Search Results

Search found 1177 results on 48 pages for 'ips'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 43/48 | < Previous Page | 39 40 41 42 43 44 45 46 47 48  | Next Page >

  • ????????????????? Oracle Solaris ??? - Solaris 11 ????

    - by kazun
    ???????????????? OS ????????????????????? 20 ??????????????????? Solaris?????????????????????? OS????????????????????????Solaris ???????????????????? ??????Solaris ?????????????? 4 ????????????????????? Oracle Solaris 11 ??????????????? [????????????]???? ?(????????????? ???)???? ?(??????????????)???? ?(????????)???? ?(?????????????????)(50??) Oracle Solaris 11 ??????? ???:Oracle Solaris 11??????? Solaris ??????????????????????????????????????????????Oracle Solaris 10 ?????????????????Oracle Solaris 11 ???Oracle Solaris ???????????????????????????????????????????????????????????????????????????????????Oracle Solaris ??????????????????????????Oracle Solaris ????????????????????????????????????????? ??:??????????????????????????????????????????????????????????????????????????????????Oracle Solaris 11 ????????????????????????????????????????????????????????????????????????????????????????????????Oracle Solaris 11 ????????????? ???:Oracle Solaris 11 ????????????????????????????????????????????????????????????Oracle Solaris ??????????????????????Solaris ????????????????????????Oracle Solaris 11 ?????????????????????????????????????????????????????????????????????? Oracle Solaris 11 ??????????????? ??:???????????????????ZFS?????????????Oracle Solaris ???????????????????????????????????????IPS???????????????????????? ??:?????????????????????? OS ??????????????????????????????????????????????????????????????????? OS ????? Oracle Solaris 11 ??? ??:????????????????????????????????????????????????? Oracle Solaris 11 ???????????????????????????????????????????????????????? ??:????????????????????Solaris Trusted Extensions ? Solaris ????????????Privilege ????????????????????????????????Solaris 10 ???????????????????? ??:UNIX ?????????????????????????????????????Oracle Solaris 11 ??????????????????????????????????????????????????ZFS ??????????????????????????????????????????????????Oracle Solaris ?????????????????????????????????? ???:Oracle Solaris ????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????Oracle Solaris 11 ??????????????????????????????????????????????????? ?????????????Oracle Solaris 11 ??:Oracle Solaris ?????????????????????????????????????????????????????????????????? ZFS ?????????????????????????????????????????????? ??:?????????????????????????????????????????????????????????????????????Oracle Solaris ??????????????????????? ??:DTrace ????????????????????????????????????????????????????????????? ??:???????????????????????????????????????????????????????????????????????????????????????? ???:?????????????????????????????????????????????????????????????????????????Solaris ???????????????????????????????????????????????????????????????????????????? ??:?????????????????? Solaris 10 ?????????????????????????????????????? ???:ISV ??????????????????????????????? ????????????????? T4 ??????????????? T ?????? 5 ???????????????????????????????????? CPU ?????????????????? OS ? Solaris ??????????????????????????????????????????????? ??:???????????????? OS ???? Solaris ???????????????????????????????????????????????????? Oracle Solaris ????????? ??:???????????????????????????????????????????????????????????????????????????????????????? ZFS ?????????????????????????ZFS ??????????????????????????????????????? ???:Linux ??????????????????????????Solaris 11 ?????????????????????? GNU ????????????????????????????Solaris ?????????(Oracle Solaris Studio)????????????? Oracle Solaris Studio ?Linux??????????????Linux ??????????? Solaris ????????????????Linux ? Oracle Solaris Studio ?????????????????????????? Solaris ??????????????????? ??:??????????????????????????????????????????????????????????????????????????????????????????????????????????????????BCP(??????)??????????????????? ??:???????? Solaris 11 ?????? IA Server ?????????????????????????????????????????????…???????????Windows ????????????????????? Oracle Virtual Box ????????? Oracle Solaris 11 ??????????? ??:???Oracle Solaris ????????(?)??????????????ZFS???DTrace?????????????????????????????????????Solaris ?????????????????????????????????????????????????????????????????????????????Solaris ????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? ??:??? 3 ??????????????????????????????????????Oracle Solaris 11 ???????????? ??:???????????????????? OS ??????????????????????????Oracle Solaris 11 ???????????????????????????????????????????????????????????????? ???:???????????? Solaris ???????????????Solaris 10 ???? 6 ??????????????????????????????????Oracle Solaris ?????????????????????????????? ?????? Oracle Solaris 10 Oracle Solaris 11

    Read the article

  • AWS Amazon EC2 - password-less SSH login for non-root users using PEM keypairs

    - by Mark White
    We've got a couple of clusters running on AWS (HAProxy/Solr, PGPool/PostgreSQL) and we've setup scripts to allow new slave instances to be auto-included into the clusters by updating their IPs to config files held on S3, then SSHing to the master instance to kick them to download the revised config and restart the service. It's all working nicely, but in testing we're using our master pem for SSH which means it needs to be stored on an instance. Not good. I want a non-root user that can use an AWS keypair who will have sudo access to run the download-config-and-restart scripts, but nothing else. rbash seems to be the way to go, but I understand this can be insecure unless setup correctly. So what security holes are there in this approach: New AWS keypair created for user.pem (not really called 'user') New user on instances: user Public key for user is in ~user/.ssh/authorized_keys (taken by creating new instance with user.pem, and copying it from /root/.ssh/authorized_keys) Private key for user is in ~user/.ssh/user.pem 'user' has login shell of /home/user/bin/rbash ~user/bin/ contains symbolic links to /bin/rbash and /usr/bin/sudo /etc/sudoers has entry "user ALL=(root) NOPASSWD: ~user/.bashrc sets PATH to /home/user/bin/ only ~user/.inputrc has 'set disable-completion on' to prevent double tabbing from 'sudo /' to find paths. ~user/ -R is owned by root with read-only access to user, except for ~user/.ssh which has write access for user (for writing known_hosts), and ~user/bin/* which are +x Inter-instance communication uses 'ssh -o StrictHostKeyChecking=no -i ~user/.ssh/user.pem user@ sudo ' Any thoughts would be welcome. Mark...

