Search Results

Search found 33223 results on 1329 pages for 'database firewall'.

Page 145/1329 | < Previous Page | 141 142 143 144 145 146 147 148 149 150 151 152 | Next Page >

Accessing my Rails webrick behind proxy?

- by Eki Eqbal

In my mackbook, when I try to connect to my rails application in office I can't , in the office there are some http proxy , and when I run my rails like this : sudo rails s -p8080 => Booting WEBrick => Rails 3.0.5 application starting in development on http://0.0.0.0:8080 => Call with -d to detach => Ctrl-C to shutdown server [2012-03-20 12:49:34] INFO WEBrick 1.3.1 [2012-03-20 12:49:34] INFO ruby 1.8.7 (2010-01-10) [universal-darwin11.0] [2012-03-20 12:49:34] INFO WEBrick::HTTPServer#start: pid=17439 port=8080 The local IP is : en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500 ether f8:1e:df:d8:8c:25 inet6 fe80::fa1e:dfff:fed8:8c25%en1 prefixlen 64 scopeid 0x5 inet 10.21.21.240 netmask 0xffffff00 broadcast 10.21.21.255 media: autoselect status: active so when I try in the browser to trigger localhost:8080 or 10.21.21.240:8080 , it seems that I can't trigger my application as for the proxy check out the following : Any Ideas ?

Read the article
What's the closest equivalent of Little Snitch (Mac program) on Windows?

- by Charles Scowcroft

I'm using Windows 7 and would like to have a feature like Little Snitch on the Mac that alerts you whenever a program on your computer makes an outgoing connection. Description of Little Snitch from its website: Little Snitch informs you whenever a program attempts to establish an outgoing Internet connection. You can then choose to allow or deny this connection, or define a rule how to handle similar, future connection attempts. This reliably prevents private data from being sent out without your knowledge. Little Snitch runs inconspicuously in the background and it can also detect network related activity of viruses, trojans and other malware. Little Snitch provides flexible configuration options, allowing you to grant specific permissions to your trusted applications or to prevent others from establishing particular Internet connections at all. So you will only be warned in those cases that really need your attention. Is there a program like Little Snitch for Windows?

Read the article
Nodes inside Cisco VPN. Incoming SSH requests allowed. But can't initiate an outbound SSH.

- by Douglas Peter

I've a gateway-to-gateway VPN setup between my Linksys RV042 router and a Cisco VPN. I am able to SSH into any of the machine inside the VPN from my network. But none of the machines inside the VPN can initiate an SSH into my network. It seems they've blocked even all ping requests to my network gateway. This is the requirement: I have scripts that SSH into the machines inside the VPN and run a long mysql query. The query generates an output to a file. The time that these queries take is variable. So I have a loop in my machine that periodically SSHes into the VPN machine and checks if the query has finished, and pulls the generated file using SCP. I need to simplify it thus: The script will run at the machine inside the VPN, and when the query completes, it will SSH into my machine and pushes the generated file. Thanks for any ideas.

