Search Results

Search found 1837 results on 74 pages for 'act'.

Page 51/74 | < Previous Page | 47 48 49 50 51 52 53 54 55 56 57 58  | Next Page >

  • Setting up VPN with Snow Leopard Server and Linksys router

    - by SueP
    I'd like to get VPN going so I can log in to the office securely from home. I'm using Snow Leopard machines everywhere, and currently have Airport Extremes set up at home and at the office. I have a mac mini with Snow Leopard Server that I'm going to move to the office to act as my server. I just bought a Linksys 4-port router because it says it does VPN (model RVS4000). My problem is, I don't have a clue how to set this thing up, and the more reading I do, the more confused I get. Do I need two of these routers, one at each end? My laptop and iPad claim they can do VPN, so I was assuming I only needed one VPN router? At this point, I literally don't know what questions to ask, or where to plug this thing in. Presumably, between the modem and the airport, but...? If somebody can walk me thru some really basic setup, I'd be very grateful. Right now, I feel like going outside and screaming for a while. But that might attract the local cougar, and after the prints I saw on the arena this afternoon, I don't want to draw its attention. :-)

    Read the article

  • Simplest DNS solution for remote offices

    - by dunxd
    I look after a bunch of remote offices that connect via VPN - a Cisco ASA 5505 in each office acts as Firewall and VPN end point. Beyond that we keep things as simple as possible in the offices to minimise the support burden. We don't have any kind of server except in offices large enough to justify having someone dedicated to IT. Basically there is the ASA, some computers, a network printer and a switch. One of the problems I am seeing in a lot of offices is that DNS requests looking up hosts inside our network often fail - I'm assuming timeouts due to the offices internet connection (they are all in developing world countries) having some sub-optimal qualities (e.g. high latency caused by VSAT segments, or packet loss. The obvious solution to this is to have some sort of local DNS service that can serve local requests - so I think it would need to do zone transfers from our Microsoft Windows 2008 R2 DNS servers at HQ. However, simply installing Windows Servers in each office is both expensive, and creates a support burden. This got me thinking about pfsense/m0n0wall on embedded devices - those can act as a DNS server, and could be configured at HQ and sent out as just something that needs to be plugged into the network and can then be forgotten about by the staff locally. Maybe there are some alternatives to the ASA 5505 that include some DNS functionality. Has anyone here dealt with the problem, either using some kind of embedded device, or found some other solution? Any gotchas or reasons to avoid what I have suggested?

    Read the article

  • Why does my exchange message filtering rule not work?

    - by Jon Cage
    I have two rules set up to sort incoming bug reports. The first is specific to a single device: Apply this rule after the message arrives sent to SMS Distribution and with <source_device_number>: in the body move it to the BugReports\<source_device_number> folder ..and the second is a catch-all for everything else: Apply this rule after the message arrives sent to SMS Distribution move it to the BugReports folder For some reason though, the first rule never seems to act even though it's higher in the list. So for some reason an email like the following doesn't seem to get caught by the first rule: From: <SourceDeviceUID> To: SMS Distributor Subject: Message from <SourceDeviceUID> Message: <source_device_number>: Device encountered a problem. Details below... ...where <source_device_number> is an integer. The second rule works fine. But for some high-priority devices, I want them automatically sorted. Why might that first rule fail?

    Read the article

  • kvm-over-ip, multiple machines per cable run

    - by Sirex
    I'm looking at getting a kvm-over-ip setup for a server room. Typically these devices have 16 or so cat5 leads that come out of them and then a convertor that converts each cat5 into a vga & ps2 pair. Can you run one cable from the unit into a switch, and then leads from the switch into each machine ? I have several machines on the other side of the server room that i'd like to have avaliable but i dont want to run 16 cables to them. I'm thinking this should be possible being IP layer and all, but as each device normally has its own cable out the back of the kvm unit i'm not certain. Perhaps the kvm's rear ports act essentially like a switch anyway in which case it should work, or perhaps if i run all 16 cables into a seperate switch right next to it and aggregate the ports together, run one cable to a switch on the other side of the room with similar number of ports agregated together, then use that switch to plug each macine into ? I'm fairly sure this is possible, but i just want to check before i shell out the cash as i've never tried it.

