Search Results

Search found 46894 results on 1876 pages for 'java native interface'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 1197/1876 | < Previous Page | 1193 1194 1195 1196 1197 1198 1199 1200 1201 1202 1203 1204  | Next Page >

  • backup sql databases, folders; 7ZIP and copy to ftp

    - by laurens
    Hi all, We are quite stuck with which solution to choose for this backup issue: What should happen: First, there should be an interface were to choose several sql databases (sort of checkboxes or whatsoever), also a few folders should be backed up - this could be part of the program or could be seperate, I think about an interface were to select folders, but a txt file (or xml) with paths-to-folders is as good. Next, everything should be 7Zipped, SQL-DB and files seperate. Eventually everything should be copied to a local network drive after which copied via FTP. Also important; it could be programmed or (partly) bought but I can't be one of those expensive backup tools $1000+ etc. I already found this fairly priced tool that does already most of the tasks 7ZIP and copy to ftp sqlbackupandftp.com For your information: we had a kind of self-made tool created by a collegue (some time ago) but it became very untrustworthy and as the databases grew it couldn't handle it anymore... moving on Please come up with suggestions. Thanks in advance!

    Read the article

  • SSL Certificate for local web server

    - by Firefly
    Is it at all possible to create a self-signed certificate for use on multiple machines on a local network which would stop the browser complaining it is not a trusted site? We have a product which is basically a computer running lighttpd to serve a web interface for configuring the computer (sort of how a router has a web interface). There can also be many of these machines running on the same network with dynamic IP's. What I basically want to do is enable SSL for extra security but I don't want people who are on the local network to be given a browser warning about the certificate not being trusted. Is this at all possible?

    Read the article

  • Ways to do simple failover with one server and two IPs

    - by CrassHoppr
    The setup is one server (Windows 2008) at one location with two incoming connections. As the server has to interface with various on-site devices, and will have a small number of incoming connections, a data center is not an option, and instead cable/dsl connections must be used. The goal is that users visit https://service.site.com and are sent to either the primary IP address or a secondary IP if the primary is down. I've seen advice to use round robin DNS for this, but caching an IP for a downed interface is something I'd like to avoid. Is something like this possible with these constraints?

    Read the article

  • Help with OpenVPN setup on Windows Server 2003

    - by Bill Johnson
    Hi all, Just wondering if someone can assist me further with the set-up of OpenVPN on my Windows Server 2003. I have configured Win Server as per the following guide: http://tinyurl.com/kxusv and I'm now at the stage of Creating the config files. I have a few questions that I need some assistance with. My server IP is 192.168.1.10 and my routers IP address is 192.168.1.1 (the router is a Netgear DGN2000). I have edited the server.ovpn file as per the following: push "dhcp-option DNS X.X.X.X" # Replace the Xs with the IP address of the DNS for your home network (usually your ISP's DNS) push "dhcp-option DNS X.X.X.X" # A second DNS server if you have one to include my ISP DNS and I have not edited anything else. Now my issue is with the client1.opvpn file as per the below: client dev tap #dev-node MyTAP #If you renamed your TAP interface or have more than one TAP interface then remove the # at the beginning and change "MyTAP" to its name proto udp remote YOURHOST.dyndns.org 1194 #You will need to enter you dyndns account or static IP address here. The number following it is the port you set in the server's config route 192.168.1.0 255.255.255.0 vpn_gateway 3 #This it the IP address scheme and subnet of your normal network your server is on. Your router would usually be 192.168.1.1 resolv-retry infinite nobind persist-key persist-tun ca "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ca.crt" cert "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\client1.crt" # Change the next two lines to match the files in the keys directory. This should be be different for each client. key "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\client1.key" # This file should be kept secret ns-cert-type server cipher BF-CBC # Blowfish (default) encrytion comp-lzo verb 1 To me it looks like I will need to amend the following: remote YOURHOST.dyndns.org 1194 #You will need to enter you dyndns account or static IP address here. The number following it is the port you set in the server's config route 192.168.1.0 255.255.255.0 vpn_gateway 3 #This it the IP address scheme and subnet of your normal network your server is on. Your router would usually be 192.168.1.1 So, should the first line be the static IP of the machine that I'm applying this to? The IP address of the server (192.168.1.10) or something else? I'm also stuck on the second part 'route 192.168.1.0 255.255.255.0 vpn_gateway 3' Should this be the router IP which is 192.168.1.1 and the subnet is 255.255.255.0 and that is all I need to alter? The final part that I'm stuggling with is Configuring the router. Basically I have a Netgear DGN2000 and as it mentions that the router should be configured to port forward port 1194 to the server’s IP address of 192.168.1.150 all I have been able to do is in 'Firewall Rules' and on 'Inbound Services', set the Service to 'Any(ALL) and Send to LAN Server point to 1923.168.1.150. I'm not sure if this is correct? It is the following stage of the help guide that I'm struggling with and really need some help with: You need to make sure the port you configured OpenVPN to listen on is forwarded on the router to the IP address of your server. On the WRT54G, port forwarding is configured in the “Applications & Gaming” section. Enter 1194 for the port, UDP for the protocol, and 192.168.1.150 for the IP address. Make sure the entry is enabled and then save the setting. Next, you need to add an entry to the router’s Routing Table. This will enable the router to properly route requests from the clients to the TAP interface of the server. On the WRT54G you would go to the “Setup” page and then the “Advanced Routing” section. Enter the follwing info to make the entry: Enter Route Name: openVPN Destination LAN IP: 192.168.10.0 Subnet Mask: 255.255.255.252 Default Gateway: 192.168.1.150 Interface: LAN & Wireless Once the info has been typed in make sure you save the setting. Can anyone possibly guide me through setting this part up with my Netgear router. I see that once I have these 2 parts complete I'm there so I would really appreciate someone walking me through what is required in completing this. Much appreciated.

