Search Results

Search found 15595 results on 624 pages for 'ip forward'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 36/624 | < Previous Page | 32 33 34 35 36 37 38 39 40 41 42 43  | Next Page >

  • Keep source IP after NAT

    - by John Miller
    Until today I used a cheapy router so I can share my internet connection and keep a webserver online too, while using NAT. Users IP ($_SERVER['REMOTE_ADDR']) was fine, I was seeing class A IPs of users. But as traffic grown up everyday, I had to install a Linux Server (Debian) to share my Internet Connection, because my old router couldn't keep the traffic anymore. I shared the internet via IPTABLES using NAT, but now, after forwarding port 80 to my webserver, now instead of seeing real users IP, I see my Gateway IP (Linux Internal IP) as any user IP Address. How to solve this issue? I edited my post, so I can paste the rules I'm currently using. #!/bin/sh #I made a script to set the rules #I flush everything here. iptables --flush iptables --table nat --flush iptables --delete-chain iptables --table nat --delete-chain iptables -F iptables -X # I drop everything as a general rule, but this is disabled under testing # iptables -P INPUT DROP # iptables -P OUTPUT DROP # these are the loopback rules iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT # here I set the SSH port rules, so I can connect to my server iptables -A INPUT -p tcp --sport 513:65535 --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -p tcp --sport 22 --dport 513:65535 -m state --state ESTABLISHED -j ACCEPT # These are the forwards for 80 port iptables -t nat -A PREROUTING -p tcp -s 0/0 -d xx.xx.xx.xx --dport 80 -j DNAT --to 192.168.42.3:80 iptables -t nat -A POSTROUTING -o eth0 -d xx.xx.xx.xx -j SNAT --to-source 192.168.42.3 iptables -A FORWARD -p tcp -s 192.168.42.3 --sport 80 -j ACCEPT # These are the forwards for bind/dns iptables -t nat -A PREROUTING -p udp -s 0/0 -d xx.xx.xx.xx --dport 53 -j DNAT --to 192.168.42.3:53 iptables -t nat -A POSTROUTING -o eth0 -d xx.xx.xx.xx -j SNAT --to-source 192.168.42.3 iptables -A FORWARD -p udp -s 192.168.42.3 --sport 53 -j ACCEPT # And these are the rules so I can share my internet connection iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE iptables -A FORWARD -i eth0:1 -j ACCEPT If I delete the MASQUERADE part, I see my real IP while echoing it with PHP, but I don't have internet. How to do, to have internet and see my real IP while ports are forwarded too? ** xx.xx.xx.xx - is my public IP. I hid it for security reasons.

    Read the article

  • Windows SMTP Server Outbound IP

    - by Josh
    I have a Windows 2008 server that has three IP bound to the NIC. I can select which IP Windows SMTP listens to, but I want to also set the IP address used when mail is sent. Where would I set which IP to use when sending email?

    Read the article

  • HTTP: can GET and POST requests from a same machine come from different IPs?

    - by NoozNooz42
    I'm pretty sure I remember reading --but cannot find back the links anymore-- about this: on some ISP (including at least one big ISP in the U.S.) it is possible to have a user's GET and POST request appearing to come from different IPs. (note that this is totally programming related, and I'll give an example below) I'm not talking about having your IP adress dynamically change between two requests. I'm talking about this: IP 1: 123.45.67.89 IP 2: 101.22.33.44 The same user makes a GET, then a POST, then a GET again, then a POST again and the servers see this: - GET from IP 1 - POST from IP 2 - GET from IP 1 - POST from IP 2 So altough it's the same user, the webserver sees different IPs for the GET and the POSTs. Surely seen that HTTP is a stateless protocol this is perfectly legit right? I'd like to find back the explanation as to how/why certain ISP have their networks configured such that this may happen. I'm asking because someone asked me to implement the following IP filter and I'm pretty sure it is fundamentally broken code (breaking havoc for at least one major american ISP users). Here's a Java servlet filter that is supposed to protect against some attacks. The reasoning is that: "For any session filter checks that IP address in the request is the same that was used when session was created. So in this case session ID could not be stolen for forming fake sessions." http://www.servletsuite.com/servlets/protectsessionsflt.htm However I'm pretty sure this is inherently broken because there are ISPs where you may see GET and POST coming from different IPs. Any info on this subject is very welcome.

