Search Results

Search found 6499 results on 260 pages for 'drop shadow'.

Page 64/260 | < Previous Page | 60 61 62 63 64 65 66 67 68 69 70 71  | Next Page >

  • Centos IPTables configuration for external firewall

    - by user137974
    Current setup Centos which is a Web, Mail (Postfix,Dovecot), FTP Server and Gateway with public ip and private ip (for LAN Gateway). We are planning to implement external firewall box and bring the server to LAN Please guide on configuring IPTables... Unable to receive mail and outgoing mail stays in postfix queue and is sent after delaying... The local ip of the server is 192.168.1.220 iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT DROP incoming HTTP iptables -A INPUT -i eth0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -o eth0 -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT iptables -A INPUT -i eth0 -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -o eth0 -p tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT outgoing HTTP iptables -A OUTPUT -o eth0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -i eth0 -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT FTP iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d 192.168.1.220 --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -p tcp -s 192.168.1.220 --sport 21 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d 192.168.1.220 --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A OUTPUT -p tcp -s 192.168.1.220 --sport 1024:65535 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT SMTP iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d 192.168.1.220 --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -p tcp -s 192.168.1.220 --sport 25 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT iptables -A OUTPUT -p tcp -s 192.168.1.220 --sport 1024:65535 -d 0/0 --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp -s 0/0 --sport 25 -d 192.168.1.220 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT POP3 iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d 192.168.1.220 --dport 110 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -p tcp -s 192.168.1.220 --sport 110 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT

    Read the article

  • iptables configuration to work with apache2 mod_proxy

    - by swdalex
    Hello! I have iptables config like this: iptables -F INPUT iptables -F OUTPUT iptables -F FORWARD iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -P FORWARD DROP iptables -A INPUT -p tcp --dport 22 -j ACCEPT iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT iptables -A INPUT -p tcp --dport 80 -j ACCEPT iptables -A OUTPUT -p tcp --sport 80 -j ACCEPT iptables -A INPUT -p tcp --dport 443 -j ACCEPT iptables -A OUTPUT -p tcp --sport 443 -j ACCEPT Also, I have apache virtual host: <VirtualHost *:80> ServerName wiki.myite.com <Proxy *> Order deny,allow Allow from all </Proxy> ProxyPass / http://localhost:8901/ ProxyPassReverse / http://localhost:8901/ <Location /> Order allow,deny Allow from all </Location> </VirtualHost> My primary domain www.mysite.com is working well with this configuration (I don't use proxy redirect on it). But my virtual host wiki.mysite.com is not responding. Please, help me to setup iptables config to allow wiki.mysite.com working too. I think, I need to setup iptables FORWARDING options, but I don't know how. update: I have 1 server with 1 IP. On server I have apache2.2 on 80 port. Also I have tomcat6 on 8901 port. In apache I setup to forwarding domain wiki.mysite.com to tomcat (mysite.com:8901). I want to secure my server by disabling all ports, except 80, 22 and 443.

    Read the article

  • Samba server NETBIOS name not resolving, WINS support not working

    - by Eric
    When I try to connect to my CentOS 6.2 x86_64 server's samba shares using address \\REPO (NETBIOS name of REPO), it times out and shows an error; if I do so directly via IP, it works fine. Furthermore, my server does not work correctly as a WINS server despite my samba settings being correct for it (see below for details). If I stop the iptables service, things work properly. I'm using this page as a reference for which ports to use: http://www.samba.org/samba/docs/server_security.html Specifically: UDP/137 - used by nmbd UDP/138 - used by nmbd TCP/139 - used by smbd TCP/445 - used by smbd I really really really want to keep the secure iptables design I have below but just fix this particular problem. SMB.CONF [global] netbios name = REPO workgroup = AWESOME security = user encrypt passwords = yes # Use the native linux password database #passdb backend = tdbsam # Be a WINS server wins support = yes # Make this server a master browser local master = yes preferred master = yes os level = 65 # Disable print support load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes # Restrict who can access the shares hosts allow = 127.0.0. 10.1.1. [public] path = /mnt/repo/public create mode = 0640 directory mode = 0750 writable = yes valid users = mangs repoman IPTABLES CONFIGURE SCRIPT # Remove all existing rules iptables -F # Set default chain policies iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT DROP # Allow incoming SSH iptables -A INPUT -i eth0 -p tcp --dport 22222 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -o eth0 -p tcp --sport 22222 -m state --state ESTABLISHED -j ACCEPT # Allow incoming HTTP #iptables -A INPUT -i eth0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT #iptables -A OUTPUT -o eth0 -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT # Allow incoming Samba iptables -A INPUT -i eth0 -p udp --dport 137 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -o eth0 -p udp --sport 137 -m state --state ESTABLISHED -j ACCEPT iptables -A INPUT -i eth0 -p udp --dport 138 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -o eth0 -p udp --sport 138 -m state --state ESTABLISHED -j ACCEPT iptables -A INPUT -i eth0 -p tcp --dport 139 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -o eth0 -p tcp --sport 139 -m state --state ESTABLISHED -j ACCEPT iptables -A INPUT -i eth0 -p tcp --dport 445 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -o eth0 -p tcp --sport 445 -m state --state ESTABLISHED -j ACCEPT # Make these rules permanent service iptables save service iptables restart**strong text**

