Search Results

Search found 11077 results on 444 pages for 'ip'.

Page 305/444 | < Previous Page | 301 302 303 304 305 306 307 308 309 310 311 312 | Next Page >

traffic shaping for certain (local) users

- by JMW

Hello, i'm using ubuntu 10.10 i've a local backup user called "backup". :) i would like to give this user just a bandwidth of 1Mbit. No matter which software wants to connect to the network. this solution doesn't work: iptables -t mangle -A OUTPUT -p tcp -m owner --uid-owner 1001 -j MARK --set-mark 12 iptables -t mangle -A POSTROUTING -p tcp -m owner --uid-owner 1001 -j MARK --set-mark 12 tc qdisc del dev eth0 root tc qdisc add dev eth0 root handle 2 htb default 1 tc filter add dev eth0 parent 2: protocol ip pref 2 handle 50 fw classid 2:6 tc class add dev eth0 parent 2: classid 2:6 htb rate 10Kbit ceil 1Mbit tc qdisc show dev eth0 tc class show dev eth0 tc filter show dev eth0 does anyone know how to do it? thanks a lot in advance

Read the article
Use dns suffixes only on certain wireless networks?

- by eidylon

Hello all, quick question. I'm a software guy and networking is all black magic to me! I have a laptop which I use at home and at the office. In order to be able to more easily reference our servers at work, I have our domain name in the DNS suffixes on my TCP/IP settings on my wireless connection. This all works beautifully and I can reference our servers simply by name only. Now the problem... When I go home, it still has those suffixes in there, and I cannot access other servers because it appends the DNS suffixes to the server names. Is there a way I can set up DNS suffixes so that they are only applied when connected to a certain wireless network (I'm thinking by SSID).

Read the article
How can I limit the upload/download bandwidth on my CentOS server?

- by Dan Nestor

How can I limit the upload and download bandwidth on my CentOS server? This is a box with a single interface, eth0. Ideally, I would like a command-line solution (I've been trying to use tc), something that I could easily switch on and off in a script. So far I've been trying to do something like tc filter add dev eth0 protocol ip prio 50 u32 police rate 100kbit burst 10240 drop but I'm obviously missing a lot of knowledge and information. Can somebody help with a quick one-liner? Many thanks, Dan

