Search Results

Search found 804 results on 33 pages for 'dylan wan'.

Page 27/33 | < Previous Page | 23 24 25 26 27 28 29 30 31 32 33  | Next Page >

  • Architecture for highly available MySQL with automatic failover in physically diverse locations

    - by Warner
    I have been researching high availability (HA) solutions for MySQL between data centers. For servers located in the same physical environment, I have preferred dual master with heartbeat (floating VIP) using an active passive approach. The heartbeat is over both a serial connection as well as an ethernet connection. Ultimately, my goal is to maintain this same level of availability but between data centers. I want to dynamically failover between both data centers without manual intervention and still maintain data integrity. There would be BGP on top. Web clusters in both locations, which would have the potential to route to the databases between both sides. If the Internet connection went down on site 1, clients would route through site 2, to the Web cluster, and then to the database in site 1 if the link between both sites is still up. With this scenario, due to the lack of physical link (serial) there is a more likely chance of split brain. If the WAN went down between both sites, the VIP would end up on both sites, where a variety of unpleasant scenarios could introduce desync. Another potential issue I see is difficulty scaling this infrastructure to a third data center in the future. The network layer is not a focus. The architecture is flexible at this stage. Again, my focus is a solution for maintaining data integrity as well as automatic failover with the MySQL databases. I would likely design the rest around this. Can you recommend a proven solution for MySQL HA between two physically diverse sites? Thank you for taking the time to read this. I look forward to reading your recommendations.

    Read the article

  • Sharing files between 2 different routers

    - by Chris
    I realize this has been asked before and I have read as much as I could find on the topic but I still need help with this because there are so many different approaches and the ones I am trying aren't working. So I have 2 routers, lets call them A and B. Both have a wireless feature and are active. A is in the basement and receives the internet. There is a TV on the ground floor that is connected to A through an ethernet wire. B is upstairs and gets the internet from A through an ethernet wire. Connected to B, is a desktop running Plex Media Server. What I want to do is make sure devices connected to both routes can access the Plex Media Server. So what I have read is that I should plug in the ethernet wire connecting B to a into a LAN port instead of the WAN port. After that I should turn off DHCP. I have tried this and B stops receiving internet. What am I doing wrong? Another thing I have read is to use Router B in bridge mode but Router B is running openwrt and I have QoS on it so gaming/VoIP/browsing is unaffected by heavy downloading/uploading. I would prefer to keep this active. I realize it might be ineffective if a device in Router A is doing some hardcore downloading but all that stuff is done on Router B anyway so it doesn't matter. Router A can't get openwrt because it is a shitty one provided by Bell. So, how do I proceed with this?

    Read the article

  • Internet doesn't work when enable local Lan

    - by rakesh yadav
    We have the following network setup: A) Router IP 192.168.51.49 B) Windows Server 2008 R2 with dual NIC: B1) WAN interface (192.168.0.2) ( Used for internet) B2) LAN interface (192.168.1.2) ( used for local connectivity) when i keep both LAN Enabled than my internet doesn't work, but if I disabled my local Lan than internet working fine. so please help me how can resolved this issue or should i need to do routing on my server Please find the below attached route print result C:\Users\Administrator>route print =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.51.49 192.168.51.50 276 0.0.0.0 0.0.0.0 192.168.30.227 192.168.30.228 266 192.168.30.224 255.255.255.240 On-link 192.168.30.228 266 192.168.30.228 255.255.255.255 On-link 192.168.30.228 266 192.168.30.239 255.255.255.255 On-link 192.168.30.228 266 192.168.51.48 255.255.255.240 On-link 192.168.51.50 276 192.168.51.50 255.255.255.255 On-link 192.168.51.50 276 192.168.51.63 255.255.255.255 On-link 192.168.51.50 276 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 202.56.230.5 255.255.255.255 192.168.51.49 192.168.51.50 21 202.56.230.6 255.255.255.255 192.168.51.49 192.168.51.50 21 192.168.26.124 255.255.255.255 192.168.51.49 192.168.51.50 21 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 192.168.51.50 276 224.0.0.0 240.0.0.0 On-link 192.168.30.228 266 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 192.168.51.50 276 255.255.255.255 255.255.255.255 On-link 192.168.30.228 266 =========================================================================== Persistent Routes: Network Address Netmask Gateway Address Metric 0.0.0.0 0.0.0.0 192.168.30.227 Default 0.0.0.0 0.0.0.0 192.168.51.49 Default ===========================================================================

    Read the article

  • Firewall for internal networks

    - by Cylindric
    I have a virtualised infrastructure here, with separated networks (some physically, some just by VLAN) for iSCSI traffic, VMware management traffic, production traffic, etc. The recommendations are of course to not allow access from the LAN to the iSCSI network for example, for obvious security and performance reasons, and same between DMZ/LAN, etc. The problem I have is that in reality, some services do need access across the networks from time to time: System monitoring server needs to see the ESX hosts and the SAN for SNMP VSphere guest console access needs direct access to the ESX host the VM is running on VMware Converter wants access to the ESX host the VM will be created on The SAN email notification system wants access to our mail server Rather than wildly opening up the entire network, I'd like to place a firewall spanning these networks, so I can allow just the access required For example: SAN SMTP Server for email Management SAN for monitoring via SNMP Management ESX for monitoring via SNMP Target Server ESX for VMConverter Can someone recommend a free firewall that will allow this kind of thing without too much low-level tinkering of config files? I've used products such as IPcop before, and it seems to be possible to achieve this using that product if I re-purpose their ideas of "WAN", "WLAN" (the red/green/orange/blue interfaces), but was wondering if there were any other accepted products for this sort of thing. Thanks.

