Search Results

Search found 10501 results on 421 pages for 'hardware firewall'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 71/421 | < Previous Page | 67 68 69 70 71 72 73 74 75 76 77 78  | Next Page >

  • ASA 5505 8.4 open ports for subnet

    - by fwrawx
    I have an ASA 5505 running 8.4 with its outside interface plugged into our internal network. I want to open up access to hosts on one of the vlans behind that ASA to hosts on our internal network. I was just starting to grasp NAT on our older PIX but the ASA 8.4 has me confused now. Given a clean ASA with an outside vlan of 10.0.0.1/24 and test vlan of 10.0.1.1/24 what's the basic configuration needed to allow any hosts on the outside network to have access to any of the hosts on the test network?

    Read the article

  • ASA5500 series logging for management interface in transparent mode

    - by ANervousTwitch
    i have a cisco asa5520 in transparent mode. the interface is on the same subnet as some windows machines, which are generating a lot of broadcast traffic that is filling up the logs. is there any way to have it not log that its blocking those packets? its a bunch of these messages: "through-the-device packet to from management-only network is denied: udp src..." im also seeing some of those zeroconf requests that id like to drop logging for. i tried to just put a rule on the management interface, but apparently thats not allowed.

    Read the article

  • Minimum Requirements for (open) Solaris?

    - by Electrons_Ahoy
    I'm thinking about knocking together a Solaris box at home to act as a combination server and learning exercise. What are the minimum hardware specs I can throw at it such that it'll be actually usable? I'd be cobbling the machine together from a stack of various x86 PC spares/leftovers. Does anyone have experience with Solaris at the lower end of the spectrum? The Sun site, for example, claims it'll run with as little as 255 megs of ram, but is it worth the exercise with less than a gig? Will my old Pentium II 450 cut the mustard? (I'm willing to throw a couple of bucks at pricewatch/mwave/newegg on this, but if I need to build a better rig than my main PC, I may not bother.)

    Read the article

  • Auto Forward mails to gmail from Outlook

    - by Jaison
    I have a highly secured computer windows server 2003 where my outlook express is configured, i want to forward all the mails coming from Outlook to gmail. I put some auto forward rule in outlook but its not working. (May be auto forwarding is disabled). I can forward mails manually. Is there anyway to get rid off this problem?

    Read the article

  • amplified reflected attack on dns

    - by Mike Janson
    The term is new to me. So I have a few questions about it. I've heard it mostly happens with DNS servers? How do you protect against it? How do you know if your servers can be used as a victim? This is a configuration issue right? my named conf file include "/etc/rndc.key"; controls { inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; }; }; options { /* make named use port 53 for the source of all queries, to allow * firewalls to block all ports except 53: */ // query-source port 53; /* We no longer enable this by default as the dns posion exploit has forced many providers to open up their firewalls a bit */ // Put files that named is allowed to write in the data/ directory: directory "/var/named"; // the default pid-file "/var/run/named/named.pid"; dump-file "data/cache_dump.db"; statistics-file "data/named_stats.txt"; /* memstatistics-file "data/named_mem_stats.txt"; */ allow-transfer {"none";}; }; logging { /* If you want to enable debugging, eg. using the 'rndc trace' command, * named will try to write the 'named.run' file in the $directory (/var/named"). * By default, SELinux policy does not allow named to modify the /var/named" directory, * so put the default debug log file in data/ : */ channel default_debug { file "data/named.run"; severity dynamic; }; }; view "localhost_resolver" { /* This view sets up named to be a localhost resolver ( caching only nameserver ). * If all you want is a caching-only nameserver, then you need only define this view: */ match-clients { 127.0.0.0/24; }; match-destinations { localhost; }; recursion yes; zone "." IN { type hint; file "/var/named/named.ca"; }; /* these are zones that contain definitions for all the localhost * names and addresses, as recommended in RFC1912 - these names should * ONLY be served to localhost clients: */ include "/var/named/named.rfc1912.zones"; }; view "internal" { /* This view will contain zones you want to serve only to "internal" clients that connect via your directly attached LAN interfaces - "localnets" . */ match-clients { localnets; }; match-destinations { localnets; }; recursion yes; zone "." IN { type hint; file "/var/named/named.ca"; }; // include "/var/named/named.rfc1912.zones"; // you should not serve your rfc1912 names to non-localhost clients. // These are your "authoritative" internal zones, and would probably // also be included in the "localhost_resolver" view above :

    Read the article

  • Are there other application layer firewalls like Microfot TMG (ISA) that do advanced http rules?

