Search Results

Search found 5137 results on 206 pages for 'i like traffic lights'.

Page 64/206 | < Previous Page | 60 61 62 63 64 65 66 67 68 69 70 71  | Next Page >

  • windows firewall and network location switch after establishing a vpn connection

    - by Konrads
    I am looking for a reasonable solution for network location switching after VPN connection is established for Windows 7. The scenario is as follows: For location public (employee plugging in his laptop in hotel, public wi-fi,etc) all inbound connections are restricted, only outbound VPN + www is enabled. Employee then initiates a VPN connection, VPN pushes routes to 10.0.0.0/8 subnet Now I would like to have lax security rules for traffic from/to 10.0.0.0/8 that comes through the VPN interface, while still protecting the laptop from traffic that comes via uplink interface as if it was private. How to achieve this switching and duality? One option I see is switching to IPSec...

    Read the article

  • VPN, routing, specified application

    - by Adrian
    Details: eth0 = current internet port pptp1 = VPN connection, if I connect to my provider, he give me an IP address, which is accessible from the internet. This is what I need. I want to connect through this IP back to my PC. I want to keep my primary internet connection (eth0) on my PC for all traffic, but route traffic to VPN for specified application/or port, to access application/port from the IP, which I given from the pptp provider. Huhh? Difficult but, it is possible? If yes, how? Incoming port will be always: 33340 Outgoing port can be change, but usually it is 33330

    Read the article

  • Hosting 3 domains on 3 PC (1 domain per PC) with only 1 static IP address

    - by StealthRT
    Hey all i am trying to figure this out here. I have 3 PC's that are hooked into my router which i have a static IP for. I am currently hosting a web site (ex: blah1.com) on the 1st PC but have yet to connect PC 2 and 3 up to the network. That one PC thats online is using port 77. I direct all 80 traffic to port 77 using that servers IP address (192.168.x.xxx) My question is, how can i direct traffic for my other 2 domains (ex: blah2.com and blah3.com) to the 2 individual PC's (ip's) as i already am doing with the 1st PC if i can only use one port 80 to direct taffic to the website in?

    Read the article

  • Blocking a country (mass iP Ranges), best practice for the actual block

    - by kwiksand
    Hi all, This question has obviously been asked many times in many different forms, but I can't find an actual answer to the specific plan I've got. We run a popular European Commercial deals site, and are getting a large amount of incoming registrations/traffic from countries who cannot even take part in the deals we offer (and many of the retailers aren't even known outside Western Europe). I've identified the problem area to block a lot of this traffic, but (as expected) there are thousands of ip ranges required. My question now (finally!). On a test server, I created a script to block each range within iptables, but the amount of time it took to add the rules was large, and then iptables was unresponsive after this (especially when attempting a iptables -L). What is the most efficient way of blocking large numbers of ip ranges: iptables? Or a plugin where I can preload them efficiantly? hosts.deny? .htaccess (nasty as I'd be running it in apache on every load balanced web server)? Cheers

    Read the article

  • Public Facing Recursive DNS Servers - iptables rules

    - by David Schwartz
    We run public-facing recursive DNS servers on Linux machines. We've been used for DNS amplification attacks. Are there any recommended iptables rules that would help mitigate these attacks? The obvious solution is just to limit outbound DNS packets to a certain traffic level. But I was hoping to find something a little bit more clever so that an attack just blocks off traffic to the victim IP address. I've searched for advice and suggestions, but they all seem to be "don't run public-facing recursive name servers". Unfortunately, we are backed into a situation where things that are not easy to change will break if we don't do so, and this is due to decisions made more than a decade ago before these attacks were an issue.

    Read the article

  • Elastic Load Balancer & SSL termination

    - by Aaron Scruggs
    I am setting up a Rails app on AWS that: 1) all traffic must ssl encrypted 2) will highly fluctuate in traffic on a weekly basis 3) will by maintained by someone that is a stronger coder than sysadmin, but will be responsible for both I am thinking that SSL termination on an elastic load balancer backed by small ec2 instances running nginx and unicorn A small subset of the requests will take longer than 10s, because of this I am also debating using 'thin' instead of 'unicorn'. My question is this: Is this sane? I am stepping into a quagmire of cost, maintainability, security or performance problems?

