Search Results

Search found 8371 results on 335 pages for 'inline block'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 93/335 | < Previous Page | 89 90 91 92 93 94 95 96 97 98 99 100  | Next Page >

  • syslog ip ranges to specific files using `rsyslog`

    - by Mike Pennington
    I have many Cisco / JunOS routers and switches that send logs to my Debian server, which uses rsyslogd. How can I configure rsyslogd to send these router / switch logs to a specific file, based on their source IP address? I do not want to pollute general system logs with these entries. For instance: all routers in Chicago (source ip block: 172.17.25.0/24) to only log to /var/log/net/chicago. all routers in Dallas (source ip block 172.17.27.0/24) to only log to /var/log/net/dallas. Finally, these logs should be rotated daily for up to 30 days and compressed. NOTE: I am answering my own question

    Read the article

  • Calculating IOPS for a single HDD - what am I doing wrong?

    - by red888
    So I know there is no standardized way of calculating IOPS for a HDD, but from everything I have read it appears one of the most accurate formulas is the following: IOP/ms = + {rotational latency} + ({block size} / {data transfer rate}) Which is IOs per millisecond or what the book I've been reading calls "Disk Service Time". Also rotational latency is calculated as half of one rotation in milliseconds. This was taken from the EMC book "Information Storage and Management" -arguably a pretty reliable source right\wrong? Putting this formula into practice consider this Seagate data sheet. I am going to calculate IOPS for the ST3000DM001 model for a block size of 4kb: Seek Average (Write) = 9.5 -I'll measuring IOPS for writes Spindle speed = 7200rpm Average Data Rate = 156MB/s So my variables are: Seek Time = 9.5ms Rotational latency = (.5 / (7200rpm / 60)) = 0.004s = 4ms Data Rate = 156MB/s = (0.156MB/ms / 0.004MB) = 39 9.5ms + 4ms + 39 = IO/ms 52.5 1 / (52.5 * 0.001) = 19 IOPS 19 IOPS for this drive clearly is not right so what am I doing wrong?

    Read the article

  • Windows 7 Firewall configuration

    - by Will Calderwood
    I had a PC set up with a VPN. I used the Windows 7 firewall to block all NON-VPN traffic to the internet, but all LAN traffic was allowed. So, with the VPN connected I could connect to all networked machines and the internet. Without the VPN connected I could only connect to the LAN and had no internet access. Unfortunately my drive failed, and I'm setting up the machine again with a replacement drive. I can't for the life of me work out how to set up the firewall again. I can easily set it up to block all NON-VPN traffic, but can't work out how to that and still allow all LAN traffic whether the VPN is connected or not. Some pointers would be useful. Thanks.

    Read the article

  • How can I create multiple identical AWS EC2 server instances with large amounts of persistent data?

    - by mojones
    I have a CPU-intensive data-processing application that I want to run across many (~100,000) input files. The application needs a large (~20GB) data file in order to run. What I would like to do is create an EC2 machine image that has my application and associated data files installed boot up a large number (e.g. 100) of instances of this image split my input files up into 100 batches and send one batch to be processed on each instance I am having trouble figuring out the best way to ensure that each instance has access to the large data file. The data file is too big to fit on the root filesystem of an AMI. I could use Block Storage, but a given Block Storage volume can only be attached to a single instance, so I would need 100 clones. Is there some way to create a custom image that has more space on the root filsystem so that I can include my large data file? Or is there a better way to tackle this problem?

