everything - Page 238 - Developer IT

IIS 7.0 Web Deploy authentication fails after changing Windows password... help?

- by Lucifer Sam

I have a very basic Windows 2008 R2 Web Server running IIS 7.0. This is just a test/practice server, so I enabled Web Deployment using Windows Authentication. All was well and I was able to deploy easily from VS 2010 using the Administrator account credentials. After changing the Administrator account password, I get the following error when trying to deploy from Visual Studio (using the new password, of course): Error 1 Web deployment task failed... ...An unsupported response was received. The response header 'MSDeploy.Response' was '' but 'v1' was expected. The remote server returned an error: (401) Unauthorized. If I change the Administrator password back to the original one and try to publish using it everything works fine again. So what am I missing? Am I supposed to do something in IIS after changing the password? Thanks!

Read the article

What do you do with coder's block?

- by Garet Claborn

Lately it has been a bit rough. I basically know all the things I need and all the avenues to get there for work. There's been no real issue of a problem with too high complexity, and performance is good. Still, after three major projects this year, my mind is behaving a little strange. It's like I'm used to working in O(1+log(N-neatTricks)) but for some reason it processes in O(N^2)! I've experienced a sort of burnout after long deadlines and drudging projects before, but when it turns into a longer experience, I haven't found the usual suspects to be helpful. Take more walks Work on other code Overdesign everything until I feel intensely driven to just make it (sorta works) How can a programmer recoup from the specific hole in your head programming leaves after being mentally ransacked by these bloody corporations and their fancy money? Hopefully some of you have some better ideas, because I could really use another round of being looted and pillaged.I've often wondered if there are special puzzles or some kind of activity that would de-stress the tangled balance of left and right braininess programmers often deal with. Do any special techniques, activities, anything seem to help with the developer's mindset especially?

Read the article

Advise on career development [closed]

- by Mike Young

I am an amateur programmer working at a start-up. I didn't try coding at college. I've been working for 2 months now on web development. I'm satisfied with my progress. My project will go live soon. I work on front-end and my colleague integrates my work in his. So I decided to learn back-end technologies so that I would be able to work on a project from scratch, help my company build up. I recently got to know about the technologies used by fb and was fascinated to learn ,work on them,keep motivating myself. Now I want to work on building a product from scratch, be good at database concepts, a language like ruby or python, and get to know load balancing, dynamic requests from servers, hosting a website, real time communication, secured login, implementing sophisticated search feature for the app, using git by the end of the project.I would like to be a full stack developer in due course of time and learn everything in detail. I decide to keep myself out of time frame, learn every concept in detail.I would like to use both rdbms and non relational dbm for the project. I have no experience except some beginner knowledge in html5,css and JavaScript. I would like to get some advice on how to proceed forward step by step,flow what technologies to pick up and project idea which includes all the above.

Read the article

Domain Controllers group not reflected in domain controllers credentials

- by Molotch

I set up a small testlab in vbox consisting of four servers. Two domain controllers dc01, dc02, one offline root ca and one online enterprise sub ca, ca01. All servers are based on Windows Server 2008 R2 Standard. Everything works as excpected except one thing. If I issue a certificate template with read, enroll and autoenroll rights to the security group "domain controllers" it does not let dc01 or dc02 to enumerate or enroll for the certificate. I've restarted both domain controllers several times to update their credential tokens with the correct group memberhips. So I added dc01 to the "domain computers" group and gave that group read, enroll and autoenroll rights in the template, bam, the certificate was issued. So my question is, why isn't the domain controllers group memberhips reflected in the domain controllers (dc01 and dc02) credentials? Can I view the computers credentials somehow and how should I go about trying to resolve the issue?

Read the article

Kickstart PXE Boot Installation not working

- by Anshuman

I tried installing PXE Boot Installation Server on RHEL 6.0. I seem to have done everything according to the page: http://www.linux-sxs.org/internet_serving/pxeboot.html. In my case, the client boots, gets DHCP IP address from our server, connects to the Kickstart server too, but then nothing happens. It shows: Loading 192.168.1.101: pxe.linux.0 ..... 192.168.1.101 in my kickstart server. Did any one face such a situation? I'm using a test env on Oracle Virtualbox with DNS Server on RHEL 6.0, DHCP Server on CentOS 6.0 and Kickstart server on RHEL 6.0. The image I'm trying to install is that of REHL 6.0! Awaiting some responses! Cheers, Anshuman

Read the article

Don’t apply for your first job somewhere; apply for an experience at Oracle.

- by cristian.condurache(at)oracle.com

Hi! My name is Stijn and I currently work as a Business Development Consultant for Oracle in Dublin since November 2010. I’m originally from Belgium and I graduated last year from the Vlerick Leuven Gent Management School. In many ways you could say I’m living the life I asked for: an international career with global organization. I’m unbelievably grateful however, because opportunities like this don’t come by the dozen. Actually, going through university and business school my dreams of an international career were clouded quite quickly. Following all the ‘right’ steps wasn’t enough. The lack of offers for, and trust in, new starters to take on a challenge like this was a reality check for me and many of my friends. It takes a company that recognizes the opportunity of recruiting talented individuals by offering them something they actually want: a first job based abroad! My job is focused on generating demand for Oracle products over the phone. In only a few months, the amazing things I’ve experienced, the people I’ve talked to, the learning experiences I’ve had in and outside of work are too many to list. From having CEO’s on the phone, to having meetings with 15 different nationalities, to getting settled from scratch in a new country… it’s something that builds you as a person. But don’t be fooled though, it’s on you - where it starts. Although Oracle gives you the best training and resources to do your job and Ireland is a playground for everything else, it’s you that is responsible. You are in control and much is expected. What you get in return however, is beyond incredible. If you are interested in joining the same team as Stijn, please visit http://campus.oracle.com or contact [email protected] Technorati Tags: Oracle,opportunity,global organisation,career,Business Development Consultant

Read the article

mkisofs creating iso file with no error or warning but iso corrupted

- by user1291203

I'm trying to make a dvd from mpeg2 files. First of all i'm on windows 7. I'm using the following binaries: jpeg2yuv mpeg2enc mplex spumux dvdauthor Now everything is fine till this point absolutely no errors, but then i'm using mkisofs to make the iso file also no errors or warnings. It creates the iso file but i cannot burn it to dvd it said: The selected disk image file isn't valid. I tried it on a Mac osx as well and there the iso is worked fine. It is an NTSC iso. I'm totaly stuck with this problem any help is really appreciated.

Read the article

Career Advice for a career shifter

- by newbie

Hi! I am an industrial engineer and last May 2010 at the age of 25, I resigned from my job and decided to have a career shift to IT. I am studying again and so far learned the basics of the following programming languages: C, Java (SE), MySql, html, css, javascript. I am really just a beginner in everything and only have little knowledge on data structures / algorithms, software engineering and network systems. I am currently focusing all my attention to Java so that I'll have at least one expertise. And so far, i could only make small games like hangman and battleship. I will finish my 1 year diploma in IT this May and I need to know what kinds of jobs should I apply to start my career as an IT practitioner (application developer)? I am really confused and afraid because I am already old and I need to begin again my career from scratch and I don't know where to start. Where should I start???? Thank you very much. Your reply would be highly appreciated.

