Search Results

Search found 1965 results on 79 pages for 'salt packets'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 56/79 | < Previous Page | 52 53 54 55 56 57 58 59 60 61 62 63  | Next Page >

  • SQUID Transparent SSL proxy (no intercept)

    - by user974896
    I know how to have squid work as a transparent proxy. You put it into transparent mode then use your router or IPTABLES to forward port 80 to the squid port. I would like to do the same for SSL. Every guide I see mentions setting up keys on the squid server. I do not want squid to actually decrypt the SSL traffic then establish a connection with the server, rather I would like squid to simply forward the SSL traffic as is. The only thing I would like to do is be able to check the SSL request for any offending IPs and drop the packets if the destination is one of them.

    Read the article

  • Access my router's gateway network?

    - by Danpe
    I have 2 routers in my place. Main Router (Connected to the Internet) - 192.168.1.1 Secondery Router (Connected to the Main Router) - 192.168.0.1 I have a Network Storage Device and few Shared Directorys connected to the Main Router. (Network Storage - 192.168.1.16) How can i acces one of them using a PC connected to the Secondery Router? Home Network Diagram: I currently have access to the internet using both laptop and Main PC. But i want to get access from my laptop to the Storage and to ym shared directorys. The problem is the my Main router always forwards all packets stright to the WAN.. (Internet)

    Read the article

  • Simulating network latency for localhost connection on Windows 7

    - by nitro2k01
    I need to simulate network latency to a program running on the local computer, connecting to a local service. Thus far I have tried dummynet (a windows build of ipfw) which I got working after some trial and error. While it generally works, I can't seem to get it to filter localhost traffic. Even after adding a rule from any to any which affects external traffic, this makes no difference for local connections. I would appreciate if anyone knows how to simulate local latency using dummynet or a different tool. The tool should be able to simulate latency generically in IP packets, (TCP and UDP) and not be protocol specific.

    Read the article

  • Cannot connect to internet with Clearwire modem.

    - by ide
    I'm currently using a Motorola WiMAX modem (CPEi 25725) and cannot connect to the internet. I can connect to the modem at 192.168.15.1 and check its status. It says that it has good/excellent connectivity to the internet and shows all five signal bars. Additionally it has sent and received some WiMAX packets so I believe it is connected to a tower. I'm at a loss for what the problem is. Unplugging the modem, restarting it from software, and restarting my computer (Windows 7) have not helped. Windows still reports that it is not connected to the internet. Alternatively, could this be an ISP issue? I have heard that Clearwire is a not-so-reputable ISP that blocks VoIP, and I was using Skype recently.

    Read the article

  • Can I create a virtual network interface to connect to a real network device?

    - by michelemarcon
    I have a networked windows pc with 2 network interfaces. The first connects to a lan with ip address 10.1.. The second connects to another lan with ip address 10.2.. Maybe it's a dumb question, however is it possible to virtualize the second network interface, so that the pc can connect to the 2 lans? If necessary, I may switch to linux or paravirtualization. CLARIFICATION: I want to send DHCP broadcast packets on the second lan, but not on the first lan. I want to do it with one single physical network interface. At the moment, I'm not using any virtualization software.

    Read the article

  • tcp handshake failed.client send rst (after syn-ack). can any one advice?

    - by user1495181
    architecture: 2 linux computer connected . on the second (192.168.1.1) one run apache server . I have a small program that take tcp packets from nfqueue change the dst ip to 192.168.1.1 in case that the dst ip is 192.168.1.2 (i know that i can do it with iptables , but my program will do more things in the future), fix check sum and return to the queue. if i call to telnet 192.168.1.1 , means that my program dosnt need to do any manipulation, handshake is OK. If i call to telnet 192.168.1.2 , my program change the dest. server get the syn and return syn-ack, but right after getting the syn-ack the client send rst. Can anyone advice? wireshark of the telnet tcpdump of the telenet above

