Search Results

Search found 10810 results on 433 pages for 'port forwarding'.

Page 277/433 | < Previous Page | 273 274 275 276 277 278 279 280 281 282 283 284 | Next Page >

How can I secure Postgres for remote access when not in a private network?

- by orokusaki

I have a database server on a VMWare VM (Ubuntu 12.04.1 LTS server), and it just occurred to me that the server is accessible via the web, since the same physical server contains a VM that hosts public websites. My iptables in the database are such that only SSH traffic, loopback traffic, and TCP on port 5432 are allowed. I will only allow host access to the Postgres server from the IP of the other VM on the same physical machine. Does this seem sufficient for security, assuming there aren't gaping holes in my general OS configuration, or is Postgres one of those services that should never be web facing, (assuming there are some of "those"). Will I need to use hostssl instead of host in my pg_hba.conf, even though the data will travel only on my own network, presumably?

Read the article
SMTP error 503 when sending mail with Windows Mail & Mobile Me:

- by Marty Pitt

I've started getting an error on my windows machine when sending an email through Windows Mail, using Mobile Me: An unknown error has occurred. Subject 'Test' Server Error: 503 Server Response: 503 5.7.0 TLS already in use. Server: 'smtp.me.com' Windows Live Mail Error ID: 0x800CCC65 Protocol: SMTP Port: 587 Secure(SSL): Yes I've checked and double-checked my credentials, and outbound mail settings, and they're correct. I've deleted and re-added the account, and I get the same issue. I'm able to receive email fine. Note - this issue only affects one PC - my laptop has no issues. Any suggestions on what Error 503 means, or how I would fix this?

Read the article
Can't run node.js script on server reboot

- by webstyle

I need to listen events on port 3240 and I'm using node.js for that purpose. I need to execute my script with forever tool. I also need to run forever on server reboot. When I run forever glh.js everything works: forever list says there is a running process. But when I'm trying to run forever on server reboot I can't get it working. I've created a file in /etc/init.d with the following content: #!/bin/bash /var/www/yan/data/gitlabhook/runglh.sh &>/var/www/yan/data/gitlabhook/runglh.log When I reboot the server, the output log is the following (the same as when I run it manually via console): info: Forever processing file: glh.js But in this case forever doesn't start a process. forever list outputs: info: No forever processes running

Read the article
how to split a pcap file into a set of smaller ones

- by facha

I have a huge pcap file (generated by tcpdump). When I try to open it in wireshark, the program just gets unresponsive. Is there a way to split a file in set of smaller ones to open them one by one? The traffic captured in a file is generated by two programs on two servers, so I can't split the file using tcpdump 'host' or 'port' filters. I've also tried linux 'split' command :-) but with no luck. Wireshark wouldn't recognize the format.

Read the article
Apache vs Lighttpd: Weird behavior in reverse proxy mode.

- by northox

Context: I have an Apache server running in reverse proxy mode in front of a Tomcat java server. It handle HTTP and HTTPS and send those request back and forth to the Tomcat server on an internal HTTP port. Goal: I'm trying to replace the reverse proxy with Lighttpd. Problem: while asking for the same HTTPS url, while using Apache as the reverse proxy, the Tomcat server redirect (302) to an HTTPS page but with Lighttpd it redirect to the same page in HTTP (not HTTPS). Question: What does Lighttpd could do different in order to have a different result from the backend server? In theory, using Apache or Lighttpd server as a reverse proxy should not change anything... but it does. Any idea? I'll try to find something by sniffing the traffic on the backend tomcat server.

