Search Results

Search found 4538 results on 182 pages for 'rules'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 95/182 | < Previous Page | 91 92 93 94 95 96 97 98 99 100 101 102  | Next Page >

  • What is the right iptables rule to allow apt-get to download programs?

    - by anthony01
    When I type something like sudo apt-get install firefox, everything work until it asks me: After this operation, 77 MB of additional disk space will be used. Do you want to continue [Y/n]? Y Then error messages are displayed: Failed to fetch: <URL> My iptables rules are as follows: -P INPUT DROP -P OUTPUT DROP -P FORWARD DROP -A INPUT -i lo -j ACCEPT -A OUTPUT -o lo -j ACCEPT -A INPUT -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT -A OUTPUT -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT What should I add to allow apt-get to download updates? Thanks

    Read the article

  • How to configure something like "Reflexive ACL" on OpenBSD?

    - by Earlz
    My U-Verse modem has something called "Reflexive ACL" described as Reflexive ACL: When IPv6 is enabled, you can enable Reflexive Access Control Lists to deny inbound IPv6 traffic unless this traffic results from returning outgoing packets (except as configured through firewall rules). This seems like a pretty good way to keep from having to maintain a firewall on each computer behind my router that gets handed an IPv6 address. It sounds about like a NAT, which for my small home network is all I want right now. Now my modem sucks as a router though, so I'm in the process of configuring an OpenBSD router to do that. I've got IPv6 supported and all that and my OpenBSD router will hand out IPv6 addresses by rtadvd. Now I want to keep people from having instant access to my local network through IPv6. How would I best do something like Reflexive ACL with pf in OpenBSD 5.0?

    Read the article

  • Taking two actions in monit

    - by Oddthinking
    My monit script works to detect an outage with a process and inform me when the rule is: IF DOES NOT EXIST THEN ALERT My monit script works to detect an outage and automatically fix it when the rule is: IF DOES NOT EXIST THEN START But, what I want it to do is inform me AND fix it. Two rules in a row seems to make it ignore all but the last: IF DOES NOT EXIST THEN ALERT IF DOES NOT EXIST THEN START # No alert given. I could use a custom script that does both, and IF DOES NOT EXIST THEN EXEC "my_handwritten_script" but I was trying to move away from a mess of hand-written scripts towards a clean Monit configuration. Can I configure Monit to take two actions?

    Read the article

  • Unable to change IP address for eth0 without restart in Ubuntu

    - by Rodnower
    I have Ubuntu 12.04.1 installed. I tried to change the IP address of the interface eth0 in /etc/network/interfaces from 192.168.1.3 to 192.168.1.4 auto lo iface lo inet loopback pre-up iptables-restore < /etc/iptables.up.rules auto eth0 iface eth0 inet static address 192.168.1.4 gateway 192.168.1.1 netmask 255.255.255.0 network 192.168.1.0 broadcast 192.168.1.255 sudo service networking status When I issue: sudo service networking restart I get this response: stop: Unknown instance: networking stop/waiting And IP remains 192.168.1.3: eth0 Link encap:Ethernet HWaddr 00:1e:33:71:cd:a4 inet addr:192.168.1.3 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::21e:33ff:fe71:cda4/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:3861 errors:0 dropped:0 overruns:0 frame:0 TX packets:3291 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:3423285 (3.4 MB) TX bytes:521854 (521.8 KB) Interrupt:45 Base address:0x4000 Only after restart does the IP change. Any ideas?

    Read the article

  • How to open a server port outside of an OpenVPN tunnel with a pf firewall on OSX (BSD)

