Search Results

Search found 4538 results on 182 pages for 'rules'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 94/182 | < Previous Page | 90 91 92 93 94 95 96 97 98 99 100 101  | Next Page >

  • How to design a data model that deals with (real) contracts?

    - by Geoffrey
    I was looking for some advice on designing a data model for contract administration. The general life cycle of a contract is thus: Contract is created and in a "draft" state. It is viewable internally and changes may be made. Contract goes out to vendor, status is set to "pending" Contract is rejected by vendor. At this state, nothing can be done to the contract. No statuses may be added to the collection. Contract is accepted by vendor. At this state, nothing can be done to the contract. No statuses may be added to the collection. I obviously want to avoid a situation where the contract is accepted and, say, the amount is changed. Here are my classes: [EnforceNoChangesAfterDraftState] public class VendorContract { public virtual Vendor Vendor { get; set; } public virtual decimal Amount { get; set; } public virtual VendorContact VendorContact { get; set; } public virtual string CreatedBy { get; set; } public virtual DateTime CreatedOn { get; set; } public virtual FileStore Contract { get; set; } public virtual IList<VendorContractStatus> ContractStatus { get; set; } } [EnforceCorrectWorkflow] public class VendorContractStatus { public virtual VendorContract VendorContract { get; set; } public virtual FileStore ExecutedDocument { get; set; } public virtual string Status { get; set; } public virtual string Reason { get; set; } public virtual string CreatedBy { get; set; } public virtual DateTime CreatedOn { get; set; } } I've omitted the filestore class, which is basically a key/value lookup to find the document based on its guid. The VendorContractStatus is mapped as a many-to-one in Nhibernate. I then use a custom validator as described here. If anything but draft is returned in the VendorContractStatus collection, no changes are allowed. Furthermore the VendorContractStatus must follow the correct workflow (you can add a rejected after a pending, but you can't add anything else to the collection if a reject or accepted exists, etc.). All sounds alright? Well a colleague has argued that we should simply add an "IsDraft" bool property to VendorContract and not accept updates if IsDraft is false. Then we should setup a method inside of VendorContractStatus for updating the status, if something gets added after a draft, it sets the IsDraft property of VendorContract to false. I do not like this as it feels like I'm dirtying up the POCOs and adding logic that should persist in the validation area, that no rules should really exist in these classes and they shouldn't be aware of their states. Any thoughts on this and what is the better practice from a DDD perspective? From my view, if in the future we want more complex rules, my way will be more maintainable over the long run. Say we have contracts over a certain amount to be approved by a manager. I would think it would be better to have a one-to-one mapping with a VendorContractApproval class, rather than adding IsApproved properties, but that's just speculation. This might be splitting hairs, but this is the first real gritty enterprise software project we've done. Any advice would be appreciated!

    Read the article

  • How to run programs from a different directory in unix

    - by user1067358
    I know this is a very simple question, and that many similar (but more complicated!) questions have been asked- So i wanted to ask this in a very plane manner. Sorry if this voids the rules of conduct on this website! I'm very new to using unix. I have a program that converts a ".evt" file to an .rq1, which is used for data analysis. The command to do so is simple, for example: Convert data.evt (this outputs data.rq1). This program, let's say, is located in directory /A and I have a data file that I want to convert in directory /B. How would I go about executing this program without moving the convert program to directory B?

    Read the article

  • Taking stock of an existing ASA Firewall

    - by Nate
    Imagine you are given an existing network using an ASA firewall. The network works, but you aren't sure of anything else. The firewall may be completely improperly configured, with "outside" actually being inside and "inside" actually being outside, for all you know. My question is this: what are the commands to take stock of an existing ASA firewall setup? With only CLI access, how do I figure out: What interfaces are available The names of the interfaces The security levels attached to the interfaces The access-lists attached to the interfaces, including rules and directions I know how to set these things (interface, nameif, security-level, and access-list/access-group), but I don't know how to figure them out given an existing system. On a related note, is there anything else that I should worry about checking to make sure that the network isn't wide open? Thanks!

