Search Results

Search found 19921 results on 797 pages for 'big ip'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 42/797 | < Previous Page | 38 39 40 41 42 43 44 45 46 47 48 49  | Next Page >

  • iptables not allowing mysql connections to aliased ips?

    - by Curtis
    I have a fairly simple iptables firewall on a server that provides MySQL services, but iptables seems to be giving me very inconsistent results. The default policy on the script is as follows: iptables -P INPUT DROP I can then make MySQL public with the following rule: iptables -A INPUT -p tcp --dport 3306 -j ACCEPT With this rule in place, I can connect to MySQL from any source IP to any destination IP on the server without a problem. However, when I try to restrict access to just three IPs by replacing the above line with the following, I run into trouble (xxx=masked octect): iptables -A INPUT -p tcp --dport 3306 -m state --state NEW -s 208.XXX.XXX.184 -j ACCEPT iptables -A INPUT -p tcp --dport 3306 -m state --state NEW -s 208.XXX.XXX.196 -j ACCEPT iptables -A INPUT -p tcp --dport 3306 -m state --state NEW -s 208.XXX.XXX.251 -j ACCEPT Once the above rules are in place, the following happens: I can connect to the MySQL server from the .184, .196 and .251 hosts just fine as long as am connecting to the MySQL server using it's default IP address or an IP alias in the same subnet as the default IP address. I am unable to connect to MySQL using IP aliases that are assigned to the server from a different subnet than the server's default IP when I'm coming from the .184 or .196 hosts, but .251 works just fine. From the .184 or .196 hosts, a telnet attempt just hangs... # telnet 209.xxx.xxx.22 3306 Trying 209.xxx.xxx.22... If I remove the .251 line (making .196 the last rule added), the .196 host still can not connect to MySQL using IP aliases (so it's not the order of the rules that is causing the inconsistent behavior). I know, this particular test was silly as it shouldn't matter what order these three rules are added in, but I figured someone might ask. If I switch back to the "public" rule, all hosts can connect to the MySQL server using either the default or aliased IPs (in either subnet): iptables -A INPUT -p tcp --dport 3306 -j ACCEPT The server is running in a CentOS 5.4 OpenVZ/Proxmox container (2.6.32-4-pve). And, just in case you prefer to see the problem rules in the context of the iptables script, here it is (xxx=masked octect): # Flush old rules, old custom tables /sbin/iptables --flush /sbin/iptables --delete-chain # Set default policies for all three default chains /sbin/iptables -P INPUT DROP /sbin/iptables -P FORWARD DROP /sbin/iptables -P OUTPUT ACCEPT # Enable free use of loopback interfaces /sbin/iptables -A INPUT -i lo -j ACCEPT /sbin/iptables -A OUTPUT -o lo -j ACCEPT # All TCP sessions should begin with SYN /sbin/iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP # Accept inbound TCP packets (Do this *before* adding the 'blocked' chain) /sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # Allow the server's own IP to connect to itself /sbin/iptables -A INPUT -i eth0 -s 208.xxx.xxx.178 -j ACCEPT # Add the 'blocked' chain *after* we've accepted established/related connections # so we remain efficient and only evaluate new/inbound connections /sbin/iptables -N BLOCKED /sbin/iptables -A INPUT -j BLOCKED # Accept inbound ICMP messages /sbin/iptables -A INPUT -p ICMP --icmp-type 8 -j ACCEPT /sbin/iptables -A INPUT -p ICMP --icmp-type 11 -j ACCEPT # ssh (private) /sbin/iptables -A INPUT -p tcp --dport 22 -m state --state NEW -s xxx.xxx.xxx.xxx -j ACCEPT # ftp (private) /sbin/iptables -A INPUT -p tcp --dport 21 -m state --state NEW -s xxx.xxx.xxx.xxx -j ACCEPT # www (public) /sbin/iptables -A INPUT -p tcp --dport 80 -j ACCEPT /sbin/iptables -A INPUT -p tcp --dport 443 -j ACCEPT # smtp (public) /sbin/iptables -A INPUT -p tcp --dport 25 -j ACCEPT /sbin/iptables -A INPUT -p tcp --dport 2525 -j ACCEPT # pop (public) /sbin/iptables -A INPUT -p tcp --dport 110 -j ACCEPT # mysql (private) /sbin/iptables -A INPUT -p tcp --dport 3306 -m state --state NEW -s 208.xxx.xxx.184 -j ACCEPT /sbin/iptables -A INPUT -p tcp --dport 3306 -m state --state NEW -s 208.xxx.xxx.196 -j ACCEPT /sbin/iptables -A INPUT -p tcp --dport 3306 -m state --state NEW -s 208.xxx.xxx.251 -j ACCEPT Any ideas? Thanks in advance. :-)

