Search Results

Search found 4462 results on 179 pages for 'ssh'.

Page 138/179 | < Previous Page | 134 135 136 137 138 139 140 141 142 143 144 145  | Next Page >

• Plesk 10 port 8443 connection timeout

  - by GriffinHeart

  I've installed plesk 10 on centOS and after installing to access the cp you need to go https::8443 I'm not being able to, and would like to find out why i can ssh to the server and i can, from the server telnet, to those ports. from another machine i can ping it but when i try to telnet or go to that address i get connection timeout, happens with port 80 and 8443 from my netstat netstat -nlp | grep 8443 tcp 0 0 :::8443 :::* LISTEN 25205/sw-cp-serverd How do i find out whats causing the problem? I also have a router but firewall is at the minimum and the server configured as DMZ, also tried to redirect 8443 to 8443 of the server.

  Read the article

• HP-UX -> Linux incremental remote backup

  - by stack_zen

  Hi. I've the need to setup a differential backup process from a range of remote HP-UXes to a central RHEL5 server. I'd happily go with rsync, problem is, stock HP-UX 11.11 has no built-in rsync and I don't have permissions to install any software on the remote stock HP-UXes. How should I approach this? HP-UX provides: fbackup (HP-UX exclusive) cpio (available in RHEL5, allows backing up only the files which changed, but always grabs the totality of the file) ssh remote_user@remote_host 'find /u01/engine/logs/ -type f -name "*.log" | cpio -o | gzip -' | cpio gunzip - | -idmv Those solutions don't really answer my incremental (bandwidth efficiency) problem do they?

  Read the article

• Trouble Connecting to Virtual Machine after IP address Change

  - by David

  I have a VMware image running a copy of Fedora 11 which is hosted on a remote server. The remote server recently had its IP address change. I'm now unable to connect to my virtual machine. The server admin assures me that my virtual machine is running and assigned the new IP address. I have checked the firewalls and had the remote admin restart the VM instance. Neither of these fixed the problem. How do I troubleshoot a remote server which I am unable to SSH to? I'm actually even unable to ping the remote IP (connection timed out).

  Read the article

• Does ILOM on recent Sun rackmount servers fully support Linux?

  - by orange80

  Do the recent Sun rackmount servers with ILOM fully support installation of Linux (Ubuntu or Fedora maybe) via the ILOM (connected by ssh) without having to hook up a display, kbd, and mouse? I have an old Sun v20z right now that will install Solaris no problem over the Service Processor but when trying to install Ubuntu 9 64-bit server I get one line on the console then it goes blank. I'd be interested in know which if any of the recent x64 models would allow me to install and run linux while completely avoiding any need for external display, keyboard, or mouse. Thanks!

  Read the article

• scp vs netatalk, samba, and/or vsftpd with External USB drive

  - by KitsuneYMG

  I set up a ubuntu server machine to share an ext2 formatted external usb drive. When attempting to copy a single 275MB files from said device through netatalk, I get estimated download rates at around 45 min. With samba and ftp (using vsftpd) I get 1+ hours! Using scp to copy the file results in complete download within 5 minutes. Another option, ssh+cp from external device to ~ and then using netatalk to grab it from there results in a total time of arounf 7 minutes. Does anyone have a clue what is misconfigured? Assuming that nothing is, is there any fs/pseudo-fs that would use the internal hdd as an intermediate location/onion-layer for the external hdd (for reads only)? Details: AppleVolumes.default: /mnt/ext USB allow:username cnidscheme:cdb options:usedots,upriv

  Read the article

• What ports tend to be unfiltered by boneheaded firewalls?

