ips - Page 40 - Developer IT

Varnish with multiple sites/boxes

- by jerhinesmith

Is it possible for Varnish to redirect traffic to different IPs based on the url? For example, is the following setup feasible (and if so, what would the VCL look like): *.example.com points to Varnish IP address When a request is made to foo.example.com, varnish checks the cache and sends the request to Server1's IP address on a cache miss. When a request is made to bar.example.com, varnish checks the cache and sends the request to Server2's IP address on a cache miss. foo and bar are (for the most part) completely unrelated sites. They use the engine, but have different content and their own distinct database. Since there previously was no penalty for doing so (other than cost) we split them up into two separate boxes so that a ton of traffic to foo won't have a negative impact on visitors browsing around bar. I could set up two instances of varnish and have one serve up foo's static content and the other serve up bar's, but as there doesn't seem to be much overhead to running Varnish, I think (perhaps mistakenly) that it would make more sense to go with one Varnish server that redirects the traffic to the appropriate box on a cache miss.

Read the article

Virtualize SBS 2003 - P2V vs migrating to new VM

- by jlehtinen

I need to virtualize a SBS 2003 server in my work environment. I need some tips on what people think is the best way to proceed. Background: The SBS 2003 server is the primary DC for the domain and also hosts FTP, RRAS(VPN), DNS, and file shares. Exchange is NOT used, neither is SQL server. DHCP is done via a firewall appliance. I have added a Server 2003 VM to the domain and promoted it to the DC role. AD/DNS is replicating here correctly. This was mainly done to provide fault-tolerance to the domain, I was not intending to make this VM the primary DC. I've already asked about buying upgraded licensing for Server 2008/2012 but was refused due to cost. Options: I see (at least) two routes I could take to complete this. From what I've read option 2 is the "preferred" method, but there's a few steps where I'm not clear on what to expect. Option 1.) P2V the primary DC Power off primary DC Power off secondary DC (to prevent USN rollback in case P2V has issue) P2V (cold clone) primary DC Boot new PDC VM Allow new hardware to detect Remove old NIC hardware from device manager Assign old IPs to new virtual NICs Reboot PDC VM, confirm connectivity and no major issues Power on secondary DC, confirm replication Option 2.) Create new VM, transfer roles, remove original DC from domain Create new VM, install SBS 2003 Do I need the original SBS install discs for this? MS migration doc mentions this. Add VM to domain, promote to DC role Does this start 7 day timer where two SBS servers can be in same domain? Set up RRAS on new VM Set up IIS/FTP on new VM Move file shares to new VM Transfer FSMO roles to new VM DC dcpromo original primary DC out of domain

Read the article

Adding subnet to a vsphere with single vcenter and esxi host

- by Ilya Rakhlin

Let me start of by saying that I do not specialize in networking, I am in the process of adding additional VMs to a testing environment and wanted some recommendations. In this case I am running a single ESXI 5.1 host and a single Vcenter management server. The problem is, I need another range of IP addresses added to the existing setup; hopefully without reconfiguring everything. Currently the esxi host is configured to IP: 192.168.100.200, gateway: 192.168.100.1 and subnet: 255.255.255.0. All of the VMs are running some version of linux with hard coded IP addresses in that range, and using that subnet. The VMs I am about to deploy I want to be on the 192.168.101.X network. Is it possible to add an additional subnet to this existing system that will also communicate with the current subnet? The esxi host has 6 physical NICs but only one connected as it is only a testing system; not sure if that matters. Are there any other ways to accomplish this hopefully without restarting or at least reconfiguring the IP addresses for each VM? Reason: Due to the configuration of the VMs to run the applications that we need I am using a large amount of the current IPs in the potential range (mostly VIPs). I will be setting up a new version of this “environment” while keeping the old one, thus potentially running out of IP addresses.

