Search Results

Search found 1249 results on 50 pages for 'iptables'.

Page 41/50 | < Previous Page | 37 38 39 40 41 42 43 44 45 46 47 48  | Next Page >

  • Troubleshooting "connection reset" error on my linux server

    - by Chris
    I fervently hope someone here can help me with the problem I am experiencing. I am a programmer, and I have very little understanding of linux sysadmin terminology/concepts. I am attempting to troubleshoot a problem with my website. It is a Facebook app, and whenever I try to connect using Chrome, I get an error stating that the "connection was reset". I have been Googling for four days straight trying to find a solution to this problem, but no joy. A big part of the problem is that I do not understand the terminology being employed, and the output from many of the tools referenced is likewise indecipherable to me. I am running a VPS with CentOS 5, apache, PHP, and MySQL. I could spam this post with a ton of information from my iptables, apache, etc but if anyone needs information from my server, please let me know how to get it, and I will post it here. Thank you for any help you can offer!

    Read the article

  • SQUID Transparent SSL proxy (no intercept)

    - by user974896
    I know how to have squid work as a transparent proxy. You put it into transparent mode then use your router or IPTABLES to forward port 80 to the squid port. I would like to do the same for SSL. Every guide I see mentions setting up keys on the squid server. I do not want squid to actually decrypt the SSL traffic then establish a connection with the server, rather I would like squid to simply forward the SSL traffic as is. The only thing I would like to do is be able to check the SSL request for any offending IPs and drop the packets if the destination is one of them.

    Read the article

  • tcp handshake failed.client send rst (after syn-ack). can any one advice?

    - by user1495181
    architecture: 2 linux computer connected . on the second (192.168.1.1) one run apache server . I have a small program that take tcp packets from nfqueue change the dst ip to 192.168.1.1 in case that the dst ip is 192.168.1.2 (i know that i can do it with iptables , but my program will do more things in the future), fix check sum and return to the queue. if i call to telnet 192.168.1.1 , means that my program dosnt need to do any manipulation, handshake is OK. If i call to telnet 192.168.1.2 , my program change the dest. server get the syn and return syn-ack, but right after getting the syn-ack the client send rst. Can anyone advice? wireshark of the telnet tcpdump of the telenet above

    Read the article

  • AWS:EC2:: Could not connect FTP client?

    - by heathub
    My Server OS: Amazon Linux I am trying to set up ftp. I have: Installed vsftpd open port 20-21 open port 1024 - 1048 Basically, I followed every of these steps Start vsftpd service (the status indicate [ok]) I use filezilla for my ftp client. Here is my setting/configuration: Host: ec2-XX-XX-XXX-XX.compute-1.amazonaws.com Port: -(blank, but I have tried 20 and 21 though) Server Type: FTP - File Transder Protocol Logon Type: Normal Username: (tried root and ec2-user) Transfer mode: Tried passive and active I always has this error: Status: Waiting to retry... Status: Resolving address of ec2-XX-XX-XXX-XX.compute-1.amazonaws.com Status: Connecting to XX.XX.XXX.XX:21... Error: Connection timed out Error: Could not connect to server Have I missed any configuration/settings? EDIT After execute the /sbin/iptables -L -n Here is the result: Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination

    Read the article

  • How to elegantly selectively exclude FreeBSD network traffic from OpenVPN interface by port

    - by Polygonica
    inexperienced sysadmin here. I'm planning on running a net daemon inside a FreeBSD jail through OpenVPN, but want to be able to SSH directly into the jail and use the daemon's web interface daemon without going through the VPN. As I understand it, an OpenVPN tunnel is normally set up as a default virtual internet interface, and so incoming traffic will go out on the OpenVPN interface by default (which is problematic, as this incurs latency). I thought "well, obviously, since all of this traffic is leaving on a handful of ports, I'll just redirect those to the non-VPN gateway." I've tried to look for solutions, but almost all of them involve iptables instead of ipfw (which is default for FreeBSD) and solve slightly different problems. And alternate solutions like using multiple default routes to ensure that incoming traffic on any interface is always sent out on the same interface seem far-reaching and require deep knowledge of all tools involved. Is there an elegant way of ensuring that traffic leaving on specific ports exits on a specified non-default interface using ipfw?