    Read the article

  • Squid with mikrotik router

    - by niren
    I tried to connect squid3 in my network to use high anonymity proxy. This is how my network is right now WAN LINK | ------------- ----------------------------- | Mikrotik Box | | Ubuntu Server with squid3 | ------------- ----------------------------- | / | / ---------------------- | Switch ( Cheap one ) | ---------------------- | | | Client1 Client2 Client3 etc. after this setup I changed squid.conf in Ubuntu server as http_port 8080 acl localhost src xxx.xxx.xxx.xxx(Ubuntu server IP) acl to_localhost dst xxx.xxx.xxx.xxx(Mikrotik router gateway) I assume that redirected http from Mikrotik router will be redirect again to Mikrotik router. uncomment access log /var/log/squid3/access.log add visible_hostname myname save squid.conf and restart squid3 server. Then I have added nat rule in Mikrotik router ip/firewall/nat 1. add chain=dstnat src_address=xxx.xxx.xxx.xxx(ununtu server IP) dst-port=80 protocol=tcp action=accept 2. add chain=dstnat src_address=xxx.xxx.xxx.xxx/28(LAN address) dst-port=80 protocol=tcp action=dst-nat to-address=xxx.xxx.xxx.xxx(ununtu server IP) to-port=8080 now I can not able to access internet from client1 system, If I remove these two nat rule then I can access internet. what is wrong I have made?

    Read the article

  • Remote desktop type software that the client need not install anything...

    - by allentown
    I am primarily a Macintosh user, and can usually walk a client though any troubles they may have because I have a Macintosh in front of me. If they are on a different OS, things are close enough, or I cam remember, that I can get by. When trying to help clients on Windows, I get stuck. I do not have access to windows, and even if I did, there are far too many versions of Outlook, all with their various esoteric settings and checkboxes, that I could never see exactly what they are seeing. I mostly need to just help them with email setup. Something like copilot.com may do the trick. What is the simplest remote control software out there, ideally, it would accomplish these: No software needed on remote end, or, a single .exe that they can toss when done. I need Mac based software on my end. I do have ARD, which support VNC Free :) If possible, it would be really nice Needs a port forwarding proxy run by the company. There is no way I can get the user to alter their router, or to even plug directly into their WAN for a short time. On the Mac, I just have them open iChat, and this is all built in, proxying through AIM, looking for the same for Windows and Mac.

    Read the article

  • Cisco Catalyst 3550 + Alteon 184 Load-Balancing Issues...

    - by upkels
    I have just deployed a couple Cisco Catalyst 3550 switches, and a couple Alteon 184 Web Switches for load-balancing. I can ping all RIPs and VIPs to/from the Alteon. Topology Before: (server) <- (Alteon) <- (Internet) Topology Now: (server) <- (3550) <- Alteon <- (Internet) Cisco Port Configuration (Alteon Uplink Port): description LB_1_PORT_9_PRIMARY switchport access vlan 10 switchport mode access switchport nonegotiate speed 100 duplex full Alteon Port 9 Configuration (VLAN 10 WAN): >> Main# /c/port 9/cur Current Port 9 configuration: enabled pref fast, backup gig, PVID 10, BW Contract 1024 name UPLINK >> Main# /c/port 9/fast/cur Current Port 9 Fast link configuration: speed 100, mode full duplex, fctl none, auto off Cisco Configuration (Load-Balanced Servers Port): description LB_1_PORT_1_PRIMARY switchport access vlan 30 switchport mode access switchport nonegotiate speed 100 duplex full Alteon Port 1 Configuration (VLAN 30 LOAD-BALANCED LAN): >> Main# /c/port 1/cur Current Port 1 configuration: enabled pref fast, backup gig, PVID 30, BW Contract 1024 name LB_PORT_1 >> Main# /c/port 1/fast/cur Current Port 1 Fast link configuration: speed 100, mode full duplex, fctl both, auto on Each of my servers are on vlan 10 and 30, properly communicating. I have tried to turn on VLAN tagging on the Alteon, however it seems to cause all communications to stop working. When I tcpdump -i vlan30 on any of the webservers, I see normal ARP communications, and some STP communications, which may or may not be part of the problem: ... 15:00:51.035882 STP 802.1d, Config, Flags [none], bridge-id 801e.00:11:5c:62:fe:80.8041, length 42 15:00:51.493154 IP 10.1.1.254.33923 > 10.1.1.1.http: Flags [S], seq 707324510, win 8760, options [mss 1460], length 0 15:00:51.493336 IP 10.1.1.1.http > 10.1.1.254.33923: Flags [S.], seq 3981707623, ack 707324511, win 65535, options [mss 1460], len gth 0 15:00:51.493778 ARP, Request who-has 10.1.3.1 tell 10.1.3.254, length 46 etc... I'm not sure if I've provided enough information, so please let me know if any more is necessary. Thank you!

