Search Results

Search found 3844 results on 154 pages for 'firewall bypass'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 38/154 | < Previous Page | 34 35 36 37 38 39 40 41 42 43 44 45  | Next Page >

  • Proxied access for chinese users?

    - by Eaton
    I'm working on a web app that will have a large-ish chunk of users in China. The bad news is that most of them are university students, and access has been blocked. Setting up a proxy server inside China seems like the best (potential?) solution, but it's the first time I'll have done anything along those lines. Are there any pitfalls or issues that I should be aware of before I start down this path?

    Read the article

  • IPTables: allow SSH access only, nothing else in or out

    - by Disco
    How do you configure IPTables so that it will only allow SSH in, and allow no other traffic in or out? Any safety precautions anyone can recommend? I have a server that I believe has been migrated away from GoDaddy successfully and I believe is no longer in use. But I want to make sure just because ... you never know. :) Note that this is a virtual dedicated server from GoDaddy... That means no backup and virtually no support.

    Read the article

  • Restricting output to only allow localhost using iptables

    - by Dave Forgac
    I would like to restrict outbound traffic to only localhost using iptables. I already have a default DROP policy on OUTPUT and a rule REJECTing all traffic. I need to add a rule above that in the OUTPUT chain. I have seen a couple different examples for this type of rule, the most common being: -A OUTPUT -o lo -j ACCEPT and -A OUTPUT -o lo -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT Is there any reason to use the latter rather than the former? Can packets on lo have an address other than 127.0.0.1?

    Read the article

  • Access an external SSH server through a restrictive proxy [on hold]

    - by Cyrille
    I'm a software developer. I wish to access my computer at home through SSH. For example, I sometime need to access my personal projects source code to check how I handled specific problems. Unfortunately, I currently work under an over-restrictive and anti-productive proxy that waste a hell of a lot of everyone's time (We often have to visit websites from our smartphones or use a web proxy to check very legitimates websites for answers, and don't get me started on other "security" overkill features we have to cope with...). Well, back to the subject, I can access my home computer from my phone (SSH, port 22 and 80 both redirected by router on port 22). It works, but it's quite uncomfortable. From my office computer, this is what I tried so far: export http_proxy=http://user:pass@proxyip:8080 echo "user:pass" > ~/.corkscrew-auth echo "ProxyCommand corkscrew proxyip 8080 %h %p /home/me/.corkscrew-auth" > ~/.ssh/config ssh 82.23.34.56 -l me -p 80 Proxy could not open connnection to 82.23.34.56: Forbidden ssh_exchange_identification: Connection closed by remote host (same without -p 80) Without corkscrew: ssh: connect to host 82.23.34.56 port 80: Connection timed out ssh: connect to host 82.23.34.56 port 22: Connection timed out Any other idea ?

    Read the article

  • How to let specific subdomain through Squid Proxy?

    - by armani
    I need to allow Facebook.com/MyOrganization, but nothing else from Facebook.com. I tried: acl local_c src 192.168.0.0/16 acl fb_ok urlpath_regex ^/MyOrganization acl fb dstdomain .facebook.com http_access allow local_c fb_ok http_access deny local_c fb But that simply brings down all of Facebook, including the page I want. Anybody have experience in this? Lots of Googling got me nowhere, and Regular Expressions confuse me...

    Read the article

  • How can one restrict network activity to only the VPN on a Mac and prevent unsecured internet activity?

    - by John
    I'm using Mac OS and connect to a VPN to hide my location and IP (I have the 'send all traffic over VPN connection' box checked in teh Network system pref), I wish to remain anonymous and do not wish to reveal my actual IP, hence the VPN. I have a prefpan called pearportVPN that automatically connects me to my VPN when I get online. The problem is, when I connect to the internet using Airport (or other means) I have a few seconds of unsecured internet connection before my Mac logs onto my VPN. Therefore its only a matter of time before I inadvertently expose my real IP address in the few seconds it takes between when I connect to the internet and when I log onto my VPN. Is there any way I can block any traffic to and from my Mac that does not go through my VPN, so that nothing can connect unless I'm logged onto my VPN? I suspect I would need to find a third party app that would block all traffic except through the Server Address, perhaps Intego Virus Barrier X6 or little snitch, but I'm afraid I'm not sure which is right or how to configure them. Any help would be much appreciated. Thanks!