Read the article
help setting up an IPSEC vpn from my linux box

- by robthewolf

I have an office with a router and a remote server (Linux - Ubuntu 10.10). Both locations need to connect to a data supplier through a VPN. The VPN is an IPSEC gateway. I was able to configure my Linksys rv42 router to create a VPN connection successfully and now I need to do the same for Linux server. I have been messing around with this for too long. First I tried OpenVPN, but that is SSL and not IPSEC. Then I tried Shrew. I think I have the settings correct but I haven't been able to create the connection. It maybe that I have to use something else like a direct IPSEC config or something like that. If someone knows of a way to turn the following settings that I have been given below into a working IPSEC VPN connection I would be very grateful. Here are the settings I was given that must be used to connect to my supplier: Local destination network: 192.168.4.0/24 Local destination hosts: 192.168.4.100 Remote destination network: 192.167.40.0/24 Remote destination hosts: 192.168.40.27 VPN peering point: xxx.xxx.xxx.xxx Then they have given me the following details: IPSEC/ISAKMP Phase 1 Parameters: Authentication method: pre shared secret Diffie Hellman group: group 2 Encryption Algorithm: 3DES Lifetime in seconds:28800 Phase 2 parameters: IPSEC security: ESP Encryption algortims: 3DES Authentication algorithms: MD5 lifetime in seconds: 28800 pfs: disabled Here are the settings from my attempt to use shrew: n:version:2 n:network-ike-port:500 n:network-mtu-size:1380 n:client-addr-auto:0 n:network-frag-size:540 n:network-dpd-enable:1 n:network-notify-enable:1 n:client-banner-enable:1 n:client-dns-used:1 b:auth-mutual-psk:YjJzN2QzdDhyN2EyZDNpNG42ZzQ= n:phase1-dhgroup:2 n:phase1-keylen:0 n:phase1-life-secs:28800 n:phase1-life-kbytes:0 n:vendor-chkpt-enable:0 n:phase2-keylen:0 n:phase2-pfsgroup:-1 n:phase2-life-secs:28800 n:phase2-life-kbytes:0 n:policy-nailed:0 n:policy-list-auto:1 n:client-dns-auto:1 n:network-natt-port:4500 n:network-natt-rate:15 s:client-dns-addr:0.0.0.0 s:client-dns-suffix: s:network-host:xxx.xxx.xxx.xxx s:client-auto-mode:pull s:client-iface:virtual s:client-ip-addr:192.168.4.0 s:client-ip-mask:255.255.255.0 s:network-natt-mode:enable s:network-frag-mode:disable s:auth-method:mutual-psk s:ident-client-type:address s:ident-client-data:192.168.4.0 s:ident-server-type:address s:ident-server-data:192.168.40.0 s:phase1-exchange:aggressive s:phase1-cipher:3des s:phase1-hash:md5 s:phase2-transform:3des s:phase2-hmac:md5 s:ipcomp-transform:disabled Finally here is the debug output from the shrew log: 10/12/22 17:22:18 ii : ipc client process thread begin ... 10/12/22 17:22:18 < A : peer config add message 10/12/22 17:22:18 DB : peer added ( obj count = 1 ) 10/12/22 17:22:18 ii : local address 217.xxx.xxx.xxx selected for peer 10/12/22 17:22:18 DB : tunnel added ( obj count = 1 ) 10/12/22 17:22:18 < A : proposal config message 10/12/22 17:22:18 < A : proposal config message 10/12/22 17:22:18 < A : client config message 10/12/22 17:22:18 < A : local id '192.168.4.0' message 10/12/22 17:22:18 < A : remote id '192.168.40.0' message 10/12/22 17:22:18 < A : preshared key message 10/12/22 17:22:18 < A : peer tunnel enable message 10/12/22 17:22:18 DB : new phase1 ( ISAKMP initiator ) 10/12/22 17:22:18 DB : exchange type is aggressive 10/12/22 17:22:18 DB : 217.xxx.xxx.xxx:500 <- 206.xxx.xxx.xxx:500 10/12/22 17:22:18 DB : c1a8b31ac860995d:0000000000000000 10/12/22 17:22:18 DB : phase1 added ( obj count = 1 ) 10/12/22 17:22:18 : security association payload 10/12/22 17:22:18 : - proposal #1 payload 10/12/22 17:22:18 : -- transform #1 payload 10/12/22 17:22:18 : key exchange payload 10/12/22 17:22:18 : nonce payload 10/12/22 17:22:18 : identification payload 10/12/22 17:22:18 : vendor id payload 10/12/22 17:22:18 ii : local supports nat-t ( draft v00 ) 10/12/22 17:22:18 : vendor id payload 10/12/22 17:22:18 ii : local supports nat-t ( draft v01 ) 10/12/22 17:22:18 : vendor id payload 10/12/22 17:22:18 ii : local supports nat-t ( draft v02 ) 10/12/22 17:22:18 : vendor id payload 10/12/22 17:22:18 ii : local supports nat-t ( draft v03 ) 10/12/22 17:22:18 : vendor id payload 10/12/22 17:22:18 ii : local supports nat-t ( rfc ) 10/12/22 17:22:18 : vendor id payload 10/12/22 17:22:18 ii : local supports DPDv1 10/12/22 17:22:18 : vendor id payload 10/12/22 17:22:18 ii : local is SHREW SOFT compatible 10/12/22 17:22:18 : vendor id payload 10/12/22 17:22:18 ii : local is NETSCREEN compatible 10/12/22 17:22:18 : vendor id payload 10/12/22 17:22:18 ii : local is SIDEWINDER compatible 10/12/22 17:22:18 : vendor id payload 10/12/22 17:22:18 ii : local is CISCO UNITY compatible 10/12/22 17:22:18 = : cookies c1a8b31ac860995d:0000000000000000 10/12/22 17:22:18 = : message 00000000 10/12/22 17:22:18 - : send IKE packet 217.xxx.xxx.xxx:500 - 206.xxx.xxx.xxx:500 ( 484 bytes ) 10/12/22 17:22:18 DB : phase1 resend event scheduled ( ref count = 2 ) 10/12/22 17:22:18 ii : opened tap device tap0 10/12/22 17:22:28 - : resend 1 phase1 packet(s) 217.xxx.xxx.xxx:500 - 206.xxx.xxx.xxx:500 10/12/22 17:22:38 - : resend 1 phase1 packet(s) 217.xxx.xxx.xxx:500 - 206.xxx.xxx.xxx:500 10/12/22 17:22:48 - : resend 1 phase1 packet(s) 217.xxx.xxx.xxx:500 - 206.xxx.xxx.xxx:500 10/12/22 17:22:58 ii : resend limit exceeded for phase1 exchange 10/12/22 17:22:58 ii : phase1 removal before expire time 10/12/22 17:22:58 DB : phase1 deleted ( obj count = 0 ) 10/12/22 17:22:58 ii : closed tap device tap0 10/12/22 17:22:58 DB : tunnel stats event canceled ( ref count = 1 ) 10/12/22 17:22:58 DB : removing tunnel config references 10/12/22 17:22:58 DB : removing tunnel phase2 references 10/12/22 17:22:58 DB : removing tunnel phase1 references 10/12/22 17:22:58 DB : tunnel deleted ( obj count = 0 ) 10/12/22 17:22:58 DB : removing all peer tunnel refrences 10/12/22 17:22:58 DB : peer deleted ( obj count = 0 ) 10/12/22 17:22:58 ii : ipc client process thread exit ...