    Read the article

  • OpenVPN - client-to-client traffic working in one direction but not the other

    - by Pawz
    I have the following VPN configuration: +------------+ +------------+ +------------+ | outpost |----------------| kino |----------------| guchuko | +------------+ +------------+ +------------+ OS: FreeBSD 6.2 OS: Gentoo 2.6.32 OS: Gentoo 2.6.33.3 Keyname: client3 Keyname: server Keyname: client1 eth0: 10.0.1.254 eth0: 203.x.x.x eth0: 192.168.0.6 tun0: 192.168.150.18 tun0: 192.168.150.1 tun0: 192.168.150.10 P-t-P: 192.166.150.17 P-t-P: 192.168.150.2 P-t-P: 192.168.150.9 Kino is the server and has client-to-client enabled. I am using "fragment 1400" and "mssfix" on all three machines. An mtu-test on both connections is successful. All three machines have ip forwarding enabled, by this on the gentoo boxes: net.ipv4.conf.all.forwarding = 1 And this on the FreeBSD box: net.inet.ip.forwarding: 1 In the server's "ccd" directory is the following files: client1: iroute 192.168.0.0 255.255.255.0 client3: iroute 10.0.1.0 255.255.255.0 The server config has these routes configured: push "route 192.168.0.0 255.255.255.0" push "route 10.0.1.0 255.255.255.0" route 192.168.0.0 255.255.255.0 route 10.0.1.0 255.255.255.0 Kino's routing table looks like this: 192.168.150.0 192.168.150.2 255.255.255.0 UG 0 0 0 tun0 10.0.1.0 192.168.150.2 255.255.255.0 UG 0 0 0 tun0 192.168.0.0 192.168.150.2 255.255.255.0 UG 0 0 0 tun0 192.168.150.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0 Outpost's like this: 192.168.150 192.168.150.17 UGS 0 17 tun0 192.168.0 192.168.150.17 UGS 0 2 tun0 192.168.150.17 192.168.150.18 UH 3 0 tun0 And Guchuko's like this: 192.168.150.0 192.168.150.9 255.255.255.0 UG 0 0 0 tun0 10.0.1.0 192.168.150.9 255.255.255.0 UG 0 0 0 tun0 192.168.150.9 0.0.0.0 255.255.255.255 UH 0 0 0 tun0 Now, the tests. Pings from Guchuko to Outpost's LAN IP work OK, as does the reverse - pings from Outpost to Guchuko's LAN IP. However... Pings from Outpost, to a machine on Guchuko's LAN work fine: .(( root@outpost )). (( 06:39 PM )) :: ~ :: # ping 192.168.0.3 PING 192.168.0.3 (192.168.0.3): 56 data bytes 64 bytes from 192.168.0.3: icmp_seq=0 ttl=63 time=462.641 ms 64 bytes from 192.168.0.3: icmp_seq=1 ttl=63 time=557.909 ms But a ping from Guchuko, to a machine on Outpost's LAN does not: .(( root@guchuko )). (( 06:43 PM )) :: ~ :: # ping 10.0.1.253 PING 10.0.1.253 (10.0.1.253) 56(84) bytes of data. --- 10.0.1.253 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2000ms Guchuko's tcpdump of tun0 shows: 18:46:27.716931 IP 192.168.150.10 > 10.0.1.253: ICMP echo request, id 63009, seq 1, length 64 18:46:28.716715 IP 192.168.150.10 > 10.0.1.253: ICMP echo request, id 63009, seq 2, length 64 18:46:29.716714 IP 192.168.150.10 > 10.0.1.253: ICMP echo request, id 63009, seq 3, length 64 Outpost's tcpdump on tun0 shows: 18:44:00.333341 IP 192.168.150.10 > 10.0.1.253: ICMP echo request, id 63009, seq 3, length 64 18:44:01.334073 IP 192.168.150.10 > 10.0.1.253: ICMP echo request, id 63009, seq 4, length 64 18:44:02.331849 IP 192.168.150.10 > 10.0.1.253: ICMP echo request, id 63009, seq 5, length 64 So Outpost is receiving the ICMP request destined for the machine on it's subnet, but appears not be forwarding it. Outpost has gateway_enable="YES" in its rc.conf which correctly sets net.inet.ip.forwarding to 1 as mentioned earlier. As far as I know, that's all that's required to make a FreeBSD box forward packets between interfaces. Is there something else I could be forgetting ? FWIW, pinging 10.0.1.253 from Kino has the same result - the traffic does not get forwarded. UPDATE: I've found that I can only ping certain IP's on Guchuko's LAN from Outpost. From Outpost I can ping 192.168.0.3 and 192.168.0.2, but 192.168.99 and 192.168.0.4 are unreachable. The same tcpdump behavior can be seen. I think this means the problem can't be due to ipforwarding or routing, because Outpost can reach SOME hosts on Guchuko's LAN but not others and likewise, Guchuko can reach two hosts on Outpost's LAN, but not others. This baffles me.

