Search Results

Search found 16024 results on 641 pages for 'faulted connection'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 235/641 | < Previous Page | 231 232 233 234 235 236 237 238 239 240 241 242  | Next Page >

  • Do these 3 crashes have something in common?

    - by David U
    I'm running OS X 10.6.8 on a Mac Mini. I tried to install 3 applications today and all 3 installations failed. I am wondering if the failures have something in common. First I installed GraphViz. The installation succeeded, but when I try to open any .dot file, I get a dialog that says GraphViz has quit unexpectedly. Next I installed Doxygen. It installed, but when I try to launch it I get a dialog that tells me Doxywizard quit unexpectedly. After some googling I thought perhaps my system lacked QT, and that was the problem. I downloaded the Qt 4.8.4 packages and installed them. But when I try to launch qtdemo.app, or any of the other apps that came with the qt installation, I get a dialog that says I can't open the app because it's not supported on this type of Mac. I have crash logs from GraphViz and Doxygen. They're long and I think it unnecessary to post them unless they would help someone determine my problem. Thanks Excerpt from System Log, added later: 12/13/12 5:26:21 PM [0x0-0x4f04f].com.apple.DiskImageMounter[1322] 2012-12-13 17:26:21.927 DiskImages UI Agent[1333:903] *** -[NSMachPort handlePortMessage:]: dropping incoming DO message because the connection or ports are invalid 12/13/12 5:30:31 PM [0x0-0x1a01a].org.mozilla.firefox[824] [ConvConfHandler] isPreferred contentType: application/x-apple-diskimage 12/13/12 5:35:32 PM DiskImages UI Agent[1384] *** -[NSMachPort handlePortMessage:]: dropping incoming DO message because the connection or ports are invalid 12/13/12 5:35:32 PM [0x0-0x5a05a].com.apple.DiskImageMounter[1376] 2012-12-13 17:35:32.988 DiskImages UI Agent[1384:903] *** -[NSMachPort handlePortMessage:]: dropping incoming DO message because the connection or ports are invalid 12/13/12 6:07:33 PM DisplayLinkUserAgent[772] (00116500.405)-[DLDistributedNotificationCenter stream:handleEvent:] reconnected. 12/13/12 6:07:33 PM [0x0-0x6c06c].backupd-helper[1446] Not starting Time Machine backup after wake - less than 60 minutes since last backup completed. 12/13/12 6:08:43 PM Installer[1403] PackageKit: *** Missing bundle identifier: /Library/Receipts/BrotherPPD.pkg 12/13/12 6:08:48 PM Installer[1403] PackageKit: *** Missing bundle identifier: /Library/Receipts/NeoOffice-2.2.3-Intel.pkg 12/13/12 6:08:48 PM Installer[1403] PackageKit: *** Missing bundle identifier: /Library/Receipts/NeoOffice-2.2.3-Patch-2-Intel.pkg 12/13/12 6:08:48 PM Installer[1403] PackageKit: *** Missing bundle identifier: /Library/Receipts/NeoOffice-2.2.5-Intel.pkg 12/13/12 6:08:48 PM Installer[1403] PackageKit: *** Missing bundle identifier: /Library/Receipts/NeoOffice.pkg 12/13/12 6:08:48 PM Installer[1403] PackageKit: *** Missing bundle identifier: /Library/Receipts/PIXMA iP6000D 290.pkg 12/13/12 6:14:39 PM com.apple.launchd.peruser.501[359] ([0x0-0x70070].com.att.graphviz[2047]) Job appears to have crashed: Bus error 12/13/12 6:14:41 PM ReportCrash[2056] Saved crash report for Graphviz[2047] version 2.28 (2.28.0) to /Users/duzzell/Library/Logs/DiagnosticReports/Graphviz_2012-12-13-181441_Amun.crash 12/13/12 6:15:19 PM com.apple.launchd.peruser.501[359] ([0x0-0x74074].org.doxygen[2070]) Job appears to have crashed: Bus error 12/13/12 6:15:19 PM ReportCrash[2056] Saved crash report for Doxywizard[2070] version 1.8.2 (???) to /Users/duzzell/Library/Logs/DiagnosticReports/Doxywizard_2012-12-13-181519_Amun.crash

    Read the article

  • How do I access an Ubuntu VirtualBox guest at a static IP from an OS X host?