    Read the article

  • Accessing SQL Server using an IP Address and Port Number ... Help!

    - by Mike
    I need to access an SQL Server that is on a machine behind a firewall and you access this machine using an ip address like 95.95.95.33:6930 (not the real ip address) ... But, you get my point that by accessing 95.95.95.33 on port 6930, the firewall routes the requests to that particular machine ... My question is ... How do you construct a connection string to access the machine at address 95.95.95.33:6930 and then further access the SQL Server on port 1433 or maybe a different port like 8484 ??? Thanks Mike

    Read the article

  • In TCPServer (Ruby) how can i get the IP/MAC from the client?

    - by a0rtega
    Hi, i want to get the IP Address of the client in a TCPServer in Ruby. And (if it is possible) the MAC Address. For example, a Time Server in Ruby, see the comment. tcpserver = TCPServer.new("", 80) if tcpserver puts "Listening" loop do socket = tcpserver.accept if socket Thread.new do puts "Connected from" + # HERE! How can i get the IP Address from the client? socket.write(Time.now.to_s) socket.close end end end end Thank you very much!

    Read the article

  • C# - How to detect all IP addresses from a LAN?

    - by SAMIR BHOGAYTA
    string strHostName = string.Empty; cmbIPAddress.Items.Clear(); // Getting Ip address of local machine... // First get the host name of local machine. strHostName = Dns.GetHostName(); // Then using host name, get the IP address list.. IPHostEntry ipEntry = Dns.GetHostByName(strHostName); IPAddress[] iparrAddr = ipEntry.AddressList; if (iparrAddr.Length 0) { for (int intLoop = 0; intLoop cmbIPAddress.Items.Add(iparrAddr[intLoop].ToString()); }

    Read the article

  • Was a Big Fish in a Little Pond, Am Now a Little Fish in a Big Pond. How Do I Grow? [closed]

    - by Ziv
    I've finished high school where I was in the top three in my class, I studied a little and there too I was pretty much Big Fish in a bigger pond than high school. Now I got into my first job in a very big company, there are some incredibly talented programmers and researchers here (mostly in departments not related to mine) and for the first time I really feel like I'm incredibly average - I do not want to be average. I read technical books all the time, I try to code on my personal time but I don't feel like that's enough. What can I do to become a leading programmer again in this big company? Is there anything specifically that can be done to make myself known here? This is a very big company so in order to advance you must be very good and shine in your field.

    Read the article

  • How to get ip address programactically on Debian based system?

    - by gc
    I'm trying to retrieve the ip address of the local machine in my program. The OS running is Ubuntu 8.10. I tried using gethostname() and gethostbyname to do it. All I can get is 127.0.1.1. I learned that it seems to be a Debian thing: This thread explained it. The content of my /etc/hosts file is also: 127.0.0.1 localhost 127.0.1.1 mymachine In this case, is there any other way to programactically (prefer C or C++) to get the ip address without modifying the system file on the machine? Thanks in advance. g.c.

    Read the article

  • How much effort does it take to spoof an Ip Address in a call to a webservice?

    - by Rory Becker
    I don't want to know how... Just how complicated.... I'm thinking of securing a webservice or 2 based on the incoming client ipaddress of the caller. Is this in any way secure? Surely if the IPaddress was being spoofed then the result would have to be sent back to the address that was being spoofed and therefore not reach the spoofer? Update: Ok so from what I can tell.... I should create a Gettoken() method which checks the IPaddress and passes out a cryptographically significant token with a timeout to any valid IP address. This is then required by any other method before any kind of side effect is allowed. Since an Attacker can't (likely) get the token without having a valid IP, he will be unable to validly call any of my "dangerous" webmethods ?

