Search Results

Search found 34321 results on 1373 pages for 'firewall access'.

Page 90/1373 | < Previous Page | 86 87 88 89 90 91 92 93 94 95 96 97 | Next Page >

VPN Connects with local access only

- by user20102

I have Windows Server 2008 and I have set up a VPN. When a user logs into their VPN they can not view the internet. It comes up as local access only on the the client PC. On the server when I go to the Network And Sharing Centre it displays (Network) with local and internet below it has the RAS Dial-in interface and it displays as local only there as well. I want all users that connect to my VPN to have internet access (full access). If anyone can help me it would be appreciated. Also I've activated dial-in properties and I've done it via policy who can access the VPN and internet. It still doesn't work, but there is a connection but just local only. Thanks

Read the article
Remote Router Access For Linksys WRT54GL

- by Tim

Hi, I just set up a wireless network at home using a Linksys WRT54GL. All was fine except that I can still access 192.168.1.1, the configuration setup page of the router, within the local wireless after I disabled "Remote Management". I think if remote access is indeed disabled, one can access my router setup page only by using a cable connecting from his computer to the router. Is this true or am I wrong? Thanks and regards!

Read the article
Unable to outside access service from inside LAN

- by erotsppa

I have a weird port forwarding problem. I tried to open my port 22 to the outside network. I was able to access it as long as I am not inside the LAN. I can access it from my office for example. But from within the LAN, I can access the port using the local ip, but I can't access the port using the external IP. It's as if the router is blocking the loopback. I've check all my router settings, turned off anything firewall/filtering related. Any ideas?

Read the article
User Friendly port knocker (port knocking client) for Windows?

- by Ekevoo

It seems "It's me" is the most popular port knocking client for windows… Except… it sucks. It works for console-savvy users such as me, but, unsurprisingly, all my users hate console windows. I know better than to force it upon them. I would love to have a nice port knocker for Windows that would be windowed, have launchers, and be easily provisionable (i.e. I tell my user to paste some settings or import some file by double clicking it). To be honest, just not being console-based would be enough.

Read the article
Access Amazon Linux EC2 over VNC using Guacamole

- by Neon Flash

I have a t1.micro Amazon Linux AMI instance running. Now, I want to access it using VNC so that I get the GUI. I came across Guacamole and the installation instructions for the server side configuration. So, I get it that we need to setup Apache Tomcat on the Linux machine and then install all the required dependencies, edit the configuration files for Tomcat. But, how do I access it from Windows? What is the client side configuration? From what I understood so far, instead of using a VNC Client like TightVNC or VNCViewer, we can use the Web Browser to access the Amazon EC2 instance. I am using Windows 7 as the client. I would like to access the Amazon Linux AMI (t1.micro instance) over VNC so that I get the GUI.

Read the article
Openvpn mat through access server depending on client

- by Lucas Kauffman

I have several services which should be accessible through a VPN. Clients who connect through the VPN server should be NATed so that all their traffic passes through the access server. However server residing on the network should not pass their traffic through the access server their VPN facing services should be accessible, but their internet connections should not pas through the access server. So how can I enable NAT on a per client basis using OpenVPN?

Read the article
channel interference in cisco wireless access points 1130ag

- by baskaran

hello all, i am working as a network admin . in our client company we are eabling more than 70 access point in these 5 are outdoor access points . in this outdoor access points i am getting channel interference is failed , i have changed the channel manually through wlc . at that time only i am getting passed ,after that again it will be failed . so wt should i do ,please help me.