Read the article
Gathering IP's from a complicated log

- by Harry

I have a question regarding the use of some more advanced grep, awk, sed. I have a log file, for a proprietary MTA, that contains IP's in a string, delimited by [redacted]^~x.x.x.x^[redacted]. So far all of my grepping, awking, and sedding hasn't gotten me very far. This log file has 331520 lines in it. My goal was to simply grep out the ip's, then do a for loop with sed, to sed 's/$i/redacted'. I'm including a sample of one of the log entries. If you all have any idea, I would be greatly appreciative. Jun 4 15:21:52 host.name mta-name: 13388^~88/CC-04671-FCA0DCF4^~D^~<redactedmessageid>^~@^[email protected]^~redacted.hostname^~000.00.000.000^~port^~esmtp^~^~external_routing_nobounce^~0^~0.51^~subjectofmessage^~250 2.6.0 <redactedmessageid> [InternalId=2178458] Queued mail for delivery

Read the article
MySQL Workbench sends computer name with login not IP

- by Android Addict

I am attempting to connect MySQLWorkbench to a remote MySQL Server. The server has granted access to user@IPAddress However, when I try to connect MySQLWorkbench, it sends user@computername instead. How do I configure the connection to use the IP address instead in MySQLWorkbench? Reference: The remote server is on the local network, so I need to use the local IP address assigned to my client. EDIT What I have tried so far: from the server: mysql -u user@IPAddress -p --host=(ServerIPAddress) Returns: mysql> So that tells me the user account is operational. Furthermore, I confirmed it exists using: select user from mysql.user; returning a table of all users, of which the user I am using is present. I have also opened the port 3306: sbin/iptables -A INPUT -i eth0 -s clientIPAddress -p tcp --destination-port3306 -j ACCEPT Still I encounter Access Denied

Read the article
Is there a Linux-compatible R/C simulator that works with real radios?

- by Norman Ramsey

My Dad flies radio-controlled (R/C) aircraft. He used to run a simulator called "RealFlight" which allowed him to connect his actual radio to his computer and fly simulated craft. He learned enough to fly actual planes, but he wants to move up from "trainer" aircraft to higher-performance craft. After some crashes, he'd like to go back to the simulator for a while. The catch: he's given up Windows and is now running Ubuntu. Question: is there an R/C flight simulator that Runs on Ubuntu? Allows you to connect your radio and use it to control the simulator, preferably through a USB port?

Read the article
Can I use PLink and Pageant with Cygwin's ssh?

- by Jerph

I'm now using msysgit because of the GUI tools, which use Putty's Pageant and PLink utilities, but I use Cygwin as a general SSH terminal. I had been using ssh-agent on Cygwin, but that means I have to enter my SSH key passphrases for both SSH key managers. Is it possible to configure all my Unix-port tools (msys, git, cygwin, Ruby Net:SSH, etc.) to use PLink/Pageant instead of ssh-agent? It seems that's the kind of thing PLink was made for, but I can't find documentation on how.

Read the article
Configuring gmail for use on mailing lists

- by reemrevnivek

This is really two questions in one. First, are nettiquette guidelines still accurate in their restrictions on ASCII vs. HTML, posting style, and line length? (Here's a recent metafilter discussion of the topic.) Second, If they are not, should these guidelines be respected? If they are (or if they should still be respected), how can modern mail programs be configured to work properly with them? Most mailing list etiquette statements appear to have been written by sysadmins who loved their command lines, and refuse to change anything. Many still reference rfc1855, written in 1995. Just reading that paginated TXT should give you an idea of the climate at the time. Here's a short, fairly random list of mailing list etiquette statements with some extracted formatting guidelines: Mozilla - HTML discouraged, interleaved posting. FreeBSD - No HTML, don't top post, line length at 75 characters. Fedora - No HTML, bottom-post. You get the idea. You've all seen etiquette statements before. So, assuming that the rules should be obeyed (Usually a good idea), what can be done to allow me to still use a modern mail program, and exchange mail with friends who use the same programs? We like to format our mail. Bold headings, code snippets (sometimes syntax highlighted, if the copy-paste pulls RTF text as from XCOde and Eclipse), free line breaks determined by your browser width, and the (very) occasional image make the message easier to read. Threaded conversations are a wonderful thing. Broadband connections are, I'm sure, the rule for most of the users of SU and of developer mailing lists, disk space is cheap, and so the overhead of HTML is laughable. However, I don't want to post a question to a mailing list and have the guru who can answer my question automatically delete it, or come off as uncaring. Until I hear otherwise, I'll continue to respect the rules as best I can. For a common example of the problem, Gmail, by default, sends HTML formatted messages with bottom-posted quotes (which are folded in, just read the last message immediately above), and uses the frame width to wrap lines, rather than a character count. ASCII can be selected, and quotes can be moved and reversed, but line wraps of quotes don't work, line breaks are tedious to add (and more tedious to read, if they're super small in comparison to the width of the frame). Is there a forwarding, free mail program which can help with this exercise? Should an "RFC1855 mode" lab be written? Or do I have to go to the command line for my mailing lists, and gmail for my other mail?