    Read the article

  • How to calculate required switch speed based on network usage?

    - by tobefound
    I have a 48 port HP Procurve Switch 2610 (J9088A) that can handle 13.0 million PPS (packets per second) and features wire speed switching capacity at 17.6Gbps. First off, what does that REALLY mean? Where do I start when trying to figure out if my office (with 70 employees) will be well setup with this switch? How to calculate through-put based on a user average load of X MB per day? 90% of the folks will only be sending email, access random websites, etc... the other 10% will be conducting heavier tasks like moving image files (10 MB) across network shares, constant external FTP streams through the switch to a server etc... Is this switch good enough?

    Read the article

  • internet speed and routers are controlled by whom

    - by Ozgun Sunal
    i need to learn two things. each is related to other a bit. The first one is, while our LAN speed is usually 100 Mbps or at gigabit levels(very big compared to WAN speeds), WAN speed for instance DSL connections are far less than this. However, we are able to download huge files at those Mb speeds. Isn't this weird? [my real concern is why WAN speed is lower than LAN speeds] Who controls those routers around the large Internet? (while we, as web clients are connected to Internet, packets travel through those routers to the destination network/s).But, are those routers all inside the ISP network and if not, who controls those large numbers of routers?

    Read the article

  • How a router decides destination of packet?

    - by user58859
    I have basic networking question. Scenario : Two pc's are communicating on a wan. Both the pc's ate behind routers or modems. My question : Both the pc's have public IP of each other. That public IP is most of the time is either of the router or of the modem. There can be more then one pc's behind those routers and modems. Then how the pc's are communicating. I can understand the packets can reach upto those routers or modems. But what after that. In the packet , destination IP is public IP. Then how the router or modem decides where to send the packet? Can anybody explain me this please. Thanks in advance.

    Read the article

  • Cisco access list logging. Why is there a difference between IPv4 and IPv6?

    - by growse
    I've got a Cisco 877 router. I've got an IPv4 access list and an IPv6 access list set up and configured similar to this: interface Dialer1 ... ip access-group INTERET-IN ipv6 traffic-filter IPV6-IN Each of these access lists has a final rule of deny ip/ipv6 any any log. However, in my syslog I notice that there's a difference in formatting between the two types of entries. IPv4 will say: %SEC-6-IPACCESSLOGP: list INTERNET-IN denied udp 88.89.209.63(137) -> 1.2.3.4(137), 1 packet Whereas the IPv6 list will say %IPV6_ACL-6-ACCESSLOGNP: list IPV6-IN/240 denied 59 2001:0:5EF5:79FD:14F9:B773:3EBA:3EE3 (Dialer1) -> 2001:800:1000:0::1, 8 packets Both have broadly the same information, but the IPv6 log entry is missing the protocol type and port, both of which are very useful if I'm trying to troubleshoot connectivity. Why is this? How do I get IPv6 deny logs to display the protocol and port used, if any?

    Read the article

  • Count all received packet using Tshark

    - by user1269592
    i am build application who start capturing via Tshark with command line and i am looking for option to count all the received packets after i am start Tshark process this is my function who start the process: int _interfaceNumber; string _pcapPath; Process tshark = new Process(); tshark.StartInfo.FileName = _tshark; tshark.StartInfo.Arguments = string.Format(" -i " + _interfaceNumber + " -V -x -s " + _packetLimitSize + " -w " + _pcapPath); tshark.StartInfo.RedirectStandardOutput = true; tshark.StartInfo.UseShellExecute = false; tshark.StartInfo.CreateNoWindow = true; tshark.StartInfo.WindowStyle = ProcessWindowStyle.Hidden; tshark.Start(); maybe someone had an idea ?