Read the article
SNMPD timeout yet netcat shows port as open

- by Kirill Gordeenko

SNMPD config (I have this config working on a different server): com2sec readonly default public group MyROGroup v1 readonly group MyROGroup v2c readonly group MyROGroup usm readonly view all included .1 80 access MyROGroup "" any noauth exact all none none syslocation <LOCATION> syscontact <CONTACT> When I check the port from remote machine: » nc -zvu xx.xx.xx.xx 161 Connection to xx.xx.xx.xx 161 port [udp/snmp] succeeded! This also works locally (I get all the right stats): snmpwalk -v 2c -c public localhost Yet when I try same command locally or remotely with external IP: Timeout: No Response from xx.xx.xx.xx IPTables are disabled on both machines. /etc/sysconfig/snmpd looks like this: OPTIONS="-Lsd -Lf /dev/null -p /var/run/snmpd.pid" -a /etc/default/snmpd is empty.

Read the article
Correct way of bringing network interface down in linux

- by Karolis T.

For example: $ ifconfig dummy0 up $ ifconfig dummy0 "192.168.1.190 netmask 255.255.255.0" Calling ifconfig with no parameters shows the interface dummy0 Link encap:Ethernet HWaddr b6:1f:f3:92:6d:20 inet addr:192.168.1.190 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::b41f:f3ff:fe92:6d20/64 Scope:Link UP BROADCAST RUNNING NOARP MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:15 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:1050 (1.0 KiB) How can I bring the interface down so that it doesn't show up in ifconfig ifconfig -a ifconfig dummy0 without rmmod dummy because dummy is used just for example purposes. If there is no way to do that, what "throw-away" IP could I set to it and be safe from any trouble? like $ ifconfig dummy0 down $ ifconfig dummy0 0.0.0.0