  - by Reid

  Hi all, I like to be able to ssh into my server (shocking, I know). The problem comes when I'm traveling, where I face a variety of firewalls in hotels and other institutions, having a variety of configurations, sometimes quite boneheaded. I'd like to set up an sshd listening on a port that has a high probability of getting through this mess. Any suggestions? The sshd currently listens on a nonstandard (but < 1024) port to avoid script kiddies knocking on the door. This port is frequently blocked, as is the other nonstandard port where my IMAP server lives. I have services running on ports 25 and 80 but anything else is fair game. I was thinking 443 perhaps. Much appreciated! Reid

  Read the article

• Running Emacs on Multiple TTYs in screen

  - by Daniel Kessler

  When working with EMACS over SSH, is there any way to spawn a new frame of the same emacs session on a different terminal? In my use case, I have screen running, so I have multiple terminals, and can recover which pseudo terminal they're attached to with pts. Suppose I have two "windows" (in GNU screen parlance). The first one is attached to /dev/pts/12 and the second one is attached to /dev/pts/13. I launch emacs on the first window. Is there any way for me to start a new frame of the same session on the second window? I've been playing with passing arguments to make-frame but it seems that the usage that allows me to specify a terminal requires that a terminal object already exists, and I can't see any way to create a new terminal object.

  Read the article

• Help me upgrade my pf.conf for OpenBSD 4.7

  - by polemon

  I'm planning on upgrading my OpenBSD to 4.7 (from 4.6) and as you may or may not know, they changed the syntax for pf.conf. This is the relevant portion from the upgrade guide: pf(4) NAT syntax change As described in more detail in this mailing list post, PF's separate nat/rdr/binat (translation) rules have been replaced with actions on regular match/filter rules. Simple rulesets may be converted like this: nat on $ext_if from 10/8 -> ($ext_if) rdr on $ext_if to ($ext_if) -> 1.2.3.4 becomes match out on $ext_if from 10/8 nat-to ($ext_if) match in on $ext_if to ($ext_if) rdr-to 1.2.3.4 and... binat on $ext_if from $web_serv_int to any -> $web_serv_ext becomes match on $ext_if from $web_serv_int to any binat-to $web_serv_ext nat-anchor and/or rdr-anchor lines, e.g. for relayd(8), ftp-proxy(8) and tftp-proxy(8), are no longer used and should be removed from pf.conf(5), leaving only the anchor lines. Translation rules relating to these and spamd(8) will need to be adjusted as appropriate. N.B.: Previously, translation rules had "stop at first match" behaviour, with binat being evaluated first, followed by nat/rdr depending on direction of the packet. Now the filter rules are subject to the usual "last match" behaviour, so care must be taken with rule ordering when converting. pf(4) route-to/reply-to syntax change The route-to, reply-to, dup-to and fastroute options in pf.conf move to filteropts; pass in on $ext_if route-to (em1 192.168.1.1) from 10.1.1.1 pass in on $ext_if reply-to (em1 192.168.1.1) to 10.1.1.1 becomes pass in on $ext_if from 10.1.1.1 route-to (em1 192.168.1.1) pass in on $ext_if to 10.1.1.1 reply-to (em1 192.168.1.1) Now, this is my current pf.conf: # $OpenBSD: pf.conf,v 1.38 2009/02/23 01:18:36 deraadt Exp $ # # See pf.conf(5) for syntax and examples; this sample ruleset uses # require-order to permit mixing of NAT/RDR and filter rules. # Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1 # in /etc/sysctl.conf if packets are to be forwarded between interfaces. ext_if="pppoe0" int_if="nfe0" int_net="192.168.0.0/24" polemon="192.168.0.10" poletopw="192.168.0.12" segatop="192.168.0.20" table <leechers> persist set loginterface $ext_if set skip on lo match on $ext_if all scrub (no-df max-mss 1440) altq on $ext_if priq bandwidth 950Kb queue {q_pri, q_hi, q_std, q_low} queue q_pri priority 15 queue q_hi priority 10 queue q_std priority 7 priq(default) queue q_low priority 0 nat-anchor "ftp-proxy/*" rdr-anchor "ftp-proxy/*" nat on $ext_if from !($ext_if) -> ($ext_if) rdr pass on $int_if proto tcp to port ftp -> 127.0.0.1 port 8021 rdr pass on $ext_if proto tcp to port 2080 -> $segatop port 80 rdr pass on $ext_if proto tcp to port 2022 -> $segatop port 22 rdr pass on $ext_if proto tcp to port 4000 -> $polemon port 4000 rdr pass on $ext_if proto tcp to port 6600 -> $polemon port 6600 anchor "ftp-proxy/*" block pass on $int_if queue(q_hi, q_pri) pass out on $ext_if queue(q_std, q_pri) pass out on $ext_if proto icmp queue q_pri pass out on $ext_if proto {tcp, udp} to any port ssh queue(q_hi, q_pri) pass out on $ext_if proto {tcp, udp} to any port http queue(q_std, q_pri) #pass out on $ext_if proto {tcp, udp} all queue(q_low, q_hi) pass out on $ext_if proto {tcp, udp} from <leechers> queue(q_low, q_std) pass in on $ext_if proto tcp to ($ext_if) port ident queue(q_hi, q_pri) pass in on $ext_if proto tcp to ($ext_if) port ssh queue(q_hi, q_pri) pass in on $ext_if proto tcp to ($ext_if) port http queue(q_hi, q_pri) pass in on $ext_if inet proto icmp all icmp-type echoreq queue q_pri If someone has experience with porting the 4.6 pf.conf to 4.7, please help me do the correct changes. OK, this is how far I've got: I commented out nat-anchor and rdr-anchor, as describted in the guide: #nat-anchor "ftp-proxy/*" #rdr-anchor "ftp-proxy/*" And this is how I've "converted" the rdr rules: #nat on $ext_if from !($ext_if) -> ($ext_if) match out on $ext_if from !($ext_if) nat-to ($ext_if) #rdr pass on $int_if proto tcp to port ftp -> 127.0.0.1 port 8021 match in on $int_if proto tcp to port ftp rdr-to 127.0.0.1 port 8021 #rdr pass on $ext_if proto tcp to port 2080 -> $segatop port 80 match in on $ext_if proto tcp tp port 2080 rdr-to $segatop port 80 #rdr pass on $ext_if proto tcp to port 2022 -> $segatop port 22 match in on $ext_if proto tcp tp port 2022 rdr-to $segatop port 22 rdr pass on $ext_if proto tcp to port 4000 -> $polemon port 4000 match in on $ext_if proto tcp tp port 4000 rdr-to $polemon port 4000 rdr pass on $ext_if proto tcp to port 6600 -> $polemon port 6600 match in on $ext_if proto tcp tp port 6600 rdr-to $polemon port 6600 Did I miss anything? Is the anchor for ftp-proxy OK as it is now? Do I need to change something in the other pass in on... lines?

