Search Results

Search found 12281 results on 492 pages for 'ip blocking'.

Page 32/492 | < Previous Page | 28 29 30 31 32 33 34 35 36 37 38 39 | Next Page >

Change OpenVZ route to pass through ip failover

- by Kevin Campion

I have one dedicaced server with its own IP and another IP (failover) who refer to the first. I will wish to change the gateway of a Proxmox virtual machine (openvz) who runs on this dedicaced server to go through the failover IP rather than the ip of host main server. Once connected to a virtual machine, when I do a traceroute VE# traceroute www.google.fr traceroute to www.google.fr (209.85.229.104), 30 hops max, 60 byte packets 1 MY_SERVER_NAME.ovh.net (xxx.xxx.xxx.xxx FIRST_IP_MAIN_SERVER) 0.021 ms 0.010 ms 0.009 ms The first line tells me the ip of host main server. I would like that the traceroute display the second IP failover. VE# route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.0.2.1 * 255.255.255.255 UH 0 0 0 venet0 default 192.0.2.1 0.0.0.0 UG 0 0 0 venet0 With iptables HOST# iptables -t nat -L Chain POSTROUTING (policy ACCEPT) target prot opt source destination MASQUERADE all -- anywhere anywhere MASQUERADE all -- anywhere anywhere SNAT tcp -- anywhere 10.10.101.2 tcp dpt:www state NEW,RELATED,ESTABLISHED,UNTRACKED to:SECOND_IP_FAILOVER SNAT all -- 10.10.101.2 anywhere to:SECOND_IP_FAILOVER 10.10.101.2 is the virtual machine IP (interface venet0) Any ideas ?

Read the article
iptables, blocking large numbers of IP Addresses

- by Twirrim

I'm looking to block IP addresses in a relatively automated fashion if they look to be 'screen scraping' content from websites that we host. In the past this was achieved by some ingenious perl scripts and OpenBSD's pf. pf is great in that you can provide it nice tables of IP addresses and it will efficiently handle blocking based on them. However for various reasons (before my time) they made the decision to switch to CentOS. iptables doesn't natively provide the ability to block large numbers of addresses (I'm told it wasn't unusual to be blocking 5000+), and I'm a bit cautious over adding that many rules into an iptable. ipt_recent would be awesome for doing this, plus it provides a lot of flexibility for just severely slowing down access, but there is a bug in the CentOS kernel that is stopping me from using it (reported, but awaiting fix). Using ipset would entail compiling a more up-to-date version of iptables than comes with CentOS which whilst I'm perfectly capable of doing it, I'd rather not do from a patching, security and consistency perspective. Other than those two it looks like nfblock is a reasonable alternative. Is anyone aware of other ways of achieving this? Are my concerns about several thousand IP addresses in iptables as individual rules unfounded?

Read the article
Blocking HTTPS and P2P Traffic

- by Genboy

I have a Debian server running at the gateway level on a LAN. This runs squid for creating block lists of websites - for eg. blocking social networking on the LAN. Also uses iptables. I am able to do a lot of things with squid & iptables, but a few things seem difficult to achieve. 1) If I block facebook through their http url, people can still access https://www.facebook.com because squid doesn't go through https traffic by default. However, if the users set the gateway IP address as proxy on their web browser, then https is also blocked. So I can do one thing - using iptables drop all outgoing 443 traffic, so that people are forced to set proxy on their browser in order to browse any HTTPS traffic. However, is there a better solution for this. 2) As the number of blocked urls increase in squid, I am planning to integrate squidguard. However, the good squidguard lists are not free for commercial use. Anyone knows of a good squidguard list which is free. 3) Block yahoo messenger, gtalk etc. There are so many ports on which these Instant Messenger softwares work. You need to drop lots of outgoing ports in iptables. However, new ports get added, so you have to keep adding them. And even if your list of ports is current, people can still use the web version of gtalk etc. 4) Blocking P2P. Haven't been able to figure out how to do this till now.