    Read the article

  • How do I stop someone from saturating my line & wasting CPU cycles

    - by JoshRibs
    My web host shows inbound & outbound traffic with mrtg. I have a steady 3.5mbps inbound traffic from Nigeria. Even assuming the source IPs & destination ports are blocked with Iptables & verifying nothing is listening on those ports, will the traffic still always pass through the switch & "get" to my server (where my server wastes CPU cycles "dropping" the packets)? Assuming I was setup with a hardware firewall, the traffic would still show in mrtg assuming the firewall is behind the switch? So is there any way to stop someone from saturating your 100mbps line, if they also have a 100mbps line? Other than filing an abuse complaint with the kind folks in Nigeria?

    Read the article

  • OpenVZ multiple networks on CTs

    - by user6733
    I have Hardware Node (HN) which has 2 physical interfaces (eth0, eth1). I'm playing with OpenVZ and want to let my containers (CTs) have access to both of those interfaces. I'm using basic configuration - venet. CTs are fine to access eth0 (public interface). But I can't get CTs to get access to eth1 (private network). I tried: # on HN vzctl set 101 --ipadd 192.168.1.101 --save vzctl enter 101 ping 192.168.1.2 # no response here ifconfig # on CT returns lo (127.0.0.1), venet0 (127.0.0.1), venet0:0 (95.168.xxx.xxx), venet0:1 (192.168.1.101) I believe that the main problem is that all packets flows through eth0 on HN (figured out using tcpdump). So the problem might be in routes on HN. Or is my logic here all wrong? I just need access to both interfaces (networks) on HN from CTs. Nothing complicated.

    Read the article

  • Rate of UDP packet loss over WLAN

    - by Martin
    While testing something with TFTP I noticed lots of timeouts (and slow speed as result) when I used my WLAN - and no problems when using a network cable. A quick test program sending/receiving UDP revealed that there are about 3-5% packets lost. While it's obvious that WLAN has to be less reliable than LAN, I have no knowledge what loss rates are considered 'normal' - and when there is a need to further investigate the network infrastructure. Are there 'typical' packet loss rates on WLAN (and other network technologies e.g. PowerLAN, WAN, ...? Thanks

    Read the article

  • Windows 7 with two network cards doesn't route traffic

    - by Tomek
    I have simple task to do: I have wni7 with two nics.I want to connect another comp(osx) to win7 through second nic to connect it to internet. I already changed the registry. Win7 interface with 192.168.2.1 has no gateway set (no point to do that) OSX interface with 192.168.2.2 has gateway set to 192.168.2.1 I do not add any routes on win7, every thing seems to be already there network on second nic is detected as "undefined network" (probably effect of no gateway) i can achieve any connectivity to internet from OSX only by enabling network connection sharing on nic with 192.168.2.1, but it enables NAT and I'm interested only in pure routing without nat(it's a setup for some research). firewall is off. It seems to me that win7 refuses to forward packets for some reason. Perhaps "undefined network" and NLA service is to blame, although i couldn't find any info about that. Below ascii schematics of my setup: internet<--router(192.168.1.1)<--(192.168.1.1) WIN7 (192.168.2.1)<--(192.168.2.2)OSX Thanks

    Read the article

  • outlook iptables configuration [update]

