Search Results

Search found 1031 results on 42 pages for 'subnet'.

Page 33/42 | < Previous Page | 29 30 31 32 33 34 35 36 37 38 39 40  | Next Page >

• How can I manage AWS VPC ssh access accounts and keys across multiple instances?

  - by deitch

  I am setting up a standard AWS VPC structure: a public subnet some private subnets, hosts on each, ELB, etc. Operational network access will be via either an ssh bastion host or an openvpn instance. Once on the network (bastion or openvpn), admins use ssh to access the individual instances. From what I can tell all of the docs seem to depend on a single user with sudo rights and a single public ssh key. But is that really best practice? Isn't it much better to have each user access each host under their own name? So I can deploy accounts and ssh public keys to each server, but that rapidly gets unmanageable. How do people recommend managing user accounts? I've looked at: IAM: It doesn't like like IAM has a method for automatically distributing accounts and ssh keys to VPC instances. IAM via LDAP: IAM doesn't have an LDAP API LDAP: set up my own LDAP servers (redundant, of course). Bit of a pain to manage, still better than managing on every host, especially as we grow. Shared ssh key: rely on the VPN/bastion to track user activities. I don't love it, but... What do people recommend? NOTE: I moved this over from accidentally posting in StackOverflow.

  Read the article

• How have multiple web servers and IPs on the same physical network

  - by jsigned

  I do web development out of a small office and need to have multiple physical and virtual servers that can be accessed from the internet. I also have a number of devices (computers, laptops, tablets, printers, etc) that need connections as well. I have gotten a subnet of 8 IP's from my ISP and while that is adequate for the web servers its far too small for everything that needs access to the network. My router is an ASUS RT-N16 running DD-WRT. I'm just smart enough about this routing topic to be dangerous, think 2 year old with a magic marker. I would like to keep my internal network NAT'ed on the 192.168.x.x network and route the 68.69.x.x 255.255.255.248 traffic directly to the servers. The physical network consists of the 4 port DD-WRT router and an unmanaged gig switch. I have a fiber connection to the office that works as an Ethernet port. In other words I can plug my laptop directly into it and have access to the internet. There is no login or password and the router is setup to get DHCP from the ISP, and to provide DHCP addresses for the internal network. What I've done so far is google and try different configurations with little success. In the end I decided I didn't even know how to ask the questions needed. My questions are: Is this the best way to configure the network? How do you do it? VLANs? Multiple routers? I've never had to configure a router using anything more than the GUI so if this is command line stuff be gentle.

  Read the article

• Postfix selective header_checks: smtpd_relay_restrictions vs. smtpd_recipient_restrictions

  - by luke

  Some of my customers implemented commercial software that violate email-RFCs such that we have had to relax our header checks. In consequence, we receive more spam. Prolog: I know the domains (customer.com) and IP-addresses (a.b.c.d/C) these emails come from Kind request for help: Is it possible to setup one Postfix (2.11) instance on Linux such that: It applies only some header checks for emails from .*@customer.com But applies all header checks for all other email sources? I thought of a combination of mynetworks that includes the subnet a.b.c.d/C in smtpd_recipient_restrictions -- allowing all these messages through -- and simultaneously avoid an open-relay with smtpd_relay_restrictions. However, this has not worked out as expected. Any idea or help is highly appreciated. Thanks in advance. Luke ==EDIT== For the current issue, I solved the problem by prepending REDIRECTs to header_checks as follows: /^received: from.*customer.com.*by mail.own.com.*for.*luke@own.*/ REDIRECT [email protected] This works so far as neeeded. Irrespective thereof, I am still looking for a postfix configuration that would turn this text-based setting into an IP-Address-Range based forwarding rule.... Thanks. Luke

  Read the article

• FreeBSD slow transfers - RFC 1323 scaling issue?