Read the article

Exclusive Expert and Peer-Led Sessions—Only at Oracle OpenWorld

- by jhpierce -Oracle

With more than 2,500 sessions, dozens of hands-on labs, hundreds of demos, four Exhibition Halls, and countless meet-ups, Oracle OpenWorld is the place to learn, share, and network. Planning ahead is always a smart move and here are some links to help you plan your Oracle OpenWorld schedule. You will hear directly from Oracle Thought leaders, Oracle Support experts and their peers about how to succeed across the Oracle stack—from Oracle Consulting Thought Leader sessions dedicated to the cloud to hands on demos showing the value of My Oracle Support—Oracle Open World is your one stop shop for everything Oracle. Featured sessions include: Is Your Organization Trying to Focus on an ERP Cloud Strategy? Modernize Your Analytics Solutions Is Your Organization Trying to Focus on a CX Cloud Strategy? Best Practices for Deploying a DBaaS in a Private Cloud Model Visit the Support & Services Oracle OpenWorld website to discover how you can take advantage of all Oracle OpenWorld has to offer. With 500 Services experts, 50+ sessions, networking events and demos of powerful new support tools, customers will find relevant, useful information about how Oracle Services enables the success of their Oracle hardware and software investments.

Read the article

Exclusive Expert and Peer-Led Sessions—Only at Oracle OpenWorld

- by Phil Catalano-Oracle

With more than 2,500 sessions, dozens of hands-on labs, hundreds of demos, four Exhibition Halls, and countless meet-ups, Oracle OpenWorld is the place to learn, share, and network. Planning ahead is always a smart move and here are some links to help you plan your Oracle OpenWorld schedule. You will hear directly from Oracle Thought leaders, Oracle Support experts and their peers about how to succeed across the Oracle stack—from Oracle Consulting Thought Leader sessions dedicated to the cloud to hands on demos showing the value of My Oracle Support—Oracle Open World is your one stop shop for everything Oracle. Featured sessions include: Is Your Organization Trying to Focus on an ERP Cloud Strategy? Modernize Your Analytics Solutions Is Your Organization Trying to Focus on a CX Cloud Strategy? Best Practices for Deploying a DBaaS in a Private Cloud Model Visit the Support & Services Oracle OpenWorld website to discover how you can take advantage of all Oracle OpenWorld has to offer. With 500 Services experts, 50+ sessions, networking events and demos of powerful new support tools, customers will find relevant, useful information about how Oracle Services enables the success of their Oracle hardware and software investments.

Read the article

Exclusive Expert and Peer-Led Sessions—Only at Oracle OpenWorld

- by AlanBoucher-Oracle

With more than 2,500 sessions, dozens of hands-on labs, hundreds of demos, four Exhibition Halls, and countless meet-ups, Oracle OpenWorld is the place to learn, share, and network. Planning ahead is always a smart move and here are some links to help you plan your Oracle OpenWorld schedule. You will hear directly from Oracle Thought leaders, Oracle Support experts and their peers about how to succeed across the Oracle stack—from Oracle Consulting Thought Leader sessions dedicated to the cloud to hands on demos showing the value of My Oracle Support—Oracle Open World is your one stop shop for everything Oracle. Featured sessions include: Is Your Organization Trying to Focus on an ERP Cloud Strategy? Modernize Your Analytics Solutions Is Your Organization Trying to Focus on a CX Cloud Strategy? Best Practices for Deploying a DBaaS in a Private Cloud Model Visit the Support & Services Oracle OpenWorld website to discover how you can take advantage of all Oracle OpenWorld has to offer. With 500 Services experts, 50+ sessions, networking events and demos of powerful new support tools, customers will find relevant, useful information about how Oracle Services enables the success of their Oracle hardware and software investments.

Read the article

Double default gateway ubuntu server

- by Elena

Hi, I've just installed an Ubuntu server 9.10 on an EEEBox. This is my /etc/network/interfaces # The loopback network interface auto lo iface lo inet loopback auto wlan0 iface wlan0 inet static address 192.168.48.16 netmask 255.255.248.0 wireless-essid mynet auto eth0 iface eth0 inet static address xx.xx.xx.xx netmask 255.255.255.224 gateway xx.xx.yy.yy When I restart /etc/init.d/networking, I can access the eth0 ip address from the internet and I can ping the machines in my wifi network mynet. Everything works fine and I have one default gateway. But after some time if I check again the route I just find two default gateways: one is correct and is the previous one, but the other is the one of the wifi network. I have a quite low signal of mynet where my server is and sometimes the wifi just disconnect and then reconnect again. Then I think that this can be a problem and the dhcp of the wifi net, when reconnecting it also add a default gateway. Any idea on how to resolve this issue?