    - by David Siegel
    How does one configure an Ubuntu guest to use a static IP that's visible to an OS X host, and ensure that the static IP is independent of the host's network configuration? I previously used bridged networking for my guest, but I'm constantly moving my host between networks so the guest IP is always different. First, I tried setting the guest network configuration to NAT and forwarding host port 1022 to guest port 22, so I could at least ssh to a fixed address (localhost:1022): $ VBoxManage setextradata "Ubuntu Server" "VBoxInternal/Devices/e1000/0/LUN#0/Config/SSH/Protocol" "TCP" $ VBoxManage setextradata "Ubuntu Server" "VBoxInternal/Devices/e1000/0/LUN#0/Config/SSH/GuestPort" 22 $ VBoxManage setextradata "Ubuntu Server" "VBoxInternal/Devices/e1000/0/LUN#0/Config/SSH/HostPort" 1022 Then, $ ssh localhost -p 1022 ssh: connect to host localhost port 1022: Connection refused But this didn't work (guest has no network access with NAT and OS X refused the connection, as you can see). I'd love a general solution that would let me communicate with my guest at a fixed IP.

    Read the article

  • Windows Server 2003 Terminal Services error

    - by Adrian S
    Hi! I have a Win2K3 machine which I want to access via remote desktop. When I try remote desktop on another machine the session just ends as soon as it attempts connection. I never see the log-on sceeen or anything. It just returns to the remote desktop connection dialog. I have checked the service on the target machine and it's up and running, so how can I determine the error? Is there any way to re-install terminal services and see if it just fixed?

    Read the article

  • Connecting to a LDAPS server

    - by Pavanred
    I am working on a development machine and I am trying to connect to my LDAP server. This is what I do - telnet ldaps- 686 then the response is - Could not open connection to the host on port 686 : connect failed But, the strange part is when I connect to my server - telnet ldap- 389 then the connection is successful. My question is, why does this happen? Do I have to install SSL certificate on the client machine where I make the call from? I do not know much about this. I know for a fact that the LDAP server is working fine because other applications are successfully using it currently.

    Read the article

  • How can i access windows XP remote desktop on private IP from internet?

    - by Jennie
    So the machine is behind a DSL router on a private IP so that it can not receive inbound requests. I want to know: Is there anyway to setup the router NAT (i highly doubt it supports one to one port mapping) without disturbing other users on the same router. I have another machine on internet which has public IP on it without any firewall. Can i use this machine as a relay server so that to initiate the connection, the XP machine send an outbound request and this relay server makes my connection through and then i can access my machine on pvt ip without any problem. Please tell??

    Read the article

  • How to connect Android phone to a Wifi network using PPPoE?

    - by Slavo
    I have an ISP at home, which provides me with a PPPoE connection. My router supports that and I've configured it to autoconnect periodically, so I don't have to type my username and password each time. When I connect to the Wireless router from the PC, I have internet and everything works fine. However, when I do so using my Android phone, there's no internet connection on the phone. It connects to the router, but I cannot open any web page. How can I enable internet access from such an ISP on my phone? Is it something in the router setup? The router is Linksys WRT54GL.

    Read the article

  • How to connect MTS MBlaze on ubuntu 11.04

    - by murali_ma
    i have installed ubuntu 11.04 inside the windows xp. i have MTS Mblaze USB Modem. (my service provider is MTS MBlaze,india) i want to use Mblaze into ubuntu so that i did the following steps for make connecting the device. from the task bar->edit connections->mobile broadband->choose country->mts mblaze and ok i give username and password ([email protected] and password MTS. ok now i enable mobile broadband , MTS MBlaze connection1(connection name) from task bar. steps followed from "http://randomshandom.wordpress.com/2010/12/20/how-to-connect-mts-mblaze-device-in-ubuntu-10-10-11-04/#more-3" for the first time it successfully connected and browse the internet. after i restart the system i connect it. it does not connected. it shows Modem network disconnected. i accessed many times and delete the connection and recreated but i does not help me. if i try to connect device i think it the search the network, i saw the wave signal. img Image for showing problem:

    Read the article

  • Website hosted on IIS is not accessbile

    - by Tola Odejayi
    I have two sites set up in IIS on a remote machine RM; one on regular port 80, and the other on port 5773. From my local machine LM, I can access the site on 80, but I cannot access the one on 5773; I get a status code of 502 and an error code of 10060 (A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond) when I try to do this. I can access the 5773 site via IIS when I am logged into RM (i.e. by right clicking on a page on the site and going 'Browse'). I can also access pages on the 5773 site via a browser, again when I am logged into RM. I just can't do the same via a browser when I am logged into LM. I have ensured that port 5773 is open for outgoing traffic on LM. Could the problem be that I also need to ensure that port 5773 is open for inbound traffic on RM?