  - by Trey

  I think I may be having an issue with window scaling (RFC 1323) and am hoping that someone can enlighten me on what's going on. Server: FreeBSD 9, apache22, serving a static 100MB zip file. 192.168.18.30 Client: Mac OS X 10.6, Firefox 192.168.17.47 Network: Only a switch between them - the subnet is 192.168.16/22 (In this test, I also have dummynet filtering simulating an 80ms ping time on all IP traffic. I've seen nearly identical traces with a "real" setup, with real internet traffic/latency also) Questions: Does this look normal? Is packet #2 specifying a window size of 65535 and a scale of 512? Is packet #5 then shrinking the window size so it can use the 512 scale and still keep the overall calculated window size near 64K? Why is the window scale so high? Here are the first 6 packets from wireshark. For packets 5 and 6 I've included the details showing the window size and scaling factor being used for the data transfer. Code: No. Time Source Destination Protocol Length Info 108 6.699922 192.168.17.47 192.168.18.30 TCP 78 49190 http [SYN] Seq=0 Win=65535 Len=0 MSS=1460 WS=8 TSval=945617489 TSecr=0 SACK_PERM=1 115 6.781971 192.168.18.30 192.168.17.47 TCP 74 http 49190 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1460 WS=512 SACK_PERM=1 TSval=2617517338 TSecr=945617489 116 6.782218 192.168.17.47 192.168.18.30 TCP 66 49190 http [ACK] Seq=1 Ack=1 Win=524280 Len=0 TSval=945617490 TSecr=2617517338 117 6.782220 192.168.17.47 192.168.18.30 HTTP 490 GET /utils/speedtest/large.file.zip HTTP/1.1 118 6.867070 192.168.18.30 192.168.17.47 TCP 375 [TCP segment of a reassembled PDU] Details: Transmission Control Protocol, Src Port: http (80), Dst Port: 49190 (49190), Seq: 1, Ack: 425, Len: 309 Source port: http (80) Destination port: 49190 (49190) [Stream index: 4] Sequence number: 1 (relative sequence number) [Next sequence number: 310 (relative sequence number)] Acknowledgement number: 425 (relative ack number) Header length: 32 bytes Flags: 0x018 (PSH, ACK) Window size value: 130 [Calculated window size: 66560] [Window size scaling factor: 512] Checksum: 0xd182 [validation disabled] Options: (12 bytes) No-Operation (NOP) No-Operation (NOP) Timestamps: TSval 2617517423, TSecr 945617490 [SEQ/ACK analysis] TCP segment data (309 bytes) Note: originally posted http://forums.freebsd.org/showthread.php?t=32552

  Read the article

• DD-WRT (WRT54G) and (THOMSON TG782) how to put them togather?

  - by FeRtoll

  Ok so let me explain, i bought WRT54G and successfully installed DD-WRT v24-sp1 (07/26/08) mini-special - build 9994. That's all ok no problems with it all normal functioning. And just to add (i don't need wireless, wireless is turned off always) What i want: ISP's router (TG782) from it's INTERNET port(out) cable "which was before in my pc" is connected to WRT54G's INTERNET port and then from WRT54G LAN port 1 to my pc. The problem: How do i connect and setup all? I have tried many times on many different ways but cant get it to work IF THE CABLE FROM TG782 IS CONNECTED TO WRT54G ON INTERNET PORT. If i connect the TG782 to Lan port 1 on WRT54G and my pc to lan port 2 then all works fine after i setup gateway and all. But i want to connect TG782 to Internet port of WRT54G because i need "Access Restrictions" and this only goes through WAN right? please correct me if i am wrong. What i have tried: This is how i have tried to setup all. The TG782 router ip is 192.168.1.1 And WRT54G ip is 192.168.1.30 so in WRT54G control panel i have setup like this: ----WAN Connection Type---- Connection Type: Automatic Configuration - DHCP STP: Disabled ----Router IP---- Local IP Address: 192.168.1.30 Subnet Mask: 255.255.255.0 Gateway: 192.168.1.1 (the TG782) ----Network Address Server Settings (DHCP)---- DHCP Type: DHCP Server Start IP Address: 192.168.1.100 Maximum DHCP Users: 6 And this wont work i probably miss something more, if anyone can help i would be thankfull. Also i have to note that i have tried to set my network adapter on pc to use the gateway of WRT54G and ip 192.168.1.102 In short: i cant get it to work normal only as a switch! Thanks for any help! -------EDIT:------- Here is an image which maybe can help: http://img27.imageshack.us/img27/4227/allin1w.jpg

  Read the article

• How can I split 200Mbps of streaming traffic into routers?

  - by Jared

  As the title says, I have 200Mbps of streaming video traffic coming into my command center. How do I split the load between routers? Setup is like this: fiber --- router --- switch --- workstations I'm sorry I haven't dealt with this much traffic before. so please be gentle if you're going to kick me out :) EDITED FOR DETAILS: Okay, this specific project is for our company's IP CCTV system. We have deployed over 100++ cameras all over a building/campus and we have estimated each camera to take about 2Mbps of bandwidth each. Now, they're all connected to a switch and that's entirely fine. But coming into our command center, they have to be on a router since it'll get more than 200++ cameras next year (and I don't want to have too many hosts on one subnet). My plan was to have the 1st hundred on a 172.16.9.x block and the 2nd hundred on a 172.16.10.x block (all /24). The servers I have are currently sized to match (about 5 dual 6-core xeons) and I'd have about 19 workstations all streaming video from the 5 servers. (servers pull video from the cameras). But 200Mbps of constant traffic? How the hell do I even break this up? I need to have 1 gateway, to manage the routes... I honestly think I'm way in over my head.