    Read the article

  • What are the frequencies of current in computers' external peripheral cables and internal buses?

    - by Tim
    From Wikipedia, three different cases of current frequency are discussed along with the types of cables that are suitable for them: An Extra Ordinary electrical cables suffice to carry low frequency AC, such as mains power, which reverses direction 100 to 120 times per second (cycling 50 to 60 times per second). However, they cannot be used to carry currents in the radio frequency range or higher, which reverse direction millions to billions of times per second, because the energy tends to radiate off the cable as radio waves, causing power losses. Radio frequency currents also tend to reflect from discontinuities in the cable such as connectors, and travel back down the cable toward the source. These reflections act as bottlenecks, preventing the power from reaching the destination. Transmission lines use specialized construction such as precise conductor dimensions and spacing, and impedance matching, to carry electromagnetic signals with minimal reflections and power losses. Types of transmission line include ladder line, coaxial cable, dielectric slabs, stripline, optical fiber, and waveguides. The higher the frequency, the shorter are the waves in a transmission medium. Transmission lines must be used when the frequency is high enough that the wavelength of the waves begins to approach the length of the cable used. To conduct energy at frequencies above the radio range, such as millimeter waves, infrared, and light, the waves become much smaller than the dimensions of the structures used to guide them, so transmission line techniques become inadequate and the methods of optics are used. I wonder what the frequencies are for the currents in computers' external peripheral cables, such as Ethernet cable, USB cable, and in computers' internal buses? Are the cables also made specially for the frequencies? Thanks!

    Read the article

  • Computer Freezes with "Bugcheck 0" on Windows 7. How do I figure out why?

    - by George Stocker
    After about 10 minutes of running, my computer will hang, exhibiting the following symptoms: Both monitors act as if there is no image being sent to them (on, but blacked out) The CAPS Lock key on the keyboard will not respond. The computer appears to still be running: CPU Fan is whirring. When I reboot, Windows says "The previous shutdown was unexpected." I've enabled the 'don't automatically restart' on an error, and asked the computer to make a memory dump whenever it crashes, but it hasn't done either. The problem is that there's no bugcheck for me to go off of, so there's no way for me to determine what the cause is (I think). Here are my system specs: Intel Core 2 Duo E6750 Gigabyte P35C-DS3R w/ 4.00 GB (DDR2 Ram) Nvidia 8800 GT Windows 7 I've tried running the Windows Memory checker, but the system also freezes when using that after about 10 minutes as well. How can I diagnose the problem with no bugcheck and no ability to run a memory checker? Update Running Memtest86 also causes the computer to crash (looks like it doesn't make it through a full pass - it was only running for about 10 minutes when the PC stopped responding).

    Read the article

  • IIS crashes with unhandled exception in ASP.NET

    - by SnowCrash
    We had an issue recently with an unhandled exception in an ASP.NET C# application bringing down IIS and all application pools that it was hosting. IIS Manager was unable to restart or stop/start the service and I was unable start IIS again after killing w3wp.exe in the task manager. A system reboot restored IIS to a running state; as a primarily Linux admin, I generally consider an unplanned system reboot to resolve a software error to be an act of high heresy. Is there a way to "harden" IIS so that a faulting application does not affect anything but the request that exposes the fault? Some details on the server and application fault. IIS: 7.5 .NET: 4.0 Windows Server 2008 R2 Faulted on call to System.Net.Dns.Resolve() with a url pointing to a non-existant domain as the argument. (I'm aware that this method is deprecated but the point that a page code issue shouldn't bring down the server still stands) The exception generated was SocketException. The faulting module according to event viewer was KERNELBASE.dll The issue was resolved by wrapping the call in a try-catch, logging the exception and displaying some generic content on the page. I'm hoping that I missed something in the IIS config that would switch it to "production" mode or something.