    Read the article

  • Allow outgoing connections for DNS

    - by Jimmy
    I'm new to IPtables, but I am trying to setup a secure server to host a website and allow SSH. This is what I have so far: #!/bin/sh i=/sbin/iptables # Flush all rules $i -F $i -X # Setup default filter policy $i -P INPUT DROP $i -P OUTPUT DROP $i -P FORWARD DROP # Respond to ping requests $i -A INPUT -p icmp --icmp-type any -j ACCEPT # Force SYN checks $i -A INPUT -p tcp ! --syn -m state --state NEW -j DROP # Drop all fragments $i -A INPUT -f -j DROP # Drop XMAS packets $i -A INPUT -p tcp --tcp-flags ALL ALL -j DROP # Drop NULL packets $i -A INPUT -p tcp --tcp-flags ALL NONE -j DROP # Stateful inspection $i -A INPUT -m state --state NEW -p tcp --dport 22 -j ACCEPT # Allow established connections $i -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # Allow unlimited traffic on loopback $i -A INPUT -i lo -j ACCEPT $i -A OUTPUT -o lo -j ACCEPT # Open nginx $i -A INPUT -p tcp --dport 443 -j ACCEPT $i -A INPUT -p tcp --dport 80 -j ACCEPT # Open SSH $i -A INPUT -p tcp --dport 22 -j ACCEPT However I've locked down my outgoing connections and it means I can't resolve any DNS. How do I allow that? Also, any other feedback is appreciated. James

    Read the article

  • Enabling http access on port 80 for centos 6.3 from console

    - by Hugo
    Have a centos 6.3 box running on Parallels and I'm trying to open port 80 to be accesible from outside tried the gui solution from this post and it works, but I need to get it done from a script. Tried to do this: sudo /sbin/iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT sudo /sbin/iptables-save sudo /sbin/service iptables restart This creates exactly the same iptables entries as the GUI tool except it does not work: $ telnet xx.xxx.xx.xx 80 Trying xx.xxx.xx.xx... telnet: connect to address xx.xxx.xx.xx: Connection refused telnet: Unable to connect to remote host UPDATE: $ netstat -ntlp (No info could be read for "-p": geteuid()=500 but you should be root.) Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN - tcp 0 0 127.0.0.1:6379 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN - tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN - tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:37439 0.0.0.0:* LISTEN - tcp 0 0 :::111 :::* LISTEN - tcp 0 0 :::22 :::* LISTEN - tcp 0 0 ::1:631 :::* LISTEN - tcp 0 0 :::60472 :::* LISTEN - $ sudo cat /etc/sysconfig/iptables # Generated by iptables-save v1.4.7 on Wed Dec 12 18:04:25 2012 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [5:640] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT # Completed on Wed Dec 12 18:04:25 2012

    Read the article

  • Cisco - Zone Policy Actions (pass, inspect, drop, log) - What is the difference?

    - by Jonathan Rioux
    Have these commands for instance: policy-map type inspect IN-OUT_PlcyMAP class type inspect IN-OUT_ClassMAP inspect <------ policy-map type inspect IN-OUT_PlcyMap class type inspect IN-OUT_ClassMAP pass <------ zone security INSIDE zone security OUTSIDE zone-pair security IN->OUT source INSIDE destination OUTSIDE service-policy type inspect IN-OUT_PlcyMAP What is the difference between "inspect", "pass", "drop", "log", and "reset ? I could not found any information on this on Google.