    - by Bret Fisher
    Since the old days ISA and now TMG have had several great features that I often want to deploy to my customers because of the enhanced functionality and security, but often the cost of an additinal server HW, Windows Server, and TMG license is too much to justify when compaired to a $300-500 appliance. Are there other gateway firewalls that can perform one or more of these application layer features: pre-auth incoming http traffic against AD/LDAP before sending packets to internal server (forms auth or basic creds popup)? read host headers of incoming http traffic (even on https) to a single public IP and route packets to different internal servers based on that host header?

    Read the article

  • Restrict Computer or Users from Internet but allow access to intranet and Windows Update / ePO?

    - by MoSiAc
    So this may be impossible but I've been asked to try and find something about it. So far nothing I have found is possible. I need to restrict specific machines or user accounts from regular Internet access but let them have access to the intranet portion of our network. I do not have Active Directory control, nor does anyone at my local workplace (corporate control in a different state). I have tried going through IPsec and doing this per local machine, but that system seems to have been removed from the images that are installed on these machines so that is out. So far the only other option I can think of is assigning the machines a specific ip address and removing their gateway access. This would probably work but the machines need to be able to receive updates that are being pushed to them through ePO and LanDesk. I would really like to do this on the user level because then if I need to do tech work to the machine and need internet access I can get to it but a "special" user could login and not be able to get into anything.

    Read the article

  • Allow access to printer between interfaces on Cisco ASA5510

    - by Jonas Stensved
    I have a Cisco ASA5510 where we have to separate networks on two separate interfaces. The networks have and should have nothing to do with each other except that network B needs to access a printer on network A. Network A: 192.168.137.0/24 Printer: 192.168.137.20 Network B: 192.168.0.0/24 I've added an incoming rule from Network A to the Printer IP in the ASDM interface but clients can't print. Our previous router was configured to let traffic through so the clients on Network B is already configured so it think it should work if the traffic is allowed. How do I let clients on Network B communicate with the printer?

    Read the article

  • Can you suggest some DIY PC specs for 1) Value, and 2) Future 'upgradability'?

    - by user17381
    Hi, I'm considering building a new desktop PC from components. For the last 7/8 or so years I have almost exlusively used laptops, and so have fallen behind a bit with knowledge of various hardware technologies. Anyway, now I'm considering building a new desktop machine. Mainly for development work, but also would be nice to do a bit of gaming. The two main criteria are: I would like the first build to be relatively low cost. I would like to select components that will allow me to upgrade in the future without throwing too much away. Can anyone recommend a setup? Thanks

    Read the article

  • Unable to create a Windows 7 system image of a failing hard drive

    - by Rahul
    The hard disk of my one year old T400 Thinkpad has started failing periodic hardware tests. I get a "Targeted Read Test Failed" error. The "SMART short self test" times out. I am now trying to create a Windows 7 System image of the hard disk but it fails without giving any specific error messages. I tried using Comodo Backup but got an error (code 101117) there as well. I have copied the important files in Dropbox but would like to take a full System backup as I have plenty of software installed on the machine. Does anyone know why this is happening and how I can take a backup of the system image ?

    Read the article

  • Changing Internet connection on ISA Server 2000

    - by garyb32234234
    Hi We are getting a new internet connection installed and will need to unplug the old one and connect this to our ISA Server 2000. Will this be a simple swap out job? We will be given a new ip, which i know i will have to enter into the external network card TCP/IP page. I will also be given the default gateway to enter. The ISP engineer said we may have to reset the ARP? cache, if we dont know how we will have to reset the ISA server? Has anyone any experience? The current connection is with the same ISP but it was owned by the business park were we are located and they linked up an ethernet port to what i assume is their own router. Hope you can help, i know that ISA 2000 is somewhat less easy to use than the newer versions.

    Read the article

  • Allowing outbound traffic with APF/iptables for OpenVZ container

    - by David
    I have apf installed on a OpenVZ container (proxmox 2.1). The config is pretty much vanilla and things are working. My external services like ssh and http are working. My problem is that all outbound traffic on http/https is blocked. How do I allow all outbound traffic for http/https. If I change EGF to 1 like this, all inbound and outbound traffic gets blocked EGF="1" EG_TCP_CPORTS="21,25,80,443,43,53" EG_UDP_CPORTS="20,21,53" EG_ICMP_TYPES="all" I opened a single outbound rule with the following # /usr/local/sbin/apf -a downloads.wordpress.org How do I allow all outbound traffic on http/https without blocking all traffic? Why would I allow all inbound ssh/http traffic and block all outbound traffic?

    Read the article

  • PC is randomly shutting off

    - by Bobby
    I have a PC which is randomly shutting off (the hard way, like someone pulled the plug). It's no heat problem, because this can happen after 2 minutes of operation or after 4 hours and I checked the temperature. It's also no problem of the operation system, because it will also do that while in BIOS. If it happens once, you can be sure that it will happen within the next hour another two or three times, and then it works again for over a week or even longer. Possible causes I've thought about so far are: Voltage Fluctuation Loose contact (already replugged all cables within the PC, no luck) Faulty PSU Maybe someone has more ideas to this? P.s.: I don't have the hardware specs with me right now, I'll post them as soon as I get them.

