Search Results

Search found 3251 results on 131 pages for 'firewall'.

Page 48/131 | < Previous Page | 44 45 46 47 48 49 50 51 52 53 54 55 | Next Page >

LinkSys WRT54GL + AM200 in half-bridge mode - UK setup guide recommendations?

- by Peter Mounce

Crossposted from here I am basically looking for a good guide on how to set up my home network with this set of hardware. I need: Dynamic DNS Firewall + port-forwarding VPN Wake-on-LAN from outside firewall VOIP would be nice QoS would be nice (make torrents take lower priority to other services when those other services are happening) DHCP Wireless + WPA2 security Ability to play multiplayer computer games I am not a networking or computing neophyte, but the last time I messed with network gear was a few years ago, so am needing to dust off knowledge I kinda half have. I have read that I should be wanting to set up the AM200 in half-bridge mode, so that the WRT54GL gets the WAN IP - this sounds like a good idea, but I'd still like to be advised. I have read that the dd-wrt firmware will meet my needs (though I gather I'll need the vpn-specific build, which appears to preclude supporting VOIP), but I'm not wedded to using it. I live in the UK and my ISP supplies me with: a block of 8 static IPs, of which 5 are usable to me a PPPoA ADSL2+ connection

Read the article
Port Forwarding on Actiontec GT704-WG Router Issues

- by adamweeks

I am trying to setup a server at customer's location that has the Actiontec GT704-WG DSL router. The port forwarding it not working at all. Here's the details: Server: OpenSuse Linux box with a static IP address of 192.168.1.200 Application running accepting connections on port 8060 Firewall disabled Local connections (within the network) working properly Router: Updated to latest firmware available DHCP range set to 192.168.1.69-192.168.1.199 to not have any conflicts with the server Firewall set to "off" Rule set in the "Applications" setting to forward 8060 TCP and UDP to 192.168.1.200 machine (I've tried using the "TCP,UDP" option as well as both individual options) I've also tried just simply putting the server in the DMZ to see if I could connect to anything, but still nothing. Looking for any clues before I call and waste hours explaining the issue to tech support.

Read the article
Finding a private (NAT) host's IP using historic destination data

- by l0c0b0x

The issue: An unknown private (NAT) client is infected with malware and it's trying to access a Bot server at random times/dates. How we know about this: We receive bot traffic notices/alerts from REN-ISAC. Unfortunately, we don't receive those until the next day after it has happened. What they provide to us is: The source address (of the firewall) The destination addresses (it varies, but they're going to network subnet allocated to a German ISP) The source port (which varies--dynamic ports). Question: What would be the best approach to finding this internal host (historically) with a Cisco ASA as firewall? I'm guessing blocking anything to the destination address(es), and logging that type of traffic/access might allow me to find the source host, but I'm not sure which tool/command would be the most useful. I've seen Netflow thrown into a few responses when it comes to logging, but I'm confused with it's association of Logging, NAL, and nBAR, and how they relate to Netflow.

Read the article
Windows 2008 R2 IPsec encryption in tunnel mode, hosts in same subnet

