Search Results

Search found 12281 results on 492 pages for 'ip blocking'.

Page 216/492 | < Previous Page | 212 213 214 215 216 217 218 219 220 221 222 223  | Next Page >

• iptables - drop all HTTP(S) traffic but from CloudFlare

  - by Martin

  I would like to allow only HTTP(S) traffic coming from CloudFlare. In that way attackers cannot attack the server directly. I know CloudFlare is not mainly a DDoS mitigator, but I would like to try it either way. I'm currently only having access to iptables (ipv4 only), but will try to install ip6tables soon. I just need to have this fixed soon. (we're getting (D)DoSed atm.) I was thinking about something like this: iptables -I INPUT -s <CloudFlare IP> --dport 80 -j ACCEPT iptables -I INPUT -s <CloudFlare IP> --dport 443 -j ACCEPT iptables -I INPUT -p tcp --dport 80 -j DROP iptables -I INPUT -p tcp --dport 443 -j DROP I know that CloudFlare has multiple IPs, but just for an example. Would this be the right way?

  Read the article

• A can ping B, B can ping C but A cant ping C. How do i connect A to C (ethernet)?

  - by user16654

  I have a computer at home with ip 192.168.221.xxx I have another computer at work that I can ping and it has 2 ip addresses: 192.168.1.xxx and 192.168.0.xxx. Those last 2 addresses have the same gateway ie 192.168.1.1 . The computer at work is connected to a hub. That hub also has an embedded device connected to it with address 192.168.0.xxx Now from my home computer I cannot ping this embedded device. How would I connect to it without changing the subnetwork it connects to? I can ping the embedded device from my work computer and I can ping the work computer from my home computer. So I am trying to connect to the embedded device from my home computer through my work computer. Port forwarding? how would I establish that on Ubuntu?

  Read the article

• iptables - Allowing Established Sessions?

  - by Sandro Dzneladze

  I'm learning how to use iptables on ubuntu server. Can you please explain to me what "Allowing Established Sessions" means and why should I include it in rules? sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT I understand concept of allowing specific ports and blocking others sudo iptables -A INPUT -p tcp --dport ssh -j ACCEPT block all sudo iptables -A INPUT -j DROP But I don't get the concept of allowing established session. Thanks. S.

  Read the article

• How to link specific ports to specific domains with Apache virtual hosts?

  - by theJoe

  We have a forward-facing linux box running Apache HTTP server that is acting as a reverse proxy for several back-end servers. The servers are accessed through specific domain names and ports and are set up as virtual hosts within Apache as such: Listen 8001 Listen 8002 <Virtualhost *:8001> ServerName service.one.mycompany.com ProxyPass / http://internal.one.mycompany.com:8001/ ProxyPassReverse / http://internal.one.mycompany.com:8001/ RewriteEngine On RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) RewriteRule .* - [F] </Virtualhost> <Virtualhost *:8002> ServerName service.two.mycompany.com ProxyPass / http://internal.two.mycompany.com:8002/ ProxyPassReverse / http://internal.two.mycompany.com:8002/ RewriteEngine On RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) RewriteRule .* - [F] </Virtualhost> The proxy server has only one IP address, and both domains are pointing to it. Accessing internal.one via service.one works fine, as does accessing internal.two via service.two. Now the problem is that Apache does not take the requesting domain into account when accessing the virtual hosts. What I mean is that both domains work for both ports: requests for service.one:8002 proxies to internal.two:8002, and requests for service.two:8001 proxies to internal.one:8001, where ideally both these requests should be denied. I can get around this by creating more virtual hosts that explicitly deny these requests: NameVirtualHost *:8001 NameVirtualHost *:8002 <Virtualhost *:8001> ServerName service.two.mycompany.com Redirect permanent / http://errorpage.mycompany.com/ </Virtualhost> <Virtualhost *:8002> ServerName service.one.mycompany.com Redirect permanent / http://errorpage.mycompany.com/ </Virtualhost> But this is not an ideal solution, since we plan to add more services to the proxy, and each new port would need to be explicitly denied on all the other domains, and each new domain would need to be explicitly denied on all ports it is not utilizing. As we add more services, the number of virtual hosts can get out of hand quickly. My question, then, is whether there is a better way? Can we explicitly tie specific ports to specific domains in a virtual host so that only that domain-port combination is processed, and all other combinations are not? Things I’ve tried: Adding NameVirtualHost *:8001, etc. without the additional virtual hosts. Setting ProxyRequests On and Off, as well as ProxyPreserveHost On and Off Adding the server name or IP address to the virtual host header, e.g. <VirtualHost service.one.mycompany.com:8001> Using the <proxy> directive inside the virtual host directive. Lots and lots of googling. The proxy server is running CentOS 6.2 64-bit, Apache HTTPD server 2.2.15. As mentioned, the proxy server has only one IP address, and all the domains we are using are pointing to it.