    Read the article

  • iptables, blocking large numbers of IP Addresses

    - by Twirrim
    I'm looking to block IP addresses in a relatively automated fashion if they look to be 'screen scraping' content from websites that we host. In the past this was achieved by some ingenious perl scripts and OpenBSD's pf. pf is great in that you can provide it nice tables of IP addresses and it will efficiently handle blocking based on them. However for various reasons (before my time) they made the decision to switch to CentOS. iptables doesn't natively provide the ability to block large numbers of addresses (I'm told it wasn't unusual to be blocking 5000+), and I'm a bit cautious over adding that many rules into an iptable. ipt_recent would be awesome for doing this, plus it provides a lot of flexibility for just severely slowing down access, but there is a bug in the CentOS kernel that is stopping me from using it (reported, but awaiting fix). Using ipset would entail compiling a more up-to-date version of iptables than comes with CentOS which whilst I'm perfectly capable of doing it, I'd rather not do from a patching, security and consistency perspective. Other than those two it looks like nfblock is a reasonable alternative. Is anyone aware of other ways of achieving this? Are my concerns about several thousand IP addresses in iptables as individual rules unfounded?

    Read the article

  • Why not block ICMP?

    - by Agvorth
    I think I almost have my iptables setup complete on my CentOS 5.3 system. Here is my script... # Establish a clean slate iptables -P INPUT ACCEPT iptables -P FORWARD ACCEPT iptables -P OUTPUT ACCEPT iptables -F # Flush all rules iptables -X # Delete all chains # Disable routing. Drop packets if they reach the end of the chain. iptables -P FORWARD DROP # Drop all packets with a bad state iptables -A INPUT -m state --state INVALID -j DROP # Accept any packets that have something to do with ones we've sent on outbound iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT # Accept any packets coming or going on localhost (this can be very important) iptables -A INPUT -i lo -j ACCEPT # Accept ICMP iptables -A INPUT -p icmp -j ACCEPT # Allow ssh iptables -A INPUT -p tcp --dport 22 -j ACCEPT # Allow httpd iptables -A INPUT -p tcp --dport 80 -j ACCEPT # Allow SSL iptables -A INPUT -p tcp --dport 443 -j ACCEPT # Block all other traffic iptables -A INPUT -j DROP For context, this machine is a Virtual Private Server Web app host. In a previous question, Lee B said that I should "lock down ICMP a bit more." Why not just block it altogether? What would happen if I did that (what bad thing would happen)? If I need to not block ICMP, how could I go about locking it down more?

    Read the article

  • unable to start apache after changes to rc.conf and resov.conf

    - by shupru
    I had a working configuration this morning with the following simple /etc/rc.conf ifconfig_rl0="DHCP" ifconfig_xl="inet 192.168.1.11 netmask 255.255.255." defaultrouter="192.168.1.1" I added the following lines: firewall_enable="YES" firewall_type="SIMPLE" firewall_logging="YES" sshd_enable="YES" apache_enable="YES" mysql_enable="YES" my httpd.conf includes: NameVirtualHost 192.168.1.11 <VirtualHost 192.168.1.11> ... </VirtualHost> now apache and ssh server are down. changed rc.conf back to last working configuration and still no ssh or apache apachectl start #--> /usr/local/sbin/apachectl start: httpd could not be started apachectl status #--> Looking up localhost Making http connection to localhost Alert!: Unable to connect to remote host.

    Read the article

  • How did Google get on my Mac?

    - by SamGoody
    Am running a MacBook Pro, and have never installed Chrome, Google Earth, or anything blatantly Google. Just installed Little Snitch (are there no good free firewalls for Mac?) and see that CURL is sending to Google every few minutes, as is a request to Google update and more. Little Snitch doesn't say what program setup these requests. So, how do I find out how G got on my machine, why is it sending so many requests (every minute or so) and how do I remove it (and is it there for reasons other than to help G spy on me)?

