Search Results

Search found 33223 results on 1329 pages for 'database firewall'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 146/1329 | < Previous Page | 142 143 144 145 146 147 148 149 150 151 152 153  | Next Page >

  • Any tool to check which ports/protocols firewalls prevent?

    - by Jus12
    Suppose I have a setup as: host_1 --- Firewall_1 --- Internet --- Firewall_2 --- host_2 I need to check which ports are open on host_2 from host_1 (which may be blocked by either firewalls) If there a tool that comes in two parts (one running on host_1 and other on host_2) that does this for me? It should be something like: 1 Listen to all ports on host_2 2 Try to connect to every port on host_2 from host_1 3 Give a report what ports are allowed.

    Read the article

  • IPtables: DNAT not working

    - by GetFree
    In a CentOS server I have, I want to forward port 8080 to a third-party webserver. So I added this rule: iptables -t nat -A PREROUTING -p tcp --dport 8080 -j DNAT --to-destination thirdparty_server_ip:80 But it doesn't seem to work. In an effort to debug the process, I added these two LOG rules: iptables -t mangle -A PREROUTING -p tcp --src my_laptop_ip --dport ! 22 -j LOG --log-level warning --log-prefix "[_REQUEST_COMING_FROM_CLIENT_] " iptables -t nat -A POSTROUTING -p tcp --dst thirdparty_server_ip -j LOG --log-level warning --log-prefix "[_REQUEST_BEING_FORWARDED_] " (the --dport ! 22 part is there just to filter out the SSH traffic so that my log file doesn't get flooded) According to this page the mangle/PREROUTING chain is the first one to process incomming packets and the nat/POSTROUTING chain is the last one to process outgoing packets. And since the nat/PREROUTING chain comes in the middle of the other two, the three rules should do this: the rule in mangle/PREROUTING logs the incomming packets the rule in nat/PREROUTING modifies the packets (it changes the dest IP and port) the rule in nat/POSTROUTING logs the modified packets about to be forwarded Although the first rule does log incomming packets comming from my laptop, the third rule doesn't log the packets which are supposed to be modified by the second rule. It does log, however, packets that are produced in the server, hence I know the two LOG rules are working properly. Why are the packets not being forwarded, or at least why are they not being logged by the third rule? PS: there are no more rules than those three. All other chains in all tables are empty and with policy ACCEPT.

    Read the article

  • Blocking a country (mass iP Ranges), best practice for the actual block

    - by kwiksand
    Hi all, This question has obviously been asked many times in many different forms, but I can't find an actual answer to the specific plan I've got. We run a popular European Commercial deals site, and are getting a large amount of incoming registrations/traffic from countries who cannot even take part in the deals we offer (and many of the retailers aren't even known outside Western Europe). I've identified the problem area to block a lot of this traffic, but (as expected) there are thousands of ip ranges required. My question now (finally!). On a test server, I created a script to block each range within iptables, but the amount of time it took to add the rules was large, and then iptables was unresponsive after this (especially when attempting a iptables -L). What is the most efficient way of blocking large numbers of ip ranges: iptables? Or a plugin where I can preload them efficiantly? hosts.deny? .htaccess (nasty as I'd be running it in apache on every load balanced web server)? Cheers

    Read the article

  • Force failover a Cisco ASA

    - by user974896
    I have two ASA in a lan state primary\secondary configuration. None of them have "failover active" or "no failover active" in their configuration. Would it be proper to failover in a manner such as: Log into console of primary unit and issue "failover lan state secondary", log into the console of the original secondary unit and issue "failover lan state primary". To fail back simply reverse the process or Log into the console of the primary unit and issue "no failover active", log into the console of the original secondary unit and issue "failover active". To fail back issue "failover active" on the original primary (now secondary) unit, and "no failover active" on the now primary unit. I do not like the second method because it adds configuration directives that were not in place before. Will the first method work?