  Read the article

• Problems bringing up a second virtual network interface

  - by tubaguy50035

  I'm having issues adding a second IP address to one interface. Below is my /etc/networking/interfaces # The loopback network interface auto lo iface lo inet loopback #eth0 is our main IP address auto eth0 iface eth0 inet static address 198.58.103.* netmask 255.255.255.0 gateway 198.58.103.1 #eth0:0 is our private address auto eth0:0 iface eth0:0 inet static address 192.168.129.134 netmask 255.255.128.0 #eth0:1 is for www.site.com auto eth0:1 iface eth0:1 inet static address 198.58.104.* netmask 255.255.255.0 gateway 198.58.104.1 When I run /etc/init.d/networking restart, I get a fail error about bringing up eth0:1: RTNETLINK answers: File exists Failed to bring up eth0:1. Any reason this would be? I didn't have any problems with I first set up eth0 and eth0:0.

  Read the article

• Port Forwarding Using iptables on Ubuntu

  - by user141610

  This is the scenario. I have configured a web-server in MUX. Now I want to access that web-server from Internet. Ubuntu box has two interfaces, One is connected to WAN (Public IP) and another one is connected to MUX (Private IP). MUX has no option to insert default gateway. iptables -t nat -A PREROUTING -p tcp -i eth0 -d 103.x.x.x --dport 8001 -j DNAT --to-destination 192.168.1.2:8080 iptables -A FORWARD -p tcp -d 192.168.1.2 --dport 8080 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT It does not work. Thanks...

  Read the article

• Ping6 fail on linux

  - by michelemarcon

  I have 2 linux box configured with IPv4. I have tried adding IPv6 to them. I have issued this commands on box1: ip -6 addr add fd32:2d7f:f3c1::1/48 dev eth0 And I get this: inet6 addr: fd32:2d7f:f3c1::1/48 Scope:Global Then I have issued this command on box2: ip -6 addr add fd32:2d7f:f3c2::1/48 dev eth0 Back on box1 (command/response): ping6 fd32:2d7f:f3c1::1 is alive! ping6 fd32:2d7f:f3c2::1 ping6: sendto: Network is unreachable Why doesn't box1 ping box2 (of course, also box2 can't ping box1)?

  Read the article

• dhcp client service won't start

  - by xyious

  I have a Laptop with 2 network interfaces and neither will get an IP address through dhcp. I found out that the dhcp client service didn't start. Upon manually starting it gives the error 2: File not found. I have checked that the files were there (both svchost and dhcpcore .dll), the local service account has read access to the system32 folder, the path in the registry is also correct and I can access the file. I have tried to netsh winsock reset and ip reset all. I have even added the local service account to the administrators group. sfc /scannow also came up clean. I have no idea what else I can try. Any suggestions are welcome. (side note it's a windows 7 32 bit, atheros wlan, deinstalled avira before any of the other troubleshooting)

  Read the article

• Distributed website server redundancy

  - by Keith Lion

  Assume a website infrastructure is very complicated and is fully distributed (probably like most large web companies). Am I right in thinking that although there are all these extra web servers to handle multiple client requests, there is still a single "machine" whereby users must enter? I am guessing this machine will be the one physically associated to the IP address? I ask because I need to know whether, in places where distributed systems exist, there is still a single point of failure- usually the control node or, in this example, the machine connected to the public internet? Surely there cannot be two machines connected to the internet, as they would have to have different IP addresses? This "machine" may not be a server per se, but maybe it is a piece of cisco equipment. I just need to know whether, in the real world, these distributed systems still have a particular section where they depend on the integrity of one electronic device?

