Search Results

Search found 3251 results on 131 pages for 'firewall'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 33/131 | < Previous Page | 29 30 31 32 33 34 35 36 37 38 39 40  | Next Page >

  • Blocking an IP from connecting

    - by Sam W.
    I have a problem with my Apache webserver where there's and IP than connecting to my server, using alot of connection and wont die which eventually making my webserver timeout. The connection will stay as SYN_SENT state if I check using netstat -netapu I even flush my iptables and use the basic rules and it still doesn't work. The IP will get connected when I start my Apache Basic rules that I use: iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT iptables -A INPUT -s 89.149.244.117 -j REJECT iptables -A OUTPUT -s 89.149.244.117 -j REJECT iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A OUTPUT -j ACCEPT iptables -A INPUT -p tcp --dport 80 -j ACCEPT iptables -A INPUT -p tcp --dport 443 -j ACCEPT iptables -A INPUT -p tcp --dport 21 -j ACCEPT iptables -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT iptables -A INPUT -j REJECT iptables -A FORWARD -j REJECT The bold part is rule in question. Not sure this is related but tcp_syncookies value is 1. Can someone point out my mistake? Is there a way to block it for good. Thank you

    Read the article

  • Tunneling HTTP traffic from a particular host/port

    - by knoopx
    Hello, I'm trying to figure out how to access from my development machine (Devel) to a third party web service (www.domain.com) which I am not allowed to directly contact using my office IP address. Here's a basic diagram (i'm not allowed to post images...): http://yuml.me/diagram/scruffy/class/%5BDevel%5D-%5BA%5D,%20%5BA%5D-%5BB%5D,%20%5BB%5D-%5Bwww.domain.com%5D The only machine allowed to access that service is B (production server) but I do neither can directly access it from my development machine (Devel). So in order to access the web service I have to ssh into A, and then from A to B to access www.domain.com Is there any way of tunneling traffic from B to A and then back to my development machine so I can directly access www.domain.com without having to ssh into every box? Devel: My development machine. A, B: Linux servers. I own root access on both. B: Production server www.domain.com: Third party HTTP API production server uses.

    Read the article

  • Vyatta internet connection + hosted site on same IP

    - by boburob
    Having a small issue setting up a vyatta. The company internet and two different websites are both on the same IP. Server 1 - Has websites hosted on ports 1000 and 3000 and also has a proxy server installed to provide internet connection to the domain Server 2 - Has a website hosted on ports 80 and 433 The vyatta is correctly natting the appropriate traffic to each server, and allowing the proxy to get internet traffic, however I have a problem getting to the websites hosted on these two servers inside the domain. I believe the problem is that the HTTP request is being sent with an IP, eg: 12.34.56.78. The request will reach the website and the server will attempt to send the request back to the IP, however this is the IP of the Vyatta, so it has nowhere else to go. I thought the solution would be something like this: rule 50 { destination { address 12.34.56.78 port 1000 } inbound-interface eth1 inside-address { address 10.19.2.3 } protocol tcp type destination } But this doesnt seem to do it! UPDATE I changed the rules to the following: rule 50 { destination { address 12.34.56.78 port 443 } outbound-interface eth1 protocol tcp source { address 10.19.2.3 } type masquerade } rule 51 { destination { address 12.34.56.78 port 443 } inbound-interface eth1 inside-address { address 10.19.2.2 } protocol tcp type destination } I am now seeing traffic going between the two with Wireshark, but the website will still fail to load.

