Search Results

Search found 861 results on 35 pages for 'ipv4'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 16/35 | < Previous Page | 12 13 14 15 16 17 18 19 20 21 22 23  | Next Page >

  • Can't create VM with virt-install on Debian wheezy

    - by chrismacp
    Cant find any answers anywhere so here goes. I am trying to CREATE a new virtual machine using the virt-install command from a console on a Debian wheezy install. I keep getting the following output: Starting install... ERROR internal error process exited while connecting to monitor: char device redirected to /dev/pts/1 inet_listen_opts: bind(ipv4,127.0.0.1,5951): Cannot assign requested address inet_listen_opts: FAILED I assumed that the port (5951 in this case) was being used judging by the error message and other sites I visited for an answer, but the same error occurs whatever number I use for the port. I cant see that port being listened upon in netstat either. Anyone have any ideas what may be wrong?

    Read the article

  • Unidentified Connection in Compaq CQ61Windows7 OS on DSL cable network connection

    - by Mohammed Thouseef
    I have Dell studio with shared DSL internet connection my router is "NETGEAR DG834" & Network connection discription is "Broadcom netlink tm gigabit ethernet" this connection is working fine with dell laptop with Vista homepremium OS. My Question is? If i connect HPcompaq presario CQ61 in this connection it will automatically select Public network and display unidentified connection i tried several times but not suceeded its OS is Win7 home premium. but wireless networking is working fine only this problem is faceing with DSL cable connection when i diagnos the connection an error will generate "Local Area Connection does not have a valid IP configuration" in LAN Connection status window i noticed IPV4 & IPV6 Connectivity is showing "No Network Access" please can you clarify whats the problem.

    Read the article

  • Time Machine + Ubee Router?

    - by Charlie
    I can't for the life of me figure this out. I recently had TWC installed in my house, and wanted to disable the NAT and router functions of it. I have a Time Machine hooked up to it from LAN1 (on the Ubee) to the WAN port on the TM. The problems started occurring here. I figured the settings would be these: Ubee Configuration mode: Bridge DHCP: Off TM IPv4: 192.168.100.2 Subnet Mask: 255.255.255.0 Router Address: 192.168.100.1 DNS Servers: 8.8.8.8, 8.8.4.4 Router Mode: DHCP and NAT But using those settings, my TM says "Double NAT", so I have to change it all around to the default settings of the Ubee using NAT. This leads me to believe bridge mode doesn't actually turn off NAT...

    Read the article

  • Linux IPTables / routing issue

    - by Jon
    Hi all, EDIT 1/3/10 22:00 GMT - rewrote some of it after further investigation It has been a while since I looked at IPtables and I seem to be worse than before as I can not seem to get my webserver online. Below is my firewall rules on the gateway server that is running the dhcp server accessing the net. The webserver is inside my network on a static IP (192.168.0.98, default port). When I use Nmap or GRC.com I see that port 80 is open on the gateway server but when I browse to it, (via public URL. http://www.houseofhawkins.com) it always fails with a connection error, (nmap cannot connect and figure out what the web server is either). I can nmap the webserver and browse to it just fine via same IP inside my network. I believe it is my IPTable rules that are not letting it through. Internally I can route all my requests. Each machine can browse to the website and traffic works just fine. I can MSTSC / ssh to all the webservers internally and they inturn can connect to the web. IPTABLE: *EDIT - Added new firewall rules 2/3/10 * #!/bin/sh iptables="/sbin/iptables" modprobe="/sbin/modprobe" depmod="/sbin/depmod" EXTIF="eth2" INTIF="eth1" load () { $depmod -a $modprobe ip_tables $modprobe ip_conntrack $modprobe ip_conntrack_ftp $modprobe ip_conntrack_irc $modprobe iptable_nat $modprobe ip_nat_ftp echo "enable forwarding.." echo "1" > /proc/sys/net/ipv4/ip_forward echo "enable dynamic addr" echo "1" > /proc/sys/net/ipv4/ip_dynaddr # start firewall # default policies $iptables -P INPUT DROP $iptables -F INPUT $iptables -P OUTPUT DROP $iptables -F OUTPUT $iptables -P FORWARD DROP $iptables -F FORWARD $iptables -t nat -F #echo " Opening loopback interface for socket based services." $iptables -A INPUT -i lo -j ACCEPT $iptables -A OUTPUT -o lo -j ACCEPT #echo " Allow all connections OUT and only existing and related ones IN" $iptables -A INPUT -i $INTIF -j ACCEPT $iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT $iptables -A OUTPUT -o $EXTIF -j ACCEPT $iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT $iptables -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT $iptables -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT $iptables -A FORWARD -j LOG --log-level 7 --log-prefix "Dropped by firewall: " $iptables -A INPUT -j LOG --log-level 7 --log-prefix "Dropped by firewall: " $iptables -A OUTPUT -j LOG --log-level 7 --log-prefix "Dropped by firewall: " #echo " Enabling SNAT (MASQUERADE) functionality on $EXTIF" $iptables -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE $iptables -A INPUT -i $INTIF -j ACCEPT $iptables -A OUTPUT -o $INTIF -j ACCEPT #echo " Allowing packets with ICMP data (i.e. ping)." $iptables -A INPUT -p icmp -j ACCEPT $iptables -A OUTPUT -p icmp -j ACCEPT $iptables -A INPUT -p udp -i $INTIF --dport 67 -m state --state NEW -j ACCEPT #echo " Port 137 is for NetBIOS." $iptables -A INPUT -i $INTIF -p udp --dport 137 -j ACCEPT $iptables -A OUTPUT -o $INTIF -p udp --dport 137 -j ACCEPT #echo " Opening port 53 for DNS queries." $iptables -A INPUT -p udp -i $EXTIF --sport 53 -j ACCEPT #echo " opening Apache webserver" $iptables -A PREROUTING -t nat -i $EXTIF -p tcp --dport 80 -j DNAT --to 192.168.0.96:80 $iptables -A FORWARD -p tcp -m state --state NEW -d 192.168.0.96 --dport 80 -j ACCEPT } flush () { echo "flushing rules..." $iptables -P FORWARD ACCEPT $iptables -F INPUT $iptables -P INPUT ACCEPT echo "rules flushed" } case "$1" in start|restart) flush load ;; stop) flush ;; *) echo "usage: start|stop|restart." ;; esac exit 0 route info: Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 5e0412a6.bb.sky * 255.255.255.255 UH 0 0 0 eth2 192.168.0.0 * 255.255.255.0 U 0 0 0 eth1 default 5e0412a6.bb.sky 0.0.0.0 UG 100 0 0 eth2 ifconfig: eth1 Link encap:Ethernet HWaddr 00:22:b0:cf:4a:1c inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: fe80::222:b0ff:fecf:4a1c/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:79023 errors:0 dropped:0 overruns:0 frame:0 TX packets:57786 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:11580918 (11.5 MB) TX bytes:22872030 (22.8 MB) Interrupt:17 Base address:0x2b00 eth2 Link encap:Ethernet HWaddr 00:0c:f1:7c:45:5b inet addr:94.4.18.166 Bcast:94.4.18.166 Mask:255.255.255.255 inet6 addr: fe80::20c:f1ff:fe7c:455b/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:57038 errors:0 dropped:0 overruns:0 frame:0 TX packets:34532 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:21631721 (21.6 MB) TX bytes:7685444 (7.6 MB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:16 errors:0 dropped:0 overruns:0 frame:0 TX packets:16 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:1517 (1.5 KB) TX bytes:1517 (1.5 KB) EDIT OK so as requested I will try and expand on my infrastructure: I previously had it setup with a Sky broadband modem router that did the DHCP and I used its web interface to port forward the web across to the web server. The network looked something like this: I have now replaced the sky modem with a dlink modem which gives the IP to the gateway server that now does the DHCP. It looks like: The internet connection is a standard broadband connection with a dynamic IP, (use zoneedit.com to keep it updated). I have tried it on each of the webservers(one Ubuntu Apache server and one WS2008 IIS7). I think there must also be an issue with my IPTable rules as it can route to my win7 box which has the default IIS7 page and that would not display when I forwarded all port 80 to it. I would be really grateful for any and all help with this. Thanks Jon