    Read the article

  • Amazon EC2 Socket connection not being accepted

    - by Joseph
    I am trying to run a java application on my EC2 instance. The application accepts socket connections on port 54321. If I try and connect to it, it times out. My Security Group is set as: TCP Port (Service) Source Action 21 0.0.0.0/0 Delete 22 (SSH) 0.0.0.0/0 Delete 80 (HTTP) 0.0.0.0/0 Delete 20393 0.0.0.0/0 Delete 54321 0.0.0.0/0 Delete Is there anything else I need to do? # iptables -nvL Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination # iptables -nvL -t nat Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination #

    Read the article

  • What are the most common dangerous domains that I should block?

    - by Dalia
    I am trying to configure my wireless router to block domains that are potentially dangerous to privacy, security, and bandwidth-hogs. Is there a list of domains that I can block at the router level? On a machine level, I have set the hosts file from www.mvps.org and that works on my machine. However, I want to implement something at the router level too - so that all computers in my household are somewhat protected.

    Read the article

  • How can I prevent OpenVPN Client from blocking inbound connections while a tunnel is connected?

    - by joshudson
    We have this machine that we RDP into for using OpenVPN. When a tunnel is connected, it is not possible to RDP into the machine. Should we get disconnected, this is a problem (machine is headless). How can I stop OpenVPN from blocking inbound RDP? I do not have access to the server configuration. If there's anything interesting on the client to check you'll have to tell me how to get at it. I eliminated the possibility of routing issue before asking the question. Only inbound connections cannot be opened. Outbound connections to LAN can be opened just fine. EDIT: Don't bother answering. The problem disappeared without any known changes being made.

    Read the article

  • blocking port 80 via iptables

    - by JoyIan Yee-Hernandez
    I'm having problems with iptables. I am trying to block port 80 from the outside, basically plan is we just need to Tunnel via SSH then we can get on the GUI etc. on a server I have this in my rule: Chain OUTPUT (policy ACCEPT 28145 packets, 14M bytes) pkts bytes target prot opt in out source destination 0 0 DROP tcp -- * eth1 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 state NEW,ESTABLISHED And Chain INPUT (policy DROP 41 packets, 6041 bytes) 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 state NEW,ESTABLISHED Any guys wanna share some insights?

    Read the article

  • Reverse web proxy with time constraints

    - by user2893458
    I have a web application which produces several unique URLs of the type http://service.company.com/service.html?type=aaaa&key=jfiZm6u6cW where the last part is a randomly generated key. Each such URL provides access to an instance of the service provided. I am looking for a way to restrict access to those URLs based on time constraints, as an example URL#1 should be available between 8:00AM and 10:00AM on May 30, URL#2 should be available between 10:30AM and 12:00PM on May 31, and so on. I already have a resource scheduling application based on Drupal and would like to find a way to include those URLs as scheduled resources. The web application is deployed on Apache Tomcat, so I don't have the knowledge or the resources to alter it, therefore I thought that I could put some sort of reverse proxy in front of the web app that could implement the time constraint feature. In my thoughts the reverse proxy would allow or disallow access to each URL based on the rules that my scheduling application would provide. There may be other ways to deliver such a solution, but I can't think of anything better, so the question is: is there a reverse web proxy architecture that could allow access to the destination URLs based on time and date rules? Any other ideas are more than welcome.

    Read the article

  • How can one restrict network activity to only the VPN on a Mac and prevent unsecured internet activity?