Read the article
iptables dos limit for all ports

- by user973917

I know how to use limit conntrack option to allow for DoS protection. However, I want to add a protection to limit no more than say 50 connections for each port. How can I do this? Basically, I want to make sure that each port can have no more than 50 connections, rather than globally applying 50 connections (which is what #2 does I believe?) Would I do something like: iptables -A INPUT --dport 1:65535 -m limit --limit 50/minute --limit-burst 50 -j ACCEPT or iptables -A INPUT -m limit --limit 50/minute --limit-burst 50 -j ACCEPT

Read the article
403 in Response to OPTIONS when updating working copy having full access

- by user23419

There is an SVN repository (single repository) http://example.net/svn The repository contains several projects (directories): http://example.net/svn/Project1 http://example.net/svn/Project2 User has full access to Project1 directory and has no access neither to root nor to Project2. Everything works fine for a while: user checks out http://example.net/svn/Project1, commits and updates it successfully. But sometimes trying to update leads to the following error: Command: Update Error: Server sent unexpected return value (403 Forbidden) in response to OPTIONS Error: request for 'http://example.net/svn' Finished! Why does TortoiseSVN request something in the root??? I have noticed that this happens after somebody else committed copy or move operation. Checking out http://example.net/svn/Project1 helps till next time... The main question: How to set up access rights for user to avoid these errors? Note, it's not an option to grant user any read or write access right on the root directory for security reasons.

Read the article
How to unblock outgoing HTTP and HTTPS traffic in iptables?

- by EApubs

With the following iptable rules, I was unable to do an apt update and ping a website. Whats wrong with the rules? How to fix it? What is the exact rule to fix it? Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:325 DROP all -- anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination

Read the article
Windows XP app not able to talk to web server

- by weotch

My company makes an app built with Adobe Air which talks to our webserver for user authentication. Some users are not able to login. Running Charles Proxy tells us that the "host cannot be found." Loading up the webserver in IE, initially we weren't able to visit the site, we had to add it to trusted sites. My guess is that some security setting is denying our app as well. Does anyone have any suggestions as far as where to make security looser for our app?

Read the article
Good option for a transparent internet gateway on Mac OS X

- by Gareth

Hi I have a small network of Mac systems, and would like to add some internal monitoring of our internet usage, which has recently begun to climb. I would like to configure one of the machines as an internet gateway, and install some monitoring software that could provide graph indications of network usage by machine. The machine would then double as a workstation and as the internet gateway. I can manually configure the machines on the network to use it as a gateway, and would prefer to avoid an explicit http proxy (although it is an option if necessary). What software would serverfault users recommend to provide simple, easily configurable and maintainable network monitoring on Mac OS 10.5.7 (non-server)? The simplest requirement is monitor usage by IP Address, but additional tracking (e.g. destination, protocol, etc) would be useful.

Read the article
Refresh file access time under Linux / Discard disk read cache

- by calandoa

I am making use of the access time to analyse some build process, but it is not working the way I want: the access time is updated the first time I read the file, then it stays the same for a long while, or until the next reboot. For instance: $ ll -u some_file -rw-r--r-- 1 root root 1.3M 2010-04-07 10:03 some_file $ grep abcdef some_file $ ll -u some_file -rw-r--r-- 1 root root 1.3M 2010-04-07 11:24 some_file # The access time is updated # waiting a few minutes... $ grep abcdef some_file $ ll -u some_file -rw-r--r-- 1 root root 1.3M 2010-04-07 11:24 some_file # The access time has not been updated :( I suppose that the file is buffered by Linux in the free memory, the only this copy is accessed the subsequent times for speed reasons. A solution would be to discard the buffers in memory. After searching some forums, I found: sync echo 1 > /proc/sys/vm/drop_caches echo 2 > /proc/sys/vm/drop_caches echo 3 > /proc/sys/vm/drop_caches But it is not working, it seems that it only sync up the write buffers, not the read ones. May be it is due to some custom kernel configuration on my distro (fedora 9)? Or I am missing something here? Is there a way to achieve this access time refresh? Note also that I do not want to simulate some writes on my entire file tree. Because I am using some makefile based build system, this will cause the entire project to be build again.

