Search Results

Search found 15595 results on 624 pages for 'ip forward'.

Page 430/624 | < Previous Page | 426 427 428 429 430 431 432 433 434 435 436 437 | Next Page >

Security measures for CentOS

- by cappuccinodrinker

I have been tightening up my web server security and wanted to know what else I can do. I am running CentOS 5 with these measures: - All passwords to FTP, MySQL etc are generated from grc.com/passwords.htm and microsoft.com/protect/fraud/passwords/create.aspx (for the ones which cannot be too long). - Running iptables with all ports shut off except for http mail and smtp, the important ports like FTP SSH are blocked to all except my static office IP. There is also no response to pings. - Rootkit Hunter running daily - The server is PCI compliant according to Comodo - Not running any crappy made php apps, we use Zend Framework for our stuff and do have kayako installed and keep them up to date. Can't really think of anything else I can do... I could implement a brute force measure, but I think I already have by simply changing my SSH port to a number above 10000 and blocking it off with iptables.

Read the article
apxs cannot install mod_cloudflare on centos

- by Adam

[ Linux - CentOS - Apache 2.2 - mod_cloudflare - apxs2 ] I have changed my nameservers to point to CloudFlare. The problem is that all the IP addresses are coming in as CloudFlare's. This is no good, because I have to monitor and block some specific traffic. mod_cloudflare is supposed to resolve this but I have been unable to get this installed. The command in the documentation uses apxs2. I can't figure out how to install this, or if it just means for 'apache 2.4'. I'm running 2.2.3, and I can use 'apxs'. When I run: apxs -aic mod_cloudflare.c I get the error apxs:Error: Command failed with rc=65536 Does this mean I need apxs2 or something else? How do I get mod_cloudflare working on my server? I appreciate any help, the documentation is vague and limited.

Read the article
Conditional Directory Index In Htaccess

- by icelizard

This relates to the question in: http://stackoverflow.com/questions/1599717/conditional-directoryindex-in-htaccess The answer states that the following should work: SetEnvIf Remote_Addr ^127\.0\.0\.0$ owner <IfDefine owner> DirectoryIndex index.html </IfDefine> <IfDefine !owner> DirectoryIndex index.php </IfDefine> I am not sure this works, the setting of the Env var deffinately does, but no matter what IP I visit the site from the DirectoryIndex is always index.php Is there something wrong with the conditional or should I be using something else? Thanks in advance

Read the article
The canonical "blocking BitTorrent" question

- by Aphex5

How can one block, or severely slow down, BitTorrent and similar peer-to-peer (P2P) services on one's small home/office network? In searching Server Fault I wasn't able to find a question that served as a rallying point for the best technical ideas on this. The existing questions are all about specific situations, and the dominant answers are social/legal in nature. Those are valid approaches, but a purely technical discussion would be useful to a lot of people, I suspect. Let's assume that you don't have access to the machines on the network. With encryption use increasing in P2P traffic, it seems like stateful packet inspection is becoming a less workable solution. One idea that seems to make sense to me is simply throttling down heavy users by IP, regardless of what they're sending or receiving -- but it doesn't seem many routers support that functionality at the moment. What's your preferred method to throttle P2P/BitTorrent traffic? My apologies if this is a dupe.

Read the article
On RouterOS, how will transparent proxying (with DNAT) affect reporting of netflows?

- by Tim

I have a box running Mikrotik RouterOS, which is set up to do transparent web proxying, as described here. In short, this means that I have a firewall rule for destination NAT causing any port 80 traffic to get redirected to port 8080 on the router, which is received by the Mikrotik local web proxy. The local web proxy then makes the web request on the client's behalf, in this case to a parent web proxy server (which in turn does the real web request). My question is, how will this two-part process get reported in the logging of traffic flow information (netflows)? Looking at the logged information, what I seem to be seeing is this: One flow recorded from client machine (private IP) to remote proxy (8080) Another flow recorded from router to remote proxy (8080) The original request that the client made to port 80 isn't recorded. I want to write code to analyse traffic usage, so I want to be sure I'm not losing information if I discard the latter of these.

