Search Results

Search found 10810 results on 433 pages for 'port forwarding'.

Page 33/433 | < Previous Page | 29 30 31 32 33 34 35 36 37 38 39 40  | Next Page >

  • How to specify multiple HostName/Port combinations in .ssh/config

    - by leoluk
    I have multiple notebooks and workstations which pull and push from multiple Mercurial repositories on a central server. I usually use .ssh/config to set an alias: Host repo-server HostName server.somedomain User user143 IdentityOnly yes IdentityFile ~/hgkey Port 156 ... and some more options, you get the idea. I can then simply do a hg push ssh://repo-server//hgroot/someproject on every local repository, and I can change the server address and port in one place. For workstations, this works fine, but the notebooks can access the server either from inside the network or from outside, using a different address and a different port. Is there any way I can specify multiple HostName/Port combinations so that SSH automatically tries them in order? This way, the users could push and pull without having to care about the correct address. (of course, using a VPN would be the most correct solution)

    Read the article

  • Windows VPN client connect on different port

    - by John Gardeniers
    Scenario: Two Windows Server 2003 machines running RRAS VPNs. The firewall port forwards 1723 to one of those machines for normal remote access. I'd like to find a way to connect to the second machine as well. Not because I need to but just because it's the sort of thing I reckon should be possible but can't figure out how to do. Is it possible to have the Windows PPTP VPN client (on XP in this instance) connect on a port other than 1723? If so, I can simply port forward another port to the second server. I've done a fair bit of Googling over the last few days and have only found others asking the same question but no answers. I have of course tried to add a port number in the host name or IP connection box, in various formats, but to no avail. While this might be possible with a third part client I'm really only interested in whether or not it can be done with the Windows built-in client and if so how?. Perhaps there's a registry hack I'm not aware of?

    Read the article

  • Portforwarding Combine Several Ports

    - by kiraitachi
    Hi I got a Raspberry Pi at A.A.A.B in my local network and I have set up a DMZ on my router so that any incoming traffic that comes to my router gets redirected to my raspberry pi wich I can connect via NO-IP adress. The problem is that I want to set up portforwarding since i got several services running on my Pi like SSH, torrent webgui, webalbum, etc. I had this already done before long time ago, but I forgot a bit the syntax and cant get to set it up. Router Help says: The Application allows you to do port forwarding, but only have the ports open when data flowing out of the trigger ports. When a program sends data out on outgoing ports called trigger ports, the device then allows incoming data on the open ports specified in your port triggering configuration. 1.Trigger Port Start Trigger Port Start Specify the start port on the device that would trigger the device to open ports for incoming data. 2.Trigger Port End Specify the end port on the device that would trigger the device to open ports for incoming data. You can enter a port number the same as the trigger port start or enter a larger port number to specify a port range. 3.Trigger Traffic Protocol Type Select the trigger traffic type. Open Port Specify all the ports to be opened. It's content could be: A single port only. A port range only. Start open port number and end port number should be separated by "-" . Combined several single port and several port ranges. Each single port or port range should be separated by "," . Open Traffic Protocol Type Select the open traffic type. This are the fields: http://es.tinypic.com/view.php?pic=n5lv1k&s=8 I think this is the syntax 1-7999,8001-9090,9092-65535. But each time I want to add it gives me an error. Any ideas?

    Read the article

  • Trunking at Router Port

    - by singh
    After reading a bit about interVLAN routing got a doubt regarding how trunking takes place at router and at switch.In case of switch we configure a port interface as trunk port and say all vlan's are allowed here but in case of router we configure sub interface as trunk saying particular vlan belongs to particular subinterface .Can't we configure only a single port interface on router just like Switch and say all vlan's are allowed here on this interface ,why to go for sub interfaces? Hope I'm able to put my question in right way.