    - by mediaexpert
    I've a Debian mail server, but only the outlook users can't be able to download the emails. I've seen a lot of post about some kind of forwarding port configuration, I've tried some commands, but I don't be able to solve this problem, please help me. [LAST UPDATE] I find a lot of TIME WAIT on ipv6 netstat tcp6 0 0 my.mailserver.it:imap2 200-62-245-188.ip2:17060 TIME_WAIT - below some config files: pop3d I think the problem was here ##NAME: POP3AUTH:1 # # To advertise the SASL capability, per RFC 2449, uncomment the POP3AUTH # variable: # # POP3AUTH="LOGIN" # # If you have configured the CRAM-MD5, CRAM-SHA1 or CRAM-SHA256, set POP3AUTH # to something like this: # # POP3AUTH="LOGIN CRAM-MD5 CRAM-SHA1" POP3AUTH="" ##NAME: POP3AUTH_ORIG:1 # # For use by webadmin POP3AUTH_ORIG="PLAIN LOGIN CRAM-MD5 CRAM-SHA1 CRAM-SHA256" ##NAME: POP3AUTH_TLS:1 # # To also advertise SASL PLAIN if SSL is enabled, uncomment the # POP3AUTH_TLS environment variable: # # POP3AUTH_TLS="LOGIN PLAIN" POP3_TLS_REQUIRED = 0 POP3AUTH_TLS="" ##NAME: POP3AUTH_TLS_ORIG:0 # # For use by webadmin POP3AUTH_TLS_ORIG="LOGIN PLAIN" ##NAME: POP3_PROXY:0 # # Enable proxying. See README.proxy # # For use by webadmin POP3AUTH_TLS_ORIG="LOGIN PLAIN" ##NAME: POP3_PROXY:0 # # Enable proxying. See README.proxy POP3_PROXY=0 ##NAME: PROXY_HOSTNAME:0 # # Override value from gethostname() when checking if a proxy connection is # required. # PROXY_HOSTNAME= ##NAME: PORT:1 ##NAME: PROXY_HOSTNAME:0 # # Override value from gethostname() when checking if a proxy connection is # required. # PROXY_HOSTNAME= ##NAME: PORT:1 # # Port to listen on for connections. The default is port 110. # # Multiple port numbers can be separated by commas. When multiple port # numbers are used it is possibly to select a specific IP address for a # given port as "ip.port". For example, "127.0.0.1.900,192.68.0.1.900" # accepts connections on port 900 on IP addresses 127.0.0.1 and 192.68.0.1 # The ADDRESS setting is a default for ports that do not have a specified # IP address. # Port to listen on for connections. The default is port 110. # # Multiple port numbers can be separated by commas. When multiple port # numbers are used it is possibly to select a specific IP address for a # given port as "ip.port". For example, "127.0.0.1.900,192.68.0.1.900" # accepts connections on port 900 on IP addresses 127.0.0.1 and 192.68.0.1 # The ADDRESS setting is a default for ports that do not have a specified # IP address. PORT=110 ##NAME: ADDRESS:0 # # IP address to listen on. 0 means all IP addresses. ADDRESS=0 ##NAME: TCPDOPTS:0 # ##NAME: ADDRESS:0 # # IP address to listen on. 0 means all IP addresses. ADDRESS=0 ##NAME: TCPDOPTS:0 # # Other couriertcpd(1) options. The following defaults should be fine. # TCPDOPTS="-nodnslookup -noidentlookup" ##NAME: LOGGEROPTS:0 # # courierlogger(1) options. # LOGGEROPTS="-name=pop3d" ##NAME: DEFDOMAIN:0 # # Optional default domain. If the username does not contain the # first character of DEFDOMAIN, then it is appended to the username. # If DEFDOMAIN and DOMAINSEP are both set, then DEFDOMAIN is appended # only if the username does not contain any character from DOMAINSEP. # You can set different default domains based on the the interface IP # address using the -access and -accesslocal options of couriertcpd(1). DEFDOMAIN="@interzone.it" ##NAME: POP3DSTART:0 # # POP3DSTART is not referenced anywhere in the standard Courier programs # or scripts. Rather, this is a convenient flag to be read by your system # startup script in /etc/rc.d, like this: # # . /etc/courier/pop3d DEFDOMAIN="@mydomain.com" ##NAME: POP3DSTART:0 # # POP3DSTART is not referenced anywhere in the standard Courier programs # or scripts. Rather, this is a convenient flag to be read by your system # startup script in /etc/rc.d, like this: # # . /etc/courier/pop3d # case x$POP3DSTART in # x[yY]*) # /usr/lib/courier/pop3d.rc start # ;; # esac # # The default setting is going to be NO, until Courier is shipped by default # with enough platforms so that people get annoyed with having to flip it to # YES every time. # x[yY]*) # /usr/lib/courier/pop3d.rc start # ;; # esac # # The default setting is going to be NO, until Courier is shipped by default # with enough platforms so that people get annoyed with having to flip it to # YES every time. POP3DSTART=YES ##NAME: MAILDIRPATH:0 # # MAILDIRPATH - directory name of the maildir directory. # MAILDIRPATH=.maildir iptables Chain INPUT (policy DROP 20 packets, 1016 bytes) pkts bytes target prot opt in out source destination 60833 16M ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:143 state NEW,ESTABLISHED 18970 971K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpt:110 state NEW,ESTABLISHED Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT tcp -- * * 192.168.0.0/24 0.0.0.0/0 tcp dpt:110 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT tcp -- * * 192.168.1.0/24 0.0.0.0/0 tcp dpt:110 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:25 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:110 pop3d.cnf RANDFILE = /usr/lib...pop3d.rand [req] default_bits = 1024 encrypt_key = yes distinguidhed_name = req_dn x509_extensions = cert_type prompt = no [req_dn] C=US ST=NY L= New York O=Courier Mail Server OU=Automatically-generated POP3 SSL key CN=localhost [email protected] [cert_type] nsCertType = server