  Read the article

• Subdomains, folders, internationalization, and hosting solutions

  - by justinbach

  I'm a web developer and I recently landed a gig to develop the US / international version of a site for a company that's big in Europe but hasn't done much expansion into the US yet. They've got an existing site at company.com, which should remain visible to European customers after the new site goes up, and an existing (not great) site at company.us, which I'm going to be redeveloping (the .us site will be taken down when my version goes up--keep reading for details). My solution needs to take into account the fact that there are going to be new, localized versions of the site in the fairly near future, so the framework I'm writing needs to be able to handle localizations fairly easily (dynamically load language packs, etc). The tricky thing is the European branch of the company manages the .com site hosting (IIS-based) and the DNS, while I'll be managing the US hosting (and future localizations), which will likely be apache-based. I've never been a big fan of the ".us" TLD--I think most US users are accustomed to visiting the .com--so the thought is that the European branch will detect the IP of inbound traffic and redirect all US-based addresses to us.example.com (or whatever the appropriate localized subdomain might be), which would point to the IP address of my host. I'd then serve the appropriate locale-specific content by pulling the subdomain from the $_SERVER superglobal (assuming PHP). I couldn't find any examples of international organizations that take a subdomain-based approach for localization, but I'm not sure I have any other options as a result of the unique hosting structure here (in that there's not a unified hosting solution for the European and US sites). In my experience, the US version of an international site would live at domain.com/us, not at us.domain.com, and I'd imagine that this has to do with SEO (subdomains are treated as separate sites, so improved rankings for the US site wouldn't help the Canadian version if subdomains are used to differentiate between them). My question is: is there a better approach to solving this problem than the one I'm taking? Ideally, I'd like to use a folder-based approach (see adidas.com as an example of what I'm talking about), but I'm not sure that's a possibility given that the US site (and other localizations) will not be hosted on the same server as the rest of the .com. Can you, in IIS, map a folder (e.g. domain.com/us) to a different IP address? What would you recommend? Thanks for your consideration.

  Read the article

• hMailServer Email + MX Records Configuration

  - by asn187

  Trying to make DNS changes to enable email to be sent using hMailServer. My mail server is on a separate machine with a separate IP Address. I have already added MyDomain.com and an email account I have create a MX Record with the mail server being mail.domain.com an a priority on 20. 1) But the question is how do I now link this MX record for the domain to my mail server/ mail server IP Address? 2) What changes are needed in hMailServer to complete the process and be able to send emails for the domain? 3) In Settings SMTP Delivery of email: What should my configuration here look like?

  Read the article

• How can HAProxy improve availibility, or "how can I prevent my site from going down"? [closed]

  - by Joe Hopfgartner

  I am aware of what HAProxy does, but what if my HAproxy goes down? Or what if my DNS servers go down? Yes, dns is less the problem. However dns only solves to an IP and an IP is announced via BGP to be routed over some router. What if that router goes down? Of course if I have complicated application servers that are likely to fail HAProxy can significantly improve uptime. But my application isnt. In fact my application may very well just be delivering a small static html file via HTTP. Basically if any user anywhere types in MYDOMAIN.COM, I want the user to get SOMETHING on the screen other than a timeout or DNS resolution error. How can I do that? The point of entry is difficult. The so called "initial closure mechanism".