    Read the article

  • OpenVZ with brdiged interfaces and VLAN

    - by Deimosfr
    Hi, I've got a problem with OpenVZ with brdiged VLAN. Here is my configuration : +------+ +-------+ +-----------+ +---------+ br0 |VE101 | | | | OpenBSD |----->| Debian |------->| | | WAN |--->| Router | | OpenVZ | +------+ | | | Firewall |----->| br0 br1 | br1 +------+ +-------+ +-----------+ +---------+------->|VE102 | |br0 | | |VLAN br0.110 +------+ v +---------+ |VE103.110| +---------+ I can't make VLAN working on br0 (br0.110) and I would like to understand why. I don't have any switch so no problem with unmanageable switch. I've configured a VLAN interface on OpenBSD in /etc/hostname.vlan110 : inet 192.168.110.254 255.255.255.0 NONE vlan 110 vlandev sis1 And it seams working fine. I've also adapted my PF configuration to work with VLAN but I don't see any incoming traffic. On my Debian lenny, here is my interfaces configuration : # The loopback network interface auto lo iface lo inet loopback # br0 auto br0 iface br0 inet static address 192.168.100.1 netmask 255.255.255.0 gateway 192.168.100.254 network 192.168.100.0 broadcast 192.168.100.255 bridge_ports eth0 bridge_fd 9 bridge_hello 2 bridge_maxage 12 bridge_stp off # VLAN 110 auto br0.110 iface br0.110 inet static address 192.168.110.1 netmask 255.255.255.0 network 192.168.110.0 gateway 192.168.110.254 broadcast 192.168.110.255 pre-up vconfig add br0 110 post-down vconfig rem br0.110 It looks like ok, but when I start my VE, here is the message : ... Configure veth devices: veth103.0 Adding interface veth103.0 to bridge br0.110 on CT0 for VE103 can't add veth103.0 to bridge br0.110: Operation not supported VE start in progress... So I've got one error here. I've followed this documentation http://wiki.openvz.org/VLAN but it doesn't work. I've certainly missed something but I don't know why. Someone could help me please ? Thanks

    Read the article

  • Private staff network within public network

    - by pianohacker
    I'm the sysadmin at a small public library. Since I got here a few years ago, I've been trying to set up the network in a secure and simple way. Security is a little tricky; the staff and patron networks need to be separated, for security reasons. Even if I further isolated the public wireless, I'd still rather not trust the security of our public computers. However, the two networks also need to communicate; even if I set up enough VMs so they didn't share any servers, they need to use the same two printers at the very least. Currently, I'm solving this with some jerry-rigged commodity equipment. The patron network, linked together by switches, has a Windows server connected to it for DNS and DHCP and a DSL modem for a gateway. Also on the patron network is the WAN side of a Linksys router. This router is the "top" of the staff network, and has the same Windows server connected on a different port, providing DNS and DHCP, and another, faster DSL modem (separate connections are very useful, especially as we heavily depend on some cloud-hosted software). tl;dr: We have a public network, and a NATed staff network within it. My question is; is this really the best way to do this? The right equipment would likely make my job easier, but anything with more than four ports and even rudimentary management quickly becomes a heavy hit on our budget. (My original question was about an ungodly frustrating DHCP routing issue, but I thought I'd ask whether my network was broken rather than asking about the DHCP problem and being told my network was broken.)

    Read the article

  • open source solution to a gateway for a network of a housing cooperative of 150 people

    - by SirDinosaur
    i just inherited a barely functioning network for a student housing cooperative of about 150 people. in it's current state, as i understand it from the previous person in charge of the network, we have working wireless access points and working ethernet cords going to working gigabit switches going to a barely functioning gateway (right now a simple home router) to one of three possible outbound connections. it is possible to connect to the network through the wireless or ethernet, but especially during peak hours, packets / connections are likely dropped or otherwise get no response. my intuition tells me to replace the gateway with something that can handle multiple outbound connections (WAN) and one inbound connection (LAN), while the rest of the network seems suitable for now. i'm somewhat knowledgable in Linux (been using Debian after first Arch Linux) and i want to use as much open source as possible, but i'm confused whether or not a simple server that i could easily understand will work for this situation. do i need specialized hardware to handle the switching more effectively? if so, what are my options? (i found this, thoughts?) or if a Debian server would work, anything else i should about the specs required for this type of server? also links to any useful information on using open source to maintain this type of network would be most appreciated. <3 P.S. crossposted http://redd.it/yybp2.

    Read the article

  • Simple Linux program that takes any HTTP/HTTPS request and returns a single page?

    - by ultrasawblade
    I have a Linux box operating as router. There's a NIC that's connected to the internet (WAN), a NIC connected to an 8-port GbE switch (LAN), and a NIC connected to a Linksys wireless N-router (WLAN). Routing between everything is working perfectly. I have security completely disabled on the wireless router, but the WLAN NIC is firewalled such that it will only accept DNS queries and PPTP VPN connections. Currently HTTP/HTTPS traffic and everything else is blocked. I would like to run something that listens on port 80/443 of the WLAN NIC, and, for non VPN'ed connections, given any HTTP/HTTPS request it will return a single webpage saying "Unauthenticated" and explain how to sign into the VPN. A transparent proxy seems to be what I need, but my searches all seem to direct me to Squid, which is already running on my server and seems overkill for this simple task. Is there a simpler, lightweight program out there that does just this or should I just suck it up and run two instances of Squid (or figure out how to configure it)? Or, is this entire VPN thing I'm doing complete nonsense and I should just enable encryption on the wireless router?

    Read the article

  • Find the IP of the router between me and main router/gateway?

    - by Crash893
    I have a Netgear router that is the main router/gateway in and out of the network. Then I have a Linksys 54g router with WiFi that we use as are main WiFi access point The Cat5 runs from the router to the WiFi routers LAN port (not WAN). And then if you connect to that WAP you are basically on the network. I want to be able to find out what the IP address of that WAP is but so far I can't figure out how to: I've tried doing a tracert to the gateway IP but I get nothing. I've scanned all the IP addressed in the network. I've gone to the Netgear main router and looked under attached devices but it doesn't say anything. Any ideas on how I can figure out how to administer it? (I do have limited physical access but my attempt to plug into it came back with a faulty IP (in the 169 range where the rest of the office is 192.168...). I never set this router up to begin with so I'm reluctant to just kill it with the reset button because I can't get into see what the settings are set to.