  Read the article

• SCM8014 to FVS338

  - by Jack

  I have a SMC8014 Router/Modem that Comcast provided me with their business class service. It was not filtering malicious traffic as aggressively as I had hoped, so I purchased a NetGear ProSafe FVS338, and put this behind the SMC8014, and all my machines behind that. After some brief configuration, all machines can see out to the internet. I also have a single web server, and I have not been able to configure things so that incoming requests can reach it. This is where I need help! I would like to have the FVS339 do NAT, so that I can assign a 192.168 address to my webserver. I've tried everything I know of, and I can't get things going. I set the SMC8014 to have a LAN facing IP of 10.0.0.1, and I assigned the FVS339 a WAN facing IP of 10.0.0.2. I would like to be able to tell the SMC8014 to just forward all traffic to 10.0.0.2, but I haven't had any success. In my (unfortunately limited) understanding, what I probably want here is a static route, but I don't know how to cofigure one, or if this is really what I want. The SMC8014 wants a Destination IP, a Subnet Mask and a Gateway IP. Any help would be appreciated.

  Read the article

• ISA Server dropping packets as it believes they are spoofed

  - by RB

  We have ISA Server 2004 running on Windows Server 2003 SP2. It has 2 NICs - one internal called LAN on 192.168.16.2, with a subnet of 255.255.255.0, and one external called WAN on 93.x.x.2. The default gateway is 93.x.x.1 (our modem). This machine also accepts VPN connections. We are having a problem with a scanner, which is trying to save a scan into a network share. Every time we try to scan, ISA Server logs the following Denied Connection Log type: Firewall service Status: A packet was dropped because ISA Server determined that the source IP address is spoofed. Rule: Source: Internal ( 192.168.16.54:1024) Destination: Internal ( 192.168.16.255:137) Protocol: NetBios Name Service Pinging 192.168.16.54 from the ISA Server works fine. In ISA Server, going into Configuration → Networks, there are 5 Networks : - External (inbuilt) - Internal (defined as 192.168.16.0 → 192.168.16.255) - Local Host (inbuilt) - Quarantined VPN Clients (inbuilt) - VPN Clients (inbuilt) Finally, under Network Connections → Advanced → Advanced Settings..., the connections are in the following order : - LAN - WAN - [Remote Access Connections] If we try to scan onto a workstation it works fine. Please let me know if you need any more info - many thanks. RB.

  Read the article

• Adding a Second Wireless Router to an Existing Wired Network

  - by KVCrawford

  I apologize ahead of time, I know this has been asked before, but I'm still having problems...maybe you guys can help. I started out with the basic instructions from the highest-voted answer at http://serverfault.com/questions/41572/adding-a-second-wireless-router-to-my-network The new Wireless router in question is a Linksys Wireless-N Gigabit Router, Model # WRT310N Here are the steps I've taken in setting it up: Plug my laptop into LAN port #2 in the new router. Nothing else is connected at this point Configure the new router to be 192.168.1.200 (the original router is 192.168.1.1, and its DHCP clients are from 192.168.1.100-x.x.x.199) Set the internet connection on the new router to "DHCP Client" Turn off the DHCP server & NAT routing on the new router Plug in a LAN cable from the original router into the LAN port #1 on the new router (NOT the WAN port, nothing is plugged in there) Reset the new router Afterwards, I try to ping 192.168.1.1 from the laptop plugged into LAN port #2 on the new router, with no response. 192.168.1.200 garners no response either. Typing "ipconfig" tells me: Autoconfiguration IP Address: 169.254.198.113 Subnet Mask: 255.255.0.0 Default Gateway: 169.254.198.113 What's going wrong? I appreciate any help!

  Read the article

• Windows XP can use a wired network port, but MacBook (OS X) fails on the same port

  - by Dean Hill

  I wired the Cat5 in my house seven years ago. The wired ports have worked fine with both my Windows XP laptop and MacBook. My wireless network also works fine, but I like to use wired occasionally. One of the Cat5 runs wasn't terminated with a jack, so I recently terminated this wire with a port/jack on the wall end and a standard Cat5 plug on the end that plugs into my router. This is the same setup as my other runs. Unfortunately, the MacBook isn't working well with the new wired port. The OS X Network System Preferences show the IP, Subnet, Router, etc., and everything looks fine. A "netstat -ibd" shows no errors or dropped packets. However, when I open a page in Safari, the status says "Contacting 'www.google.com'" and appears to hang. If I wait for a couple minutes, part of the Google page starts to display, but it is still not the full page load. When I use a Windows XP laptop on the same wired port, everything works fine. An internet speed test shows good results and all web pages load fine. A "netstat -e" under Windows shows no errors. I've used a Cat5 tester, and the cable tests fine (wires 1-8 light up in sequence). I've replaced both the port/jack and the connector twice to make sure I wired things correctly. I'd really like this Cat5 to work with the MacBook (and I'm trying to avoid running a new length of cable). Any ideas what the problem could be?