    Read the article

  • Disable ALTQ for internal network traffic

    - by javanix
    I currently have a FreeBSD 8.2 media server set up on my LAN that I use to stream my music from. I also have an SSH login that I use to do file transfers to and from this server remotely. I would like to set up ALTQ (and have gotten this working) to limit my outgoing bandwidth from the server for SSH traffic. However, configuring ALTQ this way is also limiting my internal traffic (and thus interfering with my music streaming) since I am only using a single network interface. Can anyone show me how I would use PF and ALTQ to limit outgoing WAN traffic while allowing all internal LAN traffic to go through unhindered? ext_if="eth0" int_if="eth0" altq on eth0 cbq bandwidth 1Mb queue { std, ssh } queue std bandwidth 80% cbq(default) queue ssh bandwidth 20% cbq(ecn) pass out on eth0 proto tcp to port 22 queue ssh eth0 is my LAN interface, my total WAN bandwidth on my cable connection is 1Mb/s, and my internal network is 10/100.

    Read the article

  • Proxy Error 502 "Reason: Error reading from remote server" with Apache 2.2.3 (Debian) mod_proxy and Jetty 6.1.18

    - by Martin
    Apache is receiving requests at port :80 and proxying them to Jetty at port :8080 The proxy server received an invalid response from an upstream server The proxy server could not handle the request GET /. My dilemma: Everything works fine normally (fast requests, few seconds or few tens of seconds long requests are processed ok). Problems occur when request processing takes long (few minutes?). If I issue request instead directly to Jetty at port :8080 the request is processed OK. So problem is likely to sit somewhere between Apache and Jetty where I am using mod_proxy. How to solve this? I have already tried some "tricks" related to KeepAlive settings, without luck. Here is my current configuration, any suggestions? #keepalive Off ## I have tried this, does not help #SetEnv force-proxy-request-1.0 1 ## I have tried this, does not help #SetEnv proxy-nokeepalive 1 ## I have tried this, does not help #SetEnv proxy-initial-not-pooled 1 ## I have tried this, does not help KeepAlive 20 ## I have tried this, does not help KeepAliveTimeout 600 ## I have tried this, does not help ProxyTimeout 600 ## I have tried this, does not help NameVirtualHost *:80 <VirtualHost _default_:80> ServerAdmin [email protected] ServerName www.mydomain.fi ServerAlias mydomain.fi mydomain.com mydomain www.mydomain.com ProxyRequests On ProxyVia On <Proxy *> Order deny,allow Allow from all </Proxy> ProxyRequests Off ProxyPass / http://www.mydomain.fi:8080/ retry=1 acquire=3000 timeout=600 ProxyPassReverse / http://www.mydomain.fi:8080/ RewriteEngine On RewriteCond %{SERVER_NAME} !^www\.mydomain\.fi RewriteRule /(.*) http://www.mydomain.fi/$1 [redirect=301L] ErrorLog /var/log/apache2/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog /var/log/apache2/access.log combined ServerSignature On </VirtualHost> Here is also the debug log from a failing request: 74.125.43.99 - - [29/Sep/2010:20:15:40 +0300] "GET /?wicket:bookmarkablePage=newWindow:com.mydomain.view.application.reports.SaveReportPage HTTP/1.1" 502 355 "https://www.mydomain.fi/?wicket:interface=:0:2:::" "Mozilla/5.0 (Windows; U; Windows NT 6.1; fi; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10" [Wed Sep 29 20:20:40 2010] [error] [client 74.125.43.99] proxy: error reading status line from remote server www.mydomain.fi, referer: https://www.mydomain.fi/?wicket:interface=:0:2::: [Wed Sep 29 20:20:40 2010] [error] [client 74.125.43.99] proxy: Error reading from remote server returned by /, referer: https://www.mydomain.fi/?wicket:interface=:0:2:::

