Search Results

Search found 3489 results on 140 pages for 'tcp'.

Page 91/140 | < Previous Page | 87 88 89 90 91 92 93 94 95 96 97 98 | Next Page >

Rate-Limit affects All clients or single IP?

- by Asad Moeen

Well up-til now I've considered iptables rate-limit commands with the "recent" module to work for each IP Address. For example rate-limit rule of 20k/s will trigger only if a single IP exceeds 20k/s rate and not if 4 different IPs exceed 5k/s rate. Please correct me if I considered this wrong as I've only used these rules for TCP/ UDP. But today I tried similar rules for ICMP and applied 4/s Input/Output. But then on trying to ping-test from just-ping.com I could see packet loss on almost all IP Addresses. How could that happen because if it worked for each IP Address then it wouldn't be triggering the rule because I believe each IP from just-ping has a rate of probably 1/s. I still think the first one is true because if it wasn't then my GameServer would block everyone if the combined rate ( in case of more connected players ) increased the threshold. This hasn't happened up til now so the ICMP thing really confused me. Thank you.

Read the article
Configure custom SSL certificate for RDP on Windows Server 2012 in Remote Administration mode?

- by Ryan Bolger

So the release of Windows Server 2012 has removed a lot of the old Remote Desktop related configuration utilities. In particular, there is no more Remote Desktop Session Host Configuration utility that gave you access to the RDP-Tcp properties dialog that let you configure a custom certificate for the RDSH to use. In its place is a nice new consolidated GUI that is part of the overall "edit deployment properties" workflow in the new Server Manager. The catch is that you only get access to that workflow if you have the Remote Desktop Services role installed (as far as I can tell). This seems like a bit of an oversight on Microsoft's part. How can we configure a custom SSL certificate for RDP on Windows Server 2012 when it's running in the default Remote Administration mode without needlessly installing the Remote Desktop Services role?

Read the article
Firewalling gateways and IDS's

- by Scott Davies

Hi, For IDS, I plan to have a Win 2008 server running on the gateway with the majority of roles disabled. I plan to firewall the Internet connection, but I'd also like to install Snort to work as an IDS. However, I am guessing that regardless of the Snort install of the promiscuous Winpcap driver, I won't be able to monitor ports that the firewall blocks. My thinking is that chain of flow is: Internet-Firewall on Win 2008-Winpcap-Snort-internal network Is there a way to still monitor services that the firewall will block (i.e. TCP 445 SMB) ? Perhaps run the data through Snort and then through the firewall ? Thanks

Read the article
Shaping outbound Traffic to Control Download Speeds with Linux

- by Kyle Brandt

I have a situation where a server makes lots of requests from big webservers all at the same time. Currently, I have not control over the amount of requests or the rate of the requests from the application that does this. The responses from these webservers is more than the internet line can handle. (Basically, we are launching a DoS on ourselves). I am going to get push to get this fixed at the application level, but for the time being, is there anyway I can use traffic shaping on the Linux server to control this? I know I can only shape outbound traffic, but maybe there is a way I can slow the TCP responses so the other side will detect congestion and this will help my situation? If there is anything like this with tc, what might the configuration look like? The idea is that the traffic control might help me control which packets get dropped before they reach my router.

Read the article
Is opening ports in the firewall bad?

- by Steven

From what little I know about networking, opening ports lets external data get sent in. But how that data is handled is entirely up to the applications running on my machine. So if I'm not running any malicious applications, there should be nothing wrong with disabling the firewall, right? Also, how do applications work when ports aren't forwarded? For example, I need to forward port TCP 6112 to host Blizzard games, but I've heard that HTTP uses port 80, but I haven't forwarded that port, yet Firefox still works. Btw I'm using Windows Vista.

Read the article
TightVNC grey screen?

- by gary

I'm trying to help my mom remotely with some PC problems. She's not too computer savvy, so to keep the firewall stuff on my side of things, I tried to use a reverse VNC connection: On my machine, I set up TightVNC client in listening mode. I also opened TCP port 5500 on my router and firewall, and checked it using http://canyouseeme.org/. On her machine, I (instructed her to) set up TightVNC server, and connect to my machine's IP ('Add New Client...'). Both machines run Windows XP & TightVNC 1.3.10. The problem: When she tries to connect, a TightVNC window with grey background pops up on my machine, but I never get to see the remote desktop. It just remains grey. However, it seems that I control the mouse on the remote side (she says it's moving). I tried to reverse-connect from another machine on my LAN and it works without a problem. Any idea what the problem could be?