    Read the article

  • Limiting and redirect port access with useragent

    - by linuxcore
    I'm trying to write iptables string match rule To block http://domain.com:8888 and https://domain.com:8888 when it matches the supplied string in the rule. And another rule to redirect the ports also from 8888 to 7777 I tried following rules but unfortunately didn't work iptables -A INPUT -p tcp -s 0.0.0.0/0 -m string --string linuxcore --algo bm --sport 8888 -j DROP iptables -t raw -A PREROUTING -m string --algo bm --string linuxcore -p tcp -i eth0 --dport 8888 -j DROP iptables -t nat -A PREROUTING -p tcp --dport 8888 -m string --algo bm --string "linuxcore" -j REDIRECT --to-port 7777 iptables -A INPUT -t nat -p tcp --dport 8888 -m string --algo bm --string "linuxcore" -j DROP I want to do this from iptables not the webserver because the server may not have a webserver and those ports are working on internal proxy or something like ..etc

    Read the article

  • iptables: Allow only HTTP access for web browsing

    - by user1448260
    Have a linux box, want it locked down but just be able to surf internet on it. Why is this script blocking http too? #!/bin/sh # # iptables -F # #Set default policies for INPUT, FORWARD and OUTPUT chains # iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT DROP # # Allow TCP connections on tcp port 80 # iptables -A INPUT -i eth0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -o eth0 -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT # # Set access for localhost # iptables -A INPUT -i lo -j ACCEPT # # List rules # iptables -L -v

    Read the article

  • task manager for Internet usage, I need to block a software accessing a website/web server

    - by Pennf0lio
    I have a software that accesses a website, I want to monitor what website is it accessing and block that website. Is there a software similar to "windows task manager" that allows you to monitor software that accesses a website? I want to know what website/server is it accessing so I could then block it. And Is there an alternative way to block aside from "host" file? Thanks! FYI: running on Win7

    Read the article

  • Why do some machines respond with many RST packets instead of RST-ACK to refuse a connection?

    - by Michael J. Gray
    I have recently been trying to track down a problem with one of our systems and have noticed that it is simply not allowed to connect to a remote machine. However, the remote machine (not controlled by us) is responding to our request for a connection with many TCP RST packets on a different port (26469, 26497, 26498) than the one we originated on (53). It simply wouldn't let up at one point and flooded us with about 10 packets/second for an hour or two of only RST on those obscure high ports. Out of the thousands of nodes we're connecting to, this is the only one ever to show this behavior. What could possibly cause this? EDIT Below is a screenshot of Wireshark when it happened. I don't have the actual dump anymore and can't reproduce this specific scenario every time. Basically, we sent a SYN and immediately got RST on an odd port and so we respond with RST and just keep going back and forth.

    Read the article

  • APF, IPTABLES, Fedora 15 - Not blocking correctly

    - by RichardW11
    I just got a new remote server which came with Fedora 15. I first tried to run APF but it gave me this error "apf(18031): {glob} unable to load iptables module (ip_tables), aborting.". Which I then set SET_MONOKERN="0" to SET_MONOKERN="1" to resolve the problem. However, with my config file showing BLK_P2P_PORTS="1214,2323,4660_4678,6257,6699,6346,6347,6881_6889,6346,7778" The ports show up as closed, instead of being filtered. Any idea why this would be happening? 22/tcp open ssh 80/tcp open http 443/tcp open https 2323/tcp closed 3d-nfsd 4662/tcp closed edonkey 6346/tcp closed gnutella 6699/tcp closed napster 6881/tcp closed bittorrent-tracker 7778/tcp closed interwise

    Read the article

  • Mac failing (failed?) hard drive - is all hope lost?

    - by Daniel
    It's a 500 GB Seagate laptop hard drive that came with my Macbook Pro. Apple partition format. Already replaced and now have it external, connected via SATA/USB adapter. Trying to get just a few files that I worked on while out of town when it crashed (and thus did not have my time machine backup drive). Drive will not mount, but OS X Disk Utility detects it and can read the capacity, model number, and even the name of the partition, which leads me to believe all hope may not be lost. Failed attempts so far: Disk Utility verify+repair says drive cannot be repaired and that I should back up immediately (lovely) Disk Warrior says it cannot rebuild the directory due to hardware failure Data Rescue quick & deep scans immediately failed PhotoRec says "error reading sector" for every sector (at least for the few minutes I let it run before closing it to explore other options) What else can I try here? Again, I'm just looking for a few, small files (python scripts to be specific) - not a full recovery.

    Read the article

  • Can't login to Debian (OpenVZ guest) server after setting up IPTables. How to Fix it?

    - by EApubs
    I have an OpenVZ VPS server with Debian. I just setup IPTables to allow the SSH port rebooted it. (Also set the rules to auto load on startup). Now I can't login to the server! How to fix this? Here are the rules : Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:325 DROP all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination

    Read the article

  • Is it dangerous to add/remove a hard-drive to a Windows machine which is in stand by?

    - by Adal
    Can I add a SATA drive to a Windows 7 machine which is in standby mode? The hardware supports hot-plug. Could pulling the drive out while in standby corrupt the data on the drive (unflushed caches, ...)? Does Windows flush before standing by? How about swapping a drive with another drive of different kind (SSD - mechanical disk) and size, also while in stand-by. Could the OS when waking up believe that the old drive is still there, and write to it and thus corrupt it, since the new one has different partitions and data?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 67 68 69 70 71 72 73 74 75 76 77 78  | Next Page >