    Read the article

  • ddclient - wont update Invalid Keyword for 'ip' =

    - by stueng
    /etc/ddclient.conf use=web, web=checkip.dyndns.org/, web-skip='IP Address' protocol=easydns ssl=yes server=members.easydns.com login=stueng password='****' home.***.** /var/log/syslog Jun 4 13:02:34 XBMCuntu ddclient[10554]: WARNING: file /var/cache/ddclient/ddclient.cache, line 3: Invalid Value for keyword 'ip' = '' Jun 4 13:02:34 XBMCuntu ddclient[10554]: WARNING: skipping update of home.***.** from <nothing> to 90.193.*.*. Jun 4 13:02:34 XBMCuntu ddclient[10554]: WARNING: last updated <never> but last attempt on Mon Jun 4 13:01:57 2012 failed. Jun 4 13:02:34 XBMCuntu ddclient[10554]: WARNING: Wait at least 5 minutes between update attempts. Help?

    Read the article

  • Sharing one static ip for both ftp and www service

    - by user11496
    Trying to figure out how to update the Zone record and configure webserver so that one application on the webserver is accessible by public. I'm completely not good at NS/DNS/NAT/firewall/routing/port forwarding/networking etc. "faraday" is the intranet name. Everyone within local network can access all applications hosted on "faraday". Hostname for webserver is "www", FTP server is "ftpserver". Both servers running RHEL4 OS. The goal is to allow anyone outside the company network (public) to access only one of the many applications on "faraday". Hope somebody can help me with some of the questions below, if not all. From zoneedit record, the static IP is used by FTP now. Can I use the same existing static IP - 219.95.10.100, for web service? Currently anyone who enter "http://www.abc.com.my" will be directed to "http://www.abc.com". I don't want this to change. Currently, no one else, except employee on local network, can access "faraday" web pages. How to configure so that when anyone type "http://thisapp.abc.com.my" on their web browser, the url will lead them to "http://faraday/thisapp" (application folder is /var/www/html/thisapp on RHEL4 web server). If possible, how to set the URL will continue to show "http://thisapp.abc.com.my" instead of "http://faraday/thisapp" How to limit/restrict user (those who are not from local network) so they only have access to "http://thisapp.abc.com.my", but not "http://faraday" or "http://faraday/anotherapp", etc. What's the configuration changes needed in /etc/httpd.conf on web server? Company domain name is "abc.com.my". Following is the zone records on www.zoneedit.com. Subdomain Type IP sdsl A 219.95.10.100 ftp CNAME sdsl.abc.com.my @ NS ns3.zoneedit.com @ NS ns7.zoneedit.com WebForward record: New Domain Destination Cloaked www.abc.com.my http://www.abc.com N On my local DNS server, there are 2 zone files: abc.com.my and pnmy.abc.com. > cat abc.com.my.zone ftp CNAME ftp.pnmy.abc.com. sdsl A 219.95.10.100 > cat pnmy.abc.com.zone ftp CNAME ftpserver ftpserver A 172.16.5.1 faraday CNAME www www A 172.16.5.2

    Read the article

  • Setup static Ip in virtual box

    - by Haris
    I have as issue i am Ubuntu desktop and i have installed virtual-box(4.1) ISSUE:- Ubuntu 11.10 desktop is my host operating system and on Virtual-box i installed Ubuntu server selecting bridge adapter as my first adapter by default my network interfaces file get ip address by dhcp server but i want to setup an static ip. by changing network interface file to static and gave some static ips my internet stop working on guest operating system(virtual-box - Ubuntu server). Can any one help me how can i setup static on virtual-box so that my internet will work too on my guest operating system. thanks in advance.

