How do you enable L2TP in a Cisco Firewall?
- by johnny
I am trying to find out how to allow L2TP traffic through a PIX 515e firewall. Windows 2003 is already configured. Thank you.
Search Results
Search found 4721 results on 189 pages for 'traffic'.
Page 97/189 | < Previous Page | 93 94 95 96 97 98 99 100 101 102 103 104 | Next Page >
-
-
best tomcat hosting servrice provider for jsp
- by akshay
I want to host my website build using jsp/java.I am looking for a good host which offer following features. unlimited bandwidth (to support large traffic.I dont want to run slowely) low price` good customer care suport that can help me in deploying in case of any problems I am running tight on budget.As i am a university passout. `Read the article
-
Selecting which IP address to use for outgoing requests from behind a NAT
- by iamrohitbanga
Our organization has several external IP addresses. I am behind 2 layers of NAT and the servers choose which IP address to route my traffic to. Can I specify which IP address to use when finally leaving the organizations network. I know that source routing can be done in IPv4 by adding some options in the header. But can I configure my PC to add these options automatically. I have both a Windows and a Linux Machine.Read the article
-
Is it possible to make a web browser proxy tunnel with Netcat/Socat?
- by djangofan
Concerning the Netcat/Socat utility . From the man page, it seems like it is possible to create a secure proxy using netcat by which I could point my web browser to like a proxy server , that could fork/drive my web traffic through the proxy. Is this possible? Any hints on how to do this? Socat on windows is preferrable but netcat on linux is ok. http://www.dest-unreach.org/socat/doc/socat.htmlRead the article
-
How do I get squid peers to talk SSL to each other?
- by Marcelo Cantos
How would I set up a pair of squid proxies so that one uses the other as a parent and all traffic between them is encrypted using SSL? I've read the cache_peer documentation, but it's all very fuzzy to me which certs I need to create (and how), which server uses which cert, and so on. Is there a straightforward HOW-TO for this somewhere? Just to be clear, I don't want to know how to setup squid to proxy https requests, or as a reverse proxy for a web server that uses https.Read the article
-
Configuring Windows 2003 As A Router
- by Sean M
I am trying to configure a Windows 2003 server to act as a router, so that the two subnetworks that I'm dealing with can communicate with one another without NAT. I am mostly sure that I have configured Windows 2003 incorrectly, and I'm finding it very difficult to drill down through Google results to something helpful. I have a 192.168.1.0/24 network that is my "production" network (in the sense that I'm in trouble if I screw it up) and a 10.0.0.0/8 network that is my test network. The 192.168.1.0 network is ruled by a gateway whose routing table looks like this (my address redacted): The Windows 2003 server, "prime," is multihomed. Its network adapters are at 192.168.1.122, (as seen above), 10.0.0.1, and 10.0.0.2. I added the Routing and Remote Access role to it, and enabled LAN routing. I do not have it using RIP or other routing protocols. Its current routing table is shown below. To me, it looks like all of the right routes are there for traffic to pass between the 192.168.1.0 network and the 10.0.0.0 network. However, traffic does not pass. The 10.0.0.11 and .12 clients cannot be contacted from the 192.168.1.0 network. When I use traceroute to try to get to them, the trace gets to the Windows 2003 server's 192.168.1.122 address, then produces nothing but "* * *" timeouts. When I try to traceroute to 192.168.1.1 from a 10.0.0.0-network client, I get "destination host unreachable." However, I know that the routing is working at least a little, because from the 192.168.1.0 network, I can connect to the Windows server just fine by referring to it as 10.0.0.1. What static routes would allow me to contact 10.0.0.11 and .12 from the 192.168.1.0 network? Is it possible to tell the Windows server "since you are a DHCP/DNS server, you already know routes to get to machines that are getting IP addresses from you, please add those to your routing table" ? Will using RIP or OSPF on the Windows server actually be helpful in this situation?Read the article
-
Tor and blacklisting
- by Likso
I'm studying Tor and its capability to provide anonymity and bypass censorship, especially when used by people of repressive countries. I'm wondering about one thing. The nodes that are part of the "Onion Network" are limited and they're public. So, in an oppressive regime, couldn't be possible that someone with a blacklist just put a firewall blocking in this way TOR traffic? (and tracking down who's using it?)Read the article
-
Debugger for Iptables
- by chris_l