  Read the article

• routing weirdness - traceroute 'vanishes' en route

  - by The Journeyman geek

  I'm attempting to set up one of my boxes as a server (again), but i'm having some odd connection issues- the box itself connects fine to the internet, but trying to connect to my external ip address seems to result in the trace getting 'lost' partway. http://pastebin.com/HCQAGbvn - this is a traceroute from another system that's connected to another ISP - starhub is my own one, while i have another system that i have access to on singtel. I'm wondering if my ISP is messing around with routing, or is something very odd going on. As you note, the traceroute dosen't reach me, but if it helps, i use a dd-wrt router. edit: Facepalmishly, turning the firewall on my router on and off fixed it. I don't get why it dropped off at different ip addresses each time, or why the router set it self to block.. everything, or why it affected the ipv6 tunnel as well.

  Read the article

• Connecting to my SMTP server

  - by Joseph Silvashy

  I have a few questions, I just installed SMTP on my Ubuntu server, and I want to know how to connect to it from a different machine... I'm not really clear. I tried: telnet my.servers.ip.address 25 I think it's running on port 25, but I don't know where to find out, its not in the conf file anywhere. Additionally do I need it to be a FDQN? or can I just access my mail server via it's IP address? I know that the service works on the machine because I'm able to echo test | mail -s "test" [email protected] Any help debugging or understanding this would be helpful, thanks guys!

  Read the article

• Pages partially load on rapid refresh

  - by user101570

  I recently set up a VPS slice with 256MB to run a LAMP stack (Ubuntu 11.04, Apache2, Mysql, PHP5). So far I'm only running a simple Wordpress site on an IP-based virtual host I set up. The performance is excellent, but I've noticed that if I send multiple HTTP requests from the same IP in a short time period, only partial pages are rendered. Then if I wait a bit and refresh the page, the entire page loads again. I noticed this behaviour when accessing the site from two browsers from my office desktop, but it also presents itself if I quickly navigate the site from a single browser (any browser). I'm guessing this is an Apache phenomenon, as the pages are rendered correctly except under the conditions above, but perhaps I'm wrong here. Could it be my hosting company with some kind of DOS protection in place? As a relative Linux/server noob, I'd really appreciate any insight into what settings in Apache could explain this behaviour, and how I might go about changing it.

  Read the article

• Simplest vpn server for linux

  - by Ian R.

  I'm supposed to setup a vpn server on our linux machine for some of our employees who travel a lot. I have 10 ip's on that server so I'm looking into a simple software (not openvpn which is a hell to digest). The software should be able to allow connections from any os type (linux, mac, windows). It should also be able to allow connections via username/password. I would like to assign 1 ip to each client. Any ideas, names?

  Read the article

• solaris + why cant ping to default getway

  - by yael

  I have Solaris machine with IP 10.10.10.100 and default getway 10.10.10.1 and subnet 255.255.255.0 remark - solaris machine connected to cisco switch via cross cable and from switch to my laptop I configure my laptop to connect to my Solaris machine so my laptop IP is 10.10.10.1 and subnet 255.255.255.0 but something not clearly I have ssh connection from my laptop to my Solaris machine ( I mean I in my solaris machine ) but from Solaris machine I can do ping to 10.10.10.1 ? ( how it can be ??? ) please advice why?

  Read the article

• Cannot connect to FTP server from external host

  - by h3.

  I have a FTP server (vsftpd) setuped on a Linux box (Ubuntu server). When I try to connect with a computer on the same network everything works fine as expected. But as soon the IP is external it won't connect.. I first assumed the port was blocked, but then: localserver:$ sudo tail -f /var/log/vsftpd.log Wed Jan 13 14:21:17 2010 [pid 2407] CONNECT: Client "xxx.xxx.107.4" remotemachine:$ netcat svn-motion.no-ip.biz 21 220 FTP Server And it hangs there. Do any ports other than 21 need to be open?