    Read the article

  • RRAS Problem routing to central site from RRAS server only?

    - by TomTom
    Given is an office connected to headquarters using a RRAS bridge (2 virtual machines using RRAS to route between the two networks). Naming: The office is A, the RRAS on A is a-lnk. THe headquartters is B, b-lnk the RRAS machine there. The VPN works perfectly - machines can ping and work between the sites. Domain controllers on both ends replicating, DFS working, remote desktop working. All in all... everything is fine. EXCEPT: a-lnk itself can not reach any machine in B. This would normally not be troublesome (noone ever does anything on a-lnk), but there are two exceptions: * a-lnk is supposed to get it's license from a KMS in B, so not being able to reach B means it is not prolonging. * a-lnk is supposed to pull updates from a WSUS in B - and not being able to reach B means - no updates. Given that thigns work (and security is a minor issue - A-lnk is not reachable from the internet as it is behing a NAT hardware anyway) this got not handled for months. I just wan to get this item ticked off now. Anyone an idea what this is? It definitely is not a "dns does not work" or "routing in general is bad" item, as any computer in A can connect to any computer in B, and the other way arount - only the RRAS computer itself seems to do something really awkward. Platform for both: 2008 R2 standard.

    Read the article

  • Virtual Machine Network Architecture, Isolating Public and Private Networks

    - by Mark
    I'm looking for some insight into best practices for network traffic isolation within a virtual environment, specifically under VMWARE ESXi. Currently I have (in testing) 1 hardware server running ESXi but i expect to expand this to multiple pieces of hardware. The current setup is as follows: 1 pfsense VM, this VM accepts all outside (WAN/internet) traffic and performs firewall/port forwarding/NAT functionality. I have multiple public IP addresses sent to the this VM that are used for access to individual servers (via per incoming IP port forwarding rules). This VM is attached to the private (virtual) network that all other VMs are on. It also manages a VPN link into the private network with some access restrictions. This isn't the perimeter firewall but rather the firewall for this virtual pool only. I have 3 VMs that communicate with each other, as well as have some public access requirements: 1 LAMP server running an eCommerce site, public internet accessible 1 accounting server, access via windows server 2008 RDS services for remote access by users 1 inventory/warehouse management server, VPN to client terminals in warehouses These servers constantly talk with each other for data synchronization. Currently all the servers are on the same subnet/virtual network and connected to the internet through the pfsense VM. The pfsense firewall uses port forwarding and NAT to allow outside access to the servers for services and for server access to the internet. My main question is this: Is there a security benefit to adding a second virtual network adapter to each server and controlling traffic such that all server to server communication is on one separate virtual network, while any access to the outside world is routed through the other network adapter, through the firewall, and on the the internet. This is the type of architecture i would use if these were all physical servers, but i'm unsure if the networks being virtual changes the way i should approach locking down this system. Thank you for any thoughts or direction to any appropriate literature.

    Read the article

  • Backup Exec 10 - Network connection to the remote agent has been lost

    - by jherlitz
    Okay, so I have 4 remote offices, all running off of a 3mb ethernet connection. Two sites are part of a WAN and 2 sites are using 3mb connections over a site to site tunnel. I am using Backup Exec 2010, I have the remote agent installed on all the remote servers. For the past few weeks now, on the two sites running over the site to site tunnel have been failing with the following error message now. "The network connection to the Backup Exec Remote Agent has been lost. Check for network errors" We used to be on a DSL connection site to site tunnel, now we changed to the 3mb ethernet connection using site to site tunnel. I have to find out, has it been failing ever since we changed, or just recently. Backup exec support is telling me it is a network issue. My communication or connection to the server is solid, we don't have any issues, or outages. So I am baffled on why this continues to fail. And why just those two sites.. Any advice?

