Search Results

Search found 4786 results on 192 pages for 'traffic shaping'.

Page 64/192 | < Previous Page | 60 61 62 63 64 65 66 67 68 69 70 71  | Next Page >

  • Restricting output to only allow localhost using iptables

    - by Dave Forgac
    I would like to restrict outbound traffic to only localhost using iptables. I already have a default DROP policy on OUTPUT and a rule REJECTing all traffic. I need to add a rule above that in the OUTPUT chain. I have seen a couple different examples for this type of rule, the most common being: -A OUTPUT -o lo -j ACCEPT and -A OUTPUT -o lo -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT Is there any reason to use the latter rather than the former? Can packets on lo have an address other than 127.0.0.1?

    Read the article

  • How to open a server port outside of an OpenVPN tunnel with a pf firewall on OSX (BSD)

    - by Timbo
    I have a Mac mini that I use as a media server running XBMC and serves media from my NAS to my stereo and TV (which has been color calibrated with a Spyder3Express, happy). The Mac runs OSX 10.8.2 and the internet connection is tunneled for general privacy over OpenVPN through Tunnelblick. I believe my anonymous VPN provider pushes "redirect_gateway" to OpenVPN/Tunnelblick because when on it effectively tunnels all non-LAN traffic in- and outbound. As an unwanted side effect that also opens the boxes server ports unprotected to the outside world and bypasses my firewall-router (Netgear SRX5308). I have run nmap from outside the LAN on the VPN IP and the server ports on the mini are clearly visible and connectable. The mini has the following ports open: ssh/22, ARD/5900 and 8080+9090 for the XBMC iOS client Constellation. I also have Synology NAS which apart from LAN file serving over AFP and WebDAV only serves up an OpenVPN/1194 and a PPTP/1732 server. When outside of the LAN I connect to this from my laptop over OpenVPN and over PPTP from my iPhone. I only want to connect through AFP/548 from the mini to the NAS. The border firewall (SRX5308) just works excellently, stable and with a very high throughput when streaming from various VOD services. My connection is a 100/10 with a close to theoretical max throughput. The ruleset is as follows Inbound: PPTP/1723 Allow always to 10.0.0.40 (NAS/VPN server) from a restricted IP range >corresponding to possible cell provider range OpenVPN/1194 Allow always to 10.0.0.40 (NAS/VPN server) from any Outbound: Default outbound policy: Allow Always OpenVPN/1194 TCP Allow always from 10.0.0.40 (NAS) to a.b.8.1-a.b.8.254 (VPN provider) OpenVPN/1194 UDP Allow always to 10.0.0.40 (NAS) to a.b.8.1-a.b.8.254 (VPN provider) Block always from NAS to any On the Mini I have disabled the OSX Application Level Firewall because it throws popups which don't remember my choices from one time to another and that's annoying on a media server. Instead I run Little Snitch which controls outgoing connections nicely on an application level. I have configured the excellent OSX builtin firewall pf (from BSD) as follows pf.conf (Apple App firewall tie-ins removed) (# replaced with % to avoid formatting errors) ### macro name for external interface. eth_if = "en0" vpn_if = "tap0" ### wifi_if = "en1" ### %usb_if = "en3" ext_if = $eth_if LAN="{10.0.0.0/24}" ### General housekeeping rules ### ### Drop all blocked packets silently set block-policy drop ### all incoming traffic on external interface is normalized and fragmented ### packets are reassembled. scrub in on $ext_if all fragment reassemble scrub in on $vpn_if all fragment reassemble scrub out all ### exercise antispoofing on the external interface, but add the local ### loopback interface as an exception, to prevent services utilizing the ### local loop from being blocked accidentally. ### set skip on lo0 antispoof for $ext_if inet antispoof for $vpn_if inet ### spoofing protection for all interfaces block in quick from urpf-failed ############################# block all ### Access to the mini server over ssh/22 and remote desktop/5900 from LAN/en0 only pass in on $eth_if proto tcp from $LAN to any port {22, 5900, 8080, 9090} ### Allow all udp and icmp also, necessary for Constellation. Could be tightened. pass on $eth_if proto {udp, icmp} from $LAN to any ### Allow AFP to 10.0.0.40 (NAS) pass out on $eth_if proto tcp from any to 10.0.0.40 port 548 ### Allow OpenVPN tunnel setup over unprotected link (en0) only to VPN provider IPs ### and port ranges pass on $eth_if proto tcp from any to a.b.8.0/24 port 1194:1201 ### OpenVPN Tunnel rules. All traffic allowed out, only in to ports 4100-4110 ### Outgoing pings ok pass in on $vpn_if proto {tcp, udp} from any to any port 4100:4110 pass out on $vpn_if proto {tcp, udp, icmp} from any to any So what are my goals and what does the above setup achieve? (until you tell me otherwise :) 1) Full LAN access to the above ports on the mini/media server (including through my own VPN server) 2) All internet traffic from the mini/media server is anonymized and tunneled over VPN 3) If OpenVPN/Tunnelblick on the mini drops the connection, nothing is leaked both because of pf and the router outgoing ruleset. It can't even do a DNS lookup through the router. So what do I have to hide with all this? Nothing much really, I just got carried away trying to stop port scans through the VPN tunnel :) In any case this setup works perfectly and it is very stable. The Problem at last! I want to run a minecraft server and I installed that on a separate user account on the mini server (user=mc) to keep things partitioned. I don't want this server accessible through the anonymized VPN tunnel because there are lots more port scans and hacking attempts through that than over my regular IP and I don't trust java in general. So I added the following pf rule on the mini: ### Allow Minecraft public through user mc pass in on $eth_if proto {tcp,udp} from any to any port 24983 user mc pass out on $eth_if proto {tcp, udp} from any to any user mc And these additions on the border firewall: Inbound: Allow always TCP/UDP from any to 10.0.0.40 (NAS) Outbound: Allow always TCP port 80 from 10.0.0.40 to any (needed for online account checkups) This works fine but only when the OpenVPN/Tunnelblick tunnel is down. When up no connection is possbile to the minecraft server from outside of LAN. inside LAN is always OK. Everything else functions as intended. I believe the redirect_gateway push is close to the root of the problem, but I want to keep that specific VPN provider because of the fantastic throughput, price and service. The Solution? How can I open up the minecraft server port outside of the tunnel so it's only available over en0 not the VPN tunnel? Should I a static route? But I don't know which IPs will be connecting...stumbles How secure would to estimate this setup to be and do you have other improvements to share? I've searched extensively in the last few days to no avail...If you've read this far I bet you know the answer :)