    Read the article

  • How to configure something like "Reflexive ACL" on OpenBSD?

    - by Earlz
    My U-Verse modem has something called "Reflexive ACL" described as Reflexive ACL: When IPv6 is enabled, you can enable Reflexive Access Control Lists to deny inbound IPv6 traffic unless this traffic results from returning outgoing packets (except as configured through firewall rules). This seems like a pretty good way to keep from having to maintain a firewall on each computer behind my router that gets handed an IPv6 address. It sounds about like a NAT, which for my small home network is all I want right now. Now my modem sucks as a router though, so I'm in the process of configuring an OpenBSD router to do that. I've got IPv6 supported and all that and my OpenBSD router will hand out IPv6 addresses by rtadvd. Now I want to keep people from having instant access to my local network through IPv6. How would I best do something like Reflexive ACL with pf in OpenBSD 5.0?

    Read the article

  • Dns works, can ping, but cannot load web pages in browser

    - by user1224595
    Yesterday I changed routers, and my desktop computer started acting up. I could ping websites, and nslookup was able to resolve names to addresses, but neither chrome, firefox, nor ie could load any webpages. None of my other computers connected to the same wireless router have any problems. I connect my desktop to the router through a cheap wifi dongle. I did a wireshark capture of the browser request, and I have uploaded the pcap here. https://drive.google.com/file/d/0B7AsPdhWc-SwbTV0bUJLQXo4UUE/edit?usp=sharing One strange thing I noticed was the spamming of ssdp packets. I am not super familiar with networking, but it seems that it is not a problem with the router, as dns works, and so does dhcp (the desktop is assigned an address correctly). Any help would be appreciated.

    Read the article

  • Mitigating the 'firesheep' attack at the network layer?

    - by pobk
    What are the sysadmin's thoughts on mitigating the 'firesheep' attack for servers they manage? Firesheep is a new firefox extension that allows anyone who installs it to sidejack session it can discover. It does it's discovery by sniffing packets on the network and looking for session cookies from known sites. It is relatively easy to write plugins for the extension to listen for cookies from additional sites. From a systems/network perspective, we've discussed the possibility of encrypting the whole site, but this introduces additional load on servers and screws with site-indexing, assets and general performance. One option we've investigated is to use our firewalls to do SSL Offload, but as I mentioned earlier, this would require all of the site to be encrypted. What's the general thoughts on protecting against this attack vector? I've asked a similar question on StackOverflow, however, it would be interesting to see what the systems engineers thought.

    Read the article

  • how do I create a bidirectional bridge using iptables

    - by Kolzoi
    Setup: I have a samsung LCD TV that is connected via eth0 to a T41 Thinkpad running Ubuntu 10.10 which is wirelessly connected to the home router. I am trying to get Samsung's remote control app working on my iPad but the app won't allow me to put in an ip address and only discovers the tv if it's on the same subnet as the iPad (lame). So I need the laptop to route packets from eth0 to the wireless interface (wlan0), and I need about 3 ports on the wlan0 interface to be forwarded to the samsung tv. Hopefully all this makes sense. I've been messing around with iptables and samsung is now able to access internet via laptop wireless, but mapping from wlan0 back to the samsung tv is eluding me.