    Read the article

  • Adding Facebook IPv6 to Centos, getting CurlException 7

    - by Nick
    I'm correctly get following error. After searching about this issue, correct me if i'm wrong, I believe that adding/configuring IPv6 should solve the problem. PHP Fatal error: Uncaught CurlException: 7: Failed to connect to 2a03:2880:10:8f02:face:b00c:0:26: Network is unreachable\n thrown in /var/www/vhosts/facedex.net/httpdocs/fb/apps/seemyfuture/src/base_facebook.php on line 886 The problem is I dont know the right way to add it. There seems to have may methods. http://tldp.org/HOWTO/Linux+IPv6-HOWTO/x1035.html#AEN1044 http://unix.stackexchange.com/questions/34093/static-ipv4-ipv6-configuration-on-centos-6-2 My netstat show this. Shell doesnt recogize -rn6 though.It shows invalid option -- 6 netstat -rn Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 27.254.38.128 0.0.0.0 255.255.255.128 U 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0 0.0.0.0 27.254.38.254 0.0.0.0 UG 0 0 0 eth0 FYI: I'm using Centos 5.7. Thank you a lot in advance.

    Read the article

  • network is not available even when cisco vpn client is connected. wrong route?

    - by javapowered
    I'm using Vodafone 3G modem. I've disabled other network devices in the system (ethernet, wifi, wimax) turned off firewall and antivirus. cisco vpn client connects successfully but I still can not access computer 192.168.147.120 (as well as any other computer from network). Any suggestions are welcome as I don't know what to do. ipconfig /all and route print commands (translated to english): Microsoft Windows [Version 6.1.7601] (C) Microsoft Corporation (Microsoft Corp.), 2009. All rights reserved. C: \ Users \ Oleg> ipconfig / all IP Configuration for Windows The name of the computer. . . . . . . . . : OlegPC The primary DNS-suffix. . . . . . : Node Type. . . . . . . . . . . . . : Hybrid IP-routing is enabled. . . . : No WINS-proxy enabled. . . . . . . : No Ethernet adapter Local Area Connection 4: DNS-suffix for this connection. . . . . : Description. . . . . . . . . . . . . : Cisco Systems VPN Adapter Physical Address. . . . . . . . . 00-05-9A-3C-78-00 DHCP is enabled. . . . . . . . . . . : No Autoconfiguration Enabled. . . . . . : Yes Local IPv6-address channel. . . : Fe80:: c073: 41b2: 852f: eb87% 26 (Preferred) IPv4-address. . . . . . . . . . . . : 10.53.127.204 (Preferred) The subnet mask. . . . . . . . . . : 255.0.0.0 Default Gateway. . . . . . . . . : IAID DHCPv6. . . . . . . . . . . : 536872346 DUID the client DHCPv6. . . . . . . 00-01-00-01-14-6F-4C-8D-60-EB-69-85-10-2D DNS-servers. . . . . . . . . . . : Fec0: 0:0: ffff:: 1% 1 fec0: 0:0: ffff:: 2% 1 fec0: 0:0: ffff:: 3% 1 NetBios over TCP / IP. . . . . . . . : Disabled Adapter mobile broadband connection through a broadband adapter mobile communications: DNS-suffix for this connection. . . . . : Description. . . . . . . . . . . . . : Vodafone Mobile Broadband Network Adapter (Huawei) Physical Address. . . . . . . . . 58-2C-80-13-92-63 DHCP is enabled. . . . . . . . . . . : No Autoconfiguration Enabled. . . . . . : Yes IPv4-address. . . . . . . . . . . . : 10.229.227.77 (Preferred) The subnet mask. . . . . . . . . . : 255.255.255.252 Default Gateway. . . . . . . . . : 10.229.227.78 DNS-servers. . . . . . . . . . . : 163.121.128.134 212.103.160.18 NetBios over TCP / IP. . . . . . . . : Disabled Tunnel adapter isatap. {737FF02E-D473-4F91-840E-2A4DD293FC12}: State of the environment. . . . . . . . : DNS Suffix. DNS-suffix for this connection. . . . . : Description. . . . . . . . . . . . . : Adapter Microsoft ISATAP # 3 Physical Address. . . . . . . . . 00-00-00-00-00-00-00-E0 DHCP is enabled. . . . . . . . . . . : No Autoconfiguration Enabled. . . . . . : Yes Tunnel adapter isatap. {EF585226-5B07-4446-A5A4-CB1B8E4B13AC}: State of the environment. . . . . . . . : DNS Suffix. DNS-suffix for this connection. . . . . : Description. . . . . . . . . . . . . : Adapter Microsoft ISATAP # 4 Physical Address. . . . . . . . . 00-00-00-00-00-00-00-E0 DHCP is enabled. . . . . . . . . . . : No Autoconfiguration Enabled. . . . . . : Yes Tunnel adapter Teredo Tunneling Pseudo-Interface: DNS-suffix for this connection. . . . . : Description. . . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . 00-00-00-00-00-00-00-E0 DHCP is enabled. . . . . . . . . . . : No Autoconfiguration Enabled. . . . . . : Yes IPv6-address. . . . . . . . . . . . : 2001:0:4137:9 e76: ea: b77: f51a: 1cb2 (Basically d) Local IPv6-address channel. . . : Fe80:: ea: b77: f51a: 1cb2% 16 (Preferred) Default Gateway. . . . . . . . . ::: NetBios over TCP / IP. . . . . . . . : Disabled C: \ Users \ Oleg> route print ================================================== ========================= List of interfaces 26 ... 00 05 9a 3c 78 00 ...... Cisco Systems VPN Adapter 23 ... 58 2c 80 13 92 63 ...... Vodafone Mobile Broadband Network Adapter (Huawei) 1 ........................... Software Loopback Interface 1 19 ... 00 00 00 00 00 00 00 e0 Adapter Microsoft ISATAP # 3 20 ... 00 00 00 00 00 00 00 e0 Adapter Microsoft ISATAP # 4 16 ... 00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface ================================================== ========================= IPv4 Route Table ================================================== ========================= Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 10.229.227.78 10.229.227.77 296 10.0.0.0 255.0.0.0 On-link 10.53.127.204 286 10.6.93.21 255,255,255,255 10.0.0.1 10.53.127.204 100 10.13.50.12 255,255,255,255 10.0.0.1 10.53.127.204 100 10.53.8.0 255.255.252.0 10.0.0.1 10.53.127.204 100 10.53.127.204 255.255.255.255 On-link 10.53.127.204 286 10.53.128.0 255.255.248.0 10.0.0.1 10.53.127.204 100 10.53.148.0 255,255,255,240 10.0.0.1 10.53.127.204 100 10.53.148.16 255,255,255,240 10.0.0.1 10.53.127.204 100 10.229.227.76 255.255.255.252 On-link 10.229.227.77 296 10.229.227.77 255.255.255.255 On-link 10.229.227.77 296 10.229.227.79 255.255.255.255 On-link 10.229.227.77 296 10.255.255.255 255.255.255.255 On-link 10.53.127.204 286 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 192.168.147.0 255,255,255,240 10.0.0.1 10.53.127.204 100 192.168.147.96 255,255,255,240 10.0.0.1 10.53.127.204 100 192,168,147,112 255,255,255,240 10.0.0.1 10.53.127.204 100 192,168,147,128 255,255,255,240 10.0.0.1 10.53.127.204 100 192,168,147,144 255,255,255,240 10.0.0.1 10.53.127.204 100 192,168,147,224 255,255,255,240 10.0.0.1 10.53.127.204 100 192.168.214.0 255.255.255.0 10.0.0.1 10.53.127.204 100 192.168.215.0 255.255.255.0 10.0.0.1 10.53.127.204 100 194.247.133.19 255,255,255,255 10.0.0.1 10.53.127.204 100 213,247,231,194 255,255,255,255 10.229.227.78 10.229.227.77 100 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 10.229.227.77 296 224.0.0.0 240.0.0.0 On-link 10.53.127.204 286 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 10.229.227.77 296 255.255.255.255 255.255.255.255 On-link 10.53.127.204 286 ================================================== ========================= Persistent Routes: None IPv6 Route Table ================================================== ========================= Active Routes: If Metric Network Destination Gateway 16 58:: / 0 On-link 1306:: 1 / 128 On-link 16 58 2001:: / 32 On-link 16 306 2001: 0:4137:9 e76: ea: b77: f51a: 1cb2/128 On-link 16 306 fe80:: / 64 On-link 26 286 fe80:: / 64 On-link 16 306 fe80:: ea: b77: f51a: 1cb2/128 On-link 26 286 fe80:: c073: 41b2: 852f: eb87/128 On-link 1306 ff00:: / 8 On-link 16 306 ff00:: / 8 On-link 26 286 ff00:: / 8 On-link ================================================== ========================= Persistent Routes: None C: \ Users \ Oleg>