Read the article
Laptop connects to other network but not to my home wireless

- by Nilesh

My home network's wireless SSID is say "XYZ" I also have an ethernet wire from the same router. I have two laptops A and B Earlier both A and B were able to connect to my home internet through the ethernet and wireless. Suddenly, the laptop B can no longer connect to XYZ or through ethernet. When I do plug the wire, i get the connection icon all green but when I try to access any web page it errors out (page not found) But strangely laptop B connects to my neighbours wireless SSID "ABC". I have also tested laptop B with other networks and it connects fine. Laptop A and many other devices still connect fine with my home wireless "XYZ" Strange thing is when my laptop B connects wireless through XYz, it gets the IP address but then none of the browsers (chrome,firefox, IE) can show any web pages. What settings should I be checking on laptop B that is preventing it to connect to my home internet. Thank you

Read the article
How to invalidate nginx reverse proxy cache in front of other nginx servers?

- by Olivier Lance

I'm running a Proxmox server on a single IP address, that will dispatch HTTP requests to containers depending on the requested host. I am using nginx on the Proxmox side to listen to HTTP requests and I am using the proxy_pass directive in my different server blocks to dispatch requests according to the server_name. My containers run on Ubuntu and are also running a nginx instance. I'm having troubles with caching on a particular website that is fully static: nginx keeps on serving me stale content after files updates, until I: Clear /var/cache/nginx/ and restart nginx or set proxy_cache off for this server and reload the config Here's the detail of my configuration: On the server (proxmox): /etc/nginx/nginx.conf: user www-data; worker_processes 8; pid /var/run/nginx.pid; events { worker_connections 768; # multi_accept on; use epoll; } http { ## # Basic Settings ## sendfile on; #tcp_nopush on; tcp_nodelay on; #keepalive_timeout 65; types_hash_max_size 2048; server_tokens off; # server_names_hash_bucket_size 64; # server_name_in_redirect off; include /etc/nginx/mime.types; default_type application/octet-stream; client_body_buffer_size 1k; client_max_body_size 8m; large_client_header_buffers 1 1K; ignore_invalid_headers on; client_body_timeout 5; client_header_timeout 5; keepalive_timeout 5 5; send_timeout 5; server_name_in_redirect off; ## # Logging Settings ## access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log; ## # Gzip Settings ## gzip on; gzip_disable "MSIE [1-6]\.(?!.*SV1)"; gzip_vary on; gzip_proxied any; gzip_comp_level 6; # gzip_buffers 16 8k; gzip_http_version 1.1; gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript; limit_conn_zone $binary_remote_addr zone=gulag:1m; limit_conn gulag 50; ## # Virtual Host Configs ## include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*; } /etc/nginx/conf.d/proxy.conf: proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_hide_header X-Powered-By; proxy_intercept_errors on; proxy_buffering on; proxy_cache_key "$scheme://$host$request_uri"; proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=cache:10m inactive=7d max_size=700m; /etc/nginx/sites-available/my-domain.conf: server { listen 80; server_name .my-domain.com; access_log off; location / { proxy_pass http://my-domain.local:80/; proxy_cache cache; proxy_cache_valid 12h; expires 30d; proxy_cache_use_stale error timeout invalid_header updating; } } On the container (my-domain.local): nginx.conf: (everything is inside the main config file -- it's been done quickly...) user www-data; worker_processes 1; error_log logs/error.log; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; sendfile on; #tcp_nopush on; keepalive_timeout 65; gzip off; server { listen 80; server_name .my-domain.com; root /var/www; access_log logs/host.access.log; } } I've read many blog posts and answers before resolving to posting my own questions... most answers I can see suggest setting sendfile off; but that didn't work for me. I have tried many other things, double checked my settings and all seems fine. So I'm wondering whether I am not expecting nginx's cache to do something it's not meant to...? Basically, I thought that if one of my static files in my container was updated, the cache in my reverse proxy would be invalidated and my browser would get the new version of the file when it requests it... But I now have the sentiment I misunderstood many things. Of all things, I now wonder how nginx on the server can know about a file in the container has changed? I have seen a directive proxy_header_pass (or something alike), should I use this to let the nginx instance from the container somehow inform the one in Proxmox about updated files? Is this expectation just a dream, or can I do it with nginx on my current architecture?

