Search Results

Search found 11903 results on 477 pages for 'ip forwarding'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 259/477 | < Previous Page | 255 256 257 258 259 260 261 262 263 264 265 266  | Next Page >

  • Filtering semi-solicited spam

    - by Ketil
    While traditional UCE (get rich quick, enlarge your body parts, Nigerian barristers) are handled adequately, I'm still receiving a lot of not quite unsolicited spam. This is typically from commercial services forwarding "invites" from my "friends" and then "reminding" me of their services. Typical offenders are Facebook, Linkedin, dropbox, bebox, etc etc. (Of course, none of these services provide any way of opting out, except possibly by registering, which they will then take as an invitation to stuff your mailbox with even more crap) What is a good way to deal with these? I can of course junk them using procmail, but is it a better idea to e.g. bounce them, or at least send a reply informing the sender (and "friend") that I am not interested in their service nor their spam. Any solutions to this?

    Read the article

  • What's causing "shutdown state" after TFTP reloaded Cisco `running-config` on 871?

    - by xtian
    Cisco CCP Write Configuration borked my 871w config while I was trying to setup port forwarding. I tested the 871's flash memory with fsck and rewrote the minimal config for TFTP (which is the same for Cisco's CCP app.). Thne, I successfully uploaded a previously working running-config from Win Vista using SolarWinds TFTP Server, unfortunately the restore was not entirely successful. The old running config was saved to the 871's startup-config and I can login using console port. Some other things that are working are the hostname and welcome message but that's about it. Startup shows an error SETUP: new interface NVI0 placed in "shutdown" state after tftp. The missing light on the access point modem for ethernet link show the 871'a outside FE4 is not working. SO...what's the possible problem with reloading a previously working config (approximately 4 months with the same config) via TFTP? Is there something I can look for on the 871 to verify the config?

    Read the article

  • ssh: which side is running the SOCKS proxy?

    - by Barry Brown
    When I set up a tunnel using dynamic forwarding (ssh -D), which side is running the SOCKS proxy? That is, is the proxy running on the local end (client) or the remote end (server)? Here's the situation: I want to set up several tunnels chained together using -L. Should the -D tunnel be the last one in the chain or the first one? Edit: I found the answer to the second paragraph on Super User (the -D tunnel should be at the remotest end). But I'd still like to know where the proxy code is running.

