Search Results

Search found 1249 results on 50 pages for 'iptables'.

Page 39/50 | < Previous Page | 35 36 37 38 39 40 41 42 43 44 45 46 | Next Page >

forward ssh ports on EC2

- by Will Glass

I have an SSH server on a private subnet within an EC2 vpc listening for ssh on port 9022 I also have a nat instance (standard Amazon EC2 nat) on a public instance. I would like to forward incoming SSH connections (port 9022) to my nat to the internal server (port 9022). I tried this, but it didn't work: sudo iptables -t nat -I PREROUTING -p tcp -i eth0 --dport 9022 -j DNAT --to-destination 10.0.2.11:9022 I verified that 10.0.2.11 is listening on port 9022. (I can telnet). I verified my security group allows incoming port 9022. I verified that /proc/sys/net/ipv4/ip_forward is 1. What am I missing? Edit: Turns out this was correct after all. I had a mistake in my security group.

Read the article
Can't access a local site site on LAN

- by Dilawar

I have lighttpd setup on a machine (say ip is 10.107.105.13) with following details. inet addr : 10.107.105.13 Bcast : 10.107.111.255 Mask : 255.255.240.0 I can access my site on this computer by using firefox http://localhost/index.html. Now I am trying to access this site from another computer with following details inet addr : 10.14.42.7 Bcast : 10.14.42.255 Mask : 255.255.255.0 But it says 'access denied'. nmap 10.107.105.13 gives the following output. PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 1234/tcp open hotline 3306/tcp open mysql 9418/tcp open git Following is the output of iptables -L -n -v on 10.107.105.13 141 11207 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 FORWARD and OUTPUT section empty. What is wrong with all this?

Read the article
Hyper-V 2012 and VM web server http

- by Syrus

I have a a few windows 2008 R2 Datacenter machines and a few windows 2012 Datacenter machines. I was runnin RedHat 6.2 VM on 2008 and all my other servers could access it over http until I put a VM up on 2012. No mater what I have done, (turned off selinux, firewall, iptables), on both RedHat servers has allowed them to pass http traffic. They can ping each other and ssh to each other but not http. I tried turning off the windows firewalls to, but no joy. I then moved the RedHat VM to the 2012 server and now the two RedHat VM's can http to each other, but none of the other vm's on other 2012 and 2008 servers can communicate over http. Anyone have some insight?

Read the article
how to enable remote access to a MySQL server on an AZURE virtual machine

- by Rees

I have an AZURE virtual machine with a MySQL server installed on it running ubuntu 13.04. I am trying to remote connect to the MySQL server however get the simple error "Can't connect to MySQL server on {IP}" I have already done the follow: * commented out the bind-address within the /etc/mysql/my.cnf * commented out skip-external-locking within the same my.cnf * "ufw allow mysql" * "iptables -A INPUT -i eth0 -p tcp -m tcp --dport 3306 -j ACCEPT" * setup an AZURE endpoint for mysql * "sudo netstat -lpn | grep 3306" does indeed show mysql LISTENING * "GRANT ALL ON *.* TO remote@'%' IDENTIFIED BY 'password'; * "GRANT ALL ON *.* TO remote@'localhost' IDENTIFIED BY 'password'; * "/etc/init.d/mysql restart" * I can connect via SSH tunneling, but not without it * I have spun up an identical ubuntu 13.04 server on rackspace and SUCCESSFULLY connected using the same procedures outlined here. NONE of the above works on my azure server however. I thought the creation of an endpoint would work, but no luck. Any help please? Is there something I'm missing entirely?

Read the article
Better way to stop/start Webmin and SSH

- by Jake

Hi, it would be a good idea to not have webmin running all the time... just start it via ssh when I need it... so, I just stop webmin,and leaving SSH always running... when I need to access webmin, I start it through SSH. but there are lots of people from many country trying to bruteforce my SSH. I can reduce bruteforce using iptables. but because Im feeling still not safe (about 3 months ago), so I stop SSH and leaving webmin always running through custom port. I just start SSH through webmin when I need. and the result, no more bruteforce on SSH, and no bruteforce on webmin (maybe because the attacker dont know my webmin custom port) but I think this is still not really safe. and I cannot restrict access to some IP because I use random IP. If I stop both SSH and webmin, I will lost access to my server. Anyone know the better way dealing with this?

