Search Results

Search found 4786 results on 192 pages for 'traffic shaping'.

Page 62/192 | < Previous Page | 58 59 60 61 62 63 64 65 66 67 68 69  | Next Page >

  • Measuring cumulative network statistics per user or per process

    - by zsimpson
    I've been googling for hours -- Under Linux I want to know the cumulative bytes sent and received by user or by process over all ip protocols. The best I've found in my searches is that it's possible to use iptables to mark packets for a user, for example: iptables -t mangle -A OUTPUT -p tcp -m owner --uid-owner test -j MARK --set-mark 1 It appears that "tc" can then shape traffic with that but I just want the statistic -- I don't want to shape the traffic. I want something like: "user U has transmitted used XMB since time Y". I can't figure out how to get statistics from these marked packets. Also, I've looked at nethogs but they seem to be measuring the instantaneous flow and I need cumulative counts. Anyone have ideas?

    Read the article

  • SSH Socks Proxy wiith iptables REDIRECT

    - by Radium
    I have googled and haven`t found the answer on my question. Help me please. There are two servers: serverA with public IP 12.0.0.10 and an private IP 10.0.0.5 serverB with public IP 20.0.0.11 I have setup SOCKS proxy on serverB to serverA: ssh -D20.0.0.11:2222 [email protected] So when on my local machine in a browser i specify SOCKS proxy 20.0.0.11:2222 (serverB:2222) as external IP while browsing i get 12.0.0.10 (serverA IP). That is ok. As well if i go onto http://10.0.0.5 (serverA private IP) it is also reachable. That is what i need. I want to make servers A private IP to be available through servers B public IP on certain ports but without specifying SOCKS in my browser. I could use ssh port forward but the problem is - i need to forward many ports and do not know which exactly - i know only the range. So when i connect to 20.0.0.11 to any port , for example, from 3000:4000 range, i want that traffic to be redirected to 10.0.0.5 on the same port. That is why i`ve decided maybe SOCKS proxy via SSH and iptables REDIRECT could help me. Client - serverBPublicIP (any port from range 3000:4000) - serverAPublicIP - serverAPrivateIP (the port was requested on serverBPublicIP) On serverB i do: ssh -D20.0.0.11:2222 [email protected] iptables -t nat -A PREROUTING -d 20.0.0.11 -p tcp --dport 3000:4000 -j REDIRECT --to-port 2222 But that does not work - when i telnet on 20.0.0.11:3001 for example i do not see any proxied traffic on the serverA. What should i do else? I have tried tcpsocks like this (in example i am telneting to 20.0.0.11:3001) Client -> 20.0.0.11:3001 -> iptables REDIRECT from 3001 --to-port 1111 -> tcpsocks from 1111 to 2222 -> SOCKS proxy from serverB to serverA on port 2222 -> serverA But i do not know what to do with the traffic on serverA. How to route it to its private IP. Help me please. I know, VPN removes all the hell i am trying to create, but i have no ability to use tun/tap device. It is disabled.

    Read the article

  • Firewalling a Cisco ASA Split tunnel

    - by dunxd
    I have a Cisco ASA 5510 at head office, and Cisco ASA 5505 in remote offices. The remote offices are connected over a split tunnelled VPN - the ASA 5505s use "Easy VPN" Client type VPN in Network Extension Mode (NEM). I'd like to set firewall rules for the non-tunnelled traffic only. Traffic over the VPN to head office should not have any firewall rules applied. I might want to apply different firewall rules to different remote offices. All the documentation I have been able to find assumes the Client VPN is a software endpoint, and all the configuration is done at the 5510. When using a Cisco 5505 as the VPN client, is it possible to configure any firewalling at the Client end, or does it all have to come from the 5510? Are there any other issues to look out for when split-tunnelling a VPN by this method?

    Read the article

  • multiple vlans routed on one nic? trunk?General? or Access?

    - by Aceth
    ok for the last week I've tried racking my head around this... I have a SRW208P with 802.1q support, and a virtual endian appliance. I would like to be able to have 3 vlans having everything routed through the endian appliance.. i.e. The Virtual server has 2 bridged NIC's to the switch. This is where I'm getting confused .. On the 8 port switch I've got the 3 vlans set up ok (all being untagged as they are not going to be vlan aware), it's the port I'm connecting the endian firewall to the switch I'm having trouble with (second nic goes to the adsl modem and NAT'd) Is it meant to be a trunk, "Genereal" or "Access" then untagged or tagged? the end goal is to have vlan traffic routing through the single NIC and have endian route vlan traffic according to the rules. Any one have any ideas on the cisco small business stuff? Thanks

    Read the article

  • On Mikrotik RouterOS, is it possible to get Netflow information from a bridged connection?

