Search Results

Search found 83224 results on 3329 pages for 'web application firewall'.

Page 209/3329 | < Previous Page | 205 206 207 208 209 210 211 212 213 214 215 216 | Next Page >

In ufw is there any way to disable logging for a particular rule?

- by thomasrutter

I am using UFW with a default logging policy of "low". I would like to keep this logging on for the default deny action, but disable it for a particular IP address only. So I'd like to create one particular new rule that doesn't have logging. Is there a way to achieve this? I have a rather uncomplicated ufw setup so far, like this: Status: active Logging: on (low) Default: deny (incoming), allow (outgoing) New profiles: skip To Action From -- ------ ---- 22/tcp LIMIT Anywhere 80/tcp ALLOW Anywhere 443/tcp ALLOW Anywhere 22/tcp ALLOW Anywhere (v6) 80/tcp ALLOW Anywhere (v6) 443/tcp ALLOW Anywhere (v6)

Read the article
Anyone else being hit by traffic on TCP port 11370

- by Jakub

I've been watching my logs (Ubuntu 9.10 server) and dunno about any of you but I am getting a ton of traffic from sources like Russia, Romania, etc.. on port 11370 (my iptables are logndrop'ing it. But was just curious). Some googling revealed this info: http://www.keysigning.org/sks/ -which seems to use port 11370 & 11371 Could that be the service they are scanning for (i don't run it)? ICS shows this: https://isc.incidents.org/port.html?port=11370 Just curious what you guys think and if anyone has seen this before? If need be I can post my log on here, but its just a dropped log of TCP port 11370 from various IPs. Thought it was strange as thats the ONLY Port I seem to repeatedly be hit on (from logs). I'm running on a Linode (VPS) if that matters to annyone.

Read the article
User Friendly port knocker (port knocking client) for Windows?

- by Ekevoo

It seems "It's me" is the most popular port knocking client for windows… Except… it sucks. It works for console-savvy users such as me, but, unsurprisingly, all my users hate console windows. I know better than to force it upon them. I would love to have a nice port knocker for Windows that would be windowed, have launchers, and be easily provisionable (i.e. I tell my user to paste some settings or import some file by double clicking it). To be honest, just not being console-based would be enough.

Read the article
How to make web icon open with specific browser?

- by David

I have an icon on my desktop for a website called QUAKE LIVE and I use Google Chrome as my default browser. The website isn't compatible with Google Chrome, but it with Mozilla Firefox. Is there any way to edit the properties of the icon to open with Firefox instead of Chrome?

Read the article
iptables dos limit for all ports

- by user973917

I know how to use limit conntrack option to allow for DoS protection. However, I want to add a protection to limit no more than say 50 connections for each port. How can I do this? Basically, I want to make sure that each port can have no more than 50 connections, rather than globally applying 50 connections (which is what #2 does I believe?) Would I do something like: iptables -A INPUT --dport 1:65535 -m limit --limit 50/minute --limit-burst 50 -j ACCEPT or iptables -A INPUT -m limit --limit 50/minute --limit-burst 50 -j ACCEPT

Read the article
How to unblock outgoing HTTP and HTTPS traffic in iptables?

- by EApubs

With the following iptable rules, I was unable to do an apt update and ping a website. Whats wrong with the rules? How to fix it? What is the exact rule to fix it? Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:325 DROP all -- anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination

Read the article
Good option for a transparent internet gateway on Mac OS X

- by Gareth

Hi I have a small network of Mac systems, and would like to add some internal monitoring of our internet usage, which has recently begun to climb. I would like to configure one of the machines as an internet gateway, and install some monitoring software that could provide graph indications of network usage by machine. The machine would then double as a workstation and as the internet gateway. I can manually configure the machines on the network to use it as a gateway, and would prefer to avoid an explicit http proxy (although it is an option if necessary). What software would serverfault users recommend to provide simple, easily configurable and maintainable network monitoring on Mac OS 10.5.7 (non-server)? The simplest requirement is monitor usage by IP Address, but additional tracking (e.g. destination, protocol, etc) would be useful.