Read the article
Nodejs for processing js and Nginx for handling everything else

- by Kevin Parker

I am having a nodejs running on port 8000 and nginx on port 80 on same server. I want Nginx to handle all the requests(image,css,etc) and forward js requests to nodejs server on port 8000. Is it possible to achieve this. i have configured nginx as reverse proxy but its forwarding every request to nodejs but i want nginx to process all except js. nginx/sites-enabled/default/ upstream nodejs { server localhost:8000; #nodejs } location / { proxy_pass http://192.168.2.21:8000; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; proxy_redirect off; proxy_buffering off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; }

Read the article
Network topology question

- by Asbie

We currently have three networks, X.X.163.1, X.X.93.1 and 192.168.1.1. Today's setup is like this: http://i.imgur.com/tkKWy.jpg We now have PPT VPN from internet to the X.X.163.1-network, but really need to access the files from the File Server through VPN. I am also aware that this setup is not optimal. So please, any advices on how to redesign our network? Rack servers are mostly web and db servers, with only public IP addresses.

Read the article
Pasting extended ACL contents into telnet session to Cisco Router SIM

- by Kyle Brandt

I have a telnet session to a dynamips router sim. When I try to paste the contents of an actually working ACL retrieved from 'show run' into the access list, only part of gets pasted. The session is something like: enable conf t ip access-list extended Internet <PASTE of Rules> It stops right in the middle of a line: permit tcp any host 123.123.123.123 gt 1 ! should be gt 1023 Anyone know what is happening? The source is an extended access list.

Read the article
How do I change the document root of a Linux Apache server?

- by Daryl Spitzer

I'm trying to learn how to configure an Apache HTTP server (with which I have no experience) someone else has setup in a VM running Ubuntu 8.04. I know the server is running, since I get "<html><body><h1>It works!</h1></body></html>" when I go to http://1.2.3.4/ (where 1.2.3.4 is the VM's IP number). I found apache2.conf and httpd.conf (among other files) in /etc/apache2/. httpd.conf is empty. I tried adding DocumentRoot "/home/username/temp" into /etc/apache2/httpd.conf and put some simple HTML in /home/username/temp/index.html. But when I reload http://1.2.3.4/ there's no change. Do I need to restart httpd to get it to accept the change to DocumentRoot?

Read the article
Nginx Rate Limiting by Referrer?

- by SteveEdson

I've successfully set up rate limiting on IP addresses like so, limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s; But I was wondering if its possible to do the same on referrers? For example, if a site gets placed in an iframe on a third party site, which generates too much traffic to handle. I can't find any nginx variables for the referrer anywhere. Is this possible? Or can the solution be achieved in a different way? Thanks.

Read the article
How to use ssl_verify_client=ON on one virtual server and ssl_verify_client=OFF on another?

- by Alexander Artemenko

I want to force ssl client verification for on of my virtual hosts. But get "No required SSL certificate was sent" error, trying to GET something from it. Here are my test configs: # defaults ssl_certificate /etc/certs/server.cer; ssl_certificate_key /etc/certs/privkey-server.pem; ssl_client_certificate /etc/certs/allcas.pem; server { listen 1443 ssl; server_name server1.example.com; root /tmp/root/server1; ssl_verify_client off; } server { listen 1443 ssl; server_name server2.example.com; root /tmp/root/server2; ssl_verify_client on; } First server replies with 200 http code, but second returns "400 Bad Request, No required SSL certificate was sent, nginx/1.0.4". Probably, it is implossible to use ssl_verify_client on the same IP? Should I bind these servers to different IPs, will it solve my problem?

Read the article
Nginx Forward SSL for single site

- by Will.brown

I have a nginx server setup and it works fine for http however i would like to bypass the proxy for https connection. I want it so that when someone goes to my ip https:// ip1 (Nginx server) it bypasses ngix and forwards all traffic to https:// ip2(webserver) i do not need ngix to do this for any ssl website just one particular website. SO Client to https:// ip1 to https:/ /ip2 to https:// ip1 to client pc I just want the nginx to not intercept the connection and forward it on and on return forward the connection to client Im guessing i do this by nat mascarade buy not exactly sure how to do it and if i will need to tell nginx to ignore ssl aswell can someone help me please this has gone me stuck

