Search Results

Search found 3293 results on 132 pages for 'comodo firewall'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 36/132 | < Previous Page | 32 33 34 35 36 37 38 39 40 41 42 43  | Next Page >

  • Amazon EC2 Socket connection not being accepted

    - by Joseph
    I am trying to run a java application on my EC2 instance. The application accepts socket connections on port 54321. If I try and connect to it, it times out. My Security Group is set as: TCP Port (Service) Source Action 21 0.0.0.0/0 Delete 22 (SSH) 0.0.0.0/0 Delete 80 (HTTP) 0.0.0.0/0 Delete 20393 0.0.0.0/0 Delete 54321 0.0.0.0/0 Delete Is there anything else I need to do? # iptables -nvL Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination # iptables -nvL -t nat Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination #

    Read the article

  • blocking port 80 via iptables

    - by JoyIan Yee-Hernandez
    I'm having problems with iptables. I am trying to block port 80 from the outside, basically plan is we just need to Tunnel via SSH then we can get on the GUI etc. on a server I have this in my rule: Chain OUTPUT (policy ACCEPT 28145 packets, 14M bytes) pkts bytes target prot opt in out source destination 0 0 DROP tcp -- * eth1 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 state NEW,ESTABLISHED And Chain INPUT (policy DROP 41 packets, 6041 bytes) 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 state NEW,ESTABLISHED Any guys wanna share some insights?

    Read the article

  • SSH Tunnel doesn't work in China

    - by Martin
    Last year I was working in China for a few months. I never bothered setting up a real VPN, but just created a SSH tunnel, and changed my browsers proxy settings to connect through it. Everything worked great (except flash of course) but that was fine. However, now I'm back in China but I'm having problems with this approach. I do the same thing as last time, and according to https://ipcheckit.com/ my IP address is indeed the IP of my (private) server in the US, and I'm logging in to my server using a fingerprint I created long before going to China so no MITM should be possible. Furthermore the certificate from ipcheckit.com is from GeoTrust - so everything should be OK However, I still can't access sites which are blocked in China. Any idea how this could be possible?

    Read the article

  • Reverse web proxy with time constraints

    - by user2893458
    I have a web application which produces several unique URLs of the type http://service.company.com/service.html?type=aaaa&key=jfiZm6u6cW where the last part is a randomly generated key. Each such URL provides access to an instance of the service provided. I am looking for a way to restrict access to those URLs based on time constraints, as an example URL#1 should be available between 8:00AM and 10:00AM on May 30, URL#2 should be available between 10:30AM and 12:00PM on May 31, and so on. I already have a resource scheduling application based on Drupal and would like to find a way to include those URLs as scheduled resources. The web application is deployed on Apache Tomcat, so I don't have the knowledge or the resources to alter it, therefore I thought that I could put some sort of reverse proxy in front of the web app that could implement the time constraint feature. In my thoughts the reverse proxy would allow or disallow access to each URL based on the rules that my scheduling application would provide. There may be other ways to deliver such a solution, but I can't think of anything better, so the question is: is there a reverse web proxy architecture that could allow access to the destination URLs based on time and date rules? Any other ideas are more than welcome.

    Read the article

  • Mirror network packets from WiFi to Ethernet in an ASUS Router RT N53

    - by fazineroso
    I have an ASUS RT N53 router, running the default firmware (Linux 2.6.22 with busybox and uclibc). I need to capture data packets from some Wi-Fi devices I have connected to that router (iPad and some smartphones), but the router is not forwarding any package coming from Wi-Fi devices to the Ethernet Ports. Any idea how can I proceed? Available tools in the router are iptables (no tee option, though), ebtables, brctl... Currently the ethernet and Wifi devices are forming a bridge: # brctl show bridge name bridge id STP enabled interfaces br0 8000.50465dc06be2 no vlan0 eth1 No ebtables rules: # ebtables -L Bridge table: filter Bridge chain: INPUT, entries: 0, policy: ACCEPT Bridge chain: FORWARD, entries: 0, policy: ACCEPT Bridge chain: OUTPUT, entries: 0, policy: ACCEPT