    Read the article

  • methods for preventing large scale data scraping from REST api

    - by Simon Kenyon Shepard
    I know the immediate answer to this is going to be there is no 100% reliable method of doing this. But I'd like to create a question that details the different possibilities, the difficulty of implementing them and success rates. I would like to go from simple software ip/request speed analysis to high end sophisticated soft/hardware tools, e.g. neural networks. With a goal of predicting and preventing bogus requests and attempts to scrape the service. Many Thanks.

    Read the article

  • How can I find out if a port is opened or not?

    - by Roman
    I have installed Apache server on my Windows 7 computer. I was able to display the default index.php by typing http://localhost/ in the address line of my browser. However, I am still unable to see this page by typing IP address of my computer (neither locally (from the same computer) no globally (from another computer connected to the Internet)). I was told that I need to open port 80. I did it (in a way described here) but it did not solve the problem. First of all I would like to check which ports are opened and which are not. For example I am not sure that my port 80 was closed before I tried to open. I am also not sure that it is opened after I tried to open it. I tried to run a very simple web server written in Python. For that I used port 81 and it worked! And I did not try to open the port 81. So, it was opened by default. So, if 81 is opened by default, why 80 is not? Or it is? ADDITIONAL INFORMATION: 1. In my httpd.conf file I have "Listen 80". 2. This site tells me that port 80 on my computer is opened. 3. I get different responses if I try http://myip:80 and http://myip:81. In the last case browser (Chrome) writes me that link is broken. In the first case I get: Forbidden You don't have permission to access / on this server. 4. IE writes that "The website declined to show this webpage".

    Read the article

  • How to configure Amazon Security Groups to achieve multi-tier architecture?

    - by ks78
    What is the preferred way to configure Amazon Security Groups to achieve a multi-tier architecture? Each of my instances has its own Security Group, which I only want to use for rules specific to an instance. I'd like to keep any rules which apply to multiple instances in a separate Security Group, which can then be assigned to instance Security Groups as necessary. As an example, I've setup a group called "admin", which allows administrative access from my IP. I added the "admin" group as the source to each of my instance security groups. However, I still can't access the instances from my IP without adding the rules directly to the instance's group. Am I missing something? Although it seems a multi-tier security architecture should be possible, it doesn't seem to be working.

    Read the article

  • Amazon AWS VPN how to open a port?

    - by Victor Piousbox
    I have a VPN with public and private subnets; I am considering only public subnet for now. The node 10.0.0.23, I can ssh into it. Let's say I want to connect to MySQL on the node using its private address: ubuntu@ip-10-0-0-23:/$ mysql -u root -h 10.0.0.23 ERROR 2003 (HY000): Can't connect to MySQL server on '10.0.0.23' (111) ubuntu@ip-10-0-0-23:/$ mysql -u root -h localhost Welcome to the MySQL monitor. Commands end with ; or \g. --- 8< --- snip --- 8< --- mysql> The port 3306 is not reachable if I use the private IP? My security group allows port 3306 inbound from 0.0.0.0/0 AND from 10.0.0.0/24. Outbound, allowed all. The generic setup done by Amazon through their wizard does not work... I add ACL that allows everything for everybody, still does not work. What am I missing?

    Read the article

  • Vyatta internet connection + hosted site on same IP

    - by boburob
    Having a small issue setting up a vyatta. The company internet and two different websites are both on the same IP. Server 1 - Has websites hosted on ports 1000 and 3000 and also has a proxy server installed to provide internet connection to the domain Server 2 - Has a website hosted on ports 80 and 433 The vyatta is correctly natting the appropriate traffic to each server, and allowing the proxy to get internet traffic, however I have a problem getting to the websites hosted on these two servers inside the domain. I believe the problem is that the HTTP request is being sent with an IP, eg: 12.34.56.78. The request will reach the website and the server will attempt to send the request back to the IP, however this is the IP of the Vyatta, so it has nowhere else to go. I thought the solution would be something like this: rule 50 { destination { address 12.34.56.78 port 1000 } inbound-interface eth1 inside-address { address 10.19.2.3 } protocol tcp type destination } But this doesnt seem to do it! UPDATE I changed the rules to the following: rule 50 { destination { address 12.34.56.78 port 443 } outbound-interface eth1 protocol tcp source { address 10.19.2.3 } type masquerade } rule 51 { destination { address 12.34.56.78 port 443 } inbound-interface eth1 inside-address { address 10.19.2.2 } protocol tcp type destination } I am now seeing traffic going between the two with Wireshark, but the website will still fail to load.