Read the article

Unable to ssh to a Linux VM after a day

- by jogabonito

I have a machine running 4 VMs on it. There is one Fedora VM which is causing me some trouble. The IPs of the VMs are something like 10.100.100.* I have a Windows PC which is in the same network. It has an IP 10.100.25.77. When I reboot the Fedora VM, I am able to ping it from my Windows PC as well as use putty to ssh to it. The next day, I cant ping it or ssh from my Windows PC. However I can ping and ssh to the other VMs on the machine. If I ssh to one of the other VMs, I can ping and ssh to the Fedora VM. Next if I restart it, things get back to normal and I can access it without any issues. The IP of the VM doesn't change after rebooting and it is statically assigned I would like to know what is causing this and how to get it fixed. As a last resort, I am thinking of running a cron job to restart the VM every night, it is not a critical server, but will be generally used occasionally in the day time.

Read the article

Two hosts on same subnet can't see each other

- by Joey Hewitt

I've got two routers with two separate public IP addresses on the same subnet, but I can't get them to talk to each other. Both are connected to the internet (ISP-provided gateway) via Ethernet ports provided by the landlord, but I don't have access to or knowledge of how those are physically connected or the protocols used to get back to the ISP. I can ping either from the outside, but they can't ping each other. Traceroutes in and out look the same, and they receive the same gateway over DHCP. I can ping other IPs on the subnet, so I assume this is not any sort of intentional isolation for security/privacy. Since I'm in a setup where my landlord provides internet and we don't have contact with the ISP, I can't really ask the ISP for help (doubt the landlord would know much either.) The situation is similar to the diagram at this question, but instead of the two servers, there's another router coming off the (presumed) switch, and I don't have access to the switch. I've tried giving them static routes to each other with the ISP internet gateway as the gateway, but that's not working. One is a Linksys WRT54GL running DD-WRT, the other is a Netgear WGR614v7, although I could get something more capable if necessary. I'd like to keep them each connected directly to the ISP on their WAN ports, but I can have an ethernet cable between them if necessary - I'm wondering if there's a way without that, and if there isn't, I'd appreciate advice on how to get that working. Sorry this is so nitpicky; there are reasons for all the constraints, but they don't apply to the real question, so I left them out. ;) Thank you!

Read the article

Wireless router setup for 1-1 NAT

- by Carlos

What I have: A linksys router WAG160N with firmware version 2 A "pool" of 5 external static IP's provided by my ISP 213.xx.xxx.n All the required configuration values for the static IPs such as (Subnet Mask, Gateway and static DNS 1, 2, 3) Current WAN Configuration: Encapsulation: RFC 2364 PPPoA Multiplexing: VC QoS type: UBR DSL modulation: MultiMode What's connected to the network: 1 x Server (That I want to make available to the outside) 5 x Desktops with static internal IP's, such as 192.168.0.xx 2 x Network printers, also with internal static IP's 2 x Laptops 1 x NAS (Network Attached Storage) also on static IP What I want to do: I would like to make the server available from outside the network, for example from your house. The problem is that Im not really sure how to do this. I have tried following the steps on the instruction manual in Linksys but they do not seem to work, once I set it up as shown bellow, I loose internet and all hell breaks loose. Going into further detail, I would prefer if the network is changed as little as possible, by this I mean that all the computers stay networked within eachother and only the server is accessible from the outside the network. What I need HELP with: I have read around that it is possible to set a 1-1 NAT (I know where it is in the menu but have no clue what it does...) so that I can NAT a single public IP directly to a single private IP (in our case the server). But please, How do I do that? Or maybe an alternative?

Read the article

Mysql connections hanging in login state

- by Mark Rose

Read the article

Windows Server 2008 R2 Virtual Network Setup

- by jpearl01

Some background: I'm very much new to networking in general, and virtualization in particular. I'm trying to set up a series of VMs as we are transitioning to a thin client setup. I have been supplied a limited number of static ip addresses. The server is located in an offsite building which houses the network we use to connect to the internet, share folders etc. The setup I've been trying to go for is this: The host OS (Windows Server 2008 R2) is bound to one nic using one of the static ips (say, Nic1 and ip 10.255.6.61). I've set up another external virtual network attached to another physical nic , and a virtual private network attached to no nic. There is one VM running the same os (as the host). This VM is connected to both the external virtual network (and uses another static ip say Nic2 and ip 10.255.6.62) and also to the virtual private network (I gave it a static random ip 192.168.88.1 subnet mask 255.255.255.0). This virtual private network is connected to all the other VMs. I'd like to share the internet connection with all the other VMs on the private virtual network, and so I installed the RRAS role on the server connected to Nic2, and selected the option to share the internet over the vpn. I've run through the RRAS wizard a few times, trying different configurations, but none of them seem to be letting the other vms connect to the 'net. The vms seem to connect to the virtual private network fine, they are assigned an ip address and everything, but no internet, and no rest of the network either. The other problem is in general I connect to the vms with RDP. Will that be possible with a setup like this? i.e. will the vms show up as computers on the network? If not, what are my other options? Thanks! ~josh