  Read the article

• How to remap IPs visible from local machine to IPs visible from a machine I have SSH access to?

  - by gooli

  I'm so far out of my depth I don't even know what to google for. There's a server I can connect to via SSH. Via that server I can access other server on its subnet via SSH. What I want to do is be able to access the machines that server has access to directly. Say the server IP is 192.168.7.7 and is the only one in the 192.168.x.x range I have access to. I'd like to configure things in such a way that when I to access say 192.168.7.100 on my machine, the connection will go through an SSH tunnel I open to 192.168.7.7 and out to 192.168.7.100. I would like this to work for any port if at all possible. I know I can set an HTTP proxy and even a SOCKS proxy, but I'm wondering is there is a way to actually remap some of the IP my machine sees to IP only visible from the remote machine. What would this configuration be called? IS this NAT, VPN, IP2IP or something else? How can I set up this on a Windows client box that connects via SSH to a Linux box? Sounds to me like I need to set up some kind of filtering on the network driver or possibly a virtual NIC, but I'm not sure where to go next.

  Read the article

• Multi-IP address zimbra server DNS PTR records and spam

  - by David Fraser

  We have a mail server running Zimbra (ZCS 6.0.8). The server has 5 active public IP addresses in the same subnet. (.226-.230). I currently have A records for each of these (host0.domain.com..host4.domain.com), with the main host.domain.com of the machine pointing to .226. Our host has ended up being listed on the SORBS DUHL list (even though it's in a server farm). According to them you can get removed quickly by checking that your host has an MX record, an A record, and a PTR record that points back to the hostname given in the MX record. I tried setting the PTR records so that each of these addresses resolved back to their A record (i.e. .228 had a PTR to host2.domain.com). However, I then got mail being rejected from other servers because when Postfix (under Zimbra control) sends out mail, it uses the main hostname for the HELO - there doesn't seem to be any way to override it. So the PTR records currently say host.domain.com for all 5 IP addresses. What's the correct way to handle this? Should I have an A record for the domain that points to all the IP addresses (for round-robin handling)? I'm nervous of changes that could cause problems, so I'm wondering what the standard way to handle a multiple-IP-address mail server is.

  Read the article

• windows clients cannot get dns resolution until you open and close ipv4 properties page

  - by GC78

  This strange problem has started recently. Some windows clients cannot seem to get dns resolution to the internet after boot, and sometimes again at some point in the day. Internal hosts are also slow to resolve. trying to ping an interal host by name will take a long time for the hostname to resolve to ip address and trying to ping a website by name will fail to resolve. If you go into the tcp/ip v4 properties and view but not change anything, ok/close out of that then the client starts working fine, hostnames will resolve quickly. I have seen this happen on both Vista and W7 clients. ipconfig /all at a client experiencing this problem shows everything in order. proper ip addr, gateway, dns server, dns suffix ect.. ipconfig /dnsflush will not fix them, neither will /release and /renew the clients get their ip address, mask and dns server info from either one of 2 OES dhcp servers that assign addresses in different scopes in the same subnet. the internal dns server is a different OES dns server the default gateway is not assigned by the OES server but is statically put in at the client (only for those who need to get to the Internet for their job) flat network topology What can I do to get to the bottom of this? It only happens to a few of the client machines and typically the same ones. It started happening when we made a change to one of the DHCP scopes in iManager. Strangly this problem only happens to clients that get an IP address from the scope that we didn't make any changes to.

  Read the article

• Why do clients on Branch Sites insist on accessing SYSVOL on the HQ DC instead of the branches' RODC?