Read the article
Is iptables enough security, if port 80 is the only unblocked port and apache is setup correctly?

- by Josh

We are using PHP,MySQL,SVN, and Apache. I want to know if I assume the local subnet trusted, and allow all ports on our subnet using iptables, then allow only port 80 as open to "anyone". If it is "good security" taking that the subnet is trusted as a premise. This is also assuming good PHP code etc, and that apache is configured correctly. This is using CentOS 5.

Read the article
How to drop all subnets outside of the US using iptables

- by Jim

I want to block all subnets outside the US. I've made a script that has all of the US subnets in it. I want to disallow or DROP all but my list. Can someone give me an example of how I can start by denying everything? This is the output from -L Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere tcp dpt:ftp state NEW DROP icmp -- anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination And these are the rules iptables --F iptables --policy INPUT DROP iptables --policy FORWARD DROP iptables --policy OUTPUT ACCEPT iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -p tcp -i eth0 --dport 21 -m state --state NEW -j ACCEPT iptables -A INPUT -p icmp -j DROP Just for clarity, with these rules, I can still connect to port 21 without my subnet list. I want to block ALL subnets and just open those inside the US.

Read the article
Why is FTP server slowing down the web server?

- by user1448031

I am running Apache and Filezilla ftp server in Windows. I've been noticing for the last few months that whenever I start up the ftp server, the websites start to run slow. When I shut off the ftp server, the websites start speeding up again. Sometimes I need to restart Apache server after shutting off the ftp server to speed up the websites. I only start ftp server whenever I need to allow remote file transfers. Other than that it's always off. I'm not sure what's happening and where to look.

Read the article
Allow access to my server.

- by Zachary Brown

I have a server, did some of the programming myself. It ison my home network, but I need to be able to access it from anywhere over the internet. I have done the port forwarding like I am supposed to, but I still cant get to it from an outside computer. It just displays Internet Explorer cannot display the webpage. I don't know what else to do. I am on a Linksys WRT54G v8 router running ddWRT v24 micro firmware.

Read the article
WIndows server 2008 ip list to block

- by MiniScalope

Hello, i have a pretty long list of ip ranges to block for some ports But the HMI let me only add ips one by one (stupid...-_-') Is there a way to block a group of ip ranges? (with a command line or something else....) my ip range format : 0.0.0.0/11 thank you very much. Sorry for my english.

Read the article
How to activate Virtual Desktop on Fortigate 100A ?

- by Deniz

We did recently update the firmware on our Fortigate 100A box and after the upgrade we tried to use the "Virtual Desktop" feature. (This isn't a new firmware feature) We can't find a way to activate or use it. Does anyone have any experience on "Virtual Desktop" of Fortigate devices ?

Read the article
Nodes inside Cisco VPN. Incoming SSH requests allowed. But can't initiate an outbound SSH.

- by Douglas Peter

I've a gateway-to-gateway VPN setup between my Linksys RV042 router and a Cisco VPN. I am able to SSH into any of the machine inside the VPN from my network. But none of the machines inside the VPN can initiate an SSH into my network. It seems they've blocked even all ping requests to my network gateway. This is the requirement: I have scripts that SSH into the machines inside the VPN and run a long mysql query. The query generates an output to a file. The time that these queries take is variable. So I have a loop in my machine that periodically SSHes into the VPN machine and checks if the query has finished, and pulls the generated file using SCP. I need to simplify it thus: The script will run at the machine inside the VPN, and when the query completes, it will SSH into my machine and pushes the generated file. Thanks for any ideas.

Read the article
How can I have APF block script kiddies that mod_security detects?