Read the article
Detecting Request that uses invalid Encoding using Modsecurity

- by Ali Ahmad

I am trying write a virtual patch using modsecurity for my hosted web application using following rule i.e. <Location /index.php> SecDefaultAction phase:2,t:none,log,deny # Validate parameter names SecRule ARGS_NAMES "!^(articleid)$" \ "msg:'Unknown parameter: %{MATCHED_VAR_NAME}'" # Expecting articleid only once SecRule &ARGS:articleid "!@eq 1" \ "msg:'Parameter articleid seen more than once'" # Validate parameter articleid SecRule ARGS:articleid "!^[0-9]{1,10}$" \ "msg:'Invalid parameter articleid'" </Location> The problem is how can i reject requests that use invalid encoding as a global WAF configuration so that this patch cannot be circumvented.

Read the article
Is iptables enough security, if port 80 is the only unblocked port and apache is setup correctly?

- by Josh

We are using PHP,MySQL,SVN, and Apache. I want to know if I assume the local subnet trusted, and allow all ports on our subnet using iptables, then allow only port 80 as open to "anyone". If it is "good security" taking that the subnet is trusted as a premise. This is also assuming good PHP code etc, and that apache is configured correctly. This is using CentOS 5.

Read the article
Just LB or also Web Servers in Demilitarized Zone?

- by Bradford

In a load balanced environment, is it necessary to have all of the web servers in the DMZ? Or will just having the Load Balancer in the DMZ achieve the desired security? If it matters, the web server and application server are the same -- GF, Tomcat fronted by httpd on the same server, OAS, etc... LB - WEB/APPLICATION - DB Also, would the setup be different if it was LB - Web Server - Application Server - DB Thanks, Bradford

Read the article
How to drop all subnets outside of the US using iptables

- by Jim

I want to block all subnets outside the US. I've made a script that has all of the US subnets in it. I want to disallow or DROP all but my list. Can someone give me an example of how I can start by denying everything? This is the output from -L Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere tcp dpt:ftp state NEW DROP icmp -- anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination And these are the rules iptables --F iptables --policy INPUT DROP iptables --policy FORWARD DROP iptables --policy OUTPUT ACCEPT iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -p tcp -i eth0 --dport 21 -m state --state NEW -j ACCEPT iptables -A INPUT -p icmp -j DROP Just for clarity, with these rules, I can still connect to port 21 without my subnet list. I want to block ALL subnets and just open those inside the US.

Read the article
Programmer configuring a new network

- by David Lively

I'm in the process of expanding my home network from a couple of laptops on a wireless Verizon FiOS router to include: Linksys 24-port switch Cisco Pix 515 Cisco 3640 router One new development desktop and three new machines to act as a db server, web server and a backup system. My company is moving offices and we've decommissioned some older hardware, which I was able to pick up for the cost of the labor to move it home from the office. The benefits to working with dedicated web and db servers are very valuable to me. I know very little about network topology, other than that everything plugs into the switch, which then plugs into the cheap Verizon router. (Verizon provides a coax connection that the router must translate into Ethernet before I can use it with any of this equipment). Questions: What is the recommended topology for this equipment? Verizon router - Pix - 3600 - switch? Is the 3600 even necessary or desirable? The Verizon router has one WAN port and 4 client ports, all 10/100. Is there any performance benefit at all to wiring multiple connections from the verizon router to the switch, assuming I don't use the Pix? Should I use the Pix? Software firewalls are a pain, and seem silly if I have a device like this lying around. Anything else I should know? Am I wasting my time with this? I also obtained a 7 foot rack, shelves, patch panels, UPS, patch panels, etc, which are going into a conveniently air conditioned closet. All constructive advice appreciated.

Read the article
WIndows server 2008 ip list to block

- by MiniScalope

Hello, i have a pretty long list of ip ranges to block for some ports But the HMI let me only add ips one by one (stupid...-_-') Is there a way to block a group of ip ranges? (with a command line or something else....) my ip range format : 0.0.0.0/11 thank you very much. Sorry for my english.