    Read the article

  • Linux filesystem with inodes close on the disk

    - by pts
    I'd like to make the ls -laR /media/myfs on Linux as fast as possible. I'll have 1 million files on the filesystem, 2TB of total file size, and some directories containing as much as 10000 files. Which filesystem should I use and how should I configure it? As far as I understand, the reason why ls -laR is slow because it has to stat(2) each inode (i.e. 1 million stat(2)s), and since inodes are distributed randomly on the disk, each stat(2) needs one disk seek. Here are some solutions I had in mind, none of which I am satisfied with: Create the filesystem on an SSD, because the seek operations on SSDs are fast. This wouldn't work, because a 2TB SSD doesn't exist, or it's prohibitively expensive. Create a filesystem which spans on two block devices: an SSD and a disk; the disk contains file data, and the SSD contains all the metadata (including directory entries, inodes and POSIX extended attributes). Is there a filesystem which supports this? Would it survive a system crash (power outage)? Use find /media/myfs on ext2, ext3 or ext4, instead of ls -laR /media/myfs, because the former can the advantage of the d_type field (see in the getdents(2) man page), so it doesn't have to stat. Unfortunately, this doesn't meet my requirements, because I need all file sizes as well, which find /media/myfs doesn't print. Use a filesystem, such as VFAT, which stores inodes in the directory entries. I'd love this one, but VFAT is not reliable and flexible enough for me, and I don't know of any other filesystem which does that. Do you? Of course, storing inodes in the directory entries wouldn't work for files with a link count more than 1, but that's not a problem since I have only a few dozen such files in my use case. Adjust some settings in /proc or sysctl so that inodes are locked to system memory forever. This would not speed up the first ls -laR /media/myfs, but it would make all subsequent invocations amazingly fast. How can I do this? I don't like this idea, because it doesn't speed up the first invocation, which currently takes 30 minutes. Also I'd like to lock the POSIX extended attributes in memory as well. What do I have to do for that? Use a filesystem which has an online defragmentation tool, which can be instructed to relocate inodes to the the beginning of the block device. Once the relocation is done, I can run dd if=/dev/sdb of=/dev/null bs=1M count=256 to get the beginning of the block device fetched to the kernel in-memory cache without seeking, and then the stat(2) operations would be fast, because they read from the cache. Is there a way to lock those inodes and/or blocks into memory once they have been read? Which filesystem has such a defragmentation tool?

    Read the article

  • Dell PowerEdge R720 - Corrupted RAID

    - by BT643
    Apologies in advance for the lengthy question. We have a Dell PowerEdge R720 server with: 2 x 136GB SAS drives in RAID 1 for the OS (Ubuntu Server 12.04) 6 x 3TB SATA drives in RAID 5 for data A few days ago we were getting errors when trying to access files on the large RAID 5 partition. We rebooted the server and got a message about the raid controller has found a foriegn config. We've had this before, and just needed to use Dell's RAID configuration utility to import foreign config on the RAID. Last time this worked, but this time, it started doing a disk check then we got this: FSCK has returned the following: "/dev/sdb1 inode 364738 has a bad extended attribute block 7 /dev/sdb1 unexpected inconsistency run fsck manually (i.e without -a or -p options) MOUNTALL fsck /ourdatapartition [1019] terminated with status 4 MOUNTALL filesystem has errors /ourdatapartition errors where found while checking the disk drive for /ourdatapartition Press F to fix errors, I to Ignore or M for Manual Recovery" We pressed F to try and fix the errors, but it eventually errored with: Inode 275841084, i_blocks is 167080, should be 0. Fix? yes Inode 275841141 has an invalid extend node (blk 2206761006, lblk 0) Clear? yes Inode 275841141, i_blocks is 227872, should be 0. Fix? yes Inode 275842303 has an invalid extend node (blk 2206760975, lblk 0) Clear? yes .... Error storing directory block information (inode=275906766, block=0, num=2699516178): Memory allocation failed /dev/sdb1: ***** FILE SYSTEM WAS MODIFIED ***** e2fsck: aborted /dev/sdb1: ***** FILE SYSTEM WAS MODIFIED ***** mountall: fsck /ourdatapartition [1286] terminated with status 9 mountall: Unrecoverable fsck error: /ourdatapartition We noticed one of the drive lights was not lit at all, and thought this may have failed and be the problem. We replaced the drive with a spare, and tried "F" to repair it again, but we keep just getting the same error as above. In the RAID configuration utility, all drives show as "online" and "optimal". We do have this data on another replicated server, so we're not worried about "recovering" anything, we just want to get the system back online asap. The server has 64 or 32GB memory, can't remember off the top of my head, but either way, with a 14TB RAID, I think it may still not be enough. Thanks EDIT - I checked the memory usage while fsck was running as suggested and after 2 or 3 minutes, it looked like this, using up nearly all of our servers memory: When it failed after 5 minutes or so with the error in my post, the memory immediately freed up again:

    Read the article

  • Indenting an x number of lines in vim

    - by Mack Stump
    I've been coding in Java for a job recently and I've noticed that I'll write some code and then determine that I need to wrap the code in a try/catch block. I've just been moving to the beginning of a line and adding a tab. 0 i <tab> <esc> k (repeat process until at beginning or end of block) Now this was fine the first three or four times I had to indent but now it's just become tedious and I'm a lazy person. Could someone suggest an easier way I could deal with this problem?