    Read the article

  • Limiting and redirect port access with useragent

    - by linuxcore
    I'm trying to write iptables string match rule To block http://domain.com:8888 and https://domain.com:8888 when it matches the supplied string in the rule. And another rule to redirect the ports also from 8888 to 7777 I tried following rules but unfortunately didn't work iptables -A INPUT -p tcp -s 0.0.0.0/0 -m string --string linuxcore --algo bm --sport 8888 -j DROP iptables -t raw -A PREROUTING -m string --algo bm --string linuxcore -p tcp -i eth0 --dport 8888 -j DROP iptables -t nat -A PREROUTING -p tcp --dport 8888 -m string --algo bm --string "linuxcore" -j REDIRECT --to-port 7777 iptables -A INPUT -t nat -p tcp --dport 8888 -m string --algo bm --string "linuxcore" -j DROP I want to do this from iptables not the webserver because the server may not have a webserver and those ports are working on internal proxy or something like ..etc

    Read the article

  • Iptables remote port forwarding and dynamic remote ip

    - by lbwtz2
    Hello, I want to forward a port from my remote vps to my domestic server and I am quite a newbie with iptables. The problem is that I am using a dynamic dns service to reach my home server from the internet so I don't have a fixed ip and iptables doesn't like urls. The rules I am willing to use are these: -t nat -A PREROUTING -p tcp -i eth0 -d xxx.xxx.xxx.xxx --dport 8888 -j DNAT --to myhome.tld:80 -A FORWARD -p tcp -i eth0 -d myhome.tld --dport 80 -j ACCEPT Of course I recevie a Error BAD IP ADDRESS because of myhome.tld. What can I do?

    Read the article

  • Apache url rewrite to Nginx

    - by Kaloyan
    i work on a little php platform and my server is nginx. The first version of this php site was developed for Apache server. I need to upgrade the site and to migrate it to nginx server. The problem is url rewriting. I have this simple url rewrite rules in my Apache server: RewriteEngine On RewriteBase /simple-php/ RewriteCond %{REQUEST_FILENAME} !-d [NC] RewriteCond %{REQUEST_FILENAME} !-f [NC] RewriteRule ^(.*)$ viewpost.php?id=$1 [QSA,L] I can't "translate" this to nginx rewrite syntax. Can anybody help me? P.S. I can read both documentations, but i have not this time, just need fast solution. Thanks!

    Read the article

  • Remote access to a KVM Ubuntu virtual server

    - by Lee
    I've just setup an ubuntu virtual server and everything seems to be working fine. I used KVM to get it working with a bridged network. I've given the virtual server a static ip address on my network. I don't seem to be able to connect to the virtual machine though from outside my network. If I'm on my own network it all works fine, I can ping the ip and connect to it. The virtual server can ping other machines and sites on the internet. I changed the port forwarding rules on my router to forward any connections on a specific port to the virtual server ip address thinking that was the problem, but it was still the same. Is there something I'm missing here which is blocking outside connections to the virtual machine? Thanks.

    Read the article

  • Rejecting new HTTP requests when server reaches a certain throughput

    - by Sam
    I have a requirement to run an HTTP server that rejects new HTTP requests (with a 503, or similar) when the global transfer rate of current HTTP responses exceeds a certain level. For example, if the web server is transferring at 98Mbps, and a new HTTP request arrives, we would want to reject this (as we couldn't guarantee a good speed). I've had a look at mod_cband for Apache, limit_req for nginx, and lighttpd's rate limiting features, but none of them seem to handle my (rather contrived, granted) use case. I should add that I'm open to using pretty much any web server, and am open to implementing this in iptables rules if someone can craft such a rule! (Refusing the TCP connection is fine, it doesn't have to respond with an HTTP 503). Any suggestions?

    Read the article

  • Outlook 2007 Script that sends new form email when a message is dragged and dropped into a folder

    - by Mark
    Is it possible to write a script that will allow Outlook to automatically send out a new email to a distribution list when you drag and drop and previously opened email into a specified folder? The rules only let you apply them to received and sent messages. They do not allow you to apply it to anything that is dragged and dropped after being opened. It baffles me that Novell Groupwise had this functionality but Outlook 2007 does not. If someone can assist me in writing a script/macro to provided this functionality, it would be greatly appreciated. Thank you.

    Read the article

  • Wordpress blog with Joomla?