  Read the article

• How to analyse logs after the site was hacked

  - by Vasiliy Toporov

  One of our web-projects was hacked. Malefactor changed some template files in project and 1 core file of the web-framework (it's one of the famous php-frameworks). We found all corrupted files by git and reverted them. So now I need to find the weak point. With high probability we can say, that it's not the ftp or ssh password abduction. The support specialist of hosting provider (after logs analysis) said that it was the security hole in our code. My questions: 1) What tools should I use, to review access and error logs of Apache? (Our server distro is Debian). 2) Can you write tips of suspicious lines detection in logs? Maybe tutorials or primers of some useful regexps or techniques? 3) How to separate "normal user behavior" from suspicious in logs. 4) Is there any way to preventing attacks in Apache? Thanks for your help.

  Read the article

• Create FTP accounts with access to just some folders in the web directory

  - by Karevan

  I own a VPS server. At the moment I havent installed any FTP server on it, I am using SSH and SFTP only. I am using Debian 6 Squeeze and Apache2 service. The web directory is in /var/www/ Well, I wanted to create different FTP accounts and give access to some people to them (one account per user). In my web directory I have an structure like this: /var/www/mtaplugins/music/mplayer/music/ /var/www/mapuploader/ and more folders inside. I want to create an FTP account which should be able to just access one of those folders and the folders inside them. I would appreciate some recomendations or stept to follow before installing anything or doing anythong, because I dont have any idea about this. I was thinking in using ProFTPd but as I saw in the documentation it would just create an account for each user in my server, and I want to not create more users (I always use root) Thanks in advance

  Read the article

• rsync - how to set/keep directory permissions?