    Read the article

  • OpenVPN on ec2 bridged mode connects but no Ping, DNS or forwarding

    - by michael
    I am trying to use OpenVPN to access the internet over a secure connection. I have openVPN configured and running on Amazon EC2 in bridge mode with client certs. I can successfully connect from the client, but I cannot get access to the internet or ping anything from the client I checked the following and everything seems to shows a successful connection between the vpn client/server and UDP traffic on 1194 [server] sudo tcpdump -i eth0 udp port 1194 (shows UDP traffic after establishing connection) [server] sudo iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination [server] sudo iptables -L -t nat Chain PREROUTING (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination MASQUERADE all -- ip-W-X-Y-0.us-west-1.compute.internal/24 anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination [server] openvpn.log Wed Oct 19 03:11:26 2011 localhost/a.b.c.d:61905 [localhost] Inactivity timeout (--ping-restart), restarting Wed Oct 19 03:11:26 2011 localhost/a.b.c.d:61905 SIGUSR1[soft,ping-restart] received, client-instance restarting Wed Oct 19 03:41:31 2011 MULTI: multi_create_instance called Wed Oct 19 03:41:31 2011 a.b.c.d:57889 Re-using SSL/TLS context Wed Oct 19 03:41:31 2011 a.b.c.d:57889 LZO compression initialized Wed Oct 19 03:41:31 2011 a.b.c.d:57889 Control Channel MTU parms [ L:1574 D:166 EF:66 EB:0 ET:0 EL:0 ] Wed Oct 19 03:41:31 2011 a.b.c.d:57889 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ] Wed Oct 19 03:41:31 2011 a.b.c.d:57889 Local Options hash (VER=V4): '360696c5' Wed Oct 19 03:41:31 2011 a.b.c.d:57889 Expected Remote Options hash (VER=V4): '13a273ba' Wed Oct 19 03:41:31 2011 a.b.c.d:57889 TLS: Initial packet from [AF_INET]a.b.c.d:57889, sid=dd886604 ab6ebb38 Wed Oct 19 03:41:35 2011 a.b.c.d:57889 VERIFY OK: depth=1, /C=US/ST=CA/L=SanFrancisco/O=EXAMPLE/CN=EXAMPLE_CA/[email protected] Wed Oct 19 03:41:35 2011 a.b.c.d:57889 VERIFY OK: depth=0, /C=US/ST=CA/L=SanFrancisco/O=EXAMPLE/CN=localhost/[email protected] Wed Oct 19 03:41:37 2011 a.b.c.d:57889 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Wed Oct 19 03:41:37 2011 a.b.c.d:57889 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Wed Oct 19 03:41:37 2011 a.b.c.d:57889 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Wed Oct 19 03:41:37 2011 a.b.c.d:57889 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Wed Oct 19 03:41:37 2011 a.b.c.d:57889 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA Wed Oct 19 03:41:37 2011 a.b.c.d:57889 [localhost] Peer Connection Initiated with [AF_INET]a.b.c.d:57889 Wed Oct 19 03:41:39 2011 localhost/a.b.c.d:57889 PUSH: Received control message: 'PUSH_REQUEST' Wed Oct 19 03:41:39 2011 localhost/a.b.c.d:57889 SENT CONTROL [localhost]: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,route-gateway W.X.Y.Z,ping 10,ping-restart 120,ifconfig W.X.Y.Z 255.255.255.0' (status=1) Wed Oct 19 03:41:40 2011 localhost/a.b.c.d:57889 MULTI: Learn: (IPV6) -> localhost/a.b.c.d:57889 [client] tracert google.com Tracing route to google.com [74.125.71.104] over a maximum of 30 hops: 1 347 ms 349 ms 348 ms PC [w.X.Y.Z] 2 * * * Request timed out. I can also successfully ping the server IP address from the client, and ping google.com from an SSH shell on the server. What am I doing wrong? Here is my config (Note: W.X.Y.Z == amazon EC2 private ipaddress) bridge config on br0 ifconfig eth0 0.0.0.0 promisc up brctl addbr br0 brctl addif br0 eth0 ifconfig br0 W.X.Y.X netmask 255.255.255.0 broadcast W.X.Y.255 up route add default gw W.X.Y.1 br0 /etc/openvpn/server.conf (from https://help.ubuntu.com/10.04/serverguide/C/openvpn.html) local W.X.Y.Z dev tap0 up "/etc/openvpn/up.sh br0" down "/etc/openvpn/down.sh br0" ;server W.X.Y.0 255.255.255.0 server-bridge W.X.Y.Z 255.255.255.0 W.X.Y.105 W.X.Y.200 ;push "route W.X.Y.0 255.255.255.0" push "redirect-gateway def1 bypass-dhcp" push "dhcp-option DNS 208.67.222.222" push "dhcp-option DNS 208.67.220.220" tls-auth ta.key 0 # This file is secret user nobody group nogroup log-append openvpn.log iptables config sudo iptables -A INPUT -i tap0 -j ACCEPT sudo iptables -A INPUT -i br0 -j ACCEPT sudo iptables -A FORWARD -i br0 -j ACCEPT sudo iptables -t nat -A POSTROUTING -s W.X.Y.0/24 -o eth0 -j MASQUERADE echo 1 > /proc/sys/net/ipv4/ip_forward Routing Tables added route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface W.X.Y.0 0.0.0.0 255.255.255.0 U 0 0 0 br0 0.0.0.0 W.X.Y.1 0.0.0.0 UG 0 0 0 br0 C:>route print =========================================================================== Interface List 32...00 ff ac d6 f7 04 ......TAP-Win32 Adapter V9 15...00 14 d1 e9 57 49 ......Microsoft Virtual WiFi Miniport Adapter #2 14...00 14 d1 e9 57 49 ......Realtek RTL8191SU Wireless LAN 802.11n USB 2.0 Net work Adapter 10...00 1f d0 50 1b ca ......Realtek PCIe GBE Family Controller 1...........................Software Loopback Interface 1 11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface 16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter 17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2 18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3 36...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5 =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 10.1.2.1 10.1.2.201 25 10.1.2.0 255.255.255.0 On-link 10.1.2.201 281 10.1.2.201 255.255.255.255 On-link 10.1.2.201 281 10.1.2.255 255.255.255.255 On-link 10.1.2.201 281 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 10.1.2.201 281 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 10.1.2.201 281 =========================================================================== Persistent Routes: Network Address Netmask Gateway Address Metric 0.0.0.0 0.0.0.0 10.1.2.1 Default =========================================================================== C:>tracert google.com Tracing route to google.com [74.125.71.147] over a maximum of 30 hops: 1 344 ms 345 ms 343 ms PC [W.X.Y.221] 2 * * * Request timed out.

    Read the article

  • Can fragments of a packet be refragmented again?

    - by gsinha
    In IPv4, fragmentation is done by routers on way to the destination if DF(do not fragment) flag is not set in the IP packet. Once a packet is fragmented, its fragments may take different paths (due to various reasons like topology changes) to the destination. If, on some link again in the path to destination, one routers find that the link MTU is smaller than the frame size, then either the packet needs to be fragmented or dropped. Can fragments of a packet be refragmented again? If yes, what will be the value of MF flag in the new individual fragments created by this?

    Read the article

  • Cable Internet connectivity Problem?

    - by LightHeaded
    I just got Internet cable from Time Warner/ EarthLink. For some reason I tried everything that Time Warner and Earthlink techs told me to do but nothing seems to work. I still can't connect to the Internet. For some reason they think it's the IPv4 address since it begins with 169. I did everything the told me to 8 times, but they both give me the run around tell me it's the other's fault. How can I fix this once and for all? I have no router. I use cable to connect to the Internet. Windows Vista Cable broadband.