Read the article
iptables blocking ssh communication

- by Michal Sapsa

I'm using this script for iptables: #!/bin/sh echo "1" > /proc/sys/net/ipv4/ip_forward iptables -F iptables -X iptables -F -t nat iptables -X -t nat iptables -F -t filter iptables -X -t filter iptables -t filter -P FORWARD DROP iptables -t filter -A FORWARD -s 192.168.0.0/255.255.0.0 -d 0/0 -j ACCEPT iptables -t filter -A FORWARD -s 0/0 -d 192.168.0.0/255.255.0.0 -j ACCEPT iptables -t nat -A POSTROUTING -s 10.8.0.1/255.255.255.0 -j MASQUERADE iptables -A FORWARD -s 10.8.0.1/255.255.255.0 -j ACCEPT iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -d 0/0 -j MASQUERADE iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu iptables -t nat -A PREROUTING -i eth1 -p udp --dport 16161 -j DNAT --to 192.168.0.251:16161 iptables -t nat -A PREROUTING -i eth1 -p udp --sport 16161 -j DNAT --to 192.168.0.251:16161 #openvpn iptables -I INPUT -p tcp --dport 1194 -j ACCEPT iptables -I INPUT -p udp --dport 1194 -j ACCEPT I end up with some iptables rules that should work but don't work - probably because of me. # Generated by iptables-save v1.4.12 on Mon May 26 13:15:43 2014 *raw :PREROUTING ACCEPT [1657523:1357257330] :OUTPUT ACCEPT [36804:34834370] -A PREROUTING -p icmp -j TRACE -A PREROUTING -p tcp -j TRACE -A OUTPUT -p icmp -j TRACE -A OUTPUT -p tcp -j TRACE COMMIT # Completed on Mon May 26 13:15:43 2014 # Generated by iptables-save v1.4.12 on Mon May 26 13:15:43 2014 *nat :PREROUTING ACCEPT [5033:345623] :INPUT ACCEPT [154:34662] :OUTPUT ACCEPT [6:1968] :POSTROUTING ACCEPT [2:120] -A PREROUTING -i eth0 -p tcp -m tcp --dport 16161 -j DNAT --to-destination 192.168.0.251:22 -A PREROUTING -i eth1 -p tcp -m tcp --dport 16161 -j DNAT --to-destination 192.168.0.251:22 -A POSTROUTING -s 10.8.0.0/24 -j MASQUERADE -A POSTROUTING -s 192.168.0.0/24 -j MASQUERADE COMMIT # Completed on Mon May 26 13:15:44 2014 # Generated by iptables-save v1.4.12 on Mon May 26 13:15:44 2014 *filter :INPUT ACCEPT [548:69692] :FORWARD DROP [8:384] :OUTPUT ACCEPT [2120:1097479] -A INPUT -p udp -m udp --dport 1194 -j ACCEPT -A INPUT -p tcp -m tcp --dport 1194 -j ACCEPT -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu -A FORWARD -s 192.168.0.0/16 -j ACCEPT -A FORWARD -d 192.168.0.0/16 -j ACCEPT -A FORWARD -s 10.8.0.0/24 -j ACCEPT -A FORWARD -i eth0 -o eth1 -p tcp -m tcp --dport 22 -j ACCEPT -A FORWARD -i eth1 -o eth0 -p tcp -m tcp --dport 22 -j ACCEPT COMMIT TRACE at PREROUTEING AND OUTPUT are only for debuging this thing. When I ssh at public ip with port 16161 I don't get any message, only TimeOut so it looks like I don't get communication back to remote server. ETH0 is the world, ETH1 is LAN Any IPTABLES Masters willing to give a hand ? iptables -vL Chain INPUT (policy ACCEPT 20548 packets, 3198K bytes) pkts bytes target prot opt in out source destination 38822 7014K ACCEPT udp -- any any anywhere anywhere udp dpt:openvpn 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:openvpn Chain FORWARD (policy DROP 1129 packets, 64390 bytes) pkts bytes target prot opt in out source destination 214K 11M TCPMSS tcp -- any any anywhere anywhere tcpflags: SYN,RST/SYN TCPMSS clamp to PMTU 4565K 1090M ACCEPT all -- any any 192.168.0.0/16 anywhere 5916K 7315M ACCEPT all -- any any anywhere 192.168.0.0/16 0 0 ACCEPT all -- any any 10.8.0.0/24 anywhere 0 0 ACCEPT tcp -- any any anywhere 192.168.0.251 tcp dpt:16161 Chain OUTPUT (policy ACCEPT 59462 packets, 19M bytes) pkts bytes target prot opt in out source destination

Read the article
In Ubuntu, MoBlock makes it take a while to actually start using internet

- by Matchu

When connecting to wireless internet in Ubuntu (tested with two different networks), I connect nearly instantly. However, to actually load a page, I need to wait a few minutes, at which point I can actually use a web browser or Pidgin. Until then, various applications try to connect until they time out. I've discovered that, if instead of waiting a few minutes, I open Terminal and run sudo /etc/init.d/blockcontrol stop, everything suddenly is able to load. I can then start MoBlock again with no ill effects. Why is this happening? What is it that would cause MoBlock to take a few minutes to start letting traffic in, but only when started on bootup? Thanks!

Read the article
Linux Teamviewer functionality, but for ssh only

- by Icapan

I need to access some Linux server behind NAT (no ports forwarded), so I need to have something like "phone home" like Teamviewer has. There is no GUI, but somebody can log in through SSH and dictate a password if it is changing (like Teamviewer). SSH (port 22) is enough (I can tunnel ports through SSH if I need). Any suggestions? How safe is it?

Read the article
Cannot access firewalled jboss server from Internet Explorer

- by Simon Gibbs

I've produced a website for a client One Single Menu using JBoss and hosted it on Rackspace Cloud Servers running Ubuntu's Maverick Meerkat. Following advice, I esablished some iptables rule to protect jboss: iptables -I INPUT 1 -i lo -j ACCEPT iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -p tcp --dport 22 -j ACCEPT iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080 iptables -I INPUT -p tcp --dport 8080 -j ACCEPT iptables -t nat -A OUTPUT -o lo -p tcp --dport 80 -j REDIRECT --to-port 8080 iptables -A INPUT -j DROP Now, several versions of IE on several computers on at least two different ISPs cannot access the onesinglemenu.com. Curl from within the datacenter, Firefox, and Safari on the same ISPs can all access the server fine. I even tried IE and Firefox on the same computer and IE failed but Firefox worked. The error behaviour is that IE hangs on connecting without reporting an error, even after a minute or so. No page is displayed at all. I find it quite odd that I'm having a browser specific connection issue, but it appears to be the case. Help!