    Read the article

  • GRE keepalive with Linux and RouterOS

    - by eri
    I have a Linux host and couple of routerboadrs. I created a GRE tunnel, but Linux does not answer keepalive packages. Then router mark gre connection as unreachable, so I cant send to Linux host from router subnet. If linux sends something into tunnel (ping, etc.) - RouterOS mark connection as reacheble. Second and next packages routed nicely until one minute idle (no traffic). Tunnel in linux a make in this way: remote=x.x.x.x dev=gre21 network=10.21.0.0/16 ip tunnel add ${dev} mode gre remote ${remote} ttl 255 ip addr add 172.16.1.1/24 peer 172.16.1.21 dev ${dev} ip link set ${dev} up ip route add ${network} dev ${dev} And ip l: 14: gre21: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1476 qdisc noqueue state UNKNOWN link/gre 0.0.0.0 peer 109.60.170.15 How to set state "running"? How to keep alive tunnel? Ping in cron?

    Read the article

  • VPN, Tunneling to hide 'real IP' through my proxy server while showing the client IP on 'real' server side

    - by mickula
    I would like to hide my 'main server' behind the load balancer, call it 'proxy server' Although I use some closed-source software on 'main server' and it needs the client IP address to operate well. When I'm setting up some VPN connection, in that software it displays the IP address of my 'proxy server'. Is there any option to set up such tunneling or vpn to: not reveal IP of 'main server' show the IP of 'client' in 'application' on 'main server' I will be grateful for all your replies and ideas.

    Read the article

  • Git on DreamHost still balking on big files even after I compiled with NO_MMAP=1

    - by fuzzy lollipop
    I compiled Git 1.7.0.3 on DreamHost with the NO_MMAP=1 option, I also supplied that option when I did the "make NO_MMAP=1 install". I have my paths set up correctly, which git reports my ~/bin dir which is correct, git --version returns the correct version. But when I try to do a "git push origin master" with "big" files ~150MB it always fails. Does anyone have an suggestions on how to get DreamHost to accept this "big" files from a git push?

    Read the article

  • Make Apache to listen in multiple IPs

    - by Enrique Becerra
    Hi I'm in a big LAN, which is behind a proxy/firewall I'm working with an apache/php/mysql application, which is hosted in a small server besides my workstation. This server is connected to the LAN also and is behind the proxy: The server has a local IP assigned: 10.64.x.x Also, this server has a public IP assigned (or redirected from within the proxy/firewall) which is: 200.41.x.x I can't access public IP from LAN, but I can ping to the public IP from outside the building How should I configure Apache to listen also for public IP and open the 80 port for people accessing from outside the building?. It is set now to Listen 10.64.x.x:80 Thanks a lot in advance,

    Read the article

  • Network - Routers conflicting in my subnet

    - by Richard
    I have a router whose IP is 192.168.1.1 and I be experiencing conflict with another router on my subnet (which probably has 192.168.1.1 as IP too). I think when it tries to connect to the network, eventually taking the place of my router because when I try to access the config page of my router, which appears to me is a config page from another router that is not mine. Do you have any solution except to change the IP of my router to an IP not common? As I have set up the exclusivity that only my IP router? I work with dynamic IPs (wireless networking) and static (for wired). How do I? I just wanna to do some setting in my router that affects all other, so that doesn't conflicts anymore.

