Search Results

Search found 1177 results on 48 pages for 'ips'.

Page 3/48 | < Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

• hardening a server: disallow password-login for sudoers and log unusual ips

  - by Fabian Zeindl

  Two question regarding sudo-login into an ubuntu-system (debian tips welcome as well): Is it possible to require sudoers on my box to only login with publickey-authentication? Is it possible to log which ip sudoers log in from and check that for "unusual activity" or take actions? I'm thinking about temporarily removing sudo-rights if sudoers don't log in from whitelisted IPs. Or is that too risky to be exploited?

  Read the article

• Wifi range issues and intermittent dropouts, Thinkpad Edge

  - by jimbo

  If I am more than a couple of metres from my access point (and I'm seeing this across various APs) with my newish Thinkpad Edge 15, running 10.10, the wifi performance becomes ... flaky. When this is happening, I see the following in dmesg, although I'm not sure if it's related: [ 2497.011099] intel ips 0000:00:1f.6: CPU power or thermal limit exceeded [ 2502.012711] intel ips 0000:00:1f.6: CPU power or thermal limit exceeded [ 2507.009254] intel ips 0000:00:1f.6: CPU power or thermal limit exceeded [ 2512.008367] intel ips 0000:00:1f.6: CPU power or thermal limit exceeded [ 2517.007467] intel ips 0000:00:1f.6: CPU power or thermal limit exceeded [ 2522.006558] intel ips 0000:00:1f.6: CPU power or thermal limit exceeded [ 2527.008157] intel ips 0000:00:1f.6: CPU power or thermal limit exceeded [ 2532.007251] intel ips 0000:00:1f.6: CPU power or thermal limit exceeded [ 2537.003838] intel ips 0000:00:1f.6: CPU power or thermal limit exceeded [ 2542.005427] intel ips 0000:00:1f.6: CPU power or thermal limit exceeded [ 2547.004496] intel ips 0000:00:1f.6: CPU power or thermal limit exceeded [ 2552.003611] intel ips 0000:00:1f.6: CPU power or thermal limit exceeded lspci -vvv has the following to say about my wireless adapter: 03:00.0 Network controller: Intel Corporation Centrino Wireless-N 1000 Subsystem: Intel Corporation Centrino Wireless-N 1000 BGN Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR+ FastB2B- DisINTx- Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx- Latency: 0, Cache Line Size: 64 bytes Interrupt: pin A routed to IRQ 49 Region 0: Memory at f0500000 (64-bit, non-prefetchable) [size=8K] Capabilities: <access denied> Kernel driver in use: iwlagn Kernel modules: iwlagn If I get within a couple of metres of the access point, I still see that output in dmesg, but the connection stabilises. My question is threefold: how do I get better wifi range, what can/should I do about those messages in dmesg, and most crucially, are the two related? As ever let me know if there's other information that would help! Edit: I am using this machine in exactly the same locations I used my previous Thinkpad (T61) running various older versions of Ubuntu, so I definitely feel there is something wrong, rather me having unreasonable expectations of range!

  Read the article

• iptables not allowing mysql connections to aliased ips?

