Search Results

Search found 4786 results on 192 pages for 'traffic shaping'.

Page 98/192 | < Previous Page | 94 95 96 97 98 99 100 101 102 103 104 105  | Next Page >

  • My current iptable configuration doesn't work [on hold]

    - by Brad
    sudo chkconfig iptables off /etc/init.d/iptables on ### Clear/flush iptables sudo iptables -F sudo iptables -P INPUT ACCEPT sudo iptables -P OUTPUT ACCEPT sudo iptables -P FORWARD ACCEPT ### Allow SSH iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -o eth0 -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT ### Allow YUM updates sudo iptables -A OUTPUT -o eth0 -p tcp --dport 80 --match owner --uid-owner 0 --state NEW,ESTABLISHED -j ACCEPT sudo iptables -A OUTPUT -o eth0 -p tcp --dport 443 --match owner --uid-owner 0 --state NEW,ESTABLISHED -j ACCEPT ### Add your rules form the link above, here # ftp,smtp,imap,http,https,pop3,imaps,pop3s sudo iptables -A INPUT -i eth0 -p tcp -m multiport --dports 21,25,143,80,443,110,993,995 -m state --state NEW,ESTABLISHED -j ACCEPT sudo iptables -A OUTPUT -o eth0 -p tcp -m multiport --sports 21,25,143,80,110,443,993,995 -m state --state NEW,ESTABLISHED -j ACCEPT ## allow dns sudo iptables -A OUTPUT -p udp -o eth0 --dport 53 -j ACCEPT && sudo iptables -A INPUT -p udp -i eth0 --sport 53 -j ACCEPT # handling pings sudo iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT && sudo iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT sudo iptables -A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT && sudo iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT # manage ddos attacks sudo iptables -A INPUT -p tcp --dport 80 -m limit --limit 25/minute --limit-burst 100 -j ACCEPT ## Implement some logging so that we know what's getting dropped sudo iptables -N LOGGING sudo iptables -A INPUT -j LOGGING sudo iptables -A LOGGING -m limit --limit 2/min -j LOG --log-prefix "IPTables Packet Dropped: " --log-level 7 sudo iptables -A LOGGING -j DROP # once a rule affects traffic then it is no longer managed # so if the traffic has not been accepted, block it sudo iptables -A INPUT -j DROP sudo iptables -I INPUT 1 -i lo -j ACCEPT sudo iptables -A OUTPUT -j DROP # allow only internal port forwarding sudo iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT sudo iptables -P FORWARD DROP # create an iptables config file sudo iptables-save > /root/dsl.fw ### Append the following to the rc.local file sudo nano /etc/rc.local ####--- /sbin/iptables-restore < sudo /root/dsl.fw ####--- /etc/init.d/iptables save ## check to see if this setting is working great. sudo service iptables restart ## log out/in testing sudo chkconfig iptables on What is the problem with this setup? If I restart the server it doesn't allow me back in SSH, and there may be a problem with Yum Original source of information: https://gist.github.com/Jonathonbyrd/1274837#file-instructions

    Read the article

  • Setting up a transparent SSL proxy

    - by badunk
    I've got a linux box set up with 2 network cards to inspect traffic going through port 80. One card is used to go out to the internet, the other one is hooked up to a networking switch. The point is to be able to inspect all HTTP and HTTPS traffic on devices hooked up to that switch for debugging purposes. I've written the following rules for iptables: nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.2.1:1337 -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 1337 -A POSTROUTING -s 192.168.2.0/24 -o eth0 -j MASQUERADE On 192.168.2.1:1337, I've got a transparent http proxy using Charles (http://www.charlesproxy.com/) for recording. Everything's fine for port 80, but when I add similar rules for port 443 (SSL) pointing to port 1337, I get an error about invalid message through Charles. I've used SSL proxying on the same computer before with Charles (http://www.charlesproxy.com/documentation/proxying/ssl-proxying/), but have been unsuccessful with doing it transparently for some reason. Some resources I've googled say its not possible - I'm willing to accept that as an answer if someone can explain why. As a note, I have full access to the described set up including all the clients hooked up to the subnet - so I can accept self-signed certs by Charles. The solution doesn't have to be Charles-specific since in theory, any transparent proxy will do. Thanks! Edit: After playing with it a little, I was able to get it working for a specific host. When I modify my iptables to the following (and open 1338 in charles for reverse proxy): nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.2.1:1337 -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 1337 -A PREROUTING -i eth1 -p tcp -m tcp --dport 443 -j DNAT --to-destination 192.168.2.1:1338 -A PREROUTING -i eth1 -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 1338 -A POSTROUTING -s 192.168.2.0/24 -o eth0 -j MASQUERADE I am able to get a response, but with no destination host. In the reverse proxy, if I just specify that everything from 1338 goes to a specific host that I wanted to hit, it performs the hand shake properly and I can turn on SSL proxying to inspect the communication. The setup is less than ideal because I don't want to assume everything from 1338 goes to that host - any idea why the destination host is being stripped? Thanks again

    Read the article

  • How to allow local LAN access while connected to Cisco VPN?