    Read the article

  • How to access remotly to a mysql server?

    - by ÉricP
    Hi, I'm trying to access my remote mysql server from my own computer. I uncommented: bind-address = 80.10.65.45 I added 80.10.65.45 as a server in privilege root 80.10.65.45 yes ALL PRIVILEGES yes I'm using Sequel Pro on MacosX to connect via SSH here is the debug log: debug1: Authentication succeeded (password). debug1: Local connections to LOCALHOST:58517 forwarded to remote address 127.0.0.1:3306 debug1: Local forwarding listening on ::1 port 58517. debug1: channel 0: new [port listener] debug1: Local forwarding listening on 127.0.0.1 port 58517. debug1: channel 1: new [port listener] debug1: Entering interactive session. debug1: Connection to port 58517 forwarding to 127.0.0.1 port 3306 requested. debug1: channel 2: new [direct-tcpip] channel 2: open failed: connect failed: Connection refused debug1: channel 2: free: direct-tcpip: listening port 58517 for 127.0.0.1 port 3306, connect from 127.0.0.1 port 58519, nchannels 3

    Read the article

  • IIS not listening over external network, all other traffic working

    - by Beuy
    Hello there, I have a very odd situation, I have a server (let's call it X) running 2008 R2 with two NIC's in it, one is connected to the work domain and has a subnet of 192.168.10.0/24 the other is connected to a ADSL connection and has a subnet of 192.168.1.0/24. The server has IIS installed. On the ADSL connection I have setup a dynamic dns and port forwarding to allow external HTTP, HTTPS, FTP and RDP connections. FTP and RDP are working fine however neither HTTP or HTTPS are working at all. I can browse the websites by going to localhost on the machine, the HTTP and HTTPS ports appear as "Filtered" when I try to scan them using PortQueryUI and browsers respond with a "Server took too long to load or was not responding" error. This was working fine just a few days ago, Windows firewall is disabled I don't have any software firewall on it. And I'm really lost. Any help would be great.

    Read the article

  • Black screen with thinkpad edge e525, AMD radeon HD before and after installation, plymouth?

    - by carolien
    I have a new thinkpad edge e525 (which should work) and wanted to try ubuntu (first linux experience). With the ubuntu desktop-cd I had a blackscreen before installation, I could fix that with nomodeset. After the installation, when rebooting I got the black screen again. First I see some ubuntu colour with a green busted stripe. I have the same problem with the live boot, also tried mint live, the stripe gets pink. I installed xubuntu 64bit from an alternate cd and I didnt have problems until de reboot after the installation. Same problem, just a black screen with the green stripe than blackscreen. I tried several things: adding nomodeset to the bootmenu, but than I get: No connection to plymouth and it is stuck at checking the battery status. I tried to replace quiet splash with text. Didnt work either. actually one time I saw a blue booting image before that. I managed to get a root command though via the recovery boot. I didnt dare to just remove the plymouth package. Can I just delete plymouth or do I have to deinstall it as described in several ways. (Problem is, right now the notebook doesnt have a internet connection. And I dont know how to manage it with a usb stick?) Or do I have to install the AMD catalyst driver manually? (Again, how can I do that with an usb stick) I also tried this: Ubuntu hits a black screen after boot. Is there any solution without internet? And if I need internet which is the right one? Please explain step by step what I have to write and so on! Thank you! also tried: set gfxpayload=text and: just remove splash and adding vesafb.nonsense=1 to the grub editor, because I couldnt find it anywhere

    Read the article

  • Deploy multiple emails to email providers, but without showing favouritism

    - by Ardman
    We are currently developing a new email deployment system. We have the system currently configured so that it reads a record from the database and loads the email content and deploys it to the target. Now we want to move this over to multiple threads. That is easily done, except we then hit the email providers returning SMTP codes referring to "Too many connections", or "Deferred connection". The solution to this is to have a thread open up a connection to the email provider and deploy n emails and then disconnect. We have currently configured the application so that it will support these session based email deployments. The problem is this, the database table has multiple email addresses in and they aren't grouped by email provider because that will show favouritism. We need to be able to retrieve a set number of, i.e. Hotmail, emails (@hotmail.com, @hotmail.co.uk, @live.co.uk) so that we are reducing the number of connections to Hotmail and reducing the risks of getting the "Too many connections" error. We are at the point now where we have gone round and round in circles trying to get a solution, so I thought I'd throw it out there and see if anyone has any ideas? EDIT I would like to stress that this application is not used for spamming purposes.

