Search Results

Search found 32994 results on 1320 pages for 'second level cache'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 590/1320 | < Previous Page | 586 587 588 589 590 591 592 593 594 595 596 597  | Next Page >

  • Where should I go to learn about networking? [closed]

    - by Ollie Saunders
    I wonder if anyone could recommend resource or resources such as a good book that: explains how all the important protocols work and interact. I’m interested in those that are relevant in a typical home network and used over the Internet explains in detail how ADSL Internet connections work to the level of depth necessary so that I’m able to tweak and measure performance settings starts from the beginning but attempts to provide proper understanding rather than idiot-oriented steps to follow Basically, I’m interested in how these technologies work and tend to be implemented in hardware and software rather than “here’s what to do if…” I’m interested in Computer Networking by Andrew S. Tanenbaum and I wonder if anyone else has any experience with that title. It’s expensive but I could probably loan a copy for £3 from the library or so.

    Read the article

  • Reshape linux md raid5 that is already being reshaped?

    - by smammy
    I just converted my RAID1 array to a RAID5 array and added a third disk to it. I'd like to add a fourth disk without waiting fourteen hours for the first reshape to complete. I just did this: mdadm /dev/md0 --add /dev/sdf1 mdadm --grow /dev/md0 --raid-devices=3 --backup-file=/root/md0_n3.bak The entry in /proc/mdstat looks like this: md0 : active raid5 sdf1[2] sda1[0] sdb1[1] 976759936 blocks super 0.91 level 5, 64k chunk, algorithm 2 [3/3] [UUU] [>....................] reshape = 1.8% (18162944/976759936) finish=834.3min speed=19132K/sec Now I'd like to do this: mdadm /dev/md0 --add /dev/sdd1 mdadm --grow /dev/md0 --raid-devices=4 --backup-file=/root/md8_n4.bak Is this safe, or do I have to wait for the first reshape operation to complete? P.S.: I know I should have added both disks first, and then reshaped from 2 to 4 devices, but it's a little late for that.

    Read the article

  • Twitter 2 for Android crash every time I try uploading multi photos [closed]