    Read the article

  • VSFTPD Unable to set write permissions on folder

    - by Frank Astin
    I've just set up my first FTP server with VSFTPD on cent os . I can connect to it fine using a user in the group ftp-users but I get read only access . I've tried several different CHMOD codes on the folder (even 777) all to no avail . This is the tutorial I used to set up the server http://tinyurl.com/73pyuxz hopefully you'll be able to see something I missed. Thanks in advance . Requested Config File : # Example config file /etc/vsftpd/vsftpd.conf # # The default compiled in settings are fairly paranoid. This sample file # loosens things up a bit, to make the ftp daemon more usable. # Please see vsftpd.conf.5 for all compiled in defaults. # # READ THIS: This example file is NOT an exhaustive list of vsftpd options. # Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's # capabilities. # # Allow anonymous FTP? (Beware - allowed by default if you comment this out). anonymous_enable=NO # # Uncomment this to allow local users to log in. local_enable=YES # # Uncomment this to enable any form of FTP write command. write_enable=YES # # Default umask for local users is 077. You may wish to change this to 022, # if your users expect that (022 is used by most other ftpd's) local_umask=022 # # Uncomment this to allow the anonymous FTP user to upload files. This only # has an effect if the above global write enable is activated. Also, you will # obviously need to create a directory writable by the FTP user. #anon_upload_enable=YES # # Uncomment this if you want the anonymous FTP user to be able to create # new directories. #anon_mkdir_write_enable=YES # # Activate directory messages - messages given to remote users when they # go into a certain directory. dirmessage_enable=YES # # The target log file can be vsftpd_log_file or xferlog_file. # This depends on setting xferlog_std_format parameter xferlog_enable=YES # # Make sure PORT transfer connections originate from port 20 (ftp-data). connect_from_port_20=YES # # If you want, you can arrange for uploaded anonymous files to be owned by # a different user. Note! Using "root" for uploaded files is not # recommended! #chown_uploads=YES #chown_username=whoever # # The name of log file when xferlog_enable=YES and xferlog_std_format=YES # WARNING - changing this filename affects /etc/logrotate.d/vsftpd.log #xferlog_file=/var/log/xferlog # # Switches between logging into vsftpd_log_file and xferlog_file files. # NO writes to vsftpd_log_file, YES to xferlog_file xferlog_std_format=YES # # You may change the default value for timing out an idle session. #idle_session_timeout=600 # # You may change the default value for timing out a data connection. #data_connection_timeout=120 # # It is recommended that you define on your system a unique user which the # ftp server can use as a totally isolated and unprivileged user. #nopriv_user=ftpsecure # # Enable this and the server will recognise asynchronous ABOR requests. Not # recommended for security (the code is non-trivial). Not enabling it, # however, may confuse older FTP clients. #async_abor_enable=YES # # By default the server will pretend to allow ASCII mode but in fact ignore # the request. Turn on the below options to have the server actually do ASCII # mangling on files when in ASCII mode. # Beware that on some FTP servers, ASCII support allows a denial of service # attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd # predicted this attack and has always been safe, reporting the size of the # raw file. # ASCII mangling is a horrible feature of the protocol. #ascii_upload_enable=YES #ascii_download_enable=YES # # You may fully customise the login banner string: #ftpd_banner=Welcome to blah FTP service. # # You may specify a file of disallowed anonymous e-mail addresses. Apparently # useful for combatting certain DoS attacks. #deny_email_enable=YES # (default follows) #banned_email_file=/etc/vsftpd/banned_emails # # You may specify an explicit list of local users to chroot() to their home # directory. If chroot_local_user is YES, then this list becomes a list of # users to NOT chroot(). #chroot_list_enable=YES # (default follows) #chroot_list_file=/etc/vsftpd/chroot_list # # You may activate the "-R" option to the builtin ls. This is disabled by # default to avoid remote users being able to cause excessive I/O on large # sites. However, some broken FTP clients such as "ncftp" and "mirror" assume # the presence of the "-R" option, so there is a strong case for enabling it. #ls_recurse_enable=YES # # When "listen" directive is enabled, vsftpd runs in standalone mode and # listens on IPv4 sockets. This directive cannot be used in conjunction # with the listen_ipv6 directive. listen=YES # # This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6 # sockets, you must run two copies of vsftpd whith two configuration files. # Make sure, that one of the listen options is commented !! #listen_ipv6=YES pam_service_name=vsftpd userlist_enable=YES tcp_wrappers=YES

    Read the article

  • Gre Tunnel Cisco Linux traffic forwarding

    - by mezgani