    - by Ian Boyd
    How can I maintain local LAN access while connected to Cisco VPN? When connecting using Cisco VPN, the server has to ability to instruct the client to prevent local LAN access. Assuming this server-side option cannot be turned off, how can allow local LAN access while connected with a Cisco VPN client? I used to think it was simply a matter of routes being added that capture LAN traffic with a higher metric, for example: Network Destination Netmask Gateway Interface Metric 10.0.0.0 255.255.0.0 10.0.0.3 10.0.0.3 20 <--Local LAN 10.0.0.0 255.255.0.0 192.168.199.1 192.168.199.12 1 <--VPN Link And trying to delete the 10.0.x.x -> 192.168.199.12 route don't have any effect: >route delete 10.0.0.0 >route delete 10.0.0.0 mask 255.255.0.0 >route delete 10.0.0.0 mask 255.255.0.0 192.168.199.1 >route delete 10.0.0.0 mask 255.255.0.0 192.168.199.1 if 192.168.199.12 >route delete 10.0.0.0 mask 255.255.0.0 192.168.199.1 if 0x3 And while it still might simply be a routing issue, attempts to add or delete routes fail. At what level is Cisco VPN client driver doing what in the networking stack that takes overrides a local administrator's ability to administer their machine? The Cisco VPN client cannot be employing magic. It's still software running on my computer. What mechanism is it using to interfere with my machine's network? What happens when an IP/ICMP packet arrives on the network? Where in the networking stack is the packet getting eaten? See also No internet connection with Cisco VPN Cisco VPN Client interrupts connectivity to my LDAP server Cisco VPN stops Windows 7 Browsing How can I prohibit the creation of a route in Windows XP upon connection to Cisco VPN? Rerouting local LAN and Internet traffic when in VPN VPN Client "Allow local LAN Access" Allow Local LAN Access for VPN Clients on the VPN 3000 Concentrator Configuration Example LAN access gone when I connect to VPN Windows XP Documentation: Route Edit: Things I've not yet tried: >route delete 10.0.* Update: Since Cisco has abandoned their old client, in favor of AnyConnect (HTTP SSL based VPN), this question, unsolved, can be left as a relic of history. Going forward, we can try to solve the same problem with their new client.

    Read the article

  • Setting reply priority on Wifi network with QoS?

    - by Omega
    When using a Station and Access Point that support QoS over Wifi, is it possible to set the priority (= Traffic Identifier = TID = QoS channel) of the reply? For example when sending a ICMP ping request using a high priority (= QoS channel), is it possible to force the station to use that same priority (= QoS channel) when sending the reply? A related question: Is it possible to force the station into using a different QoS channel?

    Read the article

  • Setting reply priority on Wifi network with QoS?

    - by Omega
    When using a Station and Access Point that support QoS over Wifi, is it possible to set the priority (= Traffic Identifier = TID = QoS channel) of the reply? For example when sending a ICMP ping request using a high priority (= QoS channel), is it possible to force the station to use that same priority (= QoS channel) when sending the reply? A related question: Is it possible to force the station into using a different QoS channel?

    Read the article

  • Configuring VLAN's on two HP procurve switches

    - by pan
    Trying to route a new ISP (Microwave link) from one of my out buildings to my computer room and hence my firewall. Old ISP came direct into firewall. In the outbuilding the Microwave modem connects with cat5 to HP Procurve 2524 switch. Because this ISP is coming through my internal network, I plan on using a new vlan called "airspeed" only for this ISP traffic. Up until now I've just been using the Default_vlan on both HP switches (4108 + 2524). So far I've been unable to ping from my laptop to the ISP modem both of which are on the new vlan 2 ("Airspeed"). No traffic needs to cross from vlan 2 to vlan 1 so I've left the ports as untagged. I've used the subnet provide from my ISP as the new vlan 2 subnet. Can anybody see what I'm doing wrong here? I've added the configuration of both switch below. Rough diagram: Microwave modem (Gateway IP 77.75.00.49) | HP 2524 switch (port 24) | HP 2524 switch fibre link | HP 4108GL switch fibre link | HP 4108GL switch (port D1) | Laptop configured with IP 77.75.00.50 (for testing but will be connected to firewall) And my 4108GL config: ; J4865A Configuration Editor; Created on release #G.07.21 hostname "HP ProCurve Switch 4108GL" cdp run module 1 type J4864A module 2 type J4862B module 3 type J4862B module 4 type J4862B ip default-gateway 128.1.146.50 snmp-server community "public" Unrestricted snmp-server host 128.1.146.51 "public" Not-INFO snmp-server host 128.1.146.38 "public" vlan 1 name "DEFAULT_VLAN" untagged A1-A3,B1-B24,C1-C24,D2-D24 ip address 128.1.146.203 255.255.0.0 no untagged D1 exit vlan 2 name "Airspeed" untagged D1 ip address 77.75.00.51 255.255.255.248 exit Finally my 2524 config: ; J4813A Configuration Editor; Created on release #F.04.08 hostname "HP ProCurve Switch 2524" cdp run ip default-gateway 0.0.0.0 snmp-server community "public" Unrestricted snmp-server host 128.1.146.51 "public" Not-INFO snmp-server host 128.1.146.51 "public" snmp-server host 128.1.146.38 "public" vlan 1 name "DEFAULT_VLAN" untagged 1-23,25-26 no untagged 24 ip address 128.1.146.204 255.255.0.0 exit vlan 2 name "Airspeed" untagged 24 ip address 77.75.00.51 255.255.255.248 exit no aaa port-access authenticator active

    Read the article

  • Nginx php-fpm high cpu usage

    - by Piotr Kaluza
    I have a problem with a high traffic wordpress, super high CPU load under nginx php-fpm, I am caching with apc, and memcached, spent 2-3 days tweaking configs and looking for answers it seems to me that php-fpm takes up all the cpu available no matter how many max_children i set if i set 5 then the load is 20% each, if i set 20 then the load adds up till 90% i tried static and dynamic server is 2x3.0Ghz 6GB Ram SSD in raid 10 on ubuntu 12.04 x64 utpime: 17:27:51 up 2:19, 1 user, load average: 29.79, 28.08, 26.29 what can be the issue?