    Read the article

  • Cisco ASA - Unable to create "range" type of network object on 8.2

    - by j2k4j
    I'm wanting to block a range of ip addresses on my Cisco ASA 5520 (8.2) using ASDM 6.4. In the help files/cisco documentation, it says, just create a network object with a "range" type, and use that in a blocking access rule... When I'm accessing the ASA (8.2) with ASDM 6.4, I go to configfirewallobjectnetwork objects & groups, then click "add" to add the IP range as a "network object", I get the following 4 fields to fill out: Name: IP address: Netmask: Description: That's all... In the context-sensitive help files, it says that there should be a Type drop-down to select, with "range" being one of the options, but there is no "Type" drop-down list... If I try to create a "network object group" instead of just "network object", then I get a "Type" drop down list, but it only contains two options: network & host (No "Range" option here either) Can someone help me figure out how to block a range of IP's, using the current 8.2 version on the ASA? Thanks for any pointers or tips!

    Read the article

  • Suggestions on providing HA access to an external (fibre) RAID subsystem

    - by user145198
    We are looking at upgrading our storage capacity with an external RAID subsystem that has redundant (2) fibre controllers, each controller has 4 x 8 Gbps fibre ports. I would like to make access to this storage system occur via HA Linux. Ideally I would connect 2 fibre ports from each controller into each Linux server, and then export either NFS or iSCSI via a 10 Gbe interface. I have seen plenty of references to DRBD, however all of those references tend to use block storage that is solely attached to each machine, rather than having a shared block storage device, so I am unsure if DRBD could (or should) be used in this case. Ideas?

    Read the article

  • Free NTFS partition recovery

    - by Andrei Tanasescu
    I have a 1Tb disk which was partitioned into a ~700gb ntfs disk and a 300gb HFS+ (mac os X). I've accidentally allowed mac os x to wipe the hard-disk and create a single HFS+ partition over the hard-drive. I want to recover my NTFS partition. TestDisk fails to find the NTFS partition, but the DiskInternals solution does find my files. Are there any free alternatives to DIskInternals Partition recovery solution? THe tool should simply go block by block and attempt to reconstruct the files.

    Read the article

  • Website filtering for OpenVPN clients

    - by Asche
    I am currently trying to block some websites by their domain names for all the clients of my OpenVPN server. My first idea was to use the /etc/hosts file. But, its effects seem to be limited to the host only and not to be taken in consideration by OpenVPN. I then tried to configure bind9 and to interface it with OpenVPN, but that solution was unsuccessful and uneasy to use. After this, I considered using iptables to drop all the packets from/to those websites but that forum thread made me thought otherwise since iptables' behavior with FQDN may generate complex issues. Have you got a solution to block websites for all clients using an OpenVPN server on which I am root?

    Read the article

  • Nginx location to match query parameters

    - by Dave
    Is it possible in nginx to have a location {} block that matches query parameters. For example I want to pick up that "preview=true" in this url and then instruct it to do several different things, all possible in a location block. http://192.158.0.1/web/test.php?hello=test&preview=true&another=var The problem I'm having is that my test stuff doesn't seem to match, it seems like I can only match the URL itself? E.g. location ~ ^(.*)(preview)(.*)$ Or something aloong those lines?

    Read the article

  • kernel warning disk error for command write - solaris svm

    - by help_me
    Recently this warning came up on my message logs, scsi: [ID 107833 kern.warning] WARNING: /pci@1c,600000/scsi@2/sd@0,0 (sd0): Oct 27 00:14:44 Error for Command: write(10) Error Level:Retryable Oct 27 00:14:44 scsi: [ID 107833 kern.notice] Requested Block: 101515828 Error Block: 101515828 Oct 27 00:14:44 scsi: [ID 107833 kern.notice] Vendor: SEAGATE Serial Number: 0441B9B5H Oct 27 00:14:44 scsi: [ID 107833 kern.notice] Sense Key: Hardware Error Oct 27 00:14:44 scsi: [ID 107833 kern.notice] ASC: 0x19 (defect list error), ASCQ: 0x0, FRU: 0x2 This is showing signs of disk failing in my opinion. I have not seen the messages re-occurring. This is on a Solaris 9 Sparc system V240. The disks are managed by SVM and "metadb" is showing the flags as "a" Are there any tests or indications as to check/see if the disk is actually failing or was that error message initiated by something else. Thank you!