Read the article
Connected to internet but can't browse after trying to remove Covenant Eyes

- by Joanna

I recently got a MacBook Pro. It connects to ethernet\wifi and has internet but when I open Safari or Firefox, nothing happens. I get a timeout for all websites. I had Covenant Eyes on my Mac before and tried to remove it. My friends who work with computers have tried everything (ping, nslookup etc). Network diagnostics show no problems I can see I'm connected through ifconfig because I get an IP. I also get a response pinging www.google.gr. There are no proxies set in my Network preferences. Any ideas?

Read the article
My site was recently attacked. What do I do?

- by ChrisH

This is a first for me. One of the sites I run was recently attacked. Not at all an intelligent attack - pure brute force - hit every page and every non-page with every extension possible. Posted with garbage data to every form and tried to post to some random urls too. All tod, 16000 requests in one hour. What should I do to prevent/alert this kind of behavior? Is there a way to limit the request/hr for a given ip/client? Is there a place I should be reporting the user to? They appear to be from China and did leave what seems like a valid e-mail.

Read the article
I just got a linode VPS a week ago and I've been flagged for SSH scanning...

- by meder

I got a 32-bit Debian VPS from http://linode.com and I really haven't done any sort of advanced configuration for securing it ( port 22; password enabled ). It seems somehow there is ssh scanning going on from my IP, I'm being flagged as this is against the TOS. I've been SSHing only from my home Comcast ISP which I run Linux on. Is this a common thing when getting a new vps? Are there any standard security configuration tips? I'm quite confused as to how my machine has been accused of this ssh scanning.

Read the article
dig and dig -x are answering different

- by erdemkeren

I don't want the name provider to manage my records. I want to handle it myself. So I installed bind9 and made some configurations reading some articles and following some examples. bind didn't show any error after I created/edited the required files but; When I write `dig www.foo.com, I see the IP of the advertisement page of my name provider. But when I write dig -x server_ip_address; I see the name I purchased. What am I doing wrong? Can't a server be the nameserver of it's own? Is it a must to configure the records from the company I bought the name from? By the way, I realised that, my previous question was not clear, I deleted it, and asking the same question in a different way.

Read the article
Bind dns server in Solaris 10 and win xp clients

- by stevecomptech

Hi, Added this in zone db file, i am running solaris 10 _ldap._tcp.mydomain.com. SRV 0 0 389 dc.mydomain.com. _kerberos._tcp.mydomain.com. SRV 0 0 88 dc.mydomain.com. _ldap._tcp.dc._msdcs.mydomain.com. SRV 0 0 389 dc.mydomain.com. _kerberos._tcp.dc._msdcs.mydomain.com. SRV 0 0 88 host.mydomain.com. Now i get this error when i try to join win xp to the domain The query was for the SRV record for _ldap._tcp.dc._msdcs.mydomain.com The following domain controllers were identified by the query: host.mydomain.com Common causes of this error include: Host (A) records that map the name of the domain controller to its IP addresses are missing or contain incorrect addresses. Domain controllers registered in DNS are not connected to the network or are not running. What do i need to change in order my win xp join the domain

Read the article
Configuring BIND to use VM's DNS for specific domain

- by Srirangan

I work on a project for which I use an Ubuntu server vm on an Ubuntu host. The VM runs all the services / webapps through haproxy and nginx and serves it on the domain (xyz.com). I manually modify my resolv.conf to use the VMs IP address as the nameserver and I can run my app on the host browser. The problem is I am modifying an auto-generated file (resolv.conf) and I need to do it each time. Is there a smart way to say: -- are you accessing xyz.com? -- if yes use VM's DNS server, else use the hosts

Read the article
Hosting several domains on one server using IIS 7

- by Øyvind Knobloch-Bråthen

I have created several web sites inside IIS7 on my server. All of them use the same ip and port, but different host names. Currently I have set the host name to www.mydomain.com. Now my question is, how do I get my actual domains to target the different sites on my server. Second question. Can I set my host name to only mydomain.com to make sure that all requests to that domain is handeled by the same application? Primarily, I want both www.mydomain.com and mydomain.com to work when the user types the address in their browser.

Read the article
Source of Unexplained Requests in Server Logs

- by Synetech inc.