Read the article
Remote connection to SQL server doesn't use the instance name

- by Max

I have a web server with SQL express 2008 installed. I was trying to connect to this from my local machine using SSMS. After enabling TCP/IP in SQL configuration manager, starting SQL browser service and opening up the firewall I still couldn't connect using xxx.xxx.xxx.xxx\sqlexpress as the server name. Finally out of frustration I tried to connect taking off the sqlexpress instance name to just xxx.xxx.xxx.xxx and it worked! I'm really at a loss here as to why this works. What would happen if I installed more instances of SQL?

Read the article
what causes drops in apache throughput?

- by Robbie Mckennie

i was poking around in the windows task manager, and i found this cool network throughput graphing thing. so i wanted to see it max out, so i started downloading a 1.8gb image (from the localhost to a remote system). but, much to my surprise, it looked like this: i count 16 dips, so i divided the 1.8gb into 16 and i got 115mb. then i looked up the mtu of ip, and i knew the mtu of ethernet from my reading, both far smaller than 115mb. and since tcp is connection orientated, it doesn't have an mtu.

Read the article
Using 2 Transparent HAProxy for load balancing

- by Nyxynyx

We can configure HAProxy to be a transparent proxy by using the guide here, where one of the steps says ...to put the backend servers in a different subnet to the front end clients and make sure that the default gateway points back at the HAProxy load balancer. However when we need to have 2 transparent HAProxy in front of our balanced servers (for redundancy), it seems like this wont work as we can only set one gateway for our balanced servers. What will be the correct way to setup the system such that we can have 2 transparent HAProxy infront of the balanced servers? The main reason for having transparent proxies is the need to find the client's IP addresses over TCP.

Read the article
MySQL Workbench sends computer name with login not IP

- by Android Addict

I am attempting to connect MySQLWorkbench to a remote MySQL Server. The server has granted access to user@IPAddress However, when I try to connect MySQLWorkbench, it sends user@computername instead. How do I configure the connection to use the IP address instead in MySQLWorkbench? Reference: The remote server is on the local network, so I need to use the local IP address assigned to my client. EDIT What I have tried so far: from the server: mysql -u user@IPAddress -p --host=(ServerIPAddress) Returns: mysql> So that tells me the user account is operational. Furthermore, I confirmed it exists using: select user from mysql.user; returning a table of all users, of which the user I am using is present. I have also opened the port 3306: sbin/iptables -A INPUT -i eth0 -s clientIPAddress -p tcp --destination-port3306 -j ACCEPT Still I encounter Access Denied

Read the article
Httpd restart "Address already in use" error

- by mtndesign

I have an .rpm, which I created. In its %post part, I do some stuff, and in the end of this script, i call service httpd restart. It gives the following error: + service httpd restart Stopping httpd: [FAILED] Starting httpd: (98)Address already in use: make_sock: could not bind to address [::]:81 (98)Address already in use: make_sock: could not bind to address 0.0.0.0:81 no listening sockets available, shutting down Unable to open logs [FAILED] I got this from the rpm verbose installing (-vv). So I know its about httpd restart itself, nothing else. The according to netstat only one process (httpd) is listening on port 81. $ sudo netstat -nlp | grep 81 tcp 0 0 :::81 :::* LISTEN 29670/httpd I don't understand, why running http FAILS at stop, and FAILS again in start. Any ideas how to solve this?

Read the article
How to clear stuck locked maildrop pop3 process

- by Joshua

I am using cyrus for imap and pop One of my users is getting the following error: Unable to lock maildrop : Mailbox is locked by POP server. I can see where it starts in the log. I've read that there is no physical lock file anymore (i've tried looking for it anyways) and that the solution is to just wait for the timeout, or kill the offending pop3 process. I know that this is happening because of a lossy connection on the part of the affected user, and that pop3 can only have 1 session active at a time. I need to manually clear the lock and I am having trouble finding the offending pop process. I have tried lsof, but it doesn't say how long the individual files (sockets) have been opened for. I've reduced the tcp keepalive time down to 5 mins, but I still need to reset this guy's lock. I could use some pointers. Thanks!