    - by Tim
    I have a RouterOS box set up to bridge two ethernet connections. I have use-ip-firewall=yes in the bridge configuration, so that the ports go through the firewall. I've enabled netflow reporting via ip/traffic-flow, but the only packets I see reported are broadcast and multicast packets, not the packets that are flowing through the bridge. The documentation indicates that traffic flow logging happens after firewall processing and that it won't work with bridged connections by default, but I would have thought that use-ip-firewall=yes ought to address this. Is it possible to make this work somehow?

    Read the article

  • IIS Reverse Proxy support for multiple protocols

    - by Abraxas
    I have a server 2012 machine running IIS. It's in my DMZ and I would like to use it to do reverse proxy for several services. I can get it to route traffic on port 80 to 2 separate internal servers running web apps but there are some issues when I try to forward SSH (not port 80/443) and then when I try to forward OWA (Micrsoft exchange's 'webmail' services) to the internal mail server I run in to issues with guides (like this: http://blogs.technet.com/b/exchange/archive/2013/07/19/reverse-proxy-for-exchange-server-2013-using-iis-arr-part-1.aspx) when they say to have all traffic forwarded to the server farm created for OWA. My question for you all is this - given that there is no more Threat Management Gateway (only runs on server 2008) and ISA 2006 is also dead - is it possible to support multiple types of reverse proxies with different protocols (ftp, ssh, web, ssl-web) in IIS, or would it be better to install a different DMZ OS like a nginx server and use linux firewalls + nginx reverse proxy? Thanks for any help!

    Read the article

  • Dual-WAN router

    - by aix
    I am looking for a router that would fit the following requirements: Two WAN interfaces: the primary is PPPoE, the secondary will link to a GigE port on another router (a 100Mbps link will suffice); Two (ideally four) GigE LAN ports; No requirement for a firewall; No requirement for Wi-Fi; Inexpensive. The plan for the two WAN interfaces is as follows. All outbound traffic will go to the primary, with exceptions based on destination IP/subnet or possibly on src+dest IPs/subnets. Such exceptions should be routed to the secondary. It would be very nice if, should the primary go down, the secondary would automatically take over for all outbound traffic. I am reasonably sure that I can put something together based on dd-wrt. However, I'd like to hear from you what alternatives are out there (especially something easier to set up for my use case, even if it means paying more for the hardware.)

    Read the article

  • Finding a private (NAT) host's IP using historic destination data

    - by l0c0b0x
    The issue: An unknown private (NAT) client is infected with malware and it's trying to access a Bot server at random times/dates. How we know about this: We receive bot traffic notices/alerts from REN-ISAC. Unfortunately, we don't receive those until the next day after it has happened. What they provide to us is: The source address (of the firewall) The destination addresses (it varies, but they're going to network subnet allocated to a German ISP) The source port (which varies--dynamic ports). Question: What would be the best approach to finding this internal host (historically) with a Cisco ASA as firewall? I'm guessing blocking anything to the destination address(es), and logging that type of traffic/access might allow me to find the source host, but I'm not sure which tool/command would be the most useful. I've seen Netflow thrown into a few responses when it comes to logging, but I'm confused with it's association of Logging, NAL, and nBAR, and how they relate to Netflow.

    Read the article

  • Solaris TCP/IP performance tuning

    - by Andy Faibishenko
    I am trying to tune a high message traffic system running on Solaris. The architecture is a large number (600) of clients which connect via TCP to a big Solaris server and then send/receive relatively small messages (.5 to 1K payload) at high rates. The goal is to minimize the latency of each message processed. I suspect that the TCP stack of the server is getting overwhelmed by all the traffic. What are some commands/metrics that I can use to confirm this, and in case this is true, what is the best way to alleviate this bottleneck? PS I posted this on StackOverflow originally. One person suggested snoop and dtrace. dtrace seems pretty general - are there any additional pointers on how to use it to diagnose TCP issues?