  - by Dylan

  I'm using CwRsync to connect from my Windows development machine to a linux webserver : rsync -avuz -e ./ssh --exclude=".svn" /cygdrive/c/xampp/htdocs/project123/ [email protected]:/home/user123/public_html This syncs my development project directory nicely and fast to the server. But after doing this, all directory properties are reset to the local user 'user123' only, so the website is not available anymore. I need to manually reset those properties. Why is this happening, and how to prevent it? PS. coming from a Windows environment I'm having a really hard time understanding rsync. I copied the above command from some examples... just need to get this one small thing working too...

  Read the article

• opennebula 3.4 in debian squeeze

  - by Jin Splif

  hope can get some advise n help.... currently I am installing opennebula 3.4 in debian squeeze everything have being successful where I am able to access the opennebula sunstone webpage localhost:9869 , use one command but when I tried to create a host the status become error... hope someone can assist me on this thanks sample log Monitoring host abc (0) [InM][I]: Command execution fail: 'if [ -x "/var/tmp/one/im/run_probes" ]; then /var/tmp/one/im/run_probes kvm 0 abc; else exit 42; fi' [InM][I]: ssh: Could not resolve hostname abc: Name or service not known [InM][I]: ExitCode: 255 [InM][E]: Error monitoring host 0 : MONITOR FAILURE 0 -

  Read the article

• my linux problems and solutions [closed]

  - by Delirium tremens

  I read somewhere in StackOverflow or StackOverflow Meta that if I had a problem, then solved it myself, I can share the problem and solution with you. How do I? in Linux: remove unneeded packages using apt-get play spc and psf update the system using apt-get in Mint: install lamp install and configure xdebug enable xdebug for cakephp install bazaar colo rename a repository directory when bazaar explorer fails init a repository when bazaar explorer fails use ssh key with launchpad uninstall firefox 3 when synaptic fails install minefield make pearltrees load when flash fails edit clojure documents install compojure create a new compojure project in Kubuntu enable phpmyadmin after installing lamp stop MySQLdb module error in webpy in Ubuntu stop the mouse pointer from disappearing fix the color stop sync read-only filesystem error stop download prompt instead of site enable phpmyadmin after installing lamp enable mod_rewrite after installing lamp

  Read the article

• Open a screen session inside a certain user on boot Ubuntu Server Linux

  - by Pez Cuckow

  I currently have a private server which I test my web apps on which runs Ubuntu Server 10.04 I also host a few game servers (rather than having wasted CPU time :-D) for some of my friends. These game servers I run in the game user account and each one has it's own screen session (so friends can ssh in and reboot the game server etc...). For example screen -R l4d2 runs ./start in the L4D2 folder. However if I reboot the server (which I have to do occasionally) all these sessions close and I have to manually create all the screen sessions and run the required games within them. Is there a way to set these screen sessions as Daemons or services or just boot on server start so they restart themselves on server reboot? I hope I have made my question easy to understand but feel free to ask questions! Many thanks,

  Read the article

• Trouble Connecting to Virtual Machine after IP address Change

  - by David

  I have a VMware image running a copy of Fedora 11 which is hosted on a remote server. The remote server recently had its IP address change. I'm now unable to connect to my virtual machine. The server admin assures me that my virtual machine is running and assigned the new IP address. I have checked the firewalls and had the remote admin restart the VM instance. Neither of these fixed the problem. How do I troubleshoot a remote server which I am unable to SSH to? I'm actually even unable to ping the remote IP (connection timed out).