    Read the article

  • Allow access from outside network with dmz and iptables

    - by Ivan
    I'm having a problem with my home network. So my setup is like this: In my Router (using Ubuntu desktop v11.04), I installed squid proxy as my transparent proxy. So I would like to use dyndns to my home network so I could be access my server from the internet, and also I installed CCTV camera and I would like to enable watching it from internet. The problem is I cannot access it from outside the net. I already set DMZ in my modem to my router ip. My first guess is because i'm using iptables to redirect all inside network to use squid. And not allow from outside traffic to my inside network. Here is my iptables script: #!/bin/sh # squid server IP SQUID_SERVER="192.168.5.1" # Interface connected to Internet INTERNET="eth0" # Interface connected to LAN LAN_IN="eth1" # Squid port SQUID_PORT="3128" # Clean old firewall iptables -F iptables -X iptables -t nat -F iptables -t nat -X iptables -t mangle -F iptables -t mangle -X # Load IPTABLES modules for NAT and IP conntrack support modprobe ip_conntrack modprobe ip_conntrack_ftp # For win xp ftp client #modprobe ip_nat_ftp echo 1 > /proc/sys/net/ipv4/ip_forward # Setting default filter policy iptables -P INPUT DROP iptables -P OUTPUT ACCEPT # Unlimited access to loop back iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT # Allow UDP, DNS and Passive FTP iptables -A INPUT -i $INTERNET -m state --state ESTABLISHED,RELATED -j ACCEPT # set this system as a router for Rest of LAN iptables --table nat --append POSTROUTING --out-interface $INTERNET -j MASQUERADE iptables --append FORWARD --in-interface $LAN_IN -j ACCEPT # unlimited access to LAN iptables -A INPUT -i $LAN_IN -j ACCEPT iptables -A OUTPUT -o $LAN_IN -j ACCEPT # DNAT port 80 request comming from LAN systems to squid 3128 ($SQUID_PORT) aka transparent proxy iptables -t nat -A PREROUTING -i $LAN_IN -p tcp --dport 80 -j DNAT --to $SQUID_SERVER:$SQUID_PORT # if it is same system iptables -t nat -A PREROUTING -i $INTERNET -p tcp --dport 80 -j REDIRECT --to-port $SQUID_PORT # DROP everything and Log it iptables -A INPUT -j LOG iptables -A INPUT -j DROP If you know where did I miss, please advice me. Thanks for all your help and I really appreciate it.

    Read the article

  • Flushing iptables broke my pipe, how can I save my instance?

    - by Niels
    I was setting up my iptables when I performed a iptables -F and my ssh pipe broke. This is the last output of my session: root@alfapaints:~# iptables -L Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT tcp -- anywhere anywhere state NEW,ESTABLISHED tcp dpt:2222 ACCEPT tcp -- li465-68.members.linode.com anywhere state NEW,ESTABLISHED tcp dpt:nrpe ACCEPT tcp -- anywhere anywhere tcp dpt:9200 state NEW,ESTABLISHED ACCEPT tcp -- anywhere anywhere tcp dpt:http state NEW,ESTABLISHED ACCEPT udp -- anywhere anywhere udp spt:domain Chain FORWARD (policy DROP) target prot opt source destination Chain OUTPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT tcp -- anywhere anywhere state ESTABLISHED tcp spt:2222 ACCEPT tcp -- anywhere anywhere state ESTABLISHED tcp spt:nrpe ACCEPT tcp -- anywhere anywhere tcp spt:9200 state ESTABLISHED ACCEPT tcp -- anywhere anywhere tcp spt:http state ESTABLISHED ACCEPT udp -- anywhere anywhere udp dpt:domain root@alfapaints:~# iptables -F Write failed: Broken pipe I tested my connection just before and I was able to connect with ssh. Now I did a nmap scan and not a single port is open anymore. I know my VPS is running on VMWare ESXi, could a reboot help? Or if not could I attach and mount the disk to another vm to save the data? Does anybody have some advise? And maybe an explanation what happend or what could have cause my pipe to break? ps: I didn't save my rules on the config directories of iptables. But used a file I stored in ~/rules.config to apply my rules like this: iptables-restore < rules.config So probably a reboot would help? Thanks a lot in advance.