    Read the article

  • Monitor ESXi hosts with Nagios

    - by Kyle Brandt
    Does anyone recommend any methods for monitoring ESXi 4.1 hosts with Nagios? I have looked into SNMP but it seems to be in a pretty sorry state. Net-SNMP does not seem to be included and there is a built it SNMP daemon that I set up. However from the standard MIBs there only seems to really be network interface counters and the VMWare MIBs seem quite useless. Right now I am considering SNMP for the interface speed and trying the plugins listed at http://unimpressed.org/post/96949609/monitoring-esxi-performance-through-nagios . Anyone have a better idea? I would like to monitor the hosts directly, not through something like vCenter.

    Read the article

  • having 2 ip's on a debian 7 box

    - by David
    I just installed Debian Wheezy on my homeserver. I want to assign 2 ip's to it on the same network interface, 1 static ip (eth0) and 1 dynamic ip (eth0:1). I know it doesn't make much sense but I need it to test something. I edited my /etc/network/interfaces to be like this: auto lo eth0 eth0:1 iface lo inet loopback iface eth0 inet static address 192.168.178.240 network 192.168.178.0 netmask 255.255.255.0 broadcast 192.168.178.255 gateway 192.168.178.1 iface eth0:1 inet dhcp when I bring up eth0:1 (ifup eth0:1) I get the following error (eth0 works fine) Bind socket to interface: No such device Failed to bring up eth0:1. is it even possible to have a dynamic and static ip on the same network adapter?

    Read the article

  • How can I setup a Firewall without NAT?

    - by SRobertJames
    We have 16 IP addresses from our ISP, and are setting up a SonicWall Firewall. I'd like to have the SonicWall do NAT for the LAN, but act as a firewall only (no NAT) for the servers which are using some of the 16 addresses. How do I set this up? If I set the WAN's subnet to include the 16 IPs, the SonicWall won't route the traffic to the LAN interface. Should I set the WAN subnet to only include the ones we are dedicating for NAT, and then keep the others on the LAN? Related point: How can I set multiple IP addresses for a SonicWall LAN interface?

    Read the article

  • Connecting via ShrewSoft VPN client means no LAN internet access (Windows 7 64 bit) - any advice please?