    Read the article

  • Unable to PPTP through NAT on Cisco 881

    - by MasterRoot24
    I'm trying to connect to a PPTP server which is sat behind a Cisco 881 NAT router. The server is running Ubuntu Server 12.04 and is running Poptop pptpd as the PPTP daemon listening for connections. As discussed in my other question, I'm trying to setup a Cisco 881 router to replace my old Linksys WAG320N. This same server and WAN connection worked fine with the WAG320N with no special configuration, other than allowing 1723 in through the firewall. On the Cisco 881, I'm using the newer ip nat enable or NAT NVI to setup static routes in through the firewall for the services running behind the router. My reason being that I can't run another copy of my live DNS domains internally with local IP addresses in. For the purposes of this question, though, I have rebuilt the router with ip nat inside/outside style NAT'ing, but this issue is still apparent. HTTP/SMTP/IMAP etc. all work ok from both the WAN and LAN interfaces of the router. I'm only having issues with SIP (see other question) and PPTP. My issue is that the GRE doesn't appear to be passing through NAT correctly and one end of the connection is not receiving GRE traffic when it should be, so the server hangs up the connection. Here's an example of /var/log/syslog with debug enabled in /etc/pptpd.conf: Dec 11 21:06:30 <HOSTNAME> pptpd[22626]: MGR: Launching /usr/sbin/pptpctrl to handle client Dec 11 21:06:30 <HOSTNAME> pptpd[22626]: CTRL: local address = 192.168.1.50 Dec 11 21:06:30 <HOSTNAME> pptpd[22626]: CTRL: remote address = 192.168.1.51 Dec 11 21:06:30 <HOSTNAME> pptpd[22626]: CTRL: pppd options file = /etc/ppp/pptpd-options Dec 11 21:06:30 <HOSTNAME> pptpd[22626]: CTRL: Client 82.132.248.216 control connection started Dec 11 21:06:30 <HOSTNAME> pptpd[22626]: CTRL: Received PPTP Control Message (type: 1) Dec 11 21:06:30 <HOSTNAME> pptpd[22626]: CTRL: Made a START CTRL CONN RPLY packet Dec 11 21:06:30 <HOSTNAME> pptpd[22626]: CTRL: I wrote 156 bytes to the client. Dec 11 21:06:30 <HOSTNAME> pptpd[22626]: CTRL: Sent packet to client Dec 11 21:06:30 <HOSTNAME> pptpd[22626]: CTRL: Received PPTP Control Message (type: 7) Dec 11 21:06:30 <HOSTNAME> pptpd[22626]: CTRL: Set parameters to 100000000 maxbps, 64 window size Dec 11 21:06:30 <HOSTNAME> pptpd[22626]: CTRL: Made a OUT CALL RPLY packet Dec 11 21:06:30 <HOSTNAME> pptpd[22626]: CTRL: Starting call (launching pppd, opening GRE) Dec 11 21:06:30 <HOSTNAME> pptpd[22626]: CTRL: pty_fd = 6 Dec 11 21:06:30 <HOSTNAME> pptpd[22626]: CTRL: tty_fd = 7 Dec 11 21:06:30 <HOSTNAME> pptpd[22626]: CTRL: I wrote 32 bytes to the client. Dec 11 21:06:30 <HOSTNAME> pptpd[22626]: CTRL: Sent packet to client Dec 11 21:06:30 <HOSTNAME> pptpd[22627]: CTRL (PPPD Launcher): program binary = /usr/sbin/pppd Dec 11 21:06:30 <HOSTNAME> pptpd[22627]: CTRL (PPPD Launcher): local address = 192.168.1.50 Dec 11 21:06:30 <HOSTNAME> pptpd[22627]: CTRL (PPPD Launcher): remote address = 192.168.1.51 Dec 11 21:06:30 <HOSTNAME> pppd[22627]: Plugin /usr/lib/pptpd/pptpd-logwtmp.so loaded. Dec 11 21:06:30 <HOSTNAME> pppd[22627]: pppd 2.4.5 started by root, uid 0 Dec 11 21:06:30 <HOSTNAME> pppd[22627]: Using interface ppp0 Dec 11 21:06:30 <HOSTNAME> pppd[22627]: Connect: ppp0 <--> /dev/pts/3 Dec 11 21:06:30 <HOSTNAME> pptpd[22626]: GRE: Bad checksum from pppd. Dec 11 21:06:31 <HOSTNAME> pptpd[22626]: CTRL: Received PPTP Control Message (type: 15) Dec 11 21:06:31 <HOSTNAME> pptpd[22626]: CTRL: Got a SET LINK INFO packet with standard ACCMs Dec 11 21:07:00 <HOSTNAME> pppd[22627]: LCP: timeout sending Config-Requests Dec 11 21:07:00 <HOSTNAME> pppd[22627]: Connection terminated. Dec 11 21:07:00 <HOSTNAME> avahi-daemon[1042]: Withdrawing workstation service for ppp0. Dec 11 21:07:00 <HOSTNAME> pppd[22627]: Modem hangup Dec 11 21:07:00 <HOSTNAME> pppd[22627]: Exit. Dec 11 21:07:00 <HOSTNAME> pptpd[22626]: GRE: read(fd=6,buffer=6075a0,len=8196) from PTY failed: status = -1 error = Input/output error, usually caused by unexpected termination of pppd, check option syntax and pppd logs Dec 11 21:07:00 <HOSTNAME> pptpd[22626]: CTRL: PTY read or GRE write failed (pty,gre)=(6,7) Dec 11 21:07:00 <HOSTNAME> pptpd[22626]: CTRL: Reaping child PPP[22627] Dec 11 21:07:00 <HOSTNAME> pptpd[22626]: CTRL: Client 82.132.248.216 control connection finished Dec 11 21:07:00 <HOSTNAME> pptpd[22626]: CTRL: Exiting now Dec 11 21:07:00 <HOSTNAME> pptpd[5803]: MGR: Reaped child 22626 As far as Cisco are concerned, all I need is ip nat source static tcp <SERVER LAN IP> 1723 interface FastEthernet4 1723 but of course this doesn't seem to the be helping the GRE traffic through as it should. Trying the connection to the LAN IP of the server from the same LAN as the server (behind the router), the PPTP connection works fine, so I'm confident that the server's config is ok. Furthermore, all I needed on my WAG320N was to open 1723 in the firewall. Here's my current router config: ! ! Last configuration change at 20:20:15 UTC Tue Dec 11 2012 by xxx version 15.2 no service pad service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname xxx ! boot-start-marker boot-end-marker ! ! enable secret 4 xxxx ! aaa new-model ! ! aaa authentication login local_auth local ! ! ! ! ! aaa session-id common ! memory-size iomem 10 ! crypto pki trustpoint TP-self-signed-xxx enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-xxx revocation-check none rsakeypair TP-self-signed-xxx ! ! crypto pki certificate chain TP-self-signed-xxx certificate self-signed 01 xxx quit ip gratuitous-arps ip auth-proxy max-login-attempts 5 ip admission max-login-attempts 5 ! ! ! ! ! ip domain list dmz.xxx.local ip domain list xxx.local ip domain name dmz.xxx.local ip name-server 192.168.1.x ip cef login block-for 3 attempts 3 within 3 no ipv6 cef ! ! multilink bundle-name authenticated license udi pid CISCO881-SEC-K9 sn xxx ! ! username admin privilege 15 secret 4 xxx username joe secret 4 xxx ! ! ! ! ! ip ssh time-out 60 ! ! ! ! ! ! ! ! ! interface FastEthernet0 no ip address ! interface FastEthernet1 no ip address ! interface FastEthernet2 no ip address ! interface FastEthernet3 switchport access vlan 2 no ip address ! interface FastEthernet4 ip address dhcp ip nat enable duplex auto speed auto ! interface Vlan1 ip address 192.168.1.x 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip nat enable ! interface Vlan2 ip address 192.168.0.x 255.255.255.0 ! ip forward-protocol nd ip http server ip http access-class 1 ip http authentication local ip http secure-server ! ! ip nat source list 1 interface FastEthernet4 overload ip nat source list 2 interface FastEthernet4 overload ip nat source static tcp 192.168.1.x 1723 interface FastEthernet4 1723 ! ! access-list 1 permit 192.168.0.0 0.0.0.255 access-list 2 permit 192.168.1.0 0.0.0.255 ! ! ! ! control-plane ! ! banner motd Authorized Access only ! line con 0 exec-timeout 15 0 login authentication local_auth line aux 0 exec-timeout 15 0 login authentication local_auth line vty 0 4 access-class 2 in login authentication local_auth length 0 transport input all ! ! end UPDATE 16/12/2012: The only progress that I have been able to make on this issue is that I'm confident that the issue is caused by the GRE tunnels (which are required for the PPTP connection to complete) are being blocked. When attempting a connection, I can see in show ip nat nvi translations that both a TCP translation on 1723 is setup and also a GRE translation is setup also. I appear to be able to see GRE related packets on the LAN that the server is on, so I am lead to believe that the server is sending(?) GRE packets, however running Wireshark on a client PC when attempting a connection shows absolutely no GRE packets. Whilst there are no configuration directives in my config posted above (that I can pin point) which would specifically block them, it would appear that the GRE packets are not being allowed in/out of the router's firewall, even though a NAT translation entry is setup to the server's LAN address. Would anyone be able to provide me with some help to ensure that GRE packets are not blocked by the router's firewall, so that this can be ruled out as a possible issue please?