    Read the article

  • help redirecting IP address

    - by Alice
    Google has indexed the IP address of my site rather than the domain, so now I'm trying to set up a 301 redirect that will redirect the IP address and all subsequent pages to the domain. I currently have something like this in my .htaccess file (however don't think it's working correctly?): RewriteCond %{HTTP_HOST} ^12.34.567.890 RewriteRule (.*) (domain address)/$1 [R=301,L] I've used various redirect checker tools and keep getting the message: "... not redirecting to any URL or the redirect is NOT SEARCH ENGINE FRIENDLY" Am I doing something wrong or is there something else I should be trying? Thanks! Alice

    Read the article

  • Problems with No-IP redirecting

    - by user171156
    I am setting up a webserver on my ubuntu desktop 13.04, everything is working fine except; When trying to access the server through the external host using no-ip, it gives the original index created by apache on setup. While when I try to connect to the server via my real IP address from externally, it goes to the correct index. I have been trying to figure out what the issue is on this problem as nothing is working because of that bad redirect, I'm wondering if anyone of you could help me out, or advise me in the right path. Thank you very much! PS; If more info needed I'll provide, but this should explain it all.

    Read the article

  • Include multiple IP addresses in Google Analytics

    - by RubenGeert
    I sometimes access my own website from my home/work/girlfriend IP addresses. I'd like to create a filter that includes any of these and nothing else. I thought a custom include filter with a very basic regex should do the trick. The regex I use is 62\.58\.32\.193|77\.172\.143\.12$|213\.125\.166\.98 to include 62.58.32.193 and 77.172.143.12 and 213.125.166.98 and no other IP addresses. I obviously tested it before using it. However, pageviews seem to be stuck at zero even though I did generate internal traffic. Does anybody understand what I'm doing wrong?

    Read the article

  • Powershell Win32_NetworkAdapterConfiguration Not "seeing" PPP Adapter

    - by Ben
    I am trying to get the IP of a PPP VPN network connection, but Win32_NetworkAdapterConfiguration does not seem to "see" it. If I interrogate all adapters using my script, it will see everything but the PPP VPN adapter. Is there a specific filter or something I need to enable, or do I need a different class? My Script: $colItems = Get-wmiobject Win32_NetworkAdapterConfiguration foreach ($objItem in $colItems) { Write-Host Description: $objItem.Description Write-Host IP Address: $objItem.IPAddress Write-Host "" } Script Output: Description: WAN Miniport (SSTP) IP Address: Description: WAN Miniport (IKEv2) IP Address: Description: WAN Miniport (L2TP) IP Address: Description: WAN Miniport (PPTP) IP Address: Description: WAN Miniport (PPPOE) IP Address: Description: WAN Miniport (IPv6) IP Address: Description: WAN Miniport (Network Monitor) IP Address: Description: Intel(R) PRO/Wireless 3945ABG Network Connection IP Address: 192.168.2.5 Description: WAN Miniport (IP) IP Address: ipconfig /all output: PPP adapter My VPN: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : My VPN Physical Address. . . . . . . . . : DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv4 Address. . . . . . . . . . . : 10.1.8.12(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.255 Default Gateway . . . . . . . . . : 0.0.0.0 DNS Servers . . . . . . . . . . . : 10.1.1.3 10.1.1.2 Primary WINS Server . . . . . . . : 10.1.1.2 Secondary WINS Server . . . . . . : 10.1.1.3 NetBIOS over Tcpip. . . . . . . . : Enabled Wireless LAN adapter Wireless Network Connection: Connection-specific DNS Suffix . : Belkin Description . . . . . . . . . . . : Intel(R) PRO/Wireless 3945ABG Network Connection Physical Address. . . . . . . . . : 00-3F-3C-22-22-22 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IPv4 Address. . . . . . . . . . . : 192.168.2.5(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : 25 May 2010 20:33:19 Lease Expires . . . . . . . . . . : 22 May 2020 20:33:17 Default Gateway . . . . . . . . . : 192.168.2.1 DHCP Server . . . . . . . . . . . : 192.168.2.1 DNS Servers . . . . . . . . . . . : 192.168.2.1 NetBIOS over Tcpip. . . . . . . . : Enabled Thanks in advance, Ben