    - by iwishiknewmoreaboutnetworking
    I have a Windows 7 64 bit desktop machine which is connected to a LAN. I recently installed ShrewSoft VPN client v 2.1.7 on my machine so that I can connect to a license server hosted by my customer. They are running a Cisco VPN server and I originally tried (unsuccessfully!) to use the Cisco VPN client for Windows 64 bit but the default gateway wasn't being configured correctly after loading in my pcf file. Using ShrewSoft I am able to import the same pcf file, and successfully connect to the machine I need to using the VPN client software. The client machine I need to connect to has IP address 1.52.90.33. The problem is that when I am connected to the customer network using the VPN client application (and after a few minutes) I lose my LAN internet connection. I can only presume that this is because, by default the ShrewSoft VPN client application automatically tunnels all traffic through the VPN connection. I know there is an option to switch off the "Tunnel All" option on the Policy tab of the application and enter a Remote Network Resource (to "Include" or "Exclude") as "Address" and "Netmask" IP addresses however I am not sure what I need to enter here. Here is my ipconfig output before connecting to the VPN (with suffixes blanked out): Windows IP Configuration Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : ***.*** Link-local IPv6 Address . . . . . : fe80::8de3:9dbe:393a:33ba%11 IPv4 Address. . . . . . . . . . . : 150.237.13.17 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 150.237.13.1 Tunnel adapter 6TO4 Adapter: Connection-specific DNS Suffix . : ***.*** IPv6 Address. . . . . . . . . . . : 2002:96ed:d11::96ed:d11 Default Gateway . . . . . . . . . : 2002:c058:6301::c058:6301 Tunnel adapter Local Area Connection* 9: Connection-specific DNS Suffix . : IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:2cf9:38c4:6912:f2ee Link-local IPv6 Address . . . . . : fe80::2cf9:38c4:6912:f2ee%12 Default Gateway . . . . . . . . . : Tunnel adapter isatap.***.***: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : ***.*** Here is my route print output before connecting to the VPN: =========================================================================== Interface List 11...20 cf 30 9d ec 2a ......Realtek RTL8168D/8111D Family PCI-E Gigabit Ethern et NIC (NDIS 6.20) 1...........................Software Loopback Interface 1 14...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter 12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface 13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2 =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 150.237.13.1 150.237.13.17 2 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 150.237.13.0 255.255.255.0 On-link 150.237.13.17 257 150.237.13.17 255.255.255.255 On-link 150.237.13.17 257 150.237.13.255 255.255.255.255 On-link 150.237.13.17 257 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 150.237.13.17 257 255.255.255.255 255.255.255.255 On-link 12

    Read the article

  • How to setup dhcp3-server to advertise the DNS server the server itself has got from DHCP?

    - by Ivan
    The Ubuntu 10.04 server has eth0 Internet interface configured by means of an ISP's DHCP. At the same time the server has static eth0 LAN interface to which it provides masquerading (NAT) and LAN-internal DHCP service (dhcp3-server). As far as I've understood the manual, I had to hardcode DNS servers to advertise through LAN DHCP with option domain-name-servers in dhcpd.conf. But what if the ISP changes his DNS server IP silently (we use a SOHO-class ISP, so this won't surprise me much)? Can I configure dhcpd to advertise the DNS server the server uses itself, the one gotten by its DHCP client mechanism?

    Read the article

  • virtualbox and nginx server_name

    - by Ivan
    I'm trying to configure gitlab running in an Ubuntu 12.04 guest with Windows7 host. I can ssh the guest using port-forwarding and access the nginx server using port redirection (8888 in host is 80 in guest, so localhost:8888 in host gets to the nginx server in the guest), but the server_name in nginx configuration file is giving me trouble. What is the correct listen and server_name that nginx would accept? The guest has the NAT interface at 10.0.2.15 and Host-Only interface at 192.168.56.101, static. Thanks!

    Read the article

  • Credentials needed for BT line on Netgear router

    - by Bali C
    I have recently bought a new Netgear router to replace my current BTHomeHub as it doesn't support wireless. I did buy a WAP but figured it would be easier to use a router with wireless built in. (It's a modem/router combo). I have got as far as setting up the router on the web interface, but then it asks for a username and password to connect to the net, I can only assume this is for the phone line? I have tried some passwords I could find written down but they don't work, the internet light comes on and then when the creds fail it goes off. I have been on the homehubs web interface and been through all the settings it has to find the credentials it is using which obviously work, but no joy. Is there anything obvious I am missing, or is there a way I can retrieve my settings from my existing router? Any pointers will be very appreciated.