    - by Hazz
    Hello, I'm using the new Twitter 2 on Android 2.1. Whenever I hit the button which enables me to upload multiple photos in a single tweet, I always get the error "The application Camera (process com.sonyericsson.camera) has stopped unexpectidly. Please try again". However, uploading a single photo using the camera button in Twitter have no problem, it works. My phone is Sony Ericsson x10 mini pro. I tried signing out and back in, same result. Anything I can do to fix this? This is the log info I got using Log Collector: 02-23 15:05:57.328 I/ActivityManager( 1240): Starting activity: Intent { act=com.twitter.android.post.status cmp=com.twitter.android/.PostActivity } 02-23 15:05:57.338 D/PhoneWindow(15095): couldn't save which view has focus because the focused view com.android.internal.policy.impl.PhoneWindow$DecorView@45726938 has no id. 02-23 15:05:57.688 I/ActivityManager( 1240): Displayed activity com.twitter.android/.PostActivity: 340 ms (total 340 ms) 02-23 15:05:59.018 I/ActivityManager( 1240): Starting activity: Intent { act=android.intent.action.PICK typ=vnd.android.cursor.dir/image cmp=com.sonyericsson.camera/com.sonyericsson.album.grid.GridActivity } 02-23 15:05:59.038 I/ActivityManager( 1240): Start proc com.sonyericsson.camera for activity com.sonyericsson.camera/com.sonyericsson.album.grid.GridActivity: pid=15113 uid=10057 gids={1006, 1015, 3003} 02-23 15:05:59.128 I/dalvikvm(15113): Debugger thread not active, ignoring DDM send (t=0x41504e4d l=38) 02-23 15:05:59.158 I/dalvikvm(15113): Debugger thread not active, ignoring DDM send (t=0x41504e4d l=50) 02-23 15:05:59.448 I/ActivityManager( 1240): Displayed activity com.sonyericsson.camera/com.sonyericsson.album.grid.GridActivity: 423 ms (total 423 ms) 02-23 15:05:59.458 W/dalvikvm(15113): threadid=15: thread exiting with uncaught exception (group=0x4001e160) 02-23 15:05:59.458 E/AndroidRuntime(15113): Uncaught handler: thread AsyncTask #1 exiting due to uncaught exception 02-23 15:05:59.468 E/AndroidRuntime(15113): java.lang.RuntimeException: An error occured while executing doInBackground() 02-23 15:05:59.468 E/AndroidRuntime(15113): at android.os.AsyncTask$3.done(AsyncTask.java:200) 02-23 15:05:59.468 E/AndroidRuntime(15113): at java.util.concurrent.FutureTask$Sync.innerSetException(FutureTask.java:273) 02-23 15:05:59.468 E/AndroidRuntime(15113): at java.util.concurrent.FutureTask.setException(FutureTask.java:124) 02-23 15:05:59.468 E/AndroidRuntime(15113): at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:307) 02-23 15:05:59.468 E/AndroidRuntime(15113): at java.util.concurrent.FutureTask.run(FutureTask.java:137) 02-23 15:05:59.468 E/AndroidRuntime(15113): at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1068) 02-23 15:05:59.468 E/AndroidRuntime(15113): at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:561) 02-23 15:05:59.468 E/AndroidRuntime(15113): at java.lang.Thread.run(Thread.java:1096) 02-23 15:05:59.468 E/AndroidRuntime(15113): Caused by: java.lang.IllegalArgumentException: Unsupported MIME type. 02-23 15:05:59.468 E/AndroidRuntime(15113): at com.sonyericsson.album.grid.GridActivity$AlbumTask.doInBackground(GridActivity.java:202) 02-23 15:05:59.468 E/AndroidRuntime(15113): at com.sonyericsson.album.grid.GridActivity$AlbumTask.doInBackground(GridActivity.java:124) 02-23 15:05:59.468 E/AndroidRuntime(15113): at android.os.AsyncTask$2.call(AsyncTask.java:185) 02-23 15:05:59.468 E/AndroidRuntime(15113): at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:305) 02-23 15:05:59.468 E/AndroidRuntime(15113): ... 4 more 02-23 15:05:59.628 E/SemcCheckin(15113): Get crash dump level : java.io.FileNotFoundException: /data/semc-checkin/crashdump 02-23 15:05:59.628 W/ActivityManager( 1240): Unable to start service Intent { act=com.sonyericsson.android.jcrashcatcher.action.BUGREPORT_AUTO cmp=com.sonyericsson.android.jcrashcatcher/.JCrashCatcherService (has extras) }: not found 02-23 15:05:59.648 I/Process ( 1240): Sending signal. PID: 15113 SIG: 3 02-23 15:05:59.648 I/dalvikvm(15113): threadid=7: reacting to signal 3 02-23 15:05:59.778 I/dalvikvm(15113): Wrote stack trace to '/data/anr/traces.txt' 02-23 15:06:00.388 E/SemcCheckin( 1673): Get Crash Level : java.io.FileNotFoundException: /data/semc-checkin/crashdump 02-23 15:06:01.708 I/DumpStateReceiver( 1240): Added state dump to 1 crashes 02-23 15:06:02.008 D/iddd-events( 1117): Registering event com.sonyericsson.idd.probe.android.devicemonitor::ApplicationCrash with 4314 bytes payload. 02-23 15:06:06.968 D/dalvikvm( 1673): GC freed 661 objects / 126704 bytes in 124ms 02-23 15:06:11.928 D/dalvikvm( 1379): GC freed 19753 objects / 858832 bytes in 84ms 02-23 15:06:13.038 I/Process (15113): Sending signal. PID: 15113 SIG: 9 02-23 15:06:13.048 I/WindowManager( 1240): WIN DEATH: Window{4596ecc0 com.sonyericsson.camera/com.sonyericsson.album.grid.GridActivity paused=false} 02-23 15:06:13.048 I/ActivityManager( 1240): Process com.sonyericsson.camera (pid 15113) has died. 02-23 15:06:13.048 I/WindowManager( 1240): WIN DEATH: Window{459db5e8 com.sonyericsson.camera/com.sonyericsson.album.grid.GridActivity paused=false} 02-23 15:06:13.078 I/UsageStats( 1240): Unexpected resume of com.twitter.android while already resumed in com.sonyericsson.camera 02-23 15:06:13.098 W/InputManagerService( 1240): Window already focused, ignoring focus gain of: com.android.internal.view.IInputMethodClient$Stub$Proxy@456e7168 02-23 15:06:21.278 D/dalvikvm( 1745): GC freed 2032 objects / 410848 bytes in 60ms

    Read the article

  • Any worker agent monitors for appliance based load balancers?