Read the article
Proper network configuration for a KVM guest to be on the same networks at the host

- by Steve Madsen

I am running a Debian Linux server on Lenny. Within it, I am running another Lenny instance using KVM. Both servers are externally available, with public IPs, as well as a second interface with private IPs for the LAN. Everything works fine, except the VM sees all network traffic as originating from the host server. I suspect this might have something to do with the iptables-based firewall I'm running on the host. What I'd like to figure out is: how to I properly configure the host's networking such that all of these requirements are met? Both host and VMs have 2 network interfaces (public and private). Both host and VMs can be independently firewalled. Ideally, VM traffic does not have to traverse the host firewall. VMs see real remote IP addresses, not the host's. Currently, the host's network interfaces are configured as bridges. eth0 and eth1 do not have IP addresses assigned to them, but br0 and br1 do. /etc/network/interfaces on the host: # The primary network interface auto br1 iface br1 inet static address 24.123.138.34 netmask 255.255.255.248 network 24.123.138.32 broadcast 24.123.138.39 gateway 24.123.138.33 bridge_ports eth1 bridge_stp off auto br1:0 iface br1:0 inet static address 24.123.138.36 netmask 255.255.255.248 network 24.123.138.32 broadcast 24.123.138.39 # Internal network auto br0 iface br0 inet static address 192.168.1.1 netmask 255.255.255.0 network 192.168.1.0 broadcast 192.168.1.255 bridge_ports eth0 bridge_stp off This is the libvirt/qemu configuration file for the VM: <domain type='kvm'> <name>apps</name> <uuid>636b6620-0949-bc88-3197-37153b88772e</uuid> <memory>393216</memory> <currentMemory>393216</currentMemory> <vcpu>1</vcpu> <os> <type arch='i686' machine='pc'>hvm</type> <boot dev='hd'/> </os> <features> <acpi/> <apic/> <pae/> </features> <clock offset='utc'/> <on_poweroff>destroy</on_poweroff> <on_reboot>restart</on_reboot> <on_crash>restart</on_crash> <devices> <emulator>/usr/bin/kvm</emulator> <disk type='file' device='cdrom'> <target dev='hdc' bus='ide'/> <readonly/> </disk> <disk type='file' device='disk'> <source file='/raid/kvm-images/apps.qcow2'/> <target dev='vda' bus='virtio'/> </disk> <interface type='bridge'> <mac address='54:52:00:27:5e:02'/> <source bridge='br0'/> <model type='virtio'/> </interface> <interface type='bridge'> <mac address='54:52:00:40:cc:7f'/> <source bridge='br1'/> <model type='virtio'/> </interface> <serial type='pty'> <target port='0'/> </serial> <console type='pty'> <target port='0'/> </console> <input type='mouse' bus='ps2'/> <graphics type='vnc' port='-1' autoport='yes' keymap='en-us'/> </devices> </domain> Along with the rest of my firewall rules, the firewalling script includes this command to pass packets destined for a KVM guest: # Allow bridged packets to pass (for KVM guests). iptables -A FORWARD -m physdev --physdev-is-bridged -j ACCEPT (Not applicable to this question, but a side-effect of my bridging configuration appears to be that I can't ever shut down cleanly. The kernel eventually tells me "unregister_netdevice: waiting for br1 to become free" and I have to hard reset the system. Maybe a sign I've done something dumb?)

Read the article
svnserve accepts only local connection

- by stiv

I've installed svnserve in linux box konrad. On konrad I can checkout from svn: steve@konrad:~$ svn co svn://konrad A konrad/build.xml On my local Windows pc i can ping konrad, but checkout doesn work: C:\Projects>svn co svn://konrad svn: E730061: Unable to connect to a repository at URL 'svn://konrad' svn: E730061: Can't connect to host 'konrad': ??????????? ?? ???????????, ?.?. ???????? ????????? ?????? ?????? ?? ???????????. My linux firewall is disabled: konrad# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination and windows firewall is also off (I can't send screen shot here, so believe me). How can I fix that? Any ideas?