    Read the article

  • Windows 7 Paging file apparently not being used

    - by Daniel F.
    I'm running Windows 7 Home Premium 32bit on a mobo with 24GB RAM. Of those 24GB, 20GB are assigned as a RAMDISK via ASRock XFastRAM. This RAMDISK has the drive letter X assigned to it. On X:\ I'm storing the temporary files folder, as well as pagefile.sys. Pagefile.sys has 6GB of size. The X:\ has usually around 14GB free space, so the temporary files are negligible, it's mostly the browsers which are storing their caches on there. Now my issue is that Firefox is crashing a lot on me, no error message pops up, but I know that this is because it's out of memory. I could kind of live with that, but now that I switched from using Eclipse to Android Studio, I know that I'm in trouble, because Java isn't capable of allocating, and Android Studio, together with the Java instances it launches, is quite a memory hog. So I tried to figure out what's wrong, and apparently Windows isn't swapping out memory onto the paging file. While my applications are crashing (firefox) / not starting (java vm's), the paging file is only using constantly around 15% of its size (checked with the performance monitor). 15% equals to 1GB aprox. I know that the correct solution would be to switch to 64 bit Windows, but I had to use the 32 bit version because of driver issues which I had about two years ago, and I guess that I'll have them again if I reformat and install the 64 bit version. Also, the machine is running quite stable, the only issue is the memory, so I'd like to use it as it is (as the apps are installed and configured) Is there a way to make Windows use the paging file more efficiently? None of my processes require more than 1GB, I'd just like it to swap out some seldomly used stuff, like GoogleCrashHandler.exe and stuff like that in order to have "more physical memory avaliable". Is that possible?

    Read the article

  • Remote connection to dynamic public ip & private ip addresses

    - by user51737
    Many times I connected to windows computer which has static public ip address via remote desktop over wan links. I'm wondering how could I connect to the remote computer that has dynamic public ip address & private ip addresses assigned. I've 2 systems at home: xp system-------connected to internet(dynamic public ip) & allowed other users to connected to the internet on the interface. windows vista system--------enabled dhcp on the interface to access internet from xp. How could I remotely connect from my office to the 'vista system'?. If I've a router/modem at my home it may be possible to allow the ports for the system but I don't. Any tips?

    Read the article

  • Windows 2003 server RRAS on VPC

    - by Saif
    I'm trying to setup a L2TP VPN server(to give user access on to all my VPN instance) on a Windows 2003 instance running on my VPC. While trying to enable RRAS I'm getting error, "less than two network interfaces were detected on this machine". Eventually it's because there's only one network interface available, the which has private IP. I have elastic IP assigned to this instance as well. But RRAS can't see this. What should I do to RRAS to be able to see the interface with elastic IP?

    Read the article

  • XCache permission issue

    - by Guilhem Soulas
    I successfully installed XCache on a Linux server where WHM/cPanel is installed too. However when I go to the admin interface it shows me only the cache for the owner of the folder (= a cPanel account). So I copied the admin interface on another cPanel account of the same server and I'm surprised about the memory allocation because it seems to use the memory I set in php.ini for EACH user. So if set the memory size to 64M and I have 10 users, doesn't it mean that XCache can take up to 640M? It's not the behaviour I want because I can't control the memory in that case! I would like to set 64M only for the entire server.

    Read the article

  • How to block all multicast traffic travelling through a Cisco Catalyst 3750

    - by TrueDuality
    Something changed today. I can't seem to track down what, but one of our 3750s decided that it was going to forward all the multicast traffic it saw from the ghost server across every VLAN it has. I've tried writing a simple access group that consists of the following: access-list 100 deny ip any 224.0.0.10 0.0.0.255 access-list 100 permit ip any any I apparently mistakenly assumed that once applied to an interface that it would block all of the multicast traffic on that interface regardless of VLAN. I do not want any multicast traffic flowing through this particular switch to any VLAN or even to stay on the same VLAN beyond this switch. Does anyone have any ideas?

    Read the article

  • Access port on machine by connecting to other machine via SSH?

    - by piquadrat
    I have to access my home router's web interface on port 80. Unfortunately, the only way into the network I have at the moment is SSH to another machine on the same network. me ---|---SSH Box----Home Router My Google foo seems to have abandoned me, I couldn't didn't find anything helpful. Any ideas? Thanks! To clarify: I'm not at home right now. I do however have access to one machine on the network (a QNAP NAS) over SSH. I need to access the home router web interface on port 80 from my notebook which is outside of the home network.