    - by user427902
    Hi, I had this Wordpress installation which was installed in a subfolder (not root). Like http: //server/blog/. Now, I installed Joomla on the root (http: //server/). Everything seems to be working fine with the Joomla part. However, the blog part is messed up. If I try to browse the homepage of my blog which is http: //server/blog/ it works like a charm. But while trying to view individual blog pages like say, http: //server/blog/some_category/some_post I get a Joomla 404 page. So, I was wondering if it was possible to use both Wordpress and Joomla in the same server in the setup I am trying to. Let me clarify that I am NOT looking to integrate user login and other such things. I just want the blog to be functional under a subfolder while I run the Joomla site in the root. So, what is the correct way to go about it. Can this be solved by any .config edits or something else? Edit: Here's the .htaccess for Joomla ... (I can't find any .htaccess for Wp though, still looking for it.) ## # @version $Id: htaccess.txt 14401 2010-01-26 14:10:00Z louis $ # @package Joomla # @copyright Copyright (C) 2005 - 2010 Open Source Matters. All rights reserved. # @license http://www.gnu.org/copyleft/gpl.html GNU/GPL # Joomla! is Free Software ## ##################################################### # READ THIS COMPLETELY IF YOU CHOOSE TO USE THIS FILE # # The line just below this section: 'Options +FollowSymLinks' may cause problems # with some server configurations. It is required for use of mod_rewrite, but may already # be set by your server administrator in a way that dissallows changing it in # your .htaccess file. If using it causes your server to error out, comment it out (add # to # beginning of line), reload your site in your browser and test your sef url's. If they work, # it has been set by your server administrator and you do not need it set here. # ##################################################### ## Can be commented out if causes errors, see notes above. Options +FollowSymLinks # # mod_rewrite in use RewriteEngine On ########## Begin - Rewrite rules to block out some common exploits ## If you experience problems on your site block out the operations listed below ## This attempts to block the most common type of exploit `attempts` to Joomla! # ## Deny access to extension xml files (uncomment out to activate) #<Files ~ "\.xml$"> #Order allow,deny #Deny from all #Satisfy all #</Files> ## End of deny access to extension xml files RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR] # Block out any script trying to base64_encode crap to send via URL RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR] # Block out any script that includes a <script> tag in URL RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR] # Block out any script trying to set a PHP GLOBALS variable via URL RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR] # Block out any script trying to modify a _REQUEST variable via URL RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) # Send all blocked request to homepage with 403 Forbidden error! RewriteRule ^(.*)$ index.php [F,L] # ########## End - Rewrite rules to block out some common exploits # Uncomment following line if your webserver's URL # is not directly related to physical file paths. # Update Your Joomla! Directory (just / for root) # RewriteBase / ########## Begin - Joomla! core SEF Section # RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_URI} !^/index.php RewriteCond %{REQUEST_URI} (/|\.php|\.html|\.htm|\.feed|\.pdf|\.raw|/[^.]*)$ [NC] RewriteRule (.*) index.php RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L] # ########## End - Joomla! core SEF Section

    Read the article

  • Reverse Proxy (mod_rewrite) and Rails (absolute paths)

    - by SooDesuNe
    I have front end rails app, that reverse proxies to any of a number of backend rails apps depending on URL, for example http://www.my_host.com/app_one reverse proxies to http://www.remote_host_running_app_one.com such that a URL like http://www.my_host.com/app_one/users will display the contents of http://www.remote_host_running_app_one.com/users I have a large, and ever expanding number of backends, so they can not be explicitly listed anywhere other than a database. This is no problem for mod_rewrite using a prg:/ rewrite map reverse proxy. The question is, the urls returned by rails helpers have the form /controller/action making them absolute to the root. This is a problem for the page served by mod_rewrite because links on the proxied page appear as absolute to the domain. i.e.: http://www.my_host.com/app_one/controller/action has links that end up looking like /controller/action/ when they need to look like /app_one/controller/action mod_proxy_html seems like the right idea, but it doesn't seem to be as dynamic as I would need, since the rules need to be hard coded into the config files. Is there a way to fix this server-side, so that the links will be routed correctly?

    Read the article

  • Does setting an A record for a root domain set it (automatically) for subdomains?

    - by Edan Maor
    I bought a domain from Dreamhost, but my servers are actually running on Amazon's AWS. I have an Elastic IP, say 1.1.1.1. In the Dreamhost panel, I've added an A record for my domain name, pointing it to 1.1.1.1. My question is, are all subdomains (e.g. www.mydomain.com, a.mydomain.com, etc.) automatically mapped to 1.1.1.1 as well, because the root is? Or do I have to add separate rules for each subdomain?