Read the article
Creating self-signed SSL on IIS - Remote access problem

- by ile

I followed these instructions to create self-signed ssl: http://www.visualwin.com/SelfSSL/ (I opened SelfSSL and typed selfssl /T) When I access https: //localhost/ than it works, but when I try to access it remotely (i set up my router to port forward to localhost), for example https: //myip the page does not load. Also, I noticed one other thing. When I access localhost locally then I am asked to enter user/pass, but if I access remotely the I get the following warning: Under Construction The site you were trying to reach does not currently have a default page. It may be in the process of being upgraded and configured. ... I don't know if it is related with this but I hope someone know the answer. Thanks, Ile

Read the article
"Catch-All" access log with Apache Virtual Hosts?

- by pix0r

I have many virtual hosts set up on a web server, each one having its own error and access log. The relevant lines of httpd.conf are something like this: ErrorLog /var/log/httpd-error.log LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined CustomLog /var/log/httpd-access.log combined NameVirtualHost *:80 <VirtualHost *:80> ServerName myhost.com ServerAlias www.myhost.com DocumentRoot /var/www/myhost.com/htdocs ErrorLog /var/www/myhost.com/log/error.log CustomLog /var/www/myhost.com/log/access.log combined </VirtualHost> # ... many more VirtualHosts Currently, I'm getting some random errors in /var/log/httpd-error.log, but I'm getting nothing in /var/log/httpd-access.log. Is it possible to have ALL accesses and errors duplicated to a shared logfile? Is it possible to do this without adding new entries to every single VirtualHost?

Read the article
Expert iptables help needed?

- by Asad Moeen

After a detailed analysis, I collected these details. I am under a UDP Flood which is more of application dependent. I run a Game-Server and an attacker is flooding me with "getstatus" query which makes the GameServer respond by making the replies to the query which cause output to the attacker's IP as high as 30mb/s and server lag. Here are the packet details, Packet starts with 4 bytes 0xff and then getstatus. Theoretically, the packet is like "\xff\xff\xff\xffgetstatus " Now that I've tried a lot of iptables variations like state and rate-limiting along side but those didn't work. Rate Limit works good but only when the Server is not started. As soon as the server starts, no iptables rule seems to block it. Anyone else got more solutions? someone asked me to contact the provider and get it done at the Network/Router but that looks very odd and I believe they might not do it since that would also affect other clients. Responding to all those answers, I'd say: Firstly, its a VPS so they can't do it for me. Secondly, I don't care if something is coming in but since its application generated so there has to be a OS level solution to block the outgoing packets. At least the outgoing ones must be stopped. Secondly, its not Ddos since just 400kb/s input generates 30mb/s output from my GameServer. That never happens in a D-dos. Asking the provider/hardware level solution should be used in that case but this one is different. And Yes, Banning his IP stops the flood of outgoing packets but he has many more IP-Addresses as he spoofs his original so I just need something to block him automatically. Even tried a lot of Firewalls but as you know they are just front-ends to iptables so if something doesn't work on iptables, what would the firewalls do? These were the rules I tried, iptables -A INPUT -p udp -m state --state NEW -m recent --set --name DDOS --rsource iptables -A INPUT -p udp -m state --state NEW -m recent --update --seconds 1 --hitcount 5 --name DDOS --rsource -j DROP It works for the attacks on un-used ports but when the server is listening and responding to the incoming queries by the attacker, it never works. Okay Tom.H, your rules were working when I modified them somehow like this: iptables -A INPUT -p udp -m length --length 1:1024 -m recent --set --name XXXX --rsource iptables -A INPUT -p udp -m string --string "xxxxxxxxxx" --algo bm --to 65535 -m recent --update --seconds 1 --hitcount 15 --name XXXX --rsource -j DROP They worked for about 3 days very good where the string "xxxxxxxxx" would be rate-limited, blocked if someone flooded and also didn't affect the clients. But just today, I tried updating the chain to try to remove a previously blocked IP so for that I had to flush the chain and restore this rule ( iptables -X and iptables -F ), some clients were already connected to servers including me. So restoring the rules now would also block some of the clients string completely while some are not affected. So does this mean I need to restart the server or why else would this happen because the last time the rules were working, there was no one connected?