    Read the article

  • SMTP redirecting to other port than 25

    - by Roalt
    How can you redirect your smtp traffic to another port than 25? My ISP blocks incoming traffic to port 25. I've been using ZoneEdit.com for this purpose for years (incoming mail traffic goes to another port and I redirect it via my firewall internally to port 25), but with the new system I cannot do it anymore. I'm not sure if I can do this by configuring MX and A records in the right way or if I need a SMTP redirecting service (such as rollernet.us)? I'm not an expert in Zone records but generally I know my way around for website traffic.

    Read the article

  • Iptables - Open Port Only for one Server IP (allow connections from a specific range)

    - by user1015314
    My server has multiple IPs, 1.1.1.1 1.1.1.2 and i have a service which listens to a port e.g. 88 Now i want, when somebody from outside, wants to connect to the port, that he can only connect, to that port, if he connects to the ip 1.1.1.2:88 but if he tries to connect to 1.1.1.1:88 it should not react and it should look like that it dont exists and drops all connections. Ok, than i need for 1.1.1.2:88 that only allows a specific ip range outside connecters. for example only 9.*.*.* can connect to that port and ip. I'm using Centos. Thank you for your help.

    Read the article

  • identify a router that cuts certain port

    - by Sergiks
    Is there a way to identify which particular router between me and some server blocks connections on certain port? I am in a hotel in Thailand, where they have recently changed some settings in their equipment, and now I cannot reach any of my servers in Europe and USA by SSH / port 22. More traditional ports like 80 or 21 are open. traceroute command shows each particular router in the middle. But is there a way to identify one that filters out port 22?

    Read the article

  • Can not open port 3306 on Ubuntu using iptables

    - by user94626
    I am trying to open port 3306 (for remote mysql connections) on my ubuntu 12.04 server machine but for the life of me can't get the damned thing to work! Here is what I did: 1) list current firewall rules: $> sudo iptables -nL -v output: Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 225 16984 fail2ban-ssh tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 22 220 69605 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 0 0 REJECT all -- lo * 0.0.0.0/0 127.0.0.0/8 reject-with icmp-port-unreachable 486 54824 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 1 60 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 19 988 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 1 52 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 8 4 208 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 5/min burst 5 LOG flags 0 level 7 prefix "iptables denied: " 4 208 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 735 182K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain fail2ban-ssh (1 references) pkts bytes target prot opt in out source destination 225 16984 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 2) try to connect from remote machine: $> mysql -u root -p -h x.x.x.x output: timeout.... failed to connect 3) try to add a new rule to iptables: iptables -A INPUT -i eth0 -p tcp -m tcp --dport 3306 -j ACCEPT 4) make sure the new rule is added: $> sudo iptables -nL -v output: Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 359 25972 fail2ban-ssh tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 22 251 78665 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 0 0 REJECT all -- lo * 0.0.0.0/0 127.0.0.0/8 reject-with icmp-port-unreachable 628 64420 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 1 60 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 19 988 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 1 52 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 8 5 260 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 5/min burst 5 LOG flags 0 level 7 prefix "iptables denied: " 5 260 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 919 213K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain fail2ban-ssh (1 references) pkts bytes target prot opt in out source destination 359 25972 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 which appears to be the case (last line in "Chain INPUT" section). 5) try to connect again from remote machine: $> mysql -u root -p -h x.x.x.x output: timeout.... failed to connect which is failing again. 6) try to flush all rules: $> sudo iptables -F 7) this time I CAN CONNECT. 8) reboot server and try to connect, FAILURE. I suspect since the new rule is being appended at the end it will have no effect as there appears to be a "reject all" sort of rule before it. If this is the case, how to make sure the new rule is added in the right order? Otherwise, what am I missing? Please help.