    Read the article

  • Throttling apache downloads selectively

    - by Synchro
    I have a linux box running Debian Sarge (old I know) and apache 2.0.54. It serves two kinds of files - regular web pages and small images, and a lot of large podcast mp3s. The podcast downloads swamp the connection and make the rest of the site unresponsive, so I'm looking to throttle the data transfer rate (not the request rate) of just the podcasts. I've set up haproxy using this technique which does what it says it will, but solves a different problem - even only 5 simultaneous podcast downloads is enough to saturate the link. In a perfect world, haproxy would support per-connection throttling, but it doesn't. So far I've looked at mod_bw (won't compile for me, seems unsupported), mod_cband (unsupported, widely reported as problematic) and iptables using tc. The iptables approach would allow me to throttle things, but would not be at all selective, slowing down everything on the server, not just the podcasts, so would just move the bottleneck without changing overall behaviour. Ideas?

    Read the article

  • Apache https configurations

    - by sissonb
    I am trying to setup my domain name with a self signed cert. I created the cert and placed the server.key and server.crt files into C:/apache/config/ Then I updated my httpd.confg host to include the following, <VirtualHost 192.168.5.250:443> DocumentRoot C:/www ServerName mydomain.com:443 ServerAlias www.mydomain.com:443 SSLEngine on SSLCertificateFile C:/apache/conf/server.crt SSLCertificateKeyFile C:/apache/conf/server.key SSLVerifyClient none SSLProxyEngine off SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog logs/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" </VirtualHost> Now when I go to https://mydomain.com I get the following error. SSL connection error Unable to make a secure connection to the server. This may be a problem with the server, or it may be requiring a client authentication certificate that you don't have. Error 107 (net::ERR_SSL_PROTOCOL_ERROR): SSL protocol error. Can anyone see what I'm doing wrong? Thanks!

    Read the article

  • Windows Advanced Firewall certificate based IPSEC

    - by Tim Brigham
    I'm working on migrating from using IPSEC settings stored under the 'IP Security Policies on Active Directory' to using the 'Windows Firewall with Advanced Security' for my 2008+ boxes. I have successfully been able to get this set up using Kerberos authentication, however my openswan implementation on my Linux boxes is using certificates. Whenever I try changing the authentication method to computer certificate (using RSA and my root CA) the connection is bombing out. I've made this change at both a connection request policy and on the IPSEC settings on the root Windows Firewall with Advanced Security node. The windows event log shows the authentication request is taking place but failing negotiating a mode. What am I missing here?

    Read the article

  • IIS FTP service - download timeouts and restarts getting the data twice

    - by accel229
    We have an IIS FTP site on a Windows Server 2003 x64 machine. Application Layer Gateway service is disabled (so http://support.microsoft.com/kb/931130 does not apply). Windows Firewall service is disabled as well. Connection timeout for the FTP site (there is only one) is set to 1,200 seconds = 20 minutes. An external client can connect to the site, list directory contents and download small files. When a client attempts to download a large file (eg, if the download continues for 3 minutes, which is still under 20 minutes, but relatively long), the server sends all data, then the connection times out, the client issues REST / RETR commands attempting to restart the download since after the last byte (which I believe should succeed and receive exactly 0 bytes), and the server behaves as if the client tried to restart after byte 0, that is, it sends the entire file all over. Any ideas on how to fix this?

    Read the article

  • Why does my Mac address reset after reconnecting?

    - by Mr.Student
    I have ubuntu 12. I'm changing my mac address with ifconfig wlan0 hw ether xx:xx:xx:xx:xx:xx which works. However when I restart my connection my computer resets my mac to my original mac address. I'm guessing that this happens because something calls... ifconfig wlan0 down ... do something before connecting ifconfig wlan0 up ... connect to designated access point I want my mac address to however be the same no matter how many times I disconnect and reconnect, whether to another network or the same one. Also it would be nice to turn off the auto-connect feature for my network-manager with out having to edit each individual connection. Lastly I would like to know how to connect to a wifi network through the terminal and not via gui network manager ubuntu provides.