Read the article
Can not connect to tomcat server externally,

- by KItis

My Tomcat server is running on virtual server, this server is running on fedora machine. I have setted up everything on this machine to run tomcat, tomcat working well on local host. but i can not access the wsdl of the webservice running on this tomcat server remotely using IP address of this server, as follows. http://xxx.xxx.xxx.xxx:8080/axis2/services/listServices one of my friend said that i need to configure DNS to access remotely using IP address, i didn't understand what he said also. iptables on this server is also stooped. Also , i can access mysql running on this server remotly, my problem is why doesn't it work for tomcat. could someone can help me to find a solution for this problem. Thanks in advance for any help

Read the article
Rate limiting an internet connection per user

- by Alister

I've got a friend who has a "rent-by-room" property and includes internet access as part of this. However some tenants are somewhat hogging the internet (i.e. constantly downloading). I was wondering if anyone knows of a fairly easy way of rate limiting each connection to make the system more equitable. A preferred solution would be a cheap piece of hardware or some sort of Linux "appliance". I would rather not have to get an iptables headache if this is avoidable.

Read the article
Listing side projects in a jr. sysadmin resume

- by Beaming Mel-Bin

I have many "side-projects" that were not part of my past jobs. Just for example: Configuring web site environment for professors and friends Configuring a Linux box that does the routing, firewall (iptables), backup and file sharing (samba) for my apartment Developing small websites for things as simple as party invites to polling friends. Running my own SMTP server with domain keys, SPF and DNSBL Etc., etc. What would be the appropriate section to mention this? Should I even mention it? Perhaps it's best to just bring it up during the interview. I would especially appreciate the opinion of hiring managers.

Read the article
How difficult is it to setup a mailserver?

- by Jacob R

I want a secure mail solution, as I am looking to move away from Google and other parties looking into my private data. How much of a PITA is it to setup my own mailserver? Should I go for an external provider with a good privacy policy and encrypted data instead? I have a VPS running Debian (with a dedicated IP + reverse DNS), and I'm a fairly capable Linux administrator, having setup a couple of webservers, home networks, and looking over the shoulder of sysadmins at work. The security I currently have on the VPS is limited to iptables and installing/running the bare minimum of what I need (currently basically irssi and lighttpd). When setting up a mail server, is there a lot of stuff to take into consideration? Will my outgoing mail be marked as spam on other servers if I don't implement a number of solutions? Will reliable spam filtering be difficult to setup? Can I easily encrypt the stored mail?

Read the article
dead man's switch for remote networking interventions

- by ascobol

Hi, As I'm going to change the network configuration of a remote server, I was thinking of some security mechanisms to protect me from accidentally loosing control on the server. The level-0 protection I'm using is a scheduled system reboot: # at now+x minutes > reboot > ctrl+D where x is the delay before reboot. While this works relatevly well for very simple tasks like playing with iptables this method has at least two drawbacks: It's not very reactive, ie a connectivity problem should be detected automatically if for example an automatic remote ssh command fails does not work anymore for x seconds. It can obviously not work if one need to modify some configuration files and then reboot to test the changes. Are you guys using some tool for the second point ? I would love to have something able to revert the system configuration in a previously known stable state if I can't join the server X minutes after reboot. Thanks!

Read the article
OpenVPN server behind firewall issues

- by Gabriel

I'm trying to setup an OpenVPN but I do have some problems doing it. This is my scenario: INTERNET --- HOME ROUTER (10.1.0.0/28) --- FIREWALL SERVER (DEFAULT GATEWAY FOR MY INTERNAL LAN 10.1.0.2) --- OpenVPN Server (10.1.0.9 LAN | 10.2.0.1 VPN) single nic / bridge iface I can connect to my VPN server successfully (it gets the 10.2.0.5 address). Though, I'm not able to ping anything, neither my VPN server, nor my lan clients. I guess the problem is on the firewall. I'm not really an expert on iptables, I tried adding plenty of different rules without success. I would appreciate a lot if someone could explain me how to get to work the VPN server in this scenario. After connecting through VPN, when I try to ping the server, I'm not really sure about how the ping message gets to the server and how the response should go back to the client. Thanks a lot Gabriel

Read the article
Googlebot cant access my site webmaster tools reply Unreachable robots.txt

- by Ahmad Ahmadi

When I try to fetch my site as a googlebot in webmaster tools it return Unreachable robots.txt, after investigate I understood google bot can see my server: tcpdump | grep google it return that google can access my server with IP 66.249.81.172 or 66.249.75.111. but there is not any think in access log or error log or other apache logs. cat access_log | grep google or cat error_log | grep 66.249.81.172 Other bot (bing,...) can access apache but google cant. there is not any problem in my robots.txt or its permissions because as you know robots.txt is not necessary so I delete it but again webmaster tools returned Unreachable robots.txt not 404 not found! information about server: Server OS : CentOS 6 Web Server : Apache 2.x Firewall : IPTables is stoped SELinux is Disabled There is not any think else for security on my server. how can I investigate the problem and is there any other command that can help me to find the problem.