    Read the article

  • How can I tell if my live web-server is overloaded?

    - by Nick G
    We have a live webserver which doesn't seem to be performing all that well. It's a Dell PowerEdge machine, a few years old (dual core, 4GB) which is hosting about 20 low-traffic websites. However it doesn't seem to be as fast as it used to be. How can we determine the cause of this? If it's website traffic, I would be expecting high CPU but CPU usage is quite low and hovers around the 15-30% mark except for very brief periods. I'm wondering perhaps, if rather than CPU performance being a problem, perhaps it's disk thrashing due to the constant read/writes of all the small web files and database queries. It has 4x 7200 RPM SATA drives in RAID 5. So is there a way to check that it's not disk thrashing?

    Read the article

  • Linux router with diffent gateways for incomming and outgoing connections

    - by nkout
    I have the following topology: LAN Users:192.168.1.2 - 254 (192.168.1.0/24) gateway1: 192.168.2.2/24 used for all outgoing connections of LAN users (default gateway) gateway2: 192.168.3.2/24 used for incoming services (destination NAT, ports 80,443 are forwarded to 192.168.2.1) linux router-server R eth0 192.168.1.1/24: LAN eth1 192.168.2.1/24: WWAN1 eth2 192.168.3.1/24: WWAN2 I want to: route all outgoing traffic coming from LAN and R via 192.168.2.2 route the responses to incoming connections via 192.168.3.2 My config: ifconfig eth0 up 192.168.1.1 netmask 255.255.255.0 ifconfig eth1 up 192.168.2.1 netmask 255.255.255.0 ifconfig eth2 up 192.168.3.1 netmask 255.255.255.0 echo 0 >/proc/sys/net/ipv4/ip_forward route add default gw 192.168.2.2 iptables -t nat -A POSTROUTING -d !192.168.0.0/16 -j MASQUERADE I want to add iptables rule to mark incoming traffic from WWAN2 and send back the responses to WWAN2, while keeping default gateway on WWAN1

    Read the article

  • NETSH : Set default ip address for an interface with multiple Ips

    - by elarichi.y
    To test a load balancer I need to switch my ip address several time a day, and keep other ips routing trough other Wans. I run these commands in a batch script: netsh interface ip set address "Connexion au réseau local" static %ipd% 255.255.255.0 192.168.1.1 1 netsh in ip add address "Connexion au réseau local" %ips1% 255.255.255.0 netsh in ip add address "Connexion au réseau local" %ips2% 255.255.255.0 ipd: is the default ip I want to set (all traffic should go trough it). ips1 and ips2 : are the secondary ips I want to keep but what ever I do all traffic goes trough one IP !! (first one in the range) Please help me with this issue.