  - by Curtis

  I have a fairly simple iptables firewall on a server that provides MySQL services, but iptables seems to be giving me very inconsistent results. The default policy on the script is as follows: iptables -P INPUT DROP I can then make MySQL public with the following rule: iptables -A INPUT -p tcp --dport 3306 -j ACCEPT With this rule in place, I can connect to MySQL from any source IP to any destination IP on the server without a problem. However, when I try to restrict access to just three IPs by replacing the above line with the following, I run into trouble (xxx=masked octect): iptables -A INPUT -p tcp --dport 3306 -m state --state NEW -s 208.XXX.XXX.184 -j ACCEPT iptables -A INPUT -p tcp --dport 3306 -m state --state NEW -s 208.XXX.XXX.196 -j ACCEPT iptables -A INPUT -p tcp --dport 3306 -m state --state NEW -s 208.XXX.XXX.251 -j ACCEPT Once the above rules are in place, the following happens: I can connect to the MySQL server from the .184, .196 and .251 hosts just fine as long as am connecting to the MySQL server using it's default IP address or an IP alias in the same subnet as the default IP address. I am unable to connect to MySQL using IP aliases that are assigned to the server from a different subnet than the server's default IP when I'm coming from the .184 or .196 hosts, but .251 works just fine. From the .184 or .196 hosts, a telnet attempt just hangs... # telnet 209.xxx.xxx.22 3306 Trying 209.xxx.xxx.22... If I remove the .251 line (making .196 the last rule added), the .196 host still can not connect to MySQL using IP aliases (so it's not the order of the rules that is causing the inconsistent behavior). I know, this particular test was silly as it shouldn't matter what order these three rules are added in, but I figured someone might ask. If I switch back to the "public" rule, all hosts can connect to the MySQL server using either the default or aliased IPs (in either subnet): iptables -A INPUT -p tcp --dport 3306 -j ACCEPT The server is running in a CentOS 5.4 OpenVZ/Proxmox container (2.6.32-4-pve). And, just in case you prefer to see the problem rules in the context of the iptables script, here it is (xxx=masked octect): # Flush old rules, old custom tables /sbin/iptables --flush /sbin/iptables --delete-chain # Set default policies for all three default chains /sbin/iptables -P INPUT DROP /sbin/iptables -P FORWARD DROP /sbin/iptables -P OUTPUT ACCEPT # Enable free use of loopback interfaces /sbin/iptables -A INPUT -i lo -j ACCEPT /sbin/iptables -A OUTPUT -o lo -j ACCEPT # All TCP sessions should begin with SYN /sbin/iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP # Accept inbound TCP packets (Do this *before* adding the 'blocked' chain) /sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # Allow the server's own IP to connect to itself /sbin/iptables -A INPUT -i eth0 -s 208.xxx.xxx.178 -j ACCEPT # Add the 'blocked' chain *after* we've accepted established/related connections # so we remain efficient and only evaluate new/inbound connections /sbin/iptables -N BLOCKED /sbin/iptables -A INPUT -j BLOCKED # Accept inbound ICMP messages /sbin/iptables -A INPUT -p ICMP --icmp-type 8 -j ACCEPT /sbin/iptables -A INPUT -p ICMP --icmp-type 11 -j ACCEPT # ssh (private) /sbin/iptables -A INPUT -p tcp --dport 22 -m state --state NEW -s xxx.xxx.xxx.xxx -j ACCEPT # ftp (private) /sbin/iptables -A INPUT -p tcp --dport 21 -m state --state NEW -s xxx.xxx.xxx.xxx -j ACCEPT # www (public) /sbin/iptables -A INPUT -p tcp --dport 80 -j ACCEPT /sbin/iptables -A INPUT -p tcp --dport 443 -j ACCEPT # smtp (public) /sbin/iptables -A INPUT -p tcp --dport 25 -j ACCEPT /sbin/iptables -A INPUT -p tcp --dport 2525 -j ACCEPT # pop (public) /sbin/iptables -A INPUT -p tcp --dport 110 -j ACCEPT # mysql (private) /sbin/iptables -A INPUT -p tcp --dport 3306 -m state --state NEW -s 208.xxx.xxx.184 -j ACCEPT /sbin/iptables -A INPUT -p tcp --dport 3306 -m state --state NEW -s 208.xxx.xxx.196 -j ACCEPT /sbin/iptables -A INPUT -p tcp --dport 3306 -m state --state NEW -s 208.xxx.xxx.251 -j ACCEPT Any ideas? Thanks in advance. :-)

  Read the article

• What is needed to use anycast IPs?

  - by coredump

  So, there're a bunch of questions on SF about the uses and how anycast IPs are cool. My approach is something more practical. What specifically I need to have to use one of those addresses? Do I need to be an AS (Autonomous System)? If I want to use an Anycast IP on my internal network, is it possible? Do I need anything special with a registrar/operator(s) to use it? Basically, if I want to use an Anycast IP address, what exactly I need, from the equipment to configuration part.