    - by Timbo
    I have a Mac mini that I use as a media server running XBMC and serves media from my NAS to my stereo and TV (which has been color calibrated with a Spyder3Express, happy). The Mac runs OSX 10.8.2 and the internet connection is tunneled for general privacy over OpenVPN through Tunnelblick. I believe my anonymous VPN provider pushes "redirect_gateway" to OpenVPN/Tunnelblick because when on it effectively tunnels all non-LAN traffic in- and outbound. As an unwanted side effect that also opens the boxes server ports unprotected to the outside world and bypasses my firewall-router (Netgear SRX5308). I have run nmap from outside the LAN on the VPN IP and the server ports on the mini are clearly visible and connectable. The mini has the following ports open: ssh/22, ARD/5900 and 8080+9090 for the XBMC iOS client Constellation. I also have Synology NAS which apart from LAN file serving over AFP and WebDAV only serves up an OpenVPN/1194 and a PPTP/1732 server. When outside of the LAN I connect to this from my laptop over OpenVPN and over PPTP from my iPhone. I only want to connect through AFP/548 from the mini to the NAS. The border firewall (SRX5308) just works excellently, stable and with a very high throughput when streaming from various VOD services. My connection is a 100/10 with a close to theoretical max throughput. The ruleset is as follows Inbound: PPTP/1723 Allow always to 10.0.0.40 (NAS/VPN server) from a restricted IP range >corresponding to possible cell provider range OpenVPN/1194 Allow always to 10.0.0.40 (NAS/VPN server) from any Outbound: Default outbound policy: Allow Always OpenVPN/1194 TCP Allow always from 10.0.0.40 (NAS) to a.b.8.1-a.b.8.254 (VPN provider) OpenVPN/1194 UDP Allow always to 10.0.0.40 (NAS) to a.b.8.1-a.b.8.254 (VPN provider) Block always from NAS to any On the Mini I have disabled the OSX Application Level Firewall because it throws popups which don't remember my choices from one time to another and that's annoying on a media server. Instead I run Little Snitch which controls outgoing connections nicely on an application level. I have configured the excellent OSX builtin firewall pf (from BSD) as follows pf.conf (Apple App firewall tie-ins removed) (# replaced with % to avoid formatting errors) ### macro name for external interface. eth_if = "en0" vpn_if = "tap0" ### wifi_if = "en1" ### %usb_if = "en3" ext_if = $eth_if LAN="{10.0.0.0/24}" ### General housekeeping rules ### ### Drop all blocked packets silently set block-policy drop ### all incoming traffic on external interface is normalized and fragmented ### packets are reassembled. scrub in on $ext_if all fragment reassemble scrub in on $vpn_if all fragment reassemble scrub out all ### exercise antispoofing on the external interface, but add the local ### loopback interface as an exception, to prevent services utilizing the ### local loop from being blocked accidentally. ### set skip on lo0 antispoof for $ext_if inet antispoof for $vpn_if inet ### spoofing protection for all interfaces block in quick from urpf-failed ############################# block all ### Access to the mini server over ssh/22 and remote desktop/5900 from LAN/en0 only pass in on $eth_if proto tcp from $LAN to any port {22, 5900, 8080, 9090} ### Allow all udp and icmp also, necessary for Constellation. Could be tightened. pass on $eth_if proto {udp, icmp} from $LAN to any ### Allow AFP to 10.0.0.40 (NAS) pass out on $eth_if proto tcp from any to 10.0.0.40 port 548 ### Allow OpenVPN tunnel setup over unprotected link (en0) only to VPN provider IPs ### and port ranges pass on $eth_if proto tcp from any to a.b.8.0/24 port 1194:1201 ### OpenVPN Tunnel rules. All traffic allowed out, only in to ports 4100-4110 ### Outgoing pings ok pass in on $vpn_if proto {tcp, udp} from any to any port 4100:4110 pass out on $vpn_if proto {tcp, udp, icmp} from any to any So what are my goals and what does the above setup achieve? (until you tell me otherwise :) 1) Full LAN access to the above ports on the mini/media server (including through my own VPN server) 2) All internet traffic from the mini/media server is anonymized and tunneled over VPN 3) If OpenVPN/Tunnelblick on the mini drops the connection, nothing is leaked both because of pf and the router outgoing ruleset. It can't even do a DNS lookup through the router. So what do I have to hide with all this? Nothing much really, I just got carried away trying to stop port scans through the VPN tunnel :) In any case this setup works perfectly and it is very stable. The Problem at last! I want to run a minecraft server and I installed that on a separate user account on the mini server (user=mc) to keep things partitioned. I don't want this server accessible through the anonymized VPN tunnel because there are lots more port scans and hacking attempts through that than over my regular IP and I don't trust java in general. So I added the following pf rule on the mini: ### Allow Minecraft public through user mc pass in on $eth_if proto {tcp,udp} from any to any port 24983 user mc pass out on $eth_if proto {tcp, udp} from any to any user mc And these additions on the border firewall: Inbound: Allow always TCP/UDP from any to 10.0.0.40 (NAS) Outbound: Allow always TCP port 80 from 10.0.0.40 to any (needed for online account checkups) This works fine but only when the OpenVPN/Tunnelblick tunnel is down. When up no connection is possbile to the minecraft server from outside of LAN. inside LAN is always OK. Everything else functions as intended. I believe the redirect_gateway push is close to the root of the problem, but I want to keep that specific VPN provider because of the fantastic throughput, price and service. The Solution? How can I open up the minecraft server port outside of the tunnel so it's only available over en0 not the VPN tunnel? Should I a static route? But I don't know which IPs will be connecting...stumbles How secure would to estimate this setup to be and do you have other improvements to share? I've searched extensively in the last few days to no avail...If you've read this far I bet you know the answer :)