    Read the article

  • Which TCP ports to use?

    - by rowatt
    Is there a TCP port range which I can be sure will not be used by anything else for traffic between two machines? If I am reading RFC6335 correctly, I can be sure that no other applications will use specific ports in the Dynamic/Private/Ephemeral range of 49152-65535. However, if I understand correctly, it also states (section 8.1.2) that an application shouldn't assume that any given port in that range is available at any given time, which would mean I can't be 100% sure that it will be unused all the time. Specifically, I want to assign specific SSH traffic to a different port for the security benefit and so I can classify it differently for QoS purposes, and not have to worry about changing the port in the future.

    Read the article

  • What is the best way to configure the number of workers in Apache?

    - by rbm
    My site receives a lot of traffic for 2 hours during the day (2000 hits per minute). The rest of the day receives less traffic(500e hits per minute). I have been experimenting with the MaxClients and MaxSpareServers values but I still get some downtime during peek hours. How can I calculate the best values for my configuration based on the amount of ram that I have ? Each process is like 36-40 M of Memory total used free shared buffers cached Mem: 3096 793 2302 0 0 0 -/+ buffers/cache: 793 2302 Swap: 0 0 0 Values that I am using now <IfModule prefork.c> StartServers 10 MinSpareServers 22 MaxSpareServers 60 ServerLimit 90 MaxClients 90 MaxRequestsPerChild 400 </IfModule>

    Read the article

  • Rsync to take the newest file. And a cron job?

    - by user1704877
    I have a log file on two different servers. The servers are under a load balancer so half the traffic goes to one server, and half the traffic goes to the other server. I need to take the newest log file from one machine and transfer that log file to the other machine. So if one log file is changed on one server, it gets updated on the other server. I think I need to use rsync. And do I also need to put it in a cron job?

    Read the article

  • How SmartDNS Works

    - by Emad
    If you travel outside the US you'll notice that most of the streaming services like Netflix, Pandora, hulu etc are blocked, usually by the service providers themselves. To get around that, people use VPN services. They basically tunnel your traffic through a US server so your requests seem like they are originating in the US. These VPN services fix this blocking problem, but make your connection slower than the normal unVPNed connection. Recently however I've come across something called SmartDNS provided by overplay.net. You pay $5 a month and you get access to their DNS servers. After you change to their DNS you get access to the blocked streaming sites, without slowing down your normal traffic like email and browsing. What I'd like to know is the technical details of how this SmartDNS works. I've done some quick research but that didn't turn up anything of substance. Anybody out there knows?

    Read the article

  • VPS stops responding every now and again

    - by Or W
    I have a Linode vps that I use to host some of my websites on. It's Ubuntu based and it's up to date in terms of all packages. I don't have any cron jobs scheduled or any automatic processes. I host a few (up to date) wordpress blogs there that have very little traffic altogether. Every day (at a different time) my server stops responding, I can't SSH to it, web access is getting timed out and it just dies until I reboot it through the Linode manager. On the linode dashboard I can see that the CPU is not very high (2-3%) Incoming/Outgoing traffic is on 0 and the IO count has a spike just before the server stops responding (SWAP IO is at 2k and IO Rate is at 5k). When I reboot the server everything is just fine. I'm trying to figure out a way to analyze what's going on at these random times where the server freezes up. How can I determine the problem?

    Read the article

  • Server Requirement and Cost for an android Application [duplicate]

    - by CagkanToptas
    This question already has an answer here: How do you do load testing and capacity planning for web sites? 3 answers Can you help me with my capacity planning? 2 answers I am working on a project which is an android application. For my project proposal, I need to calculate what is my server requirements to overcome the traffic I explained below? and if possible, I want to learn what is approximate cost of such server? I am giving the maximum expected values for calculation : -Database will be in mysql (Average service time of DB is 100-110ms in my computer[i5,4GB Ram]) -A request will transfer 150Kb data for each request on average. -Total user count : 1m -Active user count : 50k -Estimated request/sec for 1 active user : 0.06 -Total expected request/second to the server = ~5000 I am expecting this traffic between 20:00-1:00 everyday and then this values will decrease to 1/10 rest of the day. Is there any solution to this? [e.g increasing server capacity in a specific time period everyday to reduce cost]

    Read the article

  • PHP and load balancing

    - by StCee
    I have one major domain but the server spec behind it is not good enough. Hence I want to relay the traffic, in particular php-mysql queries to multiple smaller servers. How is that normally be done? (BTW I wonder how much traffic or number of php/mysql request a normal setup on ec2 micro instance can handle? ) I did have a look of EC2 load balancer. But is it only possible to load balance on machines of your own account?