    Read the article

  • Redirect with iptables if destination port is not listened

    - by PoltoS
    I've a server listening on port 10000. But this server is running only in a special case (then some third service is available). Otherwise the port is not listened. Is it possible to redirect the client to another port if 10000 is not listening? I see two solutions: 1) insert/remove iptables rules on server start/stop, but since the server may be killed, it may not insert the correct iptable redirect rule before dieing. 2) make a permanent userspace rule that checks if the port is listening and redirects the packet if not listened. How to do 2) ? Do someone have recipes for ipq? May be someone can suggest me a better way? It is something like fallback redirect: I'll have thousand of clients with different ports (10000-11000) and if their instance of server is not running, whey should be redirected to some page explaining why they don't have and instance connected.

    Read the article

  • Windows 2008 server and Redhat with only 1 ip address, can windows route the traffic?

    - by paulcap1
    I have a two home server VMs set up. Windows 2008 server on port 80 and Centos/Redhat on port 8080. Both have separate godaddy domain name A name records pointing to them. But I cant point both domain to the same IP I only have 1 wan ip address at home. So one of my domain is forward to my IP:8080. My question: Is it possible for my windows server to redirect a certain domain name to my Linux server on port 8080? So i Have mysite1.com going to windows and mysite2.com also going to the windows server but windows would redirect mysite2.com traffic to the linux ip address:8080. I want to access both sites at my work and my work firewall is strict and will not allow domain forwarding from godaddy.

    Read the article

  • how to monitor traffic at port 53 (DNS)

    - by Registered User
    I am a bit confused with the abundant tcpdump tutorials on internet. I am having a few of the virtual machines running on a virtualization server.Where I am debugging a problem.Port 53 is the one in problem. I have a bridged setup where out of 4 LAN cards on the machine in question one is active and it is xen-br0 I want to check if there is any request coming on port 53 on the server by other machines on LAN in question. I also want to see if the guest operating systems on LAN or any other machine is sending traffic at port 53.Due to abundant messages being generated via tcpdump I am finding it difficult to grep the output at desired port. So how can I use it if some one can give an example that would be helpful. Thanks in advance.

    Read the article

  • USB 3.0 port with USB 3.0 device in Ubuntu 12.10

    - by fernando garcía
    When I try to connect a USB 3.0 device in Ubuntu 12.10 (ASUS K55VD, kernel 3.5.0-19-generic #30-Ubuntu SMP), the system says [ 74.747832] hub 3-0:1.0: unable to enumerate USB device on port 1 [ 74.931957] usb 4-1: new SuperSpeed USB device number 2 using xhci_hcd [ 74.949390] usb 4-1: New USB device found, idVendor=05e3, idProduct=0731 [ 74.949396] usb 4-1: New USB device strings: Mfr=0, Product=1, SerialNumber=2 [ 74.949400] usb 4-1: Product: USB Storage [ 74.949403] usb 4-1: SerialNumber: 0000000000000033 [ 75.033327] usbcore: registered new interface driver uas [ 75.038548] Initializing USB Mass Storage driver... [ 75.038651] scsi7 : usb-storage 4-1:1.0 [ 75.038700] usbcore: registered new interface driver usb-storage [ 75.038701] USB Mass Storage support registered. but it does not recognize the device, and the disks applications (gparted, nautilus) act as if nothing had been connected. I have checked other questions, but either they have no answers or they told about previous Ubuntu version with 3.0.x kernels. A USB 2.0 device will work in the USB 3.0 ports. A USB 3.0 device will work (at USB 2.0 speeds) in the USB 2.0 ports. The problem, as I wrote, is between USB 3.0 devices and USB 3.0 ports. I have my USB 3.0 ports configured without legacy support via the BIOS (the way they should be, I suppose). But I also have tried to configure them with XHCI Preboot mode disabled. Have any one solved a similar problem? Thanks in advance.

    Read the article

  • How to port email from evolution to thunderbird?