    Read the article

  • Route through site-to-site VPN not working

    - by Jonathan
    I'm trying to set up a site-to-site VPN using RRAS on two 2K8r2 servers since yesterday. The connection is working at this point, but I can't get it to send traffic from one site to the other one. Set up: the set up is the same on both sites: the server is connected to a router that's connected to a modem. The routers act like a DHCP-server and assign IP addresses from the range subnet.21-subnet-.100. Both servers use a static IP address, subnet.11, and are set up as DMZ. Configuration: the servers are configured using the wizard to set up a site-to-site connection. This works with a demand-dial interface and a PPTP VPN connection. As mentioned, the VPN connection work properly. Problem: I can't get the servers to send the traffic for the other site, to be sent through the VPN connection. I added a static route on both server (home, office 1) and I can see the result in the IP routing table (home, office 1). I did this because the route didn't show up automatically. My guess is that this last step isn't right, for example because the routing table states "non demand-dial", which seems not correct. Home: Subnet: 10.0.1.0/24 Router: 10.0.1.1 Server: 10.0.1.11 (DMZ) DHCP: 10.0.1.21-10.0.1.100 RRAS DHCP: 10.0.1.101-10.0.1.150 Office 1: Subnet: 10.0.2.0/24 Router: 10.0.2.1 Server: 10.0.2.11 (DMZ) DHCP: 10.0.2.21-10.0.2.100 RRAS DHCP: 10.0.2.101-10.0.2.150 I hope someone has an idea to get this route working!

    Read the article

  • Apache Mod SVN Access Forbidden

    - by Cerin
    How do you resolve the error svn: access to '/repos/!svn/vcc/default' forbidden? I recently upgraded a Fedora 13 server to 16, and now I'm trying to debug an access error with a Subversion server running on using Apache with mod_dav_svn. Running: svn ls http://myserver/repos/myproject/trunk Lists the correct files. But when I go to commit, I get the error: svn: access to '/repos/!svn/vcc/default' forbidden My Apache virtualhost for svn is: <VirtualHost *:80> ServerName svn.mydomain.com ServerAlias svn DocumentRoot "/var/www/html" <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory "/var/www/html"> Options Indexes FollowSymLinks AllowOverride None Order allow,deny Allow from all </Directory> <Location /repos> Order allow,deny Allow from all DAV svn SVNPath /var/svn/repos SVNAutoversioning On # Authenticate with Kerberos AuthType Kerberos AuthName "Subversion Repository" KrbAuthRealms mydomain.com Krb5KeyTab /etc/httpd/conf/krb5.HTTP.keytab # Get people from LDAP AuthLDAPUrl ldap://ldap.mydomain.com/ou=people,dc=mydomain,dc=corp?uid # For any operations other than these, require an authenticated user. <LimitExcept GET PROPFIND OPTIONS REPORT> Require valid-user </LimitExcept> </Location> </VirtualHost> What's causing this error? EDIT: In my /var/log/httpd/error_log I'm seeing a lot of these: [Fri Jun 22 13:22:51 2012] [error] [client 10.157.10.144] ModSecurity: Warning. Operator LT matched 20 at TX:inbound_anomaly_score. [file "/etc/httpd/modsecurity.d/base_rules/modsecurity_crs_60_correlation.conf"] [line "31"] [msg "Inbound Anomaly Score (Total Inbound Score: 15, SQLi=, XSS=): Method is not allowed by policy"] [hostname "svn.mydomain.com"] [uri "/repos/!svn/act/0510a2b7-9bbe-4f8c-b928-406f6ac38ff2"] [unique_id "T@Sp638DCAEBBCyGfioAAABK"] I'm not entirely sure how to read this, but I'm interpreting "Method is not allowed by policy" as meaning that there's some security Apache module that might be blocking access. How do I change this?

    Read the article

  • Downmix surround to Dolby Pro-Logic at the OS/driver level in Windows 7?

    - by davr
    First off, I'm talking about Dolby Pro-Logic, a really old tech for encoding 4 audio channels (L/R/C/SR) into two analog outputs, and then extracting them again. It was used in surround sound systems in the last century. I have a modern PC that can output 5.1 analog audio (Three outputs on the back carry six channels of audio). But I have a really old surround sound reciever that only has a two-channel, L/R input, which it extracts 4 channels of audio from, and outputs to 5.1 speakers. What I want is some way for the OS, Windows 7, to act as if I really had 5.1 audio channels available, so applications produce surround audio, but before outputting it out of the back of my PC, apply Dolby Pro-Logic matrix encoding so that it outputs over only two channels. These two channels would then get sent to my receiver via a RCA cable, which would decode it again and drive the surround speakers. Is anything like this possible? I'm pretty sure I could do it at an application / codec level, but I'm looking for something that I just have to set once.