    Read the article

  • Static IP for dynamic IP

    - by scape279
    I have a dynamic IP address. I would like to have a static IP, but Virgin Media don't allow static IPs for residential broadband services, even if you ask them really nicely and offer to pay for it without switching to a business tariff. I am already registered with a dynamic DNS service which is updated by my router eg me.example.com will always resolve to my dynamic IP. This is fine for some circumstances, but not if you can only enter an IP address into configuration files/hardware etc like firewalls, subversion services etc etc. Is there a way I can have a static IP address 'forwarding' to my dynamic IP? Would a possible solution involve tunnelling? Setting up a private proxy? Please note the following: I am able to buy an IP address from my web host. I have access to a webserver and I am able to create custom DNS zones. I'm happy to have a webserver running at home if necessary also. I do not wish to change broadband providers. I have zero control over the services that require the IP address entering so I cannot tackle the problem that way round (services I need to access are at work). PS I've tried googling this issue, but it is very difficult to search for as most results are related to dynamic dns (which I already have set up and isnt quite what I'm after)

    Read the article

  • HTTP Error: 400 when sending msmq message over http

    - by dontera
    I am developing a solution which will utilize msmq to transmit data between two machines. Due to the seperation of said machines, we need to use HTTP transport for the messages. In my test environment I am using a Windows 7 x64 development machine, which is attempting to send messages using a homebrew app to any of several test machines I have control over. All machines are either windows server 2003 or server 2008 with msmq and msmq http support installed. For any test destination, I can use the following queue path name with success: FORMATNAME:DIRECT=TCP:[machine_name_or_ip]\private$\test_queue But for any test destination, the following always fails FORMATNAME:DIRECT=HTTP://[machine_name_or_ip]/msmq/private$/test_queue I have used all permutations of machine names/ips available. I have created mappings using the method described at this blog post. All result in the same HTTP Error: 400. The following is the code used to send messages: MessageQueue mq = new MessageQueue(queuepath); System.Messaging.Message msg = new System.Messaging.Message { Priority = MessagePriority.Normal, Formatter = new XmlMessageFormatter(), Label = "test" }; msg.Body = txtMessageBody.Text; msg.UseDeadLetterQueue = true; msg.UseJournalQueue = true; msg.AcknowledgeType = AcknowledgeTypes.FullReachQueue | AcknowledgeTypes.FullReceive; msg.AdministrationQueue = new MessageQueue(@".\private$\Ack"); if (SendTransactional) mq.Send(msg, MessageQueueTransactionType.Single); else mq.Send(msg); Additional Information: in the IIS logs on the destination machines I can see each message I send being recorded as a POST with a status code of 200. I am open to any suggestions.

    Read the article

  • Running multiple instances of tomcat in eclipse WTP

    - by lisak
    Hey, SCENARIO: 10 CATALINA_BASEs with own configuration (always the same port numbers 8080, but 10 different IP/hostnames on one host via virtual IPs). created a server in WTP and pick "Use the custom location" option in the server configuration in eclipse. New configuration files are created in workspace/Server/server-name-config/ Set up the server path and deploy path for my catalina base (not the internal .metadata one) After I started it, the new configuration files overwrote the original catalina-base/conf files I had there - I was glad, it should be like this but after I made changes in the eclipse config files workspace/Server/server-name-config/ and restarted the server, the changes didn't appeared in the original files in CATALINA_BASE/conf What the hell is that ? So I set the CATALINA_BASE/conf/server.xml to fault configuration and restarted tomcat from eclipse and it worked ! it took the configuration from /Server/server-name-config/server.xml Then I deleted CATALINA_BASE/conf/server.xml and it said that there is no server.xml in catalina base ! How is it possible ? I don't understand why eclipse WTP developers made so tight integration. There should by just symbolic links in /Server/server-name-config/ pointing to CATALINA_BASE/conf/ ... now there is a weird system which is totally unpredictable. The changes in /Server/server-name-config/ are not reflected in CATALINA_BASE/conf ... from where the standard bootstrap.jar or other catalina classloaders and classes build server, engine and other objects with particular setting. Moreover the CATALINA_BASEs could be used outside eclipse then. The second problem, I'm setting up various things in CATALINA_BASE/bin/startup.sh and setenv.sh which is easy cause I can use bash for it. Is then modifying VM parameters in the "Open launch configuration" settings the only way how to do it in eclipse ? Sorry for such a huge pile of questions, but I'm annoyed by the fact that it is much better to not use eclipse WTP for this because it is very poorly designed and it's a shame because this would spare me a lot of time. And using the internal .metadata/ instances it's even more terrifying way that the one I described.

    Read the article

  • Bind WCF webservice to specific network interface / IP

    - by Markus
    On a machine with multiple network cards I need to bind a WCF webservice to a specific network interface. It seems that the default is to bind on all network interfaces. The machine has two network adapters with the IPs 192.168.0.10 and 192.168.0.11. I have an Apache running that binds on 192.168.0.10:80 and need to run the webservice on 192.168.0.11:80. (Due to external circumstances I cannot choose another port.) I tried the following: string endpoint = "http://192.168.0.11:80/SOAP"; ServiceHost = new ServiceHost(typeof(TService), new Uri(endpoint)); ServiceHost.AddServiceEndpoint(typeof(TContract), Binding, ""); // or: ServiceHost.AddServiceEndpoint(typeof(TContract), Binding, endpoint); But it doesn't work; netstat -ano -p tcp always shows the webservice listening on 0.0.0.0:80, which is all interfaces (if I got that correct). When I start Apache first, it correctly binds to the other interface, which in turn prevents the WCF service to bind to "all". Any ideas?

    Read the article

  • gethostbyname fails for local hostname after resuming from hibernate (Vista+7?)

