Search Results

Search found 3466 results on 139 pages for 'firewall traversal'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 39/139 | < Previous Page | 35 36 37 38 39 40 41 42 43 44 45 46  | Next Page >

  • Set generic iptables rules?

    - by tftd
    This may be a really dumb question but how can you open a port on multiple interfaces without defining the interfaces? For example how do I open port 22 on all interfaces? On my machine I have some interfaces that are dynamic and may or may not be available so I have to set "generic" rules. This code is not working for me but I can't figure out why: # My default policy is to drop the input. # The other policies are required like that. $IPTABLES -P INPUT DROP $IPTABLES -P OUTPUT ACCEPT $IPTABLES -P FORWARD ACCEPT $IPTABLES -t nat -P POSTROUTING ACCEPT $IPTABLES -t nat -P PREROUTING ACCEPT $IPTABLES -t mangle -P OUTPUT ACCEPT $IPTABLES -t mangle -P PREROUTING ACCEPT #Open port 22 on all interfaces ? $IPTABLES -A INPUT -p tcp --dport 22 -j ACCEPT So apparently there's something wrong with the last line... but I can't see it?

    Read the article

  • Cisco ASA Multiple Public IP

    - by KGDI
    I have a Cisco ASA5510 and articles related to ASA and mulitple Public IP says this cant be done. My question is how to best solve a scenario like this: I have 3 zones, Outside, Inside and DMZ Outside is Internet Inside is Client machines DMZ is a zone for servers related to external and internal services. My scenario is a bit more complex, but to keep things simple this will do: I want to place an Exchange server and a web server (externally reachable in the DMZ zone) The webserver uses both TCP80/443, the Exchange server uses 443 So to the problem: With the ASA only having one public IP, how would you make a DNAT to port 443 on both the internal hosts behind 1 Public IP? Usually, when i do this kind of scenario With Linux boxes i use alias Interfaces like eth0:0, eth0:1 and set 1 Public IP on each. To me this must be a pretty common scenario, any ideas on how to solve it With ASA? /KGDI

    Read the article

  • Should I create a second WAN Interface for a new SSLVPN setup on my Sonicwall 2400?

    - by TheSuperman
    Sonic Wall 2400 I'm setting up a new SSLVPN on our Sonicwall, very new to this. I currently have an exchange server as well, so mail.company.com is directed to our mail server. I'd like to setup a clean link for my low end users, remote.company.com to be for the SSLVPN, but I'm not sure how to do this within the Sonicwall? I setup SSLVPN on port 443. Only 1 WAN setup, on the X1 Interface. We have an A record setup with the same static IP used on the WAN Interface, and is configured for mail.company.com. Should I use a new static IP from our block of usable IP's to create the new Remote.Company.com? If so, I have no idea where to start on this on the Sonicwall? Any suggestions?

    Read the article

  • ip6tables blocking output traffic

    - by jmccrohan
    My OpenVZ VPS is blocking outbound IPv6 traffic, but correctly filtering inbound IPv6 traffic. Below is my ip6tables-restore script. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -i lo -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p ipv6-icmp -j ACCEPT -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT -A INPUT -p udp -m udp --dport 1194 -j ACCEPT -A INPUT -p tcp -m tcp --dport 51413 -j ACCEPT -A INPUT -p udp -m udp --dport 51413 -j ACCEPT -A INPUT -m limit --limit 5/min -A INPUT -j REJECT --reject-with icmp6-adm-prohibited -A FORWARD -j ACCEPT -A OUTPUT -j ACCEPT COMMIT ICMPv6 traffic is still able to pass both inbound and outbound. When I flush these rules using -F, outbound traffic flows fine. What am I missing here? EDIT: It appears that ip6tables is marking ESTABLISHED packets as INVALID. Consequently, the outbound traffic is NOT actually being blocked. The reply packets are not allowed inbound again, hence appearing like blocked outbound traffic. Allowing INVALID packets inbound solves the outbound issue, but also renders the inbound filter useless.