    Read the article

  • What settings need to be changed to allow EC2 instances to use Amazon's Route 53 for DNS?

    - by ks78
    I have a number of Amazon EC2 instances, all running Ubuntu, which I'd like to configure to use Amazon's Route 53. I setup a script, following Shlomo Swidler's article, but ran into script-related issues, which were answered here. Now, I have the script working, but my instances are still not able to access Route 53's DNS. By this I mean, they are not able to resolve hostnames to IP addresses. My instances are currently configured with the DNS server IP address Amazon pushes out to them by default, does that need to be changed when using Route 53? I'm also IP-restricting my instances using the Security Groups. Could that be the problem? Is there a certain IP address or port I should open to allow communication with Route 53? It seems that DNS requests should be originating from my instances so the Security Groups shouldn't be an issue, but I've been wrong before. If anyone has any ideas, I'd really appreciate it.

    Read the article

  • Tunneling HTTP traffic from a particular host/port

    - by knoopx
    Hello, I'm trying to figure out how to access from my development machine (Devel) to a third party web service (www.domain.com) which I am not allowed to directly contact using my office IP address. Here's a basic diagram (i'm not allowed to post images...): http://yuml.me/diagram/scruffy/class/%5BDevel%5D-%5BA%5D,%20%5BA%5D-%5BB%5D,%20%5BB%5D-%5Bwww.domain.com%5D The only machine allowed to access that service is B (production server) but I do neither can directly access it from my development machine (Devel). So in order to access the web service I have to ssh into A, and then from A to B to access www.domain.com Is there any way of tunneling traffic from B to A and then back to my development machine so I can directly access www.domain.com without having to ssh into every box? Devel: My development machine. A, B: Linux servers. I own root access on both. B: Production server www.domain.com: Third party HTTP API production server uses.

    Read the article

  • Web service not accessible from behind corporates firewalls - how come?

    - by Niro
    We run a Saas serving a widget which is embedded in customer websites. The service include static javascript code hosted on amazon S3 and dynamic part hosted on EC2 with Scalr (using scalr name servers). We received some feedback from users behind corporate firewalls that they cant access our service (while they can access the sites including the widget). This does not make sense to me since the service is using normal http calls on port 80 and our URL is quite new without any reason to be banned by firewalls. My questions are: 1. Why is the service is not accessible and what can I do about it? 2. Is it possible that one of the following is blocked by corporate firewalls: Amazon s3, the dynamic IP address provided by amazon, Scalr name servers. Any other possible reasons, way to check them and remedies for this? Thanks!

    Read the article

  • Blocking an IP from connecting

    - by Sam W.
    I have a problem with my Apache webserver where there's and IP than connecting to my server, using alot of connection and wont die which eventually making my webserver timeout. The connection will stay as SYN_SENT state if I check using netstat -netapu I even flush my iptables and use the basic rules and it still doesn't work. The IP will get connected when I start my Apache Basic rules that I use: iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT iptables -A INPUT -s 89.149.244.117 -j REJECT iptables -A OUTPUT -s 89.149.244.117 -j REJECT iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A OUTPUT -j ACCEPT iptables -A INPUT -p tcp --dport 80 -j ACCEPT iptables -A INPUT -p tcp --dport 443 -j ACCEPT iptables -A INPUT -p tcp --dport 21 -j ACCEPT iptables -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT iptables -A INPUT -j REJECT iptables -A FORWARD -j REJECT The bold part is rule in question. Not sure this is related but tcp_syncookies value is 1. Can someone point out my mistake? Is there a way to block it for good. Thank you