    Read the article

  • Verizon 4G LTE vs. a LAN

    - by n8wrl
    I have been having quite a bit of trouble getting my new Verizon 4G-LTE service running on a Windows 7 desktop. My desktop is on a LAN here at home with two other PC's. We all share printers, files, media, etc. Until yesterday, we also shared a Verizon 3G modem via a NetGear 3G broadband WAP. That isn't compatible with the 4G so now I am just trying to get the 4G modem working directly connected to one of the desktops. After some USB wrangling, it seems to work. Except, every 7-10 minutes the connection would drop. After some time on the phone with a very nice Verizon technician, it seems to be staying up - it's been up for 20 minutes now. He told me that my LAN was causing the 4G to drop. That traffic on my LAN, even though it is not destined for the internet (ICS not working yet) was causing the cell tower to detect an 'IP change' and a 'security violation' in my modem and drop my connection. Is this Verizon's way of forbidding more than one computer to share a modem? I have my computer running now without a LAN connection and the 4G is still up. But this isn't practical. Has anyone heard of this?

    Read the article

  • How do I format a text file for IIS Mailroot Pickup so that it sends an e-mail with attachments?

    - by Ben McCormack
    How do I need to format a text file so that it can be read by an SMTP service to send an e-mail that has an attachment? We have a server where we are using II6 SMTP to send mail from a Pickup folder. The goal is to drop a properly formatted text file into Mailroot\Pickup and then the file will be automatically processed and sent to the correct SMTP recipient. For simple files, this works correctly. Here's an example of a simple file that works (domain names changed): From:[email protected] To:[email protected] Subject:Hello World! Test Body Of The E-mail When I drop a text file containing the above contents into the Mailroot\Pickup folder, it sends correctly. However, I haven't been able to figure out how to get an attachment to work. I found some material that explained how to encode an SMTP attachment and another tool for simple base64 encoding conversion. Using the information on those pages, I came up with the following text: From:[email protected] To:[email protected] Subject:Hello World! MIME-Version: 1.0 Content-Type: text/plain; boundary="Attached" Content-Disposition: inline; --Attached Content-Transfer-Encoding: base64 Content-Type: text/plain; name="attachment.txt" Content-Disposition: attachment; filenamename="attachment.txt" VGhpcyBpcyBhIHRlc3Qgb2Ygc29tZXRoaW5nIHRvIGVuY29kZS4NCk5ldyBsaW5lDQpOZXcgTGlu ZQ0KIkhlbGxvdyIgISEhDQo9PT09ICcgZnNkZnNkZiAxMjM1NDU2MzQzNA== --Attached-- However, when I place the above text in a file and drop it into Mailroot\Pickup, it doesn't send an attachment correctly. Instead, an e-mail shows up with the following in the body of the e-mail: MIME-Version: 1.0 Content-Type: text/plain; boundary="Attached" Content-Disposition: inline; --Attached Content-Transfer-Encoding: base64 Content-Type: text/plain; name="attachment.txt" Content-Disposition: attachment; filenamename="attachment.txt" VGhpcyBpcyBhIHRlc3Qgb2Ygc29tZXRoaW5nIHRvIGVuY29kZS4NCk5ldyBsaW5lDQpOZXcgTGlu ZQ0KIkhlbGxvdyIgISEhDQo9PT09ICcgZnNkZnNkZiAxMjM1NDU2MzQzNA== --Attached-- I can't figure out what I need to do to format the text file so that the SMTP service correctly sends attachments.

    Read the article

  • Shorewall log question.

    - by Shikoru
    I have been getting various attempts to connect to ports on my shorewall firewall. The ports that I keep seeing connection attempts at are tcp 44444, tcp 44446, udp 55555 and every now and then some slight variation. I ran "netstat -a" and did not see anything listening on those ports. Is this something that I should be worried about or is it just some rouge computers out there? I have noticed alot of the ip addresses are from Spain and Mexico. May 25 18:39:35 Takkun kernel: [62516.626514] Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=00:d0:b7:65:d4:13:34:ef:xx:xx:xx:81:08:00 SRC=200.124.9.113 DST=72.xxx.xxx.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=112 ID=51796 DF PROTO=TCP SPT=2071 DPT=44446 WINDOW=16384 RES=0x00 SYN URGP=0 May 25 18:39:52 Takkun kernel: [62535.433285] Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=00:d0:b7:65:d4:13:34:ef:xx:xx:xx:81:08:00 SRC=72.50.95.174 DST=72.xxx.xxx.xxx LEN=90 TOS=0x00 PREC=0x00 TTL=105 ID=31130 PROTO=UDP SPT=59505 DPT=55555 LEN=70 May 25 18:40:05 Takkun kernel: [62548.963413] Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=00:d0:b7:65:d4:13:34:ef:xx:xx:xx:81:08:00 SRC=77.12.37.1 DST=72.xxx.xxx.xxx LEN=90 TOS=0x00 PREC=0x00 TTL=108 ID=9585 PROTO=UDP SPT=20401 DPT=55555 LEN=70 That is the jist of what im seeing.