  - by pepoluan

  I'm still scratching my head over this situation... You see, we have 3 RW DCs in the HQ, and 1 RODC on every branch sites (50+ locations). During startup, a script will pull in some files from \\example.com\SYSVOL\example.com\Common\Data But we have been experiencing bandwidth overload. A traffic analysis indicated that lots of clients in the Branch Sites were trying to access the SYSVOL located in the RW DCs. E.g.: If the RW DCs are 10.1.0.15, 10.2.0.15, and 10.3.0.15, and site 'X' has a subnet of 10.27.0.0/16 (with its RODC at 10.27.0.15), clients at site 'X' seem to insist on accessing \\10.1.0.15\SYSVOL or \\10.2.0.15\SYSVOL or \\10.3.0.15\SYSVOL; they seem to be ignoring the RODC completely. What is going on here? Where should I start investigating what went wrong? BTW, I'm already using DFS-R, and replication have been going on successfully; I can put a small 'canary' file on one of the RW DCs, and within minutes all the RODCs will have successfully replicated the 'canary' file.

  Read the article

• Does Guest WiFi on an Access Point make any sense?

  - by uos??

  I have a Belkin WiFi Router which offers a feature of a secondary Guest Access WiFi network. Of course, the idea is that the Guest network doesn't have access to the computers/devices on the main network. I also have a Comcast-issues Cable Modem/Router device with mutliple wired ports, but no WiFi-capabilities. I prefer to only run one router/DHCP/NAT instead of both the Comcast Router and the Belkin Router, so I can disable the Routing functions of the Belkin and allow the Comcast Router to But if I disable the Routing functions of the Belkin device, the Guest WiFi network is still available. Is this configuration just as secure as when the Belkin acts as a Router? I guess the question comes down to this: Do Guest WiFi's provide security by 1) only allowing requests to IPs found in-front of the device, or do they work by 2) disallowing requests to IPs on the same subnet? 1) Would mean that Guest WiFi on an access point provides no benefit 2) Would mean that the Guest WiFi functionality can work even if the device is just an access point. Or maybe something else entirely?

  Read the article

• Search for partial IP address using Windows Search?

  - by Dr. Dre

  I have a folder, c:\projects\, added to Windows Index. I know the indexing is working because I search for stuff in this folder all the time and the results come up very fast, and I've never noticed any accuracy problem until now. (I have had to tweak Indexing options to expand which file types have their contents indexed rather than just the file name, etc, but after that Search has worked pretty well for me). I've encountered a problem while trying to search for references to a particular IP address subnet. I'm trying to find all references to IP's with the pattern "192.168.220.xxx" (AKA, the 192.168.220.0/24, AKA 192.168.220.0/255.255.255.0 IP/netmask). Within Windows Explorer: c:\projects**.* is indexed c:\projects\work\project1\network_list.txt contains several "192.168.220.xxx" IP's Indexing status says all items are indexed (193,000 items). When I try to search for partial IP match, there are no search results. Tried searching for: 192.168.220, 192.168, 192.168.220., 192.168.220., 192.168.220.?, 192.168.220.??, 192.168.220.???, 192.168., 192.168.. Also tried variants of all the above surrounded with double quotes. All the searches returned 0 results. Within MS Outlook 2007: My mailbox, and all my offline .pst's are indexed. I search in Outlook pretty frequently, so I'm pretty sure indexed searches work across inbox and all .pst's. Indexing status in Outlook says all items are indexed. I also have references to these IP's in email, and I'd like to find all of them. Basically same deal as above, can't search for "192.168.220.xxx" IP's. Any way to fix this?

  Read the article

• How to route to a secondary interface on the same physical ethernet?

  - by sjose3612611

  INTERNET<->(wan)BRIDGED_DEVICE(lan)<->ETH_ROUTER<->LAN Problem: Need to access web server on BRIDGED_DEVICE's LAN from INTERNET via ROUTER (BRIDGED_DEVICE's web server cannot be accessed form INTERNET since it has no Public management IP). Cannot configure bridged device. It has a static IP on its LAN to which its web server binds. Attempt: Create a secondary/alias WAN Interface on ETH_ROUTER (e.g Primary: eth0.1 (for internet access) and Secondary: eth0.2 (for accessing web server on BRIDGED_DEVICE), (No VLANs). eth0.1 has a public IP; eth0.2 has a static private IP in the BRIDGED_DEVICE's subnet (e.g 10.0.X.Y). Iptables on ETH_ROUTER: Added a port forward (DNAT) from eth0.1 to eth0.2: iptables -t nat -I PREROUTING -i eth0.1 -p tcp --dport 80 -j DNAT --to-destination 10.0.X.Y iptables -t nat -I POSTROUTING -o eth0.2 -s 10.0.X.0/24 -j MASQUERADE Stateful firewall w/ overall drop policy on FORWARD chain, hence: iptables -I FORWARD -i eth0.1 -d 10.0.X.Y -p tcp --dport 80 -j ACCEPT Can ping from ETH_ROUTER to BRIDGED_DEVICE but unable to reach the web server from Internet. I see packet cont increasing for the DNAT rule but not sure where it disappears in the ETH_ROUTER after that. ETH_ROUTER is the only device that can be configured to achieve this. If familiar with this scenario, please suggest what I may be missing or doing wrong here or suggest techniques to debug?