    I setup a gre tunnel a cisco router and a Linux machine, the tunnel interface in the Linux box named pic. Well i have to forward traffic coming from cisco through the Linux box. the rules i've set in the Linux box is described as follow: echo "1" /proc/sys/net/ipv4/ip_forward iptables -A INPUT -p 47 -j ACCEPT iptables -A FORWARD -i ppp0 -j ACCEPT iptables -A FORWARD -i pic -o ppp0 -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -i ppp0 -o pic -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE I see the traffic coming from tunnel and forwarded to internet but no reply from sent packet. May i miss something like a routing rule.

    Read the article

  • vsftpd not allowing uploads. 550 response

    - by Josh
    I've set vsftpd up on a centos box. I keep trying to upload files but I keep getting "550 Failed to change directory" and "550 Could not get file size." Here's my vsftpd.conf # The default compiled in settings are fairly paranoid. This sample file # loosens things up a bit, to make the ftp daemon more usable. # Please see vsftpd.conf.5 for all compiled in defaults. # # READ THIS: This example file is NOT an exhaustive list of vsftpd options. # Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's # capabilities. # # Allow anonymous FTP? (Beware - allowed by default if you comment this out). anonymous_enable=YES # # Uncomment this to allow local users to log in. local_enable=YES # # Uncomment this to enable any form of FTP write command. write_enable=YES # # Default umask for local users is 077. You may wish to change this to 022, # if your users expect that (022 is used by most other ftpd's) local_umask=022 # # Uncomment this to allow the anonymous FTP user to upload files. This only # has an effect if the above global write enable is activated. Also, you will # obviously need to create a directory writable by the FTP user. anon_upload_enable=YES # # Uncomment this if you want the anonymous FTP user to be able to create # new directories. anon_mkdir_write_enable=YES anon_other_write_enable=YES # # Activate directory messages - messages given to remote users when they # go into a certain directory. dirmessage_enable=YES # # The target log file can be vsftpd_log_file or xferlog_file. # This depends on setting xferlog_std_format parameter xferlog_enable=YES # # Make sure PORT transfer connections originate from port 20 (ftp-data). connect_from_port_20=YES # # If you want, you can arrange for uploaded anonymous files to be owned by # a different user. Note! Using "root" for uploaded files is not # recommended! #chown_uploads=YES #chown_username=whoever # # The name of log file when xferlog_enable=YES and xferlog_std_format=YES # WARNING - changing this filename affects /etc/logrotate.d/vsftpd.log #xferlog_file=/var/log/xferlog # # Switches between logging into vsftpd_log_file and xferlog_file files. # NO writes to vsftpd_log_file, YES to xferlog_file xferlog_std_format=NO # # You may change the default value for timing out an idle session. #idle_session_timeout=600 # # You may change the default value for timing out a data connection. #data_connection_timeout=120 # # It is recommended that you define on your system a unique user which the # ftp server can use as a totally isolated and unprivileged user. #nopriv_user=ftpsecure # # Enable this and the server will recognise asynchronous ABOR requests. Not # recommended for security (the code is non-trivial). Not enabling it, # however, may confuse older FTP clients. #async_abor_enable=YES # # By default the server will pretend to allow ASCII mode but in fact ignore # the request. Turn on the below options to have the server actually do ASCII # mangling on files when in ASCII mode. # Beware that on some FTP servers, ASCII support allows a denial of service # attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd # predicted this attack and has always been safe, reporting the size of the # raw file. # ASCII mangling is a horrible feature of the protocol. #ascii_upload_enable=YES #ascii_download_enable=YES # # You may fully customise the login banner string: #ftpd_banner=Welcome to blah FTP service. # # You may specify a file of disallowed anonymous e-mail addresses. Apparently # useful for combatting certain DoS attacks. #deny_email_enable=YES # (default follows) #banned_email_file=/etc/vsftpd/banned_emails # # You may specify an explicit list of local users to chroot() to their home # directory. If chroot_local_user is YES, then this list becomes a list of # users to NOT chroot(). #chroot_list_enable=YES # (default follows) #chroot_list_file=/etc/vsftpd/chroot_list # # You may activate the "-R" option to the builtin ls. This is disabled by # default to avoid remote users being able to cause excessive I/O on large # sites. However, some broken FTP clients such as "ncftp" and "mirror" assume # the presence of the "-R" option, so there is a strong case for enabling it. #ls_recurse_enable=YES # # When "listen" directive is enabled, vsftpd runs in standalone mode and # listens on IPv4 sockets. This directive cannot be used in conjunction # with the listen_ipv6 directive. listen=YES # This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6 # sockets, you must run two copies of vsftpd whith two configuration files. # Make sure, that one of the listen options is commented !! #listen_ipv6=YES pam_service_name=vsftpd userlist_enable=YES tcp_wrappers=YES log_ftp_protocol=YES banner_file=/etc/vsftpd/issue local_root=/var/www guest_enable=YES guest_username=ftpusr ftp_username=nobody