    Read the article

  • Do TCP connections work differently within the same subnet?

    - by Dean
    I've encountered some network behaviour that confuses me while trying to get Java RMI working. I use netcat to connect to a local machine: [my_machine]$ nc -w 1 192.168.0.100 60000 && echo success success I try to do the same to my server: [my_machine]$ nc -w 1 my-servers-ip 60000 && echo success This doesn't work, unless I explicitly listen on the server socket: [amazon_ec2]$ nc -l 60000 [my_machine]$ nc -w 1 my-servers-ip 60000 && echo success success For the version that fails, the SYN packet receives a RST, ACK in response. I'm not too knowledgable about this stuff, at this point I only have wild theories such as the one in the question. Any ideas? Potentially useful details: Local Machine (192.168.0.100) - Macbook Remote Machine (Amazon EC2) - Amazon Linux AMI 2012.03 Security Group Settings: 22 (SSH) 0.0.0.0/0 1099 0.0.0.0/0 49152-65535 0.0.0.0/0 "iptables -L" shows no rules set

    Read the article

  • Running a home mail server using dynamic dns

    - by user4009
    Hi, Is it possible to run an email server on my home box using dynamic dns? The scenario is, I want to auto cc all incoming and outgoing emails from my one account to another, from some server side config instead of configuring email clients for rules. I have tried Google Apps Mail but it doesn't allow auto cc of outgoing emails. After having read tons of blogs, forum messages etc (hope I have been reading the correct info :) ) the only option to achieve what I am needing is to setup my own mail server, but the cost of getting a static IP doesn't fit my budget. Please can someone point me in the correct direction. Platform doesn't matter, I can setup a Windows or Linux server. Many Thanks

    Read the article

  • Serve PHP page in web root but show contents in subdirectories

    - by David
    I have a web site on a shared hosting server. My directory layout looks like this /home /user /public_html /pics /family There is an index.php file in public_html. I need help writing .htaccess rules that will Serve the index.php file when www.domain.org is requested Force the user back to public_html when www.domain.org/pics is requested Allow the user to see the directory contents when www.domain.org/pics/family is requested I experimented with a lot of combinations of RewriteCond and RewriteRule, but I don't understand the documentation and examples well enough to know if what I want to do is even possible. The web server application is some version of Apache.

    Read the article

  • iptables: How to create a rule for a single website that does not apply to other websites?

    - by Kris
    Virtual Dedicated Server hosts 10 websites. 1 firewall made with iptables If one of those 10 websites gets hit by too many ping requests coming from one IP address, how do I limit or drop it without dropping it for the other 9 websites? Do I create a firewall for every website ? If so, how? Or is it better to change my rules? If so, how? Thank you. Original question was posted here iptables: what's best practice when there're several websites but you want to use a rule for a single website? but it was too vague. Let me know if more info is needed.