    Read the article

  • Help me upgrade my pf.conf for OpenBSD 4.7

    - by polemon
    I'm planning on upgrading my OpenBSD to 4.7 (from 4.6) and as you may or may not know, they changed the syntax for pf.conf. This is the relevant portion from the upgrade guide: pf(4) NAT syntax change As described in more detail in this mailing list post, PF's separate nat/rdr/binat (translation) rules have been replaced with actions on regular match/filter rules. Simple rulesets may be converted like this: nat on $ext_if from 10/8 -> ($ext_if) rdr on $ext_if to ($ext_if) -> 1.2.3.4 becomes match out on $ext_if from 10/8 nat-to ($ext_if) match in on $ext_if to ($ext_if) rdr-to 1.2.3.4 and... binat on $ext_if from $web_serv_int to any -> $web_serv_ext becomes match on $ext_if from $web_serv_int to any binat-to $web_serv_ext nat-anchor and/or rdr-anchor lines, e.g. for relayd(8), ftp-proxy(8) and tftp-proxy(8), are no longer used and should be removed from pf.conf(5), leaving only the anchor lines. Translation rules relating to these and spamd(8) will need to be adjusted as appropriate. N.B.: Previously, translation rules had "stop at first match" behaviour, with binat being evaluated first, followed by nat/rdr depending on direction of the packet. Now the filter rules are subject to the usual "last match" behaviour, so care must be taken with rule ordering when converting. pf(4) route-to/reply-to syntax change The route-to, reply-to, dup-to and fastroute options in pf.conf move to filteropts; pass in on $ext_if route-to (em1 192.168.1.1) from 10.1.1.1 pass in on $ext_if reply-to (em1 192.168.1.1) to 10.1.1.1 becomes pass in on $ext_if from 10.1.1.1 route-to (em1 192.168.1.1) pass in on $ext_if to 10.1.1.1 reply-to (em1 192.168.1.1) Now, this is my current pf.conf: # $OpenBSD: pf.conf,v 1.38 2009/02/23 01:18:36 deraadt Exp $ # # See pf.conf(5) for syntax and examples; this sample ruleset uses # require-order to permit mixing of NAT/RDR and filter rules. # Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1 # in /etc/sysctl.conf if packets are to be forwarded between interfaces. ext_if="pppoe0" int_if="nfe0" int_net="192.168.0.0/24" polemon="192.168.0.10" poletopw="192.168.0.12" segatop="192.168.0.20" table <leechers> persist set loginterface $ext_if set skip on lo match on $ext_if all scrub (no-df max-mss 1440) altq on $ext_if priq bandwidth 950Kb queue {q_pri, q_hi, q_std, q_low} queue q_pri priority 15 queue q_hi priority 10 queue q_std priority 7 priq(default) queue q_low priority 0 nat-anchor "ftp-proxy/*" rdr-anchor "ftp-proxy/*" nat on $ext_if from !($ext_if) -> ($ext_if) rdr pass on $int_if proto tcp to port ftp -> 127.0.0.1 port 8021 rdr pass on $ext_if proto tcp to port 2080 -> $segatop port 80 rdr pass on $ext_if proto tcp to port 2022 -> $segatop port 22 rdr pass on $ext_if proto tcp to port 4000 -> $polemon port 4000 rdr pass on $ext_if proto tcp to port 6600 -> $polemon port 6600 anchor "ftp-proxy/*" block pass on $int_if queue(q_hi, q_pri) pass out on $ext_if queue(q_std, q_pri) pass out on $ext_if proto icmp queue q_pri pass out on $ext_if proto {tcp, udp} to any port ssh queue(q_hi, q_pri) pass out on $ext_if proto {tcp, udp} to any port http queue(q_std, q_pri) #pass out on $ext_if proto {tcp, udp} all queue(q_low, q_hi) pass out on $ext_if proto {tcp, udp} from <leechers> queue(q_low, q_std) pass in on $ext_if proto tcp to ($ext_if) port ident queue(q_hi, q_pri) pass in on $ext_if proto tcp to ($ext_if) port ssh queue(q_hi, q_pri) pass in on $ext_if proto tcp to ($ext_if) port http queue(q_hi, q_pri) pass in on $ext_if inet proto icmp all icmp-type echoreq queue q_pri If someone has experience with porting the 4.6 pf.conf to 4.7, please help me do the correct changes. OK, this is how far I've got: I commented out nat-anchor and rdr-anchor, as describted in the guide: #nat-anchor "ftp-proxy/*" #rdr-anchor "ftp-proxy/*" And this is how I've "converted" the rdr rules: #nat on $ext_if from !($ext_if) -> ($ext_if) match out on $ext_if from !($ext_if) nat-to ($ext_if) #rdr pass on $int_if proto tcp to port ftp -> 127.0.0.1 port 8021 match in on $int_if proto tcp to port ftp rdr-to 127.0.0.1 port 8021 #rdr pass on $ext_if proto tcp to port 2080 -> $segatop port 80 match in on $ext_if proto tcp tp port 2080 rdr-to $segatop port 80 #rdr pass on $ext_if proto tcp to port 2022 -> $segatop port 22 match in on $ext_if proto tcp tp port 2022 rdr-to $segatop port 22 rdr pass on $ext_if proto tcp to port 4000 -> $polemon port 4000 match in on $ext_if proto tcp tp port 4000 rdr-to $polemon port 4000 rdr pass on $ext_if proto tcp to port 6600 -> $polemon port 6600 match in on $ext_if proto tcp tp port 6600 rdr-to $polemon port 6600 Did I miss anything? Is the anchor for ftp-proxy OK as it is now? Do I need to change something in the other pass in on... lines?

    Read the article

  • Remote desktop to my KVM virtual machine

    - by user6
    I've got a dedicated server running Debian 6. I've set up a windows 7 virtual machine using KVM. Now I'm trying to get Remote desktop working. I'm guessing i have to do some port forwarding. The virtual machine is in a NAT. Remote desktop is already set up on it (another virtual machine can connect). I've tried using the iptables and countless of virsh commands of which I'm not even sure what they did. Anyone knows how to get this working?