    - by John
    Just wondering if anyone else has spotted this: On some user's machines running our software, occasionally the call to Win32 winsock gethostbyname fails with error code 11004. For the argument to gethostbyname, I'm passing in the result from gethostname. Now the docs say 11004 is WSANO_DATA. None of the descriptions seem to be relevant (it occurs if you pass in an IP6 address, but as I say, I'm passing in a hostname). Even more interesting is that the MSDN suggests that this combination (gethostname followed by gethostbyname) should never fail, not even if there is no IP address (in that case it would just return empty list of IPs). Here is the quote from the gethostname MSDN entry: ...it is guaranteed that the name returned will be successfully parsed by gethostbyname and WSAAsyncGetHostByName. It only ever happens after resuming from hibernate, in that short period when the network is restarting, and only on Vista/7 (well I've only seen it on Vista and 7). One theory I had was that it related to IP6. Maybe for a short period the network reports an IP6 address but not the corresponging IP4 address (I'm pretty sure that all the client machines are dual IP stack, but I could be wrong). I tried to reproduce by turning off my network card (to force no IP addresses) and couldn't reproduce. Anyone seen this before? Any ideas? John

    Read the article

  • php funciton problem

    - by Holian
    Hello, i have this little script, which should ping the IPs in the host_to_ping array. This php is called with JS in the index.html. But somethin' wrong, 'coz the $rval is always 1 (which mean the host is unreachable). But i know that the first two host is alive. So i print the $res variable, and i see the message: Need to give the IP. I dont understand why dont replace the $host variable to the actual IP address in the function. <?php function ping($host) { exec(sprintf('ping -n 4', escapeshellarg($host)), $res, $rval); print_r($res); return $rval === 0; } $hosts_to_ping = array('10.54.23.254', '10.22.23.254', '10.23.66.134'); ?> <ul> <?php foreach ($hosts_to_ping as $host): ?> <li> <?php echo $host; ?> <?php $up = ping($host); ?> (<img src="<?php echo $up ? 'on' : 'off'; ?>" alt="<?php echo $up ? 'up' : 'down'; ?>">) </li> <?php endforeach; ?> </ul>

    Read the article

  • Limit TCP requests per IP

    - by asmo
    Hello! I'm wondering how to limit the TCP requests per client (per specific IP) in Java. For example, I would like to allow a maximum of X requests per Y seconds for each client IP. I thought of using static Timer/TimerTask in combination with a HashSet of temporary restricted IPs. private static final Set<InetAddress> restrictedIPs = Collections.synchronizedSet(new HashSet<InetAddress>()); private static final Timer restrictTimer = new Timer(); So when a user connects to the server, I add his IP to the restricted list, and start a task to unrestrict him in X seconds. restrictedIPs.add(socket.getInetAddress()); restrictTimer.schedule(new TimerTask() { public void run() { restrictedIPs.remove(socket.getInetAddress()); } }, MIN_REQUEST_INTERVAL); My problem is that at the time the task will run, the socket object may be closed, and the remote IP address won't be accessible anymore... Any ideas welcomed! Also, if someone knows a Java-framework-built-in way to achieve this, I'd really like to hear it.

    Read the article

  • How to reliably identify users across Internet?

    - by amn
    I know this is a big one. In fact, it may be used for some SO community wiki. Anyways, I am running a website that DOES NOT use explicit authentication of users. It's public as in open to everybody. However, due to the nature of the service, some users need to be locked out due to misbehavior. I am currently blocking IP addresses, but I am aware of the supposed fact that many people purposefully reset their DHCP client cache to have their ISP assign them new addresses. Is that a fact? I think it certainly is a lucrative possibility for some people who want to circumvent being denied access. So IPs turn out to be a suboptimal way of dealing with this. But there is nothing else, is it? MAC addresses don't survive on WAN (change from hop to hop?), and even if they did - these can also be spoofed, although I think less easily than IP renewal. Cookies and even Flash cookies are out of the question, because there are tons of "tutorials" how to wipe these, and those intent on wreaking havoc on Internet are well aware and well equipped against such rudimentary measures I would employ. Is there anything else to lean on? I was thinking heuristical profiling - collecting available data from client-side and forming some key with it, but have not gone as far as to implementing it - is it an option?

    Read the article

  • Proper way to scan a range of IP addresses

    - by Josh G
    Given a range of IP addresses entered by a user (through various means), I want to identify which of these machines have software running that I can talk to. Here's the basic process: Ping these addresses to find available machines Connect to a known socket on the available machines Send a message to the successfully established sockets Compare the response to the expected response Steps 2-4 are straight forward for me. What is the best way to implement the first step in .NET? I'm looking at the System.Net.NetworkInformation.Ping class. Should I ping multiple addresses simultaneously to speed up the process? If I ping one address at a time with a long timeout it could take forever. But with a small timeout, I may miss some machines that are available. Sometimes pings appear to be failing even when I know that the address points to an active machine. Do I need to ping twice in the event of the request getting discarded? To top it all off, when I scan large collections of addresses with the network cable unplugged, Ping throws a NullReferenceException in FreeUnmanagedResources(). !? Any pointers on the best approach to scanning a range of IPs like this?

    Read the article

  • How do i set the proxy and SOCKs in libcurl?

    - by acidzombie24
    I am trying to configure my .NET app to use a proxy. My source is in C# but i learned CURL via C++. My question is where do i put the SOCKs IP and port? i looked through the documentation and didnt see it. I believe that is what is causing me these problems. When i run this code it will quiet literally timeout and not call my header function or writer function. If i comment out the first two curlopt lines (the two proxy lines) my code runs with no problems. In firefox i set the http proxy and SOCKs host separately, they are different IPs and ports. How do i set the sock part, the below has the dummy proxy set but i cant figure out the socks part. static void Main(string[] args) { SeasideResearch.LibCurlNet.Curl.GlobalInit((int)SeasideResearch.LibCurlNet.CURLinitFlag.CURL_GLOBAL_ALL); var curl = new Easy(); { curl.SetOpt(CURLoption.CURLOPT_PROXY, "http://127.0.0.1:1234"); curl.SetOpt(CURLoption.CURLOPT_PROXYTYPE, CURLproxyType.CURLPROXY_SOCKS5); curl.SetOpt(CURLoption.CURLOPT_URL, "http://whatismyipaddress.com/ip-lookup"); curl.SetOpt(CURLoption.CURLOPT_FOLLOWLOCATION, 1); curl.SetOpt(CURLoption.CURLOPT_USERAGENT, @"Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2b5) Gecko/20091204 Firefox/3.6b5"); curl.SetOpt(CURLoption.CURLOPT_HEADERFUNCTION, hf); curl.SetOpt(CURLoption.CURLOPT_HEADERDATA, data); curl.SetOpt(CURLoption.CURLOPT_WRITEFUNCTION, wf); curl.SetOpt(CURLoption.CURLOPT_WRITEDATA, sw); curl.SetOpt(CURLoption.CURLOPT_SSL_VERIFYPEER, 0); curl.Perform(); var sz = sw.ToString(); var myrealip = sz.IndexOf("12.34.56.78") !=-1; } //Console.WriteLine(sz); SeasideResearch.LibCurlNet.Curl.GlobalCleanup(); }

    Read the article

  • Quick and easy flood protection?