    Read the article

  • IPtables: DNAT not working

    - by GetFree
    In a CentOS server I have, I want to forward port 8080 to a third-party webserver. So I added this rule: iptables -t nat -A PREROUTING -p tcp --dport 8080 -j DNAT --to-destination thirdparty_server_ip:80 But it doesn't seem to work. In an effort to debug the process, I added these two LOG rules: iptables -t mangle -A PREROUTING -p tcp --src my_laptop_ip --dport ! 22 -j LOG --log-level warning --log-prefix "[_REQUEST_COMING_FROM_CLIENT_] " iptables -t nat -A POSTROUTING -p tcp --dst thirdparty_server_ip -j LOG --log-level warning --log-prefix "[_REQUEST_BEING_FORWARDED_] " (the --dport ! 22 part is there just to filter out the SSH traffic so that my log file doesn't get flooded) According to this page the mangle/PREROUTING chain is the first one to process incomming packets and the nat/POSTROUTING chain is the last one to process outgoing packets. And since the nat/PREROUTING chain comes in the middle of the other two, the three rules should do this: the rule in mangle/PREROUTING logs the incomming packets the rule in nat/PREROUTING modifies the packets (it changes the dest IP and port) the rule in nat/POSTROUTING logs the modified packets about to be forwarded Although the first rule does log incomming packets comming from my laptop, the third rule doesn't log the packets which are supposed to be modified by the second rule. It does log, however, packets that are produced in the server, hence I know the two LOG rules are working properly. Why are the packets not being forwarded, or at least why are they not being logged by the third rule? PS: there are no more rules than those three. All other chains in all tables are empty and with policy ACCEPT.

    Read the article

  • What settings need to be changed to allow EC2 instances to use Amazon's Route 53 for DNS?

    - by ks78
    I have a number of Amazon EC2 instances, all running Ubuntu, which I'd like to configure to use Amazon's Route 53. I setup a script, following Shlomo Swidler's article, but ran into script-related issues, which were answered here. Now, I have the script working, but my instances are still not able to access Route 53's DNS. By this I mean, they are not able to resolve hostnames to IP addresses. My instances are currently configured with the DNS server IP address Amazon pushes out to them by default, does that need to be changed when using Route 53? I'm also IP-restricting my instances using the Security Groups. Could that be the problem? Is there a certain IP address or port I should open to allow communication with Route 53? It seems that DNS requests should be originating from my instances so the Security Groups shouldn't be an issue, but I've been wrong before. If anyone has any ideas, I'd really appreciate it.

    Read the article

  • Persistent TCP connection in DMZ

    - by G33kKahuna
    A vendor is requesting to allow persistent tcp (not port 80) connection between a server in the DMZ and the internal network. I don't have much experience with this setting. Can anyone shed some light on disadvantages of allowing persistent connection? Guidance is much apprciated.

    Read the article

  • What port does OpenLink ODBC Driver use?

    - by user36737
    I use Avaya Reporting Services and OpenLink ODBC Drivers for db connection. I know that it uses port 5000 for handshaking but after that I believe it uses an random port for communication. I want to deploy my application and it will communicate with the client's system in their datacenter. They are asking what ports should they open on their firewalls. I can't obviously give them a range above 50,000 that I know OpenLink ODBC Drivers use. Can someone tell me what port should I tell my client to open?

    Read the article

  • Amazon AWS VPN how to open a port?

    - by Victor Piousbox
    I have a VPN with public and private subnets; I am considering only public subnet for now. The node 10.0.0.23, I can ssh into it. Let's say I want to connect to MySQL on the node using its private address: ubuntu@ip-10-0-0-23:/$ mysql -u root -h 10.0.0.23 ERROR 2003 (HY000): Can't connect to MySQL server on '10.0.0.23' (111) ubuntu@ip-10-0-0-23:/$ mysql -u root -h localhost Welcome to the MySQL monitor. Commands end with ; or \g. --- 8< --- snip --- 8< --- mysql> The port 3306 is not reachable if I use the private IP? My security group allows port 3306 inbound from 0.0.0.0/0 AND from 10.0.0.0/24. Outbound, allowed all. The generic setup done by Amazon through their wizard does not work... I add ACL that allows everything for everybody, still does not work. What am I missing?

    Read the article

  • Snort [PFSense] is configured but not blocking or generating alerts!

    - by Chase Florell
    I've got PFSense V 2.0-RC1 (i386) and I've got the latest version of Snort installed I've loaded up a bunch of rules from Oinkmaster, I've enabled all of the preprocessors, and I've ensured the service is started. When I let it sit for a while and then check my Alerts and Block list, there are no entries. Even when I test it by logging into Skype (skype is listed as a Rule from P2P), I don't get any entries in the logs. If you need any further information, please let me know... I simply can't figure this one out.