    Read the article

  • HP Media Smart remote access

    - by Coov
    I just purchased this box for home backups for my pc's and mac's. Everything works great accept for the remote access part. I can RD into the machine locally but I can't get to it from outside of my network. I've enabled port forwarding on my router but it doesn't seem to matter. I checked with Qwest and they don't block these ports so I'm at a loss. I do have Vonage in front of my router but I've taken it out and it didn't make a difference. I suspect I've made an error with my router setup. I'm a programmer and I'm playing in the world of the unknown here. I'm lost. Any suggestions?

    Read the article

  • Set origin for forwarder based on virtual domain in Postfix

    - by Andrew Koester
    I currently have a machine set up to operate with two domains. The main name uses the standard Unix-user delivery, and the second domain is entirely virtual (using virtual_alias_domains and virtual_alias_maps), with the second domain only forwarding mail. However, when mail is forwarded, it still appears to be delivered by the host of the primary domain (presumably set by myorigin.) Is it possible to get it so when mail is forwarded to the virtual domain, it appears to be delivered by it as well? That domain is on another IP and I'd like to use it so the mail stays consistent. Thanks.

    Read the article

  • How to play two or more videos side by side in a syncronized fashion in Linux?

    - by Grumbel
    I have two (or more) video files that I want to play side by side. I could do that simply by opening them in two seperate windows, but that would also seperate all the controls (play/pause/forward/...). I want to play them in a synchronized fashion so that pause/forwarding/... works on both videos simultaneously so that they always stay at the same timecode and they don't go out of sync. How would I accomplish that in Linux? This is needed for viewing only, so compositing them into a new video file first should be avoided if possible, but if there isn't an easy way to do that, I welcome answers doing it with composition as well.

    Read the article

  • virtualbox and nginx server_name

    - by Ivan
    I'm trying to configure gitlab running in an Ubuntu 12.04 guest with Windows7 host. I can ssh the guest using port-forwarding and access the nginx server using port redirection (8888 in host is 80 in guest, so localhost:8888 in host gets to the nginx server in the guest), but the server_name in nginx configuration file is giving me trouble. What is the correct listen and server_name that nginx would accept? The guest has the NAT interface at 10.0.2.15 and Host-Only interface at 192.168.56.101, static. Thanks!

    Read the article

  • SSH connection falling down

    - by kappa
    I've set up a connection with autossh that creates some tunnels at system startup, but if I try to connect, after successful login (with RSA key) connection fall down, here a trace: debug1: Authentication succeeded (publickey). debug1: Remote connections from LOCALHOST:5006 forwarded to local address localhost:22 debug1: Remote connections from LOCALHOST:6006 forwarded to local address localhost:80 debug1: channel 0: new [client-session] debug1: Requesting [email protected] debug1: Entering interactive session. debug1: remote forward success for: listen 5006, connect localhost:22 debug1: remote forward success for: listen 6006, connect localhost:80 debug1: All remote forwarding requests processed debug1: Sending environment. debug1: Sending env LANG = it_IT.UTF-8 debug1: Sending env LC_CTYPE = en_US.UTF-8 debug1: client_input_channel_req: channel 0 rtype exit-status reply 0 debug1: client_input_channel_req: channel 0 rtype [email protected] reply 0 debug1: channel 0: free: client-session, nchannels 1 Transferred: sent 2400, received 2312 bytes, in 1.3 seconds Bytes per second: sent 1904.2, received 1834.4 debug1: Exit status 1 What can be the problem? All this stuff is managed by a script already running on another machine (creating reverse tunnels on the same machine but with different ports)

    Read the article

  • Ubuntu based VPN server behind NAT router?

    - by maartenn88
    I have a small intranet- and file-server inside our company, which can only be reached from inside our own network. I'd like to be able to reach the intranet and files on the server from outside the network, however I don't really like the idea of completely opening security by forwarding the ports on our NAT-router, so I'd prefer to enable a VPN possibility for this. So I have a router, which is the DHCP server and has NAT function, and I have an Ubuntu Server with the files and intranet on it. How do I configure these two so that I can make a VPN connection with my network in order to reach the server? thanks in advance for any answer!