    - by James P
    I have a site where a user submits a message using AJAX to a file called like.php. In this file the users message is submitted to a database and it then sends a link back to the user. In my Javascript code I disabled the text box the user types into when they submit the AJAX request. The only problem is, a malicious user can just constantly send POST requests to like.php and flood my database. So I would like to implement simple flood protection. I don't really want the hassle of another database table logging users IPs and such... as if they are flooding my site there will be a lot of database read/writes slowing it down. I thought about using sessions, like have a session that contains a timestamp that gets checked every time they send data to like.php, and if the current time is before the timestamp let them add data to the database, otherwise send out an error and block them. If they are allowed to enter something into the database, update their session with a new timestamp. What do you think? Would this be the best way to go about it or are there easier alternatives? Thanks for any help. :)

    Read the article

  • Design for fastest page download

    - by mexxican
    I have a file with millions of URLs/IPs and have to write a program to download the pages really fast. The connection rate should be at least 6000/s and file download speed at least 2000 with avg. 15kb file size. The network bandwidth is 1 Gbps. My approach so far has been: Creating 600 socket threads with each having 60 sockets and using WSAEventSelect to wait for data to read. As soon as a file download is complete, add that memory address(of the downloaded file) to a pipeline( a simple vector ) and fire another request. When the total download is more than 50Mb among all socket threads, write all the files downloaded to the disk and free the memory. So far, this approach has been not very successful with the rate at which I could hit not shooting beyond 2900 connections/s and downloaded data rate even less. Can somebody suggest an alternative approach which could give me better stats. Also I am working windows server 2008 machine with 8 Gig of memory. Also, do we need to hack the kernel so as we could use more threads and memory. Currently I can create a max. of 1500 threads and memory usage not going beyond 2 gigs [ which technically should be much more as this is a 64-bit machine ]. And IOCP is out of question as I have no experience in that so far and have to fix this application today. Thanks Guys!

    Read the article

  • Cookies not working for password-protected Pages on WordPress

    - by KaOSoFt
    Initially I had the issue reported in this question. Now, what I noticed is that there are some browsers that accept the password, and there are some which don't. Difference? For some reason the cookie is generated when I log in into the Administration module, but it isn't when I write down the password to access the page, forcing it to simply reload. I can see the cookie created for the log-in, but I can see none for the password-protected Page. These happens on Internet Explorer, both version 7 and 8; only on some machines, though, but most of them fail this. I already tried white-listing the URL, and even letting it accept ALL cookies, to no avail. What may be the cause? If perhaps it's got something to do with question above, please help me! Thanks in advance. PS: If you know of another, cookie-free method to make a simple authentication, please link me to it. Thanks. Oh, and by the way, this is inside an Intranet with static, class C IPs.

    Read the article

  • How can I write output to a new external file with Perl?

    - by Structure
    Maybe I am searching with the wrong keywords or this is a very basic question but I cannot find the answer to my question. I am having trouble writing the result of my whois command to a new external file. My code is below. It takes $readfilename, which is a file name which has a list of IPs, and $writefilename, which is the destination file for output. Both are user-specified. For my tests, $readfilename contains three IP addresses on three separate lines so there should be three separate whois results in the user specified output file. if ($readfilename) { open (my $inputfile, "<", $readfilename) || die "\n Cannot open the specified file. Please double check your file name and path.\n\n"; open (my $outputfile, ">", $writefilename) || die "\n Could not create write file.\n\n"; while (<$inputfile>) { my $iplookupresult = `whois $_`; print $outputfile $iplookupresult; } close $outputfile; close $inputfile; } I can execute this script and end up with a new external file, but over half of the file has binary garbage data (running on CentOS) and only one (or a portion of one) of the whois lookups is readable. I have no idea how half of my file is ending up binary... but my approach must be incorrect. Is there a better way to achieve the same result?

    Read the article

  • tightvnc authentication failure

    - by broiyan
    When I run a tightvnc client to establish a VNC session I sometimes receive an error message that suggests there are repeated failed VNC login attempts or a brute force attack. The message dialog title is "unsupported security type" and the text content is "too many authentication failures, try another connection? yes/no". This problem goes away if I reboot the Ubuntu server and reload the VNC server program and try again. From that point, it will work for multiple VNC sessions. My VNC sessions are typically about 20 minutes. At some time in the future, the problem may recur so it seems correlated to the time the server has been up or the time tightvnc has been loaded. Typically it takes only a day or so before the problem comes back. I am using tightvnc 1.3 on an server running Ubuntu 12.04. The version of vncserver is rather dated because that seems to be all that is available from tightvnc for linux servers. On the client side I use the newest Java-based VNC client (version 2.5) for both Windows access and Ubuntu access. All my VNC sessions are via SSH. I am the only user and I will typically use only the same client computer. How can I stop this problem from recurring? Edit I found the log file. This is a small excerpt of what I am seeing. Essentially, various IPs, not my own, are attempting to connect. What is the practical solution for this? 05/06/12 20:07:32 Got connection from client 69.194.204.90 05/06/12 20:07:32 Non-standard protocol version 3.4, using 3.3 instead 05/06/12 20:07:32 Too many authentication failures - client rejected 05/06/12 20:07:32 Client 69.194.204.90 gone 05/06/12 20:07:32 Statistics: 05/06/12 20:07:32 framebuffer updates 0, rectangles 0, bytes 0 05/06/12 20:24:56 Got connection from client 79.161.16.40 05/06/12 20:24:56 Non-standard protocol version 3.4, using 3.3 instead 05/06/12 20:24:56 Too many authentication failures - client rejected 05/06/12 20:24:56 Client 79.161.16.40 gone 05/06/12 20:24:56 Statistics: 05/06/12 20:24:56 framebuffer updates 0, rectangles 0, bytes 0 05/06/12 20:29:27 Got connection from client 109.230.246.54 05/06/12 20:29:27 Non-standard protocol version 3.4, using 3.3 instead 05/06/12 20:29:28 rfbVncAuthProcessResponse: authentication failed from 109.230.246.54 05/06/12 20:29:28 Client 109.230.246.54 gone 05/06/12 20:29:28 Statistics: 05/06/12 20:29:28 framebuffer updates 0, rectangles 0, bytes 0