    Read the article

  • ec2 ami device mapping

    - by hortitude
    I have large ec2 Ubuntu image and I'm just looking through the devices. I noticed from the metadata that % curl http://169.254.169.254/latest/meta-data/block-device-mapping/ami sda1 % curl http://169.254.169.254/latest/meta-data/block-device-mapping/ephemeral0 sdb However when I look what is actually mounted there is /dev/xvda1 and /dev/xvdb (and there is no /dev/sd* ) I know that both names look somewhat valid from the AWS documentation, but it looks to me from this like there is a mismatch in the instance metadata and what is actually on the machine. Why don't they match?

    Read the article

  • Explanation of nodev and nosuid in fstab

    - by Ivan Kovacevic
    I see those two options constantly suggested on the web when someone describes how to mount a tmpfs or ramfs. Often also with noexec but I'm specifically interested in nodev and nosuid. I basically hate just blindly repeating what somebody suggested, without real understanding. And since I only see copy/paste instructions on the net regarding this, I ask here. This is from documentation: nodev - Don't interpret block special devices on the filesystem. nosuid - Block the operation of suid, and sgid bits. But I would like a practical explanation what could happen if I leave those two out. Let's say that I have configured tmpfs or ramfs(without these two mentioned options set) that is accessible(read+write) by a specific (non-root)user on the system. What can that user do to harm the system? Excluding the case of consuming all available system memory in case of ramfs

    Read the article

  • Why is Firefox so slow and heavy?

    - by Tony
    For some reason, when I go to links the pages seem slow and heavy. It also has a lot of lag spikes between page loads. Basically it seems to freeze then load it all at once fast. I'm currently using Firefox 25. But when I use the same Chrome version, it seems to be very fast and smooth page loading. The CPU it takes on average is about 400,000k. Extensions: iMacros Leethax Ad Block Plus 2.4 Ad Block Plus Pop-up Addon 0.9.1 Computer stats: 6 GB RAM Windows 7 Acer Aspire Laptop 500 GB HDD Intel Core i4-2370M How do I make Firefox load like Google Chrome, without much freezing?

    Read the article

  • nginx: override global ssl directives for specific servers

    - by alkar
    In my configuration I have placed the ssl_* directives inside the http block and have been using a wildcard certificate certified by a custom CA without any problems. However, I now want to use a new certificate for a new subdomain (a server), that has been certified by a recognized CA. Let's say the TLD is blah.org. I want my custom certificate with CN *.blah.org to be used on all domains except for new.blah.org that will use its own certificate/key pair of files with CN new.blah.org. How would one do that? Adding new ssl_* directives inside the server block doesn't seem to override the global settings.

    Read the article

  • Material to use for computer system cover against UV and salty air?

    - by hippietrail
    I live right next to the sea and have a large window quite close to my computer setup which allows a lot of indirect sunlight to enter. I'd like to buy or make a cover for my computer system. From visiting my usual mom & pop computer shop yesterday I got the impression these might not really exist any more. If I make my own I need a material with these qualities: Block or reduce ultraviolet light which can depolymerize plastics (the sun here in Australia is much stronger than in the northern hemisphere). Block salt-laden sea air which can oxidize USB and other connectors. Not cause static electricity when covering or uncovering. Keep dust off of course (-: My setup is a laptop plugged into a wide-screen LCD with a few external drives. So I think I'd want a largish sheet to flop over the whole desk. Are such covers commonly sold these days? What material(s) should I look for which provides the listed attributes?

    Read the article

  • ZFS, dedupe and PST files

    - by Unreason
    I am interested to know what would be expected maximum dedupe ratio for a set of PST files. I have ~40G of pst files from ~15 usres with high level of duplication of attachments. I am running tests to see if I can have significant space savings if I store the data on ZFS with dedupe. For this purpose I have installed a test setup of Nexenta, but was wondering if someone here had already done this and what level of deduplication I might expect (or in another words how sensitive are pst files to block alignment and what are the parameters that can influence the ratio?). Initial test show very low dedupe ratio and I did find explanation that block level dedupe would not be efficient here and that byte level dedupe would be much better (and that it should be performed by application that is aware of internal organization), so I am just double checking here if someone have some more input. Otherwise I will probably be converting PST files to IMAP.

    Read the article

  • Xen find VBD id for physical disks

    - by Joe
    I'm starting a xen domU using xm create config.cfg. Within the config file are a number of physical block devices (LVs) which are added to the guest and can be accessed fine when it boots. However, at a point in the future I need to be able to hot unplug one of these disks using the xm block-detach command. This command, however, requires the vbd id of the device to be detached and I can't find a way to find the device id for a particular disk 'plugged in' at start up. Any help is much appreciated!