    Read the article

  • Routing based on source address in Windows Server 2008 R2

    - by rocku
    I'm implementing a direct routing load balanced solution using Windows Server 2008 R2 as back-end server. I've configured a loopback interface with the external IP address. This works, I am receiving packets with the external IP address and respond to them appropriately. However our infrastructure requires that traffic which is being load-balanced should go through a different gateway then any other traffic originating from the server, ie. updates etc. So basicly I need to route packets based on source address (external IP) to another gateway. The built-in Windows 'route' command allows routing based on destination address only. I've tried setting a default gateway on the loopback interface and mangled with weak/strong host send/receive parameters on the interfaces, however this didn't work. Is there any way around this, possibly using third party tools?

    Read the article

  • How to open a server port outside of an OpenVPN tunnel with a pf firewall on OSX (BSD)

    - by Timbo
    I have a Mac mini that I use as a media server running XBMC and serves media from my NAS to my stereo and TV (which has been color calibrated with a Spyder3Express, happy). The Mac runs OSX 10.8.2 and the internet connection is tunneled for general privacy over OpenVPN through Tunnelblick. I believe my anonymous VPN provider pushes "redirect_gateway" to OpenVPN/Tunnelblick because when on it effectively tunnels all non-LAN traffic in- and outbound. As an unwanted side effect that also opens the boxes server ports unprotected to the outside world and bypasses my firewall-router (Netgear SRX5308). I have run nmap from outside the LAN on the VPN IP and the server ports on the mini are clearly visible and connectable. The mini has the following ports open: ssh/22, ARD/5900 and 8080+9090 for the XBMC iOS client Constellation. I also have Synology NAS which apart from LAN file serving over AFP and WebDAV only serves up an OpenVPN/1194 and a PPTP/1732 server. When outside of the LAN I connect to this from my laptop over OpenVPN and over PPTP from my iPhone. I only want to connect through AFP/548 from the mini to the NAS. The border firewall (SRX5308) just works excellently, stable and with a very high throughput when streaming from various VOD services. My connection is a 100/10 with a close to theoretical max throughput. The ruleset is as follows Inbound: PPTP/1723 Allow always to 10.0.0.40 (NAS/VPN server) from a restricted IP range >corresponding to possible cell provider range OpenVPN/1194 Allow always to 10.0.0.40 (NAS/VPN server) from any Outbound: Default outbound policy: Allow Always OpenVPN/1194 TCP Allow always from 10.0.0.40 (NAS) to a.b.8.1-a.b.8.254 (VPN provider) OpenVPN/1194 UDP Allow always to 10.0.0.40 (NAS) to a.b.8.1-a.b.8.254 (VPN provider) Block always from NAS to any On the Mini I have disabled the OSX Application Level Firewall because it throws popups which don't remember my choices from one time to another and that's annoying on a media server. Instead I run Little Snitch which controls outgoing connections nicely on an application level. I have configured the excellent OSX builtin firewall pf (from BSD) as follows pf.conf (Apple App firewall tie-ins removed) (# replaced with % to avoid formatting errors) ### macro name for external interface. eth_if = "en0" vpn_if = "tap0" ### wifi_if = "en1" ### %usb_if = "en3" ext_if = $eth_if LAN="{10.0.0.0/24}" ### General housekeeping rules ### ### Drop all blocked packets silently set block-policy drop ### all incoming traffic on external interface is normalized and fragmented ### packets are reassembled. scrub in on $ext_if all fragment reassemble scrub in on $vpn_if all fragment reassemble scrub out all ### exercise antispoofing on the external interface, but add the local ### loopback interface as an exception, to prevent services utilizing the ### local loop from being blocked accidentally. ### set skip on lo0 antispoof for $ext_if inet antispoof for $vpn_if inet ### spoofing protection for all interfaces block in quick from urpf-failed ############################# block all ### Access to the mini server over ssh/22 and remote desktop/5900 from LAN/en0 only pass in on $eth_if proto tcp from $LAN to any port {22, 5900, 8080, 9090} ### Allow all udp and icmp also, necessary for Constellation. Could be tightened. pass on $eth_if proto {udp, icmp} from $LAN to any ### Allow AFP to 10.0.0.40 (NAS) pass out on $eth_if proto tcp from any to 10.0.0.40 port 548 ### Allow OpenVPN tunnel setup over unprotected link (en0) only to VPN provider IPs ### and port ranges pass on $eth_if proto tcp from any to a.b.8.0/24 port 1194:1201 ### OpenVPN Tunnel rules. All traffic allowed out, only in to ports 4100-4110 ### Outgoing pings ok pass in on $vpn_if proto {tcp, udp} from any to any port 4100:4110 pass out on $vpn_if proto {tcp, udp, icmp} from any to any So what are my goals and what does the above setup achieve? (until you tell me otherwise :) 1) Full LAN access to the above ports on the mini/media server (including through my own VPN server) 2) All internet traffic from the mini/media server is anonymized and tunneled over VPN 3) If OpenVPN/Tunnelblick on the mini drops the connection, nothing is leaked both because of pf and the router outgoing ruleset. It can't even do a DNS lookup through the router. So what do I have to hide with all this? Nothing much really, I just got carried away trying to stop port scans through the VPN tunnel :) In any case this setup works perfectly and it is very stable. The Problem at last! I want to run a minecraft server and I installed that on a separate user account on the mini server (user=mc) to keep things partitioned. I don't want this server accessible through the anonymized VPN tunnel because there are lots more port scans and hacking attempts through that than over my regular IP and I don't trust java in general. So I added the following pf rule on the mini: ### Allow Minecraft public through user mc pass in on $eth_if proto {tcp,udp} from any to any port 24983 user mc pass out on $eth_if proto {tcp, udp} from any to any user mc And these additions on the border firewall: Inbound: Allow always TCP/UDP from any to 10.0.0.40 (NAS) Outbound: Allow always TCP port 80 from 10.0.0.40 to any (needed for online account checkups) This works fine but only when the OpenVPN/Tunnelblick tunnel is down. When up no connection is possbile to the minecraft server from outside of LAN. inside LAN is always OK. Everything else functions as intended. I believe the redirect_gateway push is close to the root of the problem, but I want to keep that specific VPN provider because of the fantastic throughput, price and service. The Solution? How can I open up the minecraft server port outside of the tunnel so it's only available over en0 not the VPN tunnel? Should I a static route? But I don't know which IPs will be connecting...stumbles How secure would to estimate this setup to be and do you have other improvements to share? I've searched extensively in the last few days to no avail...If you've read this far I bet you know the answer :)