    Read the article

  • iptables question

    - by RubyFreak
    i have a small network, with one valid IP and a firewall with 3 network interfaces (LAN, WAN, DMZ). I want to enable PAT on this valid IP to redirect http traffic to a server in my DMZ. (done) I want to enable MASQ on this ip from traffic that comes from my LAN (done) I want from my LAN as well to access my http server at DMZ. (partially) Question: in the above scenario, i cannot from my LAN, to access my http server in the DMZ, since it has the IP used by the MASQ (the only valid ip that i have). What would be the best option to solve this problem? network interfaces: eth0 (WAN) eth1 (DMZ) eth2 (LAN) /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE /sbin/iptables -A FORWARD --o eth1 -d 2.2.2.2 -p tcp --dport 80 -j ACCEPT /sbin/iptables -t nat -A PREROUTING -i eth0 -d 1.1.1.1 -p tcp --dport 80 -j DNAT --to 2.2.2.2 /sbin/iptables -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT /sbin/iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT /sbin/iptables -A FORWARD -i eth2 -o eth0 -j ACCEPT

    Read the article

  • trying to understand how Linux /etc/hosts file works with local and external IP addresses

    - by gkdsp
    Let's say I have a Linux server with an external IP of 123.456.789.012 and a local IP of 192.168.0.1. If it's /etc/hosts file looks like, for example, 123.456.789.012 host2.mydomain.com 192.168.0.1 host2.mydomain.com When an application on the server generates traffic to send using host2.mydomain.com, how does the server know whether to use the local or external IP address (since the same host name shows two IP addresses)? Or, does it need something additional than what I've presented here to decide this? Or, does it just sent it out as host2.mydomain.com and let the receiving end deal with it (if so, how to make sure traffic intended for local network indeed goes to local network)?

    Read the article

  • Munin Aggregate Graphs from several servers

    - by Sparsh Gupta
    I am using DNS round robin load balancing and have divided my total traffic onto multiple servers. Each server does around 300-400req/second but I am interested in having an aggregate graph telling me the TOTAL of all requests per second served by our architecture. Is there any way I can do this. Right now each graph in Munin comes as a separate graph as they depict things on one server. I am using configuration as follow which doesn't work doesnt work for me, does this configuration got errors? [TRAFFIC.AGGREGATED] update no requests.graph_title nGinx requests requests.graph_vlabel nGinx requests per second requests.draw LINE2 requests.graph_args --base 1000 requests.graph_category nginx requests.label req/sec requests.type DERIVE requests.min 0 requests.graph_order output requests.output.sum \ lb1.visualwebsiteoptimizer.com:nginx_request_lb1.visualwebsiteoptimizer.com_request.request \ lb3.visualwebsiteoptimizer.com:nginx_request_lb2.visualwebsiteoptimizer.com_request.request \ lb3.visualwebsiteoptimizer.com:nginx_request_lb3.visualwebsiteoptimizer.com_request.request

    Read the article

  • Iptables NAT logging

    - by Gerard
    I have a box setup as a router using Iptables (masquerade), logging all network traffic. The problem: Connections from LAN IPs to WAN show fine, i.e. SRC=192.168.32.10 - DST=60.242.67.190 but for traffic coming from WAN to LAN it will show the WAN IP as the source, but the routers IP as the destination, then the router - LAN IP. I.e. SRC=60.242.67.190 - DST=192.168.32.199 SRC=192.168.32.199(router) - DST=192.168.32.10 How do I configure it so that it logs the conversations correctly? SRC=192.168.32.10 - DST=60.242.67.190 SRC=60.242.67.190 DST=192.168.32.10 Any help appreciated, cheers

    Read the article

  • Converge Voice and Data networks using Sonicwall

    - by skinneejoe
    We are looking to converge VOIP and Data traffic onto a single wire so that our client's VOIP phones pass data through to the users computer. We are specing out a new Sonicwall NSA appliance to handle routing functions and layer 2 switches to manage VLANS. Not a huge network, medium sized. What should I know about converging the networks onto a single wire? Obviously I'll want to prioritize voice traffic, is this handled solely in the Sonicwall with QoS configurations or do the layer 2 switches need to be configured differently? Any other pitfalls I should be aware of, or any good resources for learning more?

    Read the article

  • Optimal way to make MySQL backups for fairly large databases (MyISAM / InnoDB)

    - by WinkyWolly
    Currently we have one beefy MySQL database that runs a couple of high traffic Django based websites as well as some e-commerce websites of decent size. As a result we have a fair amount of large databases using both InnoDB and MyISAM tables. Unfortunately we've recently hit a wall due to the amount of traffic so I've setup another master server to help alleviate reads / backups. Now at the moment I simply use mysqldump with a few arguments and it's proven to be fine.. until now. Obviously mysqldump is a slow quick method however I believe we've outgrown its use. I now need a good alternative and have been looking into utilizing Maatkits mk-parallel-dump utility or an LVM snapshot solution. Succinct short version: I have a fairly large MySQL databases I need to backup Current method using mysqldump is inefficient and slow (causing issues) Looking into something such as mk-parallel-dump or LVM snapshots Any recommendations or ideas would be appreciated - since I have to re-do how we're doing things I rather have it done properly / most efficient :).