Read the article
Home-Router: Access internal server using external ip [migrated]

- by user15863

If I've got a typical home router -- say a Net Gear -- which has certain ports forwarded to a internal server, is there a way to tweak the router to let me access that internal server using the external IP address from within the same network? Is there a non-enterprise grade router that can handle this type of thing? In case that was strangely worded, let me re-phrase with an example. My external IP is 1.2.3.4. My internal server is 10.4.3.100 Port 1178 is being forwarded from the router to 10.4.3.100. I'd like to be able to be able to hit 10.4.3.100 from an internal ip of 10.4.3.10 by using the external ip of 1.2.3.4. Possible?

Read the article
How to use IIS as a trusted proxy for ActiveDirectory SSO?

- by brofield

I'm trying to add Active Directory single-sign-on support to an existing SOAP server. The server can be configured to accept a trusted reverse-proxy and use the X-Remote-User HTTP header for the authenticated user. I want to configure IIS to be the trusted proxy for this service, so that it handles all of the Active Directory authentication for the SOAP server. Basically IIS would have to accept HTTP connections on port X and URL Y, do all the authentication, and then proxy the connection to a different server (most likely the same X and Y). Unfortunately, I have no knowledge of IIS or AD (so I am trying my best to learn enough to build this solution) so please be gentle. I would assume that this is not an uncommon scenario, so is there some easy way to do this? Is this sort of functionality built into IIS or do I need to build some sort of IIS proxy program myself? Is there a better option for getting the authentication done and the X-Remote-User HTTP header set than requiring IIS?

Read the article
Drawbacks of installing linux on usb stick?

- by Znarkus

I am setting up a router/nas/http/whatever server based on an ION mini-ITX board. I've installed Ubuntu Server on an old 160 GB drive, but it generates a lot more heat and vibrates more than my other new drive (storage). It just doesn't fit the concept, and worse: it takes up a SATA port. As SSD's are crazy expensive I'm thinking of buying an extra 4 GB USB stick, and raid0 it. From my point of view, these are the pros/cons: Pros Low power consumption No vibrations No heat Smaller Get to buy new, larger USB stick (:D) Cons Shorter life time Slower Raid 0 More work maintaing/installing? I think the pros overweighs the cons. Shorter life time and raid 0 is countered by regular backups of the configs/settings. Slower is partially countered by raid 0, and I don't know about the last one. What do You think? Experience? Another solution?

Read the article
Can't telnet to SQL Server

- by Thiago

Hi there, I have an SQL Server running on a computer, and I'm trying to access it from another computer in the same local network (potentially VPN, since it's located in a datacenter). The point is that I can't even telnet to the port in which SQL Server is listening. And yes, SQL Server is working, since I can telnet to it from my workstation. I think it's something in the host, since there's no hop between the two computers, but I don't know how to troubleshoot this. Basically I get a connection failed, when I try to telnet. What can cause such problem, since apparently there's no firewall and the server is accepting connections from other computers? Thanks in advance

Read the article
monitoring nfs with monit

- by Josh Nankin

I'd like to monitor NFS mounts and the NFS server process using Monit. On the server, I'd need a PID file, but I can't seem to find a way of getting that created with existing configuration files. Is there a way to do this, or has anyone monitored the server in a different way (checking if port 53 is active, etc). On clients, I was thinking of making Monit simply look for a specific file in an NFS mount, and if it's accessible, all is well. Problem is, if the NFS server does go down, file requests usually hang (perhaps even indefinitely, not sure). How would one get around this issue with monit? Any configuration examples would be greatly appreciated!