  Read the article

• weird routes automatically being added to windows routing table

  - by simon

  On our windows 2003 domain, with XP clients, we have started seeing routes appearing in the routing tables on both the servers and the clients. The route is a /32 for another computer on the domain. The route gets added when one windows computer connects to another computer and needs to authenticate. For example, if computer A with ip 10.0.1.5/24 browses the c: drive of computer B with ip 10.0.2.5/24, a static route will get added on computer B like so: dest netmask gateway interface 10.0.1.5 255.255.255.255 10.0.2.1 10.0.2.5 This also happens on windows authenticated SQL server connections. It does not happen when computers A and B are on the same subnet. None of the servers have RIP or any other routing protocols enabled, and there are no batch files etc setting routes automatically. There is another windows domain that we manage with a near identical configuration that is not exhibiting this behaviour. The only difference with this domain is that it is not up to date with its patches. Is this meant to be happening? Has anyone else seen this? Why is it needed when I have perfectly good default gateways set on all the computers on the domain?!

  Read the article

• Fixed and dynamic IPs in ISC DHPD lead to double lease

  - by GorillaPatch

  I would like to have a small dynamic adress part and the most clients are assigned a fixed IP adress. My dhcpd.conf looks like this: use-host-decl-names on; authoritative; allow client-updates; ddns-updates on; # Einstellungen fuer DHCP leases default-lease-time 3600; max-lease-time 86400; lease-file-name "/var/lib/dhcpd/dhcpd.leases"; subnet 192.168.11.0 netmask 255.255.255.0 { ddns-updates on; pool { # IP range which will be assigned statically range 192.168.11.1 192.168.11.240; deny all clients; } pool { # small dynamic range range 192.168.11.241 192.168.11.254; # used for temporary devices } } group { host pc1 { hardware ethernet xx:xx:xx:xx:xx:xx; fixed-address 192.168.11.11; } } The motivation for the pool declaration with deny all hosts comes from the ISC DHCPD homepage http://www.isc.org/files/auth.html This will allow hosts to be first added to the network, where they will receive a temporary IP from the 241-254 adress range and then later write an explicit host declaration. Upon next connect it will receive the right configuration. The problem is that I am getting error messages that 192.168.11.13 has a dynamic and a static lease. I am a bit confused as I expected the pool declaration with deny all clients would not count as dynamic. Dynamic and static leases present for 192.168.11.13. Remove host declaration pc1 or remove 192.168.11.13 from the dynamic address pool for 192.168.11.0/24 Is there a way to have the DHCP server send an DHCPNA to clients if they have a host statement and retain this dynamic range?

  Read the article

• OpenVPN with MacOS X Client and same subnets in local and remote net.

  - by Daniel

  I have a homenetwork 192.168.1.0/24 with gteway 192.168.1.1 and a remote network with the same parameters. Now I want to create a OpenVPN tunnel between those networks. I have no problems with Windows, because Windows routes everything to 192.168.1.0/24 except 192.168.1.1 throught the tunnel. On MacOS X however I see the folling line in the Details window: 2010-05-10 09:13:01 WARNING: potential route subnet conflict between local LAN [192.168.1.0/255.255.255.0] and remote VPN [192.168.1.0/255.255.255.0] When I list the routes I get the following: Internet: Destination Gateway Flags Refs Use Netif Expire default 192.168.1.1 UGSc 13 3 en1 127 localhost UCS 0 0 lo0 localhost localhost UH 12 3589 lo0 169.254 link#5 UCS 0 0 en1 192.168.1 link#5 UCS 1 0 en1 192.168.1.1 0:1e:e5:f4:ec:7f UHLW 13 17 en1 1103 192.168.1.101 localhost UHS 0 0 lo0 192.168.6 192.168.6.5 UGSc 0 0 tun0 192.168.6.5 192.168.6.6 UH 1 0 tun0 My Interfaces are en1 - My local Wifi network tun0 - The tunnel interface As can be seen from the routes above there is no entry for 192.168.1.0/24 that routes the traffic through the tunnel interface. When I manually route a single IP like 192.168.1.16 over the tunnel gateway 192.168.6.6, this works. Q: How do I set up my routes in MacOS X for the same behaviour as on windows, to route everything except 192.168.1.1 through the tunnel, but leave the default gateway to be my local 192.168.1.1 ?