    Read the article

  • Cannot access internet or remote network after connecting to Windows VPN

    - by Kiewic
    I set up a VPN by creating an incoming VPN connection (VPN server) in my Windows 8 machine at home (not a Windows Server). I forwarded the PPTP port in my router (port 1723) to this machine and enabled PPTP passthrough. In a second Windows 8 machine out of home, I created an outgoing VPN connection (VPN client). And I am able to connect to my home VPN, but I don't have access to any home resource or even internet. This is the output of the client ipconfig: And this are the settings of my VPN server: UPDATE: My VPN server has assigned the 192.168.1.144 IP adress at my home network. So, I tried setting the "IP address assignment" range from 192.168.1.150 to 192.168.1.200. And when a VPN client gets connected, it gets an address in that range, but it doesn't make any difference.

    Read the article

  • emacs and putty on windows 7

    - by twilbrand
    My workstation was recently updated to Windows 7. I've downloaded putty and have configured it to the same settings I had under Vista. Whenever I ssh to a vm running Centos 5.4 and try to run emacs on a file, I'm getting an error about a connection to an X server: [ecto1 ~]$ emacs foo.bar Connection lost to X server `localhost:10.0' I never received this error message when I had Vista. I can get around it by aliasing emacs to 'emacs -nw', but I don't feel that I should have to do this. My co-worker has the same hardware that had the same upgrade and his sessions do not seem to be doing this. Any advice? I can't find anything on google and don't know where else to start. [ecto1 ~]$ emacs -version GNU Emacs 21.4.1

    Read the article

  • Ethernet 802.1x client -> WiFi AP on a Raspberry Pi?

    - by Martin Janiczek
    I have an Ethernet connection that requires 802.1x authentication (TTLS, MSCHAPv2, name+password). My goal is to connect that to something that would then act as an WiFi AP, so I can use the connection on more devices (iPhone, notebook, etc.) Would it be possible/good idea to use Raspberry Pi for this purpose? Or are there better-suited devices to do this? EDIT: found some alternatives but because of low rep can't post more than two links... OpenWRT + wpa_supplicant guide Carambola - works with OpenWRT (but probably not standalone?) Hornet-UB - works with OpenWRT Asus RT-N10+ + OpenWRT how-to EDIT 2: probably going to try TP-LINK TL-WR740N. It's a classic router, but can be flashed with OpenWRT, and the price beats everything else I've seen.

    Read the article

  • Can't connect to Wireless Network - Ubuntu 12.04 LTS & Sabrent A111N USB Dongle

    - by Ohgodwhy
    I've been trying to connect to this network for quite some time. I can't directly connect to the router with a Wire, but can access the Router with other wireless devices without any issues. I had previously tried several other Wifi nic's but none of them would load properly. Today, i went and bought a new (supported) Sabrent A111N USB Dongle, which said explicitly that it works with Linux 2.4 +. I popped the Dongle in, and low-and-behold it immediately said that there were Available Wireless Connections. I selected my connection and tried to connect, but it just loops constantly while saying Wireless Disconnected then attempts to connect again over and over. ifconfig and iwconfig both show my device in a ready and working state. However, iwlist wlan0 scan says that there are no results found. I don't get it... At one point, I could see the CPU in the DHCP client list under the router, but it doesn't fully make the connection (something about a timeout?). Any help would be appreciated. Bus 001 Device 002: ID 0bda:8176 Realtek Semiconductor Corp. RTL8188CUS 802.11n WLAN