    Read the article

  • Blocking all RIPE Addresses in Server 2008?

    - by Brett Powell
    Our datacenter has recommended we block all RIPE IP Addresses on one of our machines. It is constantly being DDoS Attacked everytime the null routes are lifted, so I am not sure how this would help, but am more than willing to try anything now. I couldn't find much information on it from a Google search, but how can we block all RIPE IP Ranges? Preferably I wouldn't even mind blocking all Ranges that were not US Based since that is the only target we traffic, but this is probably too difficult.

    Read the article

  • tproxy squid bridge very slow when cache is full

    - by Roberto
    I have installed a bridge tproxy proxy in a fast server with 8GB ram. The traffic is around 60Mb/s. When I start for first time the proxy (with the cache empty) the proxy works very well but when the cache becomes full (few hours later) the bridge goes very slow, the traffic goes below 10Mb/s and the proxy server becomes unusable. Any hints of what may be happening? I'm using: linux-2.6.30.10 iptables-1.4.3.2 squid-3.1.1 compiled with these options: ./configure --prefix=/usr --mandir=/usr/share/man --infodir=/usr/share/info --datadir=/usr/share --localstatedir=/var/lib --sysconfdir=/etc/squid --libexecdir=/usr/libexec/squid --localstatedir=/var --datadir=/usr/share/squid --enable-removal-policies=lru,heap --enable-icmp --disable-ident-lookups --enable-cache-digests --enable-delay-pools --enable-arp-acl --with-pthreads --with-large-files --enable-htcp --enable-carp --enable-follow-x-forwarded-for --enable-snmp --enable-ssl --enable-async-io=32 --enable-linux-netfilter --enable-epoll --disable-poll --with-maxfd=16384 --enable-err-languages=Spanish --enable-default-err-language=Spanish My squid.conf: cache_mem 100 MB memory_pools off acl manager proto cache_object acl localhost src 127.0.0.1/32 acl localhost src ::1/128 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 acl to_localhost dst ::1/128 acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src 192.168.0.0/16 # RFC1918 possible internal network acl localnet src fc00::/7 # RFC 4193 local private network range acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines acl net-g1 src xxx.xxx.xxx.xxx/24 acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow net-g1 from where browsing should be allowed http_access allow localnet http_access allow localhost http_access deny all http_port 3128 http_port 3129 tproxy hierarchy_stoplist cgi-bin ? cache_dir ufs /var/spool/squid 8000 16 256 access_log none cache_log /var/log/squid/cache.log coredump_dir /var/spool/squid refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . I have this issue when the cache is full, but do not really know if it is because of that. Thanks in advance and sorry my english. roberto

    Read the article

  • Calculating and billing IP multicast usage on the Internet

    - by obvio171
    I've been searching for the reasons why IP multicast isn't widely supported on the Public Internet, and a commonly-cited reason is the difficulty ISPs have in tracking Multicast usage for later billing. Given this difficulty, since ISPs control the routers and they're not forced to support Multicast (as per IPv4), they just disable it. I couldn't find what this difficulty was though. Since an ISP has full control of any inbound and outbound traffic, be it Unicast or Multicast, what's the difficulty in tracking and billing the latter that does not exist in the former?

    Read the article

  • Setup VPN access on a windows dedicated server for browsing

    - by Pasta
    I have a dedicated windows server. I want to create a VPN to encrypt my traffic (browsing, IM, etc) as I browse on my laptop using public wifi networks. What keywords should I be using to search Google? Are there any resources that help me do this? Most of the solutions are just to encrypt communication between the server to a machine. It does not act like an internet gateway, etc.

    Read the article

  • Usefulness of packets in wireshark? SSDP protocol, rather than HTTP?

    - by Chris
    I used to be able to filter my wireshark packets to get useful information from them. However, with my current configuration on OSX, all of the HTTP traffic is coming through as the SSDP protocol and is generally being unhelpful. Why is this? Actually, it seems that packets on my own system that should be HTTP are coming throuhg as HTTP, but packets from other machines that should be HTTP are coming through as this protocol.

    Read the article

  • How can I filter packets from a port monitor?

    - by engineerchuan
    I have some data going from Point A to Point B. I have a SPAN monitor set up to a monitoring device C. To recreate some real world scenarios, I want to filter out all traffic which is a certain type (H.323 VoIP Signaling Packets) so that C sees a subset of the information that is flowing from A to B. What would the easiest way to do this be? I assume I would need a computer with 2 NIC cards and some software to examine each packet and chuck out the H.323 VoIP packets? Thanks!