Read the article
How to set up an FTP user on UBUNTU 9 server using vsftpd utility?

- by Pavel

Hi guys. I'm kinda new to this so bear with me. I've set up a server and now I need to create ftp user for it. I'm doing this by typing: useradd pavel passwd pavel And then I'm running iptables -I INPUT 1 -p tcp --dport 21 -j ACCEPT iptables-save > /etc/iptables.rules in order to open ftp ports and lastly, I'm changing the usermod by: usermod -s /bin/sh pavel So now tell me - what I'm doing wrong here? I just want to connect using FTP protocol. Please help...

Read the article
How can I secure Postgres for remote access when not in a private network?

- by orokusaki

I have a database server on a VMWare VM (Ubuntu 12.04.1 LTS server), and it just occurred to me that the server is accessible via the web, since the same physical server contains a VM that hosts public websites. My iptables in the database are such that only SSH traffic, loopback traffic, and TCP on port 5432 are allowed. I will only allow host access to the Postgres server from the IP of the other VM on the same physical machine. Does this seem sufficient for security, assuming there aren't gaping holes in my general OS configuration, or is Postgres one of those services that should never be web facing, (assuming there are some of "those"). Will I need to use hostssl instead of host in my pg_hba.conf, even though the data will travel only on my own network, presumably?

Read the article
Preparing computers for remote MSI installation in NT4 domain

- by user40177

We recently purchased EMCO Remote Installer to deploy MSI packages we're creating. We are still (unfortunately) in an NT4 domain, and when I try to deploy a package using domain's administrator credentials I'm getting "access denied". Under the "requirements for remote computers" section on the EMCO website (http://www.emco.is/products/remote-installer/requirements.php), it says that it requires remote machines to have: * Started services: Computer Browser, Remote Registry * File and Printer sharing enabled * Windows Installer 3.1 * TCP ports opened: 135, 139, 445 * UDP ports opened: 137, 138 Is there any way of scripting these changes? If so, could someone get me started? I have about 200 machines I need to get this working with. Thanks for all your help!!

Read the article
Memcached failover

- by user25164

We have 2 memcached servers configured and use the Eniym client. When one of the server is down, it appears this server is added to the deadServers list (ServerPool.cs) and tries to resurrect the server every 10seconds (we have configured deadTimeOut to be 10seconds). Attempting to connect to the failed server causes a TCP timeout, the pages take a long time to load which results in bad user experience. 1) What is the standard way of resolving this issue? There are some posts about removing the server from the deadServers list. Is it okay to do this? 2) What is the recommended deadTimeOut setting (I understand by default it's 2 mins and we've changed it to 10seconds in our implementation) 3) Am I correct in my understanding that the cached data is not replicated across Server 1 and Server 2? If Server 1 is down, then it goes to the database to fetch these values (and it doesn't really check Server2)? Any help is really appreciated.

Read the article
use of tcp_delack_min on redhat linux (kernel 2.6.18)

- by user41466

Hello, we're moving from Solaris to Redhat Linux, and trying to duplicate our low-latency setup, that, on solaris, includes the ndd settings related to TCP NO DELAY, and NAGLE ALGORITHM. I got the impression that those parameters are not all configurable system-wide, but still found some info. we have configured our applications to run with no nagle algorithm, but that is not sufficient. we have found an interesting RH article talking presenting the tcp_delack_min parameter, however, when browsing /proc/sys/net/ipv4/ , I can't find it there. would it be safe to assume that simply "adding" the parameter as it's said on the doc would be enough, or rather that the option is not supported by this version (would be strange, as RH specify that it "can be performed on a standard Red Hat Enterprise Linux installation") ? any other idea / recommendation to improve latency further ? thanks

Read the article
Remote logging for multiple Apache virtual hosts using syslog-ng

- by James

I'm running a couple Apache web servers that each have 4-8 separate virtual hosts on each of them. I'm trying to setup a dedicated log server that stores each virtual host access and errors logs in a separate directory for that virtual host. For example on the logging server, /var/log/remove/10.0.0.2/virtualhost1 contains access_log and error_log /var/log/remove/10.0.0.2/virtualhost2 contains access_log and error_log /var/log/remove/10.0.0.3/virtualhost3 contains access_log and error_log and so on... Right now I have it split up by host but I can't figure out how to do it additionally by virtual host. Here are the relevant lines from the logging server's syslog-ng.conf source r_src { tcp(ip("0.0.0.0") port(5140)); }; destination r_all { file("/opt/splunk/logs/$HOST"); }; log { source(r_src); destination(r_all); }; Any help would be appreciated. Thanks!