    Read the article

  • Unable to ping between subnets and out to internet

    - by battlemidget
    My setup is Modem - Linksys router - Laptop with 2 devices (wlan0/eth0) - desktop machine Router is 192.168.1.1 gateway to the internet Laptop wlan0 is 192.168.1.4 with a gw of 192.168.1.1 Laptop eth0 is 192.168.2.254 which acts as a second gateway desktop is 192.168.2.100 On laptop i've setup ip_forward to 1, and have inserted 2 iptables rules -A FORWARD -i eth0 -o wlan0 -j ACCEPT -A FORWARD -i wlan0 -o eth0 -j ACCEPT The laptop can ping outside the network (i,e, yahoo.com) it can not ping 192.168.2.100. The desktop can ping 192.168.2.254 but nothing outside the network or 192.168.1.0 subnet. On laptop ip route show lists: 192.168.2.0/24 dev eth0 proto kernel scope link src 192.168.2.254 192.168.1.0/24 dev wlan0 proto kernel scope link src 192.168.1.4 127.0.0.0/8 dev lo scope link default via 192.168.1.1 dev wlan0 What am I missing to make my desktop go through the laptop in order to access the router which provides access to the internet? Thanks

    Read the article

  • Unable chage IP address for eth0 without restart in Ubunto

    - by Rodnower
    I have Ubuntu 12.04.1 installed. I try to change IP address of the interface eth0 in /etc/network/interfaces from 192.168.1.3 to 192.168.1.4: auto lo iface lo inet loopback pre-up iptables-restore < /etc/iptables.up.rules auto eth0 iface eth0 inet static address 192.168.1.4 gateway 192.168.1.1 netmask 255.255.255.0 network 192.168.1.0 broadcast 192.168.1.255 sudo service networking status Now I issue: sudo service networking restart I have response: stop: Unknown instance: networking stop/waiting And IP remains 192.168.1.3: eth0 Link encap:Ethernet HWaddr 00:1e:33:71:cd:a4 inet addr:192.168.1.3 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::21e:33ff:fe71:cda4/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:3861 errors:0 dropped:0 overruns:0 frame:0 TX packets:3291 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:3423285 (3.4 MB) TX bytes:521854 (521.8 KB) Interrupt:45 Base address:0x4000 Only after restart IP changing... Any ideas?

    Read the article

  • Reverse Proxy (mod_rewrite) and Rails (absolute paths)

    - by SooDesuNe
    I have front end rails app, that reverse proxies to any of a number of backend rails apps depending on URL, for example http://www.my_host.com/app_one reverse proxies to http://www.remote_host_running_app_one.com such that a URL like http://www.my_host.com/app_one/users will display the contents of http://www.remote_host_running_app_one.com/users I have a large, and ever expanding number of backends, so they can not be explicitly listed anywhere other than a database. This is no problem for mod_rewrite using a prg:/ rewrite map reverse proxy. The question is, the urls returned by rails helpers have the form /controller/action making them absolute to the root. This is a problem for the page served by mod_rewrite because links on the proxied page appear as absolute to the domain. i.e.: http://www.my_host.com/app_one/controller/action has links that end up looking like /controller/action/ when they need to look like /app_one/controller/action mod_proxy_html seems like the right idea, but it doesn't seem to be as dynamic as I would need, since the rules need to be hard coded into the config files. Is there a way to fix this server-side, so that the links will be routed correctly?

    Read the article

  • Need help to figure out iptables rule

    - by Master
    I have this iptable rule listing Chain INPUT (policy DROP) target prot opt source destination ACCEPT tcp -- 127.0.0.1 0.0.0.0/0 tcp dpt:3306 acctboth all -- 0.0.0.0/0 0.0.0.0/0 VZ_INPUT all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306 ACCEPT tcp -- 94.101.25.40 0.0.0.0/0 state NEW tcp dpt:3306 Chain FORWARD (policy DROP) target prot opt source destination VZ_FORWARD all -- 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy DROP) target prot opt source destination acctboth all -- 0.0.0.0/0 0.0.0.0/0 VZ_OUTPUT all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT tcp -- 94.101.25.40 0.0.0.0/0 state NEW tcp dpt:3306 I want only localhost and my ip to access tcp 3306. Can i deleted all other rules as shown above. I don't know if i nned to keep any of them or not

    Read the article

  • OS X Server: SMTP Server problem

    - by plucked
    Hi, I have problem to setup my mail server. My system is a OS X 10.6.2. Server. I configured the mail server so far, but I cannot connect to the smtp server correctly. Correctly means that I can connect via telnet (and do the "HELO") from another server within the same serverrack, but not from outside. But when I try to telnet my http server, it works fine from outside. I already checked my firewall rules with "sudo ipfw list" and the port 25 is not blocked in any case. What could be the problem with connecting to port 25 via telnet from outside of the serverrack? Cheers

    Read the article

  • Getting back the old alt-tab windows switching behavior in Windows 7?