    - by jim
    I updated ubuntu to 11.10 using the update notification. I am also switching from Xubuntu to ubuntu - gnome interface. I have been using evolution for years and would like to port the emails to thunderbird. I have looked at the similar questions with no luck and the thunderbird help on manually importing. Most of these assume that the evolution file structure is similar to the evolution file structure. When I set up thunderbird it seems to have imported the contacts from evolution (and actually removed them from evolution. However no mail got transferred. I found the evolution mail in ~/.local/share/evolution/mail/local . this has folders.db and 3 directories - cur ,tmp, and new. then there are the hidden files and directories. Each directory has three related files with extensions .cmeta, .ibex.index, and .ibex.index.data. Then all the directories had files that seem to contain the individual messages. I have not looked at rhyme or reason to the file numbering/naming scheme. is there a nice way to import these files?

    Read the article

  • Cannot start tor with vidalia, failed to bind listening port because of tor-socks running

    - by ganjan
    I get these errors trying to run tor with vidalia Apr 19 21:55:15.371 [Notice] Tor v0.2.1.30. This is experimental software. Do not rely on it for strong anonymity. (Running on Linux i686) Apr 19 21:55:15.372 [Notice] Initialized libevent version 1.4.13-stable using method epoll. Good. Apr 19 21:55:15.373 [Notice] Opening Socks listener on 127.0.0.1:9050 Apr 19 21:55:15.373 [Warning] Could not bind to 127.0.0.1:9050: Address already in use. Is Tor already running? Apr 19 21:55:15.373 [Warning] Failed to parse/validate config: Failed to bind one of the listener ports. Apr 19 21:55:15.373 [Error] Reading config failed--see warnings above. I don't think tor is running. Here is a nmap scan of my localhost Starting Nmap 5.21 ( http://nmap.org ) at 2011-04-19 21:59 CEST Nmap scan report for localhost (127.0.0.1) Host is up (0.0000050s latency). Hostname localhost resolves to 2 IPs. Only scanned 127.0.0.1 rDNS record for 127.0.0.1: localhost.localdomain Not shown: 989 closed ports PORT STATE SERVICE 22/tcp open ssh 53/tcp open domain 80/tcp open http 139/tcp open netbios-ssn 445/tcp open microsoft-ds 631/tcp open ipp 3128/tcp open squid-http 3306/tcp open mysql 9000/tcp open cslistener 9050/tcp open tor-socks 10000/tcp open snet-sensor-mgmt I see tor-socks is running here, probably be the cause of the problem. How do I stop this from starting up? I want to use vidalia so I can monitor whats going on.

    Read the article

  • Error while running Jetty Server on port 80 as non root user

    - by user75016
    All, I was trying to setup jetty on port 80 but its giving exception saying permission denied as below. I have setup jetty to work with setuid and configured start.ini as follows: OPTIONS=Server,jsp,jmx,resources,websocket,ext,plus,annotations,jta,jdbc,setuid (below as first configuration file in start.ini) etc/jetty-setuid.xml and jetty-setuid.xml file with username and group name of non root user. 2012-07-03 15:29:02.411:INFO:oejdp.ScanningAppProvider:Deployment monitor /opt/jetty-hightide-8.1.3.v20120416/contexts at interval 1 2012-07-03 15:29:02.454:WARN:oejuc.AbstractLifeCycle:FAILED [email protected]:80: java.net.SocketException: Permission denied java.net.SocketException: Permission denied at sun.nio.ch.Net.bind(Native Method) at sun.nio.ch.ServerSocketChannelImpl.bind(ServerSocketChannelImpl.java:126) at sun.nio.ch.ServerSocketAdaptor.bind(ServerSocketAdaptor.java:59) at org.eclipse.jetty.server.nio.SelectChannelConnector.open(SelectChannelConnector.java:182) at org.eclipse.jetty.server.AbstractConnector.doStart(AbstractConnector.java:311) at org.eclipse.jetty.server.nio.SelectChannelConnector.doStart(SelectChannelConnector.java:260) at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:59) at org.eclipse.jetty.server.Server.doStart(Server.java:273) at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:59) at org.eclipse.jetty.xml.XmlConfiguration$1.run(XmlConfiguration.java:1215) at java.security.AccessController.doPrivileged(Native Method) at org.eclipse.jetty.xml.XmlConfiguration.main(XmlConfiguration.java:1138) 2012-07-03 15:29:02.455:WARN:oejuc.AbstractLifeCycle:FAILED org.eclipse.jetty.server.Server@66da9ea4: java.net.SocketException: Permission denied java.net.SocketException: Permission denied