- by fission

In Windows there appear to be two ways to set up IPsec: The IP Security Policy Management MMC snap-in (part of secpol.msc, introduced in Windows 2000). The Windows Firewall with Advanced Security MMC snap-in (wf.msc, introduced in Windows 2008/Vista). My question concerns #2 – I already figured out what I need to know for #1. (But I want to use the ‘new’ snap-in for its improved encryption capabilities.) I have two Windows Server 2008 R2 computers in the same domain (domain members), on the same subnet: server2 172.16.11.20 server3 172.16.11.30 My goal is to encrypt all communication between these two machines using IPsec in tunnel mode, so that the protocol stack is: IP ESP IP …etc. First, on each computer, I created a Connection Security Rule: Endpoint 1: (local IP address), eg 172.16.11.20 for server2 Endpoint 2: (remote IP address), eg 172.16.11.30 Protocol: Any Authentication: Require inbound and outbound, Computer (Kerberos V5) IPsec tunnel: Exempt IPsec protected connections Local tunnel endpoint: Any Remote tunnel endpoint: (remote IP address), eg 172.16.11.30 At this point, I can ping each machine, and Wireshark shows me the protocol stack; however, nothing is encrypted (which is expected at this point). I know that it's unencrypted because Wireshark can decode it (using the setting Attempt to detect/decode NULL encrypted ESP payloads) and the Monitor Security Associations Quick Mode display shows ESP Encryption: None. Then on each server, I created Inbound and Outbound Rules: Protocol: Any Local IP addresses: (local IP address), eg 172.16.11.20 Remote IP addresses: (remote IP address), eg 172.16.11.30 Action: Allow the connection if it is secure Require the connections to be encrypted The problem: Though I create the Inbound and Outbound Rules on each server to enable encryption, the data is still going over the wire (wrapped in ESP) with NULL encryption. (You can see this in Wireshark.) When the arrives at the receiving end, it's rejected (presumably because it's unencrypted). [And, disabling the Inbound rule on the receiving end causes it to lock up and/or bluescreen – fun!] The Windows Firewall log says, eg: 2014-05-30 22:26:28 DROP ICMP 172.16.11.20 172.16.11.30 - - 60 - - - - 8 0 - RECEIVE I've tried varying a few things: In the Rules, setting the local IP address to Any Toggling the Exempt IPsec protected connections setting Disabling rules (eg disabling one or both sets of Inbound or Outbound rules) Changing the protocol (eg to just TCP) But realistically there aren't that many knobs to turn. Does anyone have any ideas? Has anyone tried to set up tunnel mode between two hosts using Windows Firewall? I've successfully got it set up in transport mode (ie no tunnel) using exactly the same set of rules, so I'm a bit surprised that it didn't Just Work™ with the tunnel added.

Read the article
DIR-615 lose internet connection after 3 minutes

- by Sirber

I got a new DLink DIR-615 routeur. DSL model connects fine. Connected PCs connects to the internet fine (wireless, wired) fine too. After ~3 minutes, connected PCs cannot go to the internet. Web pages goes timeout, sometimes google talk stays on (working). From the router admin page, pings works correctly (on google.ca), so the connection is active. pc -- routeur -- internet: fail pc -- router: ok router -- internet: ok could it be firewall related? I've read there's a SPI firewall enabled.

Read the article
DIR-615 lose internet connection after 3 minutes

- by user31375

I got a new DLink DIR-615 routeur. DSL model connects fine. Connected PCs connects to the internet fine (wireless, wired) fine too. After ~3 minutes, connected PCs cannot go to the internet. Web pages goes timeout, sometimes google talk stays on (working). From the router admin page, pings works correctly (on google.ca), so the connection is active. pc -- routeur -- internet: fail pc -- router: ok router -- internet: ok could it be firewall related? I've read there's a SPI firewall enabled.

Read the article
iptables in ubuntu

- by asthagoyal2101

i want to stop iptables firewall in ubuntu. how can i do that???

Read the article
Reverse proxy using hop and RDP

- by Sergei

I am trying to connect from Vista to XP using RDP via reverse proxy using putty and an intermidiate host. There are myriad articles on the internet how to do it using vnc, ssh servers, winsshd, etc, but I can't find anything that helps me in this specific case. What I have: Windows XP host behind the firewall - 'destination' linux host running ssh on the internet - 'intermediate' windows host behind the firewall - 'source' All I want to do is open reverse tunnel from destination to intermidiate and use this tunnel for connecting back from the source. That should be simple to setup, however I just cannot make it. This is what I do: On 'destination', open putty session, create tunnel to 'intermediate' using following settings: source port 3389, destination is 'source:33389', direction is local On 'source', open putty session, create tunnel to 'intermediate'using following settings: source port 33389, destination is 'destination:33389', direction is local Finally, on source, open termnal services client and connect it to localhost:33389.Unfortunately it seems like packets do go somewhere but eventually client times out. Am I totally misunderstanding the concept? Please help!