    Read the article

  • Is it possible to combine two internet connections to increase performance?

    - by cornjuliox
    I've got a small home network, 3 PCs plus a laptop or two when the relatives come to visit, connected to a single cable internet connection. Now, as soon as everyone starts using the 'net the performance starts to suffer and if the load is heavy enough nobody can get anything done and everyone complains. At one point it was so bad that only one of us could use it at a time. I was researching possible solutions to this problem and I heard that internet cafes that utilize 2 internet connections, possibly from different providers, and have some sort of router that allows them to split the traffic between the both of them, with online games going through one and web traffic going through another. Is this possible? What is the technical term for it, and can/should it be applied to a home network setup or is there another solution to this problem?

    Read the article

  • Security of a free public VPN service

    - by Mark Belli
    I just started using VPNBOOK, which is a (very efficent) free VPN solution. I have a question: VPNBOOK user and pass used to connect to their vpn network are publicily available on their homepage; everybody uses them to connect to the vpn. Can a user intercept my wifi traffic and: Understand that my connections are directed to VPNBOOK servers. If point 1 is successful, then they could use VPNBOOK public user and pass to decrypt my traffic? I hope I am missing something, otherwise it would be a very big weakness and I would revert to a paid service (with a private account)

    Read the article

  • Website hosted on IIS is not accessbile

    - by Tola Odejayi
    I have two sites set up in IIS on a remote machine RM; one on regular port 80, and the other on port 5773. From my local machine LM, I can access the site on 80, but I cannot access the one on 5773; I get a status code of 502 and an error code of 10060 (A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond) when I try to do this. I can access the 5773 site via IIS when I am logged into RM (i.e. by right clicking on a page on the site and going 'Browse'). I can also access pages on the 5773 site via a browser, again when I am logged into RM. I just can't do the same via a browser when I am logged into LM. I have ensured that port 5773 is open for outgoing traffic on LM. Could the problem be that I also need to ensure that port 5773 is open for inbound traffic on RM?

    Read the article

  • Browser not parsing PAC file properly?

    - by mfinni
    I have a long PAC file. The browser(s) (IE and Chrome) are configured to use it and it generally does what it says on the tin. I have a domain that continues to go through the proxy although it should be going direct. // Match specific hosts and IPs entered as hosts if (buncha stuff || shExpMatch(host,"(*.newmarketinc.com)") || shExpMatch(host,"(newmarketinc.com)") || buncha stuff ) return "DIRECT"; Pactester shows that anything in the domain should be direct. h:\pacparser\pactester.exe -p h:\pacfile -u http://daas.newmarketinc.com DIRECT But we continue to pass traffic to hosts in this domain via the proxy. Wireshark and Fiddler both show this. How do i figure out how my browser has gotten brain-damage? Traffic to other sites in this stanza does properly go direct, as confirmed by Fiddler and Wireshark.

    Read the article

  • Dial-in VPN Routing issue when on 192.168.x.x network range

    - by Ian
    I'm not an expert on networks but have a small office on the 192.168.x.x. range which is managed by a vigor (2800) router. I have enabled the VPN dial-in option on the router so I can get to the server on 192.168.1.100 which works fine from my macbook when i'm NOT on a local network with that is on the 192.168.x.x range. e.g. works fine when I tether over my Android smartphone but when I try & connect when on my home network, it connects, I can access the router (192.168.1.1) but cannot access 192.168.1.100 - traceroute doesn't hop via 192.168.1.1 I have enabled "send all traffic over VPN connection but again, not joy... Feels like the osx platform isn't routing the traffic out to the vpn endpoint as the destination address is on the local subnet but expect it would be. This work fine on a windows PC on the same home network. Any thoughts on what the issue could be?

    Read the article

  • Linux QoS: bulk data transmission during idle times

    - by syneticon-dj
    How would I do a QoS setup where a certain low-priority data stream would get up to X Mbps of bandwidth, but only if the current total bandwidth (of all streams/classes) on this interface does not exceed X? At the same time, other data streams / classes must not be limited to X. The use case is an ISP billing the traffic by calculating the bandwidth average over 5 minute intervals and billing the maximum. I would like to keep the maximum usage to a minimum (i.e. quench the bulk transfer during interface busy times) but get the data through during idle/low traffic times. Looking at the frequently used classful schedulers CBQ, HTB and HSFC I cannot see a straightforward way to accomplish this.