Read the article
Typical outbound port list for guest access?

- by Steve

I manage a weekly rental house that includes wireless Internet access. I've allowed all outbound ports on my router but my ISP has disabled my Internet access twice now because guests have downloaded (or served up) copyrighted content. So I'd like to institute some port filtering to discourage p2p sharing (see disclaimer below). But I don't want to inconvenience the 99.9% of folks who keep things above-board. My question is, what outbound ports are typically open for rental/hotel wireless Internet access, or where can I find such a list? TCP 80,443,25,110 at a minimum. Though my own email service uses 995 and 465 for SSL, some may use IMAP, I personally use SSH and FTP, so I'll open those. Roughly I figure I need to open access to privileged ports, and close 1024 & above. Is there a whitelist I should institute for commonly used high ports? And does it make sense to block UDP 1024 ? Disclaimer: I realize anyone replying to this message could circumvent the port filtering and share content to their heart's content. I do not need comprehensive p2p blocking, which requires more than a port whitelist. Anyone staying at the house shoulders the responsibility for their Internet use, per the rental contract. Also anyone savvy enough to circumvent the port filters would hopefully be savvy enough to use some sort of peer blocking, thereby preventing the ISP from taking down the service.

Read the article
Smoothwall Express interface issues

- by Timbermar

I have a SmoothWall Express box that is currently configured with a Green and Purple interface. Both interfaces are in the same /24 subnet (which seems odd to me). The green interface (address of .254) has a DHCP server that is pushing addresses from .1 to .100 and the purple interface (.253) is pushing addresses from .101 to .120. Every machine here is trusted, and as such is connected to the green interface via a wired connection or wireless APs. Nothing is connected at all (port is physically empty, traffic graphs show no activity) to the purple interface. However, every machine here is pulling addresses from the purple interface. So the question boils down to, how do I remove/stop my machines from pulling from the purple dhcp interface? Also, shouldn't the purple interface (if we were using it for guest Wifi or something) be on a different subnet (i.e. 192.168.100.0/24 instead of 192.168.1.0/24 with all the trusted machines)?

Read the article
Database hidden in SQL Server

- by Colin Desmond

During an aborted TFS import (2008 into 2010), I have managed to "lose" a database in 2008. The database is not visible in Management Studio, but the SQL Server exe has a handle on the .mdf file (according to UnLocker), it says it cannot attach it because the file is in use and it cannot attach a copy of the file (created when SQL Server was stopped), as it says a DB of the same name is already attached. Given I am using the same TFS admin account I have always used and have always been able to see the database in, why is this database missing and, more importantly, how do I get it back again?

Read the article
Some HTTPS connections via NAT fail, but work on firewall itself.

- by hnxn

Hi, I am having trouble establishing some HTTPS connections from internal machines, even though these same connections work if initiated on the firewall itself. The firewall machine is running Ubuntu 10.04.1 and shorewall 4.4.6. The internet connection is Bell PPPoE DSL (in Canada). I have tried various MTU settings, it doesn't seem to make any difference. Other protocols (HTTP, FTP, etc) generally work. The problem seems to be limited to certain sites; this one never works from an internal machine, but always works from the firewall itself: From internal machine: $ wget https://images.fedex.com/images/ascend/shared/headers/nxgen/corp_logo.gif --2011-01-13 20:51:31-- https://images.fedex.com/images/ascend/shared/headers/nxgen/corp_logo.gif Resolving images.fedex.com... 184.24.96.69 Connecting to images.fedex.com|184.24.96.69|:443... connected. ^C From firewall: $ wget https://images.fedex.com/images/ascend/shared/headers/nxgen/corp_logo.gif --2011-01-13 20:58:28-- https://images.fedex.com/images/ascend/shared/headers/nxgen/corp_logo.gif Resolving images.fedex.com... 184.24.96.69 Connecting to images.fedex.com|184.24.96.69|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 840 [image/gif] Saving to: `corp_logo.gif' 2011-01-13 20:58:28 (149 MB/s) - `corp_logo.gif' saved [840/840] This URL always works from both internal and firewall: https://encrypted.google.com/images/logos/ssl_logo_lg.gif Any troubleshooting tips would be greatly appreciated!