    Read the article

  • Smart subdomain routing via reverse proxy

    - by Trevor Hartman
    I have two servers on my home network: OSX Server and an Ubuntu Server. I'd love to have external subdomains osx.mydomain.com point to osx and ubuntu.mydomain.com point to ubuntu. I know the normal way to do this is to have a static external IP address for each, but that's not an option as this is just my home setup. My question is: is there a way to do this with some reverse proxy trickery? OSX is currently the default entry point for all traffic. I was able to setup a reverse proxy on OSX for ubuntu.mydomain.com on port 80, so web traffic was correctly being proxied to my ubuntu. I'd like to ssh and do a bunch of other stuff though!

    Read the article

  • Can a device (WAP or switch) be configured as an 802.1x supplicant?

    - by Allan Ross
    We are looking at implementing 802.1x on a wired/wireless network. What I am looking for is a device that can act as a supplicant and once authenticated on the network, is able to pass traffic from any downstream connected device. The point of doing this would be to allow a properly pre-configured device to be provided to a client user who could then connect any device on the downstream side of the device. We will be able to manage the aggregate traffic on the device without concern for what is connected on the far side. Am I dreaming; does every device out there support this and I just don't know it or is reality fall somewhere in the middle?

    Read the article

  • Serial: write() throttling?

    - by damian
    Hi everyone, I'm working on a project sending serial data to control animation of LED lights, which need to stay in sync with a sound engine. There seems to be a large serial write buffer (OSX (POSIX) + FTDI chipset usb serial device), so without manually restricting the transmission rate, the animation system can get several seconds ahead of the serial transmission. Currently I'm manually restricting the serial write speed to the baudrate (8N1 = 10 bytes serial frame per 8 bytes data, 19200 bps serial - 1920 bytes per second max), but I am having a problem with the sound drifting out of sync over time - it starts fine, but after 10 minutes there's a noticeable (100ms+) lag between the sound and the lights. This is the code that's restricting the serial write speed (called once per animation frame, 'elapsed' is the duration of the current frame, 'baudrate' is the bps (19200)): void BufferedSerial::update( float elapsed ) { baud_timer += elapsed; if ( bytes_written > 1024 ) { // maintain baudrate float time_should_have_taken = (float(bytes_written)*10)/float(baudrate); float time_actually_took = baud_timer; // sleep if we have > 20ms lag between serial transmit and our write calls if ( time_should_have_taken-time_actually_took > 0.02f ) { float sleep_time = time_should_have_taken - time_actually_took; int sleep_time_us = sleep_time*1000.0f*1000.0f; //printf("BufferedSerial::update sleeping %i ms\n", sleep_time_us/1000 ); delayUs( sleep_time_us ); // subtract 128 bytes bytes_written -= 128; // subtract the time it should have taken to write 128 bytes baud_timer -= (float(128)*10)/float(baudrate); } } } Clearly there's something wrong, somewhere. A much better approach would be to be able to determine the number of bytes currently in the transmit queue, and try and keep that below a fixed threshold. Any advice appreciated.

    Read the article

  • How to create a semi transparent window in WPF that allows mouse events to pass through

    - by RMK
    I am trying to create an effect similar to the Lights out /lights dim feature in Adobe Lightroom (http://www.youtube.com/watch?v=87hNd3vaENE) except in WPF. What I tried was to create another window over-top of my existing window, make it transparent and put a semi transparent Path geometry on it. But I want mouse events to be able to pass through this semi transparent window (on to windows below). This is a simplified version of what I have: <Window x:Class="LightsOut.MaskWindow" xmlns="http://schemas.microsoft.com/winfx/2006/xaml/presentation" xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml" AllowsTransparency="True" WindowStyle="None" ShowInTaskbar="False" Topmost="True" Background="Transparent"> <Grid> <Button HorizontalAlignment="Left" Height="20" Width="60">click</Button> <Path IsHitTestVisible="False" Stroke="Black" Fill="Black" Opacity="0.3"> <Path.Data> <RectangleGeometry Rect="0,0,1000,1000 "/> </Path.Data> </Path> </Grid> The window is fully transparent, so on places where the Path doesn't cover, mouse events pass right through. So far so good. The IsHitTestvisible is set to false on the path object. So mouse events will pass through it to other controls on the same form (ie you can click on the Button, because it is on the same form). But mouse events wont pass through the Path object onto windows that are below it. Any ideas? Or better ways to solve this problem? Thanks.

    Read the article

  • HA Proxy and Disaster Recovery - Only access server if others are down?