    Read the article

  • Forward request through IPTables

    - by Jeremy
    I have a server running CentOS with 50 IP addresses on it. I was looking to use it as a proxy server (not just HTTP), but can't find any examples on how to set up the IP Tables. I want to proxy into IP-X and have my request look like its coming from IP-X. I currently do this on squid, but we need to proxy more than just HTTP traffic. Here is an example of the squid config: acl users src 255.255.255.255 #Locked down IP address acl all src 0.0.0.0/0.0.0.0 # http access rules http_access deny !users http_access allow users http_reply_access deny !users http_reply_access allow users icp_access deny all #ip_addresses acl ip3 myip 10.1.1.3 tcp_outgoing_address 10.1.1.3 ip3 Do to IP restrictions I need access to IMAP, POP and SMTP through a proxy. I want to use the server I already pay for that has 50 IPs on it as the proxy server.

    Read the article

  • What is the right iptables rule to allow apt-get to download programs?

    - by anthony01
    When I type something like sudo apt-get install firefox, everything work until it asks me: After this operation, 77 MB of additional disk space will be used. Do you want to continue [Y/n]? Y Then error messages are displayed: Failed to fetch: <URL> My iptables rules are as follows: -P INPUT DROP -P OUTPUT DROP -P FORWARD DROP -A INPUT -i lo -j ACCEPT -A OUTPUT -o lo -j ACCEPT -A INPUT -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT -A OUTPUT -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT What should I add to allow apt-get to download updates? Thanks

    Read the article

  • Unable to change IP address for eth0 without restart in Ubuntu

    - by Rodnower
    I have Ubuntu 12.04.1 installed. I tried to change the IP address of the interface eth0 in /etc/network/interfaces from 192.168.1.3 to 192.168.1.4 auto lo iface lo inet loopback pre-up iptables-restore < /etc/iptables.up.rules auto eth0 iface eth0 inet static address 192.168.1.4 gateway 192.168.1.1 netmask 255.255.255.0 network 192.168.1.0 broadcast 192.168.1.255 sudo service networking status When I issue: sudo service networking restart I get this response: stop: Unknown instance: networking stop/waiting And IP remains 192.168.1.3: eth0 Link encap:Ethernet HWaddr 00:1e:33:71:cd:a4 inet addr:192.168.1.3 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::21e:33ff:fe71:cda4/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:3861 errors:0 dropped:0 overruns:0 frame:0 TX packets:3291 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:3423285 (3.4 MB) TX bytes:521854 (521.8 KB) Interrupt:45 Base address:0x4000 Only after restart does the IP change. Any ideas?

    Read the article

  • How to configure something like "Reflexive ACL" on OpenBSD?

    - by Earlz
    My U-Verse modem has something called "Reflexive ACL" described as Reflexive ACL: When IPv6 is enabled, you can enable Reflexive Access Control Lists to deny inbound IPv6 traffic unless this traffic results from returning outgoing packets (except as configured through firewall rules). This seems like a pretty good way to keep from having to maintain a firewall on each computer behind my router that gets handed an IPv6 address. It sounds about like a NAT, which for my small home network is all I want right now. Now my modem sucks as a router though, so I'm in the process of configuring an OpenBSD router to do that. I've got IPv6 supported and all that and my OpenBSD router will hand out IPv6 addresses by rtadvd. Now I want to keep people from having instant access to my local network through IPv6. How would I best do something like Reflexive ACL with pf in OpenBSD 5.0?

    Read the article

  • Inaccurate bandwidth limiting in altq queues

    - by overkordbaever
    I'm setting up an environment where I have one Linux server, one OpenBSD router and one Linux client and I want to be able to limit how much bandwidth the client should be able to use. I've been performing these tests with "netcat" and "time" (using time to measure the time of the transfer with netcat), and what happens when trying these tests (using the TCP protocol, the queues will for some reason not work with UDP) is that the queues aren't exact at all. For example: when setting a bandwidth limit of 10mbit, the client cannot use more than five mbits, when setting a limit of 100mbit, the client cannot use more than around 50mbit. The config looks like (using a 100mbit limit in the example): #queue rules altq on { $int_if, $ext_if } cbq bandwidth 100Mb queue { def, low } queue def bandwidth 0Mb cbq(default) queue low bandwidth 100Mb cbq(default) #Passrules test pass out quick from $int_if to $ext_if queue low pass in quick from $ext_if to $int_if queue low pass out quick from $ext_if to $int_if queue low pass in quick from $int_if to $ext_if queue low