    Read the article

  • Upgrade SQLServer 2008 hardware

    - by John
    Forgive me if I'm not able to be totally clear here. It is not intentional, I'm a senior level developer in a very small company having to act like a manager at the moment. Anyway, the story is that we have 2 older dell servers with SQL Server 2008 Standard in a "cluster". I put that in quotes because I'm still not 100% clear what that means. We have 2 brand new blade servers and want to move the existing databases to the new hardware. Ok, so here is the gotcha. We need to do this with little or no down time. I'm being told that we can evict the passive node, then pull in one of the new servers. But I'm also being told that this is a dangerous step because something could go wrong that would cause the cluster to fail and then we would be left with nothing because the active server would not be able to come back up. Does anyone have any thoughts on how to handle this? I'm being told that the only way to ensure success is to have at least a day of down time where we bring up a new cluster on the new hardware and then migrate the databases 1 by 1.

    Read the article

  • Setting up VPN with Snow Leopard Server and Linksys router

    - by SueP
    I'd like to get VPN going so I can log in to the office securely from home. I'm using Snow Leopard machines everywhere, and currently have Airport Extremes set up at home and at the office. I have a mac mini with Snow Leopard Server that I'm going to move to the office to act as my server. I just bought a Linksys 4-port router because it says it does VPN (model RVS4000). My problem is, I don't have a clue how to set this thing up, and the more reading I do, the more confused I get. Do I need two of these routers, one at each end? My laptop and iPad claim they can do VPN, so I was assuming I only needed one VPN router? At this point, I literally don't know what questions to ask, or where to plug this thing in. Presumably, between the modem and the airport, but...? If somebody can walk me thru some really basic setup, I'd be very grateful. Right now, I feel like going outside and screaming for a while. But that might attract the local cougar, and after the prints I saw on the arena this afternoon, I don't want to draw its attention. :-)

    Read the article

  • Router vs switch in a LAN [closed]

    - by servernewbie
    If I have a LAN and and connect it with a switch, I understand it uses a CAM table to route packets in layer 2 (by saving mac to port relations). So far all good. However, when using a router for a LAN (ONLY for a LAN, not to connect it to "the outside" WAN/internet/etc) I get a bit confused as to how it internally processes packets. I would first split this into two router scenarios: Router with buit-in switch In this scenario, I would expect that it will act exactly as a switch with a CAM table internally. This would probably benefit a bit in speed (guessing here?) compared to the next option. Router without built-in switch Here is where I get confused. If hostA wants to send a packet to hostB, it will ARP to find hostB's MAC address and send it there. Now, if we had a switch (above scenario) this would be easy. But how does it work now in a router WITHOUT a switch? If I would guess, hostA would send an Ethernet frame with hostB's MAC address to the line. The router would fetch the packet (even though the router has another MAC address, it would still fetch this packet even if it only contains hostB's MAC address). It would strip the Ethernet frame header and check the IP, and then check its own internal ARP table again for the MAC address. Now, this would seem like a waste of resources compared to a router with a built-in switch. But maybe it does not work like that at all. Does it also contain a CAM table? If that would be true, what would then the difference between these two routers really be?

    Read the article

  • Forcing programs to be installed to another drive

    - by zyboxenterprises
    I have an SSD as my main Windows drive, with a 640GB 2.5" HDD, partitioned to store programs and user settings, and also to act as backup (it's the only thing I had lying around at the time of building my PC). The task was to make the PC as fast as possible, while having an increased storage capacity available to store normal user data, and to assist in my small data recovery business. The problem is that whenever I install a program, it installs to C:\Program Files [(x86 for the 32 bit programs]\, although I have changed the environment variables. This wouldn't normally be an issue, however every installation program points its shortcut to my 640GB HDD. The root layout of both drives: To clarify: Program files get installed to C:\ Program shortcuts are always pointed to Z:\, my 640GB HDD Modifying the relevant environment variables doesn't do anything, I looked at this, but however it only talks about modifying the registry and environment variables, which I have already done so. I install to the Z:\ drive if the installation program lets me change the installation path, but however the installation programs sometimes don't let me change this. Is there a way that I can force every program to install to the relevant location on Z:\? Perhaps I'm missing something here? Edit: Found this program; would it be appropriate to use in my case? I would be able to move the entire Program Files (and its x86 version) to Z:\, without impacting on the performance.