    - by Zethris
    Looking to find out to what extent an appliance load balancer can monitor servers for both failover (say for example a service like apache tomcat fails) and load balancing? Right now it looks like it's just port monitoring/connection tracking and healthcheck urls that it will heartbeat and detect as down if it doesn't come back with a finished request. We are looking at the Kemp 3500 or Loadbalancer.org solutions. Is there any sort of web application level monitoring/load balancing that these load balancers can offer that can more directly interact with the servers it's balancing?

    Read the article

  • Will Software RAID And iSCSI Work For A SAN

    - by Justin
    I am looking for a SAN solution, but can't afford even entry level solutions. Basically, the SAN is for development and a proof of concept product. The performance doesn't have to be amazing, but needs to be functional. My buddy says we should just setup sotware RAID and software iSCSI in Linux. Essentially I have a spare server with dual Xeon processors, 4GB of memory, and (2) 500GB 7200RPM drives. It's a bit old but working. I am sure there is reason people don't do software RAID and iSCSI, but will performance be usable? Thinking of configuring the drives in RAID 0 (for performance).

    Read the article

  • Sync a specific folder of contacts to iPhone

    - by colemanm
    Is there a simple way to organize contacts in Outlook/Entourage and only have a subset of them synchronize with the iPhone over Exchange ActiveSync? Our CEO has thousands of contacts in his mailbox, but would prefer if only a small portion of them synched to his phone over the air... The iPhone's performance takes a huge hit keeping that massive dataset in order. If he could put some of the records in subfolders or something and only sync the top level, I think that would work for him. Does anyone know if this is possible?

    Read the article

  • Upgrading Active Directory from 2000 to 2008

    - by Doug
    Our config is currently: 1 Windows 2000 domain controller running ISA2000, dhcp, dns 1 Windows 2003 domain controller as main file server, prob cert server as well, dhcp, dns 1 Windows 2008/Exchange2010 domain controller as Exchange server, DHCP,DNS Currently getting FRS errors on files server journalwrap error Currently getting FRS errors on othe DC's can't replicate from above Exchange DC holds Schema, rid,pdc, and infastructure roles File Server holds Domain namaing operation master role WOW, I didn't set this up, just inherited it. Am I right to assume that fixing the FRS errors is #1, what do I need to do for that? set enable journalwrap auto restore in registry? Demote W2000 domain controller, should that have any implications for ISA? We have Forefront to be deployed but that's another day Transfer Domain Nameing Role to Exchange server (I know or think having an Exchange server as DC isn't best practive) We will be getting another server W2008 to replace current file server and I thought it could takeover all roles once deployed Demote W2k3 file server and then raise functional domain level to 2008 Am I missing anything other that the sense to walk away? Thanks

    Read the article

  • Color Calibrate Dual Monitor XP SP2

    - by Laramie
    This topic has been touched on before but not really answered. I have a dual monitor system and the colors differ wildly. I currently live Buenos Aires where color correction hardware costs premium prices. I do some graphic design, but don't require a pro-level calibration. That said, I'd like my monitors to be set as close to "true color" as possible. I've located the useful and free Monitor Calibration Wizard, but it seems to adjust the entire system internally at startup. I could use the Microsoft Color Control Panel Applet to set a different ICC or ICM profile for each monitor, but the Monitor Calibration Wizard outputs its own format for profiles.

    Read the article

  • Appropriate Network switch for small server cluster

    - by Chris Dutrow
    Need to build a small business server cluster for the purpose of crunching data. It will not host a web site that needs to be available 24/7. It does need to support servers that host Redis, a Cassandra database cluster, and a Python web server. Operating system will most likely be Centos 6.4 Other servers in the cluster should be able to communicate very fast with each other, especially the Redis server. This will probably require the use of internal IP addresses. We will need to use multi-data center replication to synchronize the Cassandra cluster with the one that we currently have hosted on the cloud Was looking into network switches and we are unsure of the appropriate specifications that we should be looking for. Does the switch need to be "managed" or can it be "unmanged"? Does the switch need to support IPv6 or just IPv4? Do we need an enterprise level Cisco switch, or can we go with something like a $200 DLink managed (or unmanaged) small business switch? Thanks so much!