    Read the article

  • ftp connection problem, vsftp server, active mode

    - by Mark Szente
    I have a server that runs vsftpd to handle ftp connections. One of my users have a notebook with Total Commander and WinSCP installed. Both ftp clients fail right after the connection is established to the server and it tries to download the directory listing without any particular error message. The weird thing is: the notebook works perfectly ok with other ftp servers. My ftp server also works well with other clients. In fact, this user also has a pc running on the same LAN as the notebook and the pc works well with the ftp server. We use active ftp connection mode. Passive mode works well but is not an option at this point. I would post more technical details but I don't even know what this problem is related to. Anyway, below is the server side tcpdump for the failed connection attempt. There's no further communication between the client and the server after the last line of log. Thank you very much for any hint! 23:39:24.514852 IP 62.201.xx.xx.2241 > 195.70.xx.xx.21: S 1314489715:1314489715(0) win 65535 <mss 1460,nop,wscale 3,nop,nop,sackOK> 23:39:24.514896 IP 195.70.xx.xx.21 > 62.201.xx.xx.2241: S 2633658883:2633658883(0) ack 1314489716 win 5840 <mss 1460,nop,nop,sackOK,nop,wscale 2> 23:39:24.520842 IP 62.201.xx.xx.2241 > 195.70.xx.xx.21: . ack 1 win 62500 23:39:24.523803 IP 195.70.xx.xx.21 > 62.201.xx.xx.2241: P 1:21(20) ack 1 win 1460 23:39:24.546858 IP 62.201.xx.xx.2241 > 195.70.xx.xx.21: P 1:15(14) ack 21 win 62497 23:39:24.546902 IP 195.70.xx.xx.21 > 62.201.xx.xx.2241: . ack 15 win 1460 23:39:24.547247 IP 195.70.xx.xx.21 > 62.201.xx.xx.2241: P 21:55(34) ack 15 win 1460 23:39:24.762806 IP 62.201.xx.xx.2241 > 195.70.xx.xx.21: . ack 55 win 62493 23:39:30.415011 IP 62.201.xx.xx.2241 > 195.70.xx.xx.21: P 15:28(13) ack 55 win 62493 23:39:30.454116 IP 195.70.xx.xx.21 > 62.201.xx.xx.2241: . ack 28 win 1460 23:39:31.036283 IP 195.70.xx.xx.21 > 62.201.xx.xx.2241: P 55:78(23) ack 28 win 1460 23:39:31.053018 IP 62.201.xx.xx.2241 > 195.70.xx.xx.21: P 28:34(6) ack 78 win 62490 23:39:31.053042 IP 195.70.xx.xx.21 > 62.201.xx.xx.2241: . ack 34 win 1460 23:39:31.053268 IP 195.70.xx.xx.21 > 62.201.xx.xx.2241: P 78:97(19) ack 34 win 1460 23:39:31.068969 IP 62.201.xx.xx.2241 > 195.70.xx.xx.21: P 34:40(6) ack 97 win 62488 23:39:31.069148 IP 195.70.xx.xx.21 > 62.201.xx.xx.2241: P 97:112(15) ack 40 win 1460 23:39:31.069179 IP 195.70.xx.xx.21 > 62.201.xx.xx.2241: P 112:119(7) ack 40 win 1460 23:39:31.076981 IP 62.201.xx.xx.2241 > 195.70.xx.xx.21: . ack 119 win 62485 23:39:31.077010 IP 195.70.xx.xx.21 > 62.201.xx.xx.2241: P 119:177(58) ack 40 win 1460 23:39:31.114979 IP 62.201.xx.xx.2241 > 195.70.xx.xx.21: P 40:45(5) ack 177 win 62478 23:39:31.115164 IP 195.70.xx.xx.21 > 62.201.xx.xx.2241: P 177:186(9) ack 45 win 1460 23:39:31.180966 IP 62.201.xx.xx.2241 > 195.70.xx.xx.21: P 45:53(8) ack 186 win 62476 23:39:31.181066 IP 195.70.xx.xx.21 > 62.201.xx.xx.2241: P 186:216(30) ack 53 win 1460 23:39:31.213065 IP 62.201.xx.xx.2241 > 195.70.xx.xx.21: P 53:80(27) ack 216 win 62473 23:39:31.213180 IP 195.70.xx.xx.21 > 62.201.xx.xx.2241: P 216:267(51) ack 80 win 1460 23:39:31.251086 IP 62.201.xx.xx.2241 > 195.70.xx.xx.21: P 80:86(6) ack 267 win 62466 23:39:31.251498 IP 195.70.xx.xx.20 > 62.201.xx.xx.5001: S 2640780713:2640780713(0) win 5840 <mss 1460,sackOK,timestamp 2054371220 0,nop,wscale 2> 23:39:31.290979 IP 195.70.xx.xx.21 > 62.201.xx.xx.2241: . ack 86 win 1460 23:39:34.251489 IP 195.70.xx.xx.20 > 62.201.xx.xx.5001: S 2640780713:2640780713(0) win 5840 <mss 1460,sackOK,timestamp 2054374220 0,nop,wscale 2> 23:39:40.249625 IP 195.70.xx.xx.20 > 62.201.xx.xx.5001: S 2640780713:2640780713(0) win 5840 <mss 1460,sackOK,timestamp 2054380220 0,nop,wscale 2> 23:39:43.695108 IP 195.70.xx.xx.21 > 62.201.xx.xx.1057: P 2280716551:2280716588(37) ack 3838413728 win 5840 23:39:52.248791 IP 195.70.xx.xx.20 > 62.201.xx.xx.5001: S 2640780713:2640780713(0) win 5840 <mss 1460,sackOK,timestamp 2054392220 0,nop,wscale 2> 23:40:16.245159 IP 195.70.xx.xx.20 > 62.201.xx.xx.5001: S 2640780713:2640780713(0) win 5840 <mss 1460,sackOK,timestamp 2054416221 0,nop,wscale 2> 23:40:29.853685 IP 195.70.xx.xx.21 > 62.201.xx.xx.1057: FP 37:51(14) ack 1 win 5840 23:40:31.241951 IP 195.70.xx.xx.21 > 62.201.xx.xx.2241: P 267:304(37) ack 86 win 1460 23:40:31.381708 IP 62.201.xx.xx.2241 > 195.70.xx.xx.21: . ack 304 win 62462