    Read the article

  • Some DHCP clients end up with wrong DNS server

    - by Nic Waller
    The scenario: DC running Windows Server 2008 R2 providing DNS + DHCP Cisco 1811 Router as the gateway 30 Windows XP DHCP clients on the LAN The problem: Some workstations are spontaneously switching to an incorrect DNS server. Specifically, ipconfig /all shows that they start using the gateway as a DNS server. This happens about 5-10 times a day to various computers, sometimes more than once per day. The workaround: Repairing the connection on the XP client always fixes the problem, and the correct DNS server address is obtained. We lost our main DNS/DHCP machine a week ago, and had to bring this one online as a spare. We've been having this issue since then. DHCP leases on the old and new servers are configured for "wired" (8 day) duration. There are definitely no other DHCP servers active on the LAN. So far there is no discernible pattern about which clients will show this problem, or when. When I ran DCDIAG /test:DNS it came back clean. Manual inspection of the DNS zone shows that all the records are appearing as expected, with no traces of the previous machine in there. Update Feb 27: Added screenshots. Here is a screenshot of the DHCP scope options on the 2008 R2 server. And here is a screenshot of ipconfig /all running on a healthy host. I don't have any ailing hosts at the moment, but will grab a screencap next time it happens. Update Feb 28: More screenshots. Here's a screenshot of DHCP and DNS traffic from a healthy client when repairing the local area connection. There's definitely only one server responding, but it does seem strange that the negotiation takes place twice. I'll try to get a similar capture from a sick machine this coming week. Update Mar 01: Caught a bad ipconfig. Here's a screenshot of ipconfig /all from a client that had this issue. It says the lease was issued this morning, but it doesn't even have an entry for the secondary DNS I set up yesterday. Both DNS servers were discovered properly when repairing the connection. Update Mar 01: It even got the sysadmin! This issue finally affected my personal workstation this morning. Unfortunately I had just rebooted and wasn't running a packet dump at the time. I set up a secondary server yesterday, and was logging all DNS traffic to it. My machine had not contacted the secondary DNS in over half an hour, so that says to me that it's just spontaneously reverting to the gateway without even failing over to secondary DNS first. Today I swapped the order of the DNS servers in DHCP, so the secondary is primary and vice versa. I will update again once I know how that goes.

    Read the article

  • Server suffering serious speed drop

    - by Tar
    As you can see from the picture http://i.imgur.com/UpDZh.png), my server is suffering a serious drop in speed. This is intermittent and has been happening for the past 3 or 4 hours. The server has 1gbps uplink so I can't figure out why it's happening. Checking bandwidth monitoring tools like bwm-ng and dstat show normal speeds of like 150kb/s outbound traffic. Just now I was completely disconnected from SSH.

    Read the article

  • How do I protect a low budget network from rogue DHCP servers?

    - by Kenned
    I am helping a friend manage a shared internet connection in an apartment buildling with 80 apartments - 8 stairways with 10 apartments in each. The network is laid out with the internet router at one end of the building, connected to a cheap non-managed 16 port switch in the first stairway where the first 10 apartments are also connected. One port is connected to another 16 port cheapo switch in the next stairway, where those 10 apartments are connected, and so forth. Sort of a daisy chain of switches, with 10 apartments as spokes on each "daisy". The building is a U-shape, approximately 50 x 50 meters, 20 meters high - so from the router to the farthest apartment it’s probably around 200 meters including up-and-down stairways. We have a fair bit of problems with people hooking up wifi-routers the wrong way, creating rogue DHCP servers which interrupt large groups of the users and we wish to solve this problem by making the network smarter (instead of doing a physical unplugging binary search). With my limited networking skills, I see two ways - DHCP-snooping or splitting the entire network into separate VLANS for each apartment. Separate VLANS gives each apartment their own private connection to the router, while DHCP snooping will still allow LAN gaming and file sharing. Will DHCP snooping work with this kind of network topology, or does that rely on the network being in a proper hub-and-spoke-configuration? I am not sure if there are different levels of DHCP snooping - say like expensive Cisco switches will do anything, but inexpensive ones like TP-Link, D-Link or Netgear will only do it in certain topologies? And will basic VLAN support be good enough for this topology? I guess even cheap managed switches can tag traffic from each port with it’s own VLAN tag, but when the next switch in the daisy chain receives the packet on it’s “downlink” port, wouldn’t it strip or replace the VLAN tag with it’s own trunk-tag (or whatever the name is for the backbone traffic). Money is tight, and I don’t think we can afford professional grade Cisco (I have been campaigning for this for years), so I’d love some advice on which solution has the best support on low-end network equipment and if there are some specific models that are recommended? For instance low-end HP switches or even budget brands like TP-Link, D-Link etc. If I have overlooked another way to solve this problem it is due to my lack of knowledge. :)

    Read the article

  • Is there a method to instantly, dynamically switch between several sets of name servers on a single domain with code?

    - by trnsfrmr
    I usually set name servers at an ISP, they often take 24 - 48 hours to resolve. If one has 2 separate sets of name servers (say from 2 domain parking companies) they want to send traffic to, is it possible to switch between the sets instantly without any delays? To be clear, how do you switch mydomain.com (ns1.nameserver1.com, ns2.nameserver1.com) to mydomain.com (ns1.nameserver2.com, ns2.nameserver2.com) instantly?