    Read the article

  • Cisco FWSM -> ASA upgrade broke our mail server

    - by Mike Pennington
    We send mail with unicode asian characters to our mail server on the other side of our WAN... immediately after upgrading from a FWSM running 2.3(2) to an ASA5550 running 8.2(5), we saw failures on mail jobs that contained unicode. The symptoms are pretty clear... using the ASA's packet capture utility, we snagged the traffic before and after it left the ASA... access-list PCAP line 1 extended permit tcp any host 192.0.2.25 eq 25 capture pcap_inside type raw-data access-list PCAP buffer 1500000 packet-length 9216 interface inside capture pcap_outside type raw-data access-list PCAP buffer 1500000 packet-length 9216 interface WAN I downloaded the pcaps from the ASA by going to https://<fw_addr>/pcap_inside/pcap and https://<fw_addr>/pcap_outside/pcap... when I looked at them with Wireshark Follow TCP Stream, the inside traffic going into the ASA looks like this EHLO metabike AUTH LOGIN YzFwbUlciXNlck== cZUplCVyXzRw But the same mail leaving the ASA on the outside interface looks like this... EHLO metabike AUTH LOGIN YzFwbUlciXNlck== XXXXXXXXXXXX The XXXX characters are concerning... I fixed the issue by disabling ESMTP inspection: wan-fw1(config)# policy-map global_policy wan-fw1(config-pmap)# class inspection_default wan-fw1(config-pmap-c)# no inspect esmtp wan-fw1(config-pmap-c)# end The $5 question... our old FWSM used SMTP fixup without issues... mail went down at the exact moment that we brought the new ASAs online... what specifically is different about the ASA that it is now breaking this mail? Note: usernames / passwords / app names were changed... don't bother trying to Base64-decode this text.

    Read the article

  • Searching Objects on SonicWALL (NSA 2600, SonicOS 6.1)

    - by Justin Scott
    Ok, this may sound like a dumb question, but does the SonicOS web interface not have a search option for object definitions? One of my clients recently decided to replace their Astaro Security Gateways with SonicWALL firewalls. These sit in front of a small data center full of servers and we have several hundred custom service and address definitions that need to be ported. The SonicOS interface provides a basic list for service and address definitions but no search option to be found. To make it worse, there is no option to list them all on one page (they're paginated 50 at a time) so I can't use the text search on the web browser either. The Astaro units have a nice search option on their definitions so perhaps I just got spoiled by their software. Am I missing something or is there some way to search for an object without paging through the list and finding an entry manually?

    Read the article

  • 1K incoming http post requests per second, each with a 10-50K file

    - by Blankman
    I'm trying to figure out what kind of server setup I will need to support: 1K http post requests per second each post will contain a xml file between 5-50K (average of 25 kilobytes) Even if I get a 100 Mb/s connection with my dedicated box (they usually give 10 Mb/s but you can upgrade), from my calculations that is about 12K kb/s which means about 480 25kb files per second. So this means I need around 3 servers then, each with 100 Mb/s connection. Would a single server running HAProxy be able to redirect the requests to other servers or does this mean I need to get something else that can handle more than 100 Mb/s to proxy things out to the other servers? If my math is off I'd appreciate any corrections you may have.

    Read the article

  • How to control/check CheckPoint rules changes (and another System events)

    - by user35115
    I need to check/control all system events on many CheckPoint FW1 - don't misunderstand - not rules triggering, but events such admins log on, rules changes and etc. I found out that I can make an log export using 2 methods: Grab logs Use special script that redirect Checkpoint log entries to syslog, FW1-Loggrabber But it's not clear for me does such logs also contain information that i need (admins log on, rules changes)? And If yes is it possible to filter events? I also suppose, that if system bases on *nix platform it must be a ploy - use based functions of the system to do what i want. Unfortunately i don't know where to "dig". May be you know? Updated: New info "FW-1 can pipe its logs to syslog via Unix's logger command, and there are third party log-reading utilities" So, the main question is how do my task in the best way? Has anybody already resolved such problem? P.S. I' m new with CheckPoint, so all information will be useful for me. Thank you.

    Read the article

  • Opening ports with IPTables not working - Ubuntu

    - by user41416
    So, I have these rules set in iptables: # iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpts:6850:6999 ACCEPT udp -- anywhere anywhere udp dpts:6850:6999 ACCEPT tcp -- anywhere anywhere tcp dpt:6881 Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Although, the ports are not open :/ here is a telnet attempt: # telnet localhost 6999 Trying 127.0.0.1... telnet: Unable to connect to remote host: Connection refused Any idea why this is happening? Do I need to reboot or do someone to make the changes permanent? Last time I rebooted the rules disappeared from iptables :/

    Read the article

  • Does NAT change the source MAC address?

    - by user44073
    I'm trying to secure my home network but don't really need the complexity of a VPN so I'm trying to figure out other options. I'd like to allow my iPhone remote access to my home servers but I can't depend on the IP address because it changes quite often (due to the 3G network, etc). Can I filter incoming connections on my router (pfsense) by MAC address or does NAT change the source as it's passing through the different routers on the internet?