Read the article

CodePlex Daily Summary for Tuesday, February 23, 2010

CodePlex Daily Summary for Tuesday, February 23, 2010New Projects.NET Beginners: This project is a summary of project for first time developer and .net beginners. the aim is to provide tools and libraries to get startet with dev...A simple ASP.NET Currency / Money TextBox User Control: A ASP.NET TextBox control used with AJAX maskeditextender makes it possible to enter numbers but it's not very intuitive to use. CurrencyTextBox co...Academiki: Academik The project aims to be a university social network with content sharing and intellectual property. Academik makes it easier for students t...Acessando Campos com XPath Expression: Esse é um exemplo de como usar Xpath Expression na orchestration do Biztalk 2006. O Artigo do exemplo esta em www.biztalkbrasil.blogspot.comAg.CommandManager: A command manager implementation for Silverlights. Supports commanding to more or less any event using the ICommand interfaceApunta Notas: Apunta notas is just a note taking program that I created to learn WPF. Now you can write everything you need to remember or tell somebody. Or you...AzureKit: AzureKit provides a more direct approach to Azure's Table Service, which takes more advantage of the NoSQL nature of the storage medium.CRM 4.0 Distribute Workflow Activity: This plugin allows to execute a workflow for each entity that has a 1:N or N:N relationship to a given entity. For example: execute a workflow for...Dbg Shell: Dbg Shell replaces WinDbg for debugging dumps. All standard Dbg commands are supported. You can also write scripts in .Net assemblies to automated ...Egg Timer: Egg Timer is a very simple Windows Form application for setting short time-frame alarms.Enterprise Library Extensions: Extensions for the Microsoft Enterprise Library applications blocks which makes programming applications even easier.Event Calendar 2.0 Data Extractor: Really simple app to recover event calendar 2.0 information from iGoogle settings files and turn them into CSV format info for importing to other c...iTwiit: Silverlight Twitter Clientlibtym: Have your complete movie collection at a glance to manage all your movie files very comfortably!Metabolite Enterprise Libraries for EPiServer CMS using Page Type Builder: The Metabolite Enterprise libraries are a set of C# Class Libraries developed for use with EPiServer 5 R2 SP2+ projects using PageTypeBuilder. They...Metro UX: Metro UXMTI: -Personal Expense Tracker: Personal Expense Tracker helps you track your expenses. I tried to find simple win forms expense tracker but found none interesting, so i made one...rarouš: repository for rarouš.weblog articlesSacDotNetUG: SacDotNetUG is an ASP.NET MVC 2 Web application intended for the Sacramento .NET user group. This project servers 2 main goals: to promote the adop...ShellLight: ShellLight is essentially a graphical shell for Silverlight applications that enables a quick auto-complete launcher for features in your solution.Sina Weibo(Microblog): sina weibo .NET libraries and applications.Terrain Independant Navigating Automaton v2.0: This is where members of the Robot Design Team from Stony Brook University come together and work on our unique TINA. This project is for a self-go...Url Rewrite.Net: Url Rewrite.Net is an open-source SEO project which contains Custom Http Module example and Custom Configrutaion Module.It is developed in C#.NET 2...WebPart and WebService Currency Converter: This is only a sample code how to get data from yahoo finance and how to implementing on Sharepoint WebPart or WebServices. This code it is freely...WPF AutoComplete TextBox Control: A AutoComplete TextBox Control written in WPF, Looks like the system built-in auto-completion(SHAutoComplete).ZWaveAPI: This project is aim to create an open class library on ZWave. It is based on article from digiWave.dk New Releases.NET Beginners: MathLab Visual Studio Project Template: First preview to a mathlab beginners library..NET Beginners: Turtle Visual Studio Project Template: The turtle engine is a very simlpe turtle which runs over a beach and leaves a track.A simple ASP.NET Currency / Money TextBox User Control: CurrencyTextBox Source v1.0: Source code with a test project.A simple ASP.NET Currency / Money TextBox User Control: CurrencyTextBox.dll: The User Control for use in projects.Acessando Campos com XPath Expression: Source Code SampleXPathExpression: O Source code contem o Projeto em Visual Studio 2005.Actipro WPF Controls Contrib: v2009.2 build 515: Minor tweaks and updated to target Actipro WPF Studio 2009.2 (build 515).Analysis Management System: 1.0.0.1 Update: Fix - Issue 4004 Nieuw - Beschikbare klanten kunnen nu bekeken worden via Extra/Aanvragers (Ctrl R)Apunta Notas: Apunta Notas 1.0 Release Candidate: There is the Release Candidate of Apunta Notas.ARSoft.Tools.Net - C# DNS and SPF Library: 1.2.0: Added asynchronous operations for DNS client.CRM 4.0 Distribute Workflow Activity: Beta: Initial release. Complete functionality, limited testing.Dbg Shell: First Public Release: First ReleaseDnDns and PocketDnDns - A .NET DNS Client Resolver Library: DnDns Library Release 2: A DNS protocol library written completely in managed code (C#). Supports common DNS records types like A, CNAME, MX, SRV, and more. Works on Window...Egg Timer: Egg Timer v1.0: Pretty simple application. Set the time directly or use the 5 minute and 1 hour increment/decrement buttons.EnhSim: EnhSim v1.9.7.2 BETA: 1.9.7.2 BETAImportant!: This beta version includes the changes to the Flame shock damage-over-time component which are currently on the PTR. Downlo...EnhSim: EnhSim v1.9.7.3 BETA: Important!: This beta version includes the changes to the Flame shock damage-over-time component which are currently on the PTR. Download 1.9.7.1 f...Esendex SMS SDK and Downloads for Microsoft.NET languages: Esendex .NET SDK v0.4.0: Features Messaging Service: Send a single SMS message and multiple SMS messages. Send a single Voice Message and multiple Voice Messages. Send...Event Calendar 2.0 Data Extractor: V1.0: First ever build of extractorExcelDna: ExcelDna Version 0.22: An important bugfix release that fixes a critical bug in the MultiThreaded marshaling support (under Excel 2007).InfoService: InfoService v1.5 Beta 8: InfoService Beta Release Please note this is a BETA. It should be stable, but i can't gurantee that! So use it on your own risk. Please read Plugi...Krypton Palette Selectors: Release 1.2: Adds the new KryptonPaletteContextMenu and refactors the KryptonPaletteDropButton to use it.kuuy static system: kss_v1.0beta: kuuy static sytem 1.0 beta editionlibtym: libtym: First public release version. Full functionality, tested. Please notify about bugs.mojoPortal: 2.3.3.9: see release notes on mojoPortal.com http://www.mojoportal.com/mojoportal-2339-released.aspx This release makes it easy to use Artisteer html templa...Net Tool: v1.01: User interface has been changedOpen NFSe: Open NFSe 0.1 (Salvador): Open NFSe 0.1 (Salvador)Paint.NET PSD Plugin: 1.0.7: Further substantial improvements in speed of both loading and saving. In particular, loading is about 5x as fast as in version 1.0.6. Saving is ...Project Starlight: 2.0: Release 2.0 final Changes: -Numerous stability fixes -Firefox 3.5 support -Safari 64 bit support (Snow Leopard) Mac and Windows Binaries are avai...RoTwee: RoTwee 5.0.0.1: This version fix for 16620Secure Data: Secure Data 2010.02.22.01: This version has been rewritten and contains many enhancements and I encourage anyone interested to download the source code and work through the Q...TreeSizeNet: TreeSizeNet 0.10.1: - Complete Redesign - Improved Stability - Improved Performance - PieChart for directory contentUrl Rewrite.Net: Beta V0.1 Release: Includes : -Custom Http Module -Custom Configuration Section Module ( in web.config) -Rewriting ModuleVCC: Latest build, v2.1.30222.0: Automatic drop of latest buildWebPart and WebService Currency Converter: CurrencyConverter.zip: CurrencyConverter.zip Have 3 Project on this files: 1. Library Project 2. Load Library Project Using Web Services 3. Load Library Project Using We...WSUS Smart Approve: 1.0.0.2: Fix: 25903ZuneConsole: ZuneConsole: Console GUI for the Zune Customs library, which should make everything work. This is what you should download.ZuneConsole: ZuneConsole How-To Manual: A quick (only 9 pages lol) tutorial on how to add custom artist info to your Zune.Most Popular ProjectsRawrWBFS ManagerAJAX Control ToolkitMicrosoft SQL Server Product Samples: DatabaseSilverlight ToolkitWindows Presentation Foundation (WPF)ASP.NETDotNetNuke® Community EditionImage Resizer Powertoy Clone for WindowsMicrosoft SQL Server Community & SamplesMost Active ProjectsDinnerNow.netRawrBlogEngine.NETNB_Store - Free DotNetNuke Ecommerce Catalog ModuleSharpyInfoServicejQuery Library for SharePoint Web ServicesPHPExcelpatterns & practices – Enterprise LibrarySharePoint Contrib