Hi, I am baffled by some entries in my server logs, specifically the web-server logs. Other than normal, expected traffic, I have noticed three types of request errors (eg 404, etc.): Broken links, ie links from old, external pages that point to pages that are no longer here Sequences of probes, ie some jerk trying to hack in by scanning my server for a series of exploitable admin type pages and such What appear to be completely random requests for things that have never existed on the server or even have anything to do with the server, and appear by themselves (ie not a series of requests like the probes) Could it somehow be a mistyped URL or IP? That’s about the only thing that I can think of, but still, how could I get a request on say, foobar.dyndns.org (12.34.56.78) for something like www.wantsfly.com/prx2.php or /MNG/LIVE or http://ant.dsabuse.com/abc.php?auth=45V456b09m&strPassword=X%5BMTR__CBZ%40VA&nLoginId=43. (Those are a few actual requests from my logs.) Can someone please explain scenario three to me? Thanks.

Read the article
VirtualBox "Bridged Adapter" when host NIC is turned off

- by chris_l

Hi, I'm running Linux (Debian Etch) in a VirtualBox VM on my MacBook. I usually ssh from my Mac terminal to the guest machine. I also want to access the internet from my guest, so I set up my host's WLAN card (en1) as a bridged adapter for eth0 on the client. This works fine, but when I turn off the WLAN card (e.g. to reduce battery consumption), I'd still like to ssh from my host to the guest. This fails of course, because en1 loses its IP address. Is a bridged adapter the best option for what I want to do? How can I make it work? (A simple "ifconfig en1 add 10.0.0.4" didn't do the trick...) Thanks Chris

Read the article
Self-hosted browser-based remote desktop script?

- by rlsaj

I need a self-hosted browser based remote desktop script that will connect me from any PC to my work PC. I need to either host this script within my own dedicated hosting or on my work PC. The PC that I need to remote into is always the one PC (Win7) and the IP never changes, and I have access to the Router/Firewall within. I have tried many remote desktop services and applications - LogMeIn, Team Viewer, (Ultra/Tight) VNC, GoToMyPC and iTeleport Connect and even Windows Remote Desktop - and the web services (or ports) are blocked at whatever free wi-fi/hotel/coffee shop I am at. Note that I will need to be able to access this from any PC, so I won't be able to install any applications (or use any portable software) - hence my thinking that it will need to be browser based on a standard (not blocked) port. If I can set up a web based remote desktop application - really a homebrew LogMeIn - then I should solve my problem. What is the best option here?

Read the article
Windows 7 add printer, cancelled, but port still in use. How to remove?

- by Jake

I tried to add a network printer at www.xxx.yyy.zzz, but halfway it when it asked for a driver, I cancelled it because I do not have the driver at hand. Later when I try to add again, it tells me the port (www.xxx.yyy.zzz), which is automatically specified as the same as the IP for the printer, is already in use and then suggest www.xxx.yyy.zzz_1 Now, I cannot find the www.xxx.yyy.zzz printer anywhere such that I can remove it and use back the same port. How should I do it? Any ideas? Thanks.

Read the article
Is there a way to submit a batch of commands to a Cisco router and have them execute from the router?

- by atroon

I need to change the configuration of a remote (6 hours' drive) client's Cisco 871 (IOS 12.4.15T) from my location because of some new internet service at his location. To be more precise, I need to change the default route, ip address of the outside interface (Fa4) and disable the PPPoE setup there. Unfortunately, doing any of this will (obviously) break the connection to the router. I do not have an out-of-band management modem set up (I know, I know). Is there any way to enter the commands I need to have run and have them execute one after the other, from a file on flash:? I have never tried anything like that before. Essentially a DOS-style batch file is exactly what I need. Nothing like it seems to be out there except using kron to execute CLI commands, but that is specified here as only taking EXEC commands, not configuration ones. Is there hope, or do I travel?

Read the article
Why can't connect with second computer in same LAN and settings?

- by user930450

I'm trying to connect to WLAN with notebook. The notebook works fine with other WLANs. It can authenticate, signal is "very good" but it says "can't access internet". (On Windows it's small yellow exclamation mark on the signal). With other computer exactly in the same location, with the same settings, it's possible to connect. Both are configurated to get IP dynamically. One difference is that the other computer is using "Ralink wireless" instead normal windows client to connect. But does this make a difference? the settings are the same. What could be the reason?

