Search Results

Search found 3844 results on 154 pages for 'firewall bypass'.

Page 36/154 | < Previous Page | 32 33 34 35 36 37 38 39 40 41 42 43  | Next Page >

• How to configure an isa server to allow a OPENvpn client to connect to an outside server?

  - by rmarimon

  I'm trying to configure an ISA server (not really my area of expertise) to allow an openvpn client (in the lan) access to an outside openvpn server (in the wan). The openvpn configuration I'm using has worked everywhere. In fact if I take the client outside the lan where the isa server is located, it works perfectly. Inside the isa server lan nothing. The question is what configuration do I need to put on the isa server to allow openvpn traffic to go through?

  Read the article

• Redirection of outbound UDP port NTP.

  - by pboin

  For my residential service, I changed ISPs to Zoom/Armstrong. Just after that, my NTP daemons stopped working. I dug deep and diagnosed the problem: Unprivileged ports are getting out. When i run 'ntpdate' for example, I go out on a high, unprivleged port, and get a response on UDP 123. That's fine. The 'ntpd' daemon though, expects to go out on 123 and get its reply there as well. This must be a common problem, because it's directly addressed in the NTP troubleshooting guide. Just to see what would happen, I wrote a detailed email to the general support address at Armstrong. They replied almost immediately with a complete technical answer! They have everything <1024 blocked, except for a few ports to support outbound VPN. So, the question: Can I use IPtables to essentially re-write my outbound UDP 123 up to 2123 or something like that? If I do, does there need to be a corresponding 2123-123 rule to translate the reply? This seems like NAT, but with ports, not addresses. True, I could run ntpdate from cron, but that loses all of the adjustment smarts of NTP.

  Read the article

• VLAN ACLs and when to go Layer 3

  - by wuckachucka

  I want to: a) segment several departments into VLANs with the hopes of restricting access between them completely (Sales never needs to talk to Support's workstations or printers and vice-versa) or b) certain IP addresses and TCP/UDP ports across VLANS -- i.e. permitting the Sales VLAN to access the CRM Web Server in the Server VLAN on port 443 only. Port-wise, I'll need a 48-port switch and another 24-port switch to go with the two existing 24-port Layer 2 switches (Linksys); I'm looking at going with D-Links or HP Procurves as Cisco is out of our price range. Question #1: From what I understand (and please correct me if I'm wrong), if the Servers (VLAN10) and Sales (VLAN20) are all on the same 48-port switch (or two stacked 24-port switches), afaik, the switch "knows" what VLANs and ports each device belongs to and will switch packets between them; I can also apply ACLs to restrict access between VLANs at this point. Is this correct? Question #2: Now lets say that Support (VLAN30) is on a different switch (one of the Linksys) switches. I'm assuming I'll need to trunk (tag) switch #2's VLANs across to switch #1, so switch #1 sees switch #2's VLAN30 (and vice-versa). Once Switch #1 can "see" VLAN30, I'm assuming I can then apply ACLs as stated in Question #1. Is this correct? Question #3: Once Switch #1 can see all the VLANs, can I achieve the seemingly "Layer 3" ACL filtering of restricting access to Server VLAN on only certain TCP/UDP ports and IP addresses (say, only permitting 3389 to the Terminal Server, 192.168.10.4/32). I say "seemingly" because some of the Layer 2 switches mention the ability to restrict ports and IP addresses through the ACLs; I (perhaps mistakenly) thought that in order to have Layer 3 ACLs (packet filtering), I'd need to have at least one Layer 3 switch acting as a core router. If my assumptions are incorrect, at which point do you need a Layer 3 switch for inter-VLAN routing vs. inter-VLAN switching? Is it generally only when you need that higher-level packet filtering ability between your departments?

  Read the article

• Web service not accessible from behind corporates firewalls - how come?