    Read the article

  • Assigning multiple IPv6 addresses on a Server

    - by andrewk
    Let me uncover my intent. My host provides hundreds of IPV6 addresses free, but charge for an IPV4 address. I have several sites under one server and I was wondering if I can give each site/domain it's own ipv6 address. Is that even possible? If so how? I've read quite a bit about ipv6 but I do not understand it as clear as I'd like. My main goal is, for each domain/site to have it's own unique IP, so someone can't do a reverse ip look up and see what sites I have on that server. Thanks in advance for the patience.

    Read the article

  • Forwarding port to a VM - How to?

    - by Peter Gadd
    I use Win 8 Ent x64 on my PC, and I also have a Win 7 VMware virtual machine set up using a bridged network adapter. The IPv4 number for the Win 7 VM is 192.168.1.115. I require access to the VM from the Internet through port 1688. How do I set up port forwarding to achieve this? My router is a Cisco Linksys WAG120N. ========= If you require any further information to help me with this, I will gladly supply it. ========= Thanks in advance.

    Read the article

  • Apache error "No address associated with hostname" on Arch Linux (ZMLarch)

    - by Eedoh
    I'm trying to set up video surveillance system using IP cameras and ZoneAlarm on Arch Linux. I set up fixed IP address, I've managed to get streams from cameras, etc. However, after restart of the machine, I cannot start Apache again. I checked configuration of rc.conf, and saw that static IP configuration has been deleted, and also secondary nameserver in resolv.conf. Tried to re-write these with correct parameters, but now with no effect. This is tail of my /var/log/httpd/error_log file, after /etc/rc.d/httpd restart attempt [Fri Jan 29 04:20:45 2010] [alert] (EAI 5) No address associated with hostname: mod_unique_id: unable to find IPv4 address of "zmhost" Configuration failed Anybody have an idea on how could I fix this?

    Read the article

  • Network traffic is not being forwarded from a VM to the network using a bridged interface with Xen + libvirt

    - by foob
    I'm having trouble getting network access from a VM that I'm running using Xen and libvirt. I've been trying different things and reading similar posts online for a couple of days but I'm really stuck at this point. If anybody could offer some insight it would be much appreciated. I have a VM that I'm running on a host with a bridge set up as br0 and an interface eth0 on a 192.168.60.0/24 subnet. The networking portion of the libvirt configuration xml is: <interface type='bridge'> <mac address='ff:a0:d1:e5:07:de'/> <source bridge='br0'/> <script path='/etc/xen/scripts/vif-bridge'/> <model type='virtio' /> </interface> When I start the VM a vif6.0 interface is created on the host and the ifconfig output is: br0 Link encap:Ethernet HWaddr 00:A0:D1:C3:07:DE inet addr:192.168.60.33 Bcast:192.168.60.255 Mask:255.255.255.0 inet6 addr: fe80::2a0:d1ff:fee5:7de/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:13 errors:0 dropped:0 overruns:0 frame:0 TX packets:40 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:3570 (3.4 KiB) TX bytes:3508 (3.4 KiB) eth0 Link encap:Ethernet HWaddr 00:A0:D1:C3:07:DE inet6 addr: fe80::2a0:d1ff:fee5:7de/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:6 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 b) TX bytes:492 (492.0 b) Interrupt:19 Memory:fe8f0000-fe900000 vif6.0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:80 errors:0 dropped:0 overruns:0 frame:0 TX packets:6 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:500 RX bytes:6660 (6.5 KiB) TX bytes:468 (468.0 b) virbr0 Link encap:Ethernet HWaddr 00:00:00:00:00:00 inet addr:192.168.122.1 Bcast:192.168.122.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) The 'brctl show' output seems to show the bridge being configured correctly: br0 8000.00a0d1e507de no eth0 vif6.0 The ifcfg-eth0 contents in the VM are: DEVICE=eth0 BOOTPROTO=static HWADDR=FF:A0:D1:E5:07:DE IPADDR=192.168.60.133 NETMASK=255.255.255.0 ONBOOT=yes and the output of ifconfig in the VM look like what I would expect: eth0 Link encap:Ethernet HWaddr FF:A0:D1:E5:07:DE inet addr:192.168.60.133 Bcast:192.168.60.255 Mask:255.255.255.0 inet6 addr: fe80::fda0:d1ff:fee5:7de/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:6 errors:0 dropped:0 overruns:0 frame:0 TX packets:80 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:468 (468.0 b) TX bytes:7780 (7.5 KiB) but when I try to ssh or ping another computer I get 'no route to host.' Using tcpdump on the host system I tried to see if I could narrow down where the problem is: # tcpdump -vv -i vif6.0 tcpdump: WARNING: vif6.0: no IPv4 address assigned tcpdump: listening on vif6.0, link-type EN10MB (Ethernet), capture size 96 bytes 14:49:40.833997 arp who-has 192.168.60.35 tell 192.168.60.133 14:49:41.833314 arp who-has 192.168.60.35 tell 192.168.60.133 14:49:42.833309 arp who-has 192.168.60.35 tell 192.168.60.133 So the VM is sending out out an arp who-has packet when I try to ssh to 192.168.60.35. I think that this means the setup within the VM is ok and that this is an issue on the host system. If I run tcpdump with the interface of br0 then I don't see these arp packets. My thought here is that the packets are being blocked before going on to the bridge somehow. I tried adding an iptables rule to resolve this: -A FORWARD -m physdev --physdev-is-bridged -j ACCEPT but it didn't work. I also tried the following: /sbin/sysctl -w net.bridge.bridge-nf-call-ip6tables=0 /sbin/sysctl -w net.bridge.bridge-nf-call-iptables=0 /sbin/sysctl -w net.bridge.bridge-nf-call-arptables=0 /sbin/sysctl -w net.ipv4.ip_forward=1 which had no impact. Is it obvious to somebody who has more experience than me what I'm missing here? Should vif6.0 have the same MAC address is eth0 in the vm? Do I need more rules in my iptables? Thanks for any help!