Hi, I'm looking for an easy way to follow a packet through the iptables rules. This is not so much about logging, because I don't want to log all traffic (and I only want to have LOG targets for very few rules). Something like Wireshark for Iptables. Or maybe even something similar to a debugger for a programming language. Thanks ChrisRead the article
-
Need help making site available externally
- by White Island
I'm trying to open a hole in the firewall (ASA 5505, v8.2) to allow external access to a Web application. Via ASDM (6.3?), I've added the server as a Public Server, which creates a static NAT entry [I'm using the public IP that is assigned to 'dynamic NAT--outgoing' for the LAN, after confirming on the Cisco forums that it wouldn't bring everyone's access crashing down] and an incoming rule "any... public_ip... https... allow" but traffic is still not getting through. When I look at the log viewer, it says it's denied by access-group outside_access_in, implicit rule, which is "any any ip deny" I haven't had much experience with Cisco management. I can't see what I'm missing to allow this connection through, and I'm wondering if there's anything else special I have to add. I tried adding a rule (several variations) within that access-group to allow https to the server, but it never made a difference. Maybe I haven't found the right combination? :P I also made sure the Windows firewall is open on port 443, although I'm pretty sure the current problem is Cisco, because of the logs. :) Any ideas? If you need more information, please let me know. Thanks Edit: First of all, I had this backward. (Sorry) Traffic is being blocked by access-group "inside_access_out" which is what confused me in the first place. I guess I confused myself again in the midst of typing the question. Here, I believe, is the pertinent information. Please let me know what you see wrong. access-list acl_in extended permit tcp any host PUBLIC_IP eq https access-list acl_in extended permit icmp CS_WAN_IPs 255.255.255.240 any access-list acl_in remark Allow Vendor connections to LAN access-list acl_in extended permit tcp host Vendor any object-group RemoteDesktop access-list acl_in remark NetworkScanner scan-to-email incoming (from smtp.mail.microsoftonline.com to PCs) access-list acl_in extended permit object-group TCPUDP any object-group Scan-to-email host NetworkScanner object-group Scan-to-email access-list acl_out extended permit icmp any any access-list acl_out extended permit tcp any any access-list acl_out extended permit udp any any access-list SSLVPNSplitTunnel standard permit LAN_Subnet 255.255.255.0 access-list nonat extended permit ip VPN_Subnet 255.255.255.0 LAN_Subnet 255.255.255.0 access-list nonat extended permit ip LAN_Subnet 255.255.255.0 VPN_Subnet 255.255.255.0 access-list inside_access_out remark NetworkScanner Scan-to-email outgoing (from scanner to Internet) access-list inside_access_out extended permit object-group TCPUDP host NetworkScanner object-group Scan-to-email any object-group Scan-to-email access-list inside_access_out extended permit tcp any interface outside eq https static (inside,outside) PUBLIC_IP LOCAL_IP[server object] netmask 255.255.255.255 I wasn't sure if I needed to reverse that "static" entry, since I got my question mixed up... and also with that last access-list entry, I tried interface inside and outside - neither proved successful... and I wasn't sure about whether it should be www, since the site is running on https. I assumed it should only be https.Read the article
-
nginx: how do I track down a random 500 from nginx (not my application). Potentially has something to do with load?
- by kaleidomedallion
We recently had some 500's from nginx itself that somehow were not logged (we have screenshots, but nothing in the logs). That is weird in itself, because usually errors show up there. Regardless, I am wondering if there is something like a connection pool size that if maxed out would result in a 500? We have correlated it potentially to a recent spike in traffic, but it is not conclusive. Anyone have any ideas of how to begin to approach such an issue?Read the article
-
how to block https sites on netgear router?
- by Karthick88it
I am using NETGEAR Wireless-N-300 Router Model among couple of peoples to sahre internet connectivity. I have a problem, on my company i blocked facebook.com, but the users are access on protocol https, i blocked some ip´s of facebook but they haves a lot ip, please, how to block facebook on https protocol...?? Can anybody help me for creating the block HTTPS traffic rule. Like I need to block: https://www.facebook.com/ many thanks KarthickRead the article
-
Avoid corporate blocked URL's when on Cisco VPN
- by Marcus
When I'm on my home PC and on my company VPN I can't get to sites that my company blocks. Is there a way to get around this? Why do my requests to facebook.com go through the VPN? Can you configure your system to, for instance, not go through the VPN for HTTP traffic? Update: We are using Cisco VPN v 5, I'm running on XPRead the article
-
How-To define an Alias-Name for a given Fileserver?