Read the article
getting input/output error from NFS client on RHEL5

- by Andrew Watson

i have two RHEL5 boxes on a private network together (192.168.2.0/24) and I am trying to export a file system from one to the other but I keep getting the following error: mount.nfs: Input/output error on the client side I see this output: mount: trying 192.168.2.101 prog 100003 vers 3 prot tcp port 2049 mount: trying 192.168.2.101 prog 100005 vers 3 prot tcp port 960 and on the server side I see this: Sep 20 14:14:32 omicron mountd[18739]: authenticated mount request from 192.168.2.87:635 for /srv/nfs/web (/srv/nfs/web) but that's all. I opened up iptables so that the whole 192.168.2.0/24 network is allowed to communicate freely but the public side is locked down to 22,80 etc.... any ideas?

Read the article
In Varnish stats, what does "Backend conn. reuses" and "recycles" mean?

- by electblake

I have varnish installed and I think it's working properly (not sure if it matters but I am using iptables reroute method to route ports incoming:80 > varnish:8080 > apache:80 Anyway, In varnishstat I see a pretty high Hitrate average (60-80%) which I am working on but I am unclear at what all of the stats presented by varnishstat Specifically the following Backend stats: 380 0.00 0.26 Backend conn. success 10122 15.00 6.85 Backend conn. reuses 267 0.00 0.18 Backend conn. was closed 10391 15.00 7.04 Backend conn. recycles I've read a blog post called "Varnishstat for dummies" which outlines a lot of details of varnishstat (I recommend it for beginners) but it does not go over these Backend stats. Feel free to explain here or link to a resource I've missed :) thanks!

Read the article
CentOS 6.5 as WebServer for Django Dev

- by Charlesliam

During CentOS 6.5 Installation I choose WebServer type for this computer. The server has a static IP address 192.168.111.100. The CentOS was updated I managed to install virtualenv with Python 2.7. Within the virtualenv, I'll be using Django Framework. After I tried to run the command using root user python manage.py runserver 0.0.0.0:8000 I can't see the website from other computer within the LAN when I try to type 192.168.111.100:8000/admin on my browser. I already disable firewall using service iptables stop I can ping the 192.168.111.100 and I have a good feedback with nslookup. What seems the problem of my config?

Read the article
MySQL Workbench sends computer name with login not IP

- by Android Addict

I am attempting to connect MySQLWorkbench to a remote MySQL Server. The server has granted access to user@IPAddress However, when I try to connect MySQLWorkbench, it sends user@computername instead. How do I configure the connection to use the IP address instead in MySQLWorkbench? Reference: The remote server is on the local network, so I need to use the local IP address assigned to my client. EDIT What I have tried so far: from the server: mysql -u user@IPAddress -p --host=(ServerIPAddress) Returns: mysql> So that tells me the user account is operational. Furthermore, I confirmed it exists using: select user from mysql.user; returning a table of all users, of which the user I am using is present. I have also opened the port 3306: sbin/iptables -A INPUT -i eth0 -s clientIPAddress -p tcp --destination-port3306 -j ACCEPT Still I encounter Access Denied

Read the article
Force local IP traffic to an external interface

- by calandoa

I have a machine with several interfaces that I can configure as I want, for instance: eth1: 192.168.1.1 eth2: 192.168.2.2 I would like to be able to forward all the traffic to one of these local address trhough the other interface. For instance, all requests to an iperf, ftp, http server at 192.168.1.1 are not just routed internally, but forwarded through eth2 (and the external network will take care of re-routing the packet to eth1). I tried and looked at several commands, like iptables, ip route, etc... but nothing worked. The closest behavior I could get was done with: ip route change to 192.168.1.1/24 dev eth2 which send all 192.168.1.x on eth2, except for 192.168.1.1 which is still routed internally. The goal of this setup is to do interface driver testing without using two PCs. I am using Linux, but if you know how to do that with Windows, I'll buy it!