- by Gaia

In one of the vhosts' error_log I found thousands of lines like these, all from the same IP: [Mon Apr 19 08:15:59 2010] [error] [client 61.147.67.206] mod_security: Access denied with code 403. Pattern match "(chr|fwrite|fopen|system|e?chr|passthru|popen|proc_open|shell_exec|exec|proc_nice|proc_terminate|proc_get_status|proc_close|pfsockopen|leak|apache_child_terminate|posix_kill|posix_mkfifo|posix_setpgid|posix_setsid|posix_setuid|phpinfo)\\\\(.*\\\\)\\\\;" at THE_REQUEST [id "330001"] [rev "1"] [msg "Generic PHP exploit pattern denied"] [severity "CRITICAL"] [hostname "x.x.x.x"] [uri "//webmail/config.inc.php?p=phpinfo();"] Given how obvious the situation is, how come mod_security isnt automatically adding at least that IP to deny rules? There is no way someone hasnt thought of this before...

Read the article
Application Event Log keeps getting corrupted

- by yakatz

I recently asked about repairing a corrupt event log, because it seemed to be a one-off event. The event log has since exhibited the same behavior 3 times. We have been trying to find patterns, but so far we have found nothing. The server runs several ASP.NET applications and three scheduled tasks written in .NET. The last modified date of the event log once happened to be the same time as one of the scheduled tasks, but the others have not been. Any suggestions of where to look next or a way we can get any information out of a corrupt evtx file? The server is running critical e-commerce applications, so we want to keep the number of restarts required to a minimum. Edit: I ran DUMPEL and got very strange results. 1/9/2012 4:14:05 PM 1 100 1000 Application Error N/A SERVERNAME Faulting application name: w3wp.exe, version: 7.5.7601.17514, time stamp: 0x4ce7a5f8 Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7ba58 Exception code: 0xc0000374 Fault offset: 0x000ce653 Faulting process id: 0x1070 Faulting application start time: 0x01cccf1386d30991 Faulting application path: C:\Windows\SysWOW64\inetsrv\w3wp.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll Report Id: dbf4f691-3b06-11e1-9025-005056a602e6 1/9/2012 4:14:07 PM 4 0 1001 Windows Error Reporting N/A SERVERNAME Fault bucket , type 0 Event Name: APPCRASH Response: Not available Cab Id: 0 Problem signature: P1: w3wp.exe P2: 7.5.7601.17514 P3: 4ce7a5f8 P4: StackHash_79d9 P5: 6.1.7601.17514 P6: 4ce7ba58 P7: c0000374 P8: 000ce653 P9: P10: Attached files: C:\Windows\Temp\WER975.tmp.appcompat.txt C:\Windows\Temp\WERA03.tmp.WERInternalMetadata.xml C:\Windows\Temp\WERA13.tmp.hdmp C:\Windows\Temp\WERD21.tmp.mdmp These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_w3wp.exe_cd7d09dfc84119d82a2ac6a789038bd5661acfb_cab_128f0e67 Analysis symbol: Rechecking for solution: 0 Report Id: dbf4f691-3b06-11e1-9025-005056a602e6 Report Status: 4 1/9/2012 4:14:07 PM 4 0 1001 Windows Error Reporting N/A SERVERNAME Fault bucket , type 0 Event Name: APPCRASH Response: Not available Cab Id: 0 Problem signature: P1: w3wp.exe P2: 7.5.7601.17514 P3: 4ce7a5f8 P4: StackHash_79d9 P5: 6.1.7601.17514 P6: 4ce7ba58 P7: c0000374 P8: 000ce653 P9: P10: Attached files: C:\Windows\Temp\WER975.tmp.appcompat.txt C:\Windows\Temp\WERA03.tmp.WERInternalMetadata.xml C:\Windows\Temp\WERA13.tmp.hdmp C:\Windows\Temp\WERD21.tmp.mdmp These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_w3wp.exe_cd7d09dfc84119d82a2ac6a789038bd5661acfb_cab_128f0e67 Analysis symbol: Rechecking for solution: 0 Report Id: dbf4f691-3b06-11e1-9025-005056a602e6 Report Status: 0 1/9/2012 4:14:12 PM 1 100 1000 Application Error N/A SERVERNAME Faulting application name: w3wp.exe, version: 7.5.7601.17514, time stamp: 0x4ce7a5f8 Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7ba58 Exception code: 0xc0000374 Fault offset: 0x000ce653 Faulting process id: 0x16ac Faulting application start time: 0x01cccf139f475c0c Faulting application path: C:\Windows\SysWOW64\inetsrv\w3wp.