    Read the article

  • Exclude minify from CSF/LFD

    - by Patrick Lanfranco
    I have currently installed minify on on of my websites however I am currently getting hammered with email from CSF/LFD. Example: Time: Fri Aug 10 13:10:03 2012 +0700 File: /tmp/minify_builder,index.php_f516d1c7cae9c3881406fd9a0ce69c38 Reason: Script, file extension Owner: -:- (504:501) Action: No action taken What is the best way to have these ignored inside CSF? Some advice would be highyl appreciated. Thank you very much.

    Read the article

  • Redirection of outbound UDP port NTP.

    - by pboin
    For my residential service, I changed ISPs to Zoom/Armstrong. Just after that, my NTP daemons stopped working. I dug deep and diagnosed the problem: Unprivileged ports are getting out. When i run 'ntpdate' for example, I go out on a high, unprivleged port, and get a response on UDP 123. That's fine. The 'ntpd' daemon though, expects to go out on 123 and get its reply there as well. This must be a common problem, because it's directly addressed in the NTP troubleshooting guide. Just to see what would happen, I wrote a detailed email to the general support address at Armstrong. They replied almost immediately with a complete technical answer! They have everything <1024 blocked, except for a few ports to support outbound VPN. So, the question: Can I use IPtables to essentially re-write my outbound UDP 123 up to 2123 or something like that? If I do, does there need to be a corresponding 2123-123 rule to translate the reply? This seems like NAT, but with ports, not addresses. True, I could run ntpdate from cron, but that loses all of the adjustment smarts of NTP.

    Read the article

  • iptables and snatting to different networks

    - by codingfreak
    linuxbox (p.q.r.t) | | INTERNAL ------ ABCD ----- INTERNET (p.q.r.s) (m.n.o.k) ABCD has 3 interfaces connected to linuxbox, INTERNAL N/W, INTERNET. Linuxbox has a private address (p.q.r.t). At present I am snatting the packets from linuxbox to INTERNET at ABCD. I have a small doubt regarding the FTP from linuxbox since I have to support ftp from linuxbox to both INTERNAL N/W as well as in INTERNET. How can I right a rule in iptables present in ABCD where it can decide if the destination ip-address of ftp server is within INTERNAL N/W or in INTERNET and do natting accordingly.

    Read the article

  • VLAN ACLs and when to go Layer 3

    - by wuckachucka
    I want to: a) segment several departments into VLANs with the hopes of restricting access between them completely (Sales never needs to talk to Support's workstations or printers and vice-versa) or b) certain IP addresses and TCP/UDP ports across VLANS -- i.e. permitting the Sales VLAN to access the CRM Web Server in the Server VLAN on port 443 only. Port-wise, I'll need a 48-port switch and another 24-port switch to go with the two existing 24-port Layer 2 switches (Linksys); I'm looking at going with D-Links or HP Procurves as Cisco is out of our price range. Question #1: From what I understand (and please correct me if I'm wrong), if the Servers (VLAN10) and Sales (VLAN20) are all on the same 48-port switch (or two stacked 24-port switches), afaik, the switch "knows" what VLANs and ports each device belongs to and will switch packets between them; I can also apply ACLs to restrict access between VLANs at this point. Is this correct? Question #2: Now lets say that Support (VLAN30) is on a different switch (one of the Linksys) switches. I'm assuming I'll need to trunk (tag) switch #2's VLANs across to switch #1, so switch #1 sees switch #2's VLAN30 (and vice-versa). Once Switch #1 can "see" VLAN30, I'm assuming I can then apply ACLs as stated in Question #1. Is this correct? Question #3: Once Switch #1 can see all the VLANs, can I achieve the seemingly "Layer 3" ACL filtering of restricting access to Server VLAN on only certain TCP/UDP ports and IP addresses (say, only permitting 3389 to the Terminal Server, 192.168.10.4/32). I say "seemingly" because some of the Layer 2 switches mention the ability to restrict ports and IP addresses through the ACLs; I (perhaps mistakenly) thought that in order to have Layer 3 ACLs (packet filtering), I'd need to have at least one Layer 3 switch acting as a core router. If my assumptions are incorrect, at which point do you need a Layer 3 switch for inter-VLAN routing vs. inter-VLAN switching? Is it generally only when you need that higher-level packet filtering ability between your departments?