    Read the article

  • Windows Server 2008 R2 loses ability to connect to network share

    - by JamesB
    I could sure use some help with this one: I've got two Windows Server 2008 R2 x64 Terminal Servers, as well as several 2003 servers (DNS / Wins / AD / DC). On the two 2008 boxes, every now and then they will get in this mode where you can't map a drive to a random server. I say random server because it's not always the same server that you can't map to. Here is a summary of what I can and can't do: net view \\servername Sometimes this works, sometimes it does not. net view \\FQDN This always works. net view \\IPAddress This always works. ping servername Sometimes this works, sometimes it does not. ping FQDN This always works. ping IPAddress This always works. I've been looking all over for a solution to this. It sure seems like Microsoft would have a hotfix by now. The kicker to this is that it sometimes works great, especially after a reboot. It may run for 2 weeks just fine, but all of a sudden it will fail to resolve the remote server name. It will then be this way for a few days, then it might start working again. Also, while it's in the mode of not working, the other servers have no problem getting there. It's just these 2008 R2 Terminal Servers. Setting a static entry in the Hosts file and LMHosts does not make it work. All servers have static IPs and they are registered in DNS and Wins just fine. Here is a long thread on MS Technet of the exact same problem, but they don't have a good solution. Here is their workaround (It was from June of 2010): Good news - a hotfix is in the works and a workaround has been identified: Root cause is that since this is SMB1 all user sessions are on a single TCP connection to the remote server. The first user to initiate a connection to the remote SMB server has their logon-ID added to the structure defining the connection. If that user logs off all subsequent uses of that TCP session fail as the logon-id is no longer valid. As a workaround for now to keep the issue from happening you will want to have the user not logoff the Terminal Server only disconnect their sessions. Any word from anyone out there about a solution? Any help would sure be appreciated. Thanks, James

    Read the article

  • Lingering database-connections from Feng Office

    - by Bobby
    I've installed Feng Office on our main server which is working perfectly so far. Unfortunately it seems like there's a problem with the connection to the MySQL-Database. While the connection itself works fine, it's the reuse/pooling of connections which seems to be bugged. There are lingering/sleeping connections to the server from Feng Office which won't close and don't get reused after some time (120 seconds). Of course those lingering processes/connections are piling up pretty fast. I've found a thread at the forums about this behavior, but the suggested fix is already applied (by default). I'm sure this is just a configuration issue, but I'm a little clue less because Feng is besides a MediaWiki, a DokuWiki and homebrewed PHP applications the only one with this issue. The setup is a Microsoft Windows 2003 Server with MySQL 5.0.26 and Apache 2.2. Where can I start looking for clues why this is happening and how do I get rid of lingering MySQL-Connections?

    Read the article

  • How to open a server port outside of an OpenVPN tunnel with a pf firewall on OSX (BSD)