  Read the article

• Lots of 408 Request Timed Out from same IPs

  - by GreatFire

  Web server: Nginx. Checking our log files, there are many log entries of connections that: take 59-61 seconds send an empty request (or at least none is logged) result in a 408 response (request timed out) do not contain any http_user_agent originate from a limited number of IPs We are monitoring average times to serve responses and this obviously inflates our statistics. Apart from that though, is this a problem? Any idea why it is occurring? Does it suggest that somebody is intentionally messing with us? What should we do?

  Read the article

• nginx + varnish + apache differente IPs in VirtualHost Apache

  - by zeusgod

  Hi, My idea is put NGINX as proxy to redirect to Varnish (cache static content) and then proxy to apache with a lot of VirtualHost in different IPs. My problems is that I would know how can configure Varnish to send access to correct IP, I am going explain: NGINX: Listen in: 10.10.10.10, 20.20.20.20 and 30.30.30.30 on ports: 80 and 443 Proxy redirect to Varnish 10.10.10.10:8080, 20.20.20.20:8080 and 30.30.30.30:8080 Varnish: Port: 8080 - THIS IS THE PROBLEM Proxy content not static to Apache on port 8000 - THIS IS THE OTHER PROBLEM Apache2: Listen in: 10.10.10.10:8000, 20.20.20.20:8000 and 30.30.30.30:8000 Response correct VirtualHost This is the idea. When I try with one IP only, all work correctly, because Varnish is only listen in one IP and port and send to backend in one IP and port too. Could you help me to configure Varnish or there is a best way to configure similar scenario please?

  Read the article

• how do web hosting companies host end users domain and give so many public IPs

  - by Registered User

  Hi, I am a Computer Science guy who understands networking very well. But when it comes to Web hosting companies I am clue less. I want to know how do web hosting companies give so many public IPs to so many users and each of them has root login also. How this is technically done that is what I am interested to know. I do not know how you people configure it. In my case if I have to do I will buy a public IP from some one and connect my server to it and at max give some people SSH access to it.In case of Web hosting companies how is it done.

  Read the article

• Azure VM with many IPs or SSL certificates

  - by timmah.faase

  I am looking to move our hosting environment to Azure and by doing so have created a sandpit VM to figure things out. We host around 300-400 websites in IIS and about 2% of these sites have unique, non wildcard certificates all requiring a unique public IP in our current setup. Can you get a range of IPs pointing to 1 VM/Endpoint? Or is it possible to create an SSL proxy? I've never created an SSL proxy but like the idea of it. I'd need advise here on how to proceed if this is the best option. Sorry if this has been answered! Sorry also if my question isn't worded eloquently.

  Read the article

• Bridging Network Devices with Multiple IPs

  - by Andy

  I have a small server with a single NIC that I am trying to get a bridge functioning on so that I can run KVM. On this NIC I have a couple IPs statically assigned to it: eth0 = 192.168.1.1 eth0:1 = 192.168.1.2 eth0:2 = 192.168.1.3 eth0:3 -> Assign the bridge to this I am attempting to set up a bridge using the following instructions: sudo brctl addbr br0 sudo brctl addif br0 eth0:3 sudo ifconfig br0 192.168.1.120 netmask 255.255.255.0 up sudo route add -net 192.168.1.0 netmask 255.255.255.0 br0 sudo route add default gw 192.168.1.1 br0 sudo tunctl -b -u root -t tap0 > /dev/null sudo ifconfig tap0 up sudo brctl addif br0 tap0 However, when I do the second command: sudo brctl addif br0 eth0:3 It puts the ENTIRE eth0 device into promiscuous mode. This knocks the server offline and inaccessible by anything other than locally. Is there a way to bridge JUST eth0:3 to br0 and not put the entire device into promiscuous mode?

  Read the article

• Easy shorewall question : allow ips to DNAT

  - by llazzaro

  Hello, At my home network I had a transparent proxy. This is the rule that forward all 80 traffic to my squid3.1 server at DMZ DNAT loc:!10.0.0.126 dmz:172.16.0.198:3128 tcp 80 - !172.16.0.198 Ok, I need to add more ips to avoid transparent proxy. I tried loc:!10.0.0.134,!10.0.0.126...but didnt work (also similars like [ip0,ip1]. I tried to google the answer cant find it (sorry no matches, not searching the right keywords) also I tried to read the docs, but they are really long (and indexes dont help me). Thanks!