    Read the article

  • Netgear VPN endpoint drops connectivity to single IP address

    - by Justin Bowers
    I'm having a strange issue with one of the networks I manage recently. We have about 14 different networks connected together through a Netgear hardware VPN. Everything has been running fine (other than standard connectivity problems) for a few years now, but I've hit a wall with a problem that's just cropped up at one of the VPN endpoint locations. Our primary VPN network is on the 192.168.1.0/24 subnet and our other 13 networks are on the 192.168.2.0/24 - 192.168.14.0/24 subnets. We run a terminal server on the 192.168.1.0/24 network with IP address 192.168.1.100. Starting Thursday of last week, we had a problem with connectivity of the 192.168.2.0/24 network to 192.168.1.100. When troubleshooting the problem, I found that Network 2 (192.168.2.0/24) still had connectivity to the Internet as well as VPN connectivity to Network 1 (192.168.1.0/24). We could ping and connect to any other device other than the server with IP address 192.168.1.100. Also, none of our networks had an issue accessing 192.168.1.100. I ran a scan on Network 2 after assigning static IP addresses to one of the workstations but received no response from 192.168.1.100 (looking for possibly a new device that someone had plugged into Network 2 that had a duplicate IP address with the server). Asking the staff, noone had reported connecting a new device to Network 2 as well. I then assigned a secondary IP address of 192.168.1.88 to the server and could ping and connect to the secondary IP address from Network 2, but still couldn't access it via 192.168.1.100. I then just rebooted the Netgear VPN Firewall (FVS318v3) and after it came back up, connectivity to 192.168.1.100 was restored. Beforehand, when checking for devices with a possible duplicate IP address, I did run a check for available wireless access points and stations and found none (our wireless is secured via MAC address access control through a WG102 device). I thought that it may have been a fluke for some reason since everything came back up after a power cycle of the VPN Firewall. Things ran fine for a few days until this afternoon, when the problem happened again. One of our users claimed that they had connectivity problems to the server and after connecting to the computer, I found that I couldn't ping the server address anymore. I could still ping the alternate IP address of the server though, so I went ahead and rebooted the VPN firewall again and connectivity was restored. Unfortunately, I can't find anything in the security or VPN logs of the firewall that helps point me in the right direction, so I thought I would go ahead and ask to see if anyone else has any other insight into why we've started having this problem. I am aware that it could still be a device with a duplicate IP address of the server on Network 2, but every employee claim states that there's been no such new device brought in to the network. I know this is a long read, but any help is appreciated! Thanks, Justin

    Read the article

  • Problems forwarding zone to another DNS server.

    - by sebastian nielsen
    I have a authorative DNS server at 83.248.21.18 which are authorative for the domain "finahemgoteborg.se". Now my registrar is requiring me to have 2 DNS servers for the domain, so I would now want the machine 85.228.103.141 just forward all incoming queries for "finahemgoteborg.se" to the 83.248.21.18 server. In the 85.228.103.141 BIND server, I have the following config: zone "finahemgoteborg.se" in { type forward; forwarders {83.248.21.18;}; }; But the problem is that 85.228.103.141 is still responding with "REFUSED" when querying it for example www.finahemgoteborg.se A record. How can I fix it. I do NOT want to set up a master/slave situation, just one nameserver that forwards to a another. Edit The Rest of named.conf: options { directory "/var/cache/bind"; version "none"; allow-recursion {"none";}; minimal-responses no; }; zone "sebn.us.to" in{ type master; file "/etc/bind/sebn.us.to"; }; zone "ns1sebn.us.to" in{ type master; file "/etc/bind/sebn.us.to"; }; zone "ns2sebn.us.to" in{ type master; file "/etc/bind/sebn.us.to"; }; zone "finahemgoteborg.se" in{ type forward; forwarders {83.248.21.18;}; };