Read the article
Having two IP Routes/Gateways of last Resort on an HP Switch

- by SteadH

We have an HP Layer 3 Switch that is doing IP routing between vlans. The general set up is that the switch has an IP address on each VLAN and IP routing is enabled. On our servers VLAN, we have a firewall that has a connection to the outside world. To set a IP route on the HP router, we use IOS command ip route 0.0.0.0 0.0.0.0 192.168.2.1 where 192.168.2.1 is the address of our firewall, and the zeros essentially mean to route all traffic that the switch doesn't know what to do with out the firewall as a gateway. We're in the middle of an ISP and firewall change. I set up the new firewall and ran the IOS command ip route 0.0.0.0 0.0.0.0 192.168.2.254 (the address of the new firewall). Things started working nicely. When I reviewed the configuration of the switch though, I noticed that it did not replace the previous ip route command, but just added another route. Now, I know how to remove the old firewall route (no ip route 0.0.0.0 0.0.0.0 192.168.2.1), but what is the effect of having these two 0.0.0.0 routes? Is it switch implosion? Will a server just respond back over the route it receives the request from? I've read elsewhere that having two default gateways is an impossibility by definition, but I'm curious about this situation that our switch allowed. Thanks!

Read the article
iptables, blocking large numbers of IP Addresses

- by Twirrim

I'm looking to block IP addresses in a relatively automated fashion if they look to be 'screen scraping' content from websites that we host. In the past this was achieved by some ingenious perl scripts and OpenBSD's pf. pf is great in that you can provide it nice tables of IP addresses and it will efficiently handle blocking based on them. However for various reasons (before my time) they made the decision to switch to CentOS. iptables doesn't natively provide the ability to block large numbers of addresses (I'm told it wasn't unusual to be blocking 5000+), and I'm a bit cautious over adding that many rules into an iptable. ipt_recent would be awesome for doing this, plus it provides a lot of flexibility for just severely slowing down access, but there is a bug in the CentOS kernel that is stopping me from using it (reported, but awaiting fix). Using ipset would entail compiling a more up-to-date version of iptables than comes with CentOS which whilst I'm perfectly capable of doing it, I'd rather not do from a patching, security and consistency perspective. Other than those two it looks like nfblock is a reasonable alternative. Is anyone aware of other ways of achieving this? Are my concerns about several thousand IP addresses in iptables as individual rules unfounded?

Read the article
Bizarre client IP switch-up on VPN

- by B. VB.

Let A.B.C.D be the public IP of my VPN server. Let W.X.Y.Z be the IP of the client before it connects to the VPN. My VPN server's IP address on the LAN in 10.8.0.1, and the client is 10.8.0.6. I also run a webserver on the same machine hosting the VPN. On it is a simple webpage that performs the exact same thing as whatismyip.org (i.e., simply prints the IP of the requester) Let me illustrate the scenario for you. In a Chrome window I have three tabs, what I have in parenthesis is the URL: Tab 1 (http://whatismyip.org): A.B.C.D This is what I expect to see. It's the public IP of the VPN server. Tab 2 (http://10.8.0.1): 10.8.0.6 ok, looks expected. They are behind the same LAN now. Tab 3 (http://A.B.C.D) W.X.Y.Z WTF?? Basically, if I access the webserver while tunneled, in shows the IP address of my machine PRIOR to tunelling! Remember, tab2 and tab3 are the same webpage. Why does Tab3 not show the client IP as it's own IP (i.e., show A.B.C.D)??? I hope this question is clear, thanks in advance!

Read the article
IP address spoofing using Source Routing

- by iamrohitbanga

With IP options we can specify the route we want an IP packet to take while connecting to a server. If we know that a particular server provides some extra functionality based on the IP address can we not utilize this by spoofing an IP packet so that the source IP address is the privileged IP address and one of the hosts on the Source Routing is our own. So if the privileged IP address is x1 and server IP address is x2 and my own IP address is x3. I send a packet from x1 to x2 which is supposed to pass through x3. x1 does not actually send the packet. It is just that x2 thinks the packet came from x1 via x3. Now in response if x2 uses the same routing policy (as a matter of courtesy to x1) then all packets would be received by x3. Will the destination typically use the same IP address sequences as specified in the routing header so that packets coming from the server pass through my IP where I can get the required information? Can we not spoof a TCP connection in the above case? Is this attack used in practice?