Read the article
Design Question

- by dturner71

Can I have two independent Connection servers attached to the same vCenter server? Here's my scenario. I'm setting up View 4 to provide desktops to two seperate Windows domains that are on different IP subnets seperated by a firewall. One cluster of physical servers, one vCenter server, linked clones. As I understand it View Connection server has to be a member of a Windows domain in order for quickprep to work. So the way to provide desktops to both Windows domains is to have a Connection server in each one right? Then open ports in the firewall so the Connection server from the other subnet can communicate with vCenter. Any reason why this won't work? Or is there a better way to accomplish it?

Read the article
Debian pure-ftpd, Restrict access

- by durduvakis

I am running Debian Wheezy, with ISPConfig 3, plus ModSecurity and I would like to restrict access to ftp to specific IP(s) globally (not to specific ftp users only), that can be either 127.0.0.1 or one I would manually add later. I would also like to completely disable ftp access from the web, but allow only from ftp-client software (if that is possible). The idea of closing firewall ports is not what I want. I know I can do this setting some firewall rule though, but that is not what I currently need. I have managed to do this for example on phpmyadmin inside it's .conf file, but unfortunately I cannot find any configuration to alter for pure-ftpd in my system. Restricting web-ftp access maybe possible by adding some rule in apache2 conf, but I am not sure how to write such a rule. Thanks to everyone that can help cheers

Read the article
Do two portforward rules translate to "and"?

- by blsub6

I just set up an Exchange server to replace my DeskNow mail server. I want to start testing my internet mail exchange of my Exchange server. I can only set the MX records on my DNS up to my one external IP address so I was thinking that I could set up a firewall rule on my internet-facing firewall that port forwarded the smtp packets to two different servers. My question is: If I do that, will that mean that the smtp packets will be forwarded to just the first internal IP on the list? Or does it mean that the packet will be cloned and sent to both IPs?

Read the article
Bound external Cisco CIGESM ports to a specific BladeServer

- by Vinícius Ferrão

We have an IBM BladeCenter with 14 blade servers and one external Cisco CIGESM for Ethernet connectivity. Since this hardware is a little old, we will use it for other services, and we want to run a pfSense instance on one of the blades. It's just an Firewall Appliance, but it needs two network interfaces: one for the WAN and the other one for LAN access. Our architecture works on top of static routes, we don't use NAT, so we got the WAN IP in one interface routing to the another one. The main problem is how to plug the WAN cable in one of the four external ports and make it exclusive to the blade server containing the firewall. And we also need an exit port that goes through a 3COM 4200G switch that makes the internal routing and VLAN separation. Thanks in advance

Read the article
FTP error when doing file transfer

- by Ernie

I'm running vsftpd version 3.0.2 over FTPeS, and I'm having a bit of trouble with file transfers. It seems to work fine when I'm on the LAN, but not from an external IP address. I have the control port and data ports open on my server's software firewall and my router's firewall. When I'm using the service from an external IP address, it seems like sometimes a file transfer will complete, but it times out and I always get the client error: "426 Failure writing network stream". I've tried several clients. I'm thinking there is some sort of data sabotage either at the router or some server policy; maybe because I'm using passive ftp? Suggestions?

Read the article
Iptables Allow MYSQL server incoming requests

- by thompatry

I am trying to get my new MediaWiki server to allow connections to our MySql Server and right now I cannot get my iptables firewall set up right for this. The rule I am applying is the following iptables -A INPUT -p tcp -d 129.130.155.39 --dport 3306 -j ACCEPT # MySQL But my iptables log is still show that the connections can not be established and is being blocked/denied. Nov 21 09:48:39 hds-it kernel: Firewall Deny: [OUTPUT] IN= OUT=eth1 SRC=129.130.155.210 DST=129.130.155.39 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=29232 DF PROTO=TCP SPT=58862 DPT=3306 SEQ=914529531 ACK=0 WINDOW=14600 RES=0x00 SYN URGP=0 OPT (020405B40402080A03BCF2BC0000000001030307) When I turn off iptables, everything works as it should including editing the wiki database. What am I doing wrong with my rule.