    Read the article

  • System Center 2012 R2 System Discovery Network Utilization

    - by AtomicReaction
    I'm in charge of a deployment of Microsoft System Center Configuration Manager 2012 R2. Currently, I'm working through the discovery methods and trying to decide how to enable automatic discovery of systems and users. On Microsoft's documentation, they warn that Configuration Manager Automatic Discovery traffic can get pretty significant if you aren't careful in your implementation. Can anyone who has used this give me some information on how much traffic I should expect? We currently have around 1000 computers and 4000 user accounts in Active Directory. Thanks!

    Read the article

  • How to tunnel local port through proxy server?

    - by Joe Casadonte
    I have a non-proxy-aware program that I need to get working through an HTTP proxy server. The program (MYPROG) running on a machine I can configure at will (MYSRV) connects to a specific server (DESTSRV) on a specific port (DESTPRT). There is an existing HTTP proxy server (PROXYSRV:PROXYPRT) that will allow the traffic through if MYPROG was proxy-aware, but it isn't. Is there a way to listen locally on a specific port and forward the traffic through the proxy server? I can totally configure where MYPROG points to, so I could point it to MYSRV:4545 with the thought that some wonder program will redirect the data to DESTSRV:DESTPRT through PROXYSRV:PROXYPRT. I'm thinking IP Tables or netcat could do the trick if only I could figure them out... Thanks!

    Read the article

  • Accessing Application Server directly by public IP in citrix Farm

    - by EmilioG
    I have an citrix application server in SiteB and I have a Farm in SiteA. We want to add this server into that Farm in SiteB, and access it from the internet via web interface. SiteA and SiteB are connected via VPN. But we would like to do that in a way the ICA traffic goes directly to the application server public IP (behind NAT) in siteB without using siteA and the VPN to route this traffic. Do you know if this is posible? Maybe there is a way to change the host in the ica file for this server in the webinterface (without editing manually each time)? We are using Citrix 4.5. Thanks in advance.

    Read the article

  • Windows Firewall 2008 Server - Allow only given IP in, block all others

    - by chumad
    I've got a Windows 2008 Server. It has the built-in windows firewall on it. I've played around with the Advanced settings where I can setup inbound/outbound rules, but it doesn't appear that I can create a rule that would say "Block All incoming traffic except traffic coming from this IP address" I created a rule that Blocks All, but there's no way that I've found to create a rule that will "override" the block rule and allow 1 or more IP's to get in. I accomplished this on a Win2k box using IPSEC, but it seems that IPSEC is now built-in to windows firewall. Any tips?

    Read the article

  • hosting website on a private network

    - by razor
    i'm currently running a website off 3 linux servers. I'd like to setup a private network and only allow port 80 traffic to one of the servers. I'd also like to setup a vpn so only I can access the servers via ssh or any port for developing/debugging. How hard is this to setup and what do I need to get? Do enterprise/commercial routers have vpn functionality built in? how do I handle DNS? eg- www.mydomain.com would need to point to the router, which forwards traffic to the webserver. Do I set the A record to the router, and somehow tell the router which server to send the http request to? And how would I make server1.mydomain.com resolve to server1 within the private network (without editing host files)? Would I need to run my own DNS (eg- powerdns?) to do this?

    Read the article

  • KVM guest storage difference with NBD and NFS

    - by WojonsTech
    I am setting up my own little private cloud for my own use maybe for a project or to. I am using linux kvm on debian 6. I have 3 servers 2 of them for compute nodes and 1 storage node. I would I have already installed kvm made a few test machines got my networking setup. I have 2 nics on each server 1 nic is for web traffic other nic is for network traffic. My first Idea was to use NFS for storing the guest machines which can range in size, maybe 8gb maybe 100gb, it just depends. I was doing have heard of nbd before seems like it could work but I dont know what the performance differences are and if it will effect my enviroment, nfs looks like it will be easier to use.

