Search Results

Search found 5568 results on 223 pages for 'forward slash'.

Page 99/223 | < Previous Page | 95 96 97 98 99 100 101 102 103 104 105 106 | Next Page >

How do you implement NAT-T passthrough on a Juniper SRX series Firewall?

- by Chris

We have 3 juniper SRX-100 firewalls, they are configured like so: FW1 - FW2 - INTERNET - FW3 We would like to create an IPSEC tunnel between FW3 and FW1 passing through FW2 preferably using NAT-T. Is this possible? FW1 and FW2 have some strict access rules only allowing 1 port connected (it's a DMZ with a server in) so we can't just create a route based vpn between FW1 and FW2 to forward the traffic (otherwise all traffic will be forwarded) We know the tunnel is fine because we have managed to test it between FW1 and FW3 (without FW2 in the middle) so we know that the issue is to do with the 'passthrough' on FW2. Essentially, the question is - What options do we need to select on FW2 to enable it to pass through the IPSEC traffic straight to FW1? Many thanks in advance

Read the article
Force local IP traffic to an external interface

- by calandoa

I have a machine with several interfaces that I can configure as I want, for instance: eth1: 192.168.1.1 eth2: 192.168.2.2 I would like to be able to forward all the traffic to one of these local address trhough the other interface. For instance, all requests to an iperf, ftp, http server at 192.168.1.1 are not just routed internally, but forwarded through eth2 (and the external network will take care of re-routing the packet to eth1). I tried and looked at several commands, like iptables, ip route, etc... but nothing worked. The closest behavior I could get was done with: ip route change to 192.168.1.1/24 dev eth2 which send all 192.168.1.x on eth2, except for 192.168.1.1 which is still routed internally. The goal of this setup is to do interface driver testing without using two PCs. I am using Linux, but if you know how to do that with Windows, I'll buy it!

Read the article
Strange port forwarding problem

- by rAyt

I've got a strange port forwarding problem. The port forwarding to my internal webserver (10.0.0.10 on Port 80) works without a problem but the port forwarding to a windows server (10.0.0.15) on port 3389 doesn't work. The port 3389 is open. Any ideas? thanks! #!/bin/sh IPTABLES="/sbin/iptables" $IPTABLES --flush $IPTABLES --table nat --flush $IPTABLES --delete-chain $IPTABLES --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE $IPTABLES -t nat -A PREROUTING -p tcp -i eth0 -d 188.40.XXX.XXX --dport 3389 -j DNAT --to 10.0.0.15:3389 $IPTABLES -t nat -A PREROUTING -p tcp -i eth0 -d 188.40.XXX.XXX --dport 80 -j DNAT --to 10.0.0.10:80 $IPTABLES -t nat -A PREROUTING -p tcp -i eth0 -d 188.40.XXX.XXX --dport 222 -j DNAT --to 10.0.0.10:22 $IPTABLES --append FORWARD --in-interface eth1 -j ACCEPT

Read the article
Setting up MySQL database replication [without restarting mysql]

- by FunkyChicken

I'm trying to setup MySQL db replication, it seems pretty straight forward. I was using this tutorial: http://www.howtoforge.com/mysql_database_replication Now I run a rather large MySQL database for a very large website, and in this tutorial it asks me to restart MySQL to apply the new settings in the /etc/my.cnf file. I'm try to avoid that step at all costs, as I know that restarting MySQL can take a few minutes on my machine (due to large logs/dbs), and I don't want any downtime. Is there a way to apply the necessary settings WITHOUT fully restarting Mysql?

Read the article
Configuring NAT and static IP on Cisco 877W

- by David M Williams

Hi all, I'm having trouble setting up a static IP reservation on a network. What I want to do is assign IP 192.168.1.105 to MAC address 00:21:5d:2f:58:04 and then port forward 35394 to it. If it helps, output from show ver says Cisco IOS software, C870 software (C870-ADVSECURITYK9-M), version 12.4(4)T7, release software (fc1) ROM: System bootstrap, version 12.3(8r)YI4, release software I have done this - service dhcp ip routing ip dhcp excluded-address 192.168.1.1 192.168.1.99 ip dhcp excluded-address 192.168.1.200 192.168.1.255 ip dhcp pool ClientDHCP network 192.168.1.0 255.255.255.0 default-router 192.168.1.1 dns-server 192.168.1.1 lease 7 ip dhcp pool NEO host 192.168.1.105 255.255.255.0 hardware-address 0021.5D2F.5804 ip nat inside source static tcp 192.168.1.105 35394 <PUBLIC_IP> 35394 extendable However, the machine is getting assigned IP address 192.168.1.101 not .105 ... any suggestions? Thanks !