Read the article

Stupid Geek Tricks: Compare Your Browser’s Memory Usage with Google Chrome

- by The Geek

Ever tried to figure out exactly how much memory Google Chrome or Internet Explorer is using? Since they each show up a bunch of times in Task Manager, it’s not so easy! Here’s the quick and easy way to compare them. Both Chrome and IE use multiple processes to isolate tabs from each other, to make sure that one tab doesn’t kill the whole browser. Firefox, on the other hand, just uses a single process for everything. Rather than pulling out a calculator and adding them all up, you can just open up Google Chrome, and type in about:memory into the location bar to see a full list of each browser’s memory usage. On my test system with 6 GB of system RAM, I’m running the Development channel version of Chrome, and I’ve got about 40 different tabs open, which is why the memory usage is so high. Firefox has 8 tabs open, and IE is enjoying being opened for the first time in forever. Want to help cut down on memory usage and keep your Chrome browser running fast? Disable all unnecessary extensions, and then make sure you disable any plug-ins that you don’t need either. Similar Articles Productive Geek Tips Stupid Geek Tricks: Duplicate a Tab with a Shortcut Key in Chrome or FirefoxStupid Geek Tricks: Shrink the XP Volume ControlStupid Geek Tricks: Tile or Cascade Multiple Windows in Windows 7Fix for Firefox memory leak on WindowsHow to Purge Memory in Google Chrome TouchFreeze Alternative in AutoHotkey The Icy Undertow Desktop Windows Home Server – Backup to LAN The Clear & Clean Desktop Use This Bookmarklet to Easily Get Albums Use AutoHotkey to Assign a Hotkey to a Specific Window Latest Software Reviews Tinyhacker Random Tips DVDFab 6 Revo Uninstaller Pro Registry Mechanic 9 for Windows PC Tools Internet Security Suite 2010 Download Free MP3s from Amazon Awe inspiring, inter-galactic theme (Win 7) Case Study – How to Optimize Popular Wordpress Sites Restore Hidden Updates in Windows 7 & Vista Iceland an Insurance Job? Find Downloads and Add-ins for Outlook

Read the article

Switched to xubuntu, unity theme wont go away

- by Ethan

I got fed up with unity and decided to switch to xubuntu, following the instructions on this thread. Almost everything went well, and I'm much happier with the system. but the window borders from the unity theme are still being used, overriding the xubuntu themes. I've uninstalled all the unity stuff that I can find. I have, however, kept compiz for some of its functionality. I note that if I disable the "Window Decoration" plugin the whole border disappears leaving nothing behind. I want to have normal xubuntu borders. (note that stuff like chromium that handles its own borders displays correctly) I'll gladly give more details, or upload screenshots. Just let me know what information would be helpful. Thanks, Ethan

Read the article

Setting up Github post-receive webhook with private Jenkins and private repo

- by Joseph S.

I'm trying to set up a private GitHub project to send a post-receive request to a private Jenkins instance to trigger a project build on branch push. Using latest Jenkins with the GitHub plugin. I believe I set up everything correctly on the Jenkins side because when sending a request from a public server with curl like this: curl http://username:password@ipaddress:port/github-webhook/ results in: Stacktrace: net.sf.json.JSONException: null object which is fine because the JSON payload is missing. Sending the wrong username and password in the URI results in: Exception: Failed to login as username I interpret this as a correct Jenkins configuration. Both of these requests also result in entries in the Jenkins log. However, when pasting the exact same URI from above into the Github repository Post-Receive URLs Service Hook and clicking on Test Hook, absolutely nothing seems to happen on my server. Nothing in the Jenkins log and the GitHub Hook Log in the Jenkins project says Polling has not run yet. I have run out of ideas and don't know how to proceed further.

Read the article

Setup Exchange 2007 ActiveSync web application on a separate server

- by mwillmott

Hello, I have Exchange 2007 installed on SBS 2008. I also run a web server on the network. I only have one static IP and all traffic trough port 443 is routed to the webserver. I would like to publish the ActiveSync application externally. If i temporarily route 443 traffic to the SBS then it is published (along with owa and everything else which i don't want). Is there a way to host the ActiveSync application on the web server (Server 2008 with IIS7) or to get it to route traffic meant for the ActiveSync application? I have tried creating a site on the webserver which uses the ActiveSync folder on the SBS but that does not seem to work. Thanks, Michael

Read the article

ISA Proxy - HTTPS Traffic

- by x100

We have an ISA 2006 setup for our organisations proxy. It's been working well for the last few months just blocking everything except a few allowed web site and web applications. We need to allow some people to access a web application hosted off site via HTTPS. I've tried and tried, wasted 3 days on it and have given in. Can someone please tell me how on earth this is achieved? Looking at the Monitor, it looks like it passes one rule, then is blocked by the default rule. I just don't unterstand it well enough to take it on further.