Read the article
NAT and ISP Subnet when load balancing on pfsense?

- by dannymcc

I have a pfsense box that I'm trying to plan the configuration for. I am going to be load balancing two ISP's, each with their own /29 static IP subnet. The question I have is in relation to the way those IP's are associated with workstations on the local network. Currently I have some workstations with local (192.168.1.0/29) IP addresses, and other more complicated workstation setups have their own public IP address. Some of the more complicated systems have a NAT 1:1 configuration where I forward a public IP address to a local IP address. Others however are directly on the ISP subnet and cannot be seen on our local network. Is this configuration possible with pfsense? If so, what terms should I be looking through the documentation for? Here is a simple/brief diagram of what I am trying to achieve.

Read the article
Cisco ASA - Unable to create "range" type of network object on 8.2

- by j2k4j

I'm wanting to block a range of ip addresses on my Cisco ASA 5520 (8.2) using ASDM 6.4. In the help files/cisco documentation, it says, just create a network object with a "range" type, and use that in a blocking access rule... When I'm accessing the ASA (8.2) with ASDM 6.4, I go to configfirewallobjectnetwork objects & groups, then click "add" to add the IP range as a "network object", I get the following 4 fields to fill out: Name: IP address: Netmask: Description: That's all... In the context-sensitive help files, it says that there should be a Type drop-down to select, with "range" being one of the options, but there is no "Type" drop-down list... If I try to create a "network object group" instead of just "network object", then I get a "Type" drop down list, but it only contains two options: network & host (No "Range" option here either) Can someone help me figure out how to block a range of IP's, using the current 8.2 version on the ASA? Thanks for any pointers or tips!

Read the article
Windows Server 2008 - Setting Up DNS and Web Server (IIS) to host personal website?

- by Car Trader

Okay, I have a server, (Windows Server 2008 R2 to be more precise) and I have installed PHP, MySQL, phpMyAdmin, for web hosting purposes. I have set up a static ip address internally. I have installed the role DNS and Web Server (IIS) role. I now set up my forward looking zone as my chosen domain. I set up the nameservers as ns1.domain.co.uk with my IP address which I found from whatismyip.org. However, when I type my IP address, it times out with an error (Timeout Error). Am I doing something wrong? Am I missing something? Also I have seen that most websites have multiple nameservers, which are apparently mirror IP addresses which all redirect to one IP address. Also, I can locally connect using the IP address 192.168.0.8, however, I want to put my website online/live on the internet. Can anyone help me with this? -- Regards

Read the article
How to get City, Country, and Country Code for a particular IP Address in ASP.NET?

- by Prashant

Hi, I am having an application in which i am storing user ip address. But now i want to store the City, Country and Country Code of the user on the basis of their ip addresses. So I am able to get the user's IP Address in ASP.NET but how to get other details. If its possible (which i don't thin it is) then tell me else tell me some alternate way to do this, is there any online FREE service using which ican get these details. How to do this in ASP.NET using C# Thanks.

Read the article
How to get the LAN IP of a client using Java?

- by Henrik

How can i get the LAN IP-address of a computer using Java? I want the IP-address which is connected to the router and the rest of the network. I've tried something like this: Socket s = new Socket("www.google.com", 80); String ip = s.getLocalAddress().getHostAddress(); s.close(); This seem to work on some cases, but sometimes it returns the loopback-address or something completely different. Also, it requires internet connection. Does anyone got a more accurate method of doing this?

Read the article
How do I find the IP address of a GPRS modem?

- by Hanno Fietz

I want to pull data from a device that is accessed via a serial protocol and has a GPRS modem attached which should allow transparent access over an IP connection. It seems to me that this approach is upside down, because how should I know at which IP address the device currently is? Unfortunately, the device itself is rather dumb, so I can't make it send something to my server, which would reveal the current IP. For home routers on dialup lines, there's dynamic DNS services. Is there something equivalent in the mobile world? Each modem would, of course, have its phone number as a reliable address, but how does that help me? Practically all material on GPRS etc. that I can find online seems to be concerned with initiating the connection from the modem side, since that's what the system is designed for.