  - by Niro

  We run a Saas serving a widget which is embedded in customer websites. The service include static javascript code hosted on amazon S3 and dynamic part hosted on EC2 with Scalr (using scalr name servers). We received some feedback from users behind corporate firewalls that they cant access our service (while they can access the sites including the widget). This does not make sense to me since the service is using normal http calls on port 80 and our URL is quite new without any reason to be banned by firewalls. My questions are: 1. Why is the service is not accessible and what can I do about it? 2. Is it possible that one of the following is blocked by corporate firewalls: Amazon s3, the dynamic IP address provided by amazon, Scalr name servers. Any other possible reasons, way to check them and remedies for this? Thanks!

  Read the article

• Iptables rule creation error: No chain/target/match by that name

  - by MikO

  I'm trying to create my first VPN on a VPS with CentOS 6, following this tutorial. When I have to create an iptables rule to allow proper routing of VPN subnet, with this command: iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE It throws this error: iptables: No chain/target/match by that name I was searching and I've found that this error is usually thrown when you misspell something, but as far as I understand, the rule is correct...

  Read the article

• Ubuntu 12.04 open port 80 inside WLAN

  - by Eduard

  I have an nginx server running on ubuntu 12.04 that serves http through port 80 and https through port 443. Everything works fine if I access it from the same computer via localhost, 127.0.0.1 or the local IP 192.168.0.11. If I try to access the server from another computer in the same VLAN it does not work for http; it works for https. I have changed my nginx configuration to also listen to port 8000 for http; I can then access http from the other computer in the same VLAN via "http://192.168.0.11:8000". I also have a web server running on port 80 on a windows machine and can access it from another device in the same VLAN, therefore the router is not blocking incoming http traffic. The nginx process is run by root. I have used tcpdump and I see that packets are arriving to Ubuntu: 192.168.0.16.49735 192.168.0.11.80 and that some response is being given 192.168.0.11.80 192.168.0.16.49735 (I do not know what the response is though). There is no request arriving at the nginx web server (I have checked the access log). I have iptables empty. I have unsuccessfully tried to find a solution for a long time to this, it has now become a matter of happiness or bitterness :).

  Read the article

• iptables and snatting to different networks

  - by codingfreak

  linuxbox (p.q.r.t) | | INTERNAL ------ ABCD ----- INTERNET (p.q.r.s) (m.n.o.k) ABCD has 3 interfaces connected to linuxbox, INTERNAL N/W, INTERNET. Linuxbox has a private address (p.q.r.t). At present I am snatting the packets from linuxbox to INTERNET at ABCD. I have a small doubt regarding the FTP from linuxbox since I have to support ftp from linuxbox to both INTERNAL N/W as well as in INTERNET. How can I right a rule in iptables present in ABCD where it can decide if the destination ip-address of ftp server is within INTERNAL N/W or in INTERNET and do natting accordingly.

  Read the article

• How to configure Amazon Security Groups to achieve multi-tier architecture?

  - by ks78

  What is the preferred way to configure Amazon Security Groups to achieve a multi-tier architecture? Each of my instances has its own Security Group, which I only want to use for rules specific to an instance. I'd like to keep any rules which apply to multiple instances in a separate Security Group, which can then be assigned to instance Security Groups as necessary. As an example, I've setup a group called "admin", which allows administrative access from my IP. I added the "admin" group as the source to each of my instance security groups. However, I still can't access the instances from my IP without adding the rules directly to the instance's group. Am I missing something? Although it seems a multi-tier security architecture should be possible, it doesn't seem to be working.

  Read the article

• Windows Server 2008: Limit UDP/TCP packets per IP or ban

  - by WBAR

  How I can limit UDP/TCP packets per IP send to my host (or better PORT) per second or minute ? Would be nice to ban that IP for 12/24 hours or even for ever. I got Windows Server 2008 and I'm very poor in Windows administration but quite good in Linux. EDIT: By basic problem is that They sending a lot of rubbish UPD and TCP packets.. TCP packets without SYNCH, fragmented UDP packets so my servers stop responding.. So I need to cut off users (IPs) sending more than X packets per second. I need solution witch provides me, somehow, configurable: X packets of certain type (UDP, TCP or both - lets say parameter named Z ) are allowed to be received by IP on Y port, otherwise this packet should be DROPPED. My virtual hosts are hosted by VirtualBox and I'm able to forward all incoming packets certain type and certain port to the specific Virtual Host, but I need to DROP them before my VirtualBox receive them.