Read the article

iptables syn flood countermeasure

- by Penegal

I'm trying to adjust my iptables firewall to increase the security of my server, and I found something a bit problematic here : I have to set INPUT policy to ACCEPT and, in addition, to have a rule saying iptables -I INPUT -i eth0 -j ACCEPT. Here comes my script (launched manually for tests) : #!/bin/sh IPT=/sbin/iptables echo "Clearing firewall rules" $IPT -F $IPT -Z $IPT -t nat -F $IPT -t nat -Z $IPT -t mangle -F $IPT -t mangle -Z $IPT -X echo "Defining logging policy for dropped packets" $IPT -N LOGDROP $IPT -A LOGDROP -j LOG -m limit --limit 5/min --log-level debug --log-prefix "iptables rejected: " $IPT -A LOGDROP -j DROP echo "Setting firewall policy" $IPT -P INPUT DROP # Deny all incoming connections $IPT -P OUTPUT ACCEPT # Allow all outgoing connections $IPT -P FORWARD DROP # Deny all forwaring echo "Allowing connections from/to lo and incoming connections from eth0" $IPT -I INPUT -i lo -j ACCEPT $IPT -I OUTPUT -o lo -j ACCEPT #$IPT -I INPUT -i eth0 -j ACCEPT echo "Setting SYN flood countermeasures" $IPT -A INPUT -p tcp -i eth0 --syn -m limit --limit 100/second --limit-burst 200 -j LOGDROP echo "Allowing outgoing traffic corresponding to already initiated connections" $IPT -A OUTPUT -p ALL -m state --state ESTABLISHED,RELATED -j ACCEPT echo "Allowing incoming SSH" $IPT -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH -j ACCEPT echo "Setting SSH bruteforce attacks countermeasures (deny more than 10 connections every 10 minutes)" $IPT -A INPUT -p tcp --dport 22 -m recent --update --seconds 600 --hitcount 10 --rttl --name SSH -j LOGDROP echo "Allowing incoming traffic for HTTP, SMTP, NTP, PgSQL and SolR" $IPT -A INPUT -p tcp --dport 25 -i eth0 -j ACCEPT $IPT -A INPUT -p tcp --dport 80 -i eth0 -j ACCEPT $IPT -A INPUT -p udp --dport 123 -i eth0 -j ACCEPT $IPT -A INPUT -p tcp --dport 5433 -i eth0.2654 -s 172.16.0.2 -j ACCEPT $IPT -A INPUT -p udp --dport 5433 -i eth0.2654 -s 172.16.0.2 -j ACCEPT $IPT -A INPUT -p tcp --dport 8983 -i eth0.2654 -s 172.16.0.2 -j ACCEPT $IPT -A INPUT -p udp --dport 8983 -i eth0.2654 -s 172.16.0.2 -j ACCEPT echo "Allowing outgoing traffic for ICMP, SSH, whois, SMTP, DNS, HTTP, PgSQL and SolR" $IPT -A OUTPUT -p tcp --dport 22 -j ACCEPT $IPT -A OUTPUT -p tcp --dport 25 -o eth0 -j ACCEPT $IPT -A OUTPUT -p tcp --dport 43 -o eth0 -j ACCEPT $IPT -A OUTPUT -p tcp --dport 53 -o eth0 -j ACCEPT $IPT -A OUTPUT -p udp --dport 53 -o eth0 -j ACCEPT $IPT -A OUTPUT -p tcp --dport 80 -o eth0 -j ACCEPT $IPT -A OUTPUT -p udp --dport 80 -o eth0 -j ACCEPT #$IPT -A OUTPUT -p tcp --dport 5433 -o eth0 -d 176.31.236.101 -j ACCEPT #$IPT -A OUTPUT -p udp --dport 5433 -o eth0 -d 176.31.236.101 -j ACCEPT #$IPT -A OUTPUT -p tcp --dport 8983 -o eth0 -d 176.31.236.101 -j ACCEPT #$IPT -A OUTPUT -p udp --dport 8983 -o eth0 -d 176.31.236.101 -j ACCEPT $IPT -A OUTPUT -p tcp --sport 5433 -o eth0.2654 -j ACCEPT $IPT -A OUTPUT -p udp --sport 5433 -o eth0.2654 -j ACCEPT $IPT -A OUTPUT -p tcp --sport 8983 -o eth0.2654 -j ACCEPT $IPT -A OUTPUT -p udp --sport 8983 -o eth0.2654 -j ACCEPT $IPT -A OUTPUT -p icmp -j ACCEPT echo "Allowing outgoing FTP backup" $IPT -A OUTPUT -p tcp --dport 20:21 -o eth0 -d 91.121.190.78 -j ACCEPT echo "Dropping and logging everything else" $IPT -A INPUT -s 0/0 -j LOGDROP $IPT -A OUTPUT -j LOGDROP $IPT -A FORWARD -j LOGDROP echo "Firewall loaded." echo "Maintaining new rules for 3 minutes for tests" sleep 180 $IPT -nvL echo "Clearing firewall rules" $IPT -F $IPT -Z $IPT -t nat -F $IPT -t nat -Z $IPT -t mangle -F $IPT -t mangle -Z $IPT -X $IPT -P INPUT ACCEPT $IPT -P OUTPUT ACCEPT $IPT -P FORWARD ACCEPT When I launch this script (I only have a SSH access), the shell displays every message up to Maintaining new rules for 3 minutes for tests, the server is unresponsive during the 3 minutes delay and then resume normal operations. The only solution I found until now was to set $IPT -P INPUT ACCEPT and $IPT -I INPUT -i eth0 -j ACCEPT, but this configuration does not protect me of any attack, which is a great shame for a firewall. I suspect that the error comes from my script and not from iptables, but I don't understand what's wrong with my script. Could some do-gooder explain me my error, please? EDIT: here comes the result of iptables -nvL with the "accept all input" ($IPT -P INPUT ACCEPT and $IPT -I INPUT -i eth0 -j ACCEPT) solution : Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 52 ACCEPT all -- eth0 * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 0 0 LOGDROP tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 limit: avg 100/sec burst 200 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 state NEW recent: SET name: SSH side: source 0 0 LOGDROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 recent: UPDATE seconds: 600 hit_count: 10 TTL-Match name: SSH side: source 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 0 0 ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:123 0 0 ACCEPT tcp -- eth0.2654 * 172.16.0.2 0.0.0.0/0 tcp dpt:5433 0 0 ACCEPT udp -- eth0.2654 * 172.16.0.2 0.0.0.0/0 udp dpt:5433 0 0 ACCEPT tcp -- eth0.2654 * 172.16.0.2 0.0.0.0/0 tcp dpt:8983 0 0 ACCEPT udp -- eth0.2654 * 172.16.0.2 0.0.0.0/0 udp dpt:8983 0 0 LOGDROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 LOGDROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0 2 728 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp dpt:43 0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 0 0 ACCEPT udp -- * eth0 0.0.0.0/0 0.0.0.0/0 udp dpt:53 0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 0 0 ACCEPT udp -- * eth0 0.0.0.0/0 0.0.0.0/0 udp dpt:80 0 0 ACCEPT tcp -- * eth0.2654 0.0.0.0/0 0.0.0.0/0 tcp spt:5433 0 0 ACCEPT udp -- * eth0.2654 0.0.0.0/0 0.0.0.0/0 udp spt:5433 0 0 ACCEPT tcp -- * eth0.2654 0.0.0.0/0 0.0.0.0/0 tcp spt:8983 0 0 ACCEPT udp -- * eth0.2654 0.0.0.0/0 0.0.0.0/0 udp spt:8983 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 91.121.190.78 tcp dpts:20:21 0 0 LOGDROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain LOGDROP (5 references) pkts bytes target prot opt in out source destination 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 5/min burst 5 LOG flags 0 level 7 prefix `iptables rejected: ' 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 EDIT #2 : I modified my script (policy ACCEPT, defining authorized incoming packets then logging and dropping everything else) to write iptables -nvL results to a file and to allow only 10 ICMP requests per second, logging and dropping everything else. The result proved unexpected : while the server was unavailable to SSH connections, even already established, I ping-flooded it from another server, and the ping rate was restricted to 10 requests per second. During this test, I also tried to open new SSH connections, which remained unanswered until the script flushed rules. Here comes the iptables stats written after these tests : Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 600 35520 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 6 360 LOGDROP tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 limit: avg 100/sec burst 200 0 0 LOGDROP tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 STRING match "w00tw00t.at.ISC.SANS." ALGO name bm TO 65535 0 0 LOGDROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 STRING match "Host: anoticiapb.com.br" ALGO name bm TO 65535 0 0 LOGDROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 STRING match "Host: www.anoticiapb.com.br" ALGO name bm TO 65535 105 8820 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/sec burst 5 830 69720 LOGDROP icmp -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 state NEW recent: SET name: SSH side: source 0 0 LOGDROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 recent: UPDATE seconds: 600 hit_count: 10 TTL-Match name: SSH side: source 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 0 0 ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:80 0 0 ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:123 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 0 0 ACCEPT tcp -- eth0.2654 * 172.16.0.1 0.0.0.0/0 tcp spt:5433 0 0 ACCEPT udp -- eth0.2654 * 172.16.0.1 0.0.0.0/0 udp spt:5433 0 0 ACCEPT tcp -- eth0.2654 * 172.16.0.1 0.0.0.0/0 tcp spt:8983 0 0 ACCEPT udp -- eth0.2654 * 172.16.0.1 0.0.0.0/0 udp spt:8983 16 1684 LOGDROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 LOGDROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 600 35520 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0 0 0 LOGDROP tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 owner UID match 33 0 0 LOGDROP udp -- * eth0 0.0.0.0/0 0.0.0.0/0 udp dpt:80 owner UID match 33 116 11136 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 0 0 ACCEPT udp -- * eth0 0.0.0.0/0 0.0.0.0/0 udp dpt:53 0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 0 0 ACCEPT udp -- * eth0 0.0.0.0/0 0.0.0.0/0 udp dpt:80 0 0 ACCEPT tcp -- * eth0.2654 0.0.0.0/0 0.0.0.0/0 tcp dpt:5433 0 0 ACCEPT udp -- * eth0.2654 0.0.0.0/0 0.0.0.0/0 udp dpt:5433 0 0 ACCEPT tcp -- * eth0.2654 0.0.0.0/0 0.0.0.0/0 tcp dpt:8983 0 0 ACCEPT udp -- * eth0.2654 0.0.0.0/0 0.0.0.0/0 udp dpt:8983 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp dpt:43 0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 91.121.190.18 tcp dpts:20:21 7 1249 LOGDROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain LOGDROP (11 references) pkts bytes target prot opt in out source destination 35 3156 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 5 LOG flags 0 level 7 prefix `iptables rejected: ' 859 73013 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Here comes the log content added during this test : Mar 28 09:52:51 localhost kernel: iptables rejected: IN=eth0 OUT= MAC=00:25:90:54:d7:88:10:8c:cf:28:39:80:08:00 SRC=194.51.74.245 DST=176.31.238.3 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=55666 DF PROTO=TCP SPT=57504 DPT=22 WINDOW=501 RES=0x00 ACK URGP=0 Mar 28 09:52:51 localhost kernel: iptables rejected: IN=eth0 OUT= MAC=00:25:90:54:d7:88:10:8c:cf:28:39:80:08:00 SRC=194.51.74.245 DST=176.31.238.3 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=55667 DF PROTO=TCP SPT=57504 DPT=22 WINDOW=501 RES=0x00 ACK URGP=0 Mar 28 09:52:51 localhost kernel: iptables rejected: IN=eth0 OUT= MAC=00:25:90:54:d7:88:10:8c:cf:28:39:80:08:00 SRC=194.51.74.245 DST=176.31.238.3 LEN=64 TOS=0x00 PREC=0x00 TTL=51 ID=55668 DF PROTO=TCP SPT=57504 DPT=22 WINDOW=501 RES=0x00 ACK URGP=0 Mar 28 09:52:51 localhost kernel: iptables rejected: IN=eth0 OUT= MAC=00:25:90:54:d7:88:10:8c:cf:28:39:80:08:00 SRC=194.51.74.245 DST=176.31.238.3 LEN=64 TOS=0x00 PREC=0x00 TTL=51 ID=55669 DF PROTO=TCP SPT=57504 DPT=22 WINDOW=501 RES=0x00 ACK URGP=0 Mar 28 09:52:52 localhost kernel: iptables rejected: IN=eth0 OUT= MAC=00:25:90:54:d7:88:10:8c:cf:28:39:80:08:00 SRC=194.51.74.245 DST=176.31.238.3 LEN=64 TOS=0x00 PREC=0x00 TTL=51 ID=55670 DF PROTO=TCP SPT=57504 DPT=22 WINDOW=501 RES=0x00 ACK URGP=0 Mar 28 09:52:54 localhost kernel: iptables rejected: IN=eth0 OUT= MAC=00:25:90:54:d7:88:10:8c:cf:28:39:80:08:00 SRC=194.51.74.245 DST=176.31.238.3 LEN=64 TOS=0x00 PREC=0x00 TTL=51 ID=55671 DF PROTO=TCP SPT=57504 DPT=22 WINDOW=501 RES=0x00 ACK URGP=0 Mar 28 09:52:58 localhost kernel: iptables rejected: IN=eth0 OUT= MAC=00:25:90:54:d7:88:10:8c:cf:28:39:80:08:00 SRC=194.51.74.245 DST=176.31.238.3 LEN=64 TOS=0x00 PREC=0x00 TTL=51 ID=55672 DF PROTO=TCP SPT=57504 DPT=22 WINDOW=501 RES=0x00 ACK URGP=0 Mar 28 09:52:59 localhost kernel: iptables rejected: IN=eth0 OUT= MAC=00:25:90:54:d7:88:10:8c:cf:28:39:80:08:00 SRC=176.31.236.101 DST=176.31.238.3 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=7430 SEQ=6 Mar 28 09:52:59 localhost kernel: iptables rejected: IN=eth0 OUT= MAC=00:25:90:54:d7:88:10:8c:cf:28:39:80:08:00 SRC=176.31.236.101 DST=176.31.238.3 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=7430 SEQ=7 Mar 28 09:52:59 localhost kernel: iptables rejected: IN=eth0 OUT= MAC=00:25:90:54:d7:88:10:8c:cf:28:39:80:08:00 SRC=176.31.236.101 DST=176.31.238.3 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=7430 SEQ=8 Mar 28 09:52:59 localhost kernel: iptables rejected: IN=eth0 OUT= MAC=00:25:90:54:d7:88:10:8c:cf:28:39:80:08:00 SRC=176.31.236.101 DST=176.31.238.3 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=7430 SEQ=9 Mar 28 09:52:59 localhost kernel: iptables rejected: IN=eth0 OUT= MAC=00:25:90:54:d7:88:10:8c:cf:28:39:80:08:00 