Read the article
What ports do I need open for IMAP connections

- by iamjonesy

I'm developing a web application that connects to an IMAP mailbox and fetches emails as part of it's functionality. The application is PHP and I'm connecting like this: public function connect() { /* connect to gmail */ $hostname = '{imap.gmail.com:993/imap/ssl}INBOX'; $username = $this->username; $password = $this->password; /* try to connect */ $this->inbox = imap_open($hostname,$username,$password) or die('Cannot connect to Gmail: ' . imap_last_error()); } Developing locally on my mac this was fine, I was able to connect and get emails. However now that I've put the app on my web hosts server I'm getting the following error: Cannot connect to Gmail: Can't connect to gmail-imap.l.google.com,993: Connection timed out After checking with my hosting provider they told me outgoing connections on port 993 are blocked. Is there anyway around this? Otherwise I need to upgrade to a dedicated server :S

Read the article
How do I block IP addresses in SuSEFirewall?

- by Evgeny

Does SuSEfirewall in OpenSuSE 11 provide an easy way to block all traffic from a list of IP addresses? Ideally just a textfile into which I can put all IP addresses I want blocked, otherwise some configuration option. I've looked through /etc/sysconfig/SuSEfirewall2, but haven't been able to find anything like that.

Read the article
How can I have APF block script kiddies that mod_security detects?

- by Gaia

In one of the vhosts' error_log I found thousands of lines like these, all from the same IP: [Mon Apr 19 08:15:59 2010] [error] [client 61.147.67.206] mod_security: Access denied with code 403. Pattern match "(chr|fwrite|fopen|system|e?chr|passthru|popen|proc_open|shell_exec|exec|proc_nice|proc_terminate|proc_get_status|proc_close|pfsockopen|leak|apache_child_terminate|posix_kill|posix_mkfifo|posix_setpgid|posix_setsid|posix_setuid|phpinfo)\\\\(.*\\\\)\\\\;" at THE_REQUEST [id "330001"] [rev "1"] [msg "Generic PHP exploit pattern denied"] [severity "CRITICAL"] [hostname "x.x.x.x"] [uri "//webmail/config.inc.php?p=phpinfo();"] Given how obvious the situation is, how come mod_security isnt automatically adding at least that IP to deny rules? There is no way someone hasnt thought of this before...

Read the article
How can I debug a port/connectivity issue?

- by rfw21

I am running a simple WebSocket server on Amazon EC2 (Fedora Core). I've opened the relevant port using ec2-authorize, and checked that it's opened. Iptables is definitely not running. However I can't connect to the port from outside EC2. I've tried the following (my server is running on port 7000): telnet ec2-public-dns.xx.xx.xx.amazon.com 7000 (from within EC2: connects fine) nmap localhost (output includes line: 7000/tcp open afs3-fileserver) telnet ec2-public-dns.xx.xx.xx.amazon.com 7000 (this time from my local machine: I get "connection refused: Unable to connect to remote host") The strange thing is this: if I start Nginx on port 7000 then it works and I can connect from outside EC2! And the WebSocket server fails on port 80, where Nginx works fine. To me this suggests a problem with the WebSocket server, BUT I can connect to it successfully from within EC2. (And it works fine on a different VPS account). How can I debug this further? If anybody can stop me tearing my hair out, I'd be very grateful indeed :)

Read the article
Blocking ports on the public IP assigned to lo interface in GNU/Linux

- by nixnotwin

I have setup my Ubuntu server as a router and webserver by following the answer given here. My ISP facing interface eth0 has a private 172.16.x.x/30 ip and my lo interface has a public IP as mentioned in the answer to the question linked above. The setup is working well. The only snag I have experienced is that I could not find a way to block the ports exposed by the public IP on the lo interface. I tried doing iptables -A INPUT -i eth0 -j DROP, and my server lost connectivity to the public network (internet). I could not ping any public ips. What I want is a way to block ports that are exposed by the public ip on the lo interface. And also I require iptables rules that can expose ports like 80 or openvpn port to the public network.

Read the article
How long does a blocked connection from Iptables last? Is there a way to set the timeout?

- by Josh

iptables -A INPUT -m state --state NEW -m recent --set # If we receive more than 10 connections in 10 seconds block our friend. iptables -A INPUT -m state --state NEW -m recent --update --seconds 5 --hitcount 15 -j Log-N-Drop I have these two relevant rules from iptables. if more than 15 connections are made in 5 seconds it logs the attempt and blocks it. How long does iptables maintain the counter? Does it refresh if connections are attempted again?