    Read the article

  • How should a small company administer their web server?

    - by John Isaacks
    We currently have our website hosted by a small company that is actually a reseller for Rackspace. They act as our server administrators. They configured the servers, handle the backups, if there is a problem, we call them and they fix it. We are growing and want to move away from our shared server to either a cloud or dedicated server. I am thinking cloud myself but I am open to either. The current company doesn't seem to want to offer us anything more than a shared hosting plan. I looked into cloud solutions at vps.net, with them I would have to be the server administrator myself. I am the website programmer but administering the server is outside my comfort zone. vps.net does have a $99/month plan for Pro-Active Managed Support but I am not sure if this is the equivalent on a server admin that is there when you need them. We could hire someone in house, but I think that would be overkill for our needs. I am not exactly sure what we need, I do know we need as close to 100% uptime as we possible can. and we need the ability to add/remove/change the server configuration/software/etc. when needed (though changes shouldn't be very often once everything is setup right). Can someone point me in the right direction? What do other companies do?

    Read the article

  • Squid reverse proxy array - siblings not communicating with each other

    - by V. Romanov
    I want to set up 2 squid servers to act as reverse proxy and cache for a webserver on our intranet. The load balancing will be done with DNS round robin or just different mappings for different clients. The thing is, I want both servers to try and contact each other to see if they have the object required in cache before contacting the webserver for it (the network that servers the webserver is the bottleneck and I'm trying to eliminate it) Both squids are configured the same, here are the relevant config lines : acl dvr1_cache_it_best_tv_com dstdomain dvr1.cache.it.best-tv.com acl squid1_it_best_tv_com dstdomain squid1.it.best-tv.com acl squid2_it_best_tv_com dstdomain squid2.it.best-tv.com http_access allow dvr1_cache_it_best_tv_com http_access allow squid1_it_best_tv_com http_access allow squid2_it_best_tv_com http_access allow all http_port 8081 accel defaultsite=dvr1.cache.it.best-tv.com cache_peer dvr1.origin.it.best-tv.com parent 80 0 no-query originserver name=Proxy_dvr1_origin_it_best_tv_com cache_peer squid1.it.best-tv.com sibling 8081 3130 weight=10 name=Proxy_Squid1_it_best_tv_com cache_peer squid2.it.best-tv.com sibling 8081 3130 weight=10 name=Proxy_Squid2_it_best_tv_com cache_peer_access Proxy_dvr1_origin_it_best_tv_com allow dvr1_cache_it_best_tv_com cache_peer_access Proxy_squid1_it_best_tv_com allow squid1_it_best_tv_com cache_peer_access Proxy_squid1_it_best_tv_com allow squid2_it_best_tv_com cache_peer_access Proxy_squid1_it_best_tv_com allow dvr1_cache_it_best_tv_com cache_peer_access Proxy_squid2_it_best_tv_com allow squid1_it_best_tv_com cache_peer_access Proxy_squid2_it_best_tv_com allow squid2_it_best_tv_com cache_peer_access Proxy_squid2_it_best_tv_com allow dvr1_cache_it_best_tv_com just to make it clear - dvr1.cache is the alias for the proxy servers. dvr1.origin is the web server. Both servers work, both serve content and cache it and work fine. However, when I clear the cache on one server and then access it, it gets the content from the parent (DVR1_ORIGIN) instead of going to the sibling squid. What did I configure wrong? Or perhaps I don't understand the architecture correctly? I read the squid manuals but as far as I see i did it all by the book and yet it doesn't work right. Any help will be appreciated!