    Read the article

  • networking through openstack installed on vm

    - by Mandar Katdare
    I am trying to set up a test installation of Openstack on a Ubuntu 12.04 VM running on a ESXi server. So far I have been able to launch the VMs on the ESXi, however am unable to assign IP addresses to them. As the VM with the Openstack installation has a single public IP, I wish to assign IPs to the VMs create through Openstack so that they can directly interact with the public network itself without having a separate private network. So I feel that bridging would not be the correct option here. But am unable to find the correct documents to go ahead with such an install. My ifconfig looks as follows: eth0 Link encap:Ethernet HWaddr 00:0c:29:6f:8a:d7 inet addr:192.168.4.167 Bcast:192.168.4.255 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:fe6f:8ad7/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:391640 errors:33 dropped:98 overruns:0 frame:0 TX packets:545044 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:40303931 (40.3 MB) TX bytes:763127348 (763.1 MB) Interrupt:18 Base address:0x2000 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:146127 errors:0 dropped:0 overruns:0 frame:0 TX packets:146127 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:799815763 (799.8 MB) TX bytes:799815763 (799.8 MB) virbr0 Link encap:Ethernet HWaddr 8a:80:33:32:63:a0 UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) The eth0 is the adapter that I intend to use for all communication. My nova.conf looks as follows: --dhcpbridge_flagfile=/etc/nova/nova.conf --dhcpbridge=/usr/bin/nova-dhcpbridge --logdir=/var/log/nova --state_path=/var/lib/nova --lock_path=/var/lock/nova --allow_admin_api=true --use_deprecated_auth=false --auth_strategy=keystone --scheduler_driver=nova.scheduler.simple.SimpleScheduler --s3_host=192.168.4.167 --ec2_host=192.168.4.167 --rabbit_host=192.168.4.167 --cc_host=192.168.4.167 --nova_url=http://192.168.4.167:8774/v1.1/ --routing_source_ip=192.168.4.167 --glance_api_servers=192.168.4.167:9292 --image_service=nova.image.glance.GlanceImageService --iscsi_ip_prefix=192.168.4 --sql_connection=mysql://novadbadmin:[email protected]/nova --ec2_url=http://192.168.4.167:8773/services/Cloud --keystone_ec2_url=http://192.168.4.167:5000/v2.0/ec2tokens --api_paste_config=/etc/nova/api-paste.ini --libvirt_type=kvm --libvirt_use_virtio_for_bridges=true --start_guests_on_host_boot=true --resume_guests_state_on_host_boot=true --vnc_enabled=true --vncproxy_url=http://192.168.4.167:6080 --vnc_console_proxy_url=http://192.168.4.167:6080 # network specific settings --network_manager=nova.network.manager.FlatDHCPManager --public_interface=eth0 --vmwareapi_host_ip=192.168.4.254 --vmwareapi_host_username=**** --vmwareapi_host_password=**** --vmwareapi_wsdl_loc=http://127.0.0.1:8080/wsdl/vim25/vimService.wsdl --fixed_range=192.168.4.190/24 --floating_range=192.168.4.190/24 --network_size=32 --flat_network_dhcp_start=192.168.4.190 --flat_injected=False --force_dhcp_release --iscsi_helper=tgtadm --connection_type=vmwareapi --root_helper=sudo nova-rootwrap --verbose --libvirt_use_virtio_for_bridges --ec2_private_dns_show --novnc_enabled=true --novncproxy_base_url=http://192.168.4.167:6080/vnc_auto.html --vncserver_proxyclient_address=192.168.4.167 --vncserver_listen=192.168.4.167 192.168.4.167 is my VM with the Openstack installation and 192.168.4.254 is my ESXi server on which the VM runs. Can anyone advice me about how to proceed? Thanks, Mandar

    Read the article

  • Cisco Pix 501 - reaching local host limit, showing odd IP addresses

    - by cdonner
    I am running out of licenses on my Pix 501, and the show local-host command lists a number of odd IP addresses that do not belong to my 10.10.1.* subnet. Any idea what they are? The only thing I could find was a potential ISP: DINSA is Defence Interoperable Network Services Authority, an agency of the Ministry of Defence of the United Kingdom. Does not sound right. I don't see any active connections, though. I can't ping or traceroute these IPs, but they reappear after I clear the list, with various other addresses in that general range, up until the connection limit is reached. Based on the number denied, I suppose I would have a lot more of them had I not the connection limit. Very dubious. Is anybody else seeing this? pixfirewall# show local-host Interface inside: 10 active, 10 maximum active, **118 denied** local host: <10.10.1.110>, TCP connection count/limit = 0/unlimited TCP embryonic count = 0 TCP intercept watermark = unlimited UDP connection count/limit = 0/unlimited AAA: Xlate(s): Conn(s): local host: <10.10.1.176>, TCP connection count/limit = 0/unlimited TCP embryonic count = 0 TCP intercept watermark = unlimited UDP connection count/limit = 0/unlimited AAA: Xlate(s): Conn(s): local host: <10.10.1.170>, TCP connection count/limit = 0/unlimited TCP embryonic count = 0 TCP intercept watermark = unlimited UDP connection count/limit = 1/unlimited AAA: Xlate(s): Conn(s): local host: <10.10.1.175>, TCP connection count/limit = 11/unlimited TCP embryonic count = 0 TCP intercept watermark = unlimited UDP connection count/limit = 1/unlimited AAA: Xlate(s): Conn(s): local host: <10.10.1.108>, TCP connection count/limit = 0/unlimited TCP embryonic count = 0 TCP intercept watermark = unlimited UDP connection count/limit = 0/unlimited AAA: Xlate(s): Conn(s): local host: <25.33.41.115>, // ???????????????? what is this? TCP connection count/limit = 0/unlimited TCP embryonic count = 0 TCP intercept watermark = unlimited UDP connection count/limit = 0/unlimited AAA: Xlate(s): Conn(s): local host: <25.33.226.124>, // ???????????????? what is this? TCP connection count/limit = 0/unlimited TCP embryonic count = 0 TCP intercept watermark = unlimited UDP connection count/limit = 0/unlimited AAA: Xlate(s): Conn(s): local host: <10.10.1.172>, TCP connection count/limit = 0/unlimited TCP embryonic count = 0 TCP intercept watermark = unlimited UDP connection count/limit = 0/unlimited AAA: Xlate(s): Conn(s): local host: <25.36.114.91>, // ???????????????? what is this? TCP connection count/limit = 0/unlimited TCP embryonic count = 0 TCP intercept watermark = unlimited UDP connection count/limit = 0/unlimited AAA: Xlate(s): Conn(s): local host: <10.10.1.109>, TCP connection count/limit = 0/unlimited TCP embryonic count = 0 TCP intercept watermark = unlimited UDP connection count/limit = 0/unlimited AAA: Xlate(s): Conn(s): pixfirewall#