    Read the article

  • How can I monitor ports on Windows?

    - by Olav
    What is the simplest way on "local" (1*) Windows, for known ports, to: Find out if it is used. Find out as much as possible about what is behind the port. Find out as much as possible about traffic through the port. Find out if something else is interfering with the port and traffic to it. I have used Fiddler in the past, but I think that's mostly HTTP? I don't if Wire-shark does more? I think there is a tool closely integrated with Windows? Which one? (5). I am looking at NMap, but its seems to be more a suite of tools, and a high entry level. 1*: Primarily this is for what happens inside my Windows Machine, but if necessary, I can for example use a VM, or the wireless connection.

    Read the article

  • How to schedule download of windows 7 updates?

    - by atoMerz
    To put it short: I'd like to schedule my windows updates to start/stop at certain times of day. How can I do this? More explanation: This is because my internet traffic is limited by ISP and it's free only during a specific period throughout the day (2:00am-7:00am). I've set windows update setting to check for updates but notify me before downloading in order to prevent it from automatically using up my traffic. But then I have to manually tell it when to start downloading. I obviously don't want to stay up that late just to push a button. So again, how can I schedule windows updates to start/stop at specified times?

    Read the article

  • SSH tunnel doesn't work

    - by s1ck
    I am trying to use my server as a "proxy" with ssh. However, setting up tunneling with ssh -D localhost:8000 user@myserver does not work. I tested this on various machines with ssh and putty - It connects just fine, but when I set my browser settings accordingly, I just get an error "Connection has been reset". I tried monitoring the traffic with wireshark, but I didn't even see some tunnel-traffic. I explicitly set AllowTcpForwarding to "yes" but I still can't use the tunnel. When running ssh in verbose mode, I don't get any errors but debug1: Connection to port 8000 forwarding to socks port 0 requested. debug1: channel 3: new [dynamic-tcpip] debug1: channel 3: free: dynamic-tcpip, nchannels 4 What am I doing wrong?

    Read the article

  • process ksoftirqd consumes permanent 15% CPU load [closed]

    - by markus
    Possible Duplicate: Anyone else experiencing high rates of Linux server crashes during a leap second day? The process ksoftirqd/0 uses permanent 15% CPU on our debian squeeze server. 4 root 20 0 0 0 0 R 15.0 0.0 850:59.17 ksoftirqd/0 I already read that this can have various reason like Full harddisk or high network traffic. In our case we do have more or less low network traffic and enough space on hard disk. How can I analyse what causes ksoftirqd/0 to use permanently 15% CPU?

    Read the article

  • what route to add to windows so that..

    - by baobeiii
    what route to add to windows so that while using openvpn i have internet connectivity, but if openvpn tunnel collapses then my computer has no routes to use and so has no connectivity. My computer normally needs the default route 0.0.0.0 mask 0.0.0.0 192.168.1.254. I just need a route that only allowed traffic destined for the openvpn server ip. The traffic has to go through 192.168.1.254 however as that is my home networks internet gateway router thingy. Thanks.

    Read the article

  • Block a Server from reaching a machine

    - by user
    I have a Windows 2003 server that I want to block from accessing a specific IP address. I want to control this from the Server. because I control the machine. The traffic is http traffic (webservice call). It uses a non-standard port, so IP address+ Port combination would also work. Background: I have a development enviornment that for some reason is ignoring host file enteries under some circumstances. These host files point the enviornment at services in another Dev enviornment. Wne th host files are ignored, dev is talking to production. This is not my question, rather the motivation for this inquiry. I want is a failsafe to ensure dev will error instead of happily engaging in transactions with production. I control the dev server, I do not control the firewalls or the target production machine.

    Read the article

  • redirecting arbitrary tcp/udp in kvm

    - by jbfink
    I've got a server with KVM on it, and multiple guest VMs. I'd like a way to redirect traffic from the host server to the VMs. Like, say, forward all traffic on port 2222 on the host to 22 on a guest VM for ssh. This would have to be done either through virt-manager or libvirt XML config files -- I've found multiple references to doing it through qemu (like http://forums.fedoraforum.org/showthread.php?t=237969) but absolutely nothing that I can see related to either libvirt or virt-manager. Do you know how I can do this?

    Read the article

< Previous Page | 60 61 62 63 64 65 66 67 68 69 70 71  | Next Page >