Read the article

What's going on with traceroute?

- by Kevin

The following is what happens when I run traceroute from a certain location: # traceroute google.com traceroute to google.com (74.125.227.39), 30 hops max, 60 byte packets 1 gateway.local.enactpc.com (10.0.0.1) 0.138 ms 0.101 ms 0.084 ms 2 * * * 3 * * * 4 * * * 5 * * * 6 * * * 7 * * * 8 * * * 9 * * * 10 * * * 11 * * * 12 * * * 13 * * * 14 * * * 15 * * * 16 * * * 17 * * * 18 * * * 19 * * * 20 * * * 21 * * * 22 * * * 23 * * * 24 * * * 25 * * * 26 * * * 27 * * * 28 * * * 29 * * * 30 * * * Absolutely nothing of interest... Now, originally I thought this was just a fact of the location's network set up. (I assume they block pings or something...) However, watch what happens when I use nmap to run a traceroute... # nmap -sP --traceroute google.com Starting Nmap 5.21 ( http://nmap.org ) at 2012-09-25 22:18 CDT Nmap scan report for google.com (74.125.227.40) Host is up (0.034s latency). Hostname google.com resolves to 11 IPs. Only scanned 74.125.227.40 rDNS record for 74.125.227.40: dfw06s06-in-f8.1e100.net TRACEROUTE (using proto 1/icmp) HOP RTT ADDRESS 1 0.19 ms gateway.local.enactpc.com (10.0.0.1) 2 1.93 ms 99-20-92-1.lightspeed.austtx.sbcglobal.net (99.20.92.1) 3 25.61 ms 99-20-92-2.lightspeed.austtx.sbcglobal.net (99.20.92.2) 4 ... 6 7 23.68 ms 12.83.68.137 8 31.30 ms gar23.dlstx.ip.att.net (12.122.85.73) 9 ... 10 31.82 ms 72.14.233.65 11 32.27 ms 209.85.250.77 12 32.98 ms dfw06s06-in-f8.1e100.net (74.125.227.40) Nmap done: 1 IP address (1 host up) scanned in 3.29 seconds When using nmap I get A LOT more results than with traceroute, why? Note, I checked, and the difference in target IP addresses is not related...

Read the article

Windows Server 2008 ignores any change made to firewall

- by Maurice Courtois

I have been trying for the last 2 hours to make my Windows Server 2008 answer ping. I have tried almost every single solution I have found on the web, so far nothing work. My current setup: 2 NIC (1x Internet connection, 1x Local network) Server act as VPN server. So I set the corresponding NIC as either Public or Private. I also enable the rule for "File and Printer Sharing (Echo Request...)" for all Nic and from any IPs. I always been able to ping from the local network or the local ip while connected to the VPN. I also tried to create a specific rule for ICMP ping and disabling the firewall for all but the public nic. Regardless of all this, I still can't ping that server from Internet. Any idea suggestion what could cause this? I have the impression that when you set the server as VPN (I switch the box on when setting it up to block everything else than VPN connection) that changing anything to the firewall setting thought mmc is pointless !?!?