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll Report Id: e03bae70-3b06-11e1-9025-005056a602e6 1/9/2012 4:14:16 PM 4 0 1001 Windows Error Reporting N/A SERVERNAME Fault bucket , type 0 Event Name: APPCRASH Response: Not available Cab Id: 0 Problem signature: P1: w3wp.exe P2: 7.5.7601.17514 P3: 4ce7a5f8 P4: StackHash_9c6c P5: 6.1.7601.17514 P6: 4ce7ba58 P7: c0000374 P8: 000ce653 P9: P10: Attached files: C:\Windows\Temp\WER2579.tmp.appcompat.txt C:\Windows\Temp\WER25F7.tmp.WERInternalMetadata.xml C:\Windows\Temp\WER25F8.tmp.hdmp C:\Windows\Temp\WER28F6.tmp.mdmp These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_w3wp.exe_c49a67649524ad11b64bbf809211bc5ba742a3d6_cab_0b63321b Analysis symbol: Rechecking for solution: 0 Report Id: e03bae70-3b06-11e1-9025-005056a602e6 Report Status: 4 1/9/2012 4:14:16 PM 4 0 1001 Windows Error Reporting N/A SERVERNAME Fault bucket , type 0 Event Name: APPCRASH Response: Not available Cab Id: 0 Problem signature: P1: w3wp.exe P2: 7.5.7601.17514 P3: 4ce7a5f8 P4: StackHash_9c6c P5: 6.1.7601.17514 P6: 4ce7ba58 P7: c0000374 P8: 000ce653 P9: P10: Attached files: C:\Windows\Temp\WER2579.tmp.appcompat.txt C:\Windows\Temp\WER25F7.tmp.WERInternalMetadata.xml C:\Windows\Temp\WER25F8.tmp.hdmp C:\Windows\Temp\WER28F6.tmp.mdmp These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_w3wp.exe_c49a67649524ad11b64bbf809211bc5ba742a3d6_cab_0b63321b Analysis symbol: Rechecking for solution: 0 Report Id: e03bae70-3b06-11e1-9025-005056a602e6 Report Status: 0 1/9/2012 4:14:21 PM 1 100 1000 Application Error N/A SERVERNAME Faulting application name: w3wp.exe, version: 7.5.7601.17514, time stamp: 0x4ce7a5f8 Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7ba58 Exception code: 0xc0000374 Fault offset: 0x000ce653 Faulting process id: 0x17f8 Faulting application start time: 0x01cccf13a4ba5126 Faulting application path: C:\Windows\SysWOW64\inetsrv\w3wp.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll Report Id: e57a0a85-3b06-11e1-9025-005056a602e6 1/9/2012 4:14:21 PM 4 0 1001 Windows Error Reporting N/A SERVERNAME Fault bucket , type 0 Event Name: APPCRASH Response: Not available Cab Id: 0 Problem signature: P1: w3wp.exe P2: 7.5.7601.17514 P3: 4ce7a5f8 P4: StackHash_9c6c P5: 6.1.7601.17514 P6: 4ce7ba58 P7: c0000374 P8: 000ce653 P9: P10: Attached files: These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_w3wp.exe_c49a67649524ad11b64bbf809211bc5ba742a3d6_1cfb4872 Analysis symbol: Rechecking for solution: 0 Report Id: e57a0a85-3b06-11e1-9025-005056a602e6 Report Status: 4 1/9/2012 4:14:21 PM 4 0 1001 Windows Error Reporting N/A SERVERNAME Fault bucket , type 0 Event Name: APPCRASH Response: Not available Cab Id: 0 Problem signature: P1: w3wp.exe P2: 7.5.7601.17514 P3: 4ce7a5f8 P4: StackHash_9c6c P5: 6.1.7601.17514 P6: 4ce7ba58 P7: c0000374 P8: 000ce653 P9: P10: Attached files: These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_w3wp.exe_c49a67649524ad11b64bbf809211bc5ba742a3d6_1cfb4872 Analysis symbol: Rechecking for solution: 0 Report Id: e57a0a85-3b06-11e1-9025-005056a602e6 Report Status: 0 None of the files referenced actually exist (not even in WER ReportArchive). These should not be the only events mentioned. The log file has been cleared twice since January 9, so those events should not even be listed at all.