    Read the article

  • Server load spikes several times a day, load average for the past month is 5 times the load average all year

    - by AMF
    My Munin notifications set up for our (Debian) LAMP cluster have been notifying me continuously that our load on our production machine has been at dangerous levels. While the average load all year typically runs between 2 and 8, the load in the past month and only the past month -- has been skyrocketing to 10, 18, and occasionally even 50-60. The spikes last only 5-10 minutes at a time and occur about every 2-3 hours. The spikes do not effect performance only because I have a script that sends traffic off our server to a mirror CDN when the load goes above 10. I've looked for cron jobs that correlate with this timeframe but there is nothing I can see that would cause this. Site traffic is also normal (we receive about 200K visits per day). I'm also trying to think of anything I've changed around the time this problem began, and I really cannot think of anything. This is probably not much to go on. Maybe there is a clue in the top print-out (below) that I'm not seeing. How do I proceed to find the cause? -- Typical top when the load is NOT spiking: top - 11:13:09 up 472 days, 25 min, 1 user, load average: 6.08, 4.29, 3.80 Tasks: 105 total, 1 running, 104 sleeping, 0 stopped, 0 zombie Cpu(s): 41.2%us, 5.8%sy, 0.0%ni, 49.5%id, 2.7%wa, 0.1%hi, 0.7%si, 0.0%st Mem: 3369592k total, 2166980k used, 1202612k free, 559504k buffers Swap: 2650684k total, 1892k used, 2648792k free, 1129116k cached PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 32046 apache 15 0 36300 12m 9828 S 20 0.4 0:01.97 apache2 32679 apache 15 0 36568 13m 10m S 19 0.4 0:01.69 apache2 31441 apache 15 0 36616 13m 10m S 19 0.4 0:04.13 apache2 31477 apache 15 0 36596 13m 9.8m S 15 0.4 0:01.99 apache2 31993 apache 15 0 36876 16m 12m S 12 0.5 0:02.01 apache2 31782 apache 15 0 36836 14m 10m S 8 0.4 0:02.17 apache2 32198 apache 15 0 36536 13m 10m S 7 0.4 0:01.59 apache2 880 apache 15 0 36508 9708 6236 S 7 0.3 0:00.42 apache2 31945 apache 17 0 36876 16m 13m S 5 0.5 0:03.17 apache2 32197 apache 16 0 36636 10m 7504 S 5 0.3 0:02.70 apache2 32326 apache 15 0 37024 11m 7632 S 5 0.3 0:02.15 apache2 32565 apache 15 0 37280 13m 9.8m S 5 0.4 0:03.75 apache2 32676 apache 15 0 36896 16m 12m S 4 0.5 0:00.95 apache2 32678 apache 15 0 36536 12m 9692 S 4 0.4 0:02.27 apache2 974 apache 16 0 37064 9888 6016 D 4 0.3 0:00.13 apache2 32150 apache 16 0 36832 13m 10m S 3 0.4 0:01.74 apache2 31780 apache 16 0 36848 11m 7660 S 3 0.3 0:02.87 apache2

    Read the article

  • Lync 2010, Kamailio, & Trixbox 2.6.23 (Asterisk 1.4)

    - by slashp
    I'm having an issue trying to connect Lync 2010 phone calls with our trixbox PBX. I've gotten to the point where Kamailio seems to be functioning properly and acting as a bridge between TCP traffic (from Lync) & UDP traffic (to the trixbox, as Asterisk 1.4 does not support SIP over TCP). Our Lync box IP: 10.100.10.41 Our Kamailio box IP: 10.100.10.44 Our trixbox IP: 10.100.10.2 The issue I'm running into is as follows when enabling SIP debugging for the Kamailio box: <--- SIP read from 10.100.10.44:5060 ---> PRACK sip:TNECLTSLY01.contoso.com:5068;transport=Tcp;maddr=10.100.10.41 SIP/2.0 FROM: <sip:9121;[email protected];user=phone>;epid=CF2380792B;tag=4852bab430 TO: <sip:[email protected];user=phone>;epid=CF2380792B;tag=3684a6a24e CSEQ: 24 PRACK CALL-ID: 192daae6-00e1-4140-bddd-0394b35d475b MAX-FORWARDS: 70 Via: SIP/2.0/UDP 10.100.10.44;branch=z9hG4bKcydzigwkX;i=d VIA: SIP/2.0/TCP 10.100.10.41:51677;branch=z9hG4bK159fc989 CONTACT: <sip:TNECLTSLY01.contoso.com:5068;transport=Tcp;maddr=10.100.10.41> CONTENT-LENGTH: 0 USER-AGENT: RTCC/4.0.0.0 MediationServer RAck: 1 23 INVITE <-------------> --- (12 headers 0 lines) --- Sending to 10.100.10.44 : 5060 (NAT) <--- Transmitting (NAT) to 10.100.10.44:5060 ---> SIP/2.0 481 Call leg/transaction does not exist Via: SIP/2.0/UDP 10.100.10.44;branch=z9hG4bKcydzigwkX;i=d;received=10.100.10.44 Via: SIP/2.0/TCP 10.100.10.41:51677;branch=z9hG4bK159fc989 From: <sip:9121;[email protected];user=phone>;epid=CF2380792B;tag=4852bab430 To: <sip:[email protected];user=phone>;epid=CF2380792B;tag=3684a6a24e Call-ID: 192daae6-00e1-4140-bddd-0394b35d475b CSeq: 24 PRACK User-Agent: Asterisk PBX Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY Supported: replaces Content-Length: 0 <------------> trixbox1*CLI> <--- SIP read from 10.100.10.44:5060 ---> ACK sip:[email protected];user=phone SIP/2.0 FROM: "John Jones"<sip:9121;[email protected];user=phone>;tag=4852bab430;epid=CF2380792B TO: <sip:[email protected];user=phone>;tag=3684a6a24e;epid=CF2380792B CSEQ: 23 ACK CALL-ID: 192daae6-00e1-4140-bddd-0394b35d475b MAX-FORWARDS: 70 Via: SIP/2.0/UDP 10.100.10.44;branch=z9hG4bKcydzigwkX;i=d VIA: SIP/2.0/TCP 10.100.10.41:51677;branch=z9hG4bK79a21c CONTENT-LENGTH: 0 My SIP trunk on the trixbox looks like this: [from-lync] exten => _+4XXX!,1,Noop(Stripping + from start of number) exten => _+4XXX!,n,Goto(from-internal,${EXTEN:1}) Though I am still having no luck getting the + stripped or the call to go through. Any ideas would be greatly appreciated. Thank you! -slashp