    Read the article

  • Sharing an internet connection through the Ethernet port

    - by Bob Cunningham
    I have a small living room PC (Bohica, running fully-updated Ubuntu 10.10/Maverick) connected to my HDTV that I use for web browsing and media streaming. It connects via WiFi (wlan0) to my Fedora server (Snafu) that in turn connects to the internet. I use static addressing, and everything has been working fine. I just got a Blu-ray player, and I'd like to give it wired network access to the internet via Bohica's available wired ethernet port (eth0). So far, I haven't been to get eth0 and the network configured to get the Blu-ray player talking to the internet. Here's my wlan0 configuration: ip4 addr: 192.168.0.100 mask: /24 (255.255.255.0) gateway: 192.168.0.4 (fedora box) The Blu-ray player is set to an IP of 192.168.0.98/24, with the same gateway as above. I want eth0 set to an IP of 192.168.0.99/24, but when I do this using nm-connection-editor I lose internet access (the system tries to use eth0 as the default internet access interface). How do I get my blu-ray player to talk to the internet through Bohica, and do so without disrupting my current (working) network? Thanks. Edit: Here's the relevant output from nm-tool with the Blu-ray player connected: $ nm-tool NetworkManager Tool State: connected - Device: eth0 Type: Wired Driver: forcedeth State: disconnected Default: no HW Address: 90:FB:A6:2C:94:32 Capabilities: Carrier Detect: yes Speed: 100 Mb/s Wired Properties Carrier: on - Device: wlan0 [wlan0] Type: 802.11 WiFi Driver: ndiswrapper State: connected Default: yes HW Address: 00:26:5A:C0:D0:05 IPv4 Settings: Address: 192.168.0.100 Prefix: 24 (255.255.255.0) Gateway: 192.168.0.4

    Read the article

  • port opengl2.x to opengl 3.x

    - by user46759
    I'm trying to port opencloth example to OpenGL 3.x. I've mostly done it to the shaders but I'm not sure of this part : glEnableClientState(GL_VERTEX_ARRAY); glBindBuffer(GL_ARRAY_BUFFER, vboID); glVertexPointer(4, GL_FLOAT, 0,0); glEnableClientState(GL_TEXTURE_COORD_ARRAY); glBindBuffer(GL_ARRAY_BUFFER, vboTexID); glTexCoordPointer(2, GL_FLOAT,0, 0); glEnableClientState(GL_NORMAL_ARRAY); glBindBuffer(GL_ARRAY_BUFFER, vboNormID); glNormalPointer(GL_FLOAT,sizeof(float)*4, 0); maybe glEnableVertexAttriArray somewhere ? any clue ? thanx edit : maybe something like that ? glEnableVertexAttribArray (2) ; // Ou glEnableVertexAttribArray (positionIndex) ; glBindBuffer(GL_ARRAY_BUFFER, vboTexID); glVertexAttribPointer (2, 2, GL_FLOAT, GL_FALSE, 0, 0) ; glEnableVertexAttribArray (3) ; // Ou glEnableVertexAttribArray (positionIndex) ; glBindBuffer(GL_ARRAY_BUFFER, vboNormID); glVertexAttribPointer (3, 4, GL_FLOAT, GL_FALSE, sizeof (float) * 4, 0) ;