Read the article
Linux Teamviewer functionality, but for ssh only

- by Icapan

I need to access some Linux server behind NAT (no ports forwarded), so I need to have something like "phone home" like Teamviewer has. There is no GUI, but somebody can log in through SSH and dictate a password if it is changing (like Teamviewer). SSH (port 22) is enough (I can tunnel ports through SSH if I need). Any suggestions? How safe is it?

Read the article
Some HTTPS connections via NAT fail, but work on firewall itself.

- by hnxn

Hi, I am having trouble establishing some HTTPS connections from internal machines, even though these same connections work if initiated on the firewall itself. The firewall machine is running Ubuntu 10.04.1 and shorewall 4.4.6. The internet connection is Bell PPPoE DSL (in Canada). I have tried various MTU settings, it doesn't seem to make any difference. Other protocols (HTTP, FTP, etc) generally work. The problem seems to be limited to certain sites; this one never works from an internal machine, but always works from the firewall itself: From internal machine: $ wget https://images.fedex.com/images/ascend/shared/headers/nxgen/corp_logo.gif --2011-01-13 20:51:31-- https://images.fedex.com/images/ascend/shared/headers/nxgen/corp_logo.gif Resolving images.fedex.com... 184.24.96.69 Connecting to images.fedex.com|184.24.96.69|:443... connected. ^C From firewall: $ wget https://images.fedex.com/images/ascend/shared/headers/nxgen/corp_logo.gif --2011-01-13 20:58:28-- https://images.fedex.com/images/ascend/shared/headers/nxgen/corp_logo.gif Resolving images.fedex.com... 184.24.96.69 Connecting to images.fedex.com|184.24.96.69|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 840 [image/gif] Saving to: `corp_logo.gif' 2011-01-13 20:58:28 (149 MB/s) - `corp_logo.gif' saved [840/840] This URL always works from both internal and firewall: https://encrypted.google.com/images/logos/ssl_logo_lg.gif Any troubleshooting tips would be greatly appreciated!