    Read the article

  • How to make local apache server public/visible ?

    - by George
    Hello. I am running an Apache2 server on a Fedora 13. I'd like to make it publicly accessible(visible).For example I'd like when somebody types http://my.ip.numbes/ that they would see what I have in my document root folder. Just for a presentation of a course work at university. Permissions are set to 755. User owning the document root is apache. SELinux is temporarily disabled. But port 80 is closed. I tried to open it by adding an entry to iptables and restarting them, no change. I guess I am missing something big here. Help would be greatly appreciated. Note: I have a static (public, real) IP address.

    Read the article

  • postgresql 9.1 Multiple Cluster on same host

    - by user1272305
    I have 2 cluster databases, running on the same host, Ubuntu. My fist database port is set to default but my second database port is set to 5433 in the postgresql.conf file. While everything is ok with local connections, I cannot connect using any of my tools to the second database with port 5433, including pgAdmin. Please help. Any parameter that I need to modify for the new database with port 5433? netstat -an | grep 5433 shows, tcp 0 0 0.0.0.0:5433 0.0.0.0:* LISTEN tcp6 0 0 :::5433 :::* LISTEN unix 2 [ ACC ] STREAM LISTENING 72842 /var/run/postgresql/.s.PGSQL.5433 iptables -L shows, Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination

    Read the article

  • Cannot access SVN repository from another host within the LAN

    - by akaii
    I'm trying to connect to a repository I've set up on our server from another host on the same network, but the connection is failing. checkout command: svn checkout svn://192.168.11.192/ error: Can't connect to host '192.168.11.192' : Connection refused I tried probing port 3690 with telnet, and I can't seem to connect that way either. I thought the port might be blocked, so I added an entry for port 3690 in sysconfig/iptables, but it doesn't seem to have had any effect at all. I'm sure svnserve is running, because I can checkout the repository on server using the same command above. What can I possibly try next?

    Read the article

  • Deactivate SYN flooding mechanism

    - by mlaug
    I am running a server that is running a service on port 59380. There are more than 1000 machines out there connecting to that service. Once I need to restart the service all those machines are connecting at the same time. That made some trouble as I have seen that log entry in kern.log TCP: Possible SYN flooding on port 59380. *Sending cookies*. Check SNMP counters. So I changed sysctl net.ipv4.tcp_syncookies to 0 because the endpoints to not handle tcp syn cookies correctly. Finally I restarted my network to get the changes in production Next time I had to restart the service, the following message was logged TCP: Possible SYN flooding on port 59380. *Dropping request*. Check SNMP counters. How can I prevent the system for doing such actions? All necessary counter measures are done by iptables...

    Read the article

  • Tracing what program is making a network connnection? (CentOS)

    - by Airjoe
    I was wondering if it is possible to find out which process is trying to make a specific network connection. On a server I support which hosts websites for about 200 users, the iptables firewall keeps blocking, as it should, a connection to 212.117.169.139 on port 80. Firefox reports this as an attack page (and at the least is obvious spam, if not malicious). It seems something on this server is trying to access this site for some reason, and although it's being blocked successfully, the requests seem to be going through every two to sixty seconds and I'd like to be able to find what process or script is doing this so I can handle it appropriately. Besides doing a grep to try and find if this IP is in some file (which probably won't even work because it may be working by hostname or it may be encoded), is there any way to find out some more information? Thanks!

    Read the article

  • Input traffic shaping

    - by whitequark
    I know that I can shape output traffic with tc or a similar tool. However, I want to shape the input traffic now—actually, I want to prioritize downloading of files of certain type through a slow lossy connection. I know the reason tc can only shape output traffic: the host itself has no direct control over the amount of input traffic. On the other hand, TCP has some measures built in it which prevent the TCP traffic from overflowing a slow connection. So, can I mangle something in TCP header so that the remote host will think my connection is slower than it thinks? Suppose that I am able to set the corresponding mark on both types of connections with iptables. Is there any way to reduce the input bandwidth of connections of first type, but only if connections of second type are present?