  Read the article

• How do I now access my site for an installation

  - by user4524

  I have just rented a virtual private server with DirectAdmin. I have an ip address, lets say its: 178.239.60.18 Now I have made a new domain on the server. It resides in a folder called: example. Now when I would like to acces this in a browser, I type in 178.239.60.18/example or 178.239.60.18:example But this does not work. What am I doing wrong? When I look at the DNS record it does say the the ip address for example is 178.239.60.18

  Read the article

• Create and manage child name servers (glue records) within my domain?

  - by basilmir

  Preface I use a top level domain provider that only allows me to add "normal" third-party name servers (a list where i can add "ns1.hostingcompany.com" type entries... nothing else) AND "child name servers" which i can later attach to my parent account ( ns1.myowndomain.com and an ip address). They do not provide other means of linking up. I want to host my own server and dns, even with just one name server (at first). My setup: Airport Extreme - get's a static ip address from my ISP Mac Mini Server - sits behind the Airport and get's a 10.0.1.2 My problem is that i can't seem to configure DNS correctly. I added a "child nameserver" with my airport's external static ip address at the top level provider, so to my understanding i should have all DNS traffic redirected to my Airport. I've opened port 53 UDP to let the traffic in. Now, what i don't get is this. My Mini Server is sitting on a 10.0.1.2 address and i have setup dns correctly, with an A record to point and resolve my server AND a reverse lookup to that 10.0.1.2. So it's ok for "internal stuff". Here is the clicker... How, when a request comes from the exterior for a reverse lookup, does the server "know" ... well look i have everything in 10.0.1.2 but the guy outside needs something from my real address. I can't begin to describe the MX record bonanza... How do i set this "right"? Do i "need" my Mini Server to sit on the external address directly (i can see how this could be the preferred solution, being close to a "real" server i have in my mind). If not... do i need a PTR record on the 10.0.1.2 server but with the external address in there? My dream: I will extend this "setup" with multiple Mini's in different cities where i work. I want a distributed something (Xgrid comes to mind). PS. Be gentle, i've read 2 books and the subject, and bought both the Lynda Essentials and DNS and Networking to boot, still i'm far from being on top of things.

  Read the article

• Port forwarding with DNAT and SNAT without touching other packets

  - by w00t

  I have a Linux gateway with iptables which does routing and port forwarding. I want the port forwarding to happen independent of the routing. To port forward, I add this to the nat table: iptables -t nat -A "$PRE" -p tcp -d $GW --dport $fromPort -j DNAT --to-destination $toHost:$toPort iptables -t nat -A "$POST" -p tcp -d $toHost --dport $toPort -j SNAT --to $SRC $PRE and POST are actually destination-specific chains that I jump to from the PREROUTING and POSTROUTING chains respectively so I can keep the iptables clean. $SRC is the IP address I'm SNATing to which is different from the gateway IP $GW. The problem with this setup is that regular routed packets that were not DNATed but happen to go to the same $toHost:$toPort combo will also be SNATed. I wish to avoid this. Any clever things I can do?

  Read the article

• What is the best way to setup a heartbeat agent for failover between two VMs?

  - by EGr

  I have two VMs in VirtualBox that use NAT for their network adapters. They are both getting the same IP address, so I will need to reconfigure that; but knowing that, is it possible to set up a heartbeat agent to failover an apache server if one of the two VMs go down? The way I pictured it would be that the webserver would be able to be accessed externally via :80. No matter what VM was running, I would be able to access the website at that IP/port since failover would be setup. I'm running into trouble setting up IPs when the network adapters are set to NAT, and people have told me that I shouldn't be setting the IPs in this configuration. So what should I do to achieve what I'm looking for? Is it even feasible?

  Read the article

• linux intrusion detection software

  - by Sam Hammamy

  I have an Ubuntu VPS that I use for practice and deploying prototypes as I am a python developer. I recently started teaching my self sys admin tasks, like installing OpenLDAP. I happened to turn off the ufw firewall for just a minute, and when I ran an netstat command, I saw a foreign ip connected to ssh that I traced to china. I'd like to know a few things: 1) Is there any good network intrusion detection software, such that if any IP that's outside a specific range connects to the VPN, I can be notified? -- I am thinking about scripting this, but I'm pretty sure there's something useful out there and I believe in the wisdom of crowds. 2) How did this person gain access to my server? Is it because my firewall was down? Or is it because they browsed my LDAP directory and from there figured out a way to connect (there was a clear text password in the tree but it wasn't one used by the server's sshd)?