    Read the article

  • Generalized strategy for file server virtualization in Xenserver

    - by Jamie
    I'm not shopping as much as I'm looking for some guidance on good idea / bad idea strategies. I'm sure I'm not in the "best practices" budget range. Currently, I have 3 dell poweredges running xenserver in a pool. Each node has a ubuntu file server, serving about 6TB. One is the primary, the other two are rsync targets for backup. The 6TB is stored on their respective local storage disks as an LVM of 3x2tb virtual disks. The fileserver VM disks are also stored on the node local disks. Each node also runs a smattering of light-weight VMs for web, development, windows VMs, and stuff like that. Several of those VM's disks reside on a QNAP NAS to play with live migration. These VM's are often clients of the primary file server (like all the mail, web content, user files are stored on the file server, not on the mail, web, and samba VMs). This all works fine, and is a major step up for us. The downside is that the QNAP is a single point of failure. And the only thing the QNAP is doing is serving migratable VM images, not client data. Someday the poweredge local arrays will be full, and we will have to reinvent ourselves again. Is it wise to have heavywieght vms (like the fileserver, with its 6+ TB disks) on a SAN or NAS? Would it be better to keep the VMs lightweight, have the VM images on a SAN or NAS, and use 2 or more NAS act as NFS-serving file appliances? A hybrid SAN/NAS that can serve iscsi for images and NFS for the client vms? It seems like live-magration would be a misnomer if you have to migrate a fileserver with its entire 6+ TB disk. I recognize there are plenty of ways to skin the cat. We've already skinned it a few ways. What makes sense?

    Read the article

  • Windows Server 2008 ignores any change made to firewall

    - by Maurice Courtois
    I have been trying for the last 2 hours to make my Windows Server 2008 answer ping. I have tried almost every single solution I have found on the web, so far nothing work. My current setup: 2 NIC (1x Internet connection, 1x Local network) Server act as VPN server. So I set the corresponding NIC as either Public or Private. I also enable the rule for "File and Printer Sharing (Echo Request...)" for all Nic and from any IPs. I always been able to ping from the local network or the local ip while connected to the VPN. I also tried to create a specific rule for ICMP ping and disabling the firewall for all but the public nic. Regardless of all this, I still can't ping that server from Internet. Any idea suggestion what could cause this? I have the impression that when you set the server as VPN (I switch the box on when setting it up to block everything else than VPN connection) that changing anything to the firewall setting thought mmc is pointless !?!?

    Read the article

  • Using Active Directory through a Firewall

    - by Adam Brand
    I had kind of a weird setup today where I wanted to enable Windows Firewall on a Windows 2003 R2 SP2 computer that would act as an Active Directory Domain Controller. I didn't see one resource on the Internet that listed what would be required to do this, so I thought I'd list them here and see if anyone has anything to add/sees something that isn't necessary. Ports to Open with "subnet" scope: 42 | TCP | WINS (if you use it) 53 | TCP | DNS 53 | UDP | DNS 88 | TCP | Kerberos 88 | UDP | Kerberos 123 | UDP | NTP 135 | TCP | RPC 135 | UDP | RPC 137 | UDP | NetBIOS 138 | UDP | NetBIOS 139 | TCP | NetBIOS 389 | TCP | LDAP 389 | UDP | LDAP 445 | TCP | SMB 445 | UDP | SMB 636 | TCP | LDAPS 3268 | TCP | GC LDAP 3269 | TCP | GC LDAP Ports to Open with "Any" Scope (for DHCP) 67 | UDP | DHCP 2535 | UDP | DHCP ALSO You need to restrict RPC to use fixed ports instead of everything 1024. For that, you need to add two registry keys: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters Registry value: TCP/IP Port Value type: REG_DWORD Value data: <-- pick a port like 1600 and put it here HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters Registry value: DCTcpipPort Value type: REG_DWORD Value data: <-- pick another port like 1650 and put it here ...don't forget to add entries in the firewall to allow those in (TCP, Subnet scope). After doing all that, I was able to add a client computer to the AD domain (behind Windows Firewall) and log in successfully.

    Read the article

  • Can I use iptables on my Varnish server to forward HTTPS traffic to a specific server?