    Read the article

  • Restricting output to only allow localhost using iptables

    - by Dave Forgac
    I would like to restrict outbound traffic to only localhost using iptables. I already have a default DROP policy on OUTPUT and a rule REJECTing all traffic. I need to add a rule above that in the OUTPUT chain. I have seen a couple different examples for this type of rule, the most common being: -A OUTPUT -o lo -j ACCEPT and -A OUTPUT -o lo -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT Is there any reason to use the latter rather than the former? Can packets on lo have an address other than 127.0.0.1?

    Read the article

  • High frequency, kernel bypass vs tuning kernels?

    - by Keith
    I often hear tales about High Frequency shops using network cards which do kernel bypass. However, I also often hear about them using operating systems where they "tune" the kernel. If they are bypassing the kernel, do they need to tune the kernel? Is it a case of they do both because whilst the network packets will bypass the kernel due to the card, there is still all the other stuff going on which tuning the kernel would help? So in other words, they use both approaches, one is just to speed up network activity and the other makes the OS generally more responsive/faster? I ask because a friend of mine who works within this industry once said they don't really bother with kernel tuning anymore-because they use kernel bypass network cards? This didn't make too much sense as I thought you would always want a faster kernel for all the CPU-offloaded calculations.

    Read the article

  • How to open a server port outside of an OpenVPN tunnel with a pf firewall on OSX (BSD)