Read the article
How to understand the functional programming code for converting IP string to a number?

- by zfz

In a python discusion, I saw a way to convert IP string to a integer in functional progamming way. Here is the Link . The function is implemented in a single line. def ipnumber(ip): return reduce(lambda sum, chunk: sum <<8 | chunk, map(int, ip.split("."))) However, I have few ideas of funcional programming. Could anybody explain the function in detail? I've some knowledg of "map" and "reduce". But I don't konw what "|" and "chunk" mean here? Thanks.

Read the article
10035 error on a blocking socket

- by Andrew

Does anyone have any idea what could cause a 10035 error (EWOULDBLOCK) when reading on a blocking socket with a timeout? This is under Windows XP using the .NET framework version 3.5 socket library. I've never managed to get this myself, but one of my colleagues is getting it all the time. He's sending reasonably large amounts of data to a much slower device and then waiting for a response, which often gives a 10035 error. I'm wondering if there could be issues with TCP buffers filling up, but in that case I would expect the read to wait or timeount. The socket is definitely blocking, not non-blocking.

Read the article
A non-blocking server with java.io

- by Jon

Everybody knows that java IO is blocking, and java NIO is non-blocking. In IO you will have to use the thread per client pattern, in NIO you can use one thread for all clients. Now my question follows: is it possible to make a non-blocking design using only the Java IO api. (not NIO) I was thinking about a pattern like this (obviously very simplified); List<Socket> li; for (Socket s : li) { InputStream in = s.getInputStream(); byte[] data = in.available(); in.read(data); // processData(data); (decoding packets, encoding outgoing packets } Also note that the client will always be ready for reading data. What are your opinions on this? Will this be suitable for a server that should at least hold a few hundred of clients without major performance issues?

Read the article
Microsoft , Hotmail , Live , MSN, Outlook , unable to send emails and no support received from microsoft in 3 months we are trying asking for that

- by HugeNut

Ok this is somenthing unbelievable, we have a website, users sign up and receives links to confirm they signed up BUT: 1 - microsoft blocked our IP (no one with microsoft email account can receive our emails) 2 - we tryed contacting microsoft submitting the detailed form about our problem 3 - we posted 3 times in their community about our problem 4 - we tweeted they about our problem 5 - we tryed finding out some telephone support number (the few there are arent' helping at all) Do you think we solved? the answer is NO :/ We still unable to send emails from our IP to microsoft email accounts, since 3 months back. Our emails are perfect we checked all the email headers following microsoft guidelines but it seems not enought, checking our IP reputation it seems everythings ok, indeed we can send email easly to any other provider , gmail, yahoo, etc Do you know any other way to try to get help ? FULL ERROR RETURNED BY MICROSOFT: host mx1.hotmail.com[65.55.37.120] said: 550 SC-001 (COL0-MC4-F28) Unfortunately, messages from 94.23.***** weren't sent. Please contact your Internet service provider since part of their network is on our block list. You can also refer your provider to http://mail.live.com/mail/troubleshooting.aspx#errors. (in reply to MAIL FROM command) We are running NGIX + php mailer from a Virtual Private Server (No Hosting or shared hosting)

Read the article
AWStats: Visits from IP address vs Crawlers

- by user3651934

I use AWStats in cPanel to see stats of my website. Under Hosts section I see one IP address that has visited 150 pages. I am not sure if one person would have visited 150 pages using a browser. But if these 150 pages have been visited using a software application, then should not it be listed under Robots/Spider section. So how do I determine if I should block a certain IP address that has visited several hundred pages of my website? Thanks

Read the article
Win 7 firewall blocking Filezilla Server from responding to clients

- by Ramkumar

My Windows 7 firewall is blocking Filezilla Server from responding to clients. Adding it to the "Allow Program" list does not solve. It tested fine with Win 7's firewall turned off. Please someone help. Tested ftp server with http://ftptest.net -- the connection times out when firewall is on, succeeds when firewall is off.