    Read the article

  • Exclude minify from CSF/LFD

    - by Patrick Lanfranco
    I have currently installed minify on on of my websites however I am currently getting hammered with email from CSF/LFD. Example: Time: Fri Aug 10 13:10:03 2012 +0700 File: /tmp/minify_builder,index.php_f516d1c7cae9c3881406fd9a0ce69c38 Reason: Script, file extension Owner: -:- (504:501) Action: No action taken What is the best way to have these ignored inside CSF? Some advice would be highyl appreciated. Thank you very much.

    Read the article

  • Persistent TCP connection in DMZ

    - by G33kKahuna
    A vendor is requesting to allow persistent tcp (not port 80) connection between a server in the DMZ and the internal network. I don't have much experience with this setting. Can anyone shed some light on disadvantages of allowing persistent connection? Guidance is much apprciated.

    Read the article

  • Windows Server 2008: Limit UDP/TCP packets per IP or ban

    - by WBAR
    How I can limit UDP/TCP packets per IP send to my host (or better PORT) per second or minute ? Would be nice to ban that IP for 12/24 hours or even for ever. I got Windows Server 2008 and I'm very poor in Windows administration but quite good in Linux. EDIT: By basic problem is that They sending a lot of rubbish UPD and TCP packets.. TCP packets without SYNCH, fragmented UDP packets so my servers stop responding.. So I need to cut off users (IPs) sending more than X packets per second. I need solution witch provides me, somehow, configurable: X packets of certain type (UDP, TCP or both - lets say parameter named Z ) are allowed to be received by IP on Y port, otherwise this packet should be DROPPED. My virtual hosts are hosted by VirtualBox and I'm able to forward all incoming packets certain type and certain port to the specific Virtual Host, but I need to DROP them before my VirtualBox receive them.

    Read the article

  • How to configure an isa server to allow a OPENvpn client to connect to an outside server?

    - by rmarimon
    I'm trying to configure an ISA server (not really my area of expertise) to allow an openvpn client (in the lan) access to an outside openvpn server (in the wan). The openvpn configuration I'm using has worked everywhere. In fact if I take the client outside the lan where the isa server is located, it works perfectly. Inside the isa server lan nothing. The question is what configuration do I need to put on the isa server to allow openvpn traffic to go through?

    Read the article

  • Web service not accessible from behind corporates firewalls - how come?

    - by Niro
    We run a Saas serving a widget which is embedded in customer websites. The service include static javascript code hosted on amazon S3 and dynamic part hosted on EC2 with Scalr (using scalr name servers). We received some feedback from users behind corporate firewalls that they cant access our service (while they can access the sites including the widget). This does not make sense to me since the service is using normal http calls on port 80 and our URL is quite new without any reason to be banned by firewalls. My questions are: 1. Why is the service is not accessible and what can I do about it? 2. Is it possible that one of the following is blocked by corporate firewalls: Amazon s3, the dynamic IP address provided by amazon, Scalr name servers. Any other possible reasons, way to check them and remedies for this? Thanks!

    Read the article

  • Ubuntu 12.04 open port 80 inside WLAN

    - by Eduard
    I have an nginx server running on ubuntu 12.04 that serves http through port 80 and https through port 443. Everything works fine if I access it from the same computer via localhost, 127.0.0.1 or the local IP 192.168.0.11. If I try to access the server from another computer in the same VLAN it does not work for http; it works for https. I have changed my nginx configuration to also listen to port 8000 for http; I can then access http from the other computer in the same VLAN via "http://192.168.0.11:8000". I also have a web server running on port 80 on a windows machine and can access it from another device in the same VLAN, therefore the router is not blocking incoming http traffic. The nginx process is run by root. I have used tcpdump and I see that packets are arriving to Ubuntu: 192.168.0.16.49735 192.168.0.11.80 and that some response is being given 192.168.0.11.80 192.168.0.16.49735 (I do not know what the response is though). There is no request arriving at the nginx web server (I have checked the access log). I have iptables empty. I have unsuccessfully tried to find a solution for a long time to this, it has now become a matter of happiness or bitterness :).