    Read the article

  • Manually Editing iptables

    - by JamesB41
    I'm using CentOS. What I'm wondering is, what happens if I manually edit /etc/sysconfig/iptables and save it? Is that the definitive source? When I type iptables -L I get something that doesn't match the contents of that file. Is there a way I can just edit the chains directly without adding/removing rules one at a time? i.e. open VIM and get everything set up the way I want it and then save. Along those lines, when I do something like iptables -A INPUT , where does that go in the immediate sense? Is it not applied until I do an iptables-save? I feel like I'm just missing an a-ha moment here and I can't seem to find the answer in a search.

    Read the article

  • How can I block access to public server IP for OpenSSH in Debian?

    - by VanDerSpar
    I got a Debian server with a public and a private IP in a DMZ. I need to be able to connect to it through SSH on our private side, and then block all access to the public address. Both /etc/hosts.deny and sshd_config seems to only let one block incoming IP addresses. What I really want is to disable SSH connections for the public IP. I've been trying iptables, but I haven't had luck with that neither. Any help is appreciated.

    Read the article

  • Multiple vulnerabilities in Oracle Java Web Console

    - by RitwikGhoshal
    CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2007-5333 Information Exposure vulnerability 5.0 Apache Tomcat Solaris 10 SPARC: 147673-04 X86: 147674-04 CVE-2007-5342 Permissions, Privileges, and Access Controls vulnerability 6.4 CVE-2007-6286 Request handling vulnerability 4.3 CVE-2008-0002 Information disclosure vulnerability 5.8 CVE-2008-1232 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability 4.3 CVE-2008-1947 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability 4.3 CVE-2008-2370 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability 5.0 CVE-2008-2938 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability 4.3 CVE-2008-5515 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability 5.0 CVE-2009-0033 Improper Input Validation vulnerability 5.0 CVE-2009-0580 Information Exposure vulnerability 4.3 CVE-2009-0781 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability 4.3 CVE-2009-0783 Information Exposure vulnerability 4.6 CVE-2009-2693 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability 5.8 CVE-2009-2901 Permissions, Privileges, and Access Controls vulnerability 4.3 CVE-2009-2902 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability 4.3 CVE-2009-3548 Credentials Management vulnerability 7.5 CVE-2010-1157 Information Exposure vulnerability 2.6 CVE-2010-2227 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 6.4 CVE-2010-3718 Directory traversal vulnerability 1.2 CVE-2010-4172 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability 4.3 CVE-2010-4312 Configuration vulnerability 6.4 CVE-2011-0013 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability 4.3 CVE-2011-0534 Resource Management Errors vulnerability 5.0 CVE-2011-1184 Permissions, Privileges, and Access Controls vulnerability 5.0 CVE-2011-2204 Information Exposure vulnerability 1.9 CVE-2011-2526 Improper Input Validation vulnerability 4.4 CVE-2011-3190 Permissions, Privileges, and Access Controls vulnerability 7.5 CVE-2011-4858 Resource Management Errors vulnerability 5.0 CVE-2011-5062 Permissions, Privileges, and Access Controls vulnerability 5.0 CVE-2011-5063 Improper Authentication vulnerability 4.3 CVE-2011-5064 Cryptographic Issues vulnerability 4.3 CVE-2012-0022 Numeric Errors vulnerability 5.0 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

    Read the article

  • Logging won't stop on log file after renaming/moving it.... how do I stop it?

    - by Jakobud
    Just discovered that logrotate is not rotating our firewall log. So its up to 12g in size. I need to split up the file into smaller chunks and start manually rotating them so I can get things back on track. However before I start splitting the firewall up, I need to stop the firewall from logging to the current firewall log file and force it to start logging to a new empty file. This way I'm not trying to split up or rotate a log file that is still constantly growing. I tried to simply do this: mv firewall firewall.old touch firewall I expected to see the new empty firewall file to start growing in size, but no... the firewall.old is still be logged to. Then I tried to start/stop iptables. No change. firewall.old is still the log file. I tried to move it to another directory. That didn't help. I tried to stop iptables, then change the filename and create a new firewall file and then start iptables again, but no change. How do I stop the logging on this file and force it to start logging on a new file?