    - by Timbo
    I have a Mac mini that I use as a media server running XBMC and serves media from my NAS to my stereo and TV (which has been color calibrated with a Spyder3Express, happy). The Mac runs OSX 10.8.2 and the internet connection is tunneled for general privacy over OpenVPN through Tunnelblick. I believe my anonymous VPN provider pushes "redirect_gateway" to OpenVPN/Tunnelblick because when on it effectively tunnels all non-LAN traffic in- and outbound. As an unwanted side effect that also opens the boxes server ports unprotected to the outside world and bypasses my firewall-router (Netgear SRX5308). I have run nmap from outside the LAN on the VPN IP and the server ports on the mini are clearly visible and connectable. The mini has the following ports open: ssh/22, ARD/5900 and 8080+9090 for the XBMC iOS client Constellation. I also have Synology NAS which apart from LAN file serving over AFP and WebDAV only serves up an OpenVPN/1194 and a PPTP/1732 server. When outside of the LAN I connect to this from my laptop over OpenVPN and over PPTP from my iPhone. I only want to connect through AFP/548 from the mini to the NAS. The border firewall (SRX5308) just works excellently, stable and with a very high throughput when streaming from various VOD services. My connection is a 100/10 with a close to theoretical max throughput. The ruleset is as follows Inbound: PPTP/1723 Allow always to 10.0.0.40 (NAS/VPN server) from a restricted IP range >corresponding to possible cell provider range OpenVPN/1194 Allow always to 10.0.0.40 (NAS/VPN server) from any Outbound: Default outbound policy: Allow Always OpenVPN/1194 TCP Allow always from 10.0.0.40 (NAS) to a.b.8.1-a.b.8.254 (VPN provider) OpenVPN/1194 UDP Allow always to 10.0.0.40 (NAS) to a.b.8.1-a.b.8.254 (VPN provider) Block always from NAS to any On the Mini I have disabled the OSX Application Level Firewall because it throws popups which don't remember my choices from one time to another and that's annoying on a media server. Instead I run Little Snitch which controls outgoing connections nicely on an application level. I have configured the excellent OSX builtin firewall pf (from BSD) as follows pf.conf (Apple App firewall tie-ins removed) (# replaced with % to avoid formatting errors) ### macro name for external interface. eth_if = "en0" vpn_if = "tap0" ### wifi_if = "en1" ### %usb_if = "en3" ext_if = $eth_if LAN="{10.0.0.0/24}" ### General housekeeping rules ### ### Drop all blocked packets silently set block-policy drop ### all incoming traffic on external interface is normalized and fragmented ### packets are reassembled. scrub in on $ext_if all fragment reassemble scrub in on $vpn_if all fragment reassemble scrub out all ### exercise antispoofing on the external interface, but add the local ### loopback interface as an exception, to prevent services utilizing the ### local loop from being blocked accidentally. ### set skip on lo0 antispoof for $ext_if inet antispoof for $vpn_if inet ### spoofing protection for all interfaces block in quick from urpf-failed ############################# block all ### Access to the mini server over ssh/22 and remote desktop/5900 from LAN/en0 only pass in on $eth_if proto tcp from $LAN to any port {22, 5900, 8080, 9090} ### Allow all udp and icmp also, necessary for Constellation. Could be tightened. pass on $eth_if proto {udp, icmp} from $LAN to any ### Allow AFP to 10.0.0.40 (NAS) pass out on $eth_if proto tcp from any to 10.0.0.40 port 548 ### Allow OpenVPN tunnel setup over unprotected link (en0) only to VPN provider IPs ### and port ranges pass on $eth_if proto tcp from any to a.b.8.0/24 port 1194:1201 ### OpenVPN Tunnel rules. All traffic allowed out, only in to ports 4100-4110 ### Outgoing pings ok pass in on $vpn_if proto {tcp, udp} from any to any port 4100:4110 pass out on $vpn_if proto {tcp, udp, icmp} from any to any So what are my goals and what does the above setup achieve? (until you tell me otherwise :) 1) Full LAN access to the above ports on the mini/media server (including through my own VPN server) 2) All internet traffic from the mini/media server is anonymized and tunneled over VPN 3) If OpenVPN/Tunnelblick on the mini drops the connection, nothing is leaked both because of pf and the router outgoing ruleset. It can't even do a DNS lookup through the router. So what do I have to hide with all this? Nothing much really, I just got carried away trying to stop port scans through the VPN tunnel :) In any case this setup works perfectly and it is very stable. The Problem at last! I want to run a minecraft server and I installed that on a separate user account on the mini server (user=mc) to keep things partitioned. I don't want this server accessible through the anonymized VPN tunnel because there are lots more port scans and hacking attempts through that than over my regular IP and I don't trust java in general. So I added the following pf rule on the mini: ### Allow Minecraft public through user mc pass in on $eth_if proto {tcp,udp} from any to any port 24983 user mc pass out on $eth_if proto {tcp, udp} from any to any user mc And these additions on the border firewall: Inbound: Allow always TCP/UDP from any to 10.0.0.40 (NAS) Outbound: Allow always TCP port 80 from 10.0.0.40 to any (needed for online account checkups) This works fine but only when the OpenVPN/Tunnelblick tunnel is down. When up no connection is possbile to the minecraft server from outside of LAN. inside LAN is always OK. Everything else functions as intended. I believe the redirect_gateway push is close to the root of the problem, but I want to keep that specific VPN provider because of the fantastic throughput, price and service. The Solution? How can I open up the minecraft server port outside of the tunnel so it's only available over en0 not the VPN tunnel? Should I a static route? But I don't know which IPs will be connecting...stumbles How secure would to estimate this setup to be and do you have other improvements to share? I've searched extensively in the last few days to no avail...If you've read this far I bet you know the answer :)

    Read the article

  • routing problems

    - by user174050
    I have an windows 7 laptop and I have installed openvpn 2.2x as client. The laptop has 2 ethernet cards, one of them is wireless. The wireless lan is 192.168.1.0/24 The Fix lan is 192.168.2.0/24 If I connect to the openvpn server useing the Fix lan the I can connect properly and for testing I ping to my openvpn server 10.0.0.1 that answers correctly. But if I connect to the openvpn server useing the wireless lan, I can establish the connection but pinging to the server isn´t possible. The packets goes allways lost. Why can this happen? In an other laptop where windows xp is installed and with the same lan configuratio everything works propperly. In both cases the firewall is configured to access the vnc server and the server directories useing samba. With the XP I have no problems. I will thank you for all help Ignacio

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 52 53 54 55 56 57 58 59 60 61 62 63  | Next Page >