    Read the article

  • how IP ban system works

    - by Remus Rigo
    hi all Can anyone tell me how the IP ban system works. I have Dynamic IP, every time i start my PC I have a different IP. I want to know how a site (like a chat system) knows my IP and it keeps me banned... thanks

    Read the article

  • Server 2008, 2 NICs, 2 fixed IPs - big delays using internet

    - by user46055
    Hi geniuses I have an all in one Windows 2008 server, configured with AD/DHCP/DNS/RRAS - all set up with wizards and no specific tweaking. The server has 2 network adapters : one of which ("MyWAN") is plugged into our office's internet connection, the other ("MyLAN") is plugged into a local switch, which is also where all our desktops are connected. So this one server is doing everything. When first set up, MyLAN had a fixed IP of 192.168.2.1 and served the desktops with DHCP scope 192.168.2.50-99. It also told them to use 192.168.2.1 as DNS and gateway. MyWAN was setup to take its IP etc from DHCP, being handled by the building's router and ADSL modem etc. All desktops were setup to use DHCP. This all worked perfectly fine, until I recently changed MyWAN to have a static IP (I wanted to access it from home, and needed to give it a static IP to port map in the building's router). Things still work, but there is now a long delay when accessing the internet. The actual speed is as before when downloading, but there is a pause of 3-6 secs when connecting to new hosts (for example if I browse to slashdot from either a desktop or the server itself, it'll hang on connecting to slashdot.org, hang again on connecting to *.fsdn, *.google-analytics.com and all the other hosts referenced from the main page). If I ping slashdot.org from the server, I get the following : Pinging slashdot.org [216.34.181.45] with 32 bytes of data: Reply from 192.168.2.1: Destination host unreachable. Reply from 216.34.181.45: bytes=32 time=99ms TTL=239 Reply from 216.34.181.45: bytes=32 time=100ms TTL=239 Reply from 216.34.181.45: bytes=32 time=101ms TTL=239 Pinging anywhere external always seems to hit 192.168.2.1 first, which doesn't seem right. Trying tracert from the server gives the following : Tracing route to slashdot.org [216.34.181.45] over a maximum of 30 hops: 1 MYSERVER01.intranet [192.168.2.1] reports: Destination host unreachable Trying tracert from a desktop gives the following : Tracing route to slashdot.org [216.34.181.45] over a maximum of 30 hops: 1 <1 ms * <1 ms MYSERVER [192.168.2.1] 2 * * * Request timed out. 3 6 ms 6 ms 6 ms dsl-gw1.ge.mer.uk.webtapestry.net [217.151.111.17] 4 38 ms 239 ms 251 ms gw-router.ge.mer.uk.webtapestry.net [217.151.111.13] ...and then all is fine after that. I think that DNS is working fine because the domain names are getting translated to correct IPs immediately. DHCP seems to be okay? So perhaps it's something up with my RRAS setup - although I can't see any option during the setup wizard which I would have filled in differently. I've also tried changing the binding order of the two network connections, to prioritise MyWAN, but that doesn't seem to have done anything. Any idea what's up? Many thanks - Rob