Read the article
LinkSys WRT54GL + AM200 in half-bridge mode - UK setup guide recommendations?

- by Peter Mounce

I am basically looking for a good guide on how to set up my home network with this set of hardware. I need: Dynamic DNS Firewall + port-forwarding VPN Wake-on-LAN from outside firewall VOIP would be nice QoS would be nice (make torrents take lower priority to other services when those other services are happening) DHCP Wireless + WPA2 security Ability to play multiplayer computer games I am not a networking or computing neophyte, but the last time I messed with network gear was a few years ago, so am needing to dust off knowledge I kinda half have. I have read that I should be wanting to set up the AM200 in half-bridge mode, so that the WRT54GL gets the WAN IP - this sounds like a good idea, but I'd still like to be advised. I have read that the dd-wrt firmware will meet my needs (though I gather I'll need the vpn-specific build, which appears to preclude supporting VOIP), but I'm not wedded to using it. I live in the UK and my ISP supplies me with: a block of 8 static IPs, of which 5 are usable to me a PPPoA ADSL2+ connection

Read the article
LinkSys WRT54GL + AM200 in half-bridge mode - UK setup guide recommendations?

- by Peter Mounce

Crossposted from here I am basically looking for a good guide on how to set up my home network with this set of hardware. I need: Dynamic DNS Firewall + port-forwarding VPN Wake-on-LAN from outside firewall VOIP would be nice QoS would be nice (make torrents take lower priority to other services when those other services are happening) DHCP Wireless + WPA2 security Ability to play multiplayer computer games I am not a networking or computing neophyte, but the last time I messed with network gear was a few years ago, so am needing to dust off knowledge I kinda half have. I have read that I should be wanting to set up the AM200 in half-bridge mode, so that the WRT54GL gets the WAN IP - this sounds like a good idea, but I'd still like to be advised. I have read that the dd-wrt firmware will meet my needs (though I gather I'll need the vpn-specific build, which appears to preclude supporting VOIP), but I'm not wedded to using it. I live in the UK and my ISP supplies me with: a block of 8 static IPs, of which 5 are usable to me a PPPoA ADSL2+ connection

Read the article
Where is debian storing its network settings?

- by user13743

I have a debian machine that is supposed to have a static ip, but insists on getting its address from the DHCP server. Here's this settings file: $> cat /etc/network/interfaces # This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). # The loopback network interface auto lo iface lo inet loopback # The primary network interface allow-hotplug eth0 iface eth0 inet static address 192.168.1.99 gateway 192.168.1.1 netmask 255.255.255.0 network 192.168.1.0 broadcast 192.168.1.255 Yet $> sudo /etc/init.d/networking restart Reconfiguring network interfaces...done. $> sudo ifconfig eth0 Link encap:Ethernet HWaddr 00:e0:03:09:05:2e inet addr:192.168.1.205 Bcast:255.255.255.255 Mask:255.255.255.0 ... Where is it being told to use dhcp?

Read the article
Active node stops resources when pasive node is shutdown

- by Wakaru44

2 nodes, active/pasive. 2 resources, a virtual ip, openLdap, and the nfs mount where openldap saves the data. When both nodes are up, things worked fine. You could move resources away and put the active in stanby. But when i rebooted the passive node, ( with the resources in the active node), and the passive node loses conectivity, all the resources in the active where stopped by pacemaker. I'm reading the documentation right now, but I just need a little quick tip to figure what could be hapenning here. Im using: corosync pacemaker RHEL 6

Read the article
Connect to MySql on other machine on LAN

- by Ankur Sachdeva

I am facing problem with connecting MySql database on the other machine on the same network. Could not connect to the specified instance. MySql error number 1130 Host 'abc' is not allowed to connect to this MySql server (Pinging ok time 1-3 ms ttl =128) I have check out the followings: Tcp/IP enabled RegEdit under hlocal machine .... parameters .. maxUserpORT And timedelay.. Grant all . to 'root'@'Myipaddress' please help to the earliest..

Read the article

< Previous Page | 426 427 428 429 430 431 432 433 434 435 436 437 | Next Page >