Read the article

linux routing issue

- by Duc To

Hi! I have 2 linksys routers which has linux running on it and using tomato firmware.. both has internet lines plugged on but only 1 acts as DHCP server (router 1) What I am having to achieve is that all packets goes to router 1 from internal IPs want to access internet will go out to that internet line but from 1 specific port, if router 1 detects packets from a specific source port (for ex: http port: 80), it will redirect that packet to router 2 and goes out to the internet from there.. I have found some documents which give solution that I will need a linux servers with 2 ethernet cards and then we plug both internet lines on that server and routing base on it but I do not want to do that because my boss does not want to have an extra work mantaining that server, besides, he says that the router itself already a linux one so why.. I tend to agree his points.. Can it be done or a seperate linux server acting as a router is a must? Thank you all in advance and really look forward in your replies.. I am newbie to linux network and it seems to be something out of my capacity to solve :( Your sincerely! Duc To

Read the article

Network structure --> Server 2k8r2 <--> Livebox <--> Router <--> Other PCs

- by Yusuf

I have a Livebox connection to the Internet and I have set up my network as follows: - Livebox <--> Win2k8R2 Server - Livebox <--> Netgear N150 Router - Router <--> Other PCs Therefore, in my LAN, - the Livebox has IP address 192.168.1.1, - the Router 192.168.1.12 (when accessed from the Livebox or the server), - the Router 10.0.0.1 (when accessed from the PCs connected to the Router), - the server 192.168.1.2, - the PCs 10.0.0.x I was using a previous configuration, which was as follows: - Livebox <--> Netgear N150 Router - Router <--> Win2k8R2 Server - Router <--> Other PCs Everything was simple, and I just had to forward all ports for incoming connection on the Livebox to the Router, and then forward the specific ports to the Server as needed (it must be however noted that any server I use is found on the Win2k8R2 server itself). In this previous configuration, the IP addresses were as follows: - Livebox 192.168.1.1 - Router 192.168.1.12 (when seen from Livebox) - Router 10.0.0.1 (when seen from server & PCs connected to it) - Server 10.0.0.2 - PCs 10.0.0.x So now of course, my port-forwarding does not work anymore since the server is not connected (directly) to the Router. What I would like to know is how do I configure the Livebox and Router to still have the features like before? From what I understand of networks (which is very limited, btw), I see these options: Make the router assign IPs like 192.168.1.x (but then I want the forwarding to be done from the router itself, is it possible?) The forwarding on the router to the server uses IP address 10.0.0.2. I could change it to 192.168.1.2 (Is that even possible, does it work?) Forward all ports from the Livebox itself to the server, and then manage them there (Is software-based port-forwarding as secure as hardware-based?)

Read the article

Windows Server 2008 R2 Virtual Network Setup

- by jpearl01

Hi all, Some background: I'm very much new to networking in general, and virtualization in particular. I'm trying to set up a series of VMs as we are transitioning to a thin client setup. I have been supplied a limited number of static ip addresses. The server is located in an offsite building which houses the network we use to connect to the internet, share folders etc. The setup I've been trying to go for is this: The host OS (Windows Server 2008 R2) is bound to one nic using one of the static ips (say, Nic1 and ip 10.255.6.61). I've set up another external virtual network attached to another physical nic , and a virtual private network attached to no nic. There is one VM running the same os (as the host). This VM is connected to both the external virtual network (and uses another static ip say Nic2 and ip 10.255.6.62) and also to the virtual private network (I gave it a static random ip 192.168.88.1 subnet mask 255.255.255.0). This virtual private network is connected to all the other VMs. I'd like to share the internet connection with all the other VMs on the private virtual network, and so I installed the RRAS role on the server connected to Nic2, and selected the option to share the internet over the vpn. I've run through the RRAS wizard a few times, trying different configurations, but none of them seem to be letting the other vms connect to the 'net. The vms seem to connect to the virtual private network fine, they are assigned an ip address and everything, but no internet, and no rest of the network either. The other problem is in general I connect to the vms with RDP. Will that be possible with a setup like this? i.e. will the vms show up as computers on the network? If not, what are my other options? Thanks! ~josh

Read the article

Someone from china wants kill my entry bandwidth??