    Read the article

  • Best way to use mod_rewrite to replace WordPress pages with static files

    - by David Moles
    Here's the situation: I've got an old WordPress installation that I'd like to archive as static files, but I'd also like to preserve old URLs. I've already created the static archive with wget and sorted out the filenames and links. Now I'd like to configure Apache to intercept requests for the old dynamic URL and replace them with the new static one, e.g.: http://www.example.org/log/?p=1234 or http://www.example.org/log/index.php?p=1234 should redirect to http://www.example.org/log/archives/1234.html I've tried adding the following to the VirtualHost config for example.org, but to no effect -- I just get the PHP page. RewriteCond %{REQUEST_URI} /log/ RewriteCond %{QUERY_STRING} p=([^&;]*) RewriteRule ^/$ http://%{SERVER_NAME}/log/archives/%1.html [R,L] I've enabled logging and I can see what look like other rules being applied, but not this one. None of my other guesses at match patterns for %{REQUEST_URI} seem to have any effect either (log, log/, log.*, even .*). I'm new to mod_rewrite and this is mostly cargo cult, so I'm pretty sure I've gotten it wrong. Anyone know what I should be doing here?

    Read the article

  • VM clients can not access WAN

    - by Saariko
    I have a new VM host on my network, on a Dell R620. The dedicated iDrac is connected with static IP of: 192.168.3.x NIC #1 is connected to my router The eSXI 5.1 host is with IP of 192.168.3.250 The vSphere appliance has a static IP of 192.168.3.241 All the clients on the new host are in the same network 192.168.3.x All clients are Windows 2008 R2 My problem is that non of the clients can access the WAN. I can't ping anything which is beyond my router. I CAN ping anything within my router, even if it's on a different subnet - 192.168.0.x (Router rules are in tact and working) I can ping the gateway (192.168.3.254) One thing that I checked, and is bothering my (but don't know if it has any relevance) is that on the Host Networking properties, there is a vmnic0 (picture) that shows as if it only recognizes 192.168.0.x network - is that so? The command: route print shows me the following details, where I have a duplicate entry for 0.0.0.0 (and one is wrong) - which is probably also why it's not working

    Read the article

  • How to open a server port outside of an OpenVPN tunnel with a pf firewall on OSX (BSD)