Read the article
how to configure my internal dns to resolve external resources

- by Ralph Shillington

I have an internal DNS as part of my AD setup. I have an hosted DNS for public resources (which are typically at some data centre somewhere) Occasionally while on our internal network I need to get to a public resource --- for example www.ourcompany.com since there isn't a www record in our internal DNS I cant get the name resolved. How do I configure my DNS to forward names it doesn't recognise to the public DNS. Update: As per the comment yes I have a "split-horizon" dns (which seemed like a good idea at the time) This AD setup is less than 24 hours old, and can be redone if need be -- (although I would rather not)

Read the article
Apple iOS Apps and caching at the edge proxy

- by Matthew Iselin

Our network contains a growing number of iOS devices, all of which with very similar configurations. All Internet access is via a transparent proxy. We've found that iOS updates and some free apps cache fine on the proxy, but any paid apps fail to cache properly (as they seem to be encrypted to the Apple ID (?)). I'm just wondering if there's any way forward with this where we could cache the paid apps so that they are purchased n times, but downloaded from the proxy cache instead of from the Internet each time. Bandwidth caps aside, the download direct from the Internet slows everything down for everyone, regardless of fairness queueing and related 'fixes'. I know this is quite unlikely, but I figured there's nothing to lose and everything to gain before I look into other solutions (eg, QoS).

Read the article
kinit gives me a Kerberos ticket, but no AFS token

- by Tomas Lycken

I'm trying to setup access to my university's IT environment from my laptop running Ubuntu 12.04, by (mostly) following the IT-department's guides on AFS and Kerberos. I can get AFS working well enough so that I can navigate to my home folder (located in the nada.kth.se cell of AFS), and I can get Kerberos working well enough to forward tickets and authenticate me when I connect with ssh. However, I don't seem to get any AFS tokens locally, on my machine, so I can't just go to /afs/nada.kth.se/.../folder/file.txt on my machine and edit it. I can't even stand in /afs/nada.kth.se/.../folder and run ls without getting Permission denied errors. Why doesn't kinit -f [email protected] give me an AFS token? What do I need to do to get one?

Read the article
How can I make pref changes via defaults command happen immediately?

- by user329863

There are many changes to Finder, Dock, etc. preferences that you can do with the defaults command, i.e. defaults write com.apple.finder AppleShowAllFiles -bool yes However, in order to make the changes take effect, you must quit and relaunch the target app: osascript -e 'tell app "Finder" to quit' When the Finder is quit like this (rather than using the killall command, as some published sources advise), it saves and restores its window placements and disk locations (but not the forward-and-back history associated with each window). Is there some way to make such changes take effect immediately, without quitting the target app? After all, when you make changes in the Dock preference panel, they take effect instantly in the Dock application. Is there some Apple Event that I can send to make the change or make the app reread its prefs?

Read the article
How to use iptables to foward outbound web traffic to a proxy?

- by jnman

I've been hitting my head for a while as to how to do this. The scenario is as follows: I want to be able to forward all outbound web traffic from a browswer to Tor so that it is properly anonymized. Normally, one could just set the http proxy in the browser and be done with it but this is with a browser without the ability to do so specifically, a mobile browser. So ideally, what could be done then is to intercept all web/dns traffic requests from the browser and send it to Tor. Assume for this, that Tor will be running on the device too.

Read the article
Default virtual server does not work

- by Luc

Hello, I have 4 Name Virtual Hosts on my apache configuration, each one using proxy_http to forward request to the correct server. They work fine. <VirtualHost *:80> ServerName application_name.domain.tld ProxyRequests Off ProxyPreserveHost On ProxyPass / http://server_ip/ ProxyPassReverse / http://server_ip/ </VirtualHost> I then tried to add a default NameVirtualHost to take care of the requests for which the server name does not match one of the four others. Otherwise a request like some_weird_styff.domain.tld would be forwarded to one of the 4 VH. I then added this one: <VirtualHost *:80> ServerAlias "*" DocumentRoot /var/www/ </VirtualHost> At the beginning it seemed to work fine, but at some point it appears that the requests that should be handed by one of the 4 regular hosts is "eaten" by the default one !!! If I a2dissite this default host, everything is back to normal... I do not really understand this. If you have any clue... thanks a lot, Luc

Read the article
Steps to take when technical staff leave

- by Tom O'Connor

How do you handle the departure process when privileged or technical staff resign / get fired? Do you have a checklist of things to do to ensure the continuing operation / security of the company's infrastructure? I'm trying to come up with a nice canonical list of things that my colleagues should do when I leave (I resigned a week ago, so I've got a month to tidy up and GTFO). So far I've got: Escort them off the premises Delete their email Inbox (set all mail to forward to a catch-all) Delete their SSH keys on server(s) Delete their mysql user account(s) ... So, what's next. What have I forgotten to mention, or might be similarly useful? (endnote: Why is this off-topic? I'm a systems administrator, and this concerns continuing business security, this is definitely on-topic.)