- by Ice
Hi, I'm building a testsystem and want to use the servernames like in the productive environment. For tcp-traffic i made an entry in the hosts-file but that seems not to work for fileservers (smb). How may i define an Alias-Name like (\Filer) for my fileserver with IP:192.168.1.2 and Name \testshare in our test-domain? Peace IceRead the article
-
Blank graph for some munin plugins
- by jack
I have a munin-master and munin-node installed on same server (Ubuntu 9.10 server). Most pre-installed plugins work well but the following plugins are with blank graph: Memcached bytes used Memcached connections Memcached cache hits and misses Memcached cached items Memcached requests Memcached network traffic MySQL Queries Cache Size I run the following 3 script in terminal and results were ok. /etc/munin/plugins/memcached_bytes /etc/munin/plugins/memcached_counters /etc/munin/plugins/memcached_rates But when I tried the command below after "telnet localhost 4949" fetch memcached_bytes # Unknown service etch memcached_bytes_ # timeout pid 28009 - killing...done Does anyone know the reason?Read the article
-
Why can't I get Apache2 mod_dumpio working under Lucid Lynx Ubuntu?
- by bland328
I'm trying to capture all of the traffic to and from an Apache2 web server for troubleshooting purposes, so I did the following to try to set mod_dumpio up properly: Used a2enmod to enable mod_dumpio Changed LogLevel to "debug" in apache2.config Added "DumpIOInput On", "DumpIOOutput On" and "DumpIOLogLevel debug" to apache2.config Issued "/etc/init.d/apache2 restart" to restart Apache Issued "apache2ctl -t -D DUMP_MODULES" to make sure mod_dumpio was loaded I'm watching /var/log/apache2/error.log, but not seeing much there, and certainly not a dump of all input and output. Can anyone help?Read the article
-
How to relax firewall for UDP connections/ports for a specific IP address?
- by Gnanam
Hi, My server is Red Hat Enterprise Linux Server release 5. iptables version is v1.3.5. I want to allow all UDP connections / port for the IP address 192.168.0.200. This IP address is configured in my eth0. So basically I want to set it up the same as my local loopback (127.0.0.1) UDP traffic. What is the iptable command to allow all UDP connections / ports for IP 192.168.0.200?Read the article
-
How does NMap decide to print a progress line?
- by Andrew Bolster
Checking a larger subnet than I normally do; mapping out a cluster suite in a university for a traffic mapping project (permission attained), and I was wondering something. NMap usually prints its progress periodically, but I'm unclear to what that 'periodically' is, because the cirrent scan printed a line for basically every 100th of a percent up to 1% done, then one at 1.5%, and has said nothing since. I suspect that it changes at different 'levels' but does anyone have an actual answer?Read the article
-
kerio load balance
- by Azzam
I use kerio winroute 6.5 , for week ago, i got a second adsl link (2 mbps), i tried to configue the load balancing in kerio , but always , kerio directs the traffic to one route without the other , i enabled NAT for firewall and change the rate between 2 links but always kerio takes the system route to one link , is there a solution for that ?Read the article
-
Apache heavy load VIRT vs RES memory
- by pako
I have a Debian 5 server, which gets a lot of traffic. Right now the server has 4 GB of RAM and no swap memory. I see in top that Apache processes consume roughly 180 MB virtual memory (VIRT) each, and 16 MB of real RAM (RES). So how many Apache threads can I have running at the same time? About 4 GB / 180 MB = 22 or 4 GB / 16 MB = 256?Read the article
-
Few questions on bittorrent
- by user23950
Details Torrent Client: Bit lord Is it possible to continue torrent downloads on other computer? I'm at about 38% of the 8Gb file that I'm downloading. And then my isp suddenly dropped my speed from 90-100kbps into 40-48kbps(Maybe because I'm really producing lots of traffic with the 8 hrs/day downloading) If its possible what do I need to do in order for the downloads to be continued on other computerRead the article
-
Setting up a VPN server that uses a proxy server
- by Mehdi
My PC(Windows 7) is connected to internet through a proxy server configured in internet options. I have set up a VPN server in my PC. But the clients that connect to my VPN server don't have access to internet. I know that if I set the proxy setting in client they can connect to internet. But is there a way that my VPN server pass traffic through the proxy server? What about using another vpn server instead of proxy server?Read the article
-
How do I block IP addresses in SuSEFirewall?