    Read the article

  • Cloud services, Public IPs and SIP

    - by Guido N
    I'm trying to run a custom SIP software (which uses JAIN SIP 1.2) on a cloud box. What I'd really like is to have a real public IP aka which is listed by "ifconfig -a" command. This is because atm I don't want to write additional SIP code / add a SIP proxy in order to manage private IP addresses / address translation. I gave Amazon EC2 a go, but as reported here http://stackoverflow.com/questions/10013549/sip-and-ec2-elastic-ips it's not fit for purpose (they do a 1:1 NAT translation between the private IP of the box and its Elastic IP). Does anyone know of a cloud service that provides real static public IP addresses?

    Read the article

  • ftp connection problem, vsftp server, active mode

    - by Mark Szente
    I have a server that runs vsftpd to handle ftp connections. One of my users have a notebook with Total Commander and WinSCP installed. Both ftp clients fail right after the connection is established to the server and it tries to download the directory listing with the following error message: Timeout detected. Could not retrieve directory listing PORT command successful. Consider using PASV. Error listing directory '/'. The weird thing is: the notebook works perfectly ok with other ftp servers. My ftp server also works well with other clients. In fact, this user also has a pc running on the same LAN as the notebook and the pc works well with the ftp server. We use PORT ftp connection mode. Passive mode works well but is not an option at this point. I would post more technical details but I don't even know what this problem is related to. Anyway, below is the server side tcpdump for the failed connection attempt. There's no further communication between the client and the server after the last line of log. Thank you very much for any hint! 23:39:24.514852 IP 62.201.xx.xx.2241 > 195.70.xx.xx.21: S 1314489715:1314489715(0) win 65535 <mss 1460,nop,wscale 3,nop,nop,sackOK> 23:39:24.514896 IP 195.70.xx.xx.21 > 62.201.xx.xx.2241: S 2633658883:2633658883(0) ack 1314489716 win 5840 <mss 1460,nop,nop,sackOK,nop,wscale 2> 23:39:24.520842 IP 62.201.xx.xx.2241 > 195.70.xx.xx.21: . ack 1 win 62500 23:39:24.523803 IP 195.70.xx.xx.21 > 62.201.xx.xx.2241: P 1:21(20) ack 1 win 1460 23:39:24.546858 IP 62.201.xx.xx.2241 > 195.70.xx.xx.21: P 1:15(14) ack 21 win 62497 23:39:24.546902 IP 195.70.xx.xx.21 > 62.201.xx.xx.2241: . ack 15 win 1460 23:39:24.547247 IP 195.70.xx.xx.21 > 62.201.xx.xx.2241: P 21:55(34) ack 15 win 1460 23:39:24.762806 IP 62.201.xx.xx.2241 > 195.70.xx.xx.21: . ack 55 win 62493 23:39:30.415011 IP 