    Read the article

  • Creating ip alias on bonded interface ie. bond0:1

    - by bobothechimp
    System: HP Proliant DL360 G5 running CentOS 5.4 Bonded interface is working fine for a long time. I just went to add an alias the way I always have on a regular interface, and on first check it works (pinging on the local box) but it is not accessable from outside (iptables is turned off). In addition with this setup the normal network response started to decline, hanging for around a minute before I could get a prompt on login. Here are my config files: [root network-scripts]# cat ifcfg-eth0 DEVICE=eth0 BOOTPROTO=none ONBOOT=yes MASTER=bond0 SLAVE=yes USERCTL=no [root network-scripts]# cat ifcfg-eth1 DEVICE=eth1 BOOTPROTO=none ONBOOT=yes MASTER=bond0 SLAVE=yes USERCTL=no [root network-scripts]# cat ifcfg-bond0 DEVICE=bond0 BONDING_OPTS="mode=1 miimon=100" BOOTPROTO=none ONBOOT=yes NETWORK=10.2.1.0 NETMASK=255.255.255.0 IPADDR=10.2.1.11 USERCTL=no [root network-scripts]# cat ifcfg-bond0:1 DEVICE=bond0:1 BOOTPROTO=static ONBOOT=yes NETWORK=10.2.1.0 NETMASK=255.255.255.0 IPADDR=10.2.1.12 USERCTL=no any thoughts?

    Read the article

  • linux: upload / download difference on network shares

    - by Batsu
    I have a Red Hat Enterprise Linux 6 (with SELinux) which shows significant differences of speed between download and upload (the latter significantly slower) of files shared over the LAN. The bottleneck seems to be the output of the linux machine since I have a rate around 1Mb/s when WinXP machines download files shared (using samba) by the RHEL machine uploading files from the RHEL to a WinXP's shared folder while uploading from the XP machines to linux's shares downloading XPs' shares on the RHEL any share between Windows machines only run smooth (around 50Mb/s). Since the upload from RHEL to WinXP's share is slowed too I would exclude an issue in the configuration of samba. What could possibly determine this limit in the upload speed? update: iptables doesn't show any output rule and disabling it doesn't show any noticeable difference, so I would rule out it too.

    Read the article

  • Just installed Ubuntu 10.10, can't connect via SSH

    - by swilliams
    I've just downloaded and installed Ubuntu 10.10 in a VM on virtualbox (4.0.4). Everything on the VM is set to the defaults: NAT adapter. When installing the OS, I selected OpenSSH, and nothing else. I've tried to connect to the server via ssh from the host (running Mac OS X), but it only timeouts. Can't scp my credentials to it or ping the server either. As far as I can tell, the server is connected fine, has a valid IP, and can ping google.com. I know I'm missing something basic here... I don't believe I have any kind of firewall up, unless there's one I don't know about that comes with the install. iptables has the default configuration.

    Read the article

  • Automated VLAN creation with residential Wireless devices

    - by Zephyr Pellerin
    We've got a few WRT devices from Linksys here, and the issue has arisen to deploy them in a relatively small environment, However, in the interest of manageability we'd like to be able to automatically VLAN (ideally NOT subnet) every user from one another. It seems obvious to me that the default firmware isn't capable of this - can OpenWRT/Tomato/DD-WRT support any sort of functionality such that new users are automatically VLANed or otherwise logically separated from other users? It seems like there's an easy IPtables or PF solution here, but I've been wrong before. (If that seemed a little ambiguous, heres an example) User 1 sends DHCP request to server, new VLAN (We'll call VLAN 1) is created, user is placed in that VLAN. Then, user 2 sends a DHCP request and is placed in VLAN 2 etc. etc.