Read the article
Best practice for ONLY allowing MySQL access to a server?

- by Calvin Froedge

Here's the use case: I have a SaaS system that was built (dev environment) on a single box. I've moved everything to a cloud environment running Ubuntu 10.10. One server runs the application, the other runs the database. The basic idea is that the server that runs the database should only be accessible by the application and the administrator's machine, who both have correct RSA keys. My question: Would it be better practice to use a firewall to block access to ALL ports except MySQL, or skip firewall / iptables and just disable all other services / ports completely? Furthermore, should I run MySQL on a non-standard port? This database will hold quite sensitive information and I want to make sure I'm doing everything possible to properly safeguard it. Thanks in advance. I've been reading here for a while but this is the first question that I've asked. I'll try to answer some as well = )

Read the article
Vista to Vista network visability issue

- by Sk93

Hi All, I've got a Vista Business PC and a Vista Business Laptop connected via a virgin media router (Netgear CG2100D) and I cannot get the two machines to see each other correctly over the network. The laptop is connected via wireless, whilst the pc is wired. Both are set to recieve their network settings automatically (DHCP) and both have the windows firewall (the only firewall on either) turned off completely. I can ping each machine fine from one another using the ip addresses, and I can also connect via \. However, connections via \ fail, and I cannot see the machines in the network map. I have tried turning netBIOS to be "always on" on both adapters, but this makes no difference. I've been messing around pretty much for 6 hours now and am getting quite fustrated by this! (my original aim was to get media sharing working, but I've pretty much abandoned that for now). Any ideas?

Read the article
VPN ipsec tunnel from router to single windows server computer (gateway-to-host)

- by Chris Miller

Firstly, is this possible? The situation: 2 different ISP's. One has several servers and a firewall running. The other is limited to only one virtual server with one network card running windows server 2008r2. I need to set up a site-to-site style VPN using IPsec between the firewall of one ISP and the windows host on the other (gateway-to-host). This host has to run a SQL-Server that I can access from the other ISP's servers through the VPN tunnel. It seems looking at the RFC for IPsec that this should be possible using the features of Windows 2008, but I can't get it to work so far... It seems that I can't access any services running on the same computer or IP address used as the tunnel endpoint? Thanks Chris

Read the article
Permission to see the expandable list of ISA Server 2006

- by Hossein Mobasher

I am working on ISA Server 2006 in Windows Server. I want to add some policy rules to my server, I followed this link. But It points to In the Microsoft Internet Security and Acceleration Server 2006 management console, expand the array name, and then click the Firewall Policy node. When I open the ISA Server 2006 Management Console, I can not show the expand list, how can I force ISA to show the expandable tree to start Firewall Policy? Could any one please help me to do this ? Note : I have administrator permission for my account. Thanks in advance :)

Read the article
Have two exchange servers to communicate together

- by Data-Base

We have Exchange Server 2007 using our domain ddd.com. We created an isolated network with a firewall/gateway and installed a DC and Exchange Server 2010 using a demo/test domain (ddd.loc). We opened all the needed ports in the firewall (10.10.2.88) to the Exchange Server 2010. In our main Domain Controller (10.10.2.3) we defined the domain ddd.loc with IP 10.10.2.88 (firewalls). We also we defined MX records to the same IP (10.10.2.88) We did that so when we send email from my email [email protected] it will go to the Exchange Server 2010. Anyways, all the pings test from to any servers are OK. But we are not able to send or receive emails. Between these Exchange Servers we can not send any email from the 2010 to any email in general (emails are pending). Also, in Exchange 2007 we are getting error #550 5.1.1 RESOLVER.ADR.RecipNotFound; not found ##