    Read the article

  • SharePoint, Exchange and Incoming Emails Without Directory Management Services

    - by Nariman
    Trying to keep this as simple as possible. We've already created the email accounts that we need (e.g. account[1-20]@domain.com) on Exchange/AD. We'd like to now enable incoming emails on SharePoint 2007 lists corresponding to these accounts. My thinking is we don’t need to configure Directory Management Services [2] – the architecture will be simpler without it and the application doesn’t require these services. However, we still need to route messages from Exchange to either local SMTP services (via the connector described in the articles below) or by user-specific drop-folder settings (if permitted by Exchange). So the question is: can we instruct Exchange to use a drop folder just for accounts account[1-20]@domain.com? or do we need to change the accounts to account[1-20]@sharepointsmtp.domain.com and re-route those message to the local SMTP service that will drop them on disk? I've read the material below. [1] - http://www.combined-knowledge.com/Downloads/2007/How%20to%20configure%20Email%20Enabled%20Lists%20in%20Moss2007%20RTM%20using%20Exchange%202007.pdf http://social.msdn.microsoft.com/Forums/en/sharepointdevelopment/thread/91e0c3d2-afe6-469d-b1bc-6ae7a9aa287e http://gj80blogtech.blogspot.com/2009/12/configure-incoming-email-setting-in.html http://www.jasonslater.co.uk/2007/08/10/configuring-incoming-mail-on-moss-2007-and-exchange-2007/ http://technet.microsoft.com/en-us/library/cc262947%28office.12%29.aspx http://technet.microsoft.com/en-us/library/cc263260%28office.12%29.aspx [2] – http://graycloud.com/sharepoint/incoming-mail-configuration-what-permissions-are-require-t39483.html

    Read the article

  • How to access a port via OpenVpn only

    - by Andy M
    I've set up an openvpn server alongside an apache website that can only be accessed on port 8100 on the same machine. My /etc/openvpn/server.conf file looks like this: port 1194 proto tcp dev tun ca ./easy-rsa2/keys/ca.crt cert ./easy-rsa2/keys/server.crt key ./easy-rsa2/keys/server.key # This file should be kept secret dh ./easy-rsa2/keys/dh1024.pem # Diffie-Hellman parameter server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt # make sure clients can still connect to the internet push "redirect-gateway def1 bypass-dhcp" keepalive 10 120 comp-lzo persist-key persist-tun status openvpn-status.log verb 3 Now I tried to let only clients connected to the vpn network access the website on apache via port 8100. So I defined a few iptables rules: #!/bin/sh # My system IP/set ip address of server SERVER_IP="192.168.0.2" # Flushing all rules iptables -F iptables -X # Setting default filter policy iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -P FORWARD DROP # Allow incoming access to port 8100 from OpenVPN 10.8.0.1 iptables -A INPUT -i tun0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -o tun0 -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT # outgoing http iptables -A OUTPUT -o tun0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -i tun0 -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT Now when I connect to the server from my client computer and try to access the website on 192.168.0.2:8100, my browser can't open it. Will I have to forward traffic from tun0 to eth0? Or is there anything else I'm missing?

    Read the article

  • Can MySQL use multiple data directories on different physical storage devices

    - by sirlark
    I am running MySQL with its data dir on a 128Gb SSD. I am dealing with large datasets (~20Gb) that are loaded and processed weekly, each stored in a separate DB for the purposes of time point comparisons. Putting all the data into a single database in unfeasible because the performance on such large databases is already a problem. However, I cannot keep more than 6 datasets on the SSD at a time. Right now I am manually dumping the oldest to much larger 2Tb spinning disk every week, and dropping the database to make space for the new one. But if I need one of the 'archived' databases (a semi regular occurrence) I have to drop a current one (after dumping), reload it, do what I need to, then reverse the results. Is there a way to configure MySQL to use multiple data directories, say one on the SSD and one on the 2Tb spinning disk, and 'merge' them transparently? If I could do this, then archiving would no longer mean "moved out of the database entirely", but instead would mean "moved onto the slow physical device". The time taken to do my queries on a spinning disk would be less than that taken to completely dump, drop, load, drop, reload two entire databases, so this is a win. I thought of using something like unionfs but I can't think of a way to control which database gets stored on which physical drive, because it works by merging on a directory level (from what I understand) so I'm still stuck with using multiple directories. Any help appreciated, thanks in advance

    Read the article

  • iptables drops some packets on port 80 and i don't know the cause.