    Read the article

  • Dealing with SMTP invalid command attack

    - by mark
    One of our semi-busy mail servers (sendmail) has had a lot of inbound connections over the past few days from hosts that are issuing garbage commands. In the past two days: incoming smtp connections with invalid commands from 39,000 unique IPs the IPs come from various ranges all over the world, not just a few networks that I can block the mail server serves users throughout north america, so I can't just block connections from unknown IPs sample bad commands: http://pastebin.com/4QUsaTXT I am not sure what someone is trying to accomplish with this attack, besides annoy me. any ideas what this is about, or how to effectively deal with it?

    Read the article

  • What does directory permission 'S' mean? (not lower case, but in upper case)

    - by Howard Guo
    I downloaded Eclipse, uncompressed it, did a few other things and all sudden I notice this interesting behaviour: ^_^ ~/Downloads > sudo chmod 0000 eclipse/ ^_^ ~/Downloads > stat eclipse/ File: 'eclipse/' Size: 4096 Blocks: 8 IO Block: 4096 directory Device: 801h/2049d Inode: 529725 Links: 9 Access: (2000/d-----S---) Uid: ( 0/ root) Gid: ( 0/ root) Access: 2012-11-22 19:54:57.752017352 +1100 Modify: 2012-09-20 18:16:26.000000000 +1000 Change: 2012-11-22 20:07:49.354016510 +1100 Birth: - ^_^ ~/Downloads > sudo chmod 0755 eclipse/ ^_^ ~/Downloads > stat eclipse/ File: 'eclipse/' Size: 4096 Blocks: 8 IO Block: 4096 directory Device: 801h/2049d Inode: 529725 Links: 9 Access: (2755/drwxr-sr-x) Uid: ( 0/ root) Gid: ( 0/ root) Access: 2012-11-22 19:54:57.752017352 +1100 Modify: 2012-09-20 18:16:26.000000000 +1000 Change: 2012-11-22 20:08:19.042016478 +1100 Birth: - What does 'S' permission mean to a directory? And why it doesn't let me get rid of it? Thanks.

    Read the article

  • Reasons for firewall alerts from ICMPv6 Local Link Address unreachable?

    - by Pulse
    For some reason I'm receiving numerous alerts, for a variety of processes, from my firewall. These are all related to ICMPv6 and are the same, apart from the process for which the alert was generated. 'Application/Process' Is trying to Access the Internet Remote Address - fe80::7191:6bd1:e5fa:58af [The Link Local Address] ICMP Type = 1 [Destination Unreachable] ICMP Code = 3 [Address Unreachable] Protocol = ICMPv6 Allow or Block If I Allow or Block, the alert never reoccurs. I understand what the various elements of these messages represent, I just can't fathom out why they are being generated. What could be the reason for these Alerts? OS - Windows 7 x86 Ultimate Thanks

    Read the article

  • How to open a server port outside of an OpenVPN tunnel with a pf firewall on OSX (BSD)