    Read the article

  • How to setup a fast VPN server

    - by Saif Bechan
    I am trying to set up a VPN that has a fast download speed. The server I have is a linux server and from there I can download 2 megabytes a second. At home I can also download with 2 megabytes a second. All the downloads I do are from the same source, no different server. Now I have set up a VPN connection between my home and the server, and now I am only downloading 64 kilobytes a second! The connection I have created is a PPTP server on a debian machine. Now my question is if it is possible to optimize this connection. Should I maybe switch to OpenVPN, or change operating systems? Or are there some kind of settings to tweak to make the connection optimal. PS. The server I am running is on a XEN node. I have done the proper ip forwarding.

    Read the article

  • Connecting via ShrewSoft VPN client means no LAN internet access (Windows 7 64 bit) - any advice please?

    - by iwishiknewmoreaboutnetworking
    I have a Windows 7 64 bit desktop machine which is connected to a LAN. I recently installed ShrewSoft VPN client v 2.1.7 on my machine so that I can connect to a license server hosted by my customer. They are running a Cisco VPN server and I originally tried (unsuccessfully!) to use the Cisco VPN client for Windows 64 bit but the default gateway wasn't being configured correctly after loading in my pcf file. Using ShrewSoft I am able to import the same pcf file, and successfully connect to the machine I need to using the VPN client software. The client machine I need to connect to has IP address 1.52.90.33. The problem is that when I am connected to the customer network using the VPN client application (and after a few minutes) I lose my LAN internet connection. I can only presume that this is because, by default the ShrewSoft VPN client application automatically tunnels all traffic through the VPN connection. I know there is an option to switch off the "Tunnel All" option on the Policy tab of the application and enter a Remote Network Resource (to "Include" or "Exclude") as "Address" and "Netmask" IP addresses however I am not sure what I need to enter here. Here is my ipconfig output before connecting to the VPN (with suffixes blanked out): Windows IP Configuration Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : ***.*** Link-local IPv6 Address . . . . . : fe80::8de3:9dbe:393a:33ba%11 IPv4 Address. . . . . . . . . . . : 150.237.13.17 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 150.237.13.1 Tunnel adapter 6TO4 Adapter: Connection-specific DNS Suffix . : ***.*** IPv6 Address. . . . . . . . . . . : 2002:96ed:d11::96ed:d11 Default Gateway . . . . . . . . . : 2002:c058:6301::c058:6301 Tunnel adapter Local Area Connection* 9: Connection-specific DNS Suffix . : IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:2cf9:38c4:6912:f2ee Link-local IPv6 Address . . . . . : fe80::2cf9:38c4:6912:f2ee%12 Default Gateway . . . . . . . . . : Tunnel adapter isatap.***.***: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : ***.*** Here is my route print output before connecting to the VPN: =========================================================================== Interface List 11...20 cf 30 9d ec 2a ......Realtek RTL8168D/8111D Family PCI-E Gigabit Ethern et NIC (NDIS 6.20) 1...........................Software Loopback Interface 1 14...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter 12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface 13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2 =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 150.237.13.1 150.237.13.17 2 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 150.237.13.0 255.255.255.0 On-link 150.237.13.17 257 150.237.13.17 255.255.255.255 On-link 150.237.13.17 257 150.237.13.255 255.255.255.255 On-link 150.237.13.17 257 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 150.237.13.17 257 255.255.255.255 255.255.255.255 On-link 12

    Read the article

  • connecting to internal webserver on specific port

    - by bergin
    Hello, We have the BT broadband forwarding on to an internal machine with an IIS web server running. Thats fine, it goes to the sharepoint app, so the outside world can see this app. Thing is we need another app running (a MVC ASP.Net app) and I have set it to :8080. Internally I can get to it fine, but not when I type the IP number. eg. 80.100.232.129:8080 is this something I need to set on the broadband router or something with SBS or somewhere else? thanks in advance

    Read the article

  • Using Arch Linux computer as a server for Rack Apps

    - by wxl
    What would be the best way to go about using an Arch Linux computer as a Rack (as in Ruby Rack, not an actual rack server) server? Here's what I want to be able to do: Automatically deploy on a git push to the server. (I already have this worked out, on post-receive the server checks out the app to /home/git/app from /home/git/app.git.) Run a Rack server application to serve up this app, one that can be restarted on demand. Run a MongoDB server Be able to access the app by going to my-server.local/app or something similar. (It's really only going to be used on the local network, no port forwarding or outside use) Any ideas would be greatly appreciated. I apologize if this seems too "do it for me".