    - by Janning
    Hi, We are running a firewall with iptables on our Debian Lenny system. I show you only the relevant entries of our firewall. Chain INPUT (policy DROP 0 packets, 0 bytes) target prot opt in out source destination ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 state NEW Chain OUTPUT (policy DROP 0 packets, 0 bytes) target prot opt in out source destination ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED LOGDROP all -- * * 0.0.0.0/0 0.0.0.0/0 Some packets get dropped each day with log messages like this: Feb 5 15:11:02 host1 kernel: [104332.409003] dropped IN= OUT=eth0 SRC= DST= LEN=1420 TOS=0x00 PREC=0x00 TTL=64 ID=18576 DF PROTO=TCP SPT=80 DPT=59327 WINDOW=54 RES=0x00 ACK URGP=0 for privacy reasons I replaced IP Addresses with and This is no reason for any concern, but I just want to understand what's happening. The web server tries to send a packet to the client, but the firewall somehow came to the conclusion that this packet is "UNRELATED" to any prior traffic. I have set a kernel parameter ip_conntrack_ma to a high enough value to be sure to get all connections tracked by iptables state module: sysctl -w net.ipv4.netfilter.ip_conntrack_max=524288 What's funny about that is I get one connection drop every 20 minutes: 06:34:54 droppedIN= 06:52:10 droppedIN= 07:10:48 droppedIN= 07:30:55 droppedIN= 07:51:29 droppedIN= 08:10:47 droppedIN= 08:31:00 droppedIN= 08:50:52 droppedIN= 09:10:50 droppedIN= 09:30:52 droppedIN= 09:50:49 droppedIN= 10:11:00 droppedIN= 10:30:50 droppedIN= 10:50:56 droppedIN= 11:10:53 droppedIN= 11:31:00 droppedIN= 11:50:49 droppedIN= 12:10:49 droppedIN= 12:30:50 droppedIN= 12:50:51 droppedIN= 13:10:49 droppedIN= 13:30:57 droppedIN= 13:51:01 droppedIN= 14:11:12 droppedIN= 14:31:32 droppedIN= 14:50:59 droppedIN= 15:11:02 droppedIN= That's from today, but on other days it looks like this, too (sometimes the rate varies). What might be the reason? Any help is greatly appreciated. kind regards Janning

    Read the article

  • Possible for linux bridge to intercept traffic?

    - by A G
    I have a linux machine setup as a bridge between a client and a server; brctl addbr0 brctl addif br0 eth1 brctl addif br0 eth2 ifconfig eth1 0.0.0.0 ifconfig eth2 0.0.0.0 ip link set br0 up I also have an application listening on port 8080 of this machine. Is it possible to have traffic destined for port 80 to be passed to my application? I have done some research and it looks like it could be done using ebtables and iptables. Here is the rest of my setup: //set the ebtables to pass this traffic up to ip for processing; DROP on the broute table should do this ebtables -t broute -A BROUTING -p ipv4 --ip-proto tcp --ip-dport 80 -j redirect --redirect-target DROP //set iptables to forward this traffic to my app listening on port 8080 iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --on-port 8080 --tproxy-mark 1/1 iptables -t mangle -A PREROUTING -p tcp -j MARK --set-mark 1/1 //once the flows are marked, have them delivered locally via loopback interface ip rule add fwmark 1/1 table 1 ip route add local 0.0.0.0/0 dev lo table 1 //enable ip packet forwarding echo 1 > /proc/sys/net/ipv4/ip_forward However nothing is coming into my application. Am I missing anything? My understanding is that the target DROP on the broute BROUTING chain will push it up to be processed by iptables. Secondly, are there any other alternatives I should investigate? Edit: IPtables gets it at nat PREROUTING, but it looks like it drops after that; the INPUT chain (in either mangle or filter) doesn't see the packet.

    Read the article

  • Secure NAT setup with iptables

    - by TheBigB
    I have Debian running device that needs to act as an internet-gateway. On top of that I want to provide a firewall that not only blocks inbound traffic, but also outbound traffic. And I figured iptables should be able to do the job. The problem: I've configured NAT properly (I think?), but once I set the default policy to DROP and add rules to for instance allow HTTP traffic from inside the LAN, HTTP is not going through. So basically my rules don't seem to work. Below is the initialization script that I use for iptables. The device has two NICs, respectively eth0 (the WAN interface) and eth1 (the LAN interface). echo 1 > /proc/sys/net/ipv4/ip_forward # Flush tables iptables -F iptables -t nat -F # Set policies iptables -P INPUT DROP iptables -P OUTPUT DROP # NAT iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE iptables -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT # Allow outbound HTTP from LAN? iptables -A FORWARD -i eth1 -o eth0 -p tcp --dport 80 -j ACCEPT iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT Can anyone shed some light on this?

    Read the article

  • What ports, besides 80, need to be available to send (only send) email using phpmailer to gmail over SSL?

    - by Wobblefoot
    Using phpmailer I keep getting a 110 timeout and "Unable to connect to host" when sending email from my web server. The authentication details are right and they work on another server I have (login, pwd, ports etc and gmail acct set up for SSL connections on 465), but it's failing on my new server. FIREWALL: I allow related/established, port 80 and a port for SSH on INPUT, then this on OUTPUT: 7906 474K DROP tcp -- any any anywhere anywhere tcp dpt:smtp 0 0 ACCEPT tcp -- any any localhost.localdomain yw-in-f109.1e100.net tcp dpt:submission 0 0 ACCEPT tcp -- any any localhost.localdomain gx-in-f109.1e100.net tcp dpt:ssmtp 0 0 DROP tcp -- any any anywhere anywhere tcp dpt:submission 9 540 DROP tcp -- any any anywhere anywhere tcp dpt:ssmtp This output chain works on my other server and disabling it doesn't get mail delivered either. WEB SERVER: Varnish (80) Nginx (8088) Drupal 7 PHP5-FPM APC MySQL All works beautifully, except for outgoing email. What else could it be? I understand phpmailer does NOT require a local MTA or procmail (this is sort of the point - I don't want the security or admin overhead of a full blown MTA on my web server). Am I wrong? Do I need an MTA as well? What local ports and programs are used to authenticate over SSL and route mail using phpmailer? Any ideas at all greatly appreciated - wasted a day on this nonsense already!