    - by John
    I'm using Mac OS and connect to a VPN to hide my location and IP (I have the 'send all traffic over VPN connection' box checked in teh Network system pref), I wish to remain anonymous and do not wish to reveal my actual IP, hence the VPN. I have a prefpan called pearportVPN that automatically connects me to my VPN when I get online. The problem is, when I connect to the internet using Airport (or other means) I have a few seconds of unsecured internet connection before my Mac logs onto my VPN. Therefore its only a matter of time before I inadvertently expose my real IP address in the few seconds it takes between when I connect to the internet and when I log onto my VPN. Is there any way I can block any traffic to and from my Mac that does not go through my VPN, so that nothing can connect unless I'm logged onto my VPN? I suspect I would need to find a third party app that would block all traffic except through the Server Address, perhaps Intego Virus Barrier X6 or little snitch, but I'm afraid I'm not sure which is right or how to configure them. Any help would be much appreciated. Thanks!

    Read the article

  • Mirror network packets from WiFi to Ethernet in an ASUS Router RT N53

    - by fazineroso
    I have an ASUS RT N53 router, running the default firmware (Linux 2.6.22 with busybox and uclibc). I need to capture data packets from some Wi-Fi devices I have connected to that router (iPad and some smartphones), but the router is not forwarding any package coming from Wi-Fi devices to the Ethernet Ports. Any idea how can I proceed? Available tools in the router are iptables (no tee option, though), ebtables, brctl... Currently the ethernet and Wifi devices are forming a bridge: # brctl show bridge name bridge id STP enabled interfaces br0 8000.50465dc06be2 no vlan0 eth1 No ebtables rules: # ebtables -L Bridge table: filter Bridge chain: INPUT, entries: 0, policy: ACCEPT Bridge chain: FORWARD, entries: 0, policy: ACCEPT Bridge chain: OUTPUT, entries: 0, policy: ACCEPT

    Read the article

  • SSH Tunnel doesn't work in China

    - by Martin
    Last year I was working in China for a few months. I never bothered setting up a real VPN, but just created a SSH tunnel, and changed my browsers proxy settings to connect through it. Everything worked great (except flash of course) but that was fine. However, now I'm back in China but I'm having problems with this approach. I do the same thing as last time, and according to https://ipcheckit.com/ my IP address is indeed the IP of my (private) server in the US, and I'm logging in to my server using a fingerprint I created long before going to China so no MITM should be possible. Furthermore the certificate from ipcheckit.com is from GeoTrust - so everything should be OK However, I still can't access sites which are blocked in China. Any idea how this could be possible?

    Read the article

  • Cisco FWSM -> ASA upgrade broke our mail server

    - by Mike Pennington
    We send mail with unicode asian characters to our mail server on the other side of our WAN... immediately after upgrading from a FWSM running 2.3(2) to an ASA5550 running 8.2(5), we saw failures on mail jobs that contained unicode. The symptoms are pretty clear... using the ASA's packet capture utility, we snagged the traffic before and after it left the ASA... access-list PCAP line 1 extended permit tcp any host 192.0.2.25 eq 25 capture pcap_inside type raw-data access-list PCAP buffer 1500000 packet-length 9216 interface inside capture pcap_outside type raw-data access-list PCAP buffer 1500000 packet-length 9216 interface WAN I downloaded the pcaps from the ASA by going to https://<fw_addr>/pcap_inside/pcap and https://<fw_addr>/pcap_outside/pcap... when I looked at them with Wireshark Follow TCP Stream, the inside traffic going into the ASA looks like this EHLO metabike AUTH LOGIN YzFwbUlciXNlck== cZUplCVyXzRw But the same mail leaving the ASA on the outside interface looks like this... EHLO metabike AUTH LOGIN YzFwbUlciXNlck== XXXXXXXXXXXX The XXXX characters are concerning... I fixed the issue by disabling ESMTP inspection: wan-fw1(config)# policy-map global_policy wan-fw1(config-pmap)# class inspection_default wan-fw1(config-pmap-c)# no inspect esmtp wan-fw1(config-pmap-c)# end The $5 question... our old FWSM used SMTP fixup without issues... mail went down at the exact moment that we brought the new ASAs online... what specifically is different about the ASA that it is now breaking this mail? Note: usernames / passwords / app names were changed... don't bother trying to Base64-decode this text.