    Read the article

  • HDMI & Display Port stopped work on 11.10

    - by dizzy
    After upgraded two laptops to 11.10, HDMI and Display ports stopped to work. Symptoms on each (btw. it used to work with 11.04 on both): laptop Dell Inspiron 1525 (HDMI, Intel GMX 3100): after HDMI cable is plugged in, screen is corrupted (no panel, no icons), system is unresponsive, TV set receives some signal, but only blue screen and some regular ticks can be heard. Unplugging the cable system recovers. No logs were checked. Thinkpad W510 (DisplayPort, NVidia). Simple "Screens" utility does not recognizes TV set, but this is something to do with the differences between Nvidia driver API and the one expected from the utility, as far I could spot on the net. However, using Nvidia-settings, TV is recognized, but cannot be enabled and used. Beside that, touch pad freezes after HDMI2DisplayPort connector is plugged in the laptop (not immediately, but after few seconds - probably after some handshake with the TV set crashes). It is strange that no such bug reports can be found on the net. So, I guess it is something wrong on our laptops only, but would appreciate some hints (i.e. any known changes recently related to HDMI, Display Port, X-Windows, kernel... wherever I should take a look and fix the issue).

    Read the article

  • iptables -P FORWARD DROP makes port forwarding slow

    - by Isaac
    I have three computers, linked like this: box1 (ubuntu) box2 router & gateway (debian) box3 (opensuse) [10.0.1.1] ---- [10.0.1.18,10.0.2.18,10.0.3.18] ---- [10.0.3.15] | box4, www [10.0.2.1] Among other things I want box2 to do nat and port forwarding, so that I can do ssh -p 2223 box2 to reach box3. For this I have the following iptables script: #!/bin/bash # flush iptables -F INPUT iptables -F FORWARD iptables -F OUTPUT iptables -t nat -F PREROUTING iptables -t nat -F POSTROUTING iptables -t nat -F OUTPUT # default default_action=DROP for chain in INPUT OUTPUT;do iptables -P $chain $default_action done iptables -P FORWARD DROP # allow ssh to local computer allowed_ssh_clients="10.0.1.1 10.0.3.15" for ip in $allowed_ssh_clients;do iptables -A OUTPUT -p tcp --sport 22 -d $ip -j ACCEPT iptables -A INPUT -p tcp --dport 22 -s $ip -j ACCEPT done # allow DNS iptables -A OUTPUT -p udp --dport 53 -m state \ --state NEW,ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -p udp --sport 53 -m state \ --state ESTABLISHED,RELATED -j ACCEPT # allow HTTP & HTTPS iptables -A OUTPUT -p tcp -m multiport --dports 80,443 -j ACCEPT iptables -A INPUT -p tcp -m multiport --sports 80,443 -j ACCEPT # # ROUTING # # allow routing echo 1 >/proc/sys/net/ipv4/ip_forward # nat iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE # http iptables -A FORWARD -p tcp --dport 80 -j ACCEPT iptables -A FORWARD -p tcp --sport 80 -j ACCEPT # ssh redirect iptables -t nat -A PREROUTING -p tcp -i eth1 --dport 2223 -j DNAT \ --to-destination 10.0.3.15:22 iptables -A FORWARD -p tcp --sport 22 -j ACCEPT iptables -A FORWARD -p tcp --dport 22 -j ACCEPT iptables -A FORWARD -p tcp --sport 1024:65535 -j ACCEPT iptables -A FORWARD -p tcp --dport 1024:65535 -j ACCEPT iptables -I FORWARD -j LOG --log-prefix "iptables denied: " While this works, it takes about 10 seconds to get a password promt from my ssh command. Afterwards, the connection is as responsive as could be. If I change the default policy for my FORWARD chain to "ACCEPT", then the password promt is there imediatly. I have tried analysing the logs, but I can not spot a difference in the logs for ACCEPT/DROP in my FORWARD chain. Also I have tried allowing all the unprivileged ports, as box1 uses thoses for doing ssh to box2. Any hints? (If the whole setup seems strange to you - the point of the exercise is to understand iptables ;))