    Read the article

  • Fedora 17 transparent Ethernet Bridge not forwarding IP traffic

    - by mcdoomington
    I am running on Fedora 17 with the latest ebtables and have been trying to setup a transparent bridge - using the following script, I send a ping through the bridged host and only see the requests on the bridge (among other traffic from eth0), BUT, arps and arp replies are making it through. My host is setup - Client 192.168.1.10 <-- eth0 -- eth2 192.168.1.20 Ethernet script: #!/bin/sh brctl addbr br0; brctl stp br0 on; brctl addif br0 eth0; brctl addif br0 eth2; (ifdown eth0 1>/dev/null 2>&1;); (ifdown eth2 1>/dev/null 2>&1;); ifconfig eth0 0.0.0.0 up; ifconfig eth2 0.0.0.0 up; echo "1" > /proc/sys/net/ipv4/ip_forward; ebtables -P INPUT DROP ebtables -P FORWARD DROP ebtables -P OUTPUT DROP ebtables -A FORWARD -p ipv4 -j ACCEPT ebtables -A FORWARD -p arp -j ACCEPT Any assistance would be great!

    Read the article

  • Sampler referencing in HLSL - Sampler parameter must come from a literal expression

    - by user1423893
    The following method works fine when referencing a sampler in HLSL float3 P = lightScreenPos; sampler ShadowSampler = DPFrontShadowSampler; float depth; if (alpha >= 0.5f) { // Reference the correct sampler ShadowSampler = DPFrontShadowSampler; // Front hemisphere 'P0' P.z = P.z + 1.0; P.x = P.x / P.z; P.y = P.y / P.z; P.z = lightLength / LightAttenuation.z; // Rescale viewport to be [0, 1] (texture coordinate space) P.x = 0.5f * P.x + 0.5f; P.y = -0.5f * P.y + 0.5f; depth = tex2D(ShadowSampler, P.xy).x; depth = 1.0 - depth; } else { // Reference the correct sampler ShadowSampler = DPBackShadowSampler; // Back hemisphere 'P1' P.z = 1.0 - P.z; P.x = P.x / P.z; P.y = P.y / P.z; P.z = lightLength / LightAttenuation.z; // Rescale viewport to be [0, 1] (texture coordinate space) P.x = 0.5f * P.x + 0.5f; P.y = -0.5f * P.y + 0.5f; depth = tex2D(ShadowSampler, P.xy).x; depth = 1.0 - depth; } // [Standard Depth Calculation] float mydepth = P.z; shadow = depth + Bias.x < mydepth ? 0.0f : 1.0f; If I try and do anything with the sampler reference outside the if statement then I get the following error: Sampler parameter must come from a literal expression This code demonstrates that float3 P = lightScreenPos; sampler ShadowSampler = DPFrontShadowSampler; if (alpha >= 0.5f) { // Reference the correct sampler ShadowSampler = DPFrontShadowSampler; // Front hemisphere 'P0' P.z = P.z + 1.0; P.x = P.x / P.z; P.y = P.y / P.z; P.z = lightLength / LightAttenuation.z; } else { // Reference the correct sampler ShadowSampler = DPBackShadowSampler; // Back hemisphere 'P1' P.z = 1.0 - P.z; P.x = P.x / P.z; P.y = P.y / P.z; P.z = lightLength / LightAttenuation.z; } // Rescale viewport to be [0, 1] (texture coordinate space) P.x = 0.5f * P.x + 0.5f; P.y = -0.5f * P.y + 0.5f; // [Standard Depth Calculation] float depth = tex2D(ShadowSampler, P.xy).x; depth = 1.0 - depth; float mydepth = P.z; shadow = depth + Bias.x < mydepth ? 0.0f : 1.0f; How can I reference the sampler in this manner without triggering the error?