  Read the article

• Recommendation for a non-standard SSL port

  - by onurs

  Hey guys, On our server I have a single IP, and need to host 2 different SSL sites. Sites have different owners so have different SSL certificates, and can't share the same certificate with SAN. So as a last resort I have modified the web application to give the ability to use a specified port for secure pages. For its simple look I used port 200. However I'm worried about some visitors may be unable to see the site because of their firewalls / proxies blocking the port for ssl connections. I heard some people were unable to see the website, a home user and someone from an enterprise company, don't know if this was the reason. So, any recommendations for a non-standard SSL port number (443 is used by the other site) which may work for visitors better than port 200 ? Like 8080 or 8443 perhaps? Thanks!

  Read the article

• error: "net.netfilter.nf_conntrack_acct" is an unknown key

  - by anonymous

  Hello, i have the next error when i run 'sysctl -p' error: "net.netfilter.nf_conntrack_acct" is an unknown key net.netfilter.nf_conntrack_acct = 1 net.ipv4.netfilter.ip_conntrack_max = 9527600 net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 7200 lsmod ipv6 289352 34 loop 19724 0 nf_conntrack_ipv4 19352 0 nf_conntrack 71440 1 nf_conntrack_ipv4 joydev 15232 0 evdev 14592 0 ext3 125456 3 jbd 54696 1 ext3 mbcache 13188 1 ext3 raid1 24832 4 md_mod 81700 5 raid1 thermal_sys 17728 0 Debian 5.0.8 Any idea? Thanks

  Read the article

• Changing Internet connection on ISA Server 2000

  - by garyb32234234

  Hi We are getting a new internet connection installed and will need to unplug the old one and connect this to our ISA Server 2000. Will this be a simple swap out job? We will be given a new ip, which i know i will have to enter into the external network card TCP/IP page. I will also be given the default gateway to enter. The ISP engineer said we may have to reset the ARP? cache, if we dont know how we will have to reset the ISA server? Has anyone any experience? The current connection is with the same ISP but it was owned by the business park were we are located and they linked up an ethernet port to what i assume is their own router. Hope you can help, i know that ISA 2000 is somewhat less easy to use than the newer versions.

  Read the article

• Which is prefered internet security + Antivirus solution for Windows, with good detection rate? [clo

  - by metal gear solid

  Possible Duplicate: Free antivirus solutions for Windows Which is the best internet security + Antivirus solution for Windows? free/opensource or commercial it doesn't matter I need best solution. Is Kaspersky best ? or any other? http://www.kaspersky.com/kaspersky_internet_security Award-winning technologies in Kaspersky Internet Security 2010 protect you from cybercrime and a wide range of IT threats: * Viruses, Trojans, worms and other malware, spyware and adware * Rootkits, bootkits and other complex threats * Identity theft by keyloggers, screen capture malware or phishing scams * Botnets and various illegal methods of taking control of your PC or Netbook * Zero-day attacks, new fast emerging and unknown threats * Drive-by download infections, network attacks and intrusions * Unwanted, offensive web content and spam

  Read the article

• Is there any way to set up a malware-blocking transparent proxy on an Airport Extreme?

  - by Chris R

  I'd like to add some kind of easily-administered transparent HTTP proxy to my home network. Ideally, it would allow me to, for example, redirect web requests to blacklisted servers into nothing, block certain kinds of content, et al. My home network at the moment consists of a mac mini media server that could -- if the load wasn't huge -- fill this role as well, an Airport Extreme, and a mac laptop that is my main machine. I'm reasonably technically savvy, so don't spare the complicated answers.

  Read the article

• How can I make my livebox route to my external IP address for a computer in the DMZ?

  - by Noli

  I have a sagem livebox 2 (Fiber optic model), and have placed my computer in a DMZ. People from outside of my network can access my comp fine via its external dyndns.org address, yet when I try to call the public dyndns.org address from inside my network, I get redirected to the internal admin site on the router. How can I make it so that I can see my comp from the public address like everyone else? What kinds of questions should I be asking or looking into? Thanks

  Read the article

• Auto Forward mails to gmail from Outlook

  - by Jaison

  I have a highly secured computer windows server 2003 where my outlook express is configured, i want to forward all the mails coming from Outlook to gmail. I put some auto forward rule in outlook but its not working. (May be auto forwarding is disabled). I can forward mails manually. Is there anyway to get rid off this problem?