    Read the article

  • Two routers on the same network

    - by qroberts
    My ISP has supplied me with a modem/router all in one and it isn't very good. It loses its settings and dies frequently. So I have another router in my apartment (Linksys wrt310n) that is connected to the modem via LAN-LAN port connections. I want to give my Linksys router the DHCP role and also have the ISP modem DMZ everything to the Linksys router. I want to be able to have all computers connected to both routers on the same network as well. I have been able to make it so that the Linksys has a DMZ to it from the ISP modem, but ISP modem LAN port - Linksys WAN port, so they were on different networks. Is there a way to have it so that both of them are on the same network but the Linksys router handles DHCP and port forwarding?

    Read the article

  • Verizon Fivespot firewall

    - by Patrick
    I have a Verizon Fivespot Wi-Fi router and am having issues connecting to the computer that uses it to get on the internet. I am able to connect to the Fivespot admin pages remotely and I am able to connect to the internet from the computer behind the Fivespot. There are two sections pertinent to this issue, Port Filtering And, Port Forwarding I've tried each individually and both together but cannot access anything through the router except for the admin page. I am trying to connect through SSH to an Ubuntu 10.04 box over wifi. I have called Verizon Tech Support but they were unhelpful, the person essentially read what it says on each screen without any elaboration. Any help is greatly appreciated!

    Read the article

  • How to setup a Linux machine to remotely use laptop screen as a second display?

    - by Ignas Limanauskas
    I am looking for a similar solution to MaxiVista, but for Linux (Ubuntu). I have an Ubuntu machine with just one display attached, but I also have a Windows laptop running a virtual machine with Ubuntu installed. I figured there must be a way to trick the main Ubuntu machine remotely use the virtual machine's display capabilities. After all, X11 does support forwarding and things like that. Any ideas how to do it using VNC? I saw some references to xdmx, but instructions so far are vague and do not seem to work on my machine(s).

    Read the article

  • Determine $DISPLAY socket name on OS X 10.6?

    - by Nate
    I'm looking to do something that's a little odd. I'm SSH'ing from a server to a Snow Leopard client to start an X11 data display process. In other words, SSH's X11 forwarding isn't what I want. I can do: client$ echo $DISPLAY /tmp/launch-SOMETHING/org.x:0 client$ ls -l $DISPLAY srwx------ 1 myuser wheel 0 Dec 9 15:47 /tmp/launch-SOMETHING/org.x:0 And, when I do: server$ ssh myuser@client client$ export DISPLAY=/tmp/launch-SOMETHING/org.x:0 client$ xterm I happily get my xterm. What I need, then, is some way to find out the correct value for $DISPLAY in my ssh session. From what I've read, $DISPLAY is set by launchd, but I haven't found any way to see that value. If it matters, I know that when my process connects from $server to $client, $client will logged in to the terminal as the same user.

    Read the article

  • Web server suddenly stopped working

    - by wezten
    I have a web server, which was working fine. It also was an FTP server and a Windows Remote Desktop server, all working fine. Someone called our ISP to increase the internet speed, and suddenly nothing works - I can connect with Teamviewer, but HTTP, FTP & RD doesn't work. Disabled firewall. Ran Wireshark - the packets don't come through at all. Set the webserver to port 20111, in case the ISP is blocking port 80, and again, the packets didn't come through at all. (localhost:20111 works fine) Port forwarding is set up for ports 80, 21, 3389 & 20111 to 10.0.0.32 (which is the correct address - checked with ipconfig). Restarted router and computer. I would be very grateful for any help.

    Read the article

  • Hooking domain to home server with port

    - by user1071461
    Alright, I'm asking two things here. First of all, if i purchase a domain let's say myhomeserver.com, am I able to make the default port go through a different port instead of the default port 80? (that is without having to do myhomeserver.com:5000 for example). Also this should be without blocking other ports (so no stealth forwarding to myhomeserver.com:5000 i think) Secondly, How could I go about hooking a domain to a windows 2008 server? I've seen it on linux but no clue how to do it on windows if it's even possible. I know I'm asking a lot here, just some tips are appereciated. Also, yes I know, using a home server is horrible for security and preformance and whatnot, I understand this already, thanks ^^

    Read the article

  • How to open a server port outside of an OpenVPN tunnel with a pf firewall on OSX (BSD)