    - by Timbo
    I have a Mac mini that I use as a media server running XBMC and serves media from my NAS to my stereo and TV (which has been color calibrated with a Spyder3Express, happy). The Mac runs OSX 10.8.2 and the internet connection is tunneled for general privacy over OpenVPN through Tunnelblick. I believe my anonymous VPN provider pushes "redirect_gateway" to OpenVPN/Tunnelblick because when on it effectively tunnels all non-LAN traffic in- and outbound. As an unwanted side effect that also opens the boxes server ports unprotected to the outside world and bypasses my firewall-router (Netgear SRX5308). I have run nmap from outside the LAN on the VPN IP and the server ports on the mini are clearly visible and connectable. The mini has the following ports open: ssh/22, ARD/5900 and 8080+9090 for the XBMC iOS client Constellation. I also have Synology NAS which apart from LAN file serving over AFP and WebDAV only serves up an OpenVPN/1194 and a PPTP/1732 server. When outside of the LAN I connect to this from my laptop over OpenVPN and over PPTP from my iPhone. I only want to connect through AFP/548 from the mini to the NAS. The border firewall (SRX5308) just works excellently, stable and with a very high throughput when streaming from various VOD services. My connection is a 100/10 with a close to theoretical max throughput. The ruleset is as follows Inbound: PPTP/1723 Allow always to 10.0.0.40 (NAS/VPN server) from a restricted IP range >corresponding to possible cell provider range OpenVPN/1194 Allow always to 10.0.0.40 (NAS/VPN server) from any Outbound: Default outbound policy: Allow Always OpenVPN/1194 TCP Allow always from 10.0.0.40 (NAS) to a.b.8.1-a.b.8.254 (VPN provider) OpenVPN/1194 UDP Allow always to 10.0.0.40 (NAS) to a.b.8.1-a.b.8.254 (VPN provider) Block always from NAS to any On the Mini I have disabled the OSX Application Level Firewall because it throws popups which don't remember my choices from one time to another and that's annoying on a media server. Instead I run Little Snitch which controls outgoing connections nicely on an application level. I have configured the excellent OSX builtin firewall pf (from BSD) as follows pf.conf (Apple App firewall tie-ins removed) (# replaced with % to avoid formatting errors) ### macro name for external interface. eth_if = "en0" vpn_if = "tap0" ### wifi_if = "en1" ### %usb_if = "en3" ext_if = $eth_if LAN="{10.0.0.0/24}" ### General housekeeping rules ### ### Drop all blocked packets silently set block-policy drop ### all incoming traffic on external interface is normalized and fragmented ### packets are reassembled. scrub in on $ext_if all fragment reassemble scrub in on $vpn_if all fragment reassemble scrub out all ### exercise antispoofing on the external interface, but add the local ### loopback interface as an exception, to prevent services utilizing the ### local loop from being blocked accidentally. ### set skip on lo0 antispoof for $ext_if inet antispoof for $vpn_if inet ### spoofing protection for all interfaces block in quick from urpf-failed ############################# block all ### Access to the mini server over ssh/22 and remote desktop/5900 from LAN/en0 only pass in on $eth_if proto tcp from $LAN to any port {22, 5900, 8080, 9090} ### Allow all udp and icmp also, necessary for Constellation. Could be tightened. pass on $eth_if proto {udp, icmp} from $LAN to any ### Allow AFP to 10.0.0.40 (NAS) pass out on $eth_if proto tcp from any to 10.0.0.40 port 548 ### Allow OpenVPN tunnel setup over unprotected link (en0) only to VPN provider IPs ### and port ranges pass on $eth_if proto tcp from any to a.b.8.0/24 port 1194:1201 ### OpenVPN Tunnel rules. All traffic allowed out, only in to ports 4100-4110 ### Outgoing pings ok pass in on $vpn_if proto {tcp, udp} from any to any port 4100:4110 pass out on $vpn_if proto {tcp, udp, icmp} from any to any So what are my goals and what does the above setup achieve? (until you tell me otherwise :) 1) Full LAN access to the above ports on the mini/media server (including through my own VPN server) 2) All internet traffic from the mini/media server is anonymized and tunneled over VPN 3) If OpenVPN/Tunnelblick on the mini drops the connection, nothing is leaked both because of pf and the router outgoing ruleset. It can't even do a DNS lookup through the router. So what do I have to hide with all this? Nothing much really, I just got carried away trying to stop port scans through the VPN tunnel :) In any case this setup works perfectly and it is very stable. The Problem at last! I want to run a minecraft server and I installed that on a separate user account on the mini server (user=mc) to keep things partitioned. I don't want this server accessible through the anonymized VPN tunnel because there are lots more port scans and hacking attempts through that than over my regular IP and I don't trust java in general. So I added the following pf rule on the mini: ### Allow Minecraft public through user mc pass in on $eth_if proto {tcp,udp} from any to any port 24983 user mc pass out on $eth_if proto {tcp, udp} from any to any user mc And these additions on the border firewall: Inbound: Allow always TCP/UDP from any to 10.0.0.40 (NAS) Outbound: Allow always TCP port 80 from 10.0.0.40 to any (needed for online account checkups) This works fine but only when the OpenVPN/Tunnelblick tunnel is down. When up no connection is possbile to the minecraft server from outside of LAN. inside LAN is always OK. Everything else functions as intended. I believe the redirect_gateway push is close to the root of the problem, but I want to keep that specific VPN provider because of the fantastic throughput, price and service. The Solution? How can I open up the minecraft server port outside of the tunnel so it's only available over en0 not the VPN tunnel? Should I a static route? But I don't know which IPs will be connecting...stumbles How secure would to estimate this setup to be and do you have other improvements to share? I've searched extensively in the last few days to no avail...If you've read this far I bet you know the answer :)

    Read the article

  • Unreasonably slow stunnel

    - by Kit Sunde
    I setup stunnel on OSX to tunnel traffic to my Django dev server because Facebook needs HTTPS these days but I noticed it's being absurdly slow. It seems like it can only handle a single connection at a time and even the connection is slow when I'm connecting to localhost. I've tried using some performance tips found online and so my config is setup as: pid= # foreground=yes cert=./cacert.pem key=./privkey.pem libwrap=no debug=0 socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 [https] accept=8443 connect=8000 Is there a way to get more performance or more suitable way of setting up HTTPS for my dev server?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 231 232 233 234 235 236 237 238 239 240 241 242  | Next Page >