    Read the article

  • No network upsets gnome

    - by Darren Cook
    An issue that has been bothering me for over a year now. My notebook, running ubuntu 10.04, is almost all the time using a wired connection, with static IP address. And a remote DNS server. Network is configured with entries in /etc/network/interfaces and /etc/resolv.conf, rather than whatever the gnome UI tool was (*) But if I'm out, or simply unplug the network cable, a few things get weird. Specifically the gnome-panel stops working - it is still there, but isn't updating. And opening a nautilus window (e.g. to look at files on the local disk) has huge time-outs. By that I mean it will not open the window for something like 30 or 60 seconds; but when it does finally open it I can see the files and it is perfectly usable. Everything else works fine, alt-tab between windows, etc. I use the commandline to find the pid of gnome-panel, kill it, wait a couple of seconds, and it opens up a fresh panel which is normally usable. (Something like 10 minutes later it will have locked/crashed again; the same for the nautilus windows.) I'm guessing this is a DNS issue? Would setting up a local DNS server help? Guess number 2 was related to having a file server mount (samba, though running on another linux box), and symbolic links to files and directories on that file server on my desktop. My question is a bit vague... Does anyone recognize these symptoms, and have a suggestion? Or do you have some troubleshooting suggestions for narrowing down the problem? My /etc/hosts: 127.0.0.1 localhost 127.0.1.1 myhost # The following lines are desirable for IPv6 capable hosts ::1 localhost ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters ff02::3 ip6-allhosts 127.0.0.1 testsite.local #Other test website URLs here UPDATE: Some timings to open some desktop folder icons. This is after pulling out the network cable. A sub-directory of the desktop took 23 secs to open up. Content appears immediately (just 8 files, it has no further subdirectories). The home directory icon took 12 seconds to open up, but then took about 30 seconds for the files to appear. I closed it and tried again. This time it took 18 seconds to open up, but then 70 seconds before anything appeared. *: I couldn't work out how to use the gnome network tool for my needs, which include 3-4 static IPs for testing virtual hosts locally.

    Read the article

  • iptables (NAT/PAT) setup for SSH & Samba

    - by IanVaughan
    I need to access a Linux box via SSH & Samba that is hidden/connected behind another one. Setup :- A switch B C |----| |---| |----| |----| |eth0|----| |----|eth0| | | |----| |---| |eth1|----|eth1| |----| |----| Eg, SSH/Samba from A to C How does one go about this? I was thinking that it cannot be done via IP alone? Or can it? Could B say "hi on eth0, if your looking for 192.168.0.2, its here on eth1"? Is this NAT? This is a large private network, so what about if another PC has that IP?! More likely it would be PAT? A would say "hi 192.168.109.15:1234" B would say "hi on eth0, traffic for port 1234 goes on here eth1" How could that be done? And would the SSH/Samba demons see the correct packet header info and work?? IP info :- A - eth0 - 192.168.109.2 B - eth0 - B1 = 192.168.109.15 B2 = 172.24.40.130 - eth1 - 192.168.0.1 C - eth1 - 192.168.0.2 A, B & C are RHEL (RedHat) But Windows computers can be connected to the switch. I configured the 192.168.0.* IPs, they are changeable. Update after response from Eddie Few problems (and Machines' B IP is different!) From A :- ssh 172.24.40.130 works ok, (can get to B2) but ssh 172.24.40.130 -p 2022 -vv times out with :- OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to 172.24.40.130 [172.24.40.130] port 2022. ...wait ages... debug1: connect to address 172.24.40.130 port 2022: Connection timed out ssh: connect to host 172.24.40.130 port 2022: Connection timed out From B2 :- $ service iptables status Table: filter Chain INPUT (policy ACCEPT) num target prot opt source destination Chain FORWARD (policy ACCEPT) num target prot opt source destination 1 ACCEPT tcp -- 0.0.0.0/0 192.168.0.2 tcp dpt:22 Chain OUTPUT (policy ACCEPT) num target prot opt source destination Table: nat Chain PREROUTING (policy ACCEPT) num target prot opt source destination 1 DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2022 to:192.168.0.2:22 Chain POSTROUTING (policy ACCEPT) num target prot opt source destination Chain OUTPUT (policy ACCEPT) num target prot opt source destination And ssh from B2 to C works fine :- $ ssh 192.168.0.2 Route info :- $ route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.0.0 * 255.255.255.0 U 0 0 0 eth1 172.24.40.0 * 255.255.255.0 U 0 0 0 eth0 169.254.0.0 * 255.255.0.0 U 0 0 0 eth1 default 172.24.40.1 0.0.0.0 UG 0 0 0 eth0 $ ip route 192.168.0.0/24 dev eth1 proto kernel scope link src 192.168.0.1 172.24.40.0/24 dev eth0 proto kernel scope link src 172.24.40.130 169.254.0.0/16 dev eth1 scope link default via 172.24.40.1 dev eth0 So I just dont know why the port forward doesnt work from A to B2?