Read the article
Filtering attachment types in Google Apps (free Google Business)

- by Ernest

We have Google apps in our company for mail delivery, our business can't pay the business version yet, however, we need to control the attachment types that employees download. We recently switched from another hosting provider who recomended us to plug Google Apps for mail when we moved the domain, we had a firewall before which was able to prevent certain file types to be downloaded. I know the business version has section for filtering mail (postini services). Is there a hack around my problem? Anyone ever had this problem? Thank you! UPDATE: The main problem is gmail apps uses ssl connection, can this be changed ? how can i get the firewall to filter files only allowing *.doc, *.xls y *.pdf.

Read the article
Only ONE Outlook 2010 installation "Cannot connect to Exchange server" when setting up new profile.

- by Johnny PDEX

Exchange 2010, one-server installation (small production, I know not best practice) OWA Connectivity has been confirmed, Autodiscover is configured and working properly for EVERY other installation. Other user accounts tested on problem Outlook, none can connect. Windows Firewall is pre-configured by Group Policy, only modifications being related to remote management. Firewall has also been disabled during diagnostic period. Network discovery and file sharing is enabled on workstation as well. Windows 7 Professional, latest updates installed. Driving me nuts. Help, serverfault?

Read the article
rsyslog server - Can you split up and organize logs?

- by Jakobud

I recently setup one of our servers as an rsyslog server. I now have our firewall setup to log everything to that rsyslog server. But there doesn't seem to be an organization of the logs. All the firewall logs are just being dumped into the /var/log/messages on the rsyslog server. I guess I was maybe expecting them to at least be in a machine specific log file or directory. How can I organize the incoming logging? If I setup 20 servers to all log everything to a central rsyslog server, I really don't want everything being dumped into one big file or a few files. How can I setup rsyslog to tell it where to log what? Like if all the logs for a specific server were in it's own directory/file, etc... Is this possible?

Read the article
How two use 2 subnets on one network

- by BGuy2010

I have some servers at a colocation. They've given us an IP range,subnet,and gateway. Now we have run out of IP's and they've given us a new range of IP's but with a different subnet and gateway. We have a Juniper NetScreen firewall and a load balancer, and I am not sure how to proceed in order to be able to use these new IPS that are on a different subnet. Do I need to setup a new VLAN? on our firewall? I tried adding one of the new IP's on one of our servers, with the new subnet and gateway. I could ping the alternate gateway, but could not ping the assigned IP from outside or from inside.

Read the article
Cannot connect to IIS 7 from localhost

- by Wout

I cannot connect to the local IIS 7 using "http://localhost" in IE. "http://127.0.0.1" doesn't work either. The strange thing is that if I add a binding on e.g. port 81, then I can reach "http://localhost:81". Also turning off the firewall on the local machine doesn't help. The site is reachable from the internet. The local requests don't seem to hit IIS (no entries in the IIS log files). IIS is hosted on Windows Server 2008 R2 from behind a hardware firewall device. Note that I'm a programmer, not a network administrator, so I'm having a hard time trouble shooting this.

Read the article
linux intrusion detection software

- by Sam Hammamy

I have an Ubuntu VPS that I use for practice and deploying prototypes as I am a python developer. I recently started teaching my self sys admin tasks, like installing OpenLDAP. I happened to turn off the ufw firewall for just a minute, and when I ran an netstat command, I saw a foreign ip connected to ssh that I traced to china. I'd like to know a few things: 1) Is there any good network intrusion detection software, such that if any IP that's outside a specific range connects to the VPN, I can be notified? -- I am thinking about scripting this, but I'm pretty sure there's something useful out there and I believe in the wisdom of crowds. 2) How did this person gain access to my server? Is it because my firewall was down? Or is it because they browsed my LDAP directory and from there figured out a way to connect (there was a clear text password in the tree but it wasn't one used by the server's sshd)?

Read the article

< Previous Page | 44 45 46 47 48 49 50 51 52 53 54 55 | Next Page >