Read the article
Nodes inside Cisco VPN. Incoming SSH requests allowed. But can't initiate an outbound SSH.

- by Douglas Peter

I've a gateway-to-gateway VPN setup between my Linksys RV042 router and a Cisco VPN. I am able to SSH into any of the machine inside the VPN from my network. But none of the machines inside the VPN can initiate an SSH into my network. It seems they've blocked even all ping requests to my network gateway. This is the requirement: I have scripts that SSH into the machines inside the VPN and run a long mysql query. The query generates an output to a file. The time that these queries take is variable. So I have a loop in my machine that periodically SSHes into the VPN machine and checks if the query has finished, and pulls the generated file using SCP. I need to simplify it thus: The script will run at the machine inside the VPN, and when the query completes, it will SSH into my machine and pushes the generated file. Thanks for any ideas.

Read the article
Combining URL mapping and Access-Control-Allow-Origin: *

- by ksangers

I am in the progress of migrating an old banner system to a new one and in doing so I want to rewrite the old banner system's URL's to the new one. I load my banners via an AJAX request, and therefore I require the Access-Control-Allow-Origin to be set to *. I have the following VirtualHost configuration: <VirtualHost *:80> ServerAdmin [email protected] ServerName banner.studenten.net # we want to allow XMLHTTPRequests Header set Access-Control-Allow-Origin "*" RewriteEngine on RewriteMap bannersOldToNew txt:/home/user/banner.studenten.net/banner-studenten-net-to-ads-all4students-nl-map # check whether a zoneid exists in the query string RewriteCond %{QUERY_STRING} ^(.*)zoneid=([1-9][0-9]*)(.*) # make sure the requested banner has been mapped RewriteCond ${bannersOldToNew:%2|NOTFOUND} !=NOTFOUND # rewrite to ads.all4students.nl RewriteRule ^/ads/.* http://ads.all4students.nl/delivery/ajs.php?%1zoneid=${bannersOldToNew:%2}%3 [R] # else 404 or something ErrorLog ${APACHE_LOG_DIR}/banner.studenten.net-error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog ${APACHE_LOG_DIR}/banner.studenten.net-access.log combined </VirtualHost> My map file, /home/user/banner.studenten.net/banner-studenten-net-to-ads-all4students-nl-map, contains something like: # oldId newId 140 11 141 12 142 13 Based on the above configuration I was expecting the following: GET /ads/ajs.php?zoneid=140 HTTP/1.1 Host: banner.studenten.net HTTP/1.1 302 Found ... Access-Control-Allow-Origin: * Location: http://ads.all4students.nl/delivery/ajs.php?zoneid=11 But instead I get the following: GET /ads/ajs.php?zoneid=140 HTTP/1.1 Host: banner.studenten.net HTTP/1.1 302 Found ... Location: http://ads.all4students.nl/delivery/ajs.php?zoneid=11 Note the missing Access-Control-Allow-Origin header, this means the XMLHttpRequest is denied and the banner is not displayed. Any suggestions on how to fix this in Apache?

Read the article
How to activate Virtual Desktop on Fortigate 100A ?

- by Deniz

We did recently update the firmware on our Fortigate 100A box and after the upgrade we tried to use the "Virtual Desktop" feature. (This isn't a new firmware feature) We can't find a way to activate or use it. Does anyone have any experience on "Virtual Desktop" of Fortigate devices ?

Read the article

< Previous Page | 86 87 88 89 90 91 92 93 94 95 96 97 | Next Page >