Read the article
Automatically generated /etc/hosts is wrong

- by Niels Basjes

I've created a kickstart script to install CentOS 5.5 (32bit) in a fully automated way. The DNS/DHCP setup correctly gives the system the right hostname in both the forward and reverse lookups. dig node4.mydomain.com. +short 10.10.10.64 dig -x 10.10.10.64 +short node4.mydomain.com. In the state the installed system is right after the installation completed is as follows: cat /etc/sysconfig/network NETWORKING=yes NETWORKING_IPV6=yes GATEWAY=10.10.10.1 HOSTNAME=node4.mydomain.com echo ${HOSTNAME} node4.mydomain.com cat /etc/hosts # Do not remove the following line, or various programs # that require network functionality will fail. 127.0.0.1 localhost.localdomain localhost ::1 localhost6.localdomain6 localhost6 10.10.10.64 node4 My problem is that this automatically generated hosts file is slightly different from the way I want it (or better: the way Hadoop wants it). The last line should look like this: 10.10.10.64 node4.mydomain.com node4 What do I modify where to fix this? Thanks.

Read the article
How to reverse-i-search back and forth?

- by m-ric

I use reverse-i-search often, and that's cool. Sometime though when pressing Ctrl+r multiple times, I pass the command I am actually looking for. Because Ctrl+r searches backward in history, from newest to oldest, I have to: cancel, search again and stop exactly at the command, without passing it. While in reverse-i-search prompt, is it possible to search forward, i.e. from where I stand to newest. I naively tried Ctrl+shift+r, no luck. I heard about Ctrl+g but this is not what I am expecting here. Anyone has an idea?

Read the article
How to make IIS7 stop adding etag to response headers?

- by user20028

For performance reasons, I'm using expire headers for static files (adding long expiration periods like 50 years or so). Now I'm trying to get rid of etag headers which are automatically added by IIS7. I've done some searching but it seems harder than what I thought (there doesn't seem to be a straight forward way). I found some workarounds but they all use httpmodules (which I'm keeping as a last resort). I strongly prefer to not get the etag header added in the first place. Did anyone manage to do this? Thanks

Read the article
I need a server or service that reroutes DNS requests

- by Relentim

We have two external servers, Dev and Prod. We are a software house and in the code we have a subdomain metrics.company.com that points to Prod. Development is continuous and our internal and external developers and testers will need to switch from Dev to Prod and back again. It is not an option to have a different sub domain in the code during development and change this for production. The way we wish to switch between Dev and Prod is to use DNS. We need a public DNS server that behaves normally apart from routing metrics.company.com to Dev. The users will be able to swap their DNS back and forward to hit the different servers. What is the easiest way to do this? Is there a company that hosts this service or am I going to have to rent a server and set it up myself? Any help would be much appreciated.

Read the article
Activesync/OWA Desktop Client

- by prestomation

At my company we have Exchange 2k3 with OWA being public, serving up Activesync and webmail. There is no pop3 or imap support from our admins. Outlook 2k3's RPC over HTTP is also disabled Is there a desktop client that can connect to Activesync or OWA? If my ipod touch can connect to activesync, why can't my pc? I'd preferably like a linux daemon that could simply forward emails to my gmail address, but I guess I'll take what I can get. Thanks EDIT: In case it was not clear, our Exchange server is hidden completely behind a firewall, and a second exchange server has only activesync and https ports opened to the world.

Read the article
Active Directory Domain Services on remote VPS

- by Rob Angelier

I really need help with configuring Active Directory Domain Services on a remote VPS. Situation we have a remote Windows Server 2008R2 VPS and i just installed the Active Directory Domain Services Role. A DNS Server was also configured by default at the end of the Active Directory installation. Problem I can't get my Windows 7 machine to register itself to the domain i have just created Question What are the steps i have to take to test my Active Directory configuration, and how do i connect clients to this Domain? I can provide screenshots and more information if neccesary. looking forward to your replies! best regards, Rob Angelier

Read the article
SPAN/Port mirroring on Linksys switch

- by Bastien974

Hi all, I'm trying to deploy a Snort box in my LAN. I have a Linksys SRW248G4 and trying to configure Port mirroring so that Snort can listen everything on the network in promiscuous mode. So in ADMIN / Port Mirroring, I have 3 things: Source Port (e1,...e48, g1...g4) Type (Rx, Tx, Both) Target (e1...e48, g1...g4) Last time I played with it, I killed all traffic on the switch, I had to reboot it several times... so now I'm asking question before: Do I need to configure each Source Port (from 1 to 48) to forward to the single promiscuous port ? 48 rules !? Is that correct ? Thanks !