    Read the article

  • VLAN ACLs and when to go Layer 3

    - by wuckachucka
    I want to: a) segment several departments into VLANs with the hopes of restricting access between them completely (Sales never needs to talk to Support's workstations or printers and vice-versa) or b) certain IP addresses and TCP/UDP ports across VLANS -- i.e. permitting the Sales VLAN to access the CRM Web Server in the Server VLAN on port 443 only. Port-wise, I'll need a 48-port switch and another 24-port switch to go with the two existing 24-port Layer 2 switches (Linksys); I'm looking at going with D-Links or HP Procurves as Cisco is out of our price range. Question #1: From what I understand (and please correct me if I'm wrong), if the Servers (VLAN10) and Sales (VLAN20) are all on the same 48-port switch (or two stacked 24-port switches), afaik, the switch "knows" what VLANs and ports each device belongs to and will switch packets between them; I can also apply ACLs to restrict access between VLANs at this point. Is this correct? Question #2: Now lets say that Support (VLAN30) is on a different switch (one of the Linksys) switches. I'm assuming I'll need to trunk (tag) switch #2's VLANs across to switch #1, so switch #1 sees switch #2's VLAN30 (and vice-versa). Once Switch #1 can "see" VLAN30, I'm assuming I can then apply ACLs as stated in Question #1. Is this correct? Question #3: Once Switch #1 can see all the VLANs, can I achieve the seemingly "Layer 3" ACL filtering of restricting access to Server VLAN on only certain TCP/UDP ports and IP addresses (say, only permitting 3389 to the Terminal Server, 192.168.10.4/32). I say "seemingly" because some of the Layer 2 switches mention the ability to restrict ports and IP addresses through the ACLs; I (perhaps mistakenly) thought that in order to have Layer 3 ACLs (packet filtering), I'd need to have at least one Layer 3 switch acting as a core router. If my assumptions are incorrect, at which point do you need a Layer 3 switch for inter-VLAN routing vs. inter-VLAN switching? Is it generally only when you need that higher-level packet filtering ability between your departments?

    Read the article

  • Which is prefered internet security + Antivirus solution for Windows, with good detection rate? [clo

    - by metal gear solid
    Possible Duplicate: Free antivirus solutions for Windows Which is the best internet security + Antivirus solution for Windows? free/opensource or commercial it doesn't matter I need best solution. Is Kaspersky best ? or any other? http://www.kaspersky.com/kaspersky_internet_security Award-winning technologies in Kaspersky Internet Security 2010 protect you from cybercrime and a wide range of IT threats: * Viruses, Trojans, worms and other malware, spyware and adware * Rootkits, bootkits and other complex threats * Identity theft by keyloggers, screen capture malware or phishing scams * Botnets and various illegal methods of taking control of your PC or Netbook * Zero-day attacks, new fast emerging and unknown threats * Drive-by download infections, network attacks and intrusions * Unwanted, offensive web content and spam

    Read the article

  • Snort [PFSense] is configured but not blocking or generating alerts!

    - by Chase Florell
    I've got PFSense V 2.0-RC1 (i386) and I've got the latest version of Snort installed I've loaded up a bunch of rules from Oinkmaster, I've enabled all of the preprocessors, and I've ensured the service is started. When I let it sit for a while and then check my Alerts and Block list, there are no entries. Even when I test it by logging into Skype (skype is listed as a Rule from P2P), I don't get any entries in the logs. If you need any further information, please let me know... I simply can't figure this one out.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 142 143 144 145 146 147 148 149 150 151 152 153  | Next Page >