    - by Timbo
    I have a Mac mini that I use as a media server running XBMC and serves media from my NAS to my stereo and TV (which has been color calibrated with a Spyder3Express, happy). The Mac runs OSX 10.8.2 and the internet connection is tunneled for general privacy over OpenVPN through Tunnelblick. I believe my anonymous VPN provider pushes "redirect_gateway" to OpenVPN/Tunnelblick because when on it effectively tunnels all non-LAN traffic in- and outbound. As an unwanted side effect that also opens the boxes server ports unprotected to the outside world and bypasses my firewall-router (Netgear SRX5308). I have run nmap from outside the LAN on the VPN IP and the server ports on the mini are clearly visible and connectable. The mini has the following ports open: ssh/22, ARD/5900 and 8080+9090 for the XBMC iOS client Constellation. I also have Synology NAS which apart from LAN file serving over AFP and WebDAV only serves up an OpenVPN/1194 and a PPTP/1732 server. When outside of the LAN I connect to this from my laptop over OpenVPN and over PPTP from my iPhone. I only want to connect through AFP/548 from the mini to the NAS. The border firewall (SRX5308) just works excellently, stable and with a very high throughput when streaming from various VOD services. My connection is a 100/10 with a close to theoretical max throughput. The ruleset is as follows Inbound: PPTP/1723 Allow always to 10.0.0.40 (NAS/VPN server) from a restricted IP range >corresponding to possible cell provider range OpenVPN/1194 Allow always to 10.0.0.40 (NAS/VPN server) from any Outbound: Default outbound policy: Allow Always OpenVPN/1194 TCP Allow always from 10.0.0.40 (NAS) to a.b.8.1-a.b.8.254 (VPN provider) OpenVPN/1194 UDP Allow always to 10.0.0.40 (NAS) to a.b.8.1-a.b.8.254 (VPN provider) Block always from NAS to any On the Mini I have disabled the OSX Application Level Firewall because it throws popups which don't remember my choices from one time to another and that's annoying on a media server. Instead I run Little Snitch which controls outgoing connections nicely on an application level. I have configured the excellent OSX builtin firewall pf (from BSD) as follows pf.conf (Apple App firewall tie-ins removed) (# replaced with % to avoid formatting errors) ### macro name for external interface. eth_if = "en0" vpn_if = "tap0" ### wifi_if = "en1" ### %usb_if = "en3" ext_if = $eth_if LAN="{10.0.0.0/24}" ### General housekeeping rules ### ### Drop all blocked packets silently set block-policy drop ### all incoming traffic on external interface is normalized and fragmented ### packets are reassembled. scrub in on $ext_if all fragment reassemble scrub in on $vpn_if all fragment reassemble scrub out all ### exercise antispoofing on the external interface, but add the local ### loopback interface as an exception, to prevent services utilizing the ### local loop from being blocked accidentally. ### set skip on lo0 antispoof for $ext_if inet antispoof for $vpn_if inet ### spoofing protection for all interfaces block in quick from urpf-failed ############################# block all ### Access to the mini server over ssh/22 and remote desktop/5900 from LAN/en0 only pass in on $eth_if proto tcp from $LAN to any port {22, 5900, 8080, 9090} ### Allow all udp and icmp also, necessary for Constellation. Could be tightened. pass on $eth_if proto {udp, icmp} from $LAN to any ### Allow AFP to 10.0.0.40 (NAS) pass out on $eth_if proto tcp from any to 10.0.0.40 port 548 ### Allow OpenVPN tunnel setup over unprotected link (en0) only to VPN provider IPs ### and port ranges pass on $eth_if proto tcp from any to a.b.8.0/24 port 1194:1201 ### OpenVPN Tunnel rules. All traffic allowed out, only in to ports 4100-4110 ### Outgoing pings ok pass in on $vpn_if proto {tcp, udp} from any to any port 4100:4110 pass out on $vpn_if proto {tcp, udp, icmp} from any to any So what are my goals and what does the above setup achieve? (until you tell me otherwise :) 1) Full LAN access to the above ports on the mini/media server (including through my own VPN server) 2) All internet traffic from the mini/media server is anonymized and tunneled over VPN 3) If OpenVPN/Tunnelblick on the mini drops the connection, nothing is leaked both because of pf and the router outgoing ruleset. It can't even do a DNS lookup through the router. So what do I have to hide with all this? Nothing much really, I just got carried away trying to stop port scans through the VPN tunnel :) In any case this setup works perfectly and it is very stable. The Problem at last! I want to run a minecraft server and I installed that on a separate user account on the mini server (user=mc) to keep things partitioned. I don't want this server accessible through the anonymized VPN tunnel because there are lots more port scans and hacking attempts through that than over my regular IP and I don't trust java in general. So I added the following pf rule on the mini: ### Allow Minecraft public through user mc pass in on $eth_if proto {tcp,udp} from any to any port 24983 user mc pass out on $eth_if proto {tcp, udp} from any to any user mc And these additions on the border firewall: Inbound: Allow always TCP/UDP from any to 10.0.0.40 (NAS) Outbound: Allow always TCP port 80 from 10.0.0.40 to any (needed for online account checkups) This works fine but only when the OpenVPN/Tunnelblick tunnel is down. When up no connection is possbile to the minecraft server from outside of LAN. inside LAN is always OK. Everything else functions as intended. I believe the redirect_gateway push is close to the root of the problem, but I want to keep that specific VPN provider because of the fantastic throughput, price and service. The Solution? How can I open up the minecraft server port outside of the tunnel so it's only available over en0 not the VPN tunnel? Should I a static route? But I don't know which IPs will be connecting...stumbles How secure would to estimate this setup to be and do you have other improvements to share? I've searched extensively in the last few days to no avail...If you've read this far I bet you know the answer :)