SRC=176.31.236.101 DST=176.31.238.3 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=7430 SEQ=59 Mar 28 09:53:00 localhost kernel: iptables rejected: IN=eth0 OUT= MAC=00:25:90:54:d7:88:10:8c:cf:28:39:80:08:00 SRC=176.31.236.101 DST=176.31.238.3 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=7430 SEQ=152 Mar 28 09:53:01 localhost kernel: iptables rejected: IN=eth0 OUT= MAC=00:25:90:54:d7:88:10:8c:cf:28:39:80:08:00 SRC=176.31.236.101 DST=176.31.238.3 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=7430 SEQ=246 Mar 28 09:53:02 localhost kernel: iptables rejected: IN=eth0 OUT= MAC=00:25:90:54:d7:88:10:8c:cf:28:39:80:08:00 SRC=176.31.236.101 DST=176.31.238.3 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=7430 SEQ=339 Mar 28 09:53:03 localhost kernel: iptables rejected: IN=eth0 OUT= MAC=00:25:90:54:d7:88:10:8c:cf:28:39:80:08:00 SRC=176.31.236.101 DST=176.31.238.3 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=7430 SEQ=432 Mar 28 09:53:04 localhost kernel: iptables rejected: IN=eth0 OUT= MAC=00:25:90:54:d7:88:10:8c:cf:28:39:80:08:00 SRC=176.31.236.101 DST=176.31.238.3 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=7430 SEQ=524 Mar 28 09:53:05 localhost kernel: iptables rejected: IN=eth0 OUT= MAC=00:25:90:54:d7:88:10:8c:cf:28:39:80:08:00 SRC=176.31.236.101 DST=176.31.238.3 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=7430 SEQ=617 Mar 28 09:53:06 localhost kernel: iptables rejected: IN=eth0 OUT= MAC=00:25:90:54:d7:88:10:8c:cf:28:39:80:08:00 SRC=176.31.236.101 DST=176.31.238.3 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=7430 SEQ=711 Mar 28 09:53:07 localhost kernel: iptables rejected: IN=eth0 OUT= MAC=00:25:90:54:d7:88:10:8c:cf:28:39:80:08:00 SRC=176.31.236.101 DST=176.31.238.3 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=7430 SEQ=804 Mar 28 09:53:08 localhost kernel: iptables rejected: IN=eth0 OUT= MAC=00:25:90:54:d7:88:10:8c:cf:28:39:80:08:00 SRC=176.31.236.101 DST=176.31.238.3 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=7430 SEQ=897 Mar 28 09:53:16 localhost kernel: iptables rejected: IN=eth0 OUT= MAC=00:25:90:54:d7:88:c0:62:6b:e3:5c:80:08:00 SRC=194.51.74.245 DST=176.31.238.3 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=61402 DF PROTO=TCP SPT=57637 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0 Mar 28 09:53:19 localhost kernel: iptables rejected: IN=eth0 OUT= MAC=00:25:90:54:d7:88:c0:62:6b:e3:5c:80:08:00 SRC=194.51.74.245 DST=176.31.238.3 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=61403 DF PROTO=TCP SPT=57637 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0 Mar 28 09:53:21 localhost kernel: iptables rejected: IN=eth0 OUT= MAC=00:25:90:54:d7:88:10:8c:cf:28:39:80:08:00 SRC=194.51.74.245 DST=176.31.238.3 LEN=64 TOS=0x00 PREC=0x00 TTL=51 ID=55674 DF PROTO=TCP SPT=57504 DPT=22 WINDOW=501 RES=0x00 ACK URGP=0 Mar 28 09:53:25 localhost kernel: iptables rejected: IN=eth0 OUT= MAC=00:25:90:54:d7:88:c0:62:6b:e3:5c:80:08:00 SRC=194.51.74.245 DST=176.31.238.3 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=61404 DF PROTO=TCP SPT=57637 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0 Mar 28 09:53:37 localhost kernel: iptables rejected: IN=eth0 OUT= MAC=00:25:90:54:d7:88:10:8c:cf:28:39:80:08:00 SRC=194.51.74.245 DST=176.31.238.3 LEN=116 TOS=0x00 PREC=0x00 TTL=51 ID=55675 DF PROTO=TCP SPT=57504 DPT=22 WINDOW=501 RES=0x00 ACK PSH URGP=0 Mar 28 09:53:37 localhost kernel: iptables rejected: IN=eth0 OUT= MAC=00:25:90:54:d7:88:10:8c:cf:28:39:80:08:00 SRC=194.51.74.245 DST=176.31.238.3 LEN=116 TOS=0x00 PREC=0x00 TTL=51 ID=55676 DF PROTO=TCP SPT=57504 DPT=22 WINDOW=501 RES=0x00 ACK PSH URGP=0 Mar 28 09:53:37 localhost kernel: iptables rejected: IN=eth0 OUT= MAC=00:25:90:54:d7:88:10:8c:cf:28:39:80:08:00 SRC=194.51.74.245 DST=176.31.238.3 LEN=180 TOS=0x00 PREC=0x00 TTL=51 ID=55677 DF PROTO=TCP SPT=57504 DPT=22 WINDOW=501 RES=0x00 ACK PSH URGP=0 Mar 28 09:53:38 localhost kernel: iptables rejected: IN=eth0 OUT= MAC=00:25:90:54:d7:88:10:8c:cf:28:39:80:08:00 SRC=194.51.74.245 DST=176.31.238.3 LEN=180 TOS=0x00 PREC=0x00 TTL=51 ID=55678 DF PROTO=TCP SPT=57504 DPT=22 WINDOW=501 RES=0x00 ACK PSH URGP=0 Mar 28 09:53:39 localhost kernel: iptables rejected: IN=eth0 OUT= MAC=00:25:90:54:d7:88:10:8c:cf:28:39:80:08:00 SRC=194.51.74.245 DST=176.31.238.3 LEN=180 TOS=0x00 PREC=0x00 TTL=51 ID=55679 DF PROTO=TCP SPT=57504 DPT=22 WINDOW=501 RES=0x00 ACK PSH URGP=0 Mar 28 09:53:39 localhost kernel: iptables rejected: IN=eth0 OUT= MAC=00:25:90:54:d7:88:c0:62:6b:e3:5c:80:08:00 SRC=194.51.74.245 DST=176.31.238.3 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=5055 DF PROTO=TCP SPT=57638 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0 Mar 28 09:53:41 localhost kernel: iptables rejected: IN=eth0 OUT= MAC=00:25:90:54:d7:88:10:8c:cf:28:39:80:08:00 SRC=194.51.74.245 DST=176.31.238.3 LEN=180 TOS=0x00 PREC=0x00 TTL=51 ID=55680 DF PROTO=TCP SPT=57504 DPT=22 WINDOW=501 RES=0x00 ACK PSH URGP=0 Mar 28 09:53:42 localhost kernel: iptables rejected: IN=eth0 OUT= MAC=00:25:90:54:d7:88:c0:62:6b:e3:5c:80:08:00 SRC=194.51.74.245 DST=176.31.238.3 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=5056 DF PROTO=TCP SPT=57638 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0 Mar 28 09:53:45 localhost kernel: iptables rejected: IN=eth0 OUT= MAC=00:25:90:54:d7:88:10:8c:cf:28:39:80:08:00 SRC=194.51.74.245 DST=176.31.238.3 LEN=180 TOS=0x00 PREC=0x00 TTL=51 ID=55681 DF PROTO=TCP SPT=57504 DPT=22 WINDOW=501 RES=0x00 ACK PSH URGP=0 Mar 28 09:53:48 localhost kernel: iptables rejected: IN=eth0 OUT= MAC=00:25:90:54:d7:88:c0:62:6b:e3:5c:80:08:00 SRC=194.51.74.245 DST=176.31.238.3 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=5057 DF PROTO=TCP SPT=57638 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0 If I correctly interpreted these results, they say that ICMP rules were correctly interpreted by iptables, but SSH rules were not. This does not make any sense... Does somebody understand where my error comes from? EDIT #3 : After some more tests, I found out that commenting the SYN flood countermeasure removes the problem. I continue researches in this way but, meanwhile, if somebody sees my anti SYN flood rule error...