    - by Carlos A. Ibarra
    When you run more than 6 applications on Windows 7 and you press alt-TAB, icons representing the first 6 applications and the desktop appear on the first row of the grid and you can cycle with alt-TAB-TAB... through the 6 most recently used windows the usual way, but the 7th and other less recently used windows don't follow the same rules. Instead they get grouped together according to their application but disregarding whether they were recently used or not. This new behavior is mentioned here. I am very used to the old way of cycling and the new system is driving me crazy. I tend to have 20 or so windows open at one time and I frequently need to alt-tab to the 7th or 8th window on the stack but it doesn't work the same anymore. Does anyone know how to put back the old behavior, so that alt-tab-tab-tab... goes through the whole list in most-recent to least-recent order?

    Read the article

  • Mirror network packets from WiFi to Ethernet in an ASUS Router RT N53

    - by fazineroso
    I have an ASUS RT N53 router, running the default firmware (Linux 2.6.22 with busybox and uclibc). I need to capture data packets from some Wi-Fi devices I have connected to that router (iPad and some smartphones), but the router is not forwarding any package coming from Wi-Fi devices to the Ethernet Ports. Any idea how can I proceed? Available tools in the router are iptables (no tee option, though), ebtables, brctl... Currently the ethernet and Wifi devices are forming a bridge: # brctl show bridge name bridge id STP enabled interfaces br0 8000.50465dc06be2 no vlan0 eth1 No ebtables rules: # ebtables -L Bridge table: filter Bridge chain: INPUT, entries: 0, policy: ACCEPT Bridge chain: FORWARD, entries: 0, policy: ACCEPT Bridge chain: OUTPUT, entries: 0, policy: ACCEPT

    Read the article

  • Throttling bandwidth on a per group basis

    - by Robreylen
    I am wondering if it is possible to create a bandwidth shaping/throttling script that shapes traffic based on user group. That is, if user1, user2, are in user group group1, they will have 1mb/s download and 1mb/s upload, whilst if user3 and user4 are in group2, they will have 256kb/s download and 256kb/s upload. I've read a bit about this and I found some iptables and TC implementations of a per user solution, but I have not seen anything for a user group. Hopefully it can be simply implemented in form of a custom iptables rules and script running with TC or the like. Here is a script I was looking into that does a system wide throttle: http://atmail.com/kb/2009/throttling-bandwidth/ I assume it is possible to do user group throttling since it is possible for throttling on a per user basis. Thanks for any info you can provide for this question.

    Read the article

  • Set an Excel cell's color based on multiple other cells' colors

    - by Lord Torgamus
    I have an Excel 2007 spreadsheet for a list of products and a bunch of factors to rate each one on, and I'm using Conditional Formatting to set the color of the cells in the individual attribute columns. It looks something like this: I want to fill in the rating column for each item with a color, based on the color ratings of its individual attributes. Examples of ways to determine this: the color of the category in which the item scored worst the statistical mode of the category colors the average of the category ratings, where each color is assigned a numerical value How can I implement any or all of the above rules? (I'm really just asking for a quick overview of the relevant Excel feature; I don't need step-by-step instructions for each rule.)

    Read the article

  • How can I ensure an ex-administrator of Exchange doesn't still have email access somewhere?

    - by Tony T
    I work for a company in which an ex-employee had administrative access to Microsoft Exchange 2007, and I understand that at some points this person had email which was sent to other employees also forwarded on to him. Upon taking over the administration of the server, of course all of his known accounts were closed, and any of those forwarding rules were removed. However, I would like to ensure that we didn't miss anything. What would be the best way to ensure that: (1) There isn't still some sort-of email being forwarded on to him somewhere? (2) That he doesn't have some sort-of other access to an inbox or another employee's email? I am less concerned about access to the box itself as I am that there is an existing email rule somewhere that is still getting run, or that there is a distribution list that we missed, etc.