    Read the article

  • Logging won't stop on log file after renaming/moving it.... how do I stop it?

    - by Jakobud
    Just discovered that logrotate is not rotating our firewall log. So it's up to 12G in size. I need to split up the file into smaller chunks and start manually rotating them so I can get things back on track. However before I start splitting the firewall up, I need to stop the firewall from logging to the current firewall log file and force it to start logging to a new empty file. This way I'm not trying to split up or rotate a log file that is still constantly growing. I tried to simply do this: mv firewall firewall.old touch firewall I expected to see the new empty firewall file to start growing in size, but no... the firewall.old is still be logged to. Then I tried to start/stop iptables. No change. firewall.old is still the log file. I tried to move it to another directory. That didn't help. I tried to stop iptables, then change the filename and create a new firewall file and then start iptables again, but no change. How do I stop the logging on this file and force it to start logging on a new file?

    Read the article

  • Intercept page request behind firewall return altered content with php and apache

    - by Matthew
    I'm providing free wifi service and need an ad to be added to all page requests. Currently I have a router forwarding all http requests to an apache server, which redirects all requests to an index.php page. The index.php page reads the request, fetches the content from the appropriate site, and edits the content to include the ad. The problem is that all images and css files etc. cannot be accessed, because when the browser tries to get the image <img src="site.com/image.jpg"> it's just redirected back to the index.php. I can change settings for the router (running dd-wrt) and the webserver (apache2 and php 5.2). Is there a solution that allows content to be edited before returning to the client, and allows css and images to be accessed?

    Read the article

  • WCF on Windows 7 not working

    - by Nyla Pareska
    I am using an example from iDesign about one way calls. I can get it to work on a Vista machine (VS2008) but not on a windows 7 machine (VS2010). I get this error: HTTP could not register URL http://+:8001/MyService/. Your process does not have access rights to this namespace ServiceHost host = new ServiceHost(typeof(MyService)); host.Open(); I get the error on the host.Open(); line. I noticed that windows asks first for some firewall and to give permission which I did but still it is not working. What can I do?

    Read the article

  • Proxy calls across a DMZ

    - by John
    We need to determine a quick way for our web application deployed in a DMZ to communicate to our SQL server that lives in the protected network. Only port 80 is open and available, and no direct SQL traffic is allowed across the firewall. So take the following simple system. A web page (default.aspx) makes a call (string GetData()) that resides in an assembly (Simple.DLL). GetData() uses ADO.NET to open a connection, execute a SQL call, retrieve the data, and return the data to the caller. However, since only port 80 is available and no SQL traffic is allowed, what could we do to accomplish our goal? I believe a .NET remoting solution would work, and I have heard of an architecture where a remoting layer proxies the call from Simple.DLL in the DMZ to another Simple.DLL that runs on the protected side. The remoting layer handles the communication between the two DLL’s. Can someone shed some light on how WCF/remoting can help us and how to get started with a solution?

    Read the article

  • UnknownHostException for server java

    - by nilesh
    I am not able to connect to an remote known server through Java code; the exception while connecting is java.net.NoRouteToHostException: No route to host. But strangely, I am able to connect to same server through ssh. Details: Simple Java client when tries to establish connection with Java standalone server, while conneting the exception occurs at following statement: Socket socket = new Socket(ServerIP ServerPort); The port needed is open on server so that externally request can come in. Again the following is returns false InetAddress.getByName(SERVER_IP).isReachable(1000) The Server is running on Fedora, Java 5. FYI: Java cannot resolve DNS address from AIX: UnknownHostException is almost same to my question, but somehow this is not AIX related; moreover I feel the issue to be more of Network or firewall issue. Please guide me.