  Read the article

• How do I estimate the number of RSS subscribers?

  - by Robert Kosara

  I'm running a website, and would like to get a better idea how many subscribers I have. I can check the number of subscribers on Google Reader for my two feeds (RSS and Atom). I also have access to my server logs, so I sometimes collect all the IP addresses that access the feeds over a month or so and do a uniq. Is that an accurate way of doing this? Are there other feed aggregators that I need to take into account? Any pitfalls when just going by IP address? I've also thought about embedding an image in the feeds to get a better count. But do all feed readers load images automatically?

  Read the article

• CPanel has two entries for site, need to use SSL one

  - by beingalex

  I have a website that is meant to be using SSL, however there are two entries in Cpanel's httpd.conf which seem to be causing an issue. When I visit just www.website.com I require it to go to https://www.website.com. However I have to write the https:// directly for the site to work. The secure site also has a different IP. I am not meant to edit the httpd.conf directly either and am unsure as to how to change the following directives: <VirtualHost 1.1.1.1:80> ServerName website.com ServerAlias www.website.com DocumentRoot /home/websitec/public_html ServerAdmin [email protected] ## User websitec # Needed for Cpanel::ApacheConf <IfModule mod_suphp.c> suPHP_UserGroup websitec websitec </IfModule> <IfModule !mod_disable_suexec.c> <IfModule !mod_ruid2.c> SuexecUserGroup websitec websitec </IfModule> </IfModule> <IfModule mod_ruid2.c> RUidGid websitec websitec </IfModule> CustomLog /usr/local/apache/domlogs/website.com-bytes_log "%{%s}t %I .\n%{%s}t %O ." CustomLog /usr/local/apache/domlogs/website.com combined ScriptAlias /cgi-bin/ /home/websitec/public_html/cgi-bin/ </VirtualHost> <VirtualHost 2.2.2.2:443> ServerName website.com ServerAlias www.website.com DocumentRoot /home/websitec/public_html ServerAdmin [email protected] UseCanonicalName Off CustomLog /usr/local/apache/domlogs/website.com combined CustomLog /usr/local/apache/domlogs/website.com-bytes_log "%{%s}t %I .\n%{%s}t %O ." ## User websitec # Needed for Cpanel::ApacheConf <IfModule mod_suphp.c> suPHP_UserGroup websitec websitec </IfModule> <IfModule !mod_disable_suexec.c> <IfModule !mod_ruid2.c> SuexecUserGroup websitec websitec </IfModule> </IfModule> <IfModule mod_ruid2.c> RUidGid websitec websitec </IfModule> ScriptAlias /cgi-bin/ /home/websitec/public_html/cgi-bin/ SSLEngine on SSLCertificateFile /etc/ssl/certs/www.website.com.crt SSLCertificateKeyFile /etc/ssl/private/www.website.com.key SSLCACertificateFile /etc/ssl/certs/www.website.com.cabundle CustomLog /usr/local/apache/domlogs/website.com-ssl_log combined SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown <Directory "/home/websitec/public_html/cgi-bin"> SSLOptions +StdEnvVars </Directory> # To customize this VirtualHost use an include file at the following location # Include "/usr/local/apache/conf/userdata/ssl/2/websitec/website.com/*.conf" </VirtualHost> As you can see there is obviously the unsecure directive before the secure one. And this is probably the issue, however if I try to change the IP for the site in WHM I get an error saying that the IP (2.2.2.2) is already in use. Which it is I guess. Any help is appreciated.

  Read the article

< Previous Page | 212 213 214 215 216 217 218 219 220 221 222 223  | Next Page >