  Read the article

• iptables -- OK, **now** am I doing it right?

  - by Agvorth

  This is a follow up to a previous question where I asked whether my iptables config is correct. CentOS 5.3 system. Intended result: block everything except ping, ssh, Apache, and SSL. Based on xenoterracide's advice and the other responses to the question (thanks guys), I created this script: # Establish a clean slate iptables -P INPUT ACCEPT iptables -P FORWARD ACCEPT iptables -P OUTPUT ACCEPT iptables -F # Flush all rules iptables -X # Delete all chains # Disable routing. Drop packets if they reach the end of the chain. iptables -P FORWARD DROP # Drop all packets with a bad state iptables -A INPUT -m state --state INVALID -j DROP # Accept any packets that have something to do with ones we've sent on outbound iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT # Accept any packets coming or going on localhost (this can be very important) iptables -A INPUT -i lo -j ACCEPT # Accept ICMP iptables -A INPUT -p icmp -j ACCEPT # Allow ssh iptables -A INPUT -p tcp --dport 22 -j ACCEPT # Allow httpd iptables -A INPUT -p tcp --dport 80 -j ACCEPT # Allow SSL iptables -A INPUT -p tcp --dport 443 -j ACCEPT # Block all other traffic iptables -A INPUT -j DROP Now when I list the rules I get... # iptables -L -v Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 DROP all -- any any anywhere anywhere state INVALID 9 612 ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED 0 0 ACCEPT all -- lo any anywhere anywhere 0 0 ACCEPT icmp -- any any anywhere anywhere 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:ssh 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:http 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:https 0 0 DROP all -- any any anywhere anywhere Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 5 packets, 644 bytes) pkts bytes target prot opt in out source destination I ran it and I can still log in, so that's good. Anyone notice anything major out of wack?

  Read the article

• How to configure Amazon Security Groups to achieve multi-tier architecture?

  - by ks78

  What is the preferred way to configure Amazon Security Groups to achieve a multi-tier architecture? Each of my instances has its own Security Group, which I only want to use for rules specific to an instance. I'd like to keep any rules which apply to multiple instances in a separate Security Group, which can then be assigned to instance Security Groups as necessary. As an example, I've setup a group called "admin", which allows administrative access from my IP. I added the "admin" group as the source to each of my instance security groups. However, I still can't access the instances from my IP without adding the rules directly to the instance's group. Am I missing something? Although it seems a multi-tier security architecture should be possible, it doesn't seem to be working.

  Read the article

• ASA 5505 8.4 open ports for subnet

  - by fwrawx

  I have an ASA 5505 running 8.4 with its outside interface plugged into our internal network. I want to open up access to hosts on one of the vlans behind that ASA to hosts on our internal network. I was just starting to grasp NAT on our older PIX but the ASA 8.4 has me confused now. Given a clean ASA with an outside vlan of 10.0.0.1/24 and test vlan of 10.0.1.1/24 what's the basic configuration needed to allow any hosts on the outside network to have access to any of the hosts on the test network?

  Read the article

• Shorewall SHOW DYNAMIC command doesn't work

  - by Andrew Burns

  Setting up shorewall dynamic zones, http://shorewall.net/Dynamic.html shows the command shorewall show dynamic zone where zone is one of your zones. I can get the add and delete commands to work, but not the show dynamic command. Here is a shell session, with output from ipset list that proves that the items are indeed there. $ ipset list CPREM_br0 Name: CPREM_br0 Type: hash:ip Header: family inet hashsize 1024 maxelem 65536 Size in memory: 16520 References: 66 Members: 192.168.85.153 $ shorewall add br0:192.168.85.200 CPREM Host br0:192.168.85.200 added to zone CPREM $ shorewall show dynamic CPREM $ ipset list CPREM_br0 Name: CPREM_br0 Type: hash:ip Header: family inet hashsize 1024 maxelem 65536 Size in memory: 16536 References: 66 Members: 192.168.85.153 192.168.85.200 $ shorewall delete br0:192.168.85.200 CPREM Host br0:192.168.85.200 deleted from zone CPREM $ ipset list CPREM_br0 Name: CPREM_br0 Type: hash:ip Header: family inet hashsize 1024 maxelem 65536 Size in memory: 16536 References: 66 Members: 192.168.85.153 I am using the packaged version from Ubuntu 12.04 (4.4.26.1-1)