  Read the article

• ipmi - can't ping or remotely connect

  - by Fidel

  I've tried configuring the IPMI controller to accept remote connections, but I can't even ping it. Here is it status: #/usr/local/bin/ipmitool lan print 2 Set in Progress : Set Complete Auth Type Support : NONE PASSWORD Auth Type Enable : Callback : : User : NONE PASSWORD : Operator : PASSWORD : Admin : PASSWORD : OEM : IP Address Source : Static Address IP Address : 192.168.1.112 Subnet Mask : 255.255.255.0 MAC Address : 00:a0:a5:67:45:25 IP Header : TTL=0x40 Flags=0x40 Precedence=0x00 TOS=0x10 BMC ARP Control : ARP Responses Enabled, Gratuitous ARP Enabled Gratituous ARP Intrvl : 8.0 seconds Default Gateway IP : 192.168.1.1 Default Gateway MAC : 00:00:00:00:00:00 802.1q VLAN ID : Disabled 802.1q VLAN Priority : 0 RMCP+ Cipher Suites : 0,1,2,3 Cipher Suite Priv Max : uaaaXXXXXXXXXXX : X=Cipher Suite Unused : c=CALLBACK : u=USER : o=OPERATOR : a=ADMIN : O=OEM # /usr/local/bin/ipmitool user list 2 ID Name Enabled Callin Link Auth IPMI Msg Channel Priv Limit 1 true false true true USER 2 admin true false true true ADMINISTRATOR # /usr/local/bin/ipmitool channel getaccess 2 2 Maximum User IDs : 5 Enabled User IDs : 2 User ID : 2 User Name : admin Fixed Name : No Access Available : callback Link Authentication : enabled IPMI Messaging : enabled Privilege Level : ADMINISTRATOR # /usr/local/bin/ipmitool channel info 2 Channel 0x2 info: Channel Medium Type : 802.3 LAN Channel Protocol Type : IPMB-1.0 Session Support : multi-session Active Session Count : 0 Protocol Vendor ID : 7154 Volatile(active) Settings Alerting : disabled Per-message Auth : disabled User Level Auth : disabled Access Mode : always available Non-Volatile Settings Alerting : disabled Per-message Auth : disabled User Level Auth : disabled Access Mode : always available # /usr/local/bin/ipmitool chassis status System Power : on Power Overload : false Power Interlock : inactive Main Power Fault : false Power Control Fault : false Power Restore Policy : unknown Last Power Event : Chassis Intrusion : inactive Front-Panel Lockout : inactive Drive Fault : false Cooling/Fan Fault : false # arp Address HWtype HWaddress Flags Mask Iface 192.168.1.112 ether 00:A0:A5:67:45:25 C bond0 # /usr/local/bin/ipmitool -I lan -H 192.168.1.112 -U admin -P admin chassis power status Error: Unable to establish LAN session Unable to get Chassis Power Status In summary. It exists on the ARP list so arp's are being broadcast. I can't ping it and can't connect to it. Can anyone spot any glaring mistakes in the configuration? Many thanks, Fidel

  Read the article

• How to set up port forwarding on a dedicated server running CentOS 5.4 to use Ubuntu 9.0.4

  - by mairtinh

  The basic situation that I have is a dedicated server running CentOS 5.4 At the moment I have one VM running Ubuntu 9.0.4. Later on, I will want to add another VM running Windows Server 2003 but at the moment I am focusing on getting Ubuntu up and running. The Ubuntu installation is working fine but I'm seriously struggling to get port forwarding working so that I can access websites to be hosted on the Ubuntu VM. As a newbie to Linux, I am confused about the relationship between IPTables and VMWare's own port forwarding. Here's what I've tried so far. The IP of my server is xxx.xxx.xxx.xxx and the provider support have told me that the subnet mask is 255.255.255.0, the gateway address is xxx.xxx.xxx.1 and the network address is xxx.xxx.xxx.0. (Those latter two surprise me a bit, I expected private gateway/network address rather than public ones.) First of all I tried Bridged Networking but had no success at all in communicating with the machine other than through the VMware console. I tried pinging it from the host (using ssh into the host) but no joy; also no Inernet access from the VM. I changed the interfaces configuration from DHCP to Static, using a static address of 192.168.1.100 and setting the gateway to xxx.xxx.xxx.1 as advised by the provider. No real difference, still cannot ping the guest from the host or vice versa and no Internet access from the guest. Then I tried NAT. The host automatically set the IP address to 192.168.132.128 with a gateway of 192.168.132.2 Now the guest has Internet access out and when I do a VNC to the host and open Firefox with 192.168.132.128 I can see the hosted website okay but I still cannot get into it from outside. I mentioned that I'm a bit confused about IPtables and VMware port forwarding, what I meant is that I'm not sure whether IPtable forwarding should be set to the IP address of the guest interface (192.168.132.128 in this case) or the gateway address 192.168.132.2 . I have a feeling that I'm missing something very simple here, can anybody tell me what it is?