    - by Timbo
    I have a Mac mini that I use as a media server running XBMC and serves media from my NAS to my stereo and TV (which has been color calibrated with a Spyder3Express, happy). The Mac runs OSX 10.8.2 and the internet connection is tunneled for general privacy over OpenVPN through Tunnelblick. I believe my anonymous VPN provider pushes "redirect_gateway" to OpenVPN/Tunnelblick because when on it effectively tunnels all non-LAN traffic in- and outbound. As an unwanted side effect that also opens the boxes server ports unprotected to the outside world and bypasses my firewall-router (Netgear SRX5308). I have run nmap from outside the LAN on the VPN IP and the server ports on the mini are clearly visible and connectable. The mini has the following ports open: ssh/22, ARD/5900 and 8080+9090 for the XBMC iOS client Constellation. I also have Synology NAS which apart from LAN file serving over AFP and WebDAV only serves up an OpenVPN/1194 and a PPTP/1732 server. When outside of the LAN I connect to this from my laptop over OpenVPN and over PPTP from my iPhone. I only want to connect through AFP/548 from the mini to the NAS. The border firewall (SRX5308) just works excellently, stable and with a very high throughput when streaming from various VOD services. My connection is a 100/10 with a close to theoretical max throughput. The ruleset is as follows Inbound: PPTP/1723 Allow always to 10.0.0.40 (NAS/VPN server) from a restricted IP range >corresponding to possible cell provider range OpenVPN/1194 Allow always to 10.0.0.40 (NAS/VPN server) from any Outbound: Default outbound policy: Allow Always OpenVPN/1194 TCP Allow always from 10.0.0.40 (NAS) to a.b.8.1-a.b.8.254 (VPN provider) OpenVPN/1194 UDP Allow always to 10.0.0.40 (NAS) to a.b.8.1-a.b.8.254 (VPN provider) Block always from NAS to any On the Mini I have disabled the OSX Application Level Firewall because it throws popups which don't remember my choices from one time to another and that's annoying on a media server. Instead I run Little Snitch which controls outgoing connections nicely on an application level. I have configured the excellent OSX builtin firewall pf (from BSD) as follows pf.conf (Apple App firewall tie-ins removed) (# replaced with % to avoid formatting errors) ### macro name for external interface. eth_if = "en0" vpn_if = "tap0" ### wifi_if = "en1" ### %usb_if = "en3" ext_if = $eth_if LAN="{10.0.0.0/24}" ### General housekeeping rules ### ### Drop all blocked packets silently set block-policy drop ### all incoming traffic on external interface is normalized and fragmented ### packets are reassembled. scrub in on $ext_if all fragment reassemble scrub in on $vpn_if all fragment reassemble scrub out all ### exercise antispoofing on the external interface, but add the local ### loopback interface as an exception, to prevent services utilizing the ### local loop from being blocked accidentally. ### set skip on lo0 antispoof for $ext_if inet antispoof for $vpn_if inet ### spoofing protection for all interfaces block in quick from urpf-failed ############################# block all ### Access to the mini server over ssh/22 and remote desktop/5900 from LAN/en0 only pass in on $eth_if proto tcp from $LAN to any port {22, 5900, 8080, 9090} ### Allow all udp and icmp also, necessary for Constellation. Could be tightened. pass on $eth_if proto {udp, icmp} from $LAN to any ### Allow AFP to 10.0.0.40 (NAS) pass out on $eth_if proto tcp from any to 10.0.0.40 port 548 ### Allow OpenVPN tunnel setup over unprotected link (en0) only to VPN provider IPs ### and port ranges pass on $eth_if proto tcp from any to a.b.8.0/24 port 1194:1201 ### OpenVPN Tunnel rules. All traffic allowed out, only in to ports 4100-4110 ### Outgoing pings ok pass in on $vpn_if proto {tcp, udp} from any to any port 4100:4110 pass out on $vpn_if proto {tcp, udp, icmp} from any to any So what are my goals and what does the above setup achieve? (until you tell me otherwise :) 1) Full LAN access to the above ports on the mini/media server (including through my own VPN server) 2) All internet traffic from the mini/media server is anonymized and tunneled over VPN 3) If OpenVPN/Tunnelblick on the mini drops the connection, nothing is leaked both because of pf and the router outgoing ruleset. It can't even do a DNS lookup through the router. So what do I have to hide with all this? Nothing much really, I just got carried away trying to stop port scans through the VPN tunnel :) In any case this setup works perfectly and it is very stable. The Problem at last! I want to run a minecraft server and I installed that on a separate user account on the mini server (user=mc) to keep things partitioned. I don't want this server accessible through the anonymized VPN tunnel because there are lots more port scans and hacking attempts through that than over my regular IP and I don't trust java in general. So I added the following pf rule on the mini: ### Allow Minecraft public through user mc pass in on $eth_if proto {tcp,udp} from any to any port 24983 user mc pass out on $eth_if proto {tcp, udp} from any to any user mc And these additions on the border firewall: Inbound: Allow always TCP/UDP from any to 10.0.0.40 (NAS) Outbound: Allow always TCP port 80 from 10.0.0.40 to any (needed for online account checkups) This works fine but only when the OpenVPN/Tunnelblick tunnel is down. When up no connection is possbile to the minecraft server from outside of LAN. inside LAN is always OK. Everything else functions as intended. I believe the redirect_gateway push is close to the root of the problem, but I want to keep that specific VPN provider because of the fantastic throughput, price and service. The Solution? How can I open up the minecraft server port outside of the tunnel so it's only available over en0 not the VPN tunnel? Should I a static route? But I don't know which IPs will be connecting...stumbles How secure would to estimate this setup to be and do you have other improvements to share? I've searched extensively in the last few days to no avail...If you've read this far I bet you know the answer :)