    Read the article

  • Solr security question

    - by Camran
    I have a linux server, and I am about to upload a classifieds website to it. The website is php based. That means php code adds/removes classifieds, with the help of the users offcourse. The php-code then adds/removes a classified to a database index called Solr (like MySql). Problem is that anybody can currently access the database, but I only want the website to access the database (solr). Solr is on port 8983 as standard btw. My Q is, if I add a rule in my firewall (iptables), to only allow connections coming from the servers IP to the Solr port nr, would this solve my issue? Thanks

    Read the article

  • enabling tomcat web apps to be served from Ubuntu lucid

    - by user558925
    Hi, I have tomcat running on 8080 on a ubuntu lucid server. I am able to access it fro local machine. However I am unable to access the tomcat from any machine outside. Is it due to firewall restrictions. WHat do I need to do to enable accessing tomcat from remote machines. Tried adding this rule to iptables but it did not solve iptables --table nat --append PREROUTING --protocol tcp --destination-port 80 \ --in-interface eth0 --jump REDIRECT --to-port 8080 Any help would be appreciated Thanks Bala Thiruppanambakkam

    Read the article

  • How can i allow people in my local network to access the web service in my machine?

    - by user1451704
    I have coded a web service using the Axis 2 framework and I can successfully invoke it using a test client (SoapUI) on the local machine after publishing the application in JBoss 5. I can post to the WS endpoint from the local machine and get the expected response. Now i want to allow other machines to access the web service. i changed the "localhost" to "my own fixed IP" adress at the end point location, and turned firewall off, but impossible to access the WS. Note : windows Xp SP3. Any idea ? Thanks in advance !!

    Read the article

  • MySQL does not work on localhost without Local Area Connection

    - by user985171
    I use WampServer(Apache, PHP, MySQL) and have no problems when some kind of network adapter(wireless or lan) is connected(i-e Local Area Connection has status connected) 'even if i am not connected to the internet'(for example when i am connected to the router but that is not connected to the internet). When there is no network connection, i get a php error like MySQL could not connect to 127.0.0.1 on port 3306. Interestingly, 'telnet 127.0.0.1 3306' says that it could not connect to the port, even when the server and MySQL are running fine(i-e when some kind of local area connection is connected). So i turned off all kinds of firewall(antivirus and windows) but still no difference in anything. And that is why this issue is quite puzzling. Things i have already tried(will update this list along the way):- -The skip-networking directive in my.ini.

    Read the article

  • Secure openVPN using IPTABLES

    - by bob franklin smith harriet
    Hey, I setup an openVPN server and it works ok. The next step is to secure it, I opted to use IPTABLES to only allow certain connections through but so far it is not working. I want to enable access to the network behind my openVPN server, and allow other services (web access), when iptables is disabaled or set to allow all this works fine, when using my following rules it does not. also note, I already configured openVPN itself to do what i want and it works fine, its only failing when iptables is started. Any help to tell me why this isnt working will appreciated here. These are the lines that I added in accordance with openVPN's recommendations, unfortunately testing these commands shows that they are requiered, they seem incredibly insecure though, any way to get around using them? # Allow TUN interface connections to OpenVPN server -A INPUT -i tun+ -j ACCEPT #allow TUN interface connections to be forwarded through other interfaces -A FORWARD -i tun+ -j ACCEPT # Allow TAP interface connections to OpenVPN server -A INPUT -i tap+ -j ACCEPT # Allow TAP interface connections to be forwarded through other interfaces -A FORWARD -i tap+ -j ACCEPT These are the new chains and commands i added to restrict access as much as possible unfortunately with these enabled, all that happens is the openVPN connection establishes fine, and then there is no access to the rest of the network behind the openVPN server note I am configuring the main iptables file and I am paranoid so all ports and ip addresses are altered, and -N etc appears before this so ignore that they dont appear. and i added some explanations of what i 'intended' these rules to do, so you dont waste time figuring out where i went wrong : 4 #accepts the vpn over port 1192 -A INPUT -p udp -m udp --dport 1192 -j ACCEPT -A INPUT -j INPUT-FIREWALL -A OUTPUT -j ACCEPT #packets that are to be forwarded from 10.10.1.0 network (all open vpn clients) to the internal network (192.168.5.0) jump to [sic]foward-firewall chain -A FORWARD -s 10.10.1.0/24 -d 192.168.5.0/24 -j FOWARD-FIREWALL #same as above, except for a different internal network -A FORWARD -s 10.10.1.0/24 -d 10.100.5.0/24 -j FOWARD-FIREWALL # reject any not from either of those two ranges -A FORWARD -j REJECT -A INPUT-FIREWALL -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT-FIREWALL -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT-FIREWALL -j REJECT -A FOWARD-FIREWALL -m state --state RELATED,ESTABLISHED -j ACCEPT #80 443 and 53 are accepted -A FOWARD-FIREWALL -m tcp -p tcp --dport 80 -j ACCEPT -A FOWARD-FIREWALL -m tcp -p tcp --dport 443 -j ACCEPT #192.168.5.150 = openVPN sever -A FOWARD-FIREWALL -m tcp -p tcp -d 192.168.5.150 --dport 53 -j ACCEPT -A FOWARD-FIREWALL -m udp -p udp -d 192.168.5.150 --dport 53 -j ACCEPT -A FOWARD-FIREWALL -j REJECT COMMIT now I wait :D