  Read the article

• Cloud services, Public IPs and SIP

  - by Guido N

  I'm trying to run a custom SIP software (which uses JAIN SIP 1.2) on a cloud box. What I'd really like is to have a real public IP aka which is listed by "ifconfig -a" command. This is because atm I don't want to write additional SIP code / add a SIP proxy in order to manage private IP addresses / address translation. I gave Amazon EC2 a go, but as reported here http://stackoverflow.com/questions/10013549/sip-and-ec2-elastic-ips it's not fit for purpose (they do a 1:1 NAT translation between the private IP of the box and its Elastic IP). Does anyone know of a cloud service that provides real static public IP addresses?

  Read the article

• Distribute outgoing connections among multiple IPs configured on the same NIC

  - by cedivad

  I have a NIC with 2 aliases on it. The network interface has 3 IPs configured on it. Think about it like this: i can ping the same server by hitting .100 .101 and .102. I want the source address of the outgoing connections to be distributed among these ip. So if i have 3 opened connections, one connection will have result as having an IP address ending with .100, the other two should result as having as ip addresses .101 and .102. I'm using FreeBSD but I think this question to be Linux-Like wide.

  Read the article

• Route multiple subdomains on one external ip to multiple internal ips

  - by Abenil

  i have several subdomains(git.example.org, build.example.org, etc.), i have a router with an external ip and i have several virtual machines on a host computer with internal ips. Now i want to route git.example.org to internal ip 10.0.2.1 and build.example.org to internal ip 10.0.2.2. How can I do this? I setup in the Router that all traffic on port 80 is comming to my host computer with internal ip 10.0.2.3 and installed Squid on that computer. I added the following lines to the squid.conf file: cache_peer 10.0.2.1 parent 80 0 no-query originserver name=server_1 cache_peer_domain server_1 git.example.org cache_peer 10.0.2.2 parent 80 0 no-query originserver name=server_2 cache_peer_domain server_2 build.example.org But this is not working for me. :( Any help appreciated. Regards Nils Update: Here is the solution for Apache http://serverfault.com/a/273693

  Read the article

• Block IPs if they access a resource

  - by Victor Oliva

  I own a server that it's costantly being attacked by scripts (that try to access to phpMyAdmin's setup file's and stuff like this). I've heard that many people get this kinds of attacks, but I'm starting to worry since they are getting more common (last month I got 2 attacks, and on november 7th there are 3 attempts already (1st, 4th and 6th of nov). I'm not really concerned about it, since I don't have any database. All the info i have on that server is absolutely public, but I'm worried about that attacking-rate increase. So I thought I could -temporarily- block the IPs that come from those attackers, or something that could make my server ignore requests that ask for phpMyAdmin, pma, xamp, etc. Is there something like that? my server is Linux+Apache+Php

  Read the article

• Configure iptables with a bridge and static IPs

  - by Andrew Koester

  I have my server set up with several public IP addresses, with a network configuration as follows (with example IPs): eth0 \- br0 - 1.1.1.2 |- [VM 1's eth0] | |- 1.1.1.3 | \- 1.1.1.4 \- [VM 2's eth0] \- 1.1.1.5 My question is, how do I set up iptables with different rules for the actual physical server as well as the VMs? I don't mind having the VMs doing their own iptables, but I'd like br0 to have a different set of rules. Right now I can only let everything through, which is not the desired behavior (as br0 is exposed). Thanks!

  Read the article

• exim4: multiple domains/IPs

  - by ButterdBread

  On my VPS I have 3 IPs which all have their own domain and their own reverse-DNS records. I have a website on each domain, sending emails. The problem is: the emails are rejected by many hosts because the reverse dns doesn't fit the host in the helo. All the emails are sent from the primary IP and therefore only one of the three domains work. I am looking for a way for exim to check which email adress i'm using to send the email and adapt the domain/IP transmitted in the helo. I have already tried many configurations but nothing has worked up to now. Simply changing MX-Records is impossible too, as I recieve (and also send) email via gmail and I don't want to set up my own webmail. Does anyone know a solution?