    Read the article

  • Cocos3d lighting problem

    - by Parasithe
    I'm currently working on a cocos3d project, but I'm having some trouble with lighting and I have no idea how to solve it. I've tried everything and the lighting is always as bad in the game. The first picture is from 3ds max (the software we used for 3d) and the second is from my iphone app. http://prntscr.com/ly378 http://prntscr.com/ly2io As you can see, the lighting is really bad in the app. I manually add my spots and the ambiant light. Here is all my lighting code : _spot = [CC3Light lightWithName: @"Spot" withLightIndex: 0]; // Set the ambient scene lighting. ccColor4F ambientColor = { 0.9, 0.9, 0.9, 1 }; self.ambientLight = ambientColor; //Positioning _spot.target = [self getNodeNamed:kCharacterName]; _spot.location = cc3v( 400, 400, -600 ); // Adjust the relative ambient and diffuse lighting of the main light to // improve realisim, particularly on shadow effects. _spot.diffuseColor = CCC4FMake(0.8, 0.8, 0.8, 1.0); _spot.specularColor = CCC4FMake(0, 0, 0, 1); [_spot setAttenuationCoefficients:CC3AttenuationCoefficientsMake(0, 0, 1)]; // Another mechansim for adjusting shadow intensities is shadowIntensityFactor. // For better effect, set here to a value less than one to lighten the shadows // cast by the main light. _spot.shadowIntensityFactor = 0.75; [self addChild:_spot]; _spot2 = [CC3Light lightWithName: @"Spot2" withLightIndex: 1]; //Positioning _spot2.target = [self getNodeNamed:kCharacterName]; _spot2.location = cc3v( -550, 400, -800 ); _spot2.diffuseColor = CCC4FMake(0.8, 0.8, 0.8, 1.0); _spot2.specularColor = CCC4FMake(0, 0, 0, 1); [_spot2 setAttenuationCoefficients:CC3AttenuationCoefficientsMake(0, 0, 1)]; _spot2.shadowIntensityFactor = 0.75; [self addChild:_spot2]; I'd really appreciate if anyone would have some tip on how to fix the lighting. Maybe my spots are bad? maybe it's the material? I really have no idea. Any help would be welcomed. I already ask some help on cocos2d forums. I had some answers but I need more help.

    Read the article

  • nautilus selected item color

    - by shantanu
    See in the image, selected item "build" colour is black as background colour. How can i change the selected item colour gtk3 theme's nautilus.css script Which section colour need to modify: /* desktop mode */ .nautilus-desktop.nautilus-canvas-item { color: @bg_color; text-shadow: 1 1 alpha (#001B33, 0.8); } .nautilus-desktop.nautilus-canvas-item:active { background-image: none; background-color: alpha (@selected_bg_color, 0.84); border-radius: 4; color: @fg_color; } .nautilus-desktop.nautilus-canvas-item:selected { background-image: none; background-color: alpha (@bg_color, 0.84); border-radius: 4; color: @selected_fg_color; } .nautilus-desktop.nautilus-canvas-item:active, .nautilus-desktop.nautilus-canvas-item:prelight, .nautilus-desktop.nautilus-canvas-item:selected { text-shadow: none; } /* browser window */ NautilusTrashBar.info, NautilusXContentBar.info, NautilusSearchBar.info, NautilusQueryEditor.info { /* this background-color controls the symbolic icon in the entry */ background-color: mix (@fg_color, @base_color, 0.3); border-radius: 0; border-style: solid; border-width: 0 1 1 1; } NautilusSearchBar .entry { } .nautilus-cluebar-label { color: @fg_color; font: bold; } #nautilus-search-button *:active, #nautilus-search-button *:active:prelight { color: @dark_fg_color; } NautilusFloatingBar { background-color: @info_bg_color; border-radius: 3 3 0 0; border-style: solid; border-width: 1; border-color: darker (@info_bg_color); -unico-border-gradient: none; } NautilusFloatingBar .button { -GtkButton-image-spacing: 0; -GtkButton-inner-border: 0; } /* sidebar */ NautilusWindow .sidebar, NautilusWindow .sidebar .view { background-color: @bg_color; color: @fg_color; } NautilusWindow .sidebar .frame { } NautilusWindow > GtkTable > .pane-separator { background-color: @bg_color; border-color: @bg_color; border-width: 0 0 0 0; border-style: solid; }

    Read the article

  • How to do geometric projection shadows?

    - by John Murdoch
    I have decided that since my game world is mostly flat I don't need better shadows than geometric projections - at least for now. The only problem is I don't even know how to do those properly - that is to produce a 4x4 matrix which would render shadows for my objects (that is, I guess, project them on a horizontal XZ plane). I would like a light source at infinity (e.g., the sun at some point in the sky) and thus parallel projection. My current code does something that looks almost right for small flying objects, but actually is a very rude approximation, as it doesn't project the objects onto the ground, but simply moves them there (I think). Also it always wrongly assumes the sun is always on the zenith (projecting straight down). Gdx.gl20.glEnable(GL10.GL_BLEND); Gdx.gl20.glBlendFunc(GL10.GL_SRC_ALPHA, GL10.GL_ONE_MINUS_SRC_ALPHA); //shells shellTexture.bind(); shader.begin(); for (ShellState state : shellStates.values()) { transform.set(camera.combined); transform.mul(state.transform); shader.setUniformMatrix("u_worldView", transform); shader.setUniformi("u_texture", 0); shellMesh.render(shader, GL10.GL_TRIANGLES); } shader.end(); // shadows shader.begin(); for (ShellState state : shellStates.values()) { transform.set(camera.combined); m4.set(state.transform); state.transform.getTranslation(v3); m4.translate(0, -v3.y + 0.5f, 0); // TODO HACK: + 0.5f is a hack to ensure the shadow appears above the ground; this is overall a hack as we are just moving the shell to the surface instead of projecting it on the surface! transform.mul(m4); shader.setUniformMatrix("u_worldView", transform); shader.setUniformi("u_texture", 0); // TODO: make shadow black somehow shellMesh.render(shader, GL10.GL_TRIANGLES); } shader.end(); Gdx.gl.glDisable(GL10.GL_BLEND); So my questions are: a) What is the proper way to produce a Matrix4 to pass to openGL which would render the shadows for my objects? b) I am supposed to use another fragment shader for the shadows which would paint them in semi-transparent grey, correct? c) The limitation of this simplistic approach is that whenever there is some object on the ground (it is not flat) the shadows will not be drawn, correct? d) Do I need to add something very small to the y (up) coordinate to avoid z-fighting with ground textures? Or is the fact they will be semi-transparent enough to resolve that problem?