    Read the article

  • Conditional cPanel Forwarder

    - by Wireblue
    We have many clients on a cPanel server, some of which also have SSL certificates setup. Each year when the renewals are sent to webmaster@ their domain we would like a copy of those emails so we can install the SSL certifciate for them and issue invoices etc. So I'm wondering if there is a way we can selectively or conditionally forward certain emails if they match certain rules? (in cPanel) I'm thinking: If an email is sent to "webmaster@domain" and the subject contains "ssl", then forward to "[email protected]". Any ideas? Thanks in advance, Wireblue

    Read the article

  • Hide the ports in the url of a tomcat application

    - by S.M.09
    I have setup tomcat 6 on a server with several different instances which run on different ports For Eg: http://10.XXX.XXX.XXX:8080/myAPP1 http://10.XXX.XXX.XXX:8088/myAPP2 http://10.XXX.XXX.XXX:8082/myAPP3 and so on... These urls are available two the users using these and other applications Now I want to hide the ports on which each of the applications are running... So that the user could see only something like this http://10.XXX.XXX.XXX/myAPP1 http://10.XXX.XXX.XXX/myAPP2 http://10.XXX.XXX.XXX/myAPP3 What is needed to be done for this I have achieved this for one url (i.e. one port) using the firewall rules and redirect the request on HTTP 80 port to the port that tomcat is listening.. But I want such patter to appear for all the urls... How can I go about this? Specs HOST M/C : 64 bit OS: Linux Redhat Tomcat : 6.0

    Read the article

  • How do I block a single css file from being loaded with firefox or chrome?

    - by Tim Santeford
    I want to be able to block one css file from loading on my system. The site has multiple sheets that I do want to load but it has one hideous theme.css file that I just have to get rid of. I would prefer to use Chrome but FF is ok too. A system wide ban on the file would be ideal. I want to specify a single url that the computer becomes incapable of fetching it. I will then use stylish to create my own replacement. BTW its a SharePoint theme and it has way too many rules to have to override. Thanks

    Read the article

  • Plus sign ( + ) in a rewrite rule (.HTACCESS on Linux Server) (SOLVED)

    - by ienabellamy
    i've this snippet, but it doesn't works. Obviously is that plus sign + tha must be escape ? RewriteCond %{QUERY_STRING} ^orderby=position&controller=search&orderway=desc&search_query=t+max$ RewriteRule ^it/cerca$ http://www.wrs.sm/it/cerca?orderby=position&controller=search&orderway=desc&search_query=tmax? [R=301,L] i want to redirect this url http://www.wrs.sm/it/cerca?orderby=position&controller=search&orderway=desc&search_query=t+max to this http://www.wrs.sm/it/cerca?orderby=position&controller=search&orderway=desc&search_query=tmax Thanks ;) I found the solution, the correct rules are: RewriteCond %{QUERY_STRING} ^orderby=position&controller=search&orderway=desc&search_query=t\+max$ RewriteRule ^it/cerca$ http://www.wrs.sm/it/cerca?orderby=position&controller=search&orderway=desc&search_query=tmax [R=301,L]

    Read the article

  • Firewall is blocking internet traffic to OpenVPN clients

    - by user268905
    I have a virtual network setup with a Linux router/firewall connected to two private networks. An OpenVPN server in routing mode and a web server are in one of the networks. On the other are linux client machines which access the webserver and the Internet through the OpenVPN server. Also, external clients can access the OpenVPN from the Internet. The OpenVPN's server.conf is setup to use routing mode in udp, push DNS and routes to the network it is in so clients can access the webserver. Here are my very strict firewall rules. After connecting to the OpenVPN server, my clients can not access the Internet or the web server. When I allow FORWARD traffic to go through, it works just fine. The OpenVPN server has full internet connectivity. What firewall rule do I need to add to allow internet traffic to reach my clients?

    Read the article

  • Windows Firewall 2008 Server - Allow only given IP in, block all others

    - by chumad
    I've got a Windows 2008 Server. It has the built-in windows firewall on it. I've played around with the Advanced settings where I can setup inbound/outbound rules, but it doesn't appear that I can create a rule that would say "Block All incoming traffic except traffic coming from this IP address" I created a rule that Blocks All, but there's no way that I've found to create a rule that will "override" the block rule and allow 1 or more IP's to get in. I accomplished this on a Win2k box using IPSEC, but it seems that IPSEC is now built-in to windows firewall. Any tips?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 91 92 93 94 95 96 97 98 99 100 101 102  | Next Page >