  Read the article

• Cannot Login To phpMyAdmin

  - by Zach Dziura

  I'm running a simple LAMP server at home from which I host a personal blog. The server is running Arch Linux, with the latest-and-greatest versions of Apache, MySQL, and PHP. In order to easily maintain the databases, I installed phpMyAdmin. However, I cannot login. If I were to SSH into the server and run mysql -u <user> -p <password>, no errors show up and I'm immediately placed into the MySQL prompt. No problem. However, when I try to log in with phpMyAdmin, using those exact same credentials, nothing happens. No errors, no nothing, I'm just redirected back to the login page. Did I do something wrong? Thanks in advance for any and all answers!

  Read the article

• Android software for the system administrator on the move

  - by GruffTech

  My company has over service through Verizon, and AT&T Service in the area is "shoddy" at its best, so I haven't been able to join the "iPhone party" like so many of my fellow system administrators have been able to. That being said, this week finally a phone I like has hit Verizon, the HTC Incredible. (I've been waiting for the Desire or Nexus One, but after seeing spec sheets and reviews, HTC Incredible comes out ahead anyway). So (finally) I'm looking for Android Apps that are "gotta-haves" for system administrators. I've found the bottom three. If there are others you prefer over these let me know. RDP Program - RemoteRDP SSH Client - ConnectBot Nagios - NagMonDroid Reply with your favorite Android App and why!

  Read the article

• Windows Azure openSUSE: rcnetwork not starting

  - by djechelon

  I have a Linux VM in Azure, created from their default image. My problem is simply that the init script network doesn't look like to start, so dependent services (apache, postfix...) won't start. If I run yast runlevel and try to start postfix it asks me to start network first: if I accept, network is started without errors and then postfix is started. While network is configured to start on boot, it just doesn't appear to have started. Anyway, SSH connections work fine. Currently, I had to edit my init scripts and remove network from the Required-Start list, but that didn't work for posftix (even after running systemctl --system daemon-reload). How can I fix all this?

  Read the article

• Determine process using a port, without sudo

  - by pat

  I'd like to find out which process (in particular, the process id) is using a given port. The one catch is, I don't want to use sudo, nor am I logged in as root. The processes I want this to work for are run by the same user that I want to find the process id - so I would have thought this was simple. Both lsof and netstat won't tell me the process id unless I run them using sudo - they will tell me that the port is being used though. As some extra context - I have various apps all connecting via SSH to a server I manage, and creating reverse port forwards. Once those are set up, my server does some processing using the forwarded port, and then the connection can be killed. If I can map specific ports (each app has their own) to processes, this is a simple script. Any suggestions? This is on an Ubuntu box, by the way - but I'm guessing any solution will be standard across most Linux distros.

  Read the article

• VM can't connect to outside in bridged mode

  - by Kamal

  Hi Guys, I am not able to ping any machine(not even the host) from Guest VM in bridged mode. But I got an IP which is on the same subnet as host. I can ping my guest VM from the host and can use ssh to connect to the guest. I am using Vmware workstation 6.5. Guest VM is a centos VM and host is windows xp. Every thing works fine in NAT mode. Any clues as to what could be happening. I tried disabling all the firewalls I have.

  Read the article

• Can't bring NAT to work

  - by user31738

  Hello, I bought a D-link DIR-300 wireless router and i can't bring NAT to work, i have an ssh and http service i need to forward to the internet. My connection is as follows: I have an ADSL connection, i'm using a ADSL ethernet modem connected and working, it doesnt let me put it on bridge mode. I have my router connected to my adsl modem through ethernet, it gets its ip through DHCP (and i'ts always the same) I have a desktop computer running linux with apache and openssh configured and working, it has fixed ip. I configured the NAT in the modem forwarding port 22 from the router ip to the internet. In the router i setup NAT forwarding port 22 from the desktop computer fixed ip to out there. This setup already worked with a fonera i had before, can anyone help me with this or tell me what kind of tests do i need to do? How can i test if the router is forwarding ports correctly before the modem?

  Read the article

• Tomato vs X-Wrt Wireless Router Firmware - which is better?