    Read the article

  • Cisco VPN Client Behind ASA 5505

    - by fdf33
    I'm trying to get connected to another ASA via Cisco VPN Client. I am behind an ASA 5505 myself and I am tryihng to VPN to a 5510. I get the message: Secure VPN Connection terminated locally by the Client. Reason 412: The remote peer is no longer responding. I can connect to the other ASA if I use a normal cheap Linksys. Here's the version of my ASA: Result of the command: "sh ver" Cisco Adaptive Security Appliance Software Version 8.4(1) Any help would be great. Thanks running-config : Saved : Written by enable_15 at 23:12:32.378 UTC Fri Jul 1 2011 ! ASA Version 8.4(1) ! hostname aaaasa domain-name aaa.local enable password xxxxxxxxxxxxxxx encrypted passwd xxxxxxxxxxxxxxxxxxxx encrypted names ! interface Vlan1 nameif inside security-level 100 ip address 192.168.1.254 255.255.255.0 ! interface Vlan2 nameif outside security-level 0 ip address xxx.xxx.xxx.xxx 255.255.254.0 ! interface Vlan5 no nameif security-level 50 ip address 172.16.0.254 255.255.255.0 ! interface Vlan500 no nameif security-level 100 ip address 10.10.10.1 255.255.255.0 ! interface Ethernet0/0 switchport access vlan 2 ! interface Ethernet0/1 ! interface Ethernet0/2 ! interface Ethernet0/3 ! interface Ethernet0/4 ! interface Ethernet0/5 ! interface Ethernet0/6 ! interface Ethernet0/7 ! boot system disk0:/asa841-k8.bin ftp mode passive dns domain-lookup inside dns domain-lookup outside dns server-group DefaultDNS name-server 4.2.2.2 domain-name aaa.local same-security-traffic permit inter-interface same-security-traffic permit intra-interface object network obj_any subnet 0.0.0.0 0.0.0.0 object network A_93.97.168.1 host 93.97.168.1 object network rdp host 192.168.1.2 object network NETWORK_OBJ_192.168.1.0_24 subnet 192.168.1.0 255.255.255.0 access-list 101 extended permit tcp any host 192.168.1.2 eq 3389 access-list 101 extended permit icmp any any echo-reply access-list 101 extended permit icmp any any source-quench access-list 101 extended permit icmp any any time-exceeded access-list 101 extended permit icmp any any unreachable access-list 102 extended permit ip any any pager lines 24 logging enable logging asdm informational mtu inside 1500 mtu outside 1492 ip local pool VPNPool 192.168.2.200-192.168.2.210 mask 255.255.255.0 icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-641.bin no asdm history enable arp timeout 14400 ! object network rdp nat (inside,outside) static interface service tcp 3389 3389 ! nat (inside,outside) after-auto source dynamic any interface access-group 101 in interface outside access-group 102 out interface outside ! router ospf 1 network 192.168.1.0 255.255.255.0 area 0 log-adj-changes ! route outside 0.0.0.0 0.0.0.0 93.97.168.1 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 dynamic-access-policy-record DfltAccessPolicy http server enable http 192.168.1.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec ikev2 ipsec-proposal DES protocol esp encryption des protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal 3DES protocol esp encryption 3des protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES protocol esp encryption aes protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES192 protocol esp encryption aes-192 protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES256 protocol esp encryption aes-256 protocol esp integrity sha-1 md5 crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP crypto map outside_map interface outside crypto ca trustpoint ASDM_TrustPoint0 enrollment self subject-name CN=ciscoasa proxy-ldc-issuer crl configure crypto ca certificate chain ASDM_TrustPoint0 certificate 8877d64d 30820248 308201b1 a0030201 02020488 77d64d30 0d06092a 864886f7 0d010105 05003036 3111300f 06035504 03130863 6973636f 61736131 21301f06 092a8648 86f70d01 09021612 63697363 6f617361 2e6e6a64 2e6c6f63 616c301e 170d3131 30353231 30383533 34325a17 0d323130 35313830 38353334 325a3036 3111300f 06035504 03130863 6973636f 61736131 21301f06 092a8648 86f70d01 09021612 63697363 6f617361 2e6e6a64 2e6c6f63 616c3081 9f300d06 092a8648 86f70d01 01010500 03818d00 30818902 818100ea 1aa95141 480e616c efee6816 