Read the article
Heartbeat won't start up from a cold boot when a failed node is present

- by Matthew

I currently have two ubuntu servers running Heartbeat and DRBD. Let's say one node is down... The servers are directory connected with a 1000Mbps cross over cable on eth1 and have access to a IP camera LAN on eth0 The node that is still functioning won't start up heartbeat and provide access to the drbd resource. I have to manually restart heartbeat by "sudo service heartbeat restart" to get everything up and running. How can I get it to start fine from a cold start? Here is the my ha.cf and some material from the syslog... If I'm missing any information that might be of some help. http://pastebin.com/rGvzVSUq <--- Syslog http://pastebin.com/VqpaPSb5 <--- ha.cf

Read the article
test if master dns has transfered copy to slave

- by su55

Hello, I setup my master and slave using FreeBSD. I'm currently running the Bind 9.X version, so far everything is working successfully. Just one small problem. I can't get the master copy of my DNS to transfer it to the slave server. I included transfer-allow {192.168.1.111;}; // this is the slave server's IP I ran the rndc reload command to check but I don't see the copy in the /etc/named/master/? Any help would be appreciated and if you would like the layout of my DNS, I can provide that too.

Read the article
How can I solve Windows PPTP VPN issues?

- by Robin M

I'm having persistent problems with Windows PPTP VPN connections. The VPN appears up whilst the tunnel won't transfer traffic (ping to a remote IP within the VPN works for a while, and then fails). The client receives routing information via DHCP. When the connection fails, the routing table is still correct so I don't think it's a routing problem. My internet connection is via an ADSL2 line. There's software to deal with PPTP problems, like TunnelRat, but I don't want to install v1.1 of the .NET framework and I'd rather get to the bottom of the problem (I have multiple VPN connections and some are more unreliable than others). What can I do to get to the bottom of this? Alternatively, what can I do to keep the connection alive?

Read the article
Can't add printer on Windows XP

- by SuperFurryToad

I've added a HP 4250 printer to about half a dozen Windows XP PCs in our office without any problems whatsoever, but for some reason I haven't been able to add it to one particular PC today. I go through the Add Printer wizard to add a local printer attached to the PC, enter the new port number as a Standard TCP/IP Port, install the driver. At the end of the wizard I get the following error message: Full error message: "windows cannot connect to the printer. either the printer name was typed incorrectly, or the specified printer has lost its connection to the server." This doesn't make any sense as I am able to ping the printer from the PC. The print spooler is running, and any firewall software on the local PC is switched off.

Read the article
Sending an Email from 2 Mail Servers

- by Ted Smith

We are currently attempting to move away from using a "local" mail(exchange) server to an cloud based offering for all our automated emails. The problem is that we send and receive thousands for emails a day and its uptime is quite critical so the business do not want to put all their eggs in one basket, so if we would like to use a cloud based offering(mailgun) they would like a backup if this goes down. So my question is: Would it be possible to set multpile A, TXT and CNAME records to multiple IP address so if one mail server goes down we can automatically start sending emails from the fallover(without them being blocked doing a reverse DNS lookup)? I know we will still need to adjust the MX record for incoming emails but that is acceptable to not receive emails for a short(1-2 hours) of time. Does this make sense?

Read the article
How to document linux server configuration?

- by Margaret Thorpe

Hi, I have about 20 linux servers which I need to document the configuration of. I do not mean the detailed configuration of services, but rather user accounts, databases, databases accounts, ip addresses, physical location, SSH port etc. etc. I know all this data is stored in config files, but I want to centralize it all. I am considering just creating a spreadsheet to record this data, but was wondering if there is something better (perhaps a small php/mysql app) which would be more structured and complete than a hacked together spreadsheet. What do you use?