    Read the article

  • Render an image with layers for shadows /reflections, object and ground in 3D Studio Max?

    - by Bernd Plontsch
    I have a scene with a simple object standing on the ground in the center. This object has shadows and reflections on the ground. How can I render an image containing 3 separate layers for The object The ground The reflection / shadow on the ground Which format do I use for this? (It should include all 3 layers + I should be able to enable/disable them in Photoshop) How do I define or prepare those layers for being rendering as image layers?

    Read the article

  • Le premier homme bionique voit le jour : il marche, parle et respire

    Rich Walker et Matthew Godden de la Shadow Robot Co., ont dévoilé le premier homme bionique : il marche, parle et respire. C'est un Frankenstein des temps moderne qui coûte la bagatelle de 1 million de dollars ! Il est en effet composé des prothèses humaines les plus avancées :Des membres robotisés (dont celui-ci) Une tête, avec la réplique du visage d'un de ses concepteurs. Des yeux (fabriqués par Second Sight à Sylmar en Californie). Un coeur artificiel (créé par SynCardia Systems à Tucson en...

    Read the article

  • How does Ubuntu create the guest session? [closed]

    - by tarantinofan
    Possible Duplicate: How do I change the guest session defaults In Ubuntu 10.04, I am able to create a guest session from the indicator-applet-session applet menu. When it is active, this session has its home folder in /tmp, an entry in /etc/passwd and /etc/shadow, and so on. This temporary guest user and its session exists only while it is active. I want to know how this guest session is created, because I want to modify it a bit.

    Read the article

  • 2-d lighting day/night cycle

    - by Richard
    Off the back of this post in which I asked two questions and received one answer, which I accepted as a valid answer. I have decided to re-ask the outstanding question. I have implemented light points with shadow casting as shown here but I would like an overall map light with no point/light source. The map setup is a top-down 2-d 50X50 pixel grid. How would I go about implementing a day/night cycle lighting across a map?

    Read the article

  • Creating smooth lighting transitions using tiles in HTML5/JavaScript game

    - by user12098
    I am trying to implement a lighting effect in an HTML5/JavaScript game using tile replacement. What I have now is kind of working, but the transitions do not look smooth/natural enough as the light source moves around. Here's where I am now: Right now I have a background map that has a light/shadow spectrum PNG tilesheet applied to it - going from darkest tile to completely transparent. By default the darkest tile is drawn across the entire level on launch, covering all other layers etc. I am using my predetermined tile sizes (40 x 40px) to calculate the position of each tile and store its x and y coordinates in an array. I am then spawning a transparent 40 x 40px "grid block" entity at each position in the array The engine I'm using (ImpactJS) then allows me to calculate the distance from my light source entity to every instance of this grid block entity. I can then replace the tile underneath each of those grid block tiles with a tile of the appropriate transparency. Currently I'm doing the calculation like this in each instance of the grid block entity that is spawned on the map: var dist = this.distanceTo( ig.game.player ); var percentage = 100 * dist / 960; if (percentage < 2) { // Spawns tile 64 of the shadow spectrum tilesheet at the specified position ig.game.backgroundMaps[2].setTile( this.pos.x, this.pos.y, 64 ); } else if (percentage < 4) { ig.game.backgroundMaps[2].setTile( this.pos.x, this.pos.y, 63 ); } else if (percentage < 6) { ig.game.backgroundMaps[2].setTile( this.pos.x, this.pos.y, 62 ); } // etc... (sorry about the weird spacing, I still haven't gotten the hang of pasting code in here properly) The problem is that like I said, this type of calculation does not make the light source look very natural. Tile switching looks too sharp whereas ideally they would fade in and out smoothly using the spectrum tilesheet (I copied the tilesheet from another game that manages to do this, so I know it's not a problem with the tile shades. I'm just not sure how the other game is doing it). I'm thinking that perhaps my method of using percentages to switch out tiles could be replaced with a better/more dynamic proximity forumla of some sort that would allow for smoother transitions? Might anyone have any ideas for what I can do to improve the visuals here, or a better way of calculating proximity with the information I'm collecting about each tile? (PS: I'm reposting this from Stack Overflow at someone's suggestion, sorry about the duplicate!)

    Read the article

< Previous Page | 60 61 62 63 64 65 66 67 68 69 70 71  | Next Page >