    Read the article

  • Web service not accessible from behind corporates firewalls - how come?

    - by Niro
    We run a Saas serving a widget which is embedded in customer websites. The service include static javascript code hosted on amazon S3 and dynamic part hosted on EC2 with Scalr (using scalr name servers). We received some feedback from users behind corporate firewalls that they cant access our service (while they can access the sites including the widget). This does not make sense to me since the service is using normal http calls on port 80 and our URL is quite new without any reason to be banned by firewalls. My questions are: 1. Why is the service is not accessible and what can I do about it? 2. Is it possible that one of the following is blocked by corporate firewalls: Amazon s3, the dynamic IP address provided by amazon, Scalr name servers. Any other possible reasons, way to check them and remedies for this? Thanks!

    Read the article

  • Recommendation for a non-standard SSL port

    - by onurs
    Hey guys, On our server I have a single IP, and need to host 2 different SSL sites. Sites have different owners so have different SSL certificates, and can't share the same certificate with SAN. So as a last resort I have modified the web application to give the ability to use a specified port for secure pages. For its simple look I used port 200. However I'm worried about some visitors may be unable to see the site because of their firewalls / proxies blocking the port for ssl connections. I heard some people were unable to see the website, a home user and someone from an enterprise company, don't know if this was the reason. So, any recommendations for a non-standard SSL port number (443 is used by the other site) which may work for visitors better than port 200 ? Like 8080 or 8443 perhaps? Thanks!

    Read the article

  • Ubuntu 12.04 open port 80 inside WLAN

    - by Eduard
    I have an nginx server running on ubuntu 12.04 that serves http through port 80 and https through port 443. Everything works fine if I access it from the same computer via localhost, 127.0.0.1 or the local IP 192.168.0.11. If I try to access the server from another computer in the same VLAN it does not work for http; it works for https. I have changed my nginx configuration to also listen to port 8000 for http; I can then access http from the other computer in the same VLAN via "http://192.168.0.11:8000". I also have a web server running on port 80 on a windows machine and can access it from another device in the same VLAN, therefore the router is not blocking incoming http traffic. The nginx process is run by root. I have used tcpdump and I see that packets are arriving to Ubuntu: 192.168.0.16.49735 192.168.0.11.80 and that some response is being given 192.168.0.11.80 192.168.0.16.49735 (I do not know what the response is though). There is no request arriving at the nginx web server (I have checked the access log). I have iptables empty. I have unsuccessfully tried to find a solution for a long time to this, it has now become a matter of happiness or bitterness :).

    Read the article

  • How to configure an isa server to allow a OPENvpn client to connect to an outside server?

    - by rmarimon
    I'm trying to configure an ISA server (not really my area of expertise) to allow an openvpn client (in the lan) access to an outside openvpn server (in the wan). The openvpn configuration I'm using has worked everywhere. In fact if I take the client outside the lan where the isa server is located, it works perfectly. Inside the isa server lan nothing. The question is what configuration do I need to put on the isa server to allow openvpn traffic to go through?

    Read the article

  • error: "net.netfilter.nf_conntrack_acct" is an unknown key

    - by anonymous
    Hello, i have the next error when i run 'sysctl -p' error: "net.netfilter.nf_conntrack_acct" is an unknown key net.netfilter.nf_conntrack_acct = 1 net.ipv4.netfilter.ip_conntrack_max = 9527600 net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 7200 lsmod ipv6 289352 34 loop 19724 0 nf_conntrack_ipv4 19352 0 nf_conntrack 71440 1 nf_conntrack_ipv4 joydev 15232 0 evdev 14592 0 ext3 125456 3 jbd 54696 1 ext3 mbcache 13188 1 ext3 raid1 24832 4 md_mod 81700 5 raid1 thermal_sys 17728 0 Debian 5.0.8 Any idea? Thanks

    Read the article

  • How to configure Amazon Security Groups to achieve multi-tier architecture?