    Read the article

  • Wireless router setup for 1-1 NAT

    - by Carlos
    What I have: A linksys router WAG160N with firmware version 2 A "pool" of 5 external static IP's provided by my ISP 213.xx.xxx.n All the required configuration values for the static IPs such as (Subnet Mask, Gateway and static DNS 1, 2, 3) Current WAN Configuration: Encapsulation: RFC 2364 PPPoA Multiplexing: VC QoS type: UBR DSL modulation: MultiMode What's connected to the network: 1 x Server (That I want to make available to the outside) 5 x Desktops with static internal IP's, such as 192.168.0.xx 2 x Network printers, also with internal static IP's 2 x Laptops 1 x NAS (Network Attached Storage) also on static IP What I want to do: I would like to make the server available from outside the network, for example from your house. The problem is that Im not really sure how to do this. I have tried following the steps on the instruction manual in Linksys but they do not seem to work, once I set it up as shown bellow, I loose internet and all hell breaks loose. Going into further detail, I would prefer if the network is changed as little as possible, by this I mean that all the computers stay networked within eachother and only the server is accessible from the outside the network. What I need HELP with: I have read around that it is possible to set a 1-1 NAT (I know where it is in the menu but have no clue what it does...) so that I can NAT a single public IP directly to a single private IP (in our case the server). But please, How do I do that? Or maybe an alternative?

    Read the article

  • Protocol (or service publish/discovery) to detect devices in network

    - by Gobliins
    we connect some embedded devices in a network. What i am looking for now, is a way to find the devices IP and identify them. We work with Windows PC´s and i am about to write a C# tool that should do this. I thought about send a udp broadcast and in the ack i.e. is the device´s ip, which would mean the device needs a daemon runnig to assign an ip itself. Running a service (like a printer) on the device, and on the PC just lookup for the service. I read about some things like apipa, zeroconf, ipv4 local link, bonjour, dns-sd, mdns, bonjour; They can automatically assign ip´s and publish services in a network. My Question is, can someone recommend me what would be good for my task? -The protocol or Service should be low on ressource (memory/cpu usage) use. -Are there some standard protocolls to use? -Is DNS a good idea or would it be to ressource consumpting just for finding a device´s IP? -Should also work when no dhcp servers are around. edit: To clarify a bit: The IP configuration is automatic. The problem to focus is how to tell the PC which IP in the network (or a direct connection in this vase there would only be one) belongs to the device (identity).

    Read the article

  • Cancel page forward/back hotkeys in Firefox with Greasemonkey

    - by Stimulating Pixels
    First the background: In Firefox 3.6.3 on Mac OS X 10.5.8 when entering text into a standard the hotkey combination of Command+LeftArrow and Command+RightArrow jump the cursor to the start/end of the current line, respectively. However, when using CKEditor, FCKEditor and YUI Editor, Firefox does not seem to completely recognize that it's a text area. Instead, it drops back to the default function for those hotkeys which is to move back/forward in the browser history. After this occurs, the text in the editor is also cleared when you return to the page making it very easy to loose whatever is being worked on. I'm attempting to write a greasemonkey script that I can use to capture the events and prevent the page forward/back jumps from being executed. So far, I've been able to see the events with the following used as a .user.js script in GreaseMonkey: document.addEventListener('keypress', function (evt) { // grab the meta key var isCmd = evt.metaKey; // check to see if it is pressed if(isCmd) { // if so, grab the key code; var kCode = evt.keyCode; if(kCode == 37 || kCode == 39) { alert(kCode); } } }, false ); When installed/enabled, pressing command+left|right arrow key pops an alert with the respective code, but as soon as the dialog box is closed, the browser executes the page forward/back move. I tried setting a new code with evt.keyCode = 0, but that didn't work. So, the question is, can this Greasemonkey script be updated so that it prevents the back/forward page moves? (NOTE: I'm open to other solutions as well. Doesn't have to be Greasemonkey, that's just the direction I've tried. The real goal is to be able to disable the forward/back hotkey functionality.)