62.201.xx.xx.2241 > 195.70.xx.xx.21: P 15:28(13) ack 55 win 62493 23:39:30.454116 IP 195.70.xx.xx.21 > 62.201.xx.xx.2241: . ack 28 win 1460 23:39:31.036283 IP 195.70.xx.xx.21 > 62.201.xx.xx.2241: P 55:78(23) ack 28 win 1460 23:39:31.053018 IP 62.201.xx.xx.2241 > 195.70.xx.xx.21: P 28:34(6) ack 78 win 62490 23:39:31.053042 IP 195.70.xx.xx.21 > 62.201.xx.xx.2241: . ack 34 win 1460 23:39:31.053268 IP 195.70.xx.xx.21 > 62.201.xx.xx.2241: P 78:97(19) ack 34 win 1460 23:39:31.068969 IP 62.201.xx.xx.2241 > 195.70.xx.xx.21: P 34:40(6) ack 97 win 62488 23:39:31.069148 IP 195.70.xx.xx.21 > 62.201.xx.xx.2241: P 97:112(15) ack 40 win 1460 23:39:31.069179 IP 195.70.xx.xx.21 > 62.201.xx.xx.2241: P 112:119(7) ack 40 win 1460 23:39:31.076981 IP 62.201.xx.xx.2241 > 195.70.xx.xx.21: . ack 119 win 62485 23:39:31.077010 IP 195.70.xx.xx.21 > 62.201.xx.xx.2241: P 119:177(58) ack 40 win 1460 23:39:31.114979 IP 62.201.xx.xx.2241 > 195.70.xx.xx.21: P 40:45(5) ack 177 win 62478 23:39:31.115164 IP 195.70.xx.xx.21 > 62.201.xx.xx.2241: P 177:186(9) ack 45 win 1460 23:39:31.180966 IP 62.201.xx.xx.2241 > 195.70.xx.xx.21: P 45:53(8) ack 186 win 62476 23:39:31.181066 IP 195.70.xx.xx.21 > 62.201.xx.xx.2241: P 186:216(30) ack 53 win 1460 23:39:31.213065 IP 62.201.xx.xx.2241 > 195.70.xx.xx.21: P 53:80(27) ack 216 win 62473 23:39:31.213180 IP 195.70.xx.xx.21 > 62.201.xx.xx.2241: P 216:267(51) ack 80 win 1460 23:39:31.251086 IP 62.201.xx.xx.2241 > 195.70.xx.xx.21: P 80:86(6) ack 267 win 62466 23:39:31.251498 IP 195.70.xx.xx.20 > 62.201.xx.xx.5001: S 2640780713:2640780713(0) win 5840 <mss 1460,sackOK,timestamp 2054371220 0,nop,wscale 2> 23:39:31.290979 IP 195.70.xx.xx.21 > 62.201.xx.xx.2241: . ack 86 win 1460 23:39:34.251489 IP 195.70.xx.xx.20 > 62.201.xx.xx.5001: S 2640780713:2640780713(0) win 5840 <mss 1460,sackOK,timestamp 2054374220 0,nop,wscale 2> 23:39:40.249625 IP 195.70.xx.xx.20 > 62.201.xx.xx.5001: S 2640780713:2640780713(0) win 5840 <mss 1460,sackOK,timestamp 2054380220 0,nop,wscale 2> 23:39:43.695108 IP 195.70.xx.xx.21 > 62.201.xx.xx.1057: P 2280716551:2280716588(37) ack 3838413728 win 5840 23:39:52.248791 IP 195.70.xx.xx.20 > 62.201.xx.xx.5001: S 2640780713:2640780713(0) win 5840 <mss 1460,sackOK,timestamp 2054392220 0,nop,wscale 2> 23:40:16.245159 IP 195.70.xx.xx.20 > 62.201.xx.xx.5001: S 2640780713:2640780713(0) win 5840 <mss 1460,sackOK,timestamp 2054416221 0,nop,wscale 2> 23:40:29.853685 IP 195.70.xx.xx.21 > 62.201.xx.xx.1057: FP 37:51(14) ack 1 win 5840 23:40:31.241951 IP 195.70.xx.xx.21 > 62.201.xx.xx.2241: P 267:304(37) ack 86 win 1460 23:40:31.381708 IP 62.201.xx.xx.2241 > 195.70.xx.xx.21: . ack 304 win 62462