    Read the article

  • Sonicwall NSA 240, Configured for LAN and DMZ, X0 and X2 on same switch - ping issues

    - by Klaptrap
    Our Sonicwall vendor supplied and networked the NSA240 when we required a DMZ in our infrastructure. This was configured and appeared correct although VPN users periodically dropped DNS and Terminal Services. The vendor could not resolve and so the call was escalated to Sonicwall. The Sonicwall support engineer took a look and concluded that the X0 (LAN) and X2 (DMZ) intefaces were cabled to the same switch and so this is the issue. What he observed is a ping request to the LAN Domain Controller, from a connected VPN user, is forwarded (x0) from the VPN client IP to the DC IP but the ping response from the DC IP to the VPN client IP is on X2, a copy of the log is detailed below:- 02/02/2011 10:47:49.272 X1*(hc) X0 192.168.1.245 192.168.1.8 IP ICMP -- FORWARDED 02/02/2011 10:47:49.272 -- X0* 192.168.1.245 192.168.1.8 IP ICMP -- FORWARDED 02/02/2011 10:47:49.272 X2*(i) -- 192.168.1.8 192.168.1.245 IP ICMP -- Received X0 - LAN X1 - WAN X2 - DMZ The Sonicwall engineer concluded that we either need a seperate switch for X2 or we use a VLAN switch for both. I am the companies software engineer and we have yet to have heard back from the vendor, so I am lost at sea at the moment. Do we need to buy this additional equipment or is there another configuration on the NSA240 we can use?

    Read the article

  • iptables secure squid proxy

    - by Lytithwyn
    I have a setup where my incoming internet connection feeds into a squid proxy/caching server, and from there into my local wireless router. On the wan side of the proxy server, I have eth0 with address 208.78.∗∗∗.∗∗∗ On the lan side of the proxy server, I have eth1 with address 192.168.2.1 Traffic from my lan gets forwarded through the proxy transparently to the internet via the following rules. Note that traffic from the squid server itself is also routed through the proxy/cache, and this is on purpose: # iptables forwarding iptables -A FORWARD -i eth1 -o eth0 -s 192.168.2.0/24 -m state --state NEW -j ACCEPT iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A POSTROUTING -t nat -j MASQUERADE # iptables for squid transparent proxy iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to 192.168.2.1:3128 iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128 How can I set up iptables to block any connections made to my server from the outside, while not blocking anything initiated from the inside? I have tried doing: iptables -A INPUT -i eth0 -s 192.168.2.0/24 -j ACCEPT iptables -A INPUT -i eth0 -j REJECT But this blocks everything. I have also tried reversing the order of those commands in case I got that part wrong, but that didn't help. I guess I don't fully understand everything about iptables. Any ideas?