  Read the article

• Are there other application layer firewalls like Microfot TMG (ISA) that do advanced http rules?

  - by Bret Fisher

  Since the old days ISA and now TMG have had several great features that I often want to deploy to my customers because of the enhanced functionality and security, but often the cost of an additinal server HW, Windows Server, and TMG license is too much to justify when compaired to a $300-500 appliance. Are there other gateway firewalls that can perform one or more of these application layer features: pre-auth incoming http traffic against AD/LDAP before sending packets to internal server (forms auth or basic creds popup)? read host headers of incoming http traffic (even on https) to a single public IP and route packets to different internal servers based on that host header?

  Read the article

• Bridge Intrusion Prevention Vyatta

  - by Steve

  I am trying to create a bridge with ThreatStop, IPS and block a few ports. This bridge will sit in front of my servers. All is working apart from the IPS. I have read the documentation on configuring IPS, I have something configured that it hasn't complained about and nothing is logged so I believe that it isn't working. Is it possible to set-up IPS on a vyatta bridge? Also is it possible to read the logs/events with Snorby? I have also posted this on the Vyatta forums

  Read the article

• ASA5500 series logging for management interface in transparent mode

  - by ANervousTwitch

  i have a cisco asa5520 in transparent mode. the interface is on the same subnet as some windows machines, which are generating a lot of broadcast traffic that is filling up the logs. is there any way to have it not log that its blocking those packets? its a bunch of these messages: "through-the-device packet to from management-only network is denied: udp src..." im also seeing some of those zeroconf requests that id like to drop logging for. i tried to just put a rule on the management interface, but apparently thats not allowed.

  Read the article

• Restrict Computer or Users from Internet but allow access to intranet and Windows Update / ePO?

  - by MoSiAc

  So this may be impossible but I've been asked to try and find something about it. So far nothing I have found is possible. I need to restrict specific machines or user accounts from regular Internet access but let them have access to the intranet portion of our network. I do not have Active Directory control, nor does anyone at my local workplace (corporate control in a different state). I have tried going through IPsec and doing this per local machine, but that system seems to have been removed from the images that are installed on these machines so that is out. So far the only other option I can think of is assigning the machines a specific ip address and removing their gateway access. This would probably work but the machines need to be able to receive updates that are being pushed to them through ePO and LanDesk. I would really like to do this on the user level because then if I need to do tech work to the machine and need internet access I can get to it but a "special" user could login and not be able to get into anything.

  Read the article

• Limiting and redirect port access with useragent

  - by linuxcore

  I'm trying to write iptables string match rule To block http://domain.com:8888 and https://domain.com:8888 when it matches the supplied string in the rule. And another rule to redirect the ports also from 8888 to 7777 I tried following rules but unfortunately didn't work iptables -A INPUT -p tcp -s 0.0.0.0/0 -m string --string linuxcore --algo bm --sport 8888 -j DROP iptables -t raw -A PREROUTING -m string --algo bm --string linuxcore -p tcp -i eth0 --dport 8888 -j DROP iptables -t nat -A PREROUTING -p tcp --dport 8888 -m string --algo bm --string "linuxcore" -j REDIRECT --to-port 7777 iptables -A INPUT -t nat -p tcp --dport 8888 -m string --algo bm --string "linuxcore" -j DROP I want to do this from iptables not the webserver because the server may not have a webserver and those ports are working on internal proxy or something like ..etc

  Read the article

< Previous Page | 32 33 34 35 36 37 38 39 40 41 42 43  | Next Page >