  Read the article

• IIS v6.0 IP Restriction using a range of IPs

  - by E.Shafii

  Hello all, I need to apply IP restrictions to a site in IIS v6.0 using a range of IPs. So for example i only want the below RANGE of IPs to be able to access the site: From 123.111.22.3 -- 123.111.66.234 Has anyone got any idea on how this can best be achieved? Hope this all make sense and all help is massively appreciated. Thanks, Elliott

  Read the article

• Stop sending packets to private IPs

  - by SlasherZ

  I have a problem that my server got locked down because it was sending packets to private IPs. My question is, what is the best solution to stop that? Here is the log that I got from my hosting provider: [Mon Jun 2 00:04:36 2014] forward-to-private:IN=br0 OUT=br0 PHYSIN=vm-44487.0 PHYSOUT=eth0 MAC=78:fe:3d:47:3d:20:00:1c:14:01:4e:cd:08:00 SRC=78.46.198.21 DST=192.168.249.128 LEN=1454 TOS=0x00 PREC=0x00 TTL=64 ID=58859 DF PROTO=UDP SPT=41366 DPT=41234 LEN=1434 [Mon Jun 2 00:17:15 2014] forward-to-private:IN=br0 OUT=br0 PHYSIN=vm-44487.0 PHYSOUT=eth0 MAC=78:fe:3d:47:3d:20:00:1c:14:01:4e:cd:08:00 SRC=78.46.198.21 DST=192.168.249.128 LEN=1456 TOS=0x00 PREC=0x00 TTL=64 ID=52234 DF PROTO=UDP SPT=55430 DPT=41234 LEN=1436

  Read the article

• forward same port but for two different IPs (cisco)

  - by Colin

  Hi! I have a cisco running IOS 12.0(25) responding to two different IPs addresses: IP_A and IP_B. Behind this router I also have two different servers: server_A and server_B. What I want is to forward port 22 to both servers, so: IP_A, port22 -> server_A, port22 IP_B, port22 -> server_B, port22 ATM this only works for one of them (server_A), this is my config: interface Ethernet0/0 description Internet ip address IP_A 255.255.255.0 ip address IP_B 255.255.255.0 secondary no ip directed-broadcast ip nat outside no ip mroute-cache no cdp enable ip nat pool pool_A IP_A IP_A netmask 255.255.255.0 ip nat pool pool_B IP_B IP_B netmask 255.255.255.0 ip nat inside source list A pool pool_A overload ip nat inside source list B pool pool_B overload ip nat inside source static tcp server_B 22 IP_B 22 extendable ip nat inside source static tcp server_A 22 IP_A 22 extendable access-list A permit server_A access-list B permit server_B

  Read the article

• How to attach multiple ipv6 ips to eth1 on debian

  - by Noodles

  I've just got a new server with native ipv6. I want to attach multiple ipv6 ips to eth1, but the only way I can see to do so is to attach them individually: i.e. address 2607:f0d0:xxxx:xxxx::2 address 2607:f0d0:xxxx:xxxx::3 address 2607:f0d0:xxxx:xxxx::4 Is it possible to bind whole subnets of ipv6 to a single network interface on debian? My server host tells me I have 18,446,744,073,709,551,616 ipv6 addresses for that server, surely it gets to be a nightmare to manage if they all have to bound individually (plus ifconfig would look messy). Does anyone have a solution?