Read the article

VPN with wrong subnet mask

- by Philipp Schmid

I followed these instructions on www.hottonetworking.com to set up VPN on a clean install of Windows Server 2008 SP2 (not R2 yet). When I then establish a VPN connection to that machine from a client machine (running Windows 7 RC), everything succeeds (it seems since I get a 'Connected' state in the network sharing center window), but I end up with a subnet mask (according to ipconfig /all) of 255.255.255.255 instead of 255.255.255.0. The net effect is that I don't have local network or internet capability. What additional configuration steps do I have to do to get VPN with the proper subnet mask working? Update: Using the steps outlined in the Technet article mentioned by Mr. Nimble, I was able to get internet connection. Apparently the subnet mask is not an issue as my coworker was able to connect using his VPN connection and ping the server machine by name as well.

Read the article

Streaming Netflix Media with My Wii

- by Ben Griswold

Late last year, I wrote about Streaming Media with my Sony Blu-ray Disc Player. I am still digging the Blu-ray player setup but guess what showed up in the mail yesterday? That’s right! A free Netflix disc which now let’s me instantly watch TV episodes and movies via my Wii console. I popped the disc into the console and in less than 2 minutes the brain-numbingly simple activation was complete. (Full-disclosure: I already had my Wi-Fi connection configured, but I’m confident that the Netflix installation disc would have helpfully walked me through this additional step if need be.) As it turns out, the Wii Netflix UI offers far more options than what one gets with the Blu-ray setup. Not only can I view my Instant Queue, but there’s a list of recently watched movies, a list of recommended titles by category, the star rating system, movies information and nearly everything you find on the web. I reread Steve Krug’s Don’t Make Me Think: A Common Sense Approach to Web Usability on a flight back from Orlando on Wednesday, so my current view of the world may be a little skewed but, the brilliance of Netflix Wii’s user interface is undeniable. It’s not like the Blu-ray navigation is complicated but the Wii navigation feels familiar and intuitive. How intuitive? Well, you won’t find a single bit of help text on any of the Wii screens – just a simple and obvious point-and-click navigation system. And the UI is really pretty (which is still very important if you ask me) and so easy it became fun. Did I mention the media streaming works! Yep, we watched 2 half-hour kid videos yesterday without any streaming issues at all. If you have a Netflix account and a Wii, order your disc and give it a go. It’s good stuff.

Read the article

Future direction for a developer who is expert in latest software technologies…

- by Muaz Khan

Hi everyone, If a (new-coming) developer that learns latest technologies as well as can develop amazing stuff with those technologies and did Bachelors in Arts (BA). So what ’ll be the future of this kind of developer? I meant did he can get good job without degree? I think (but it is the universal truth that) no one (org or company) permit these kind of developers to join them because degree is must for job!! I’m worried about why the world depends upon degree? Why degree is necessary for good job? If a developer has a good experience, why he cannot be able to get good job without degree? What is the future of developer that starts his life as a freelancer and learns everything himself with the help of online available resources? Why companies prerequisite the degree for a good job? A developer without degree can be expert than that who have a degree of MSC etc. Because in 3rd world countries especially Pakistan, a BSC level student taught VB6 and the MSC level student learns C/C++. The common student doesn’t know about latest innovative technologies and he think that the world is depending upon VB6 or C/C++. What is the comparison of that students with a developer that do Bachelors in Arts but know (and can do well with) latest technologies.

Read the article

Heroku SSL "certificate is only valid for the following names: *.herokuapp.com, herokuapp.com"

- by benedict_w

I'm trying to setup a Geotrust SSL certificate for my Heroku app using the SSL Endpoint addon and the instructions at https://devcenter.heroku.com/articles/ssl-endpoint. I generated my public key from my private key using: openssl rsa -in server.orig.key -out server.key and added to the heroku certs: heroku certs:add server.crt server.key Everything seemed to be fine. heroku certs listed the corrected information only with Trusted = false for my certificate. If I go to https://tokyo-2121.herokussl.com the browser says: You attempted to reach tokyo-2121.herokussl.com, but instead you actually reached a server identifying itself as www.mydomain.com. As expected with the certificate apparently identifying the correct domain, but When I set up the CNAME to the given tokyo-2121.herokussl.com and visit my subdomain the browser says: www.mydomain.com uses an invalid security certificate. The certificate is only valid for the following names: *.herokuapp.com , herokuapp.com If I run curl -kv https://www.mydomain.com I get: subjectAltName does not match www.mydomain.com

Read the article

Cannot run setups from a vboxsvr mapped network drive on Windows within VirtualBox

- by Dimitri C.

I'm trying to run an application setup by double-clicking the setup.exe from within Windows Explorer. The file is located on a mapped network drive, and I'm using Windows 7. This results in the following error message: The specified path does not exist. Check the path, and then try again. The workaround I found is to copy the installer to the main hard drive (c:) and run it from there; however, this is rather inconvenient. I have the impression that the problem only occurs with installers, as everything seemed to work fine with regular exe's. Is there anyone who can explain this odd behavior? Update: After some extended tests I noticed that the problem only occurs with a mapped drive of VirtualBox's "shared folders" (cf. vboxsvr; VirtualBox v3.1.4). Mapping an SMB drive works fine. Update: The same problem occurs on Windows Vista.

Read the article

Google Apps email hosting for a GoDaddy-hosted site works locally but not on live site

- by CrB

GoDaddy email issues are plentiful, but I have not been able to find anyone resolve this same problem: I have a GoDaddy hosted site, and a Google Apps account. The MX info on GoDaddy is correct, as is my server-side code, and the Google Apps credentials in my web.config file (host:smtp.gmail.com, port:587) are correct. I know this because I am able to send emails through SmtpClient hosted my local machine's server when debugging the site. However, once transferred to the GoDaddy hosting account, all emails will not send -- they just time out. Nothing has changed aside from the site being run on the GoDaddy server as opposed to a local server. EDIT - SSL is enabled. A two part question: 1) Does anybody have any ideas about how to tackle this? 2) If not, is there another web hosting or email hosting site, or a combination of 2, that people can confirm is fast, actually works, and is not impossible to coordinate as is everything with GoDaddy? (I am aware that GoDaddy has their own relaying email server, but I initially used it before switching to Google and found emails coming in 30-60 minutes late).

Search Results

Search found 19279 results on 772 pages for 'everything'.

Page 238/772 | < Previous Page | 234 235 236 237 238 239 240 241 242 243 244 245 | Next Page >

- by Lucifer Sam

- by Garet Claborn

- by Mike Young

- by Molotch

- by Anshuman

- by cristian.condurache(at)oracle.com

- by user1291203

- by newbie

- by jhpierce -Oracle

- by Phil Catalano-Oracle

- by AlanBoucher-Oracle

- by Elena

- by The Geek

- by Ethan

- by Joseph S.

- by mwillmott

- by x100

- by Penegal

- by Philipp Schmid

- by Ben Griswold

- by Muaz Khan

- by benedict_w

- by Dimitri C.

- by CrB

< Previous Page | 234 235 236 237 238 239 240 241 242 243 244 245 | Next Page >