Read the article
What causes "All-in-one USB Card Reader" to create 6 drives that always appear in Disk Management?

- by tim11g

I installed a "All-in-one USB Card Reader" to read SD cards and other media. It has caused six new drives to appear in Disk Management with six new drive letter assignments. These drives and letters are always present, even when there are no cards in the reader. When unused, they are labeled "No Media". Why does this multifunction reader cause these phantom Disks to appear and consume drive letters? Every USB port can (and does) allow removable media to be mounted and assigned a drive letter, and the drive letter assignment "disappears" when the USB drive is removed. Why are these card reader's drives and letters staying allocated permanently? Is there anything that can be done to make the slots work like a typical USB drive? (The reader is in fact connected to USB).

Read the article
New standalone ESXi 5 deployments - USB versus SD card?

- by ewwhite

Now that the old full VMWare ESX with service console is no longer, I'm redeploying some standalone ESXi servers. I'm using HP ProLiant ML and DL G6 and G7 servers. Does it make more sense to utilize the internal USB port for ESXi or the internal SD card slot? I'm using the HP ESXi 5 build, but am not sure what the recommended practice is. Any recommendations on cards/USB drives for this purpose? BTW - these will be all-in-one storage servers with the onboard disk storage presented via PCIe passthrough.

Read the article
Httpd restart "Address already in use" error

- by mtndesign

I have an .rpm, which I created. In its %post part, I do some stuff, and in the end of this script, i call service httpd restart. It gives the following error: + service httpd restart Stopping httpd: [FAILED] Starting httpd: (98)Address already in use: make_sock: could not bind to address [::]:81 (98)Address already in use: make_sock: could not bind to address 0.0.0.0:81 no listening sockets available, shutting down Unable to open logs [FAILED] I got this from the rpm verbose installing (-vv). So I know its about httpd restart itself, nothing else. The according to netstat only one process (httpd) is listening on port 81. $ sudo netstat -nlp | grep 81 tcp 0 0 :::81 :::* LISTEN 29670/httpd I don't understand, why running http FAILS at stop, and FAILS again in start. Any ideas how to solve this?

Read the article
Anyone love/hate the PowerConnect line of switches from Dell?

- by Rob Bergin

I am looking at replacing some unmanaged 16 port store bought GB switches and wanted to go with Cisco but it may be cost prohibitive. Instead I am looking at ProCurve or Dell's PowerConnect line up. I am looking for SNMP, Management, VLANs, and SFLOW would icing on the switch cupcake. I would get the 6224 or the 6248 and then maybe add the RPS-600 to it for redundant power. I think the RPS-600 supports multiple switches. Rackspace is also a little challenge so I am trying to do it with as little Rack Units as possible. Ideally I would go with two 6224's or a single 6248 and then do two VLANs. Thanks for any feedback. Rob