    Read the article

  • postfix cannot send email

    - by AKLP
    I'd like to mention that im really new to this so please bear with me. I'm trying to setup a forum software to send emails via postfix but I think my server has the port 25 blocked. I tried running these: works: ping alt2.gmail-smtp-in.l.google.com don't work: telnet alt2.gmail-smtp-in.l.google.com 25 telnet 66.249.93.114 25 tried flushing iptables and then using these rules but didn't work either: sudo iptables --flush sudo iptables -P INPUT ACCEPT sudo iptables -P OUTPUT ACCEPT sudo iptables -P FORWARD ACCEPT sudo iptables -F sudo iptables -X doing a telnet on 25 port to localhost url works but nothing when telnet'ing in none local urls. mail.log: Oct 17 01:20:24 webhost postfix/smtp[3642]: connect to alt2.gmail-smtp-in.l.google.com[2607:f8b0:400e:c03::1a]:25: Connection timed out Oct 17 01:20:24 webhost postfix/smtp[3643]: connect to alt2.gmail-smtp-in.l.google.com[2607:f8b0:400e:c03::1a]:25: Connection timed out Oct 17 01:20:24 webhost postfix/smtp[3642]: 4744380032: to=<[email protected]>, relay=none, delay=2892, delays=2741/0.03/150/0, dsn=4.4.1, status=deferred (connect to alt2.gmail-smtp-in.l.google.com[2607:f$

    Read the article

  • Privoxy rule to block Facebook spying

    - by bignose
    Recently, my server's Privoxy rules to block Facebook's spying have failed. How can I block current Facebook spying links? Since soon after [the inception of Facebook's so-called “Open Graph” cross-site tracking widgets][1] (those “Like” bugs on numerous websites), I blocked them by using this rule (in user.action) on our site's Privoxy server: { +block-as-image{People-tracking button.} } .facebook.com/(plugins|widgets)/(like|fan).* That worked fine; the spying bugs no longer appeared on any web page. Today I noticed that they're all making it past that filter [edit: no, they're not]. SOLUTION: The proxy was being silently ignored, though this was not obvious in the client. The above rule continues to work fine.

    Read the article

  • IIS7 Rewrite rule being duplicated across 2 different websites (unwanted)

    - by Matt
    We have a IIS7 on Windows Server 2008. It is hosting a handful of sites, on a handful of ip addresses. 2 of those sites are actually wildcards on the domain: *.firstdomain.com *.seconddomain.com However, I am finding that any URL Rewrite rules I add for one of these "websites", is automatically in the URL Rewrite section for the other. Similarly, if I disable the rule in in one, it disables in the other. This doesn't happen with the other sites defined on this server, just these two. I look at the parent (top level, the server as a whole), and the rule is not there. Any idea what's going on here?

    Read the article

  • Messages going missing from Apple mailboxes

    - by Ho Li Cow
    A colleague has noticed random messages being deleted from her Apple Mailboxes. e.g. Message sent to client - client replies - original message nowhere to be found. Not in sent items/sent messages/junk/trash. No rules set up. Have tried rebuilding mailboxes but message doesn't show up. Quite worrying really as it was only noticed by chance so don't know how long/how widespread it is. Mail is controlled by Exchange 2003 server. Anyone come across this before or know what's happening? Many thanks MBP 2.53GHz OS X 10.5.8 Mail 3.6

    Read the article

  • Do TCP connections work differently within the same subnet?

    - by Dean
    I've encountered some network behaviour that confuses me while trying to get Java RMI working. I use netcat to connect to a local machine: [my_machine]$ nc -w 1 192.168.0.100 60000 && echo success success I try to do the same to my server: [my_machine]$ nc -w 1 my-servers-ip 60000 && echo success This doesn't work, unless I explicitly listen on the server socket: [amazon_ec2]$ nc -l 60000 [my_machine]$ nc -w 1 my-servers-ip 60000 && echo success success For the version that fails, the SYN packet receives a RST, ACK in response. I'm not too knowledgable about this stuff, at this point I only have wild theories such as the one in the question. Any ideas? Potentially useful details: Local Machine (192.168.0.100) - Macbook Remote Machine (Amazon EC2) - Amazon Linux AMI 2012.03 Security Group Settings: 22 (SSH) 0.0.0.0/0 1099 0.0.0.0/0 49152-65535 0.0.0.0/0 "iptables -L" shows no rules set

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 90 91 92 93 94 95 96 97 98 99 100 101  | Next Page >