    Read the article

  • Installing ruby 1.9.1 on OS X with RVM, getting error I can't make sense of

    - by Pselus
    I'm trying to update my ruby install on Leopard to at least 1.9.1. I found a tutorial that tells me how to do it with RVM and I get as far as downloading, configuring and compiling the version I want, but during the compile I get errors. When checking the make.error.log file this is the message I get: [2010-11-07 13:43:44] make main.c: In function ‘objcdummyfunction’: main.c:19: warning: implicit declaration of function ‘objc_msgSend’ main.c: At top level: main.c:19: warning: ‘objcdummyfunction’ defined but not used eval.c: In function ‘ruby_cleanup’: eval.c:139: warning: passing argument 1 of ‘ruby_init_stack’ discards qualifiers from pointer target type gc.c: In function ‘garbage_collect_with_gvl’: gc.c:597: warning: cast from pointer to integer of different size w: illegal option -- L usage: w [hi] [user ...] make: [libruby.1.9.1.dylib] Error 1 (ignored) readline.c: In function ‘username_completion_proc_call’: readline.c:1159: error: ‘username_completion_function’ undeclared (first use in this function) readline.c:1159: error: (Each undeclared identifier is reported only once readline.c:1159: error: for each function it appears in.) make[1]: *** [readline.o] Error 1 make: *** [mkmain.sh] Error 1 I have no idea what any of that means. Help?

    Read the article

  • Linux Bridge, Samba netbios name/hostname access

    - by Christopher Wilson
    I am currently running a linux bridge in the following configuration ADSL Modem: 192.168.1.1 Linux Bridge: eth0: 192.168.1.2 eth1: no address Wireless Router: 192.168.0.1 My issue is that i cannot access the "Linux Bridge" shares using the WINS name of the server via client systems (yes i understand it is a transparent bridge but i can access it via the 192.168.1.2 address this is not on the same subnet as the client systems). This is the global section of my SMB.CONF [global] unix extensions = off os level = 20 netbios name = server guest account = nobody server string = 447 Server security = share #unix extensions = no #wins support = yes #wins server = 192.168.0.1 name resolve order = wins lmhosts hosts bcast interfaces bridge1 eth0 eth1 lo bind interfaces only = yes Can i access a bridged server using it's WINS name to access samba shares? Cheers Chris

    Read the article

  • sound volume increase beyond 100% whenever possible on linux

    - by fakedrake
    Some audio output from files or streams is too low. It is obvious that hardware is able to play the same sounds but louder but because of the data it just plays it at some low level even at 100% volume. Vlc can generally increase the volume of a file up to 200%. Is there a way to do the same thing VLC does system-wide and if possible for an arbitrary v percentage value. If there is no application that does this, where should i look into for libs to do it myself or what code should i modify(eg code in the alsamixer) thank you Note: Asked the same thing on stackoverflow and they directed me here.

    Read the article

  • Umbraco on Windows 7 64-bit

    - by HeavyWave
    I'm trying to install Umbraco CMS on Windows 7 64-bit and I get the following exception: [HttpException (0x80004005): Could not load file or assembly 'ImageManipulation, Version=1.0.2105.41209, Culture=neutral, PublicKeyToken=null' or one of its dependencies. Failed to grant minimum permission required. The application pool's trust mode is set to 'Full', all the user permissions are just as on other sites hosted on the same machine. I went through all relevant topics on Umbraco's forum, but all advices are about the trust level. How do I fix this?

    Read the article

  • How can I disable logging in Tomcat 7?

    - by WilliamMayor
    I have a Tomcat 7 server running in a VM that has very little disk space (20G). Over the course of a few days Tomcat will fill the space with logging info (usually about 15G before it runs out). I've tried turning down the log level (from INFO to SEVERE) in the logging.properties file, I've also tried sending the log info to /dev/null. It doesn't seem to work as I still get a full log directory after no time at all. Can I put a file size limit on the log files? Is something overriding the properties I'm setting? Where can I find this information? My Google Fu just returns information about logging from within an application using JULI.