Read the article
Question about Remote WAN IP on NetGear FVS336G VPN setup

- by camilian

I wanted to be able to have a VPN connection to my home network so I purchased the FVS336G because the reviews said it was easy set up. I am sure it is for someone that knows what needs to be entered it is easy, but I am a little confused. Using the VPN wizard I choose VPN Client as the tunnel connection, enter key, etc... but then I get to the "What is the remote WAN's IP or Internet Name" and "What is the local WAN's IP address or Internet Name" I am lost. I am probably being really dumb, but I am not sure what I need to put in here. Is the remote WAN ip the ip from the outside world to my cable modem? Is the local ip the ip to my FVS336G? Any help would be appreciated.

Read the article
Forwarding udp ports iptables packets "lost"?

- by Dindihi

I have a Linux router (Debian 6.x) where i forward some ports to internal services. Some tcp ports (like 80, 22...) are OK. I have one Application listening on port 54277udp. No return is coming from this app, i only get Data on this port. Router: cat /proc/sys/net/ipv4/conf/all/rp_filter = 1 cat /proc/sys/net/ipv4/conf/eth0/forwarding = 1 cat /proc/sys/net/ipv4/conf/ppp0/forwarding = 1 $IPTABLES -t nat -I PREROUTING -p udp -i ppp0 --dport 54277 -j DNAT --to-destination $SRV_IP:54277 $IPTABLES -I FORWARD -p udp -d $SRV_IP --dport 54277 -j ACCEPT Also MASQUERADING internal traffic to ppp0(internet) is active & working. Default Policy INPUT&OUTPUT&FORWARD is DROP What is strange, when i do: tcpdump -p -vvvv -i ppp0 port 54277 I get a lot of traffic: 18:35:43.646133 IP (tos 0x0, ttl 57, id 0, offset 0, flags [DF], proto UDP (17), length 57) source.ip > own.external.ip..54277: [udp sum ok] UDP, length 29 18:35:43.652301 IP (tos 0x0, ttl 57, id 0, offset 0, flags [DF], proto UDP (17), length 57) source.ip > own.external.ip..54277: [udp sum ok] UDP, length 29 18:35:43.653324 IP (tos 0x0, ttl 57, id 0, offset 0, flags [DF], proto UDP (17), length 57) source.ip > own.external.ip..54277: [udp sum ok] UDP, length 29 18:35:43.655795 IP (tos 0x0, ttl 57, id 0, offset 0, flags [DF], proto UDP (17), length 57) source.ip > own.external.ip..54277: [udp sum ok] UDP, length 29 18:35:43.656727 IP (tos 0x0, ttl 57, id 0, offset 0, flags [DF], proto UDP (17), length 57) source.ip > own.external.ip..54277: [udp sum ok] UDP, length 29 18:35:43.659719 IP (tos 0x0, ttl 57, id 0, offset 0, flags [DF], proto UDP (17), length 57) source.ip > own.external.ip..54277: [udp sum ok] UDP, length 29 tcpdump -p -i eth0 port 54277 (on the same machine, the router) i get much less traffic. also on the destination $SRV_IP there are only a few packets coming in, but not all. INTERNAL SERVER: 19:15:30.039663 IP source.ip.52394 > 192.168.215.4.54277: UDP, length 16 19:15:30.276112 IP source.ip.52394 > 192.168.215.4.54277: UDP, length 16 19:15:30.726048 IP source.ip.52394 > 192.168.215.4.54277: UDP, length 16 So some udp ports are "ignored/dropped" ? Any idea what could be wrong? Edit: This is strange: The Forward rule has data packets, but the PREROUTING rule has 0 packets... iptables -nvL -t filter |grep 54277 Chain FORWARD (policy DROP 0 packets, 0 bytes) 168 8401 ACCEPT udp -- * * 0.0.0.0/0 192.168.215.4 state NEW,RELATED,ESTABLISHED udp dpt:54277 iptables -nvL -t nat |grep 54277 Chain PREROUTING (policy ACCEPT 405 packets, 24360 bytes) 0 0 DNAT udp -- ppp0 * 0.0.0.0/0 my.external.ip udp dpt:54277 state NEW,RELATED,ESTABLISHED to:192.168.215.4