Read the article
PostgreSQL won't start anymore

- by Sander Declerck

Today, my PostgreSQL doesn't start anymore on my windows machine... I've tried to start the service in windows services and got the following error: Windows could not start the PostgreSQL Database Server 8.3 service on Local Computer. Error 1053: The service did not respond to the start or control request in a timely fashion. Then I went to the command line to manually start C:/Program Files (x86)/PostgreSQL/8.3/bin/psql.exe, and then I got this error: psql: Could not connect to server: Connection refused (0x0000274D/10061) Is the server running on host "???" and accepting TCP/IP connections on port 5432? Edit: I found this in the logs: 2011-04-22 13:13:16 CEST LOG: could not receive data from client: No connection could be made because the target machine actively refused it. 2011-04-22 13:13:16 CEST LOG: unexpected EOF on client connection

Read the article
Configuring NAT and static IP on Cisco 877W

- by David M Williams

Hi all, I'm having trouble setting up a static IP reservation on a network. What I want to do is assign IP 192.168.1.105 to MAC address 00:21:5d:2f:58:04 and then port forward 35394 to it. If it helps, output from show ver says Cisco IOS software, C870 software (C870-ADVSECURITYK9-M), version 12.4(4)T7, release software (fc1) ROM: System bootstrap, version 12.3(8r)YI4, release software I have done this - service dhcp ip routing ip dhcp excluded-address 192.168.1.1 192.168.1.99 ip dhcp excluded-address 192.168.1.200 192.168.1.255 ip dhcp pool ClientDHCP network 192.168.1.0 255.255.255.0 default-router 192.168.1.1 dns-server 192.168.1.1 lease 7 ip dhcp pool NEO host 192.168.1.105 255.255.255.0 hardware-address 0021.5D2F.5804 ip nat inside source static tcp 192.168.1.105 35394 <PUBLIC_IP> 35394 extendable However, the machine is getting assigned IP address 192.168.1.101 not .105 ... any suggestions? Thanks !

Read the article
apache tomcat loadbalancing clustering on ubuntu

- by user740010

i am facing a problem in clustering the tomcat with apache as a loadbalancer using mod_jk on ubuntu. i have install apache2 on my ubuntu 11.04 and i have downloaded tomcat7 created two copies and kept them at two different location. 1st one is at /home/net4u/vishal/test/tomcatA 2nd one is at /home/net4u/vishal/test1/tomcatB i have made following changes to server.xml file in /conf folder 1. <Server port="8205" shutdown="SHUTDOWN"> 2. <Connector port="8280" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" /> 3.<Connector port="8209" protocol="AJP/1.3" redirectPort="8443" /> <Engine name="Catalina" defaultHost="localhost" jvmRoute="tomcatB"> 4. <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/> similarly i have modified other tomcat i.e tomcatA server.xml content of the server.xml is as follow: --    <Connector port="8280" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" />      <Connector port="8109" protocol="AJP/1.3" redirectPort="8443" />   <Engine name="Catalina" defaultHost="localhost" jvmRoute="tomcatB">   <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>  <Realm className="org.apache.catalina.realm.LockOutRealm">  <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/> </Realm> <Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true">    <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="localhost_access_log." suffix=".txt" pattern="%h %l %u %t "%r" %s %b" resolveHosts="false"/> </Host> </Engine> i have install libapache2-mod-jk step 1. i have Created jk.load file in /etc/apache2/mods-enabled/jk.load content is as follows: LoadModule jk_module /usr/lib/apache2/modules/mod_jk.so Create /etc/apache2/mods-enabled/jk.conf: JkWorkersFile /etc/apache2/workers.properties JkLogFile /var/log/apache2/jk.log JkMount /ecommerce/* worker1 JkMount /images/* worker1 JkMount /content/* worker1 step 2. Created workers.properties file in /etc/apache2/workers.properties content is as follows: workers.tomcat_home=/home/vishal/Desktop/test/tomcatA workers.java_home=/usr/lib/jvm/default-java ps=/ worker.list=tomcatA,tomcatB,loadbalancer worker.tomcatA.port=8109 worker.tomcatA.host=localhost worker.tomcatA.type=ajp13 worker.tomcatA.lbfactor=1 worker.tomcatB.port=8209 worker.tomcatB.host=localhost worker.tomcatB.type=ajp13 worker.tomcatB.lbfactor=1 worker.loadbalancer.type=lb worker.loadbalancer.balanced_workers=tomcatA,tomcatB worker.loadbalancer.sticky_session=1 i tried the same thing on the windows machine it is working.