    - by ben2004uk
    Why I expect this is not the best way to solve the problem, I got thinking tonight. I'm thinking about geo-locating servers. Given we have a load balancer + two servers to handle traffic in NA (North America) and one server in the EU. If the two US servers die, is it possible to get HAProxy to direct traffic automatically to the EU one. However, I don't want to use a roundrobin approach for the EU - just the two US ones. The EU should only be hit when the other two are down. Does anyone know how to configure HAProxy to do this? Thanks Ben

    Read the article

  • Help with Apache rewriteengine rules

    - by Vinay
    Hello - I am trying to write a simple rewrite rule using the rewriteengine in apache. I want to redirect all traffic destined to a website unless the traffic originates from a specific IP address and the URI contains two specific strings. RewriteEngine On RewriteLog /var/log/apache2/rewrite_kudithipudi.log RewriteLogLevel 1 RewriteCond %{REMOTE_ADDR} ^199\.27\.130\.105 RewriteCond %{REQUEST_URI} !/StringOne [NC, OR] RewriteCond %{REQUEST_URI} !/StringTwo [NC] RewriteRule ^/(.*) http://www.google.com [R=302,L] I put these statements in my virtual host configuration. But the rewriteengine seems to be redirect all requests, whether they match the condition or not. Am I missing something? Thank you. Vinay.

    Read the article

  • Is there any way to limit my Internet connection to a per program basis?

    - by Igoru
    My Linux connection is REALLY free. I live in Brazil, so where I live I can only have 1 Mbit/s. Yes I know it's sad, but it's not the point. Everytime I'm updating my Ubuntu 9.04 or downloading something, it does eat all my bandwidth. Like, while update-manager is downloading the packages, I can see by netspeed applet in my panel that the incoming traffic goes to 110 kB/s. And then, my Emesene suddenly goes disconnected, and I can't navigate. As you can imagine, I can't use my Internet connection again until the packages are all downloaded or I cancel the update in the middle. As I said, same thing happens when I'm dowloading something, but less intrusive and immediate. The question is: is there any way to limit that APT/downloads traffic to some way I can still use my other Internet services, or to reserve some bandwidth for common navigation tasks (like we have on Windows, but I forgot this thing's name, it's like "something packages".

    Read the article

  • Why do my raytraced spheres have dark lines when lit with multiple light sources?

    - by Curyous
    I have a simple raytracer that only works back up to the first intersection. The scene looks OK with two different light sources, but when both lights are in the scene, there are dark shadows where the lit area from one ends, even if in the middle of a lit area from the other light source (particularly noticeable on the green ball). The transition from the 'area lit by both light sources' to the 'area lit by just one light source' seems to be slightly darker than the 'area lit by just one light source'. The code where I'm adding the lighting effects is: // trace lights for ( int l=0; l<primitives.count; l++) { Primitive* p = [primitives objectAtIndex:l]; if (p.light) { Sphere * lightSource = (Sphere *)p; // calculate diffuse shading Vector3 *light = [[Vector3 alloc] init]; light.x = lightSource.centre.x - intersectionPoint.x; light.y = lightSource.centre.y - intersectionPoint.y; light.z = lightSource.centre.z - intersectionPoint.z; [light normalize]; Vector3 * normal = [[primitiveThatWasHit getNormalAt:intersectionPoint] retain]; if (primitiveThatWasHit.material.diffuse > 0) { float illumination = DOT(normal, light); if (illumination > 0) { float diff = illumination * primitiveThatWasHit.material.diffuse; // add diffuse component to ray color colour.red += diff * primitiveThatWasHit.material.colour.red * lightSource.material.colour.red; colour.blue += diff * primitiveThatWasHit.material.colour.blue * lightSource.material.colour.blue; colour.green += diff * primitiveThatWasHit.material.colour.green * lightSource.material.colour.green; } } [normal release]; [light release]; } } How can I make it look right?

    Read the article

  • How do I configure pfsense as an outbound VPN client?

    - by Avery Chan
    We use pfsense as a router/firewall. Because we're based in China, it is useful for us to have VPN access for all our internal clients. Instead of each individual client connecting to a VPN server stateside, I'd like to configure pfsense as a VPN client and have all the network traffic be routed through it. Most of the posts I've seen regarding pfsense and VPN are concerning connecting to the LAN from outside; this is not what I want to do. Another option would be for an SSH tunnel to be initiated on the pfsense box with the LAN traffic routed through it. How do I configure pfsense to be able to do either of these? One huge caveat is that OpenVPN cannot be used. The solution I am looking for needs to use one of the other VPN protocols.