    - by Dylan Beattie
    We use Varnish as our front-end web cache and load balancer, so we have a Linux server in our development environment, running Varnish with some basic caching and load-balancing rules across a pair of Windows 2008 IIS web servers. We have a wildcard DNS rule that points *.development at this Varnish box, so we can browse http://www.mysite.com.development, http://www.othersite.com.development, etc. The problem is that since Varnish can't handle HTTPS traffic, we can't access https://www.mysite.com.development/ For dev/testing, we don't need any acceleration or load-balancing - all I need is to tell this box to act as a dumb proxy and forward any incoming requests on port 443 to a specific IIS server. I suspect iptables may offer a solution but it's been a long while since I wrote an iptables rule. Some initial hacking has got me as far as iptables -F iptables -A INPUT -p tcp -m tcp --sport 443 -j ACCEPT iptables -A OUTPUT -p tcp -m tcp --dport 443 -j ACCEPT iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to 10.0.0.241:443 iptables -t nat -A POSTROUTING -p tcp -d 10.0.0.241 --dport 443 -j MASQUERADE iptables -A INPUT -j LOG --log-level 4 --log-prefix 'PreRouting ' iptables -A OUTPUT -j LOG --log-level 4 --log-prefix 'PostRouting ' iptables-save > /etc/iptables.rules (where 10.0.0.241 is the IIS box hosting the HTTPS website), but this doesn't appear to be working. To clarify - I realize there's security implications about HTTPS proxying/caching - all I'm looking for is completely transparent IP traffic forwarding. I don't need to decrypt, cache or inspect any of the packets; I just want anything on port 443 to flow through the Linux box to the IIS box behind it as though the Linux box wasn't even there. Any help gratefully received... EDIT: Included full iptables config script.

    Read the article

  • Setup windows 2012 AD in Hyper-V for a Test environment

    - by hub
    Im trying to setup a Windos 2012 R2 test environment on my work computer (a laptop). I have a AD, DHCP and DNS server on server A, and a client connecting to the doman and that works. The client can ping the AD server and gets a valid IP adress. If I ping google.com from the client I get the IP adress but I dont get any responses (request time out). If i ping google.com from server A it works as it should. Server A have a connection to the Internet through a "external network switch" in hyper-v, which gets its internet from a router and the client is connected to a "internal network switch". May the poblem be that server A is behind a router? Can I make this solution to work regadless the network my laptop is connected to? At home i have one IP adress, at work its a totally different range. What I would like is to use my laptops internet connection, regardless wifi or wired, to act as incomming internet, is this possible?

    Read the article

  • Cisco ASA user authentication options - OpenID, public RSA sig, others?

    - by Ryan
    My organization has a Cisco ASA 5510 which I have made act as a firewall/gateway for one of our offices. Most resources a remote user would come looking for exist inside. I've implemented the usual deal - basic inside networks with outbound NAT, one primary outside interface with some secondary public IPs in the PAT pool for public-facing services, a couple site-to-site IPSec links to other branches, etc. - and I'm working now on VPN. I have the WebVPN (clientless SSL VPN) working and even traversing the site-to-site links. At the moment I'm leaving a legacy OpenVPN AS in place for thick client VPN. What I would like to do is standardize on an authentication method for all VPN then switch to the Cisco's IPSec thick VPN server. I'm trying to figure out what's really possible for authentication for these VPN users (thick client and clientless). My organization uses Google Apps and we already use dotnetopenauth to authenticate users for a couple internal services. I'd like to be able to do the same thing for thin and thick VPN. Alternatively a signature-based solution using RSA public keypairs (ssh-keygen type) would be useful to identify user@hardware. I'm trying to get away from legacy username/password auth especially if it's internal to the Cisco (just another password set to manage and for users to forget). I know I can map against an existing LDAP server but we have LDAP accounts created for only about 10% of the user base (mostly developers for Linux shell access). I guess what I'm looking for is a piece of middleware which appears to the Cisco as an LDAP server but will interface with the user's existing OpenID identity. Nothing I've seen in the Cisco suggests it can do this natively. But RSA public keys would be a runner-up, and much much better than standalone or even LDAP auth. What's really practical here?

    Read the article

  • Apache proxy: Why is one vhost returning Forbidden while the other one works?