Read the article
Connect devices plugged into Raspberry Pi ethernet to WiFi network

- by Tom

I'm just starting out on a mission to learn more about networking and I've followed a tutorial (http://raspberrypihq.com/how-to-turn-a-raspberry-pi-into-a-wifi-router/) to turn my Raspberry Pi into a wifi router. That worked really well so I modified it slightly so that I can use a tethered iphone for the internet connection - I just switched all "eth0" references to "eth1" (the iphone interface) and added a script to set everything up when the phone is plugged in. This setup has freed up the Pi's ethernet port so I'd like to try and take this a step further and allow devices plugged into it to connect to the network. If possible, I'd like to try adding a switch so I can connect multiple devices. I've tried fiddling around with nat & iptables with no luck so my question is, how can I connect devices on eth0 to my wlan network?

Read the article
How can I secure Postgres for remote access when not in a private network?

- by orokusaki

I have a database server on a VMWare VM (Ubuntu 12.04.1 LTS server), and it just occurred to me that the server is accessible via the web, since the same physical server contains a VM that hosts public websites. My iptables in the database are such that only SSH traffic, loopback traffic, and TCP on port 5432 are allowed. I will only allow host access to the Postgres server from the IP of the other VM on the same physical machine. Does this seem sufficient for security, assuming there aren't gaping holes in my general OS configuration, or is Postgres one of those services that should never be web facing, (assuming there are some of "those"). Will I need to use hostssl instead of host in my pg_hba.conf, even though the data will travel only on my own network, presumably?

Read the article
External routing for local interfaces in a virtualized network

- by Arkaitz Jimenez

Current setup: br0| |-- tun10 -pipe-tun0(192.240.240.1) |-- tun11 -pipe-tun1(192.240.240.2) |-- tun12 -pipe-tun2(192.240.240.3) The pipe program is a custom program that forwards data back2back between two tun interfaces. The idea is puting 2 programs in .2 and .3 while keeping .1 as the local interface in the current machine. The main problem is that I want to route packets to .2 and to .3 through .1 and br0, but as they are local interfaces, the kernel ignores any routing instruction, it just delivers the packet to the proper interface. Tried iptables, but the nat table doesn't even see ping packets to those ifaces. A "ping 192.240.240.2" delivers a icmp packet with source and dest .2 to tun1, ideally it should deliver a source .1 dest .2 at tun1 through tun0-br0-tun1 Any hint? Here the output of some commands: Output

Read the article
apache2 slow responding (debian)

- by baloo

I'm running an apache2 2.2.9 webserver with modpython and mpm_worker_module. The current config for the mpm is ServerLimit 32 StartServers 10 MaxClients 800 MinSpareThreads 25 MaxSpareThreads 75 ThreadsPerChild 25 MaxRequestsPerChild 0 The server has 1G of ram and a 100Mbit connection. Checking netstat -na | grep ESTABLISHED | wc -l gives me a number between 50 - 60. The load is about 1.0 Every pageload is also cached by memcached. I can't see why the server is so slow in responding to new connections, sometimes droping them completely? Also tried disabling iptables to make sure it's not because of a full state table or something like that. The only thing in dmesg is a lot of spam about "TCP: Treason uncloaked!"

Read the article
Dual WAN port on a WRT54GL

- by pufferfish

Is it possible to reconfigure one of the LAN ports on a WRT54GL (running Tomato firmware) to act as a second WAN port? I have the following networks: PPOE connection to ADSL modem (works fine on the normal WAN port) WiFi neighbourhood network (in 178.X.X.X range), via a Mikrotik routerboard which I'd like to put on the WAN side of the router. I'd then like to set up routing so than some traffic (172.X.X.X) is routed to the Mikrotik and the rest to the ADSL modem. p.s. for practical reasons, I can't use the Mikrotik as the firewall/router. Edit: It seems this can be done by editing iptables, can someone tell me exactly how?

Read the article
Better performance with memcached cluster or local memcaches?

- by Nicholas Tolley Cottrell

I have a small cluster of servers balancing a Java web app. Currently I have 3 memcached servers caching data and all web apps shares all 3 memcached instances. I often get strange slowdowns and timeouts to some of the memcacheds and I wondering if there is a good way of analyzing the performance. I am wondering whether my iptables rules (or some other system limitation) are blocking/slowing connections. I am considering reconfiguring the web apps so that they only query the memcached process on their own localhost.

Read the article

< Previous Page | 35 36 37 38 39 40 41 42 43 44 45 46 | Next Page >