Read the article
Reverse lookup SERVFAIL

- by Quan Tran

I just set up a DNS server and a web server using Virtualbox. The IP address of the DNS server is 192.168.56.101 and the web server 192.168.56.102. Here are my configuration files for the DNS server: named.conf: // // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // options { directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; //query-source address * port 53; //forward first; forwarders { 8.8.8.8; 8.8.4.4; }; listen-on port 53 { 127.0.0.1; 192.168.56.0/24; }; allow-query { localhost; 192.168.56.0/24; }; recursion yes; dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; }; logging { channel default_debug { file "data/named.run"; severity debug 10; print-category yes; print-time yes; print-severity yes; }; }; zone "quantran.com" in { type master; file "named.quantran.com"; }; zone "56.168.192.in-addr.arpa" in { type master; file "named.192.168.56"; allow-update { none; }; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key"; named.quantran.com: $TTL 86400 quantran.com. IN SOA dns1.quantran.com. root.quantran.com. ( 100 ; serial 3600 ; refresh 600 ; retry 604800 ; expire 86400 ) IN NS dns1.quantran.com. dns1.quantran.com. IN A 192.168.56.101 www.quantran.com. IN A 192.168.56.102 named.192.168.56: $TTL 86400 $ORIGIN 56.168.192.in-addr.arpa. @ IN SOA dns1.quantran.com. root.quantran.com. ( 100 ; serial 3600 ; refresh 600 ; retry 604800 ; expire 86400 ) ; minimum IN NS dns1.quantran.com. 101.56.168.192.in-addr.arpa. IN PTR dns1.quantran.com. 102 IN PTR www.quantran.com. When I try a normal lookup from the host (I configured so that the only nameserver the host uses is the DNS server 192.168.56.101): quan@quantran:~$ host www.quantran.com www.quantran.com has address 192.168.56.102 quan@quantran:~$ host dns1.quantran.com dns1.quantran.com has address 192.168.56.101 But when I try a reverse lookup: quan@quantran:~$ host -v 192.168.56.101 192.168.56.101 Trying "101.56.168.192.in-addr.arpa" Using domain server: Name: 192.168.56.101 Address: 192.168.56.101#53 Aliases: Host 101.56.168.192.in-addr.arpa not found: 2(SERVFAIL) Received 45 bytes from 192.168.56.101#53 in 0 ms quan@quantran:~$ host -v 192.168.56.102 192.168.56.101 Trying "102.56.168.192.in-addr.arpa" Using domain server: Name: 192.168.56.101 Address: 192.168.56.101#53 Aliases: Host 102.56.168.192.in-addr.arpa not found: 2(SERVFAIL) Received 45 bytes from 192.168.56.101#53 in 0 ms So why can't I perform a reverse lookup? Anything wrong with the zone configuration files? Thanks in advance :) Oh, here is the output from the log file /var/named/data/named.run when I perform the reverse lookup: quan@quantran:~$ host 192.168.56.102 192.168.56.101 Using domain server: Name: 192.168.56.101 Address: 192.168.56.101#53 Aliases: Host 102.56.168.192.in-addr.arpa not found: 2(SERVFAIL) /var/named/data/named.run: 02-Jun-2014 15:18:11.950 client: debug 3: client 192.168.56.1#51786: UDP request 02-Jun-2014 15:18:11.950 client: debug 5: client 192.168.56.1#51786: using view '_default' 02-Jun-2014 15:18:11.950 security: debug 3: client 192.168.56.1#51786: request is not signed 02-Jun-2014 15:18:11.950 security: debug 3: client 192.168.56.1#51786: recursion available 02-Jun-2014 15:18:11.950 client: debug 3: client 192.168.56.1#51786: query 02-Jun-2014 15:18:11.950 client: debug 10: client 192.168.56.1#51786: ns_client_attach: ref = 1 02-Jun-2014 15:18:11.950 query-errors: debug 1: client 192.168.56.1#51786: query failed (SERVFAIL) for 102.56.168.192.in-addr.arpa/IN/PTR at query.c:5428 02-Jun-2014 15:18:11.950 client: debug 3: client 192.168.56.1#51786: error 02-Jun-2014 15:18:11.950 client: debug 3: client 192.168.56.1#51786: send 02-Jun-2014 15:18:11.950 client: debug 3: client 192.168.56.1#51786: sendto 02-Jun-2014 15:18:11.951 client: debug 3: client 192.168.56.1#51786: senddone 02-Jun-2014 15:18:11.951 client: debug 3: client 192.168.56.1#51786: next 02-Jun-2014 15:18:11.951 client: debug 10: client 192.168.56.1#51786: ns_client_detach: ref = 0 02-Jun-2014 15:18:11.951 client: debug 3: client 192.168.56.1#51786: endrequest 02-Jun-2014 15:18:11.951 client: debug 3: client @0xb537e008: udprecv Also, I made some changes to the log section in named.conf.