Read the article
how to portforward port 7300 from server A to server B

- by Patrick van Hout

hi, We are using Stunnel. But want to replace it is with an iptables entry if possible. 192.168.123.122:7300 need to be forwarded to 192.168.123.188:7300. So in iptables I set these two entries: [root@dev ~]# iptables -t nat -A PREROUTING -p tcp --dport 7300 -j DNAT --to-destination 192.168.123.188:7300 [root@dev ~]# iptables -A FORWARD -m state -p tcp -d 192.168.123.188 --dport 7300 --state NEW,ESTABLISHED,RELATED -j ACCEPT But it isn't working. I did check that /proc/sys/net/ipv4/conf/eth0/forwarding has the value "1" inside. Any tips or hints? thanks, Patrick

Read the article
Delivering from Postfix to Exchange

- by Van Gale

I have someone with two domains, a.com and b.com. a.com is running a postfix server on the mx host for the domain and I have total control of the server. b.com is running an exchange server on the mx host for the domain and I do not have any control of this server. They have been using b.com as their primary mail address and use the exchange calender with outlook. They want all the same functionality but want to start using a.com as primary mail address. I opened up postfix to allow relay from the ip address of the exchange server and hopefully that's enough from the outgoing side. For delivery though what can I do to forward all incoming emails to the exchange server? I have some aliases defined in /etc/aliases that should take higher priority.

Read the article
Port Forwarding for Remote Desktop

- by Vaibhav Bajpai

I have two Mac notebooks at home, I have assigned them static private IPs. I have also set my router to a DynDNS address, which updates everytime my router gets a new public IP. I have enabled Screen Sharing on both notebooks. I can successfully goto my router webpage using the DynDNS address. I understand I need to port-forward to get Screen Sharing to work from outside. Lets assume, notebooks have private IP 192.168.1.2 and 192.168.1.3 I am kind of lost here, would appreciate some help (I need to be able remote desktop to both notebooks)

Read the article
Stunnel too many clients

- by davidsmalley

I'm trying to hook up stunnel and haproxy to forward https connections through to some backend servers. I've got haproxy setup right, and I seem to have stunnel set up right. Trouble is that when I hit the setup with a load test after a while I start to see these log entries: 2010.05.05 11:24:43 LOG7[3498:3086792368]: https accepted FD=512 from 10.195.158.225:52579 2010.05.05 11:24:43 LOG4[3498:3086792368]: Connection rejected: too many clients (=500) I guess I've hit a limit somewhere but I wasn't sure how to fix it, there doesn't seem to be a config file option for stunnel to change this. Does anyone know how to configure stunnel for a potentially large number of connections?

Read the article
failing to achive tunneling to fresh ubuntu 10.04 server

- by user65297

I've just set up a new 10.04 server and can't get the tunneling to work. local machine > ssh -L 9090:localhost:9090 [email protected] login success, but thereafter trying tunnel from local browser, http://127.0.0.1:9090 echo at server terminal: channel 3: open failed: connect failed: Connection refused auth.log sshd[24502]: error: connect_to localhost port 9090: failed. iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Trying 9090 at server (links http://xx.xxx.xx.xx:9090 works) sshd_config is identical to previous 8.04 server, working fine. What's going on? Thankful for any input. Regards, //t

Read the article
Mountain Lion fails to connect to Windows share after the connection is interrupted

- by T Reddy

I have a Windows 7 share that my Mountain Lion Macbook Pro connects to. The windows share is simply a user account. For whatever reason, when my connection gets interrupted, the mac will show a dialog stating as such and will ask me to ignore or disconnect. From this point forward, I cannot re-establish the connection from the mac to the windows share (even if I reboot the mac). I always have to reboot the windows machine in order for my mac to see the share again. My Windows share is my media center, so I'm not always able to reboot the machine because it is recording TV. Has anybody else encountered this problem and if so how is it resolved?

Read the article

< Previous Page | 95 96 97 98 99 100 101 102 103 104 105 106 | Next Page >