    Read the article

  • Why does using nginx as a reverse proxy break local links?

    - by tsvallender
    I've just set up nginx as a reverse proxy, so some sites served from the box are served directly by it and others are forwarded to a Node.js server. The site being served by Node.js, however, is displayed with no CSS or images, so I assume the links are somehow being broken, but don't know why. The following is the only file in /etc/nginx/sites-enabled: server { listen 80; ## listen for ipv4 listen [::]:80 default ipv6only=on; ## listen for ipv6 server_name dev.my.site; access_log /var/log/nginx/localhost.access.log; location / { root /var/www; index index.html index.htm; } location /myNodeSite { proxy_pass http://127.0.0.1:8080/; proxy_redirect off; proxy_set_header Host $host; } } I had thought perhaps it was trying to find them in /var/www due to the first entry, but removing that doesn't seem to help.

    Read the article

  • nginx 500 error instead of 404

    - by arby
    I have the following nginx configuration (at /etc/nginx/sites-available/default) server { listen 80; ## listen for ipv4; this line is default and implied listen [::]:80 default ipv6only=on; ## listen for ipv6 root /usr/share/nginx/www; index index.php index.html index.htm; server_name _; location / { try_files $uri $uri/ /index.html; } error_page 404 /404.html; location ~ \.php$ { try_files $uri =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass unix:/tmp/php5-fpm.sock; fastcgi_index index.php; include fastcgi_params; } location ~ /\.ht { deny all; } } Instead of a 404 error, I'm getting 500 server errors on broken urls. How can I correct this?

    Read the article

  • Freenas 8 email setup

    - by atrueresistance
    I'm struggling with setting up email reporting in Freenas. My build is FreeNAS-8.0.4-RELEASE-x64 (10351). I have my IPv4 Default gateway set to 192.168.2.1 (my router) and Nameserver 1 as 8.8.8.8 (google's public). Under my email tab I have from email ***@gmail.com outgoing mail server smtp.google.com port to connect to 465 tls/ssl SSL use smtp auth checked username ***@gmail.com password **** I then went into accounts and changed the root email to ***@gmail.com. When I try and send a test email, I get Your test email could not be sent: timed out So what am I doing wrong?

    Read the article

  • forward ssh ports on EC2

    - by Will Glass
    I have an SSH server on a private subnet within an EC2 vpc listening for ssh on port 9022 I also have a nat instance (standard Amazon EC2 nat) on a public instance. I would like to forward incoming SSH connections (port 9022) to my nat to the internal server (port 9022). I tried this, but it didn't work: sudo iptables -t nat -I PREROUTING -p tcp -i eth0 --dport 9022 -j DNAT --to-destination 10.0.2.11:9022 I verified that 10.0.2.11 is listening on port 9022. (I can telnet). I verified my security group allows incoming port 9022. I verified that /proc/sys/net/ipv4/ip_forward is 1. What am I missing? Edit: Turns out this was correct after all. I had a mistake in my security group.

    Read the article

  • Subnet mask and how to resolve IP range [duplicate]

    - by user2789433
    This question already has an answer here: How does IPv4 Subnetting Work? 5 answers If you click on this link WHO IS query You will see the results from a who is query for a random IP address. On the line "inetnum": "122.4.0.0/14", What does it mean for the prefix to be 14? I am using this as a reference Subnet Mask Cheatsheet While resolving it, I get a very wide range which is something like 122.7.0.0-122.4.0.0 I am not able to understand how the IP range is calculate from the subnet mask and I am only able to find calculators online and not a method to solve it.

    Read the article

  • arp problems with transparent bridge on linux

    - by Mink
    I've been trying to secure my virtual machines on my esx server by putting them behind a transparent bridge with 2 interfaces, one in front, one at the back. My intention is to put all the firewall rules in one place (instead of on each virtual server). I've been using as bridge a blank new virtual machine based on arch linux (but I suspect it doesn't matter which brand of linux it is). What I have is 2 virtual switchs (thus two Virtual Network, VN_front and VN_back), each with 2 types of ports (switched/separated or promiscious/where the machine can see all packets). On my bridge machine, I've set up 2 virtual NIC, one on VN_front, one on VN_back, both in promisc mode. I've created a bridge br0 with both NIC in it: brctl addbr br0 brctl stp br0 off brctl addif br0 front_if brctl addif br0 back_if Then brought them up: ifconfig front_if 0.0.0.0 promisc ifconfig back_if 0.0.0.0 promisc ifconfig br0 0.0.0.0 (I use promisc mode, because I'm not sure I can do without, thinking that maybe the packets don't reach the NICs) Then I took one of my virtual server sitting on VN_front, and plugged it to VN_back instead (that's the nifty use case I'm thinking about, being able to move my servers around just by changing the VN they are plugged into, without changing anything in the configuration). Then I looked into the macs "seen" by my addressless bridge using brctl showmacs br0 and it did show my server from both sides: I get something that looks like this : port no mac addr is local? ageing timer 2 00:0c:29:e1:54:75 no 9.27 1 00:0c:29:fd:86:0c no 9.27 2 00:50:56:90:05:86 no 73.38 1 00:50:56:90:05:88 no 0.10 2 00:50:56:90:05:8b yes 0.00 << FRONT VN 1 00:50:56:90:05:8c yes 0.00 << BACK VN 2 00:50:56:90:19:18 no 13.55 2 00:50:56:90:3c:cf no 13.57 the thing is that the server that are plugged in front/back are not shown on the correct port. I suspect some horrible thing happening in the ARP-world... :-/ If I ping from a front virtual server to a back virtual server, I can only see the back machine if that back machine pings something in the front. As soon as I stop the ping from the back machine, the ping from the front machine stops getting through... I've noticed that if the back machine pings, then its port on the bridge is the correct one... I've tried to play with the arp_ switch of /proc/sys, but with no clear effect on the end result... /proc/sys/net/ipv4/ip_forward doesn't seem to be of any use when using a bridge (seems it's all taken care of by brctl) /proc/sys/net/ipv4/conf//arp_ don't seem to change much either... (tried arp_announce to 2 or 8 - like suggested elsewhere - and arp_ignore to 0 or 1 ) All the examples I've seen have a different subnet on either side like 10.0.1.0/24 and 10.0.2.0/24... In my case I want 10.0.1.0/24 on both side (just like a transparent switch - except it's a hidden fw ). Turning stp on/off doesn't seem to have any impact on my issue. It's as if the arp packets where getting through the bridge, corrupting the other side with false data... I've tried to use the -arp on each interface, br0, front, back... it breaks the thing altogether... I suspect it has something to do with both side being on the same subnet... I've thought about putting all my machine behind the fw, so as to have all the same subnet at the back... but I'm stuck with my provider's gateway standing at the front with part of my subnet (in fact 3 appliance to route the whole subnet), so I'll always have ips from the same subnet on both side, whatever I do... (I'm using fixed front IPs on my delegated subnet). I'm at a loss... -_-'' Thx for your help. (As anyone tried something like this? from within ESXi?) (It's not just a stunt, the idea is to have something like fail2ban running on some servers, sending their banned IP to the bridge/fw so that it too could ban them - saving all the other servers from that same attacker in one go, allowing for some honeypot that would trigger the fw from any kind of suitable response, and stuffs of the sort... I am aware I could use something like snort, but it addresses some completely different kind of problems, in a completely different way... )

    Read the article

  • Centos 6.3 vsftp unable to upload file to apache webserver

    - by user148648
    I am new to Centos, I did work with Sun Solaris and upload files to Apache web server before. I create an end user account and manage to ftp using command prompt to the server, error message is '226 Transfer Done (but failed to open directory). Content of my vsftpd.conf as below # Example config file /etc/vsftpd/vsftpd.conf # # The default compiled in settings are fairly paranoid. This sample file # loosens things up a bit, to make the ftp daemon more usable. # Please see vsftpd.conf.5 for all compiled in defaults. # # READ THIS: This example file is NOT an exhaustive list of vsftpd options. # Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's # capabilities. # # Allow anonymous FTP? (Beware - allowed by default if you comment this out). anonymous_enable=YES # ** may need to comment it back # # Uncomment this to allow local users to log in. local_enable=YES # # Uncomment this to enable any form of FTP write command. write_enable=YES # # Default umask for local users is 077. You may wish to change this to 022, # if your users expect that (022 is used by most other ftpd's) #local_umask=022 local_umask=077 # # Uncomment this to allow the anonymous FTP user to upload files. This only # has an effect if the above global write enable is activated. Also, you will # obviously need to create a directory writable by the FTP user. anon_upload_enable=YES # *** maybe to comment it back!!! # # Uncomment this if you want the anonymous FTP user to be able to create # new directories. anon_mkdir_write_enable=YES # ** may need to comment it back!!! # # Activate directory messages - messages given to remote users when they # go into a certain directory. dirmessage_enable=YES # # The target log file can be vsftpd_log_file or xferlog_file. # This depends on setting xferlog_std_format parameter xferlog_enable=YES # # Make sure PORT transfer connections originate from port 20 (ftp-data). connect_from_port_20=YES # # If you want, you can arrange for uploaded anonymous files to be owned by # a different user. Note! Using "root" for uploaded files is not # recommended! #chown_uploads=YES #chown_username=whoever # # The name of log file when xferlog_enable=YES and xferlog_std_format=YES # WARNING - changing this filename affects /etc/logrotate.d/vsftpd.log xferlog_file=/var/log/xferlog # # Switches between logging into vsftpd_log_file and xferlog_file files. # NO writes to vsftpd_log_file, YES to xferlog_file xferlog_std_format=YES # # You may change the default value for timing out an idle session. #idle_session_timeout=600 # # You may change the default value for timing out a data connection. #data_connection_timeout=120 # # It is recommended that you define on your system a unique user which the # ftp server can use as a totally isolated and unprivileged user. #nopriv_user=ftpsecure # # Enable this and the server will recognise asynchronous ABOR requests. Not # recommended for security (the code is non-trivial). Not enabling it, # however, may confuse older FTP clients. #async_abor_enable=YES # # By default the server will pretend to allow ASCII mode but in fact ignore # the request. Turn on the below options to have the server actually do ASCII # mangling on files when in ASCII mode. # Beware that on some FTP servers, ASCII support allows a denial of service # attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd # predicted this attack and has always been safe, reporting the size of the # raw file. # ASCII mangling is a horrible feature of the protocol. ascii_upload_enable=YES ascii_download_enable=YES # # You may fully customise the login banner string: ftpd_banner=Warning, only for authorize login. # # You may specify a file of disallowed anonymous e-mail addresses. Apparently # useful for combatting certain DoS attacks. #deny_email_enable=YES # (default follows) #banned_email_file=/etc/vsftpd/banned_emails # # You may specify an explicit list of local users to chroot() to their home # directory. If chroot_local_user is YES, then this list becomes a list of # users to NOT chroot(). chroot_local_user=YES chroot_list_enable=YES # (default follows) #chroot_list_file=/etc/vsftpd/chroot_list local_root=/var/www # # You may activate the "-R" option to the builtin ls. This is disabled by # default to avoid remote users being able to cause excessive I/O on large # sites. However, some broken FTP clients such as "ncftp" and "mirror" assume # the presence of the "-R" option, so there is a strong case for enabling it. ls_recurse_enable=YES # # When "listen" directive is enabled, vsftpd runs in standalone mode and # listens on IPv4 sockets. This directive cannot be used in conjunction # with the listen_ipv6 directive. listen=YES # # This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6 # sockets, you must run two copies of vsftpd with two configuration files. # Make sure, that one of the listen options is commented !! #listen_ipv6=YES pam_service_name=vsftpd userlist_enable=YES tcp_wrappers=YES

    Read the article

  • Strategies for very fast delivery of webpages.

    - by Cherian
    I run a website Cucumbertown with an initial pay load of nearly 9KB zipped. All my js is delayed loaded with requirejs and modernizer is the only exception. Now all my webpages are Nginx cached and only 10-15% hits go to the backend proxy. And the cache is invalidated by logged in users as proxy_cache_bypass. So for an anonymous user its nearly always a cache hit. I have some basic OS tuning with default via ip dev eth0 initcwnd 15 net.ipv4.tcp_slow_start_after_idle 0 Despite an all cache & large initcwnd my pages still take 2.5 – 3 seconds. I have a yslow score of And page speed at Are there strategies that can help deliver webpages even faster than this? Deliver pages at 1+ second time for 10KB payload? Notes: My servers run of a fairly good data center from Linode at Fremont.

    Read the article

  • Where to begin with IPv6 [closed]

    - by Willem de Vries
    I am fairly familiar with setting-up IPv4 networks for bigger server configurations, only now I wanted to start familiarizing myself with doing the same for IPv6. I have been Googling for the second night in a row for things like: IPv6 network design, IPv6 for dummies, etc. So far most things you find go on about why IPv6 and the amazing amount of numbers that we have now. Yet I am looking for practical stuff, for example: what would be a good way to assign IP-number, as I understand it DHCP shouldn't be the default course of action. How do other assignment methods work with DNS configuration? what would be a good or standard way of dividing the network in to sub-nets? (database, application, web servers spread over multiple domains/applications and some what intertwined) In short I would like to find good resources with practical information books, webpages, etc.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 12 13 14 15 16 17 18 19 20 21 22 23  | Next Page >