    - by ks78
    What is the preferred way to configure Amazon Security Groups to achieve a multi-tier architecture? Each of my instances has its own Security Group, which I only want to use for rules specific to an instance. I'd like to keep any rules which apply to multiple instances in a separate Security Group, which can then be assigned to instance Security Groups as necessary. As an example, I've setup a group called "admin", which allows administrative access from my IP. I added the "admin" group as the source to each of my instance security groups. However, I still can't access the instances from my IP without adding the rules directly to the instance's group. Am I missing something? Although it seems a multi-tier security architecture should be possible, it doesn't seem to be working.

    Read the article

  • Iptables rule creation error: No chain/target/match by that name

    - by MikO
    I'm trying to create my first VPN on a VPS with CentOS 6, following this tutorial. When I have to create an iptables rule to allow proper routing of VPN subnet, with this command: iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE It throws this error: iptables: No chain/target/match by that name I was searching and I've found that this error is usually thrown when you misspell something, but as far as I understand, the rule is correct...

    Read the article

  • Changing Internet connection on ISA Server 2000

    - by garyb32234234
    Hi We are getting a new internet connection installed and will need to unplug the old one and connect this to our ISA Server 2000. Will this be a simple swap out job? We will be given a new ip, which i know i will have to enter into the external network card TCP/IP page. I will also be given the default gateway to enter. The ISP engineer said we may have to reset the ARP? cache, if we dont know how we will have to reset the ISA server? Has anyone any experience? The current connection is with the same ISP but it was owned by the business park were we are located and they linked up an ethernet port to what i assume is their own router. Hope you can help, i know that ISA 2000 is somewhat less easy to use than the newer versions.

    Read the article

  • Which is prefered internet security + Antivirus solution for Windows, with good detection rate? [clo

    - by metal gear solid
    Possible Duplicate: Free antivirus solutions for Windows Which is the best internet security + Antivirus solution for Windows? free/opensource or commercial it doesn't matter I need best solution. Is Kaspersky best ? or any other? http://www.kaspersky.com/kaspersky_internet_security Award-winning technologies in Kaspersky Internet Security 2010 protect you from cybercrime and a wide range of IT threats: * Viruses, Trojans, worms and other malware, spyware and adware * Rootkits, bootkits and other complex threats * Identity theft by keyloggers, screen capture malware or phishing scams * Botnets and various illegal methods of taking control of your PC or Netbook * Zero-day attacks, new fast emerging and unknown threats * Drive-by download infections, network attacks and intrusions * Unwanted, offensive web content and spam

    Read the article

  • How can I make my livebox route to my external IP address for a computer in the DMZ?

    - by Noli
    I have a sagem livebox 2 (Fiber optic model), and have placed my computer in a DMZ. People from outside of my network can access my comp fine via its external dyndns.org address, yet when I try to call the public dyndns.org address from inside my network, I get redirected to the internal admin site on the router. How can I make it so that I can see my comp from the public address like everyone else? What kinds of questions should I be asking or looking into? Thanks

    Read the article

  • Windows Server 2008: Limit UDP/TCP packets per IP or ban

    - by WBAR
    How I can limit UDP/TCP packets per IP send to my host (or better PORT) per second or minute ? Would be nice to ban that IP for 12/24 hours or even for ever. I got Windows Server 2008 and I'm very poor in Windows administration but quite good in Linux. EDIT: By basic problem is that They sending a lot of rubbish UPD and TCP packets.. TCP packets without SYNCH, fragmented UDP packets so my servers stop responding.. So I need to cut off users (IPs) sending more than X packets per second. I need solution witch provides me, somehow, configurable: X packets of certain type (UDP, TCP or both - lets say parameter named Z ) are allowed to be received by IP on Y port, otherwise this packet should be DROPPED. My virtual hosts are hosted by VirtualBox and I'm able to forward all incoming packets certain type and certain port to the specific Virtual Host, but I need to DROP them before my VirtualBox receive them.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 29 30 31 32 33 34 35 36 37 38 39 40  | Next Page >