a96d6511 313b6776 cd3dd57b cd84b4d2 5e108aee 7c980086 4d92e2eb b6c7bf66 4585af0a ccbf153a db9270be c6f5c67b db9dd8d1 2f78d033 3348b056 df4be0da 70e08953 53adf294 9db6c020 597d250f bf448b43 b90179c8 ff0b15d8 744632d9 31c1945f 0b11e258 b4c1d224 692efff4 7b2f5102 03010001 a3633061 300f0603 551d1301 01ff0405 30030101 ff300e06 03551d0f 0101ff04 04030201 86301f06 03551d23 04183016 8014493c 19db183a ab1af9e9 b1e44ad4 2a408b3c 89d1301d 0603551d 0e041604 14493c19 db183aab 1af9e9b1 e44ad42a 408b3c89 d1300d06 092a8648 86f70d01 01050500 03818100 1dd1760a fdd15941 4803fb9a cd6f44a7 2e275854 a1c0fbe1 d19f2cc9 182d43ef a547f854 8df96d15 3ea79c62 cf3fcb1c 5820360b c607dbfc 4de8bb16 19f727e9 b928a085 665816d8 138e4a35 ed610950 7910dd4a 0b1a9dd9 0e26f1c8 b78bc0cc cbf19eb2 4c4c3931 45199ea5 249e3266 661e44fd 7a00d376 dcfc6e4e d43f10b8 quit crypto isakmp nat-traversal 30 crypto ikev2 policy 1 encryption aes-256 integrity sha group 5 prf sha lifetime seconds 86400 crypto ikev2 policy 10 encryption aes-192 integrity sha group 5 prf sha lifetime seconds 86400 crypto ikev2 policy 20 encryption aes integrity sha group 5 prf sha lifetime seconds 86400 crypto ikev2 policy 30 encryption 3des integrity sha group 5 prf sha lifetime seconds 86400 crypto ikev2 policy 40 encryption des integrity sha group 5 prf sha lifetime seconds 86400 crypto ikev2 enable outside client-services port 443 crypto ikev2 remote-access trustpoint ASDM_TrustPoint0 telnet timeout 5 ssh 192.168.1.0 255.255.255.0 inside ssh timeout 5 console timeout 0 dhcpd auto_config outside ! dhcpd address 192.168.1.5-192.168.1.36 inside dhcpd dns 4.2.2.2 interface inside dhcpd enable inside ! threat-detection basic-threat threat-detection statistics host number-of-rate 3 threat-detection statistics port threat-detection statistics protocol threat-detection statistics access-list threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200 ntp server 82.219.4.31 source outside prefer ssl trust-point ASDM_TrustPoint0 outside webvpn enable outside anyconnect image disk0:/anyconnect-win-2.4.1012-k9.pkg 1 anyconnect profiles AnyConnectVPN_client_profile disk0:/AnyConnectVPN_client_profile.xml anyconnect profiles SSLAnyConnectVPN_client_profile disk0:/SSLAnyConnectVPN_client_profile.xml anyconnect enable tunnel-group-list enable group-policy GroupPolicy_AnyConnectVPN internal group-policy GroupPolicy_AnyConnectVPN attributes wins-server none dns-server value 4.2.2.2 vpn-tunnel-protocol ikev2 ssl-client ssl-clientless default-domain value aaa.local webvpn url-list none anyconnect profiles value AnyConnectVPN_client_profile type user group-policy GroupPolicy_SSLAnyConnectVPN internal group-policy GroupPolicy_SSLAnyConnectVPN attributes wins-server none dns-server value 4.2.2.2 vpn-tunnel-protocol ikev2 ssl-client default-domain value aaa.local webvpn anyconnect profiles value SSLAnyConnectVPN_client_profile type user username testuser password xxxxxxxxxxxxxxxxx encrypted privilege 0 username testuser attributes vpn-group-policy GroupPolicy_AnyConnectVPN tunnel-group SSLPOL type remote-access tunnel-group SSLPOL general-attributes default-group-policy GroupPolicy_AnyConnectVPN tunnel-group SSLAnyConnectVPN type remote-access tunnel-group SSLAnyConnectVPN general-attributes address-pool VPNPool default-group-policy GroupPolicy_SSLAnyConnectVPN tunnel-group SSLAnyConnectVPN webvpn-attributes group-alias SSLAnyConnectVPN enable ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect esmtp inspect ftp inspect h323 h225 inspect h323 ras inspect ip-options inspect netbios inspect rsh inspect rtsp inspect sip inspect skinny inspect sqlnet inspect sunrpc inspect tftp inspect xdmcp ! service-policy global_policy global prompt hostname context call-home profile CiscoTAC-1 no active destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address email [email protected] destination transport-method http subscribe-to-alert-group diagnostic subscribe-to-alert-group environment subscribe-to-alert-group inventory periodic monthly subscribe-to-alert-group configuration periodic monthly subscribe-to-alert-group telemetry periodic daily Cryptochecksum:94a65341aa27d3929d5e92a32ba22120 : end