Read the article
iptables blocking ssh communication

- by Michal Sapsa

I'm using this script for iptables: #!/bin/sh echo "1" > /proc/sys/net/ipv4/ip_forward iptables -F iptables -X iptables -F -t nat iptables -X -t nat iptables -F -t filter iptables -X -t filter iptables -t filter -P FORWARD DROP iptables -t filter -A FORWARD -s 192.168.0.0/255.255.0.0 -d 0/0 -j ACCEPT iptables -t filter -A FORWARD -s 0/0 -d 192.168.0.0/255.255.0.0 -j ACCEPT iptables -t nat -A POSTROUTING -s 10.8.0.1/255.255.255.0 -j MASQUERADE iptables -A FORWARD -s 10.8.0.1/255.255.255.0 -j ACCEPT iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -d 0/0 -j MASQUERADE iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu iptables -t nat -A PREROUTING -i eth1 -p udp --dport 16161 -j DNAT --to 192.168.0.251:16161 iptables -t nat -A PREROUTING -i eth1 -p udp --sport 16161 -j DNAT --to 192.168.0.251:16161 #openvpn iptables -I INPUT -p tcp --dport 1194 -j ACCEPT iptables -I INPUT -p udp --dport 1194 -j ACCEPT I end up with some iptables rules that should work but don't work - probably because of me. # Generated by iptables-save v1.4.12 on Mon May 26 13:15:43 2014 *raw :PREROUTING ACCEPT [1657523:1357257330] :OUTPUT ACCEPT [36804:34834370] -A PREROUTING -p icmp -j TRACE -A PREROUTING -p tcp -j TRACE -A OUTPUT -p icmp -j TRACE -A OUTPUT -p tcp -j TRACE COMMIT # Completed on Mon May 26 13:15:43 2014 # Generated by iptables-save v1.4.12 on Mon May 26 13:15:43 2014 *nat :PREROUTING ACCEPT [5033:345623] :INPUT ACCEPT [154:34662] :OUTPUT ACCEPT [6:1968] :POSTROUTING ACCEPT [2:120] -A PREROUTING -i eth0 -p tcp -m tcp --dport 16161 -j DNAT --to-destination 192.168.0.251:22 -A PREROUTING -i eth1 -p tcp -m tcp --dport 16161 -j DNAT --to-destination 192.168.0.251:22 -A POSTROUTING -s 10.8.0.0/24 -j MASQUERADE -A POSTROUTING -s 192.168.0.0/24 -j MASQUERADE COMMIT # Completed on Mon May 26 13:15:44 2014 # Generated by iptables-save v1.4.12 on Mon May 26 13:15:44 2014 *filter :INPUT ACCEPT [548:69692] :FORWARD DROP [8:384] :OUTPUT ACCEPT [2120:1097479] -A INPUT -p udp -m udp --dport 1194 -j ACCEPT -A INPUT -p tcp -m tcp --dport 1194 -j ACCEPT -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu -A FORWARD -s 192.168.0.0/16 -j ACCEPT -A FORWARD -d 192.168.0.0/16 -j ACCEPT -A FORWARD -s 10.8.0.0/24 -j ACCEPT -A FORWARD -i eth0 -o eth1 -p tcp -m tcp --dport 22 -j ACCEPT -A FORWARD -i eth1 -o eth0 -p tcp -m tcp --dport 22 -j ACCEPT COMMIT TRACE at PREROUTEING AND OUTPUT are only for debuging this thing. When I ssh at public ip with port 16161 I don't get any message, only TimeOut so it looks like I don't get communication back to remote server. ETH0 is the world, ETH1 is LAN Any IPTABLES Masters willing to give a hand ? iptables -vL Chain INPUT (policy ACCEPT 20548 packets, 3198K bytes) pkts bytes target prot opt in out source destination 38822 7014K ACCEPT udp -- any any anywhere anywhere udp dpt:openvpn 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:openvpn Chain FORWARD (policy DROP 1129 packets, 64390 bytes) pkts bytes target prot opt in out source destination 214K 11M TCPMSS tcp -- any any anywhere anywhere tcpflags: SYN,RST/SYN TCPMSS clamp to PMTU 4565K 1090M ACCEPT all -- any any 192.168.0.0/16 anywhere 5916K 7315M ACCEPT all -- any any anywhere 192.168.0.0/16 0 0 ACCEPT all -- any any 10.8.0.0/24 anywhere 0 0 ACCEPT tcp -- any any anywhere 192.168.0.251 tcp dpt:16161 Chain OUTPUT (policy ACCEPT 59462 packets, 19M bytes) pkts bytes target prot opt in out source destination

Read the article
Linux server cannot be pinged

- by misamisa

I have set up a Linux server in DMZ. There is another Windows server running in same DMZ. These two servers can be pinged via internet using my home PC. However, the another Linux server rented from a hosting service provider can only be pinged from the Windows Server and not from the Linux server (accessed via internet). So the situation is: Windows server (DMZ) ---ping--- Rented Server.....Successful Linux server (DMZ) ---ping--- Rented Server.......Unreachable Home PC ---ping--- Linux server (DMZ).......Successful Home PC ---ping--- Windows server (DMZ).....Successful When I ran tcpdump on my Linux Server(DMZ) and started ping from Rented Server, it showed that the Linux Server(DMZ) is receiving ping and replying. There is no restriction defined in hosts.deny and hosts.allow file that might cause this problem. What else should I check to get this working?