    Read the article

  • Do TCP connections work differently within the same subnet?

    - by Dean
    I've encountered some network behaviour that confuses me while trying to get Java RMI working. I use netcat to connect to a local machine: [my_machine]$ nc -w 1 192.168.0.100 60000 && echo success success I try to do the same to my server: [my_machine]$ nc -w 1 my-servers-ip 60000 && echo success This doesn't work, unless I explicitly listen on the server socket: [amazon_ec2]$ nc -l 60000 [my_machine]$ nc -w 1 my-servers-ip 60000 && echo success success For the version that fails, the SYN packet receives a RST, ACK in response. I'm not too knowledgable about this stuff, at this point I only have wild theories such as the one in the question. Any ideas? Potentially useful details: Local Machine (192.168.0.100) - Macbook Remote Machine (Amazon EC2) - Amazon Linux AMI 2012.03 Security Group Settings: 22 (SSH) 0.0.0.0/0 1099 0.0.0.0/0 49152-65535 0.0.0.0/0 "iptables -L" shows no rules set

    Read the article

  • Unable to ping between subnets and out to internet

    - by battlemidget
    My setup is Modem - Linksys router - Laptop with 2 devices (wlan0/eth0) - desktop machine Router is 192.168.1.1 gateway to the internet Laptop wlan0 is 192.168.1.4 with a gw of 192.168.1.1 Laptop eth0 is 192.168.2.254 which acts as a second gateway desktop is 192.168.2.100 On laptop i've setup ip_forward to 1, and have inserted 2 iptables rules -A FORWARD -i eth0 -o wlan0 -j ACCEPT -A FORWARD -i wlan0 -o eth0 -j ACCEPT The laptop can ping outside the network (i,e, yahoo.com) it can not ping 192.168.2.100. The desktop can ping 192.168.2.254 but nothing outside the network or 192.168.1.0 subnet. On laptop ip route show lists: 192.168.2.0/24 dev eth0 proto kernel scope link src 192.168.2.254 192.168.1.0/24 dev wlan0 proto kernel scope link src 192.168.1.4 127.0.0.0/8 dev lo scope link default via 192.168.1.1 dev wlan0 What am I missing to make my desktop go through the laptop in order to access the router which provides access to the internet? Thanks

    Read the article

  • Can't access to access to my web server inside a network with Firewall on

    - by ianenri
    I set up a Web server with the following: There is the Internet Router, configured to Port Foward port 80 to my computer assigned to my PC's IP: 192.168.1.128 My PC is connected to that wireless router from wlan0 Then, my PC is also connected to my device (which is the webserver) with a crossover-cable usign eth0 having this anohter IP: 10.42.43.1 Finally, my device (the webserver) is connected with eth0 with this IP: 10.42.43.55 As you can see, I need to install a reverse-proxy to be able to resolve to my device's webserver. I installed pound (proxy server) in my PC and configured properly to make 192.168.1.128 resolve to 10.42.43.55 So, I just typing my ISP provided IP 200.x.x.x resolves to my device webserver. But there's a problem: I HAD TO STOP MY FIREWALL. I don't know how I need exactly configure the firewall in SUSE YAST2, or at least iptables. Stopping it is not an option, not for security reasons, just because there's port fowarding rule that is needed to give Internet access to my device too. I'm using openSUSE 12.1

    Read the article

  • Postfix cleanup daemon access control

    - by Flimzy
    Is there any way to control which hosts are permitted to connect to the cleanup daemon over TCP? Our 'master.cf' contains: 2526 inet n - - - 0 cleanup This is necessary because we have a cluster of SMTP servers running custom code, and they can all inject mail to the centralized postfix server via the cleanup daemon. However, we want to allow only our authorized servers to connect to the cleanup daemon. The current configuration allows any host to connect to port 2526. Clearly we can use iptables to restrict access, but is there a way to do this within postfix itself?