    Read the article

  • Measuring cumulative network statistics per user or per process

    - by zsimpson
    I've been googling for hours -- Under Linux I want to know the cumulative bytes sent and received by user or by process over all ip protocols. The best I've found in my searches is that it's possible to use iptables to mark packets for a user, for example: iptables -t mangle -A OUTPUT -p tcp -m owner --uid-owner test -j MARK --set-mark 1 It appears that "tc" can then shape traffic with that but I just want the statistic -- I don't want to shape the traffic. I want something like: "user U has transmitted used XMB since time Y". I can't figure out how to get statistics from these marked packets. Also, I've looked at nethogs but they seem to be measuring the instantaneous flow and I need cumulative counts. Anyone have ideas?

    Read the article

  • Can admins monitor my activity locally even when I use a VPN?

    - by Arjun Create
    My school has one of those super overreacting web blockers (specifically Fortisnet) that blocks things that should be accessible by a high-school senior trying to research projects. Despite many students' complaints the administration's hands are tied due to parents' complaints. I have setup a VPN account from http://www.vpnreactor.com. With this I am able to bypass the blocker. I know this service hides my IP from websites and servers on the web. I also know that the school pays an IT guy just to monitor sites and network traffic that the students are using. Basically, will he be able to see my network traffic? More importantly, will he be able to trace it to my computer or its MAC address? I am connecting over Wi-Fi, not ethernet.

    Read the article

  • SSH Socks Proxy wiith iptables REDIRECT

    - by Radium
    I have googled and haven`t found the answer on my question. Help me please. There are two servers: serverA with public IP 12.0.0.10 and an private IP 10.0.0.5 serverB with public IP 20.0.0.11 I have setup SOCKS proxy on serverB to serverA: ssh -D20.0.0.11:2222 [email protected] So when on my local machine in a browser i specify SOCKS proxy 20.0.0.11:2222 (serverB:2222) as external IP while browsing i get 12.0.0.10 (serverA IP). That is ok. As well if i go onto http://10.0.0.5 (serverA private IP) it is also reachable. That is what i need. I want to make servers A private IP to be available through servers B public IP on certain ports but without specifying SOCKS in my browser. I could use ssh port forward but the problem is - i need to forward many ports and do not know which exactly - i know only the range. So when i connect to 20.0.0.11 to any port , for example, from 3000:4000 range, i want that traffic to be redirected to 10.0.0.5 on the same port. That is why i`ve decided maybe SOCKS proxy via SSH and iptables REDIRECT could help me. Client - serverBPublicIP (any port from range 3000:4000) - serverAPublicIP - serverAPrivateIP (the port was requested on serverBPublicIP) On serverB i do: ssh -D20.0.0.11:2222 [email protected] iptables -t nat -A PREROUTING -d 20.0.0.11 -p tcp --dport 3000:4000 -j REDIRECT --to-port 2222 But that does not work - when i telnet on 20.0.0.11:3001 for example i do not see any proxied traffic on the serverA. What should i do else? I have tried tcpsocks like this (in example i am telneting to 20.0.0.11:3001) Client -> 20.0.0.11:3001 -> iptables REDIRECT from 3001 --to-port 1111 -> tcpsocks from 1111 to 2222 -> SOCKS proxy from serverB to serverA on port 2222 -> serverA But i do not know what to do with the traffic on serverA. How to route it to its private IP. Help me please. I know, VPN removes all the hell i am trying to create, but i have no ability to use tun/tap device. It is disabled.

    Read the article

  • Firewalling a Cisco ASA Split tunnel

    - by dunxd
    I have a Cisco ASA 5510 at head office, and Cisco ASA 5505 in remote offices. The remote offices are connected over a split tunnelled VPN - the ASA 5505s use "Easy VPN" Client type VPN in Network Extension Mode (NEM). I'd like to set firewall rules for the non-tunnelled traffic only. Traffic over the VPN to head office should not have any firewall rules applied. I might want to apply different firewall rules to different remote offices. All the documentation I have been able to find assumes the Client VPN is a software endpoint, and all the configuration is done at the 5510. When using a Cisco 5505 as the VPN client, is it possible to configure any firewalling at the Client end, or does it all have to come from the 5510? Are there any other issues to look out for when split-tunnelling a VPN by this method?

    Read the article

  • multiple vlans routed on one nic? trunk?General? or Access?