- by yes123

Hi guys. Someoen from china with two different ip is downloading the same big file from my server. Their ip are: 122.89.45.210 60.210.7.62 They requesting this file and downloading more than 20 times per minute. What Can I do to prevent this? (I am on gentoo with root access) And WHY they do this to a site that doesn't have nothing to do with china ? ADD1: Other ips: 221.8.60.131 124.67.47.56 119.249.179.139 60.9.0.176 ADD2: the stupid thing is they are requesting only 1 single file lol. Or they want that file removed (tho i don't see why) Or they are pretty stupid ADD3: Situation is getting worse. IP are spreading from other countries too (usa and korea if www.geobytes.com/iplocator.htm it's right) And now they are requesting another file. ADD4: it seems after they realized i removed that file they stopped attacking me. I will monitor the situation. They started again after a sleep of 3-4 mintues with the same file (lucky me). Hard to say why this is happening

Read the article

Unable to connect to server after a certain amount of time

- by Troy

I am a business FIOS subscriber with 5 static IPs. I have the following network setup: Verizon provided ONT Dlink switch Dell server running Ubuntu 12.04 with iptables enabled and a static IP address. The makes/models of hardware are: FIOS ONT Alcatel-Lucent I-211M-H ONT D-Link D-Link Web Smart Switch DES-1228P Server Dell Optiplex 755 (Ubuntu 12.04 Server) I have iptables running on the server with http, https and ssh ports open. I can connect to a website on the server from an external computer, but after a certain amount of time (mins to hours), I can no longer connect. All I have to do to re-enable connectivity is connect to the server via SSH from a computer INSIDE the network. I don't have to actually login, I just have to establish a connection. I can then access the website externally again. I did some googling and it seems some of verizon's equipment had an ARP bug where the ARP entries would expire after a certain time period, but those issues all seem to be from back in 2009 - 2010. I know the switch has an 'auto learning Mac address' feature, but I'm not sure if that could be the problem or not. Does anyone have any ideas or advice on how I can troubleshoot this? Thanks!

Read the article

How can I automatically synchronize a directory tree on multiple machines?

- by Blacklight Shining

I have two Mac laptops and a Debian server, each with a directory that I would like to keep in sync between the three. The solution should meet the following criteria (in rough order of importance): It must not use any third-party service (e.g. Dropbox, SugarSync, Google whatever). This does not include installing additional software (as long as it's free). It must not require me to use specific directories or change my way of storing things. (Dropbox does this IIRC) It must work in all directions (changes made on /any/ machine should be pushed to the others) All data sent must be encrypted (I have ssh keypairs set up already) It must work even when not all machines are available (changes should be pushed to a machine when it comes back online) It must work even when the /directories/ on some machines are not available (they may be stored on disk images which will not always be mounted) This can be solved for Macs by using launchd to automatically launch and kill (or in some way change the behavior of) whatever daemon is used for syncing when the images are mounted and unmounted. It must be immediate (using an event-based system, not a periodic one like cron) It must be flexible (if more machines are added, I should be able to incorporate them easily) I also have some preferences that I would like to be fulfilled, but do not have to be: It should notify me somehow if there are conflicts or other errors. It should recognize symbolic and hard links and create corresponding ones. It should allow me to create a list of exceptions (subdirectories which will not be synced at all). It should not require me to set up port forwarding or otherwise reconfigure a network. This can be solved by using an ssh tunnel with reverse port forwarding. If you have a solution that meets some, but not all of the criteria, please contribute it in the comments as it might be useful in some way, and it might be possible to meet some of the criteria separately. What I tried, and why it didn't work: rsync and lsyncd do not support bidirectional synchronization csync2 is designed for server clusters and does not appear to work with machines with dynamic IPs DRBD (suggested by amotzg) involves installing a kernel module and does not appear to work on systems running OS X