  Read the article

• Several IPs for my VPS

  - by Serafim

  I bought vps on santrex.net but can't receive any reply from support. My Problem: I have 5 ip but it pings only 1!!! I can't setup DNS because I need 2 ip minimum . Could you help me to activate other my IPs? root@spnova:~# ifconfig eth0 Link encap:Ethernet HWaddr aa:00:b9:4f:19:01 inet addr:188.72.240.100 Bcast:188.72.240.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:163342 errors:0 dropped:0 overruns:0 frame:0 TX packets:13585 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:32862185 (32.8 MB) TX bytes:15189036 (15.1 MB) eth0:0 Link encap:Ethernet HWaddr aa:00:b9:4f:19:01 inet addr:188.72.240.101 Bcast:188.72.240.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 eth0:1 Link encap:Ethernet HWaddr aa:00:b9:4f:19:01 inet addr:188.72.240.102 Bcast:188.72.240.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 eth0:2 Link encap:Ethernet HWaddr aa:00:b9:4f:19:01 inet addr:188.72.240.103 Bcast:188.72.240.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 eth0:3 Link encap:Ethernet HWaddr aa:00:b9:4f:19:01 inet addr:188.72.240.104 Bcast:188.72.240.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:11885 errors:0 dropped:0 overruns:0 frame:0 TX packets:11885 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:8124693 (8.1 MB) TX bytes:8124693 (8.1 MB) root@spnova:~# nano /etc/network/interfaces # Auto generated eth0 interfaces auto eth0 lo iface eth0 inet static address 188.72.240.100 netmask 255.255.255.0 up route add -net 188.72.225.0 netmask 255.255.255.0 dev eth0 up route add default gw 188.72.225.1 iface lo inet loopback auto eth0:0 iface eth0:0 inet static address 188.72.240.101 netmask 255.255.255.0 auto eth0:1 iface eth0:1 inet static address 188.72.240.102 netmask 255.255.255.0 auto eth0:2 iface eth0:2 inet static address 188.72.240.103 netmask 255.255.255.0 auto eth0:3 iface eth0:3 inet static address 188.72.240.104 netmask 255.255.255.0

  Read the article

• IPTables: NAT multiple IPs to one public IP

  - by Kaemmelot

  I'm looking for a way how to nat 2 or more inner IPs (in my case xen doms) to one outer IP. I tried to use iptables -t nat -A PREROUTING -d 123.123.123.123 -j DNAT --to 1.2.3.4 --to 1.2.3.7 iptables -t nat -A POSTROUTING -s 1.2.3.4 -j SNAT --to 123.123.123.123 iptables -t nat -A POSTROUTING -s 1.2.3.7 -j SNAT --to 123.123.123.123 And got an error: iptables v1.4.14: DNAT: Multiple --to-destination not supported Try `iptables -h' or 'iptables --help' for more information. I found this in the manpage: Later Kernels (= 2.6.11-rc1) don't have the ability to NAT to multiple ranges anymore. So my question is: Why is it not possible anymore and is there a workaround? Maybe I should use an other method I don't know yet? EDIT: The idea is to use the system like a router, so I have one address but multiple users behind. The problem is I don't know which connection reffers to a user (for example 1.2.3.4). But I know, they all have different ports open for incomming traffic. So my solution (for DNAT) would be to nat all incoming connections to all users and filter all unused ports, so the connection goes to one single user. For outgoing traffic I would use iptables -A FORWARD -i eth0 -d 1.2.3.4 -m state --state ESTABLISHED,RELATED -j ACCEPT