    - by Aceth
    ok for the last week I've tried racking my head around this... I have a SRW208P with 802.1q support, and a virtual endian appliance. I would like to be able to have 3 vlans having everything routed through the endian appliance.. i.e. The Virtual server has 2 bridged NIC's to the switch. This is where I'm getting confused .. On the 8 port switch I've got the 3 vlans set up ok (all being untagged as they are not going to be vlan aware), it's the port I'm connecting the endian firewall to the switch I'm having trouble with (second nic goes to the adsl modem and NAT'd) Is it meant to be a trunk, "Genereal" or "Access" then untagged or tagged? the end goal is to have vlan traffic routing through the single NIC and have endian route vlan traffic according to the rules. Any one have any ideas on the cisco small business stuff? Thanks

    Read the article

  • On Mikrotik RouterOS, is it possible to get Netflow information from a bridged connection?

    - by Tim
    I have a RouterOS box set up to bridge two ethernet connections. I have use-ip-firewall=yes in the bridge configuration, so that the ports go through the firewall. I've enabled netflow reporting via ip/traffic-flow, but the only packets I see reported are broadcast and multicast packets, not the packets that are flowing through the bridge. The documentation indicates that traffic flow logging happens after firewall processing and that it won't work with bridged connections by default, but I would have thought that use-ip-firewall=yes ought to address this. Is it possible to make this work somehow?

    Read the article

  • IIS Reverse Proxy support for multiple protocols

    - by Abraxas
    I have a server 2012 machine running IIS. It's in my DMZ and I would like to use it to do reverse proxy for several services. I can get it to route traffic on port 80 to 2 separate internal servers running web apps but there are some issues when I try to forward SSH (not port 80/443) and then when I try to forward OWA (Micrsoft exchange's 'webmail' services) to the internal mail server I run in to issues with guides (like this: http://blogs.technet.com/b/exchange/archive/2013/07/19/reverse-proxy-for-exchange-server-2013-using-iis-arr-part-1.aspx) when they say to have all traffic forwarded to the server farm created for OWA. My question for you all is this - given that there is no more Threat Management Gateway (only runs on server 2008) and ISA 2006 is also dead - is it possible to support multiple types of reverse proxies with different protocols (ftp, ssh, web, ssl-web) in IIS, or would it be better to install a different DMZ OS like a nginx server and use linux firewalls + nginx reverse proxy? Thanks for any help!

    Read the article

  • Dual-WAN router

    - by aix
    I am looking for a router that would fit the following requirements: Two WAN interfaces: the primary is PPPoE, the secondary will link to a GigE port on another router (a 100Mbps link will suffice); Two (ideally four) GigE LAN ports; No requirement for a firewall; No requirement for Wi-Fi; Inexpensive. The plan for the two WAN interfaces is as follows. All outbound traffic will go to the primary, with exceptions based on destination IP/subnet or possibly on src+dest IPs/subnets. Such exceptions should be routed to the secondary. It would be very nice if, should the primary go down, the secondary would automatically take over for all outbound traffic. I am reasonably sure that I can put something together based on dd-wrt. However, I'd like to hear from you what alternatives are out there (especially something easier to set up for my use case, even if it means paying more for the hardware.)

    Read the article

  • Finding a private (NAT) host's IP using historic destination data

    - by l0c0b0x
    The issue: An unknown private (NAT) client is infected with malware and it's trying to access a Bot server at random times/dates. How we know about this: We receive bot traffic notices/alerts from REN-ISAC. Unfortunately, we don't receive those until the next day after it has happened. What they provide to us is: The source address (of the firewall) The destination addresses (it varies, but they're going to network subnet allocated to a German ISP) The source port (which varies--dynamic ports). Question: What would be the best approach to finding this internal host (historically) with a Cisco ASA as firewall? I'm guessing blocking anything to the destination address(es), and logging that type of traffic/access might allow me to find the source host, but I'm not sure which tool/command would be the most useful. I've seen Netflow thrown into a few responses when it comes to logging, but I'm confused with it's association of Logging, NAL, and nBAR, and how they relate to Netflow.

    Read the article

  • Solaris TCP/IP performance tuning

    - by Andy Faibishenko
    I am trying to tune a high message traffic system running on Solaris. The architecture is a large number (600) of clients which connect via TCP to a big Solaris server and then send/receive relatively small messages (.5 to 1K payload) at high rates. The goal is to minimize the latency of each message processed. I suspect that the TCP stack of the server is getting overwhelmed by all the traffic. What are some commands/metrics that I can use to confirm this, and in case this is true, what is the best way to alleviate this bottleneck? PS I posted this on StackOverflow originally. One person suggested snoop and dtrace. dtrace seems pretty general - are there any additional pointers on how to use it to diagnose TCP issues?

    Read the article

< Previous Page | 60 61 62 63 64 65 66 67 68 69 70 71  | Next Page >