    Read the article

  • Using OpenVPN, yet netflix.com blocks access

    - by user837848
    I have set up an OpenVPN server on a VPS in the USA and configured it to route all clients traffic through it. Everything seems to work fine regarding the VPN connection in gerneral. All ip lookup sites show me the us server's ip address and even hulu.com works(it won't work if you are not in the usa). But for some reason netflix.com says "Sorry, Netflix is not available in your country yet.". So I thought that netflix probably uses some more sophisticated ways to determine your location beyond just your ip address. But I could not find a way to get it to work until I dropped the idea of using a VPN and instead connected to the server via a simple socks tunnel with ssh by running: ssh -D 9999 user@serverip All I had to do was changing the key network.proxy.socks_remote_dns in Firefox from false to true to prevent DNS leaks and setting up the socks proxy. Then I could finally watch netflix.com. As a result I concluded that there is nothing in the browser(or something like system timezone) that tells netflix the location, so it has to have something to do with the OpenVPN config. After that I used tcpdump to log all the traffic on the server's network interface venet0 (OpenVZ VPS), visited netflix.com on the client while first connected to the VPN and then connected via socks tunnel and afterwards compared both outputs. The only thing that caught my eye was that while using the socks tunnel the server mainly used ipv6 to connect to netflix whereas it only used ipv4 when the client was connected to the OpenVPN server. But I don't get how that could make such a difference. So what am I missing? Is there a way to configure OpenVPN to also use ipv6 to connect to a website although there is only an ipv4 connection between the VPS and the client? Here is the server.conf of the OpenVPN server (OpenVZ VPS) local serverip port 443 proto tcp dev tun ca ./easy-rsa2/keys/ca.crt cert ./easy-rsa2/keys/vps1.crt key ./easy-rsa2/keys/vps1.key # This file should be kept secret dh ./easy-rsa2/keys/dh1024.pem server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt push "redirect-gateway def1 bypass-dhcp" push "dhcp-option DNS 8.8.8.8" push "dhcp-option DNS 8.8.4.4" client-to-client keepalive 10 120 tls-auth ta.key 0 # This file is secret cipher AES-256-CBC comp-lzo max-clients 4 user nobody group nogroup persist-key persist-tun status openvpn-status.log log-append openvpn.log verb 3 iptables forwarding iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j SNAT --to-source serverip (enabled ipv4 forwarding) I have tried everything always on a Win7 and a Debian client with only ipv4 connections and always made sure that they use the correct DNS server (tested with ipleak.net and tcpdump / wireshark). client.conf: client dev tun proto tcp remote serverip 443 resolv-retry infinite nobind persist-key persist-tun ca ca.crt cert client.crt key client.key ns-cert-type server tls-auth ta.key 1 cipher AES-256-CBC comb-lzo verb 3

    Read the article

  • How to access an IP address as if on a different network using SSH

    - by NT3RP
    In preparation for a lengthy business trip, I set up my router such that I can access my home computer over the internet via port forwarding over SSH. One thing I neglected to do was setup access to my router remotely. Normally, I can just access the router configuration page via 192.168.1.1. I know that it's possible to tunnel traffic through SSH, but how do I access an IP address as if I were on my home network using SSH?

    Read the article

  • getting Internet connection sharing working in a slightly more complicated configuration

    - by tirichitirca t
    I have the following configuration: Computer A - Mac OSX 10.8.4, wireless & wired adapters Computer B - Windows 7 (64 bit), wireless & wired adapters, has internet connection via the wired adapter (ethernet) d-link wired/wireless router. Problem to solve: Connect from computer A to the internet through the wired connection of computer B. I tried the following: I set up a local network between A and B using the d-link router. The configuration is this: D-link router - 192.168.0.1 A - wired connection to the d-link router, static 192.168.0.101 (I could have used the wireless but I preferred the wired connection) B - wireless connection to the d-link router DHCP 192.168.0.102 (but I made sure it always gets the same address) B - wired connection to the internet using some address that begins with 10.x.y.z. In this configuration A can see B. I enabled ICS on the wired adapter of B. I set up the Gateway of A to point to B and DNS servers to point to the DNS servers specified for the 10.x.y.z address. It doesn't work, A goes only as far as B. It can ping the 10.x.y.z address of B though. I then found this article: http://terrybritton.com/windows-internet-connection-sharing-ics-not-working-with-linux-bridging-is-the-solution-916/. Terry is suggesting that a bridge should be defined on B between the two connections. I tried that but basically computer B is screwed as soon as I create the bridge. It can't connect to the internet anymore. It is as if the network bridge seems to think the traffic to the internet should go from the wired connection to the wireless and not the other way around. The other thing that puzzles me is the router itself. In general the router needs an internet address. In a normal configuration it is the router that gets the ip address and the internet traffic goes through the router. In my case I am not interested in that. So, any suggestions to get this working? I wouldn't shy away from using a commercial software but I would think windows 7 should allow me to do it. Thanks

    Read the article

< Previous Page | 94 95 96 97 98 99 100 101 102 103 104 105  | Next Page >