    Read the article

  • Router block some sites

    - by Mahesha999
    Hi I was using ADSL Modem/Router earlier. The device is quite old Pronet PN-ADSL 101 E/U model (pics: http://bit.ly/P2YaWy, http://bit.ly/OA700l) Since it had only one RJ45 out, I bought new Wireless Router TPLink TL-WR941ND. It has 4 RJ45 out and 3 wireless antennas. I configured my old router in bridge. Now, if I have to connect my pc to Internet through the old router, I have to enter username and password. Then I connected the RJ45 output of old router to the WAN in of new router. and ran the CD of new router. It configured the new router in PPPoE by saving the username and password in router to dial automatically. So now I have to just plug in the wires in my new routers any RJ45 out. I am able to access the Internet when I connect through new router (both wired and wirelessly), but some sites are getting blocked. Most notably yahoo.com (though ymail.com is working), Microsoft.com. msn.com. These sites work perfectly fine when I connect my pc directly to my old router and enter username and password manually. (However others like google.com. facebook.com works fine when connect through new router) So here these some sites need some parameter set but I am unable to find them out. Can anyone help me. My friend said he also faced same problem. Surprisingly he advised me to see if the same websites will work through Opera turbo mode and boom they worked. So what could be the problem?

    Read the article

  • How do I access my samba drive through several layers of network topology?

    - by stephenmm
    I have a new windows 7 Home Premium machine that is in a different room than my main computer area. As such I have to use a bridge and another router. Everything is working wonderfully except I cannot access the SAMBA drive with the new machine. I know that SAMBA is accessible as an older WinXP machine can access it. A picture of my network would probably be helpfull: To ISP | | +---------------------------+ | WAN | | Cable Modem | | (2WIRE678) | | | | | +---------------------------+ | +---------------------------+ | | (|) (|) +-----------+ | Belkin Router | | | | Wireless | | (F5D) |--+ +--| WinXP | | | |SAMBA USER | | | +-----------+ +---------------------------+ | | | | +------------+ | | Ubuntu | | | Apache + | | |SAMBA Server| | +------------+ | | +---------------------------+ | | | Netgear Bridge | | (XET1001) | | | +---------------------------+ # # +---------------------------+ | | | Netgear Bridge | | (XET1001) | | | +---------------------------+ | +---------------------------+ | | | D-Link Router | | (DI-524) | | | | | +---------------------------+ | | | | +-----------+ | | | Win7 | |SAMBA USER?| +-----------+ More interesting data points: 1. I can ping the SAMBA server from the Win7 machine locally (Ie. 192.168.2.2) 2. I can access the webserver from the Win7 machine locally (Ie. 192.168.2.2) 3. I followed the advice to get Win7 and SAMBA to play nice: http://www.tannerwilliamson.com/2009/09/windows-7-seven-network-file-sharing-fix-samba-smb/ Sorry for being so long winded but it is kind of complex and I am really at a loss as to how to fix it. If any of you have some suggestions I would love to hear it!

    Read the article

  • OpenVZ with bridged interfaces and VLAN

    - by Deimosfr
    Hi, I've got a problem with OpenVZ with bridged VLAN. Here is my configuration: +------+ +-------+ +-----------+ +---------+ br0 |VE101 | | | | OpenBSD |----->| Debian |------->| | | WAN |--->| Router | | OpenVZ | +------+ | | | Firewall |----->| br0 br1 | br1 +------+ +-------+ +-----------+ +---------+------->|VE102 | |br0 | | |VLAN br0.110 +------+ v +---------+ |VE103.110| +---------+ I can't make VLAN work on br0 (br0.110) and I would like to understand why. I don't have any switch so no problem with unmanageable switch. I've configured a VLAN interface on OpenBSD in /etc/hostname.vlan110: inet 192.168.110.254 255.255.255.0 NONE vlan 110 vlandev sis1 And it seems to be working fine. I've also adapted my PF configuration to work with VLAN but I don't see any incoming traffic. On my Debian Lenny, here is my interfaces configuration : # The loopback network interface auto lo iface lo inet loopback # br0 auto br0 iface br0 inet static address 192.168.100.1 netmask 255.255.255.0 gateway 192.168.100.254 network 192.168.100.0 broadcast 192.168.100.255 bridge_ports eth0 bridge_fd 9 bridge_hello 2 bridge_maxage 12 bridge_stp off # VLAN 110 auto br0.110 iface br0.110 inet static address 192.168.110.1 netmask 255.255.255.0 network 192.168.110.0 gateway 192.168.110.254 broadcast 192.168.110.255 pre-up vconfig add br0 110 post-down vconfig rem br0.110 It looks OK, but when I start my VE, here is the message: ... Configure veth devices: veth103.0 Adding interface veth103.0 to bridge br0.110 on CT0 for VE103 can't add veth103.0 to bridge br0.110: Operation not supported VE start in progress... So I've got one error here. I've followed this documentation http://wiki.openvz.org/VLAN but it doesn't work. I've certainly missed something but I don't know why. Someone could help me please? Thanks

    Read the article

  • Vlaning on WNR3500L

    - by ageis23
    When I try connecting to my wireless network it attempts to connect then gives up. There's something strange going on with the mac's. The eternet switch and all the vlan interfaces have a mac 00:FF:FF:FF:FF:FF. config 'switch' 'eth0' option 'vlan0' '2 3 4 8*' option 'vlan1' '0 8' option 'vlan2' '1 8' config 'interface' 'loopback' option 'ifname' 'lo' option 'proto' 'static' option 'ipaddr' '127.0.0.1' option 'netmask' '255.0.0.0' config 'interface' 'lan' option 'type' 'bridge' option 'ifname' 'eth0.1' option 'proto' 'static' option 'netmask' '255.255.255.0' option 'ipaddr' '192.168.2.1' option 'ip6addr' '' option 'gateway' '192.168.1.253' option 'ip6gw' '' option 'dns' '' config 'interface' 'wan' option 'ifname' 'eth0' option 'proto' 'dhcp' option 'ipaddr' '192.168.1.8' option 'ip6addr' '' option 'netmask' '255.255.255.0' option 'gateway' '192.168.1.253' option 'ip6gw' '' option 'dns' '192.168.1.253' config 'interface' 'dmz' option 'ifname' 'eth0.2' option 'proto' 'static' option 'ipaddr' '192.168.0.1' option 'netmask' '255.255.255.0' Any help on this will be greatly appreciated! When I try setting the mac using macaddr it does nothing. It works perfectly fine when I turn the authentication off. I've also discovered that when wpa2 is switched on I don't receive a association reply from ap. thats my hostapd.conf interface=eth1 driver=broadcom bridge=br-lan ssid=O2BB3 wpa=2 wpa_passphrase=prettywoman wpa_key_mgmt=WPA-PSK rsn_pairwise=CCMP Btw that password is only temporary while am testing.