    Read the article

  • Mirror network packets from WiFi to Ethernet in an ASUS Router RT N53

    - by fazineroso
    I have an ASUS RT N53 router, running the default firmware (Linux 2.6.22 with busybox and uclibc). I need to capture data packets from some Wi-Fi devices I have connected to that router (iPad and some smartphones), but the router is not forwarding any package coming from Wi-Fi devices to the Ethernet Ports. Any idea how can I proceed? Available tools in the router are iptables (no tee option, though), ebtables, brctl... Currently the ethernet and Wifi devices are forming a bridge: # brctl show bridge name bridge id STP enabled interfaces br0 8000.50465dc06be2 no vlan0 eth1 No ebtables rules: # ebtables -L Bridge table: filter Bridge chain: INPUT, entries: 0, policy: ACCEPT Bridge chain: FORWARD, entries: 0, policy: ACCEPT Bridge chain: OUTPUT, entries: 0, policy: ACCEPT

    Read the article

  • Linux QoS (Skype / BitTorent / SIP / HTTP priority)

    - by Andre
    We are configuring a linux box that will act as internet gateway for an office of 30-50 computers. We are using iptables/HTB for traffic shaping. Is there a way to match traffic on L7 level? It's easy to identify traffic by TCP/UDP ports (like SIP and HTTP). But what if we are dealing with Skype & BitTorent? It was surprise for me that there is no powerful and matured sulution for tasks like this. I found only l7-filter (http://l7-filter.clearfoundation.com/) patch for the Linux kernel, but it's no longer supported (it seems to). Moreover it couldn't be compiled with modern Linux kernels. The only option I found was to use a Cisco router. Are there other ways to identify and shape Skype and Bittorent traffic?

    Read the article

  • Firewall blocks outgoing email

    - by Martin Trigaux
    On my Debian server running a Django website, I have an error when I need to send an email. The error received is Exception Type: gaierror Exception Value: [Errno -2] Name or service not known Exception Location: /usr/lib/python2.6/socket.py in create_connection, line 547 You can see the full error log here. After testing, it seems it is my firewall that blocks the request. You can see my iptable file (/etc/init.d/firewall). I think the problem comes from the two commented lines that were supposed to accepts all established connections. When I uncomment them, I have an error iptables: No chain/target/match by that name. Thank you

    Read the article

  • Ubuntu Wired network(ethernet does not work)

    - by user36777
    It was working just fine, until the other day I yanked it out. The wireless works just fine on the same router. If I login to a windows 7 instance on this dual boot laptop then the ehternet works just fine. So it's not a hardware, cable or router issue. The card even gets an ip, but I can't connect to the internet. Here are the details from route, iptables, ifconfig, ping etc. Any ideas? I have been struggling with this for day, none seems to have an answer. http://pastie.org/954816

    Read the article

  • Centos 6.2, Apache 2 and Listen port for socket connection

    - by salvosav
    I'm trying to make a socket connection between a client and my server through a php script. To do this, I opened a port on iptables, and configure a virtual host with apache to redirect all traffic from my door to the folder that contains the file index.php, which is my script. Doing some tests the door is open, but using command netstat -ltn , I see ':::35100'. Looking on the net I understand if in this way is only listen inward and not outward. But I don't understand how can I turn this ':::35100 '-' in this '0.0.0.0:35100 '. Or, better yet, how to add this rule. Any ideas? thanks

    Read the article

  • What are the methods of separating network spaces in a LAN?

    - by dash17291
    Please detail me the methods. My thoughts: put the servers in separate (sub)networks the servers are forced to go through the firewall but no NAT is required assign more IP addresses to the internal interface of the server choosing gateway addresses from the clients and servers IP address ranges split DNS Netfilter/{iptables, ipset} could be heavily involved, I'm talking about Linux servers. See for example: Destination NAT Onto the Same Network from internal clients Please do not explain what is NAT or DNS. This is a theoretical question, but my poor English knowledge prevent me to describe it in a fancy fashion.

    Read the article

< Previous Page | 37 38 39 40 41 42 43 44 45 46 47 48  | Next Page >