    Read the article

  • Mouse Icon Distorted on Secondary Display

    - by Nathan Taylor
    I have a strange issue with a dual monitor, extended desktop setup where the mouse is always fine on the primary monitor, but sometimes when I move to the secondary display the icon becomes garbled and distorted (sometimes it just looks like a vertical line, instead of a pointer). If I move the mouse back and forth rapidly between primary and secondary displays the level of "garbledness" of the icon will change and sometimes go away completely. If I switch the display settings and set it to "Duplicate Monitor 1" then I end up with a garbled icon on the primary display and an accurate one on the secondary. Very annoying. Computer is Windows 7 Ultimate with an HD8750 and the newest video drivers. Monitors are two Dell 24" displays connected via DVI cables. I have also tried VGA cables.

    Read the article

  • Any InstallPad alternatives?

    - by ianfuture
    Hi, I'm about to install new bunch of software on a Windows XP Pro PC and found InstallPad as a potential method to do it all. However before using it I was wondering if there were any other similar apps that could be better or easier to use? Requirements (should haves more than must haves): - Free - Easy to use and configure - preferably from point and click in a GUI instead of command line params or config files - Robust - bug free or still in active/ongoing development - Some level of support or active community for help or tips - Pre-existing file lists that can be adapted for own use or used outright. Thanks in advance.. Ian

    Read the article

  • Decreasing lagging on router, while gaming

    - by user2699451
    I had absolutely no idea where to post this question and get a professional answer for it but here goes... Okay, so I guess everyone whos is reading this had played online, and so I was playing LoL again tonight and my brother decided that now was a great time to go on youtube and start watching a movie, so my ping (connecting from South Africa to EU west server) is around 190-220 average, however it started spiking to 2000 and average was 600-800, so it arised the question, how ther hell can I "kick" him off for the time being I tried reasoning it out with him but its like playing chess with a pigeon, he's studying to be an engineer, and I just cant win an argument with him, so i need to step it up a level... I have in the past used the aireplay method by sending deauth packets but it only helped so much, is there another way of either kicking a peer of the local wifi or decreasing the lag spikes while in session or even splitting the bandwidth equally in 2 or 3,etc What do I do p.s. sorry if off topic, if it is not appropriate, just say which website will be able to help or assist me...

    Read the article

  • What disk setup is needed / best practice for hypervisor-only servers?

    - by Luke404
    Planning to buy some servers to run an hypervisor (Citrix XenServer or VMware vSphere, still have to decide between the two) we'd like to boot off the local redundant SD card module offered by various vendors (eg. Dell, HP, etc...). The actual VMs will run from an existing iSCSI SAN (which, by the way, can't support booting the servers directly off the SAN). What are the reasons, if any, to choose completely diskless servers VS having some local storage? And what would be the guidelines to choose that local storage? (number of spindles, raid level, etc)

    Read the article

  • Internet Explorer changes brightness

    - by Sale
    I have a very annoying problem with IE8 on Vista: My screen brightness changes when I view a page with IE. It slowly dimms brightness some 20% - enough to be noticeable. This seems to be dependent on the OVERALL brightness of the page viewed or of the amount of bright space on the page... sometimes it dimms down if the page is bright, sometimes the complete different, it dimms when lot of dark space is on the page. I know this sounds weird, I cannot describe it better. It takes about one,two seconds from on brightness level to the other. This ONLY occurs in IE - not in Word or any other application. Please help! This dimming is very stressfull for my eyes.

    Read the article

  • How should I implement an email circuit test?

    - by lukecyca
    I want a high-level test that ensures that both incoming and outgoing email services are operating normally. I've achieved this by writing a python script which does this: Send a message with a unique hash through my mail server to [email protected] The gmail account is configured to auto-reply back to the same address and then delete the message. My script polls IMAP until it finds an email with the correct hash sitting in its inbox, or times out. It reports the elapsed time to my monitoring software (Zabbix) My question: Is gmail the best third-party to use? Should I add a couple others as well such as hotmail and yahoo? Is there anyone more official that will auto-reply to these sorts of "mail pings"? Any other recommendations for this type of test?

    Read the article

  • From a quality perspective, what is better: Turning volume up in the software, in the OS, or on the speakers?