    Read the article

  • 1K incoming http post requests per second, each with a 10-50K file

    - by Blankman
    I'm trying to figure out what kind of server setup I will need to support: 1K http post requests per second each post will contain a xml file between 5-50K (average of 25 kilobytes) Even if I get a 100 Mb/s connection with my dedicated box (they usually give 10 Mb/s but you can upgrade), from my calculations that is about 12K kb/s which means about 480 25kb files per second. So this means I need around 3 servers then, each with 100 Mb/s connection. Would a single server running HAProxy be able to redirect the requests to other servers or does this mean I need to get something else that can handle more than 100 Mb/s to proxy things out to the other servers? If my math is off I'd appreciate any corrections you may have.

    Read the article

  • How to control/check CheckPoint rules changes (and another System events)

    - by user35115
    I need to check/control all system events on many CheckPoint FW1 - don't misunderstand - not rules triggering, but events such admins log on, rules changes and etc. I found out that I can make an log export using 2 methods: Grab logs Use special script that redirect Checkpoint log entries to syslog, FW1-Loggrabber But it's not clear for me does such logs also contain information that i need (admins log on, rules changes)? And If yes is it possible to filter events? I also suppose, that if system bases on *nix platform it must be a ploy - use based functions of the system to do what i want. Unfortunately i don't know where to "dig". May be you know? Updated: New info "FW-1 can pipe its logs to syslog via Unix's logger command, and there are third party log-reading utilities" So, the main question is how do my task in the best way? Has anybody already resolved such problem? P.S. I' m new with CheckPoint, so all information will be useful for me. Thank you.

    Read the article

  • Opening ports with IPTables not working - Ubuntu

    - by user41416
    So, I have these rules set in iptables: # iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpts:6850:6999 ACCEPT udp -- anywhere anywhere udp dpts:6850:6999 ACCEPT tcp -- anywhere anywhere tcp dpt:6881 Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Although, the ports are not open :/ here is a telnet attempt: # telnet localhost 6999 Trying 127.0.0.1... telnet: Unable to connect to remote host: Connection refused Any idea why this is happening? Do I need to reboot or do someone to make the changes permanent? Last time I rebooted the rules disappeared from iptables :/

    Read the article

  • Searching Objects on SonicWALL (NSA 2600, SonicOS 6.1)

    - by Justin Scott
    Ok, this may sound like a dumb question, but does the SonicOS web interface not have a search option for object definitions? One of my clients recently decided to replace their Astaro Security Gateways with SonicWALL firewalls. These sit in front of a small data center full of servers and we have several hundred custom service and address definitions that need to be ported. The SonicOS interface provides a basic list for service and address definitions but no search option to be found. To make it worse, there is no option to list them all on one page (they're paginated 50 at a time) so I can't use the text search on the web browser either. The Astaro units have a nice search option on their definitions so perhaps I just got spoiled by their software. Am I missing something or is there some way to search for an object without paging through the list and finding an entry manually?

    Read the article

  • identify a router that cuts certain port

    - by Sergiks
    Is there a way to identify which particular router between me and some server blocks connections on certain port? I am in a hotel in Thailand, where they have recently changed some settings in their equipment, and now I cannot reach any of my servers in Europe and USA by SSH / port 22. More traditional ports like 80 or 21 are open. traceroute command shows each particular router in the middle. But is there a way to identify one that filters out port 22?

    Read the article

  • Does NAT change the source MAC address?

    - by user44073
    I'm trying to secure my home network but don't really need the complexity of a VPN so I'm trying to figure out other options. I'd like to allow my iPhone remote access to my home servers but I can't depend on the IP address because it changes quite often (due to the 3G network, etc). Can I filter incoming connections on my router (pfsense) by MAC address or does NAT change the source as it's passing through the different routers on the internet?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 34 35 36 37 38 39 40 41 42 43 44 45  | Next Page >