Read the article
Can't communicate with Primary DNS Server

- by horsley

A computer, with Windows 7, can't access any website by domain suddenly. Whether this computer use a wired link or connect to the WLAN, The fault persists IP and DNS obtained automatically, and seems normal (ipconfig /all return the correct info) I can visit websites by using HTTP proxy The DNS server is available, other computer in my room works properly. I can ping myself, the gateway and any other IP, but domains I can use nslookup and obtain the correct IP info There are some error information in the event log about dns client events explaining the client can not verify the DNS server available Windows network diagnosis explain that Windows can't communicate with the device or resource (Primary DNS Server) I guess the dns client should be blame. I tried to do the following things but the fault persist. Reinstall the driver of network adapter Reset TCP/IP (netsh int ip reset) Reset Winsock (netsh winsock reset) Reset LSP I don't want to reinstall the whole os, what should I do?

Read the article
Sharing a printer over the net from Windows 7 to Windows Server 2003

- by Grant Unwin

Hi, I need to share a printer that is connected to a Windows 7 computer. The windows 7 computer is in another building about an hours drive away. The computer that needs to access the printer is running Windows Server 2008. Ive tried setting the printer as 'shared' for 'everyone' on the Windows 7 PC and accessing it from the server by adding a TCP/IP port to the IP address but the printer just wont add. From googling aparently it may need setting up as a printer server through IIS, but i'm just not sure on the best practice. Any help greatly appreciated. Thanks Grant Unwin

Read the article
Torrent, ISA Server 2006 and packet dropped due to TCP_NOT_SYNC

- by Pascal

Hi, I'm trying to get uTorrent 2.0.4 to work in a DMZ machine, protected by a ISA Server 2006. I've opened 1 inbound port (via publishing) and opened all the higher ports for that specific machine that runs uTorrent on my DMZ, and it's working almost fine. The problem is that I keep getting packets dropped with 0xc0040017 FWX_E_TCP_NOT_SYN_PACKET_DROPPED. Is there any way to disable this via registry? Is there any way around this? The download speed fluctuates a lot, and when I starts hitting the upper limit that I've defined in uTorrent, the errors start poping up a lot, and the download speed goes way down, and the process repeats on and on Tks Edit My outbound rules are: Port Range: TCP 10000-65535 Outbound Port Range: UDP 10000-65535 Send Edit It's probably a bug handling requests from Windows 7. When I installed the uTorrent on a XP machine, the problem went away

Read the article
Error "fileid changed" when accessing files over NFS

- by Roman Prikhodchenko

I have an nfs-kernel-server configured and running on Ubuntu 10.04 Server. /export THIRD_SERVER_IP(rw,fsid=0,insecure,no_subtree_check,async) SECOND_SERVER_IP(rw,fsid=0,insecure,no_subtree_check,async) /export/ebs THIRD_SERVER_IP(rw,fsid=0,insecure,no_subtree_check,async) SECOND_SERVER_IP(rw,nohide,insecure,no_subtree_check,async) I mounted the exported folder to the second server: mount -t nfs4 -o proto=tcp,port=2049 NFS_SERVER_IP_HERE:/ebs /ebs and it works just fine. I mounted it to the third server but I cannot access files from it. ls -l /ebs ls: reading directory /ebs: Stale NFS file handle total 0 The syslog on the third server says: kernel: [11575.483720] NFS: server NFS_SERVER_IP_HERE error: fileid changed kernel: [11575.483722] fsid 0:14: expected fileid 0x2, got 0x6e001 Some info: uname -r 2.6.32-312-ec2 uname -m i686

Read the article

< Previous Page | 87 88 89 90 91 92 93 94 95 96 97 98 | Next Page >