    Read the article

  • Someone using my website for Email and significant increase in spam

    - by Joy
    Let me give you the background in context so that you know the full story. Last summer my web guy (he put my website together) got in a fight with someone who attempted to register on my site using the name of my company as part of his user name. I was not aware of this at all until it had escalated dramatically. I don't know why my web guy was so unprofessional in his response to this person. I really don't know him - met him via SCORE and have never met in person. He is a vendor. Anyway, this guy who got into it with my web guy then threatened to do all he could to hurt my business and said he was internet savvy, etc. So, nothing seemed to happen for a while then not long ago this guy attempted to send me a friend request on Linkedin. After his behavior I declined it. Shortly afterwards I began seeing a dramatic increase in spammers posting comments on the blog part of my site. Just lately I have been receiving Emails from a variety of names but all with the "@___" that I own - for my business. I had additional security added so now they have to register in order to comment on my blog and I am seeing a lot of registration attempts from the same (and similar) IP addresses with bogus names and weird Email addresses being blocked. So, it is not creating more work as it is all automatic. The Email addresses are of more concern. Is there a way to identify a person through an IP address or a place to report the behavior or the Email usage? This guy lives in South Carolina so he is not overseas. Any help/advice you can provide will be greatly appreciated. Thanks Joy

    Read the article

  • Forward Apache to Django dev server

    - by Alex Jillard
    I'm trying to get apache to forward all requests on port 80 to 127.0.0.1:8000, which is where the django dev server runs. I think I have it forwarding properly, but there must be an issue with 127.0.0.1:8000 not being run by apache? I'm running the django dev server in an ubuntu vmware instance, and I'd other people in the office to see the apps in development without having to promote anything to our actual dev/staging servers. Right now the virtual machine picks up an IP for itself, and when I point a browser to that url with the defualt apache config, I get the default apache page. I've since changed the httpd.conf file to the following to try and get it to forward the requests to the django dev server: ServerName localhost <Proxy *> Order deny,allow Allow from all </Proxy> <VirtualHost *> ServerName localhost ServerAdmin [email protected] ProxyRequests off ProxyPass * http://127.0.0.1:8000 </VirtualHost> All I get are 404s with this, and in error.log I get the following (192.168.1.101 is the IP of my computer 192.168.1.142 is the IP of the virtual machine): [Mon Mar 08 08:42:30 2010] [error] [client 192.168.1.101] File does not exist: /htdocs

    Read the article

  • Forward real IP through Haproxy => Nginx => Unicorn

    - by Hendrik
    How do I forward the real visitors ip adress to Unicorn? The current setup is: Haproxy => Nginx => Unicorn How can I forward the real IP address from Haproxy, to Nginx, to Unicorn? Currently it is always only 127.0.0.1 I read that the X headers are going to be depreceated. http://tools.ietf.org/html/rfc6648 - how will this impact us? Haproxy Config: # haproxy config defaults log global mode http option httplog option dontlognull option httpclose retries 3 option redispatch maxconn 2000 contimeout 5000 clitimeout 50000 srvtimeout 50000 # Rails Backend backend deployer-production reqrep ^([^\ ]*)\ /api/(.*) \1\ /\2 balance roundrobin server deployer-production localhost:9000 check Nginx Config: upstream unicorn-production { server unix:/tmp/unicorn.ordify-backend-production.sock fail_timeout=0; } server { listen 9000 default; server_name manager.ordify.localhost; root /home/deployer/apps/ordify-backend-production/current/public; access_log /var/log/nginx/ordify-backend-production_access.log; rewrite_log on; try_files $uri/index.html $uri @unicorn; location @unicorn { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_redirect off; proxy_pass http://unicorn-production; proxy_connect_timeout 90; proxy_send_timeout 90; proxy_read_timeout 90; } error_page 500 502 503 504 /500.html; client_max_body_size 4G; keepalive_timeout 10; }