    Read the article

  • Windows VPN for remote site connection drawbacks

    - by Damo
    I'm looking for some thoughts on a particular way of setting up a estate of machines. We have a requirement to install machines into unmanned, remote locations. These machines will auto login and perform tasks controlled from a central server. In order to manage patching, AV, updates etc I want these machines to be joined to a dedicated domain for this estate. Some of the locations will only have 3G connectivity (via other hardware), others will be located on customer premises in internal networks. The central server (of ours) and the Domain Controller will be on a public WAN. I see two ways of facilitating this. Install a router at each location and have a site to site VPN between the remove device and the data centre where the servers are location Have the remote machine dial up and authenticate via a Windows VPN connection to the DC via RAS Option one is more costly to setup and has a higher operational cost. It also offers better diagnostics if the remote PC goes down. Option two works well but is solely dependent on the VPN connection been made before any communication can be made to the remote machine. In a simple test, I can got a Windows 7 machine to dial a VPN prior to authentication to a domain, then automatically login to the machine using domain credentials. If the VPN connection drops, it redials. I can also create a timed task to auto connect every hour in case of other issues. I'd like to know, why (if at all) is operating a remote network of devices which are located in various out of band locations in this way a bad idea? Consider 300-400 remote machines all at different sites. I'd rather have 400 VPN connections to a 2008 server than 400 routers, however I'd like to know other opinions on this.

    Read the article

  • Linux server: Dropped packets

    - by Lars
    I see dropped packets using ifconfig on my eth0 interface: eth0 Link encap:Ethernet HWaddr 00:15:17:0d:03:ca inet addr:10.0.1.2 Bcast:10.0.1.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:9000 Metric:1 RX packets:30268348 errors:0 dropped:70721 overruns:0 frame:0 TX packets:133076885 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:8699434077 (8.6 GB) TX bytes:194937313025 (194.9 GB) Interrupt:16 Memory:feae0000-feb00000 When i use ethtool -S i dont see anything wrong: NIC statistics: rx_packets: 30267138 tx_packets: 133074510 rx_bytes: 8699356158 tx_bytes: 194934147340 rx_broadcast: 35296 tx_broadcast: 5435 rx_multicast: 0 tx_multicast: 0 rx_errors: 0 tx_errors: 0 tx_dropped: 0 multicast: 0 collisions: 0 rx_length_errors: 0 rx_over_errors: 0 rx_crc_errors: 0 rx_frame_errors: 0 rx_no_buffer_count: 0 rx_missed_errors: 0 tx_aborted_errors: 0 tx_carrier_errors: 0 tx_fifo_errors: 0 tx_heartbeat_errors: 0 tx_window_errors: 0 tx_abort_late_coll: 0 tx_deferred_ok: 0 tx_single_coll_ok: 0 tx_multi_coll_ok: 0 tx_timeout_count: 0 tx_restart_queue: 0 rx_long_length_errors: 0 rx_short_length_errors: 0 rx_align_errors: 0 tx_tcp_seg_good: 5757001 tx_tcp_seg_failed: 0 rx_flow_control_xon: 8649 rx_flow_control_xoff: 62072 tx_flow_control_xon: 0 tx_flow_control_xoff: 0 rx_long_byte_count: 8699356158 rx_csum_offload_good: 30212111 rx_csum_offload_errors: 0 rx_header_split: 10857552 alloc_rx_buff_failed: 0 tx_smbus: 0 rx_smbus: 0 dropped_smbus: 0 rx_dma_failed: 0 tx_dma_failed: 0 I am running Ubuntu 12.04 with kernel 3.2.0-30-generic #48-Ubuntu SMP I have pinged every device on my internal network for about 24 hours, without packet loss. Also checked my router and my interface to the WAN, also no errors there. Does anyone have any clue?

    Read the article

  • How can I connect my Xbox to my Mac on my network

    - by codecowboy
    I have a wireless router/modem (Router 1) in my living room. This is connected to the internet (cable). Wireless is disabled as the router has a terrible wireless range. My Xbox is connected via ethernet to Router 1. Another LAN output from Router 1 connects to a powerline adapter. Router 1 acts as a DHCP server on 192.168.0.x and has the IP 192.168.0.1 In a second room I have Router 2. This has the powerline feed from Router 1 going into the WAN socket. This router runs the Tomato Firmware and acts as a wireless router for the rest of the house using the IP range 192.168.1.x. Router 2 IP is 192.168.1.1. My Mac is connected to Router 2 using a LAN cable and has the IP 192.168.0.133. Several mobile devices need wireless access. I want an ethernet connection to my Mac, not wireless. I should be able to use software like Connect360 to share media from my Mac to the XBox but the XBox does not see my Mac. I can ping 192.168.0.1 from the Mac. Is this possible using my current setup? If so, how?

    Read the article

< Previous Page | 23 24 25 26 27 28 29 30 31 32 33  | Next Page >