    Read the article

  • identify a router that cuts certain port

    - by Sergiks
    Is there a way to identify which particular router between me and some server blocks connections on certain port? I am in a hotel in Thailand, where they have recently changed some settings in their equipment, and now I cannot reach any of my servers in Europe and USA by SSH / port 22. More traditional ports like 80 or 21 are open. traceroute command shows each particular router in the middle. But is there a way to identify one that filters out port 22?

    Read the article

  • UFW blocking webrick on port 3000

    - by t Book
    On a ubuntu 10.0.4 server runs redmine. starting webrick with: ./server webrick -e production -b lvps46-173-79-113.dedicated.hosteurope.de -d makes redmine available in browser. as soon as we enable ufw, webrick can´t be accessed anymore. of course we allowed Port 3000 from anywhere ufw allow 3000/tcp ufw allow 3000/udp also a grep for iptables doesn´t show a deny rule iptables -nL | grep 3000 find the whole iptables output here http://pastebin.com/k6WNqdPU checking lsof -ni tcp:2222 tells me ruby is listening on port 3000 ruby 3457 root 5u IPv4 864846667 0t0 TCP 46.173.79.113:3000 (LISTEN) What else can we check? what´s wrong with the ufw rules for port 3000?

    Read the article

  • Configure clients to navigate through specific wan. Pfsense

    - by leandronn
    I have a machine with a pfsense running. It is configured with three ethernet cards. LAN 192.168.2.1/21 WAN1 200.41.X.2/24 WAN2 200.41.X.3/24 ISP Gateway 200.41.X.1 This is a connection with 5 different IP addresses. WAN1 and WAN2 are directly connected to my ISP router. I need a way to configure some clients navigating through WAN1 and some through WAN2. I am new to pfsense so, please, if you can send me some examples to do this. I can add two squids if it is necessary. Thanks a lot.

    Read the article

  • What means empty iptables?

    - by Memochipan
    I'm using CentOS and when type the command: iptables -L -v The output is as follows: Chain INPUT (policy ACCEPT 19614 packets, 2312K bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 13881 packets, 32M bytes) pkts bytes target prot opt in out source destination What does this means I'm able to connect using SSH. Where can I see that rule?

    Read the article

  • Cisco ASA Multiple Public IP

    - by KGDI
    I have a Cisco ASA5510 and articles related to ASA and mulitple Public IP says this cant be done. My question is how to best solve a scenario like this: I have 3 zones, Outside, Inside and DMZ Outside is Internet Inside is Client machines DMZ is a zone for servers related to external and internal services. My scenario is a bit more complex, but to keep things simple this will do: I want to place an Exchange server and a web server (externally reachable in the DMZ zone) The webserver uses both TCP80/443, the Exchange server uses 443 So to the problem: With the ASA only having one public IP, how would you make a DNAT to port 443 on both the internal hosts behind 1 Public IP? Usually, when i do this kind of scenario With Linux boxes i use alias Interfaces like eth0:0, eth0:1 and set 1 Public IP on each. To me this must be a pretty common scenario, any ideas on how to solve it With ASA? /KGDI

    Read the article

  • Set generic iptables rules?

    - by tftd
    This may be a really dumb question but how can you open a port on multiple interfaces without defining the interfaces? For example how do I open port 22 on all interfaces? On my machine I have some interfaces that are dynamic and may or may not be available so I have to set "generic" rules. This code is not working for me but I can't figure out why: # My default policy is to drop the input. # The other policies are required like that. $IPTABLES -P INPUT DROP $IPTABLES -P OUTPUT ACCEPT $IPTABLES -P FORWARD ACCEPT $IPTABLES -t nat -P POSTROUTING ACCEPT $IPTABLES -t nat -P PREROUTING ACCEPT $IPTABLES -t mangle -P OUTPUT ACCEPT $IPTABLES -t mangle -P PREROUTING ACCEPT #Open port 22 on all interfaces ? $IPTABLES -A INPUT -p tcp --dport 22 -j ACCEPT So apparently there's something wrong with the last line... but I can't see it?

    Read the article

  • Should I create a second WAN Interface for a new SSLVPN setup on my Sonicwall 2400?

