. Still no luck. I can access the server directly by putting \\192.168.1.240 in the taskbar, which brings up the list of shares on the server. However, trying to open any of the shares simply tells me "Windows cannot access \\192.168.1.240\share You do not have permission to access ..."; it never asks for a domain password. I also tried Windows7 native VPN functionality - it couldn't successfully connect to the VPN at all. I suspect this is because SonicWall is using some obnoxious special/undocumented authentication system; I had similar problems trying to connect on Linux with the normal IPsec tools there. What magical invocation or control panel option am I missing that will let this work? Are there any reasonable debugging strategies? I'm feeling quite frustrated at Windows tendency to not give me much useful information that might let me understand what it is trying to do and what is going wrong.

  Read the article

< Previous Page | 207 208 209 210 211 212 213 214 215 216 217 218  | Next Page >