    Read the article

  • Apache not Forwarding Client x509 Certificate to Tomcat via mod_proxy

    - by hooknc
    Hi Everyone, I am having difficulties getting a client x509 certificate to be forwarded to Tomcat from Apache using mod_proxy. From observations and reading a few logs it does seem as though the client x509 certificate is being accepted by Apache. But, when Apache makes an SSL request to Tomcat (which has clientAuth="want"), it doesn't look like the client x509 certificate is passed during the ssl handshake. Is there a reasonable way to see what Apache is doing with the client x509 certificate during its handshake with Tomcat? Here is the environment I'm working with: Apache/2.2.3 Tomcat/6.0.29 Java/6.0_23 OpenSSL 0.9.8e Here is my Apache VirtualHost SSL config: <VirtualHost xxx.xxx.xxx.xxx:443> ServerName xxx ServerAlias xxx SSLEngine On SSLProxyEngine on ProxyRequests Off ProxyPreserveHost On ErrorLog logs/ssl_error_log TransferLog logs/ssl_access_log LogLevel debug SSLProtocol all -SSLv2 SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW SSLCertificateFile /usr/local/certificates/xxx.crt SSLCertificateKeyFile /usr/local/certificates/xxx.key SSLCertificateChainFile /usr/local/certificates/xxx.crt SSLVerifyClient optional_no_ca SSLOptions +ExportCertData CustomLog logs/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" <Proxy *> AddDefaultCharset Off Order deny,allow Allow from all </Proxy> ProxyPass / https://xxx.xxx.xxx.xxx:8443/ ProxyPassReverse / https://xxx.xxx.xxx.xxx:8443/ </VirtualHost> Then here is my Tomcat SSL Connector: <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" address="xxx.xxx.xxx.xxx" maxThreads="150" scheme="https" secure="true" keystoreFile="/usr/local/certificates/xxx.jks" keypass="xxx_pwd" clientAuth="want" sslProtocol="TLSv1" proxyName="xxx.xxx.xxx.xxx" proxyPort="443" /> Could there possibly be issues with SSL Renegotiation? Could there be problems with the Truststore in our Tomcat instance? (We are using a non-standard Truststore that has partner organization CAs.) Is there better logging for what is happening internally with Apache for SSL? Like what is happening to the client cert or why it isn't forwarding the certificate when tomcats asks for one? Any reasonable assistance would be greatly appreciated. Thank you for your time.

    Read the article

  • Address (url) forwarding with Vyatta

    - by Trikks
    Hi Got this kind of noob question i suppose. I got this very basic network setup and need help to set up some address forwarding. As seen in my illustration below all traffic enters via the eth0 interface (85.123.32.23). The external dns is setup to direct all hosts to this ip as well. Now, how on earth do I filter the incoming requests to each box? The Ip's are static! Se the network layout here: http://vyatta.org/files/u11160/setup.png I do not wish to solve this by assigning tons of ports etc. In my wishful thinking something like this would be nice :) set service nat rule 10 type destination set service nat rule 10 inbound-interface eth0 set service nat rule 10 destination address ftp.myhost.com set service nat rule 10 inside-address address 192.168.100.20 This way ALL traffic to the address ftp.myhost.com (at eth0) should be routed to the internal ip, 192.168.100.20. Right, is there anyone who could point in some direction? Maybe it's wrong to use nat? Please help me! :)

    Read the article

  • Address (url) forwarding with Vyatta

    - by Trikks
    Got this kind of noob question i suppose. I got this very basic network setup and need help to set up some address forwarding. As seen in my illustration below all traffic enters via the eth0 interface (85.123.32.23). The external dns is setup to direct all hosts to this ip as well. Now, how on earth do I filter the incoming requests to each box? The Ip's are static! My network layout: I do not wish to solve this by assigning tons of ports etc. In my wishful thinking something like this would be nice :) set service nat rule 10 type destination set service nat rule 10 inbound-interface eth0 set service nat rule 10 destination address ftp.myhost.com set service nat rule 10 inside-address address 192.168.100.20 This way ALL traffic to the address ftp.myhost.com (at eth0) should be routed to the internal ip, 192.168.100.20. Right, is there anyone who could point in some direction? Maybe it's wrong to use nat? Please help me! :)