    - by Qqwy
    I kept thinking about this, and out of sheer curiosity, I decided to ask: If music isn't loud enough. How do I get the best quality?(Even if the difference is in fact so small it's neglectible) By making the music louder in my music player, game or other sound-producing software program. By raising the volume at the Operating System level (for instance, by clicking the 'speaker' icon on the windows bar and turning the volume up) By turning the volume up on the Amplifier or Speakers that are attached to your computer, and thus changing the volume on the 'hardware' Does programs vs OS matter? Does software vs. hardware matter? Thanks, Qqwy

    Read the article

  • Dell PowerEdge 6850 Degraded HDD

    - by Matt
    Good Morning, We have a dell power edge 6850 with a degraded drive in the RAID array. I have never had to recover such an issue, so any help or advice would be welcome. Basically it hasn't affected the server at an operating system level, but has slowed down performance, I have a replacement drive in hand but as this is our main database server I want to proceed with extreme caution. My options as I see them are - Can I just hot swap the degraded drive with the new one and the data will automatically re-sync and we are all back to normal presumably this is dependant on the current raid configuration? reading various comments on-line I may need to re-configure the RAID array and re-build the broken drive? This screams disaster to me with the main worry being that I wipe any other data. Option 1 would of course make my day. Thanks in advance

    Read the article

  • How to set up Google Apps (mail) MX Records on DNSMadeEasy (screen shot included)

    - by user41847
    I am attempting to complete google's mail MX setup. I would link, but new users can't have two links, and I think the following img is more important. This is what my input options are for DNS Made Easy, which manages my domain: http://img94.imageshack.us/img94/5662/dnsmadeeasy.gif I would like to confirm that I understand the fields correctly. It is my understanding that I am supposed to: Leave Name (Host) Blank Set Data to ASPMX.L.GOOGLE.COM. (and repeat for each of the server addresses provided by google) Set the MX level to what Google has in "Priority" column Set TTL as high as possible Did I get it right? The nightmare scenario is that I screw up, and bring everyone's mail down :P Thanks in advance for your time.

    Read the article

  • Why doesn't my laptop battery charge while the laptop is in use?

    - by larryb82
    Up until a week ago, my laptop has always been able to charge the battery while I'm using it. Now, it will not charge unless the computer is sleeping, hibernating, or turned off. The icon in the start tray states that the battery is charging but it is not animated (it used to be) and of course the power level does not increase. Otherwise, the battery seems to be fine. The battery life is decent (2h+) and while the laptop is in use and plugged in the battery will maintain a constant charge. Any troubleshooting help would be great (i.e. is this a charger issue, battery issues, software issue, etc...)

    Read the article

  • How to open a server port outside of an OpenVPN tunnel with a pf firewall on OSX (BSD)