  Read the article

• lighttpd with multiple IPs, each with a UCC certificate and many hostnames

  - by Dave

  I'd like to get lighttpd working with UCC certificates, but I can't seem to figure out the correct syntax. Essentially, for each IP address, I have one UCC certificate and a bunch of hostnames. $SERVER["socket"] == "10.0.0.1:443" { ssl.engine = "enable" ssl.ca-file = "/etc/ssl/certs/the.ca.cert.pem" ssl.pemfile = "/etc/ssl/private/websitegroup1.com.pem" $HTTP["host"] =~ "mywebsite.com" { server.document-root = /var/www/mywebsite.com/htdocs" } The above code works fine for one hostname, but as soon as I try to set up another hostname (note the same SSL cert): $SERVER["socket"] == "10.0.0.1:443" { ssl.engine = "enable" ssl.ca-file = "/etc/ssl/certs/the.ca.cert.pem" ssl.pemfile = "/etc/ssl/private/websitegroup1.com.pem" $HTTP["host"] =~ "anotherwebsite.com" { server.document-root = /var/www/anotherwebsite.com/htdocs" } ...I get this error: Duplicate config variable in conditional 6 global/SERVERsocket==10.0.0.1:443: ssl.engine Is there any way I can put a conditional so that only if ssl.engine is not already enabled, enable it? Or do I have to put all my $HTTP["host"]s inside the same $SERVER["socket"] (which will make config file management more difficult for me) or is there some entirely different way to do it? This has to be repeated for multiple IPs too (so I'll have a bunch of SERVER["socket"] == 10.0.0.2:443" etc), each with one UCC cert and many hostnames. Am I going about this the wrong way entirely? My goal is to conserve IP addresses when I have many websites that are related and can share an SSL certificate, but still need their own SSL-accessible version from the appropriate hostname (instead of a single secure.mywebsite.com).

  Read the article

• Routing / binding 128 IPs to one server

  - by Andrew

  I have a Ubuntu server with 128 ip's (static external ips 86.xx.xx.16), and I want to crawl pages thru different ip's. The gateway is xx.xxx.xxx.1, the main ip is xx.xxx.xxx.16, and the other 128 ip's are xx.xxx.xxx.129/255. I tried this configuration in /etc/network/interfaces but I doesn't work. It work if I remove the gateway for the aliases eth0:0 and eth0:1. I think this is routing problem. auto lo iface lo inet loopback auto eth0 auto eth0:0 auto eth0:1 iface eth0 inet static address xx.xxx.xxx.16 netmask 255.255.255.128 gateway xx.xxx.xxx.1 iface eth0:0 inet static address xx.xxx.xxx.129 netmask 255.255.255.128 gateway xx.xxx.xxx.1 iface eth0:1 inet static address xx.xxx.xxx.130 netmask 255.255.255.128 gateway xx.xxx.xxx.1 Also, please tell me how to "reset" every changes that I made in networking and routing. Update: I removed the gateway and now it works. I can reach the website thru all 128 ip's. But when I try to bind a socket connection in php to a specific ip I get no answer. socket_bind($sock, "xx.xxx.xx.xxx"); socket_connect($sock, 'google.com', 80); I tryed to use a sniffer to see the packets, and I see the packet sent from binded ip to google.com but the "connection" can't be established. I don't know anything about "route" command, but I have a feeling that this is the solution.

  Read the article

• How can the route between two private IPs go via public IPs?

  - by Gilles

  I'm trying to understand what this output from traceroute means. I changed the IP addresses for privacy but retained the public/private IP range distinction. traceroute.db -e -n 10.1.1.9 traceroute to (10.1.1.9), 30 hops max, 60 byte packets 1 10.0.0.1 0.596 ms 0.588 ms 0.577 ms 2 10.0.0.2 1.032 ms 1.029 ms 1.084 ms 3 10.0.0.3 3.360 ms 3.355 ms 3.338 ms 4 23.0.0.4 3.974 ms 4.592 ms 4.584 ms 5 23.0.0.5 13.442 ms 13.445 ms 13.434 ms 6 45.0.0.6 13.195 ms 12.924 ms 12.913 ms 7 67.0.0.7 52.088 ms 51.683 ms 52.040 ms 8 10.1.1.8 46.878 ms 44.575 ms 44.815 ms 9 10.1.1.9 45.932 ms 45.603 ms 45.593 ms The first 10.0.* range is inside my organisation. The last 10.1.* range is another site of my organisation. The intermediate addresses belong to various ISPs. I expect that there is some kind of VPN between the two sites, but I don't know much about our network topology. What I don't understand is how the route can go from a private address through public addresses back into private addresses. Searching led me to Public IPs on MPLS Traceroute, which gives a possible explanation: MPLS. Is MPLS the only possible or most likely explanation? Otherwise what does this tell me about our network infrastructure? Bonus question for my edification: in this scenario, who is generating the ICMP TTL exceeded packets and if relevant mangling their source and destination addresses?

  Read the article

< Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >