Search Results

Search found 8555 results on 343 pages for 'virtualbox networking'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 200/343 | < Previous Page | 196 197 198 199 200 201 202 203 204 205 206 207  | Next Page >

  • Is this iptables NAT exploitable from the external side?

    - by Karma Fusebox
    Could you please have a short look on this simple iptables/NAT-Setup, I believe it has a fairly serious security issue (due to being too simple). On this network there is one internet-connected machine (running Debian Squeeze/2.6.32-5 with iptables 1.4.8) acting as NAT/Gateway for the handful of clients in 192.168/24. The machine has two NICs: eth0: internet-faced eth1: LAN-faced, 192.168.0.1, the default GW for 192.168/24 Routing table is two-NICs-default without manual changes: Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 (externalNet) 0.0.0.0 255.255.252.0 U 0 0 0 eth0 0.0.0.0 (externalGW) 0.0.0.0 UG 0 0 0 eth0 The NAT is then enabled only and merely by these actions, there are no more iptables rules: echo 1 > /proc/sys/net/ipv4/ip_forward /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE # (all iptables policies are ACCEPT) This does the job, but I miss several things here which I believe could be a security issue: there is no restriction about allowed source interfaces or source networks at all there is no firewalling part such as: (set policies to DROP) /sbin/iptables -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT /sbin/iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT And thus, the questions of my sleepless nights are: Is this NAT-service available to anyone in the world who sets this machine as his default gateway? I'd say yes it is, because there is nothing indicating that an incoming external connection (via eth0) should be handled any different than an incoming internal connection (via eth1) as long as the output-interface is eth0 - and routing-wise that holds true for both external und internal clients that want to access the internet. So if I am right, anyone could use this machine as open proxy by having his packets NATted here. So please tell me if that's right or why it is not. As a "hotfix" I have added a "-s 192.168.0.0/24" option to the NAT-starting command. I would like to know if not using this option was indeed a security issue or just irrelevant thanks to some mechanism I am not aware of. As the policies are all ACCEPT, there is currently no restriction on forwarding eth1 to eth0 (internal to external). But what are the effective implications of currently NOT having the restriction that only RELATED and ESTABLISHED states are forwarded from eth0 to eth1 (external to internal)? In other words, should I rather change the policies to DROP and apply the two "firewalling" rules I mentioned above or is the lack of them not affecting security? Thanks for clarification!

    Read the article

  • Vista to Vista network visability issue

    - by Sk93
    Hi All, I've got a Vista Business PC and a Vista Business Laptop connected via a virgin media router (Netgear CG2100D) and I cannot get the two machines to see each other correctly over the network. The laptop is connected via wireless, whilst the pc is wired. Both are set to recieve their network settings automatically (DHCP) and both have the windows firewall (the only firewall on either) turned off completely. I can ping each machine fine from one another using the ip addresses, and I can also connect via \. However, connections via \ fail, and I cannot see the machines in the network map. I have tried turning netBIOS to be "always on" on both adapters, but this makes no difference. I've been messing around pretty much for 6 hours now and am getting quite fustrated by this! (my original aim was to get media sharing working, but I've pretty much abandoned that for now). Any ideas?

    Read the article

  • RS-232 vs. RS-485

    - by user60524
    Doing a little research on the two to figure out which one may better suit my purposes (communications amongst different hardware). How do they fare against one another? Im far from being a specialist and have no idea where I would even start looking for data to compare and contrast. If possible can someone please answer the following questions in regards to each of these. Can they be networked amongst each other? Can they be easily networked over ethernet? What speeds do they transfer at? (Min, Max, Etc.) Reliability? Best framework to build on top of to support the above? Any standard communications programs? Debugging capability? Any help would be very much appreciated, thanks.

    Read the article

  • two identical broadband lines working as one

    - by Katafalkas
    I have been trying to find an answer to this, but all I get is hobbyists trying to connect they linksys's and get some magic out of it. So I am thinking of a way I could combine two 100Mbp Fiber Optics lines into a single connection for our office. I assume it involves some CISCO learning or something like this. Was thinking that I might need to configure some big router to load-balance the NAT'ing in some way. I assume that meny of you have done something similar and maybe someone could share the knowledge or at least provide some tips ?

    Read the article

  • Joining a network with a Virtual Windows Server 2008 R2

    - by Triztian
    Hi all, here's my case, I have set up a share in a virtual windows server 2008 R2, the server is hosted by GoDaddy my question is, how do I access the server's public folders, I need to open a file locally (on the client) and to do that I need the server to show up in my Network locations, I have the right credentials and have created a special group that has access to the particular folder that I'm sharing the problem is I don't know how to add the server to my network locations. I have tried VPN Connection but it is my understanding that it cannot be done since it is virtual share server. Any help is trully appreciated.

    Read the article

  • How to set a static route for an external IP address

    - by HorusKol
    Further to my earlier question about bridging different subnets - I now need to route requests for one particular IP address differently to all other traffic. I have the following routing in my iptables on our router: # Allow established connections, and those !not! coming from the public interface # eth0 = public interface # eth1 = private interface #1 (10.1.1.0/24) # eth2 = private interface #2 (129.2.2.0/25) iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -m state --state NEW ! -i eth0 -j ACCEPT iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -i eth0 -o eth2 -m state --state ESTABLISHED,RELATED -j ACCEPT # Allow outgoing connections from the private interfaces iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT iptables -A FORWARD -i eth2 -o eth0 -j ACCEPT # Allow the two private connections to talk to each other iptables -A FORWARD -i eth1 -o eth2 -j ACCEPT iptables -A FORWARD -i eth2 -o eth1 -j ACCEPT # Masquerade (NAT) iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE # Don't forward any other traffic from the public to the private iptables -A FORWARD -i eth0 -o eth1 -j REJECT iptables -A FORWARD -i eth0 -o eth2 -j REJECT This configuration means that users will be forwarded through a modem/router with a public address - this is all well and good for most purposes, and in the main it doesn't matter that all computers are hidden behind the one public IP. However, some users need to be able to access a proxy at 192.111.222.111:8080 - and the proxy needs to identify this traffic as coming through a gateway at 129.2.2.126 - it won't respond otherwise. I tried adding a static route on our local gateway with: route add -host 192.111.222.111 gw 129.2.2.126 dev eth2 I can successfully ping 192.111.222.111 from the router. When I trace the route, it lists the 129.2.2.126 gateway, but I just get * on each of the following hops (I think this makes sense since this is just a web-proxy and requires authentication). When I try to ping this address from a host on the 129.2.2.0/25 network it fails. Should I do this in the iptables chain instead? How would I configure this routing?

    Read the article

  • Linux NetSec/IDS Bridge

    - by Blackninja543
    What I am looking to make is a linux system that acts as a bridge. It simple forwards any data sent on one device over to the next device. It does not attempt to block incoming attacks or redirect any traffic. What it does to is perform an IDS role on the network. Any suspicious activity is logged and reported. Snort would be one such piece of software however I was wondering what other solutions and ideas the rest of the community has.

    Read the article

  • Cloud services can't be reached from complex customer infrastructure

    - by Nock
    We have several services running on a cloud, they all are hosted on Windows Server 2012 R2, have public IP address and specific port. Some of our customers can't reach them because for "some reason" the ports are cut between a firewall between them and us. (some customers are using a shared internet connection in a multi tenant office and they can't change firewall communication) Well, you get it, we don't have the possibility to make all the firewall "allowing" the communication. My customers all runs Windows 7 at least. What is the best counter solution in such case, using Microsoft (Windows Server) technologies? The best would be some kind of tunneling communication or VPN, but the customer should also be able to access his/her enterprise resources. Bby the way, today we using IPSec using Windows Firewall to secure the communication, is IPSec tunneling a solution for us? Otherwise, is there a service in Windows to enable some kind of VPN between a client and a server but only for a given set of servers?

    Read the article

  • Why is my ethernet interface in promiscuous mode

    - by nhed
    I read that seeing a flag of M in netstat -i is the way to tell which of your interfaces is in promiscuous mode I run it and I see that eth1 is in promiscuous mode $ netstat -i Kernel Interface table Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg eth1 1500 0 1770161198 0 0 0 57446481 0 0 0 BMRU lo 16436 0 97501566 0 0 0 97501566 0 0 0 LRU This seems to be the case on all the machines I checked (All Centos6.0, both virtual and physical), any idea why ethernet devices would be in such a mode unless someone was running any pcap based app (sudo lsof | grep pcap shows nothing)? I did not see any mention of promiscuous in any of the config files (sudo grep -r promis /etc) Any ideas what puts the interface into that mode and why? p.s. most of the posts I see seem to be security related, this is not that

    Read the article

  • NAT and NGINX on the same server

    - by Morten
    I'm setting up a VPC cluster for my collaborative todo list application www.getdoneapp.com. To have my servers on the private network I need a NAT server so my servers on the private network can connect to the internet to receive updates and what not. The NAT server will consume an elastic IP address, so I'm wondering if I can just have that NAT server run nginx to direct traffic to my internal servers for HTTP. So the question is, is it a bad idea to run NGINX and NAT on the same server, or should I go for consuming 2 elastic IP addresses?

    Read the article

  • Can only bring up one of two interfaces

    - by mstaessen
    I'm having a bizarre issue with my HP Proliant DL 360 G4p server. It has two gigabit ethernet interfaces but I can bring up only one of them. This is starting to freak me out and that's why I turned here. I'm running the x64 ubuntu 11.10 server edition. lshw -c network shows that the second interface is disabled. I have no idea why ans how to enable it. $ sudo lshw -c network *-network:0 description: Ethernet interface product: NetXtreme BCM5704 Gigabit Ethernet vendor: Broadcom Corporation physical id: 2 bus info: pci@0000:02:02.0 logical name: eth0 version: 10 serial: 00:18:71:e3:6d:26 size: 100Mbit/s capacity: 1Gbit/s width: 64 bits clock: 66MHz capabilities: pcix pm vpd msi bus_master cap_list ethernet physical tp 10bt 10bt-fd 100bt 100bt-fd 1000bt 1000bt-fd autonegotiation configuration: autonegotiation=on broadcast=yes driver=tg3 driverversion=3.119 duplex=full firmware=5704-v3.27b, ASFIPMIc v2.36 ip=10.48.8.x latency=64 link=yes mingnt=64 multicast=yes port=twisted pair speed=100Mbit/s resources: irq:25 memory:fdf70000-fdf7ffff *-network:1 DISABLED description: Ethernet interface product: NetXtreme BCM5704 Gigabit Ethernet vendor: Broadcom Corporation physical id: 2.1 bus info: pci@0000:02:02.1 logical name: eth1 version: 10 serial: 00:18:71:e3:6d:25 capacity: 1Gbit/s width: 64 bits clock: 66MHz capabilities: pcix pm vpd msi bus_master cap_list ethernet physical tp 10bt 10bt-fd 100bt 100bt-fd 1000bt 1000bt-fd autonegotiation configuration: autonegotiation=on broadcast=yes driver=tg3 driverversion=3.119 firmware=5704-v3.27b latency=64 link=no mingnt=64 multicast=yes port=twisted pair resources: irq:26 memory:fdf60000-fdf6ffff If I try to ifup eth1, then I get $ sudo ifup eth1 Ignoring unknown interface eth1=eth1. I figured that's what happens when there is no eth1 listed in /etc/network/interfaces. But when I add the configuration for eth1, I still can't ifup. $ sudo ifup eth1 RTNETLINK answers: File exists Failed to bring up eth1. I've also tried ifconfig eth1 up but without any result. For clarity, I have added a masked version of /etc/network/interfaces. I don't think it is the cause of the problem though. $ cat /etc/network/interfaces # This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). # The loopback network interface auto lo iface lo inet loopback # The primary network interface auto eth0 iface eth0 inet static address 10.48.8.x netmask 255.255.255.y network 10.48.8.z broadcast 10.48.8.t gateway 10.48.8.u auto eth1 iface eth1 inet static address 193.190.253.x netmask 255.255.255.y network 193.190.253.z broadcast 193.190.253.t gateway 193.190.253.u I really need some help fixing this. It's driving me crazy. Thanks.

    Read the article

  • ftp server over internet using different port

    - by ???? ????
    I want to make my ftp server over the internet i made it on Debian linux computer and i changed the port of it to 201 my local ip is 192.168.1.3 so i can access it from any computer on my network through ftp :// mylocalip:201 it appear to me the login page i login with my linux user and can see the files on my ftp server to make it public i make port mapping on my router for port 201 when i try ftp :// mypublicip:201 it give me the login page and when i entered the login data it is loading infinity without open my ftp server files when i made it over default port 21 it works fine. can any one tell me what is the problem here?