    - by Timbo
    I have a Mac mini that I use as a media server running XBMC and serves media from my NAS to my stereo and TV (which has been color calibrated with a Spyder3Express, happy). The Mac runs OSX 10.8.2 and the internet connection is tunneled for general privacy over OpenVPN through Tunnelblick. I believe my anonymous VPN provider pushes "redirect_gateway" to OpenVPN/Tunnelblick because when on it effectively tunnels all non-LAN traffic in- and outbound. As an unwanted side effect that also opens the boxes server ports unprotected to the outside world and bypasses my firewall-router (Netgear SRX5308). I have run nmap from outside the LAN on the VPN IP and the server ports on the mini are clearly visible and connectable. The mini has the following ports open: ssh/22, ARD/5900 and 8080+9090 for the XBMC iOS client Constellation. I also have Synology NAS which apart from LAN file serving over AFP and WebDAV only serves up an OpenVPN/1194 and a PPTP/1732 server. When outside of the LAN I connect to this from my laptop over OpenVPN and over PPTP from my iPhone. I only want to connect through AFP/548 from the mini to the NAS. The border firewall (SRX5308) just works excellently, stable and with a very high throughput when streaming from various VOD services. My connection is a 100/10 with a close to theoretical max throughput. The ruleset is as follows Inbound: PPTP/1723 Allow always to 10.0.0.40 (NAS/VPN server) from a restricted IP range >corresponding to possible cell provider range OpenVPN/1194 Allow always to 10.0.0.40 (NAS/VPN server) from any Outbound: Default outbound policy: Allow Always OpenVPN/1194 TCP Allow always from 10.0.0.40 (NAS) to a.b.8.1-a.b.8.254 (VPN provider) OpenVPN/1194 UDP Allow always to 10.0.0.40 (NAS) to a.b.8.1-a.b.8.254 (VPN provider) Block always from NAS to any On the Mini I have disabled the OSX Application Level Firewall because it throws popups which don't remember my choices from one time to another and that's annoying on a media server. Instead I run Little Snitch which controls outgoing connections nicely on an application level. I have configured the excellent OSX builtin firewall pf (from BSD) as follows pf.conf (Apple App firewall tie-ins removed) (# replaced with % to avoid formatting errors) ### macro name for external interface. eth_if = "en0" vpn_if = "tap0" ### wifi_if = "en1" ### %usb_if = "en3" ext_if = $eth_if LAN="{10.0.0.0/24}" ### General housekeeping rules ### ### Drop all blocked packets silently set block-policy drop ### all incoming traffic on external interface is normalized and fragmented ### packets are reassembled. scrub in on $ext_if all fragment reassemble scrub in on $vpn_if all fragment reassemble scrub out all ### exercise antispoofing on the external interface, but add the local ### loopback interface as an exception, to prevent services utilizing the ### local loop from being blocked accidentally. ### set skip on lo0 antispoof for $ext_if inet antispoof for $vpn_if inet ### spoofing protection for all interfaces block in quick from urpf-failed ############################# block all ### Access to the mini server over ssh/22 and remote desktop/5900 from LAN/en0 only pass in on $eth_if proto tcp from $LAN to any port {22, 5900, 8080, 9090} ### Allow all udp and icmp also, necessary for Constellation. Could be tightened. pass on $eth_if proto {udp, icmp} from $LAN to any ### Allow AFP to 10.0.0.40 (NAS) pass out on $eth_if proto tcp from any to 10.0.0.40 port 548 ### Allow OpenVPN tunnel setup over unprotected link (en0) only to VPN provider IPs ### and port ranges pass on $eth_if proto tcp from any to a.b.8.0/24 port 1194:1201 ### OpenVPN Tunnel rules. All traffic allowed out, only in to ports 4100-4110 ### Outgoing pings ok pass in on $vpn_if proto {tcp, udp} from any to any port 4100:4110 pass out on $vpn_if proto {tcp, udp, icmp} from any to any So what are my goals and what does the above setup achieve? (until you tell me otherwise :) 1) Full LAN access to the above ports on the mini/media server (including through my own VPN server) 2) All internet traffic from the mini/media server is anonymized and tunneled over VPN 3) If OpenVPN/Tunnelblick on the mini drops the connection, nothing is leaked both because of pf and the router outgoing ruleset. It can't even do a DNS lookup through the router. So what do I have to hide with all this? Nothing much really, I just got carried away trying to stop port scans through the VPN tunnel :) In any case this setup works perfectly and it is very stable. The Problem at last! I want to run a minecraft server and I installed that on a separate user account on the mini server (user=mc) to keep things partitioned. I don't want this server accessible through the anonymized VPN tunnel because there are lots more port scans and hacking attempts through that than over my regular IP and I don't trust java in general. So I added the following pf rule on the mini: ### Allow Minecraft public through user mc pass in on $eth_if proto {tcp,udp} from any to any port 24983 user mc pass out on $eth_if proto {tcp, udp} from any to any user mc And these additions on the border firewall: Inbound: Allow always TCP/UDP from any to 10.0.0.40 (NAS) Outbound: Allow always TCP port 80 from 10.0.0.40 to any (needed for online account checkups) This works fine but only when the OpenVPN/Tunnelblick tunnel is down. When up no connection is possbile to the minecraft server from outside of LAN. inside LAN is always OK. Everything else functions as intended. I believe the redirect_gateway push is close to the root of the problem, but I want to keep that specific VPN provider because of the fantastic throughput, price and service. The Solution? How can I open up the minecraft server port outside of the tunnel so it's only available over en0 not the VPN tunnel? Should I a static route? But I don't know which IPs will be connecting...stumbles How secure would to estimate this setup to be and do you have other improvements to share? I've searched extensively in the last few days to no avail...If you've read this far I bet you know the answer :)

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 586 587 588 589 590 591 592 593 594 595 596 597  | Next Page >