    - by TheSuperman
    Sonic Wall 2400 I'm setting up a new SSLVPN on our Sonicwall, very new to this. I currently have an exchange server as well, so mail.company.com is directed to our mail server. I'd like to setup a clean link for my low end users, remote.company.com to be for the SSLVPN, but I'm not sure how to do this within the Sonicwall? I setup SSLVPN on port 443. Only 1 WAN setup, on the X1 Interface. We have an A record setup with the same static IP used on the WAN Interface, and is configured for mail.company.com. Should I use a new static IP from our block of usable IP's to create the new Remote.Company.com? If so, I have no idea where to start on this on the Sonicwall? Any suggestions?

    Read the article

  • ip6tables blocking output traffic

    - by jmccrohan
    My OpenVZ VPS is blocking outbound IPv6 traffic, but correctly filtering inbound IPv6 traffic. Below is my ip6tables-restore script. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -i lo -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p ipv6-icmp -j ACCEPT -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT -A INPUT -p udp -m udp --dport 1194 -j ACCEPT -A INPUT -p tcp -m tcp --dport 51413 -j ACCEPT -A INPUT -p udp -m udp --dport 51413 -j ACCEPT -A INPUT -m limit --limit 5/min -A INPUT -j REJECT --reject-with icmp6-adm-prohibited -A FORWARD -j ACCEPT -A OUTPUT -j ACCEPT COMMIT ICMPv6 traffic is still able to pass both inbound and outbound. When I flush these rules using -F, outbound traffic flows fine. What am I missing here? EDIT: It appears that ip6tables is marking ESTABLISHED packets as INVALID. Consequently, the outbound traffic is NOT actually being blocked. The reply packets are not allowed inbound again, hence appearing like blocked outbound traffic. Allowing INVALID packets inbound solves the outbound issue, but also renders the inbound filter useless.

    Read the article

  • Manually Editing iptables

    - by JamesB41
    I'm using CentOS. What I'm wondering is, what happens if I manually edit /etc/sysconfig/iptables and save it? Is that the definitive source? When I type iptables -L I get something that doesn't match the contents of that file. Is there a way I can just edit the chains directly without adding/removing rules one at a time? i.e. open VIM and get everything set up the way I want it and then save. Along those lines, when I do something like iptables -A INPUT , where does that go in the immediate sense? Is it not applied until I do an iptables-save? I feel like I'm just missing an a-ha moment here and I can't seem to find the answer in a search.

    Read the article

  • How can I block access to public server IP for OpenSSH in Debian?

    - by VanDerSpar
    I got a Debian server with a public and a private IP in a DMZ. I need to be able to connect to it through SSH on our private side, and then block all access to the public address. Both /etc/hosts.deny and sshd_config seems to only let one block incoming IP addresses. What I really want is to disable SSH connections for the public IP. I've been trying iptables, but I haven't had luck with that neither. Any help is appreciated.

    Read the article

  • Logging won't stop on log file after renaming/moving it.... how do I stop it?

    - by Jakobud
    Just discovered that logrotate is not rotating our firewall log. So its up to 12g in size. I need to split up the file into smaller chunks and start manually rotating them so I can get things back on track. However before I start splitting the firewall up, I need to stop the firewall from logging to the current firewall log file and force it to start logging to a new empty file. This way I'm not trying to split up or rotate a log file that is still constantly growing. I tried to simply do this: mv firewall firewall.old touch firewall I expected to see the new empty firewall file to start growing in size, but no... the firewall.old is still be logged to. Then I tried to start/stop iptables. No change. firewall.old is still the log file. I tried to move it to another directory. That didn't help. I tried to stop iptables, then change the filename and create a new firewall file and then start iptables again, but no change. How do I stop the logging on this file and force it to start logging on a new file?

    Read the article

  • Logging won't stop on log file after renaming/moving it.... how do I stop it?

    - by Jakobud
    Just discovered that logrotate is not rotating our firewall log. So it's up to 12G in size. I need to split up the file into smaller chunks and start manually rotating them so I can get things back on track. However before I start splitting the firewall up, I need to stop the firewall from logging to the current firewall log file and force it to start logging to a new empty file. This way I'm not trying to split up or rotate a log file that is still constantly growing. I tried to simply do this: mv firewall firewall.old touch firewall I expected to see the new empty firewall file to start growing in size, but no... the firewall.old is still be logged to. Then I tried to start/stop iptables. No change. firewall.old is still the log file. I tried to move it to another directory. That didn't help. I tried to stop iptables, then change the filename and create a new firewall file and then start iptables again, but no change. How do I stop the logging on this file and force it to start logging on a new file?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 32 33 34 35 36 37 38 39 40 41 42 43  | Next Page >