    Read the article

  • Can't get Passwordless (SSH provided) SFTP working

    - by Shoaibi
    I have chrooted sftp setup as below. # Package generated configuration file # See the sshd_config(5) manpage for details # What ports, IPs and protocols we listen for Port 22 # Use these options to restrict which interfaces/protocols sshd will bind to #ListenAddress :: #ListenAddress 0.0.0.0 Protocol 2 # HostKeys for protocol version 2 HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_dsa_key #Privilege Separation is turned on for security UsePrivilegeSeparation yes # Lifetime and size of ephemeral version 1 server key KeyRegenerationInterval 3600 ServerKeyBits 768 # Logging SyslogFacility AUTH LogLevel INFO # Authentication: LoginGraceTime 120 PermitRootLogin without-password StrictModes yes AllowGroups admins clients RSAAuthentication yes PubkeyAuthentication yes #AuthorizedKeysFile %h/.ssh/authorized_keys # Don't read the user's ~/.rhosts and ~/.shosts files IgnoreRhosts yes # For this to work you will also need host keys in /etc/ssh_known_hosts RhostsRSAAuthentication no # similar for protocol version 2 HostbasedAuthentication no # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication #IgnoreUserKnownHosts yes # To enable empty passwords, change to yes (NOT RECOMMENDED) PermitEmptyPasswords no # Change to yes to enable challenge-response passwords (beware issues with # some PAM modules and threads) ChallengeResponseAuthentication no # Change to no to disable tunnelled clear text passwords #PasswordAuthentication yes # Kerberos options #KerberosAuthentication no #KerberosGetAFSToken no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes # GSSAPI options #GSSAPIAuthentication no #GSSAPICleanupCredentials yes X11Forwarding yes X11DisplayOffset 10 PrintMotd no PrintLastLog yes TCPKeepAlive yes #UseLogin no #MaxStartups 10:30:60 #Banner /etc/issue.net # Allow client to pass locale environment variables AcceptEnv LANG LC_* #Subsystem sftp /usr/lib/openssh/sftp-server # Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will # be allowed through the ChallengeResponseAuthentication and # PasswordAuthentication. Depending on your PAM configuration, # PAM authentication via ChallengeResponseAuthentication may bypass # the setting of "PermitRootLogin without-password". # If you just want the PAM account and session checks to run without # PAM authentication, then enable this but set PasswordAuthentication # and ChallengeResponseAuthentication to 'no'. UsePAM yes Subsystem sftp internal-sftp Match group clients ChrootDirectory /var/chroot-home X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftp a dummy user root:~# tail -n1 /etc/passwd david:x:1000:1001::/david:/bin/sh Now in this case david can sftp using say filezilla client and he is chrooted to /var/chroot-home/david/. But what if i was to setup a passwordless auth? I have tried pasting his key in /var/chroot-home/david/.ssh/authorized_keys but no use, tried ssh'ing as david to the box and it just stops at "debug1: Sending env LC_CTYPE = C" after i supply it password and there is nothing shown in auth.log, may be because it can't find the homedir. If i do "su - david" as root i see "No directory, logging in with HOME=/" which makes sense. Symlink doesn't help either. I have also tried with: Match group clients ChrootDirectory /var/chroot-home/%u X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftp a dummy user root:~# tail -n1 /etc/passwd david:x:1000:1001::/var/chroot-home/david:/bin/sh This way if i don't change /var/chroot-home/david to root:root sshd complains about bad ownership or permission modes, and if i do, david can no longer upload/delete anything directly in his home while using sftp from filezilla.

    Read the article

  • can not connect through SCP, but SSH connections works

    - by Joe Cabezas
    i am trying to connect to my server to transfer file using scp: $ scp -v -r -P <port> <user>@<host>:~/dir/ dir/ this is the output: OpenSSH_5.2p1, OpenSSL 0.9.8r 8 Feb 2011 debug1: Reading configuration data /Users/joe/.ssh/config debug1: Reading configuration data /etc/ssh_config debug1: Connecting to <host> [<host>] port <port>. debug1: Connection established. debug1: identity file /Users/joe/.ssh/identity type -1 debug1: identity file /Users/joe/.ssh/id_rsa type -1 debug1: identity file /Users/joe/.ssh/id_dsa type -1 ssh_exchange_identification: Connection closed by remote host but connecting via SSH works fine: $ ssh <user>@<host> -p <port> <user>@<host>'s password: <user>@<host>:~$ OK what can be wrong with this? my /etc/ssh/sshd_config file on the host is: # Package generated configuration file # See the sshd_config(5) manpage for details # What ports, IPs and protocols we listen for Port <port> # Use these options to restrict which interfaces/protocols sshd will bind to #ListenAddress :: #ListenAddress 0.0.0.0 Protocol 2 # HostKeys for protocol version 2 HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_dsa_key HostKey /etc/ssh/ssh_host_ecdsa_key #Privilege Separation is turned on for security UsePrivilegeSeparation yes # Lifetime and size of ephemeral version 1 server key KeyRegenerationInterval 3600 ServerKeyBits 768 # Logging SyslogFacility AUTH LogLevel INFO # Authentication: LoginGraceTime 120 PermitRootLogin yes StrictModes yes RSAAuthentication yes PubkeyAuthentication no #AuthorizedKeysFile %h/.ssh/authorized_keys # Don't read the user's ~/.rhosts and ~/.shosts files IgnoreRhosts yes # For this to work you will also need host keys in /etc/ssh_known_hosts RhostsRSAAuthentication no # similar for protocol version 2 HostbasedAuthentication no # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication #IgnoreUserKnownHosts yes # To enable empty passwords, change to yes (NOT RECOMMENDED) PermitEmptyPasswords no # Change to yes to enable challenge-response passwords (beware issues with # some PAM modules and threads) ChallengeResponseAuthentication no # Change to no to disable tunnelled clear text passwords #PasswordAuthentication yes # Kerberos options #KerberosAuthentication no #KerberosGetAFSToken no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes # GSSAPI options #GSSAPIAuthentication no #GSSAPICleanupCredentials yes X11Forwarding yes X11DisplayOffset 10 PrintMotd no PrintLastLog yes TCPKeepAlive yes #UseLogin no #MaxStartups 10:30:60 #Banner /etc/issue.net # Allow client to pass locale environment variables AcceptEnv LANG LC_* Subsystem sftp /usr/lib/openssh/sftp-server # Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will # be allowed through the ChallengeResponseAuthentication and # PasswordAuthentication. Depending on your PAM configuration, # PAM authentication via ChallengeResponseAuthentication may bypass # the setting of "PermitRootLogin without-password". # If you just want the PAM account and session checks to run without # PAM authentication, then enable this but set PasswordAuthentication # and ChallengeResponseAuthentication to 'no'. UsePAM yes

    Read the article

  • Why are people trying to connect to me network on TCP port 445?