Read the article

central apache log analysis of many hosts

- by Jason Antman

We have 30+ apache httpd servers, and are looking to perform analysis on the logs both for historical trending and near "real time" monitoring/alerting. I'm mainly interested in things like error rates (4xx/5xx), response time, overall request rate, etc. but it would also be very useful to pull out more compute-intensive statistics like unique client IPs and user agents per unit of time. I'm leaning towards building this as a centralized collector/server/storage, and am also considering the possibility of storing non-apache logs (i.e. general syslog, firewall logs, etc.) in the same system. Obviously a large part of this will probably have to be custom (at least the connection between pieces and the parsing/analysis we do), but I haven't been able to find much information on people who have done stuff like this, at least at shops smaller than Google/Facebook/etc. who can throw their log data into a hundred-node compute cluster and run Map/Reduce on it. The main things I'm looking for are: - All open source - Some way of collecting logs from apache machines that isn't too resource-intensive, and transports them relatively quickly over the network - Some way of storing them (NoSQL? key-value store?) on the backend, for a given amount of time (and then rolling them up into historical averages) - In the middle of this, a way of graphing in near-real-time (probably also with some statistical analysis on it) and hopefully alerting off of those graphs. Any suggestions/pointers/ideas, to either "products"/projects or descriptions of how other people do this would be greatly helpful. Unfortunately, we're not exactly a new-age-y devops shop, lots of old stuff, homogeneous infrastructure, and strained boxes.

Read the article

Iptables ignoring a rule in the config file

- by Overdeath

I see lot of established connections to my apache server from the ip 188.241.114.22 which eventually causes apache to hang . After I restart the service everything works fine. I tried adding a rule in iptables -A INPUT -s 188.241.114.22 -j DROP but despite that I keep seeing connections from that IP. I'm using centOS and i'm adding the rule like thie: iptables -A INPUT -s 188.241.114.22 -j DROP Right afther that I save it using: service iptables save Here is the output of iptables -L -v ` Chain INPUT (policy ACCEPT 120K packets, 16M bytes) pkts bytes target prot opt in out source destination 0 0 DROP all -- any any lg01.mia02.pccwbtn.net anywhere 0 0 DROP all -- any any c-98-210-5-174.hsd1.ca.comcast.net anywhere 0 0 DROP all -- any any c-98-201-5-174.hsd1.tx.comcast.net anywhere 0 0 DROP all -- any any lg01.mia02.pccwbtn.net anywhere 0 0 DROP all -- any any www.dabacus2.com anywhere 0 0 DROP all -- any any 116.255.163.100 anywhere 0 0 DROP all -- any any 94.23.119.11 anywhere 0 0 DROP all -- any any 164.bajanet.mx anywhere 0 0 DROP all -- any any 173-203-71-136.static.cloud-ips.com anywhere 0 0 DROP all -- any any v1.oxygen.ro anywhere 0 0 DROP all -- any any 74.122.177.12 anywhere 0 0 DROP all -- any any 58.83.227.150 anywhere 0 0 DROP all -- any any v1.oxygen.ro anywhere 0 0 DROP all -- any any v1.oxygen.ro anywhere Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 186K packets, 224M bytes) pkts bytes target prot opt in out source destination `

Read the article

Cisco ASA user authentication options - OpenID, public RSA sig, others?

- by Ryan

My organization has a Cisco ASA 5510 which I have made act as a firewall/gateway for one of our offices. Most resources a remote user would come looking for exist inside. I've implemented the usual deal - basic inside networks with outbound NAT, one primary outside interface with some secondary public IPs in the PAT pool for public-facing services, a couple site-to-site IPSec links to other branches, etc. - and I'm working now on VPN. I have the WebVPN (clientless SSL VPN) working and even traversing the site-to-site links. At the moment I'm leaving a legacy OpenVPN AS in place for thick client VPN. What I would like to do is standardize on an authentication method for all VPN then switch to the Cisco's IPSec thick VPN server. I'm trying to figure out what's really possible for authentication for these VPN users (thick client and clientless). My organization uses Google Apps and we already use dotnetopenauth to authenticate users for a couple internal services. I'd like to be able to do the same thing for thin and thick VPN. Alternatively a signature-based solution using RSA public keypairs (ssh-keygen type) would be useful to identify user@hardware. I'm trying to get away from legacy username/password auth especially if it's internal to the Cisco (just another password set to manage and for users to forget). I know I can map against an existing LDAP server but we have LDAP accounts created for only about 10% of the user base (mostly developers for Linux shell access). I guess what I'm looking for is a piece of middleware which appears to the Cisco as an LDAP server but will interface with the user's existing OpenID identity. Nothing I've seen in the Cisco suggests it can do this natively. But RSA public keys would be a runner-up, and much much better than standalone or even LDAP auth. What's really practical here?