- by Evgeny
Does SuSEfirewall in OpenSuSE 11 provide an easy way to block all traffic from a list of IP addresses? Ideally just a textfile into which I can put all IP addresses I want blocked, otherwise some configuration option. I've looked through /etc/sysconfig/SuSEfirewall2, but haven't been able to find anything like that.Read the article
-
Multi-site email relay based on email address (in AD?)
- by MarkRobinson
We have a multi site setup currently based around Exchange 2003, but we are getting a lot of traffic over the vpn as only one server has an internet facing IP. Is there such a product that could sit on a hosted rack somewhere that would look at an incoming email and from information in AD determine which mail server to relay the message to?Read the article
-
What to filter when providing very limited open WiFi to a small conference or meeting?
- by Tim Farley
Executive Summary The basic question is: if you have a very limited bandwidth WiFi to provide Internet for a small meeting of only a day or two, how do you set the filters on the router to avoid one or two users monopolizing all the available bandwidth? For folks who don't have the time to read the details below, I am NOT looking for any of these answers: Secure the router and only let a few trusted people use it Tell everyone to turn off unused services & generally police themselves Monitor the traffic with a sniffer and add filters as needed I am aware of all of that. None are appropriate for reasons that will become clear. ALSO NOTE: There is already a question concerning providing adequate WiFi at large (500 attendees) conferences here. This question concerns SMALL meetings of less than 200 people, typically with less than half that using the WiFi. Something that can be handled with a single home or small office router. Background I've used a 3G/4G router device to provide WiFi to small meetings in the past with some success. By small I mean single-room conferences or meetings on the order of a barcamp or Skepticamp or user group meeting. These meetings sometimes have technical attendees there, but not exclusively. Usually less than half to a third of the attendees will actually use the WiFi. Maximum meeting size I'm talking about is 100 to 200 people. I typically use a Cradlepoint MBR-1000 but many other devices exist, especially all-in-one units supplied by 3G and/or 4G vendors like Verizon, Sprint and Clear. These devices take a 3G or 4G internet connection and fan it out to multiple users using WiFi. One key aspect of providing net access this way is the limited bandwidth available over 3G/4G. Even with something like the Cradlepoint which can load-balance multiple radios, you are only going to achieve a few megabits of download speed and maybe a megabit or so of upload speed. That's a best case scenario. Often it is considerably slower. The goal in most of these meeting situations is to allow folks access to services like email, web, social media, chat services and so on. This is so they can live-blog or live-tweet the proceedings, or simply chat online or otherwise stay in touch (with both attendees and non-attendees) while the meeting proceeds. I would like to limit the services provided by the router to just those services that meet those needs. Problems In particular I have noticed a couple of scenarios where particular users end up abusing most of the bandwidth on the router, to the detriment of everyone. These boil into two areas: Intentional use. Folks looking at YouTube videos, downloading podcasts to their iPod, and otherwise using the bandwidth for things that really aren't appropriate in a meeting room where you should be paying attention to the speaker and/or interacting.At one meeting that we were live-streaming (over a separate, dedicated connection) via UStream, I noticed several folks in the room that had the UStream page up so they could interact with the meeting chat - apparently oblivious that they were wasting bandwidth streaming back video of something that was taking place right in front of them. Unintentional use. There are a variety of software utilities that will make extensive use of bandwidth in the background, that folks often have installed on their laptops and smartphones, perhaps without realizing.Examples: Peer to peer downloading programs such as Bittorrent that run in the background Automatic software update services. These are legion, as every major software vendor has their own, so one can easily have Microsoft, Apple, Mozilla, Adobe, Google and others all trying to download updates in the background. Security software that downloads new signatures such as anti-virus, anti-malware, etc. Backup software and other software that "syncs" in the background to cloud services. For some numbers on how much network bandwidth gets sucked up by these non-web, non-email type services, check out this recent Wired article. Apparently web, email and chat all together are less than one quarter of the Internet traffic now. If the numbers in that article are correct, by filtering out all the other stuff I should be able to increase the usefulness of the WiFi four-fold. Now, in some situations I've been able to control access using security on the router to limit it to a very small group of people (typically the organizers