    - by Solignis
    I was playing with my new syslog server and had my m0n0wall firewall logs forwarded as a test, I noticed a bunch of recent firewall log entries that say that it blocked other WAN IPs from my ISP (I checked) from connecting to me on TCP port 445. Why would a random computer be trying to connect to me on a port apperently used for Windows SMB shares? Just internet garbage? A port scan? I am just curious. here is what I am seeing Mar 15 23:38:41 gateway/gateway ipmon[121]: 23:38:40.614422 fxp0 @0:19 b 98.82.198.238,60653 -> 98.103.xxx.xxx,445 PR tcp len 20 48 -S IN broadcast Mar 15 23:38:42 gateway/gateway ipmon[121]: 23:38:41.665571 fxp0 @0:19 b 98.82.198.238,60665 -> 98.103.xxx.xxx,445 PR tcp len 20 48 -S IN Mar 15 23:38:43 gateway/gateway ipmon[121]: 23:38:43.165622 fxp0 @0:19 b 98.82.198.238,60670 -> 98.103.xxx.xxx,445 PR tcp len 20 48 -S IN broadcast Mar 15 23:38:44 gateway/gateway ipmon[121]: 23:38:43.614524 fxp0 @0:19 b 98.82.198.238,60653 -> 98.103.xxx.xxx,445 PR tcp len 20 48 -S IN broadcast Mar 15 23:38:44 gateway/gateway ipmon[121]: 23:38:43.808856 fxp0 @0:19 b 98.82.198.238,60665 -> 98.103.xxx.xxx,445 PR tcp len 20 48 -S IN Mar 15 23:38:44 gateway/gateway ipmon[121]: 23:38:43.836313 fxp0 @0:19 b 98.82.198.238,60670 -> 98.103.xxx,xxx,445 PR tcp len 20 48 -S IN broadcast Mar 15 23:38:48 gateway/gateway ipmon[121]: 23:38:48.305633 fxp0 @0:19 b 98.103.22.25 -> 98.103.xxx.xxx PR icmp len 20 92 icmp echo/0 IN broadcast Mar 15 23:38:48 gateway/gateway ipmon[121]: 23:38:48.490778 fxp0 @0:19 b 98.103.22.25 -> 98.103.xxx.xxx PR icmp len 20 92 icmp echo/0 IN Mar 15 23:38:48 gateway/gateway ipmon[121]: 23:38:48.550230 fxp0 @0:19 b 98.103.22.25 -> 98.103.xxx.xxx PR icmp len 20 92 icmp echo/0 IN broadcast Mar 15 23:43:33 gateway/gateway ipmon[121]: 23:43:33.185836 fxp0 @0:19 b 98.86.34.225,64060 -> 98.103.xxx.xxx,445 PR tcp len 20 48 -S IN broadcast Mar 15 23:43:34 gateway/gateway ipmon[121]: 23:43:33.405137 fxp0 @0:19 b 98.86.34.225,64081 -> 98.103.xxx.xxx,445 PR tcp len 20 48 -S IN Mar 15 23:43:34 gateway/gateway ipmon[121]: 23:43:33.454384 fxp0 @0:19 b 98.86.34.225,64089 -> 98.103.xxx.xxx,445 PR tcp len 20 48 -S IN broadcast I blacked out part of my IP address for my own safety.

    Read the article

  • Block Google requests to 16k using pf firewall

    - by atmosx
    I'd like to block access to Google search using PF after the threshold of 17500 requests (connection established) in 24h, from a host running FreeBSD 9. What I came up with, after reading pf-faq is this rule: pass out on $net proto tcp from any to 'www.google.com' port www flags S/SA keep state (max-src-conn 200, max-src-conn-rate 17500/86400) NOTE: 86400 are 24h in seconds. The rule should work, but PF is smart enough to know that www.google.com resolves in 5 different IPs. So my pfctl -sr output gives me this: pass out on vte0 inet proto tcp from any to 173.194.44.81 port = http flags S/SA keep state (source-track rule, max-src-conn 200, max-src-conn-rate 17500/86400, src.track 86400) pass out on vte0 inet proto tcp from any to 173.194.44.82 port = http flags S/SA keep state (source-track rule, max-src-conn 200, max-src-conn-rate 17500/86400, src.track 86400) pass out on vte0 inet proto tcp from any to 173.194.44.83 port = http flags S/SA keep state (source-track rule, max-src-conn 200, max-src-conn-rate 17500/86400, src.track 86400) pass out on vte0 inet proto tcp from any to 173.194.44.80 port = http flags S/SA keep state (source-track rule, max-src-conn 200, max-src-conn-rate 17500/86400, src.track 86400) pass out on vte0 inet proto tcp from any to 173.194.44.84 port = http flags S/SA keep state (source-track rule, max-src-conn 200, max-src-conn-rate 17500/86400, src.track 86400) PF creates 5 different rules, 1 for each IP that Google resolves. However I have the sense - without being 100% sure, I didn't had the chance to test it - that the number 17500/86400 applies for each IP. If that's the case - please confirm - then it's not what I want. In pf-faq there's another option called source-track-global: source-track This option enables the tracking of number of states created per source IP address. This option has two formats: + source-track rule - The maximum number of states created by this rule is limited by the rule's max-src-nodes and max-src-states options. Only state entries created by this particular rule count toward the rule's limits. + source-track global - The number of states created by all rules that use this option is limited. Each rule can specify different max-src-nodes and max-src-states options, however state entries created by any participating rule count towards each individual rule's limits. The total number of source IP addresses tracked globally can be controlled via the src-nodes runtime option. I tried to apply source-track-global in the above rule without success. How can I use this option in order to achieve my goal? Any thoughts or comments are more than welcome since I'm an amateur and don't fully understand PF yet. Thanks

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 39 40 41 42 43 44 45 46 47 48  | Next Page >