  - by wag2639

  A few years ago, I've switched over from DD-WRT to Tomato and I haven't looked back since. Before I did, I poked around with OpenWRT but found it too confusing or annoying to use (and I'm a CS major and setup and configured Linux servers using SSH). I'm probably not going back to DD-WRT because of all the controversy but I was wondering how X-Wrt is nowadays? From the screenshots, it looks a lot more featured packed than Tomato and that definitely has its appeal. Then again, simplicity has its advantages to. Any thoughts?

  Read the article

• OpenVPN client on Amazon EC2

  - by Matt Culbreth

  I have an account with an OpenVPN service, and I'd like to get that running on my EC2 instance running Ubuntu 12.04. I have my config file in /etc/openvpn, and it connects fine when I run sudo openvpn --config matt.ovpn. However, I then lose connectivity to the EC2 machine, and I can't SSH back to it until I reboot. Previously I have done things like sudo ip rule add from IP_ADDRESS table 10 and then sudo ip route add default via GATEWAY_IP table 10, but that's not working on EC2. Any ideas? My private IP address right now is 10.209.29.XXX and my gateway is 10.209.29.1.

  Read the article

• How to open a server port outside of an OpenVPN tunnel with a pf firewall on OSX (BSD)

  - by Timbo

  I have a Mac mini that I use as a media server running XBMC and serves media from my NAS to my stereo and TV (which has been color calibrated with a Spyder3Express, happy). The Mac runs OSX 10.8.2 and the internet connection is tunneled for general privacy over OpenVPN through Tunnelblick. I believe my anonymous VPN provider pushes "redirect_gateway" to OpenVPN/Tunnelblick because when on it effectively tunnels all non-LAN traffic in- and outbound. As an unwanted side effect that also opens the boxes server ports unprotected to the outside world and bypasses my firewall-router (Netgear SRX5308). I have run nmap from outside the LAN on the VPN IP and the server ports on the mini are clearly visible and connectable. The mini has the following ports open: ssh/22, ARD/5900 and 8080+9090 for the XBMC iOS client Constellation. I also have Synology NAS which apart from LAN file serving over AFP and WebDAV only serves up an OpenVPN/1194 and a PPTP/1732 server. When outside of the LAN I connect to this from my laptop over OpenVPN and over PPTP from my iPhone. I only want to connect through AFP/548 from the mini to the NAS. The border firewall (SRX5308) just works excellently, stable and with a very high throughput when streaming from various VOD services. My connection is a 100/10 with a close to theoretical max throughput. The ruleset is as follows Inbound: PPTP/1723 Allow always to 10.0.0.40 (NAS/VPN server) from a restricted IP range >corresponding to possible cell provider range OpenVPN/1194 Allow always to 10.0.0.40 (NAS/VPN server) from any Outbound: Default outbound policy: Allow Always OpenVPN/1194 TCP Allow always from 10.0.0.40 (NAS) to a.b.8.1-a.b.8.254 (VPN provider) OpenVPN/1194 UDP Allow always to 10.0.0.40 (NAS) to a.b.8.1-a.b.8.254 (VPN provider) Block always from NAS to any On the Mini I have disabled the OSX Application Level Firewall because it throws popups which don't remember my choices from one time to another and that's annoying on a media server. Instead I run Little Snitch which controls outgoing connections nicely on an application level. I have configured the excellent OSX builtin firewall pf (from BSD) as follows pf.conf (Apple App firewall tie-ins removed) (# replaced with % to avoid formatting errors) ### macro name for external interface. eth_if = "en0" vpn_if = "tap0" ### wifi_if = "en1" ### %usb_if = "en3" ext_if = $eth_if LAN="{10.0.0.0/24}" ### General housekeeping rules ### ### Drop all blocked packets silently set block-policy drop ### all incoming traffic on external interface is normalized and fragmented ### packets are reassembled. scrub in on $ext_if all fragment reassemble scrub in on $vpn_if all fragment reassemble scrub out all ### exercise antispoofing on the external interface, but add the local ### loopback interface as an exception, to prevent services utilizing