    Read the article

  • external postfix forwarding to zimbra server

    - by Marko
    I want to migrate from my current mail server (old_server) for my domain mydomain.com. old_server setup is Postfix+LDAP+Cyrus. Now I want to migrate my domain mail to Zimbra server (zimbra), but I am considering option to leave current mail server working in the first phase, and then to only have subset of email addresses to be forwarded to zimbra server. It seems that zimbra refers this in their documentation as 'edge MTA'. Current config mydomain.com MX: old_server <---------- smtp send ----------> smtp receive New config mydomain.com MX: old_server zimbra <------------------------------------------- smtp send ----------> smtp receive ---- forward ----> smtp receive I need following: old_server to receive mail for my domain as before, but for some of the email addresses I want them to be delivered to zimbra server. I should be able to determine which email addresses will be forwarded. I would like to avoid possible false spam detections for mails from mydomain.com due to this setup. Questions: How should I configure postfix on old_server to support this mail forwarding? To avoid false spam detection, can I have outgoing mail from mydomain.com to be sent by zimbra or should I use old_server? Is there anything extra I would need to do in order to avoid possibility of my outgoing mails being marked as spam on other servers?

    Read the article

  • Intermittent CNAME forwarding

    - by Godric Seer
    I host a personal website on an old desktop that is LAMP based. Since I have a dynamic IP, I use no-ip to make sure I have a working domain name at all times. I also have a domain I have bought on GoDaddy where I have a CNAME record forwarding the www subdomain to my no-ip domain. At all times, I can connect to my website through the no-ip domain without issue. For the past several weeks, I never had an issue using the GoDaddy domain to connect (ssh or https). As of today, however, the GoDaddy domain only works for about 10 minutes at a time. I get server not found errors most of the time. Also, if I happen to be using the GoDaddy domain for an ssh connection, the connection will freeze. I have attempted to run tests using a couple of online DNS check websites, but have not gotten any errors at any time. I also contacted GoDaddy support but they had no issues connecting to the website, and therefore did not see any issues. I would like advice on how I could debug/resolve this issue. Since the problem appeared without me changing anything on my end, I hope it will resolve itself, but knowing the cause in case it happens again would be preferable. EDIT: I changed the configuration in GoDaddy to create an A (Host) that points at my current IP. This works fine, so I can access the site through the GoDaddy domain without the preceding www. I am currently waiting for a new CNAME record to propagate that points the www subdomain at the main host, rather than my no-ip domain.

    Read the article

  • What are the disadvantages of domain email forwarding?

    - by naivedeveloper
    I have a domain, example.com. My domain registrar gives me two options concerning email. Set up forwarding email addresses (e.g., [email protected] forwarded to [email protected]. Set up Google Apps for email management Thus far, I have gone with option 1. I have a generic GMail email, [email protected], and I subsequently set up various email addresses on my registrar to forward to this gmail address: [email protected] -> [email protected] [email protected] -> [email protected] [email protected] -> [email protected] Through the GMail account, I have the option to alias these addresses when sending email. For example, from [email protected], I can "send email as" [email protected]. That way from the vantage point of the receiver of the email, the email came from [email protected] as opposed to [email protected]. My question is: Are there any disadvantages of this approach? Are these emails more susceptible to being picked up by spam filters vs using the Google Apps approach? Is there any hidden indication that the email is being aliased? When viewing the email headers, it shows the email was sent from [email protected] and not [email protected] or "forwarded from [email protected]" or anything like that. Am I naive in assuming that my cheap approach to email is masked by aliasing my outgoing emails? I have chosen approach number 1 simply because of the ease of setup. With that said, are there any advantages of going with approach 2 (the Google Apps approach)? Thanks for suggestions and advice.

    Read the article

< Previous Page | 29 30 31 32 33 34 35 36 37 38 39 40  | Next Page >