    Read the article

  • Are there other application layer firewalls like Microfot TMG (ISA) that do advanced http rules?

    - by Bret Fisher
    Since the old days ISA and now TMG have had several great features that I often want to deploy to my customers because of the enhanced functionality and security, but often the cost of an additinal server HW, Windows Server, and TMG license is too much to justify when compaired to a $300-500 appliance. Are there other gateway firewalls that can perform one or more of these application layer features: pre-auth incoming http traffic against AD/LDAP before sending packets to internal server (forms auth or basic creds popup)? read host headers of incoming http traffic (even on https) to a single public IP and route packets to different internal servers based on that host header?

    Read the article

  • Virtualbox - routing subnet to bridge adapters

    - by user42384
    Hello, I have set up a Debian Lenny box with 3 vbox Lenny machines running eth0 of the host in bridged mode (on virtualbox 3.1.6). When testing in my local LAN, this all worked perfectly well and traffic flowed to and from the IPs of the virtual machines as it should. However, now that it's in its co-lo home, the networking setup is a bit different, and I'm unable to get traffic to flow to the vboxes properly. Specifically, the host has its own Primary IP, and I have a separate subnet of 8 (6 usable) IPs routed to the box for use by the vboxes. So, eth0 on host is: Machine IP: 2x.x.x.137 Gateway IP: 2x.x.x.138 Subnet Msk: 255.255.255.252 Subnet for vboxes is Subnet: 2x.x.x.240/29 Netmask: 255.255.255.248 vbox1 is configured to 2x.x.x.241 on eth0 as follows: auto eth0 iface eth0 inet static address 2x.x.x.241 netmask 255.255.255.248 Setting up a virtual interface (eth0:0) on the host with one of these subnet IPs allows me to ping to that address only from vbox1, and it allows me to ping vbox1 from the host. I can also ping that virtual interface perfectly well from outside, so the IPs are definitely landing at my machine. It seems I'm missing some sort of routing instruction either on the host or vbox1 to get traffic moving between the subnet and the default gateway, but I can't seem to figure out what it should be, or what glaringly obvious thing i'm missing. Most of my obvious attempts (the gw of eth0, the ip of eth0) were rejected by route command with SIOCADDRT: No such device (eg - i can't find it). I tried setting vbox1 to bridge on eth0:0, but this was not an acceptable device name and VBoxHeadless refused to start. The physical machine does have an unused physical NIC at eth1 that can be used if necessary for something or other. Host machine is running iptables configured by ferm, have experimented with it allowing forwarding for that subnet, but I wouldn't have thought this was necessary given the nature of the virtualbox devices (nor did it actually work). Clearing out all of these rules for a blank iptables set does not resolve the issue. (you can see ferm generated iptables at http://codedumper.com/ojaze) Thanks for any help you can give... Patrick

    Read the article

  • SharePoint 2010 MySites - Simple explanation needed!

    - by Chris W
    I've been playing around with the 2010 beta for a couple of weeks, experimenting with topology options etc. I think I've got myself totally confused as to how it works hence if there's any SP experts out there that can explain things in simple terms for me I'd appreciate it! I want to setup a farm with 3 servers providing the content & MySites. I presume that the way to do this is to load balance or DNS round robin traffic between the 3 servers. The bit where I'm confused is that My Site Settings page asks for a specific My Site Host hence all my site traffic will be pushed to a single server even though we have 3 in the farm. If this hosts fails I presume MySites will be unavailable. Is this right? How do I configure it so that access to MySites is load balanced across the 3 servers in the farm?

    Read the article

  • configure vpn so that it is not the preferred route

    - by pstanton
    Hi all, I recently re-installed XP on my PC. I had a vpn set up on the old system and remember being advised to change one setting so that it wasn't the preferred route for all network traffic. This was ideal as only connections to the target network would be made through the vpn and all normal traffic would go through the regular path unmolested. i remember thinking "why isn't this the default setting!?". now i've formatted my drive and lost the config for that vpn (besides host, username, passwd). does anyone know of the setting i'm referring to? thanks, paul.

    Read the article

< Previous Page | 58 59 60 61 62 63 64 65 66 67 68 69  | Next Page >