the ### local loop from being blocked accidentally. ### set skip on lo0 antispoof for $ext_if inet antispoof for $vpn_if inet ### spoofing protection for all interfaces block in quick from urpf-failed ############################# block all ### Access to the mini server over ssh/22 and remote desktop/5900 from LAN/en0 only pass in on $eth_if proto tcp from $LAN to any port {22, 5900, 8080, 9090} ### Allow all udp and icmp also, necessary for Constellation. Could be tightened. pass on $eth_if proto {udp, icmp} from $LAN to any ### Allow AFP to 10.0.0.40 (NAS) pass out on $eth_if proto tcp from any to 10.0.0.40 port 548 ### Allow OpenVPN tunnel setup over unprotected link (en0) only to VPN provider IPs ### and port ranges pass on $eth_if proto tcp from any to a.b.8.0/24 port 1194:1201 ### OpenVPN Tunnel rules. All traffic allowed out, only in to ports 4100-4110 ### Outgoing pings ok pass in on $vpn_if proto {tcp, udp} from any to any port 4100:4110 pass out on $vpn_if proto {tcp, udp, icmp} from any to any So what are my goals and what does the above setup achieve? (until you tell me otherwise :) 1) Full LAN access to the above ports on the mini/media server (including through my own VPN server) 2) All internet traffic from the mini/media server is anonymized and tunneled over VPN 3) If OpenVPN/Tunnelblick on the mini drops the connection, nothing is leaked both because of pf and the router outgoing ruleset. It can't even do a DNS lookup through the router. So what do I have to hide with all this? Nothing much really, I just got carried away trying to stop port scans through the VPN tunnel :) In any case this setup works perfectly and it is very stable. The Problem at last! I want to run a minecraft server and I installed that on a separate user account on the mini server (user=mc) to keep things partitioned. I don't want this server accessible through the anonymized VPN tunnel because there are lots more port scans and hacking attempts through that than over my regular IP and I don't trust java in general. So I added the following pf rule on the mini: ### Allow Minecraft public through user mc pass in on $eth_if proto {tcp,udp} from any to any port 24983 user mc pass out on $eth_if proto {tcp, udp} from any to any user mc And these additions on the border firewall: Inbound: Allow always TCP/UDP from any to 10.0.0.40 (NAS) Outbound: Allow always TCP port 80 from 10.0.0.40 to any (needed for online account checkups) This works fine but only when the OpenVPN/Tunnelblick tunnel is down. When up no connection is possbile to the minecraft server from outside of LAN. inside LAN is always OK. Everything else functions as intended. I believe the redirect_gateway push is close to the root of the problem, but I want to keep that specific VPN provider because of the fantastic throughput, price and service. The Solution? How can I open up the minecraft server port outside of the tunnel so it's only available over en0 not the VPN tunnel? Should I a static route? But I don't know which IPs will be connecting...stumbles How secure would to estimate this setup to be and do you have other improvements to share? I've searched extensively in the last few days to no avail...If you've read this far I bet you know the answer :)

  Read the article

• Can a named (bind) crash make a server unreachable?

  - by giorgio79

  My server recently became unreachable, and after restart a named error was the last line I found in /var/log/messages before restart: Jun 26 00:15:06 host named[1303]: error (network unreachable) resolving 'dlv.isc.org/DNSKEY/IN': 2001:500:71::29#53 Jun 26 06:38:55 host kernel: imklog 5.8.10, log source = /proc/kmsg started. Jun 26 06:38:55 host rsyslogd: [origin software="rsyslogd" swVersion="5.8.10" x-pid="1294" x-info="http://www.rsyslog.com"] start Jun 26 06:38:55 host kernel: Initializing cgroup subsys cpuset Can a named crash make a server unreachable? I doubt it, as I assume I should still be able to login with ssh via IP, but the server did not respond...So, I am trying to make heavy guesses here.

  Read the article

< Previous Page | 134 135 136 137 138 139 140 141 142 143 144 145  | Next Page >