  Read the article

• how would it be possible to discover a cable modem's MAC remotely?

  - by amateurenthusiast

  i was reading the back archives of a canadian privacy law blog, and he linked to a judicial decision. apparently as part of an investigation in which were used yahoo chat and google's old 'hello' image trading program the officer was able to determine a suspect's modem's MAC address: In order to determine who STEPHTOSH was, the officer did a trace on a programme called WHO IS in an effort to learn from where STEPHTOSH was coming. WHO IS is a command program available to the public. The officer was able to ascertain that the person using the name STEPHTOSH was a Rogers Internet customer. The officer was able to obtain the Internet Protocol address, also known as the I.P. There is only one location for an I.P., which is unique to that subscriber. By use of the website known as DNS STUFF.com, one is able to find with which company this I.P. is registered. It was ascertained that the I.P. address used by STEPHTOSH was registered to Rogers Cable, from the Toronto area. The officer also learned the Cable Modem MAC address used by STEPHTOSH. This was all the information the officer was able to amass. now it was my understanding that the MAC address of any given device can only be accessed if you're only one 'hop' away on the Internet. the suspect in question was in Markham and the officer part of the Toronto Police, so it's conceivable that they both might have used Rogers internet. but would that still put them only one 'hop' away from each other? i thought the first hop after the modem was usually the ISP? and if he'd used a netBIOS query against this guy's machine it would return the ethernet card's MAC, not the modem's. so is this guy on the same rogers subnet as the suspect's cable modem, is that functionality part of google's Hello (i could only think that it would be possible if Hello operated as a virtual LAN or something), does the officer have remote access to the arp caches of the routers at Rogers or is he just full of crap and lying to make his case stronger?

  Read the article

• Any non-custom way to manage iptables with fail2ban and libvirt+kvm?

  - by Peter Hansen

  I have an Ubuntu 9.04 server running libvirt/kvm and fail2ban (for SSH attacks). Both libvirt and fail2ban integrate with iptables in different ways. Libvirt uses (I think) some XML config and during startup (?) configures forwarding to the VM subnet. Fail2ban installs a custom chain (probably at init) and periodically modifies it to ban/unban probable attackers. I also need to install my own rules to forward various ports to servers running in VMs and on other machines, and set up rudimentary security (e.g. drop all INPUT traffic except the few ports I want open), and of course I'd like the ability to add/remove rules safely without restarting. It seems to me iptables is a powerful tool that's sorely lacking some sort of standardized way of juggling all this stuff. Every project, and every sysadmin, seems to do it differently! (And I think there's lots of "cargo cult" admin going on here, with people cloning crude approaches like "use iptables-save like so".) Short of figuring out the gory details of exactly how both of these (and potentially other) tools manipulate the netfilter tables, and developing my own scripts or just manually executing iptables commands, is there any way to safely work with iptables while not breaking the functionality of these other tools? Any nascent standards or projects defined to bring sanity to this area? Even a helpful web page I missed that might cover at least these two packages together?

  Read the article

• How to remove static IP from Mitel 5312 and enable DHCP

  - by jimbo

  I'm not sure this is the right forum for this question -- although I'm confident I'll be told if not! -- but I've read the fine manual (at least, such a manual as I have), I've googled and I cannot get any insight into where to even start solving this problem. I have a bunch of Mitel 5312 handsets, talking to a 3300 ICP controller. Some handsets are at a remote location, get an address from my DHCP server over there, and use the Mitel "Teleworker" extension to connect in over the Internet. The remaining handsets were set up with static IPs by a BT-supplied engineer, on the same subnet as the ICP itself. So far, so good. I have one remaining teleworker licence, and need to move a handset from the home location to the remote. I've managed to boot it and configure teleworker, but I cannot for the life of me see where I tell it to forget its static IP, and make a DHCP request. Any ideas? Should I be looking on the controller, or holding magic combinations of buttons on the handset itself? EDIT: Following some advice from Robert, below, I've broken out a spare device and reassigned the profile for this user's extension to the MAC of the new phone, and a new profile to the old MAC. Unfortunately this still doesn't get me anywhere -- the new handset now asks for the teleworker install password. I suspect I'm going to have to get a Mitel engineer involved here, since I've never been given that password... Unless anyone has any great ideas?

  Read the article

< Previous Page | 29 30 31 32 33 34 35 36 37 38 39 40  | Next Page >