Read the article
VirtualBox in production?

- by MrG

I'm planning to move a service which is currently powered by Debian into a VirtualBox. That would allow us to easily port it i.e. to a faster machine if required. The setup would be: debian host > Virtual Box #1 > debian instance #1 running Apache & application > Virtual Box #2 > debian instance #2 containing database Do you have any experience with a production setup based on Virtual Box? Is it stable and fast enough? Many thanks!

Read the article
Apache can't connect to LDAP server

- by jldugger

I'm tying SVN to LDAPS by way of Apache. I've run openssl s_client --host $host --port 636 and received an SSL certificate, so it doesn't appear to be a firewall problem. I get the following warning: [Fri Apr 02 07:38:15 2010] [warn] [client <ip withheld>] [590] auth_ldap authenticate: user jldugger authentication failed; URI /internal-svn [LDAP: ldap_simple_bind_s() failed][Can't contact LDAP server] "Can't contact LDAP server" is somewhere between vague and wrong. I'm at a loss on how to continue debugging this. Ideas?

Read the article
Remote logging for multiple Apache virtual hosts using syslog-ng

- by James

I'm running a couple Apache web servers that each have 4-8 separate virtual hosts on each of them. I'm trying to setup a dedicated log server that stores each virtual host access and errors logs in a separate directory for that virtual host. For example on the logging server, /var/log/remove/10.0.0.2/virtualhost1 contains access_log and error_log /var/log/remove/10.0.0.2/virtualhost2 contains access_log and error_log /var/log/remove/10.0.0.3/virtualhost3 contains access_log and error_log and so on... Right now I have it split up by host but I can't figure out how to do it additionally by virtual host. Here are the relevant lines from the logging server's syslog-ng.conf source r_src { tcp(ip("0.0.0.0") port(5140)); }; destination r_all { file("/opt/splunk/logs/$HOST"); }; log { source(r_src); destination(r_all); }; Any help would be appreciated. Thanks!

Read the article
Websphere SSL handshake with active directory cluster

- by ring bearer

We have a WebSphere based application that uses Active Directory(AD) based security configurations. Under WebSphere "Global security" we have configured the active directory server and connection parameters. Active directory server is actually a cluster of four servers, say, serverdc01, serverdc02,serverdc03 and serverdc04. Each of these servers have their own root certificate with CN=serverdc01, CN=serverdc02 ..so on. So to set up SSL communication, I need to retrieve certificate of active directory and save it in WebSphere's trust store. When I retrieve certificate by putting AD server name, port and retrieve certificate I randomly get certificate of one of the serverdc01,serverdc02 ... Then I save that certificate to trust store. Question is : Do I have to save certificate from each of the serverdc01,serverdc02 ...in cluster to WebSphere's trust store? What are general strategies so that each server in the cluster does not require its own root certificate?

Read the article
How to use Client for NFS on Windows Vista?

- by netvope

I've installed "Client for NFS" on my 32-bit Windows Vista Ultimate. However, I can't find it in the start menu, and can't find any documentation on how to use it. How do I connect to a NFS share using "Client for NFS"? Can I map it to a drive letter? How do I choose connection options, such as my uid/gid, mount as read-only, port number, etc? Ideally I would like to map a NFS share using the command line. You may also suggest alternatives to "Client for NFS".

Read the article

< Previous Page | 273 274 275 276 277 278 279 280 281 282 283 284 | Next Page >