Read the article
Cannot access Network Shares on Windows Server 2008 running VisualSVN Server

- by mwillmott

I have installed VisualSVN server on Windows Server 2008. The server is part of a domain but not the domain controller, it is just a data server and now an SVN server. VisualSVN uses port 80 and can only be access from inside the network (i do i by going to the dns name of the server). However, ever since i have installed this, other computers on the network can no longer access the shared folders on the server EXCEPT the domain controller which has no problems accessing the shares. I am stumped, i am guessing it is something to do with Apache running and not using host-headers (or whatever the Apache equivalent may be) but just being bound to the servers DNS name or IP. Any suggestions?

Read the article
reverse nslookup fails for single machine

- by matt wilkie

I have a computer on a windows Active Directory network for which reverse dns lookup fails. It doesn't matter which machine runs the lookup. The problem computer is a debian vm on a windows server 2003 host. >nslookup wiki.dept Server: primary.internal.domain.org Address: 192.111.222.44 Name: wiki.dept.internal.domain.org Address: 192.111.111.185 >nslookup 192.111.111.185 Server: primary.internal.domain.org Address: 192.111.222.44 *** primary.internal.domain.org can't find 192.111.111.185: Non-existent domain Contents of /etc/resolv.conf on the debian guest: nameserver 192.111.111.244 nameserver 192.111.222.44 search internal.domain.org What is wrong? how do I get ip-to-name resolution to work for this machine? Thank you.

Read the article
Trusted Root certificates regularly disappear on Windows 7

- by Evgeny

I've installed several self-signed certificates on my Windows 7 Ultimate x64 machine for development purposes. One was installed into Trusted Root CAs and 2 were installed into My Certificates and Trusted People. Every day or two the certificate installed into Trusted Root CAs disappears and I have to re-install it! This is annoying the hell out of me. Why is it happening and how do I stop it? The other certificates (installed into other stores) do not disappear. My first thought was some kind of Group Policy, but my machine is not part of a domain - though it does obtains its IP address from a corporate DHCP server, so I'm not sure if they can somehow still manage to apply Group Policy to me.

Read the article
How Do I Change the Windows7 LAN Proxy Config from the Command Line

- by david.barkhuizen

In Windows7, Is it possible to define/change the proxy config from the command line ? So, using the gui, I would go: Start Control Panel Network and Internet Internet Options Connections LAN Settings and then - enable/disable the proxy - define IP:port of proxy server But I would like to rather do this from the command line (so that I can run the command from a batch-file with a shortcut key - enabling me to switch proxy configs using a short-cut, rather than having to wade through the MS wizard). I've looked at using netsh.exe to change the settings for WinHTTP, but this seems to be thr wrong thing to do, as the WinHTTP setting do not appear to be related to the LAN settings. Much appreciated folks.

Read the article
10 gigabit or 1 gigabit switch

- by Guntis

We are planning to move mysql to dedicated box. At this moment we have web servers and mysql is running on each. Question is: cheaper is to buy 10G switch and put 10G network card into mysql server. Or buy normal gigabit switch and connect mysql box to switch with multiple network cables. In 1G scenario then we give each web server different mysql IP address. I don't think, that mysql box with one 1G link is enough to to satisfy multiple web box mysql traffic. At this moment we have 3 servers witch are running mysql/web. Plan is to add fourth server for mysql only. Thanks. Edit: if we buy 1G switch with mini-GBIC ports. Can we put in mini-GBIC 10G connectors and then connect mysql box to that port?

Read the article
Teredo - how to connect to host behind NAT?

- by Signum

All I want to achieve is to establish connection to my simple server (written in C# using TcpListener class, if it makes any difference), on my computer which is behind NAT. It has some IPv6 address (it's public IP, starting with 2001:0) on Teredo interface. However, I cannot even ping it from outside my network, for instance I'm trying to ping this address from this website http://mebsd.com/ipv6-ping-and-traceroute, result - 100% packet loss. As I understood from reading about Teredo, there is no need for some port forwarding? So where could be the problem?

Read the article

< Previous Page | 301 302 303 304 305 306 307 308 309 310 311 312 | Next Page >