    Read the article

  • mod_proxy failing as forward proxy in simple configuration

    - by Stabledog
    (On Mac OS X 10.6, Apache 2.2.11) Following the oft-repeated googled advice, I've set up mod_proxy on my Mac to act as a forward proxy for http requests. My httpd.conf contains this: <IfModule mod_proxy> ProxyRequests On ProxyVia On <Proxy *> Allow from all </Proxy> (Yes, I realize that's not ideal, but I'm behind a firewall trying to figure out why the thing doesn't work at all) So, when I point my browser's proxy settings to the local server (ip_address:80), here's what happens: I browse to http://www.cnn.com I see via sniffer that this is sent to Apache on the Mac Apache responds with its default home page ("It works!" is all this page says) So... Apache is not doing as expected -- it is not forwarding my browser's request out onto the Internet to cnn. Nothing in the logfile indicates an error or problem, and Apache returns a 200 header to the browser. Clearly there is some very basic configuration step I'm not understanding... but what?

    Read the article

  • Connect macbook to my LAN through a VPN - best solution? [closed]

    - by LewisMc
    So I have a LAN connected via a ADSL/PPPoA, this is using a bog-standard DLink router supplied by my ISP (talktalk UK). I have a NAS within the LAN that is running FreeNAS and I want to be able to connect to it when I'm out and about. It's running an atom so it's quite low on juice consumption but I don't want to have it on all day and night so I've been waking it via a magic packet and booting it down from the web admin when I need it. So I want to connect to the LAN, I presume via a VPN, to be able to send a magic packet. But what is the best method to accomplish this, or is there an easier way? I've been looking at the cisco 857 integrated router and the Netgear prosafe 318(behind modem) but not sure If I'm on the right track with what I want to achieve as I've not much experience or knowledge with VPN's or networking (software engineering student). I have tried port forwarding but to no avail, either with magic packets or even connecting outside the LAN via DYNDNS. Thanks,

    Read the article

  • outlook iptables configuration

    - by mediaexpert
    I've a Debian mail server, but only the outlook users can't be able to download the emails. I've seen a lot of post about some kind of forwarding port configuration, I've tried some commands, but I don't be able to solve this problem, please help me. below INPUT and FORWARD iptables: Chain INPUT (policy DROP 20 packets, 1016 bytes) pkts bytes target prot opt in out source destination 60833 16M ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:143 state NEW,ESTABLISHED 18970 971K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpt:110 state NEW,ESTABLISHED Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT tcp -- * * 192.168.0.0/24 0.0.0.0/0 tcp dpt:110 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT tcp -- * * 192.168.1.0/24 0.0.0.0/0 tcp dpt:110 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:25 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:110

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 255 256 257 258 259 260 261 262 263 264 265 266  | Next Page >