Read the article

Sending eMails in a external subnet in vmware ESXi

- by user80658

This might be a bit hard for me to explain - and it is a pretty individual situation. I got a native server at Hetzner (www.hetzner.de). The public IP is 88.[...].12. I got ESXi running on this server. I can access the esxi console by the public ip, but none of the virtual machines. That's why I bought a public subnet with 8 (6 usable) IPs (46.[...]) and an additional public ip (88.[...].26). This additional public ip belongs to the first virtual maschine - a firewall appliance - which is connected to the WAN. This need to be done this way - since it is the official way by hetzner. My 46. subnet is behind the firewall. I got a virtualmin server with dovecot imap/pop3 server. When sending a email, most provider (gmail) will accept those mails, but a lot will put it into spam (aol). My theory is: The MX line of my domain says of course the ip of the virtual machine (46.[...]), but in the raw email it says that email is sent by the ip of the firewall (88.[...].26), which doesnt sound trustworthy. A solution would be if the firewall could handle mail, but it simply cant. How can I prevent this problem? Thanks.

Read the article

Preventing endless forwarding with two routers

- by jarmund

The network in quesiton looks basically like this: /----Inet1 / H1---[111.0/24]---GW1---[99.0/24] \----GW2-----Inet2 Device explaination H1: Host with IP 192.168.111.47 GW1: Linux box with IPs 192.168.111.1 and 192.168.99.2, as well as its own route to the internet. GW2: Generic wireless router with IP 192.168.99.1 and its own route to the internet. Inet1 & Inet2: Two possible routes to the internet In short: H has more than one possible route to the internet. H is supposed to only access the internet via GW2 when that link is up, so GW1 has some policy based routing special just for H1: ip rule add from 192.168.111.47 table 991 ip route add default via 192.168.99.1 table 991 While this works as long as GW2 has a direct link to the internet, the problem occurs when that link is down. What then happens is that GW2 forwards the packet back to GW1, which again forwards back to GW2, creating an endless loop of TCP-pingpong. The preferred result would be that the packet was just dropped. Is there something that can be done with iptables on GW1 to prevent this? Basically, an iptables-friendly version of "If packet comes from GW2, but originated from H1, drop it" Note1: It is preferable not to change anything on GW2. Note2: H1 needs to be able to talk to both GW1 and GW2, and vice versa, but only GW2 should lead to the internet TLDR; H1 should only be allowed internet access via GW2, but still needs to be able to talk to both GW1 and GW2. EDIT: The interfaces for GW1 are br0.105 for the '99' network, and br0.111 for the '111' network. The sollution may or may not be obnoxiously simple, but i have not been able to produce the proper iptables syntax myself, so help would be most appreciated. PS: This is a follow-up question from this question

Read the article

Restricting access to one controller of an MVC app with Nginx

- by kgb

I have an MVC app where one controller needs to be accessible only from several ips(this controller is an oauth token callback trap - for google/fb api tokens). My conf looks like this: geo $oauth { default 0; 87.240.156.0/24 1; 87.240.131.0/24 1; } server { listen 80; server_name some.server.name.tld default_server; root /home/user/path; index index.php; location /oauth { deny all; if ($oauth) { rewrite ^(.*)$ /index.php last; } } location / { if ($request_filename !~ "\.(phtml|html|htm|jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js|xlsx)$") { rewrite ^(.*)$ /index.php last; break; } } location ~ \.php$ { fastcgi_pass unix:/var/run/php5-fpm.sock; fastcgi_index index.php; include fastcgi_params; } } It works, but does not look right. The following seems logical to me: location /oauth { allow 87.240.156.0/24; deny all; rewrite ^(.*)$ /index.php last; } But this way rewrite happens all the time, allow and deny directives are ignored. I don't understand why...

Read the article

Apache + Tomcat: Which one should handle SSL? IP-based proxy forwarding?