    Read the article

  • Measure Upload Speed between a client and our server

    - by tresstylez
    We host a SAAS application specially customized for multiple clients. For one customer in particular -- they are reporting sporadic performance issues from various locations on their network, in particular UPLOADING documents through a form on our website. The client claims they have "bandwidth to spare" and that utilization of their "pipe" is so low that it MUST be our application, but our application has MANY clients and all features are working fine for all other clients. Interestingly enough -- DOWNLOADS (ie. just accessing the website, or downloading documents) is working fine. Speed test shows that they should get 1.2Mbps UP. So, a 3MB file should take 20 secs to upload. It takes 60+ seconds on their network. Sometimes even small files take OVER 10 minutes to upload or they timeout. Pings and Traceroutes don't show any abnormally long hops or response times. They claim other SAAS applications they use allow them to upload just fine. Both IT teams are working together to resolve this issue. What kind of data can I request from the clients to begin ruling things out. Seems like we need to somehow measure LATENCY of the networks involved or even at the switch level, we need to understand if packets are getting dropped somewhere and why. Where should I start? Any help is appreciated. I'll provide more info upon requests

    Read the article

  • How to toggle wifi / bluetooth in Macbook Air with Windows 7 installed

    - by Barry Kelly
    I'm writing this on a MacBook Air 13" (the ones just released), but I have a problem. BootCamp provides no easy way of turning off the bluetooth or wifi radios, and nor are there any hotkey combinations on the keyboard, nor any hard or soft switches on the body to toggle these radios. As I'll be travelling a lot with this machine, what's the best way for me to comply with the cabin service crews' instructions and disable the radios before takeoff, and reenable them after landing?

    Read the article

  • Obtaining a DHCP IP address if static address is not available

    - by user142485
    I have seen some questions that are similar to my problem but not a good solution. Ex. User has a laptop and has a static IP address at the office. They also take the laptop off site where they also need internet. Is there a way to configure their computer so that it will obtain an IP address automatically when the configured static address is not available (without making the user go into network configuration and changing to obtain automatically)?

    Read the article

  • Network with bridge and port forwarding?

    - by rafek
    Hi! Below is my current (and planned) home network configuration. I would like to connect my non-wifi-capable desktop to my home network. The question is: HOW? What device do I need? The primary requiremen is that I need to be able to forward ports to my desktop. How would I achieve this? Is there something like "double port forwarding"? Could anyone please explain this configuration to me? Thank you in advance!

    Read the article

  • Mount linux partition as Windows network share over internet

    - by CptEO
    I have a Linux server running RHEL 6. I have two Windows servers. All servers are connected directly to the web with an external IP, they are not in a local lan. What I would like to achieve is to setup the Linux server so that it offers a single share (the whole partition) that can be mounted as network drive within Windows. I don't want to use any 3rd party software to access the linux server because I want to use the linux server as a backup for Bare Metal Restore. In order to do so, I need to be able to access the linux partition from within the Windows Recovery Enviroment where I cannot install any 3rd party software. The linux server should only be accessible from given IP addresses (e.g. the 2 windows servers). Does anyone know if the setup I would like to have is possible?

    Read the article

  • How to analyze a wifi network with many devices

    - by Caveatrob
    My friend has a wifi network with an x-box, a wii, a playstation, and two nintendo portables. She's also got 2-3 PC's and a network printer. She's got a wifi repeater as well. She claims that she didn't have any issues for months with everything working together, and suddenly everything stopped disconnecting. I haven't been over there yet - wanted to figure out the best way to diagnose the thing. I asked her to send me the stats on the booster and the modem, etc: The booster is Netgear serial #2ac2195506b95 The modem is Cisco Linksys e1500 #10910c12129103 We have a sprint router thru centurylink and they said it is working fine 660 series

    Read the article

  • Can I create a virtual network interface to connect to a real network device?

    - by michelemarcon
    I have a networked windows pc with 2 network interfaces. The first connects to a lan with ip address 10.1.. The second connects to another lan with ip address 10.2.. Maybe it's a dumb question, however is it possible to virtualize the second network interface, so that the pc can connect to the 2 lans? If necessary, I may switch to linux or paravirtualization. CLARIFICATION: I want to send DHCP broadcast packets on the second lan, but not on the first lan. I want to do it with one single physical network interface. At the moment, I'm not using any virtualization software.