of the meeting). But that's not always appropriate. At an upcoming meeting I would like to run the WiFi without security and let anyone use it, because it happens at the meeting location the 4G coverage in my town is particularly excellent. In a recent test I got 10 Megabits down at the meeting site. The "tell people to police themselves" solution mentioned at top is not appropriate because of (a) a largely non-technical audience and (b) the unintentional nature of much of the usage as described above. The "run a sniffer and filter as needed" solution is not useful because these meetings typically only last a couple of days, often only one day, and have a very small volunteer staff. I don't have a person to dedicate to network monitoring, and by the time we got the rules tweaked completely the meeting will be over. What I've Got First thing, I figured I would use OpenDNS's domain filtering rules to filter out whole classes of sites. A number of video and peer-to-peer sites can be wiped out using this. (Yes, I am aware that filtering via DNS technically leaves the services accessible - remember, these are largely non-technical users attending a 2 day meeting. It's enough). I figured I would start with these selections in OpenDNS's UI: I figure I will probably also block DNS (port 53) to anything other than the router itself, so that folks can't bypass my DNS configuration. A savvy user could get around this, because I'm not going to put a lot of elaborate filters on the firewall, but I don't care too much. Because these meetings don't last very long, its probably not going to be worth the trouble. This should cover the bulk of the non-web traffic, i.e. peer-to-peer and video if that Wired article is correct. Please advise if you think there are severe limitations to the OpenDNS approach. What I Need Note that OpenDNS focuses on things that are "objectionable" in some context or another. Video, music, radio and peer-to-peer all get covered. I still need to cover a number of perfectly reasonable things that we just want to block because they aren't needed in a meeting. Most of these are utilities that upload or download legit things in the background. Specifically, I'd like to know port numbers or DNS names to filter in order to effectively disable the following services: Microsoft automatic updates Apple automatic updates Adobe automatic updates Google automatic updates Other major software update services Major virus/malware/security signature updates Major background backup services Other services that run in the background and can eat lots of bandwidth I also would like any other suggestions you might have that would be applicable. Sorry to be so verbose, but I find it helps to be very, very clear on questions of this nature, and I already have half a solution with the OpenDNS thing.Read the article
-
How to configure Transparent IP Address Sharing (TAS) on a Mediatrix 4102 with DGW 2.0 firmware?
- by Pascal Bourque
I am making the switch to VoIP. I chose voip.ms as my service provider and Mediatrix 4102 as my ATA. One reason why I chose the Mediatrix over other popular consumer ATAs is that it's supposed to be easy to place it in front of the router, so it can give priority to its own upstream traffic over the home network's upstream traffic. This is supposed to work transparently, with the ATA and router sharing the same public IP address (the one obtained from the modem). They call this feaure Transparent IP Address Sharing, or TAS. Their promotional brochure describes it like this: The Mediatrix 4102 also uses its innovative TAS (Transparent IP Address Sharing) technology and an embedded PPPoE client to allow the PC (or router) connected to the second Ethernet port to have the same public IP address, eliminating the need for private IP addresses or address translations. I am interested by this feature because my router, an Apple Time Capsule, doesn't support QoS and cannot give priority to the voice packets if the ATA is behind the router. However, after hours of searching the web, reading the documentation, and good ol' trial and error, I haven't been able to configure the Mediatrix to run in this mode. Then I found a version of the manual that looks like it was for a previous version of the firmware (SIP), where there is an entire section dedicated to configuring TAS (starting at page 209). But my Mediatrix comes with the DGW 2.0 firmware, whose documentation does not mention TAS at all. So I tried to follow the TAS setup instructions from the SIP documentation and apply them to my DGW firmware, using the Variable Mapping Between SIP v5.0 and DGW v2.0 document as a reference, but no success. Some required SIP variables don't have an equivalent in DGW. So it looks like the DGW firmware does not support TAS at all, or if it does they are not doing anything to help us set it up. So right now, the Mediatrix is behind the router and VoIP works perfectly except when my upstream bandwidth is saturated. My questions are: Is downgrading to SIP firmware the only way to have my Mediatrix 4102 run in TAS mode? If not, anybody knows how to setup TAS on the DGW firmware? Is TAS mode the only way to give priority to the voice packets if I want to keep my current router (Apple Time Capsule)? Thanks!Read the article