- by delirial

We currently have a Tomcat application running with SSL on port 443. Right now we have an apache server that accepts http requests on port 80 and redirects to the Tomcat instance: <VirtualHost *:80> ServerName domain.com ServerAlias domain.com <LocationMatch "/"> Redirect permanent / https://domain.com/ </LocationMatch> </VirtualHost> Tomcat is handling SSL, because there's no proxy, just a simple redirect to the SSL port: <Connector port="443" maxThreads="200" scheme="https" secure="true" SSLEnabled="true" keystoreFile="/app/ssl/domain_com.jks" keystorePass="ourpassword" clientAuth="false" sslProtocol="TLS"/> We want to begin using the apache web server as a proxy and additionally, do per-IP redirects to certain apps that should only be used by hosts on a pre-determined IP range. We would also like to redirect IPs that don't match the pre-determined list to a static html page hosted on the apache server. My first question is: Should I continue to handle SSL on Tomcat's end, or should I use apache with SSL while forwarding to an "unprotected" tomcat port? Is there any way to redirect to different apps (and potentially hosts) depending on the incoming IP? thanks, del

Read the article

How can I stop SipVicious ('friendly-scanner') from flooding my SIP server?

- by a1kmm

I run an SIP server which listens on UDP port 5060, and needs to accept authenticated requests from the public Internet. The problem is that occasionally it gets picked up by people scanning for SIP servers to exploit, who then sit there all day trying to brute force the server. I use credentials that are long enough that this attack will never feasibly work, but it is annoying because it uses up a lot of bandwidth. I have tried setting up fail2ban to read the Asterisk log and ban IPs that do this with iptables, which stops Asterisk from seeing the incoming SIP REGISTER attempts after 10 failed attempts (which happens in well under a second at the rate of attacks I'm seeing). However, SipVicious derived scripts do not immediately stop sending after getting an ICMP Destination Host Unreachable - they keep hammering the connection with packets. The time until they stop is configurable, but unfortunately it seems that the attackers doing these types of brute force attacks generally set the timeout to be very high (attacks continue at a high rate for hours after fail2ban has stopped them from getting any SIP response back once they have seen initial confirmation of an SIP server). Is there a way to make it stop sending packets at my connection?

Read the article

Reliable router with good VPN and WAN Throughput [closed]

- by Asdande

I have 2 cisco rv180 VPN router. These routers are giving me lots of problems. The webpages wont load correctly, slow response to load webpages plus other many issues. I have several cases pending with cisco. I give up on these routers. I would like to know if you guys can recommend me a reliable router for our 3 branches (NY - main, SC and FL). In NY- main office, we have 55 users. In SC branch, 6 users. In Florida we only have 1 (will grow soon). I need a router capable of support: 3 VPNs Site-to-Site connection VPN throughput of at least 40-50 Mbps WAN throughput at least 100 Mpbs and up PPTP Server for at least 5 PPTP users Web filtering - all users need access to internet Good Firewall Port forwarding for FTP Server - able to show the public IPs of FTP users (rv180 cannot do that, just shows me router's LAN interface IP, opened a case with cisco, now escaleted to level 2, still no answer or workaround) Dual WAN ports for balance or backup internet. Gigabit WAN/LAN ports Price between $400-$500 range. I was thinking on the TP-LINK TL-ER6120 or TL-ER6020 according to the review on smallnetbuilder.com http://www.smallnetbuilder.com/lanwan/lanwan-reviews/31983-tp-link-tl-er6020-safestream-gigabit-dual-wan-vpn-router-reviewed but I don't want to make another mistake as I did when I bought the cisco RV180. Thank you in advance,

Search Results

Search found 1177 results on 48 pages for 'ips'.

Page 40/48 | < Previous Page | 36 37 38 39 40 41 42 43 44 45 46 47 | Next Page >

- by jerhinesmith

- by jlehtinen

- by Ilya Rakhlin

- by jogabonito

- by Joey Hewitt

- by Carlos

- by Mark Rose

- by jpearl01

- by Kevin

- by Maurice Courtois

- by Duc To

- by Yusuf

- by jpearl01

- by yes123

- by Troy

- by Blacklight Shining

- by Jason Antman

- by Overdeath

- by Ryan

- by user80658

- by jarmund

- by kgb

- by delirial

- by a1kmm

- by Asdande

< Previous Page | 36 37 38 39 40 41 42 43 44 45 46 47 | Next Page >