    - by Timbo
    I have a Mac mini that I use as a media server running XBMC and serves media from my NAS to my stereo and TV (which has been color calibrated with a Spyder3Express, happy). The Mac runs OSX 10.8.2 and the internet connection is tunneled for general privacy over OpenVPN through Tunnelblick. I believe my anonymous VPN provider pushes "redirect_gateway" to OpenVPN/Tunnelblick because when on it effectively tunnels all non-LAN traffic in- and outbound. As an unwanted side effect that also opens the boxes server ports unprotected to the outside world and bypasses my firewall-router (Netgear SRX5308). I have run nmap from outside the LAN on the VPN IP and the server ports on the mini are clearly visible and connectable. The mini has the following ports open: ssh/22, ARD/5900 and 8080+9090 for the XBMC iOS client Constellation. I also have Synology NAS which apart from LAN file serving over AFP and WebDAV only serves up an OpenVPN/1194 and a PPTP/1732 server. When outside of the LAN I connect to this from my laptop over OpenVPN and over PPTP from my iPhone. I only want to connect through AFP/548 from the mini to the NAS. The border firewall (SRX5308) just works excellently, stable and with a very high throughput when streaming from various VOD services. My connection is a 100/10 with a close to theoretical max throughput. The ruleset is as follows Inbound: PPTP/1723 Allow always to 10.0.0.40 (NAS/VPN server) from a restricted IP range >corresponding to possible cell provider range OpenVPN/1194 Allow always to 10.0.0.40 (NAS/VPN server) from any Outbound: Default outbound policy: Allow Always OpenVPN/1194 TCP Allow always from 10.0.0.40 (NAS) to a.b.8.1-a.b.8.254 (VPN provider) OpenVPN/1194 UDP Allow always to 10.0.0.40 (NAS) to a.b.8.1-a.b.8.254 (VPN provider) Block always from NAS to any On the Mini I have disabled the OSX Application Level Firewall because it throws popups which don't remember my choices from one time to another and that's annoying on a media server. Instead I run Little Snitch which controls outgoing connections nicely on an application level. I have configured the excellent OSX builtin firewall pf (from BSD) as follows pf.conf (Apple App firewall tie-ins removed) (# replaced with % to avoid formatting errors) ### macro name for external interface. eth_if = "en0" vpn_if = "tap0" ### wifi_if = "en1" ### %usb_if = "en3" ext_if = $eth_if LAN="{10.0.0.0/24}" ### General housekeeping rules ### ### Drop all blocked packets silently set block-policy drop ### all incoming traffic on external interface is normalized and fragmented ### packets are reassembled. scrub in on $ext_if all fragment reassemble scrub in on $vpn_if all fragment reassemble scrub out all ### exercise antispoofing on the external interface, but add the local ### loopback interface as an exception, to prevent services utilizing the ### local loop from being blocked accidentally. ### set skip on lo0 antispoof for $ext_if inet antispoof for $vpn_if inet ### spoofing protection for all interfaces block in quick from urpf-failed ############################# block all ### Access to the mini server over ssh/22 and remote desktop/5900 from LAN/en0 only pass in on $eth_if proto tcp from $LAN to any port {22, 5900, 8080, 9090} ### Allow all udp and icmp also, necessary for Constellation. Could be tightened. pass on $eth_if proto {udp, icmp} from $LAN to any ### Allow AFP to 10.0.0.40 (NAS) pass out on $eth_if proto tcp from any to 10.0.0.40 port 548 ### Allow OpenVPN tunnel setup over unprotected link (en0) only to VPN provider IPs ### and port ranges pass on $eth_if proto tcp from any to a.b.8.0/24 port 1194:1201 ### OpenVPN Tunnel rules. All traffic allowed out, only in to ports 4100-4110 ### Outgoing pings ok pass in on $vpn_if proto {tcp, udp} from any to any port 4100:4110 pass out on $vpn_if proto {tcp, udp, icmp} from any to any So what are my goals and what does the above setup achieve? (until you tell me otherwise :) 1) Full LAN access to the above ports on the mini/media server (including through my own VPN server) 2) All internet traffic from the mini/media server is anonymized and tunneled over VPN 3) If OpenVPN/Tunnelblick on the mini drops the connection, nothing is leaked both because of pf and the router outgoing ruleset. It can't even do a DNS lookup through the router. So what do I have to hide with all this? Nothing much really, I just got carried away trying to stop port scans through the VPN tunnel :) In any case this setup works perfectly and it is very stable. The Problem at last! I want to run a minecraft server and I installed that on a separate user account on the mini server (user=mc) to keep things partitioned. I don't want this server accessible through the anonymized VPN tunnel because there are lots more port scans and hacking attempts through that than over my regular IP and I don't trust java in general. So I added the following pf rule on the mini: ### Allow Minecraft public through user mc pass in on $eth_if proto {tcp,udp} from any to any port 24983 user mc pass out on $eth_if proto {tcp, udp} from any to any user mc And these additions on the border firewall: Inbound: Allow always TCP/UDP from any to 10.0.0.40 (NAS) Outbound: Allow always TCP port 80 from 10.0.0.40 to any (needed for online account checkups) This works fine but only when the OpenVPN/Tunnelblick tunnel is down. When up no connection is possbile to the minecraft server from outside of LAN. inside LAN is always OK. Everything else functions as intended. I believe the redirect_gateway push is close to the root of the problem, but I want to keep that specific VPN provider because of the fantastic throughput, price and service. The Solution? How can I open up the minecraft server port outside of the tunnel so it's only available over en0 not the VPN tunnel? Should I a static route? But I don't know which IPs will be connecting...stumbles How secure would to estimate this setup to be and do you have other improvements to share? I've searched extensively in the last few days to no avail...If you've read this far I bet you know the answer :)

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 89 90 91 92 93 94 95 96 97 98 99 100  | Next Page >