    Read the article

  • Using recursion to find paths in a 2D array

    - by rikkit
    Hi, I'm working on a project for my A level. It involves finding the maximum flow of a network, and I'm using javascript. I have a 2D array, with values in the array representing a distance between the two points. An example of the array: 0 2 2 0 0 0 1 2 0 0 0 2 0 0 0 0 I think I need to use a recursive technique to find a path; below is some pseudocode, assuming that the array is 4x4. a is (0,0), b is (3,3). function search(a,b) from a to b if element(i,j) != 0 then store value of element search(j,3) I was wondering if that was the right construction for a depth first search. Thanks for any help.

    Read the article

  • jQuery - Not sure which method to use, closest() and parent() don't work.

    - by Nike
    Hello, again. :) God i feel like i'm spamming stackoverflow, this is my 3rd post for today. Sorry, heh. I even posted a question regarding this before, kind of, but i've changed the code a bit since so i thought it was better to post a new question. $('.pmlist ul li h4 .toggle').click(function() { $(this).closest('.meddel').toggle(250); }); That's what i've got now. The reason why the closest() method isn't working is because the div .meddel is just next to the h4 element. And closest() only crawls right up the DOM tree, ignoring other child elements. Right? parent() works almost the same and doesn't work either. And as i only want to toggle the closest .meddel div in the element, i need something that, yeah justs grabs the nearest one, and not all of them. To clear it up a bit, here's the HTML for one list item: <li class="item"> <h4><a class="toggle">ämne</a><small>2010-04-17 kl 12:54 by <u>nike1</u></small></h4> <div class="meddel"> <span> <img style="max-width: 70%; min-height: 70%;" src="profile-images/nike1.jpg" alt="" /> <a href="account.php?usr=47">nike1</a> </span> <p>text</p> </div> </li> I have several items like that, and if i click one toggle link, i just want the nearest .meddel to be toggled, as mentioned before. Thanks. -Nike

    Read the article

  • "tracing" version of readlink(1)

    - by jonrock
    I would like a version of "readlink -f" that provides a trace of every individual symlink resolution it performs. Something like: $ linktrace /usr/lib64/sendmail /usr/lib64 -> lib /usr/lib/sendmail -> ../sbin/sendmail /usr/sbin/sendmail $ I know I have used this utility in the past, on linux, and also remember at the time thinking "the name of this tool is completely unintuitive and I will forget it". Well, that day has arrived.

    Read the article

  • How can I store data in a table as a trie? (SQL Server)

    - by Matt
    Hi, To make things easier, the table contains all the words in the English dictionary. What I would like to do is be able to store the data as a trie. This way I can traverse the different branches of the trie and return the most relevant result. First, how do I store the data in the table as a trie? Second, how do I traverse the tree? If it helps at all, the suggestion in this previous question is where this question was sparked from. Please make sure it's SQL we're talking about. I understood the Mike Dunlavey's C implementation because of pointers but can't see how this part (The trie itself) works in SQL. Thanks, Matt

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 35 36 37 38 39 40 41 42 43 44 45 46  | Next Page >