    Read the article

  • Keep source IP after NAT

    - by John Miller
    Until today I used a cheapy router so I can share my internet connection and keep a webserver online too, while using NAT. Users IP ($_SERVER['REMOTE_ADDR']) was fine, I was seeing class A IPs of users. But as traffic grown up everyday, I had to install a Linux Server (Debian) to share my Internet Connection, because my old router couldn't keep the traffic anymore. I shared the internet via IPTABLES using NAT, but now, after forwarding port 80 to my webserver, now instead of seeing real users IP, I see my Gateway IP (Linux Internal IP) as any user IP Address. How to solve this issue? I edited my post, so I can paste the rules I'm currently using. #!/bin/sh #I made a script to set the rules #I flush everything here. iptables --flush iptables --table nat --flush iptables --delete-chain iptables --table nat --delete-chain iptables -F iptables -X # I drop everything as a general rule, but this is disabled under testing # iptables -P INPUT DROP # iptables -P OUTPUT DROP # these are the loopback rules iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT # here I set the SSH port rules, so I can connect to my server iptables -A INPUT -p tcp --sport 513:65535 --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -p tcp --sport 22 --dport 513:65535 -m state --state ESTABLISHED -j ACCEPT # These are the forwards for 80 port iptables -t nat -A PREROUTING -p tcp -s 0/0 -d xx.xx.xx.xx --dport 80 -j DNAT --to 192.168.42.3:80 iptables -t nat -A POSTROUTING -o eth0 -d xx.xx.xx.xx -j SNAT --to-source 192.168.42.3 iptables -A FORWARD -p tcp -s 192.168.42.3 --sport 80 -j ACCEPT # These are the forwards for bind/dns iptables -t nat -A PREROUTING -p udp -s 0/0 -d xx.xx.xx.xx --dport 53 -j DNAT --to 192.168.42.3:53 iptables -t nat -A POSTROUTING -o eth0 -d xx.xx.xx.xx -j SNAT --to-source 192.168.42.3 iptables -A FORWARD -p udp -s 192.168.42.3 --sport 53 -j ACCEPT # And these are the rules so I can share my internet connection iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE iptables -A FORWARD -i eth0:1 -j ACCEPT If I delete the MASQUERADE part, I see my real IP while echoing it with PHP, but I don't have internet. How to do, to have internet and see my real IP while ports are forwarded too? ** xx.xx.xx.xx - is my public IP. I hid it for security reasons.

    Read the article

  • Using iptables to forward traffic destined for specific ip via specific interface

    - by shapeshifter
    I want to forward traffic destined for a specific ip from my internal network via a specific interface. I have two interfaces which are currently load balanced. I need all requests for a certain ip to go out via eth0 otherwise my external ip changes and sessions are dropped. eg. all requests from 10.1.1.1/24 to ip 11.22.33.44 on port 443 must go out via interface eth0. How can I do this with iptables?

    Read the article

  • Windows SMTP Server Outbound IP

    - by Josh
    I have a Windows 2008 server that has three IP bound to the NIC. I can select which IP Windows SMTP listens to, but I want to also set the IP address used when mail is sent. Where would I set which IP to use when sending email?

    Read the article

  • HTTP: can GET and POST requests from a same machine come from different IPs?

    - by NoozNooz42
    I'm pretty sure I remember reading --but cannot find back the links anymore-- about this: on some ISP (including at least one big ISP in the U.S.) it is possible to have a user's GET and POST request appearing to come from different IPs. (note that this is totally programming related, and I'll give an example below) I'm not talking about having your IP adress dynamically change between two requests. I'm talking about this: IP 1: 123.45.67.89 IP 2: 101.22.33.44 The same user makes a GET, then a POST, then a GET again, then a POST again and the servers see this: - GET from IP 1 - POST from IP 2 - GET from IP 1 - POST from IP 2 So altough it's the same user, the webserver sees different IPs for the GET and the POSTs. Surely seen that HTTP is a stateless protocol this is perfectly legit right? I'd like to find back the explanation as to how/why certain ISP have their networks configured such that this may happen. I'm asking because someone asked me to implement the following IP filter and I'm pretty sure it is fundamentally broken code (breaking havoc for at least one major american ISP users). Here's a Java servlet filter that is supposed to protect against some attacks. The reasoning is that: "For any session filter checks that IP address in the request is the same that was used when session was created. So in this case session ID could not be stolen for forming fake sessions." http://www.servletsuite.com/servlets/protectsessionsflt.htm However I'm pretty sure this is inherently broken because there are ISPs where you may see GET and POST coming from different IPs. Any info on this subject is very welcome.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 38 39 40 41 42 43 44 45 46 47 48 49  | Next Page >