    Read the article

  • Linux IPTables / routing issue

    - by Jon
    Hi all, EDIT 1/3/10 22:00 GMT - rewrote some of it after further investigation It has been a while since I looked at IPtables and I seem to be worse than before as I can not seem to get my webserver online. Below is my firewall rules on the gateway server that is running the dhcp server accessing the net. The webserver is inside my network on a static IP (192.168.0.98, default port). When I use Nmap or GRC.com I see that port 80 is open on the gateway server but when I browse to it, (via public URL. http://www.houseofhawkins.com) it always fails with a connection error, (nmap cannot connect and figure out what the web server is either). I can nmap the webserver and browse to it just fine via same IP inside my network. I believe it is my IPTable rules that are not letting it through. Internally I can route all my requests. Each machine can browse to the website and traffic works just fine. I can MSTSC / ssh to all the webservers internally and they inturn can connect to the web. IPTABLE: *EDIT - Added new firewall rules 2/3/10 * #!/bin/sh iptables="/sbin/iptables" modprobe="/sbin/modprobe" depmod="/sbin/depmod" EXTIF="eth2" INTIF="eth1" load () { $depmod -a $modprobe ip_tables $modprobe ip_conntrack $modprobe ip_conntrack_ftp $modprobe ip_conntrack_irc $modprobe iptable_nat $modprobe ip_nat_ftp echo "enable forwarding.." echo "1" > /proc/sys/net/ipv4/ip_forward echo "enable dynamic addr" echo "1" > /proc/sys/net/ipv4/ip_dynaddr # start firewall # default policies $iptables -P INPUT DROP $iptables -F INPUT $iptables -P OUTPUT DROP $iptables -F OUTPUT $iptables -P FORWARD DROP $iptables -F FORWARD $iptables -t nat -F #echo " Opening loopback interface for socket based services." $iptables -A INPUT -i lo -j ACCEPT $iptables -A OUTPUT -o lo -j ACCEPT #echo " Allow all connections OUT and only existing and related ones IN" $iptables -A INPUT -i $INTIF -j ACCEPT $iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT $iptables -A OUTPUT -o $EXTIF -j ACCEPT $iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT $iptables -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT $iptables -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT $iptables -A FORWARD -j LOG --log-level 7 --log-prefix "Dropped by firewall: " $iptables -A INPUT -j LOG --log-level 7 --log-prefix "Dropped by firewall: " $iptables -A OUTPUT -j LOG --log-level 7 --log-prefix "Dropped by firewall: " #echo " Enabling SNAT (MASQUERADE) functionality on $EXTIF" $iptables -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE $iptables -A INPUT -i $INTIF -j ACCEPT $iptables -A OUTPUT -o $INTIF -j ACCEPT #echo " Allowing packets with ICMP data (i.e. ping)." $iptables -A INPUT -p icmp -j ACCEPT $iptables -A OUTPUT -p icmp -j ACCEPT $iptables -A INPUT -p udp -i $INTIF --dport 67 -m state --state NEW -j ACCEPT #echo " Port 137 is for NetBIOS." $iptables -A INPUT -i $INTIF -p udp --dport 137 -j ACCEPT $iptables -A OUTPUT -o $INTIF -p udp --dport 137 -j ACCEPT #echo " Opening port 53 for DNS queries." $iptables -A INPUT -p udp -i $EXTIF --sport 53 -j ACCEPT #echo " opening Apache webserver" $iptables -A PREROUTING -t nat -i $EXTIF -p tcp --dport 80 -j DNAT --to 192.168.0.96:80 $iptables -A FORWARD -p tcp -m state --state NEW -d 192.168.0.96 --dport 80 -j ACCEPT } flush () { echo "flushing rules..." $iptables -P FORWARD ACCEPT $iptables -F INPUT $iptables -P INPUT ACCEPT echo "rules flushed" } case "$1" in start|restart) flush load ;; stop) flush ;; *) echo "usage: start|stop|restart." ;; esac exit 0 route info: Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 5e0412a6.bb.sky * 255.255.255.255 UH 0 0 0 eth2 192.168.0.0 * 255.255.255.0 U 0 0 0 eth1 default 5e0412a6.bb.sky 0.0.0.0 UG 100 0 0 eth2 ifconfig: eth1 Link encap:Ethernet HWaddr 00:22:b0:cf:4a:1c inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: fe80::222:b0ff:fecf:4a1c/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:79023 errors:0 dropped:0 overruns:0 frame:0 TX packets:57786 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:11580918 (11.5 MB) TX bytes:22872030 (22.8 MB) Interrupt:17 Base address:0x2b00 eth2 Link encap:Ethernet HWaddr 00:0c:f1:7c:45:5b inet addr:94.4.18.166 Bcast:94.4.18.166 Mask:255.255.255.255 inet6 addr: fe80::20c:f1ff:fe7c:455b/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:57038 errors:0 dropped:0 overruns:0 frame:0 TX packets:34532 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:21631721 (21.6 MB) TX bytes:7685444 (7.6 MB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:16 errors:0 dropped:0 overruns:0 frame:0 TX packets:16 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:1517 (1.5 KB) TX bytes:1517 (1.5 KB) EDIT OK so as requested I will try and expand on my infrastructure: I previously had it setup with a Sky broadband modem router that did the DHCP and I used its web interface to port forward the web across to the web server. The network looked something like this: I have now replaced the sky modem with a dlink modem which gives the IP to the gateway server that now does the DHCP. It looks like: The internet connection is a standard broadband connection with a dynamic IP, (use zoneedit.com to keep it updated). I have tried it on each of the webservers(one Ubuntu Apache server and one WS2008 IIS7). I think there must also be an issue with my IPTable rules as it can route to my win7 box which has the default IIS7 page and that would not display when I forwarded all port 80 to it. I would be really grateful for any and all help with this. Thanks Jon