Read the article
Smoothwall Express interface issues

- by Timbermar

I have a SmoothWall Express box that is currently configured with a Green and Purple interface. Both interfaces are in the same /24 subnet (which seems odd to me). The green interface (address of .254) has a DHCP server that is pushing addresses from .1 to .100 and the purple interface (.253) is pushing addresses from .101 to .120. Every machine here is trusted, and as such is connected to the green interface via a wired connection or wireless APs. Nothing is connected at all (port is physically empty, traffic graphs show no activity) to the purple interface. However, every machine here is pulling addresses from the purple interface. So the question boils down to, how do I remove/stop my machines from pulling from the purple dhcp interface? Also, shouldn't the purple interface (if we were using it for guest Wifi or something) be on a different subnet (i.e. 192.168.100.0/24 instead of 192.168.1.0/24 with all the trusted machines)?

Read the article
How can I debug a port/connectivity issue?

- by rfw21

I am running a simple WebSocket server on Amazon EC2 (Fedora Core). I've opened the relevant port using ec2-authorize, and checked that it's opened. Iptables is definitely not running. However I can't connect to the port from outside EC2. I've tried the following (my server is running on port 7000): telnet ec2-public-dns.xx.xx.xx.amazon.com 7000 (from within EC2: connects fine) nmap localhost (output includes line: 7000/tcp open afs3-fileserver) telnet ec2-public-dns.xx.xx.xx.amazon.com 7000 (this time from my local machine: I get "connection refused: Unable to connect to remote host") The strange thing is this: if I start Nginx on port 7000 then it works and I can connect from outside EC2! And the WebSocket server fails on port 80, where Nginx works fine. To me this suggests a problem with the WebSocket server, BUT I can connect to it successfully from within EC2. (And it works fine on a different VPS account). How can I debug this further? If anybody can stop me tearing my hair out, I'd be very grateful indeed :)

Read the article
Cannot access firewalled jboss server from Internet Explorer

- by Simon Gibbs

I've produced a website for a client One Single Menu using JBoss and hosted it on Rackspace Cloud Servers running Ubuntu's Maverick Meerkat. Following advice, I esablished some iptables rule to protect jboss: iptables -I INPUT 1 -i lo -j ACCEPT iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -p tcp --dport 22 -j ACCEPT iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080 iptables -I INPUT -p tcp --dport 8080 -j ACCEPT iptables -t nat -A OUTPUT -o lo -p tcp --dport 80 -j REDIRECT --to-port 8080 iptables -A INPUT -j DROP Now, several versions of IE on several computers on at least two different ISPs cannot access the onesinglemenu.com. Curl from within the datacenter, Firefox, and Safari on the same ISPs can all access the server fine. I even tried IE and Firefox on the same computer and IE failed but Firefox worked. The error behaviour is that IE hangs on connecting without reporting an error, even after a minute or so. No page is displayed at all. I find it quite odd that I'm having a browser specific connection issue, but it appears to be the case. Help!

Read the article
What's the closest equivalent of Little Snitch (Mac program) on Windows?

- by Charles Scowcroft

I'm using Windows 7 and would like to have a feature like Little Snitch on the Mac that alerts you whenever a program on your computer makes an outgoing connection. Description of Little Snitch from its website: Little Snitch informs you whenever a program attempts to establish an outgoing Internet connection. You can then choose to allow or deny this connection, or define a rule how to handle similar, future connection attempts. This reliably prevents private data from being sent out without your knowledge. Little Snitch runs inconspicuously in the background and it can also detect network related activity of viruses, trojans and other malware. Little Snitch provides flexible configuration options, allowing you to grant specific permissions to your trusted applications or to prevent others from establishing particular Internet connections at all. So you will only be warned in those cases that really need your attention. Is there a program like Little Snitch for Windows?

Read the article
How do I block IP addresses in SuSEFirewall?

- by Evgeny

Does SuSEfirewall in OpenSuSE 11 provide an easy way to block all traffic from a list of IP addresses? Ideally just a textfile into which I can put all IP addresses I want blocked, otherwise some configuration option. I've looked through /etc/sysconfig/SuSEfirewall2, but haven't been able to find anything like that.

Read the article

< Previous Page | 205 206 207 208 209 210 211 212 213 214 215 216 | Next Page >