    Read the article

  • openVPN as a way to connect to a LAN by another client, different from server

    - by Einar
    Setup: one LAN handled by a router without a publicly available IP address but without any outbound connection restrictions ("target LAN"); a separate server publicly reachable from the Internet ("gateway"). I am trying to set up openVPN so that a third client can connect to the "gateway" and access the "target LAN". As the router of "target LAN" is not reachable from the Internet directly, it connects to the gateway itself via openVPN as well. The problem is how to handle routing. The LAN router has two network interfaces (for the outside network and the LAN itself). In openVPN (the server on the gateway) I set client-to-client and push "route 192.168.10.0 255.255.255.0" but I assume this would be horribly wrong (it actually messed up the routing on the LAN router until I killed openVPN). openVPN is not using bridging, is configured via tun. Other config details from the server server 10.8.0.0 255.255.255.0 client-config-dir ccd route 192.168.10.0 255.255.255.0 And the client file in ccd is iroute 192.168.10.0 255.255.255.0 What can be adjusted to ensure that a third client can connect through openVPN and access the LAN mentioned earlier?

    Read the article

  • Best way to segment traffic, Vlan or subnet

    - by thebird
    We have a medium sized network of around 200 nodes and are currently in the process of replacing old daisy chained switches with stack-able or chassis style switches. Right now our network is broken up via subnet; production, management, IP, etc each on a separate subnet. Does anyone have an opinion on whether creating Vlan's instead of subnets would be more beneficial? Our general goal is to prevent bottlenecks, separate traffic for security, and to manage traffic with more ease.

    Read the article

  • Offloading backups to secondary network

    - by user1467163
    I'm trying to solve a problem- Currently, we are constantly backing up and have no budget for additional servers. Our production network is still a 10/100 and handles voip, SQL plus our backup traffic, and I'd like to offload the backup traffic onto a secondary network- all of our servers have secondary NIC's that are not in use, and all support gigabit (Our switching hardware does not- a topic for another day). I'd like to move my backups off the production network, but I am having a hard time getting the computers to communicate. I am using a Netgear GS724T switch for the backup network- Chosen for cost and because I have used them extensively on networks saturated with ghosting traffic, so I know it's up to the task. I have defined a VLAN, with ports that are not members of any other VLAN. All traffic is untagged on the VLAN. I have set the servers with 192.168.1.10 and 192.168.1.11 addresses, 255.255.255.0 netmask and I have tried a blank GW, using the local IP of the server 192.168.1.whatever address, and I have tried using the switch's production-side IP as the GW. The machines cannot find each other. DNS addresses are blank because I am going purely by IP for now... Any ideas how to get these machines to talk? they are Windows machines, running Server 2008R2 and 2003R2. Thanks!

    Read the article

  • How to address an EC2 instance from both inside and outside datacenter?

    - by Alexandr Kurilin
    I'm trying to find a good way of being able to address my EC2 database instance from both inside and outside of the datacenter. Other EC2 instances need to be able to call into it, and other clients like pgAdmin might need to connect to it from the outside world as well. It's my understanding that using the internal and external DNS names is sustainable long term as each reboot leads to a change. I'm thinking of associating an Elastic IP with the instance and giving it an A record (say db1.mydomain.com) which I then will use both within and outside the datacenter. Further instances in the same role will get the same treatment and a DNS record of db2.mydomain.com etc. Now, is there a cleaner and more stable way of achieving this result? Am going about this the wrong way? Suggestions?

    Read the article

  • Can I use CAT 6a connectors with 7a cable (and get 6a performance)?

    - by Mr. Flibble
    I'm re-wiring a building and want to get the best cable possible laid - it required re-plastering to make a change to the cables and the cables will be there for the next 10 - 20 years. Currently there appears to be cat 7a cable available but not too much in the way of cat 7a connectors. Also - I won't be using 40Gig hardware in the near future. So, my question: is it possible to use cat 6a connectors / patch panels with cat 7a cable and get the same performance as I would had I used cat 6a cable? Are there any gotchas in trying to do this?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 196 197 198 199 200 201 202 203 204 205 206 207  | Next Page >