    Read the article

  • Preventing out of office storms Exchange 2010, OWA and Auto Forward to a group

    - by Simon McLaren
    In my organization we have a group mailbox for a particular function. The actual function is preformed by 15 - 20 individuals on a rotating basis. The group mailbox serves as a record for all e-mail sent to that function. Individual access to the mailbox is established by adding a user to an A/D group. For convenience, those members of the group would prefer to not have to "check" this group/non-entiyy mailbox. To achieve that, I want to forward all incoming mail to the group mailbox to that group. So far I am not seeing any consistency in the way an out of office response looks in order to build an exception to the forward rule. We have not turned this feature on for the group, instead waiting until we are sure this will not be an issue. How do I preventing out of office replies to the group mailbox from being forwarded to the group? Management of the mailbox is conducted via OWA. Exchange 2010

    Read the article

  • Forward Shibboleth Environment Variables to Tomcat via Apache

    - by Deepak Singh Rawat
    I am using Shibbolethv2.3 with Apache web server and Tomcat application server. I am using Apache as a reverse proxy using mod_proxy.so. I am not able to forward the Shibboleth environment variables from Apache to Tomcat. I am able to forward the attributes in the headers but as already mentioned in the wiki this approach is not safe. I have tried forwarding the environment variables by the following directive : SetEnv AJP_username ${username} then at the Java side I can access the attribute by : request.getAttribute("username"); The strange thing here is that, I get a different value instead of the one set by Shibboleth. I get the Windows account name as a result. If I use any other attribute name, I get a null value. I have searched a lot and have run out of options. Please guide me towards the right solution. My setup details : Shibboleth version : 2.3 OS : Windows XP SP3 Webserver : Apache 2.2 Application Server : Tomcat 6 Proxy module : mod_proxy.so

    Read the article

  • Server IP Address['s]

    - by Abdul
    hi there i am running server 2003, and seem to have this problem where the server starts kicking out users after a while, especially when they log off, they cant log back in, or the printers on the metwork stop connecting and they cant print to it. when i check the server, i notice that the server has 2 IP addresses, even though it has a static IP, it seems to pick up another IP address as well, but when you go into teh IPV set up, its not there, but of you run the IP scan utility tool, it picks it up. to correct this, i either can log off the server, then log back in, and the IP disappears, or sometimes this doesnt work, and i need to restart the server, but thsi happens like every 2 days or so.....can anyone out there help?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 32 33 34 35 36 37 38 39 40 41 42 43  | Next Page >