Read the article
Windows CE: Changing Static IP Address

- by Bruce Eitman

A customer contacted me recently and asked me how to change a static IP address at runtime. Of course this is not something that I know how to do, but with a little bit of research I figure out how to do it. It turns out that the challenge is to request that the adapter update itself with the new IP Address. Otherwise, the change in IP address is a matter of changing the address in the registry for the adapter. The registry entry is something like: [HKEY_LOCAL_MACHINE\Comm\LAN90001\Parms\TcpIp] "EnableDHCP"=dword:0 "IpAddress"="192.168.0.100" "DefaultGateway"="192.168.0.1" "Subnetmask"="255.255.255.0" Where LAN90001 would be replace with your adapter name. I have written quite a few articles about how to modify the registry, including a registry editor that you could use. Requesting that the adapter update itself is a matter of getting a handle to the NDIS driver, and then asking it to refresh the adapter. The code is: #include <windows.h> #include "winioctl.h" #include "ntddndis.h" void RebindAdapter( TCHAR *adaptername ) { HANDLE hNdis; BOOL fResult = FALSE; int count; // Make this function easier to use - hide the need to have two null characters. int length = wcslen(adaptername); int AdapterSize = (length + 2) * sizeof( TCHAR ); TCHAR *Adapter = malloc(AdapterSize); wcscpy( Adapter, adaptername ); Adapter[ length ] = '\0'; Adapter[ length +1 ] = '\0'; hNdis = CreateFile(DD_NDIS_DEVICE_NAME, GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_ALWAYS, 0, NULL); if (INVALID_HANDLE_VALUE != hNdis) { fResult = DeviceIoControl(hNdis, IOCTL_NDIS_REBIND_ADAPTER, Adapter, AdapterSize, NULL, 0, &count, NULL); if( !fResult ) { RETAILMSG( 1, (TEXT("DeviceIoControl failed %d\n"), GetLastError() )); } CloseHandle(hNdis); } else { RETAILMSG( 1, (TEXT("Failed to open NDIS Handle\n"))); } } int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPWSTR lpCmdLine, int nCmdShow) { RebindAdapter( TEXT("LAN90001") ); return 0; } If you don’t want to write any code, but instead plan to use a registry editor to change the IP Address, then there is a command line utility to do the same thing. NDISConfig.exe can be used: Ndisconfig adapter rebind LAN90001 Copyright © 2012 – Bruce Eitman All Rights Reserved

Read the article
make vnc server listen on guest's ip address

- by gucki

My host system has the IP 192.168.0.250. Now I want to create a kvm guest using a tap device (so the network card of the guest just acts like a "real" one). The guest has a static ip 192.168.0.249 which it setups on his own (no dhcp). To connect to the guest using VNC I can to use the host's IP. So far everything works fine. Now I wonder how I can make the VNC server to listen on the guest's IP address, so I can use the guest's IP address to connect using my vnc client. Of course I cannot use -vnc 192.168.0.249:1 as this IP is not active on the host and so fails with Cannot assign requested address. Can this be done with tap networking at all? If not, how to get it working?

Read the article
RabbitMQ and persistence (blocking writes?)

- by daharon

I want to create a RabbitMQ server on a virtual machine (VMware) to be used in production. It will contain persistent queues. I'm wondering if it is a bad idea to store the server on a NAS that's accessed over NFS. Basically my questions are: Will RabbitMQ's writes be blocking? Will the entire queue's operation halt on a write? How much performance degradation should I expect when persisting over NFS?

Read the article
Big mail issue two ip address

- by Luka

I have two ip addresses on my server, First IP is assigned to my clients, second is assigned to me. Issue started today. My clients can not send mail via php from their ip address (shared ip address which are all of them using). Server is refusing it with error ERROR: Password not accepted from server: 535 Incorrect authentication data But via their desktop mail clients it can send mail, when they use my ip address for hostname (second ip of server assigned to me) they can send mail. help.

Read the article

< Previous Page | 28 29 30 31 32 33 34 35 36 37 38 39 | Next Page >