    Read the article

  • connecting internet TV modem to repeater router, will it work?

    - by Sandro Dzneladze
    I've internet TV at home, it works via special modem which connects to router via Lan interface. I'd like to move Tv to a room which has no router. so i'd like to use wifi for internet TV. My plan is this, buy another wifi router, set it to repeat sygnal of primary router and attach this TV modem to repeater router via Lan interface. Will this work? I have limited understanding of how internet TV works, so I'm not sure if my strategy will work... does router have to have some special feature to allow this service? will my strategy work?

    Read the article

  • NAT : understanding about interconnection

    - by PITCHY
    English version below J'ai 2 routeurs A et B relié en série avec les ip respectives ( 10.0.0.1/30 10.0.0.2/30) sur le routeur A j'ai activé la fonction NAT avec un pool (200.0.0.1 - 200.0.0.15/28). Lorsque je sors je prends donc un ip du pool par exemple 200.0.0.10. Comment ça fonctionne sachant que ma nouvelle ip (200.0.0.10) ne se trouve pas sur le meme réseau que mon interface de destination (10.0.0.2)? English: I have 2 routers A and B, interconnected with a serial connection, with the ip's 10.0.0.1/30 for A and 10.0.0.2/30 for B. On router A NAT was activated with the pool 200.0.0.1 - 200.0.0.15/28. When connection to this router, I get an ip from the pool, for example 200.0.0.10. Knowing my new ip is 200.0.0.10, which is not on the same network as my destination interface (10.0.0.2), how can this work?

    Read the article

  • Configure FTP Server with two different IP addresses on different subnets and separate NICs

    - by Luke
    I have an FTP server that's on a low bandwidth connection. We want to set it up with a second IP address on a much higher bandwidth connection. I set up the second interface with a static IP address on the faster connection. This unfortunately does not work. I can verify that the second IP address works perfectly when I disable the first IP address. What do I need to do to get two separate interface IP addresses on different subnets working on the same server?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 1193 1194 1195 1196 1197 1198 1199 1200 1201 1202 1203 1204  | Next Page >