Read the article
SQL Server 7 Transaction Logs Issues

- by nate

Over the week my database server transaction log was full. With our app people could select from the database but could not update or insert into the database. In the past we have just truncated the transaction logs. After that, everything was back to normal. This week I truncated the transaction logs, and shrink that database. Now we can select, update, and insert into the database. The only issue is when we do a big job, and to a lot on inserting or updating, we get the following error: Database error: S1008:[Microsft][ODBC]Operation canceled We never had this issue before, I am assuming the that is the same as a timeout error. Has anyone else had this issue before, or know how I resolve this?

Read the article
What port does OpenLink ODBC Driver use?

- by user36737

I use Avaya Reporting Services and OpenLink ODBC Drivers for db connection. I know that it uses port 5000 for handshaking but after that I believe it uses an random port for communication. I want to deploy my application and it will communicate with the client's system in their datacenter. They are asking what ports should they open on their firewalls. I can't obviously give them a range above 50,000 that I know OpenLink ODBC Drivers use. Can someone tell me what port should I tell my client to open?

Read the article
Nginx Forward SSL for single site

- by Will.brown

I have a nginx server setup and it works fine for http however i would like to bypass the proxy for https connection. I want it so that when someone goes to my ip https:// ip1 (Nginx server) it bypasses ngix and forwards all traffic to https:// ip2(webserver) i do not need ngix to do this for any ssl website just one particular website. SO Client to https:// ip1 to https:/ /ip2 to https:// ip1 to client pc I just want the nginx to not intercept the connection and forward it on and on return forward the connection to client Im guessing i do this by nat mascarade buy not exactly sure how to do it and if i will need to tell nginx to ignore ssl aswell can someone help me please this has gone me stuck

Read the article
Does Postgres database support differential backups

- by Krishna Kumar

Does Postgres database support differential backups

Read the article
SBSMonitoring.mdf reached limit

- by Bastien974

I have SBS 08 Standart. I have some Error in my Event Viewer with MSSQL$SBSMONITORING Event id 1105, 1827: Could not allocate space for object 'dbo.EventLog'.'PK_EventLog' in database 'SBSMonitoring' because the 'PRIMARY' filegroup is full. Create disk space by deleting unneeded files, dropping objects in the filegroup, adding additional files to the filegroup, or setting autogrowth on for existing files in the filegroup. CREATE DATABASE or ALTER DATABASE failed because the resulting cumulative database size would exceed your licensed limit of 4096 MB per database. I tried to schrink the database, worked for SBSMonitoring_log.LDF but nothing for the SBSMonitoring.mdf, still 4096MB. I don't know how to reinstall the monitoring. Thanks for your help.

Read the article
Slow Query log for just one database

- by Jason

can I enable the slow query log specifically for just one database? What I've done currently is to take the entire log into excel and then run a pivot report to work out which database is the slowest. So i've gone and done some changes to that application in the hope of reducing the slow query occurence. rather than running my pivot report again which took a bit of time to cleanse the data i'd rather just output slow queries from the one database possible?

Read the article
Force failover a Cisco ASA

- by user974896

I have two ASA in a lan state primary\secondary configuration. None of them have "failover active" or "no failover active" in their configuration. Would it be proper to failover in a manner such as: Log into console of primary unit and issue "failover lan state secondary", log into the console of the original secondary unit and issue "failover lan state primary". To fail back simply reverse the process or Log into the console of the primary unit and issue "no failover active", log into the console of the original secondary unit and issue "failover active". To fail back issue "failover active" on the original primary (now secondary) unit, and "no failover active" on the now primary unit. I do not like the second method because it adds configuration directives that were not in place before. Will the first method work?

Read the article
Amazon AWS VPN how to open a port?

- by Victor Piousbox

I have a VPN with public and private subnets; I am considering only public subnet for now. The node 10.0.0.23, I can ssh into it. Let's say I want to connect to MySQL on the node using its private address: ubuntu@ip-10-0-0-23:/$ mysql -u root -h 10.0.0.23 ERROR 2003 (HY000): Can't connect to MySQL server on '10.0.0.23' (111) ubuntu@ip-10-0-0-23:/$ mysql -u root -h localhost Welcome to the MySQL monitor. Commands end with ; or \g. --- 8< --- snip --- 8< --- mysql> The port 3306 is not reachable if I use the private IP? My security group allows port 3306 inbound from 0.0.0.0/0 AND from 10.0.0.0/24. Outbound, allowed all. The generic setup done by Amazon through their wizard does not work... I add ACL that allows everything for everybody, still does not work. What am I missing?

Read the article

< Previous Page | 141 142 143 144 145 146 147 148 149 150 151 152 | Next Page >