    - by Stefan Majewsky
    I have a Java application that needs to talk to another intranet website using HTTPS in both directions. After fighting with Java's SSL implementations for some time, I gave up on that, and have now set up an Apache that's supposed to act as a bidirectional reverse proxy: external app ---(HTTPS request)---> Apache ---(local HTTP request)---> Java app This direction works just fine, however the other direction does not: Java app ---(local HTTP request)---> Apache ---(HTTPS request)---> external app This is the configuration for the vhost implementing the second proxy: Listen 127.0.0.1:8081 <VirtualHost appgateway:8081> ServerName appgateway.local SSLProxyEngine on ProxyPass / https://externalapp.corp:443/ ProxyPassReverse / https://externalapp.corp:443/ ProxyRequests Off AllowEncodedSlashes On # we do not need to apply any more restrictions here, because we listened on # local connections only in the first place (see the Listen directive above) <Proxy https://externalapp.corp:443/*> Order deny,allow Allow from all </Proxy> </VirtualHost> A curl http://127.0.0.1:8081/ should serve the equivalent of https://externalapp.corp, but instead results in 403 Forbidden, with the following message in the Apache error log: [Wed Jun 04 08:57:19 2014] [error] [client 127.0.0.1] Directory index forbidden by Options directive: /srv/www/htdocs/ This message completely puzzles me: Yes, I have not set up any permissions on the DocumentRoot of this vhost, but everything works fine for the other proxy direction where I haven't. For reference, here's the other vhost: Listen this_vm_hostname:443 <VirtualHost javaapp:443> ServerName javaapp.corp SSLEngine on SSLProxyEngine on # not shown: SSLCipherSuite, SSLCertificateFile, SSLCertificateKeyFile SSLOptions +StdEnvVars ProxyPass / http://localhost:8080/ ProxyPassReverse / http://localhost:8080/ ProxyRequests Off AllowEncodedSlashes On # Local reverse proxy authorization override <Proxy http://localhost:8080/*> Order deny,allow Allow from all </Proxy> </VirtualHost>

    Read the article

  • How do you get AWS VPC EC2 instances to be able to see the AWS APIs?

    - by Peter Mounce
    We're spinning up infrastructure inside of an AWS VPC via CloudFormation. We're using auto-scaling groups to bring up VPC-EC2 instances (so, we don't bring up instances directly; ASGs manage that). Inside of a PVC, EC2 instances only have a private IP; they cannot see the outside world without further work. When these instances spin up, we have some bootstrap tasks that require talking to the various AWS APIs. We also have some ongoing tasks that require AWS API traffic. How are you tackling this apparent chicken-egg problem? We've read about: NAT instances - but don't like this so much because it's another layer to our stack. assigning elastic-IPs to each VPC instance that needs to talk - but a) they all do, and b) since we're using ASGs, we don't know which instances to assign EIPs to at provision-time, and c) we'd need to set up something to monitor those ASGs and assign EIPs when instances are terminated and replaced spinning up an instance (actually, a load-balanced pair, probably spanning AZs) to act as an AWS-API proxy for all API traffic I guess I'm wondering whether there's some kind of back-door we can open that allows our VPC EC2 instances access to the AWS API endpoints, but nothing else, for cheap-complexity setup, that doesn't add another network-hop layer to our infrastructure for serving requests.

    Read the article

  • Creating "save as" functionality to .eml file in AppleScript

    - by unieater
    I'm new to AppleScript and trying to figure out how to save a Mail.app message as an .eml message. Ideally, I would like it to act similar to the Mail menu bar actions, in which it saves the message and the attachments together. The workflow is that you have a selection in Mail, hit a hotkey and the function creates a filename (newFile) for the email to be saved. I just need help with how to save the message to the path (theFolder) in an .eml format. tell application "Mail" set msgs to selection if length of msgs is not 0 then display dialog "Export selected message(s)?" if the button returned of the result is "OK" then set theFolder to choose folder with prompt "Save Exported Messages to..." without invisibles repeat with msg in msgs -- determine date received of msg and put into YYYYMMDD format set msgDate to date received of msg -- parse date SEMversion below using proc pad2() set {year:y, month:m, day:d, hours:h, minutes:min} to (msgDate) set msgDate to ("" & y & my pad2(m as integer) & my pad2(d)) -- assign subject of msg set msgSubject to (subject of msg) -- create filename.eml to be use as title saved set newFile to (msgDate & "_" & msgSubject & ".eml") as Unicode text -- copy mail message to the folder and prepend date-time to file name -- THIS IS WEHRE I AM COMPLETE LOST HOW SAVE THE EMAIL into theFolder end repeat beep 2 display dialog "Done exporting " & length of msgs & " messages." end if -- OK to export msgs end if -- msgs > 0 end tell on pad2(n) return text -2 thru -1 of ("00" & n) end pad2

    Read the article

< Previous Page | 47 48 49 50 51 52 53 54 55 56 57 58  | Next Page >