Search Results

Search found 5137 results on 206 pages for 'i like traffic lights'.

Page 99/206 | < Previous Page | 95 96 97 98 99 100 101 102 103 104 105 106  | Next Page >

• Technology mash: is this possible?

  - by Jon Story

  I'm in the process of setting up my own DNS+hosting on a couple of VPS and my home machines, mostly for academic/learning purposes, but also for convenient accessing of my files, hosting my personal websites, private git repositories etc. I've got a main web server with DNS, and a slave DNS server. I've also got a couple of machines at home doing file hosting, video streaming and all that fun stuff. I'm intending to use my VPS's to provide myself with a dynamic DNS system so that I can point mydomain.com at my DNS servers, with home.mydomain.com going into my home network via a raspberry pi. HOWEVER.... I've not got access to the network infrastructure at home (rented accommodation with managed internet), so I can't forward the ports on the router to my own machines. As such, I'm wondering if it's possible to route all the traffic via an SSH/HTTP tunnel through one of the VPS? My plan is to have the raspberry pi provide a VPN into my home network. The raspberry pi uses SSH to connect to the VPS, and the VPS forwards any traffic to home.mydomain.com via the tunnel to the raspberry pi. Is this even possible, and how do I go about it? I don't mind getting my hands dirty with coding and low level tools, I'm just not sure where to start or what the best way to go about it is.

  Read the article

• Tracking a subdomain serately within the main domain account [closed]

  - by Vinay

  I have a website, for example: xyz.com and info.xyz.com. I created a profile for xyz and tracking is good. I added a new profile for info.xyz.com in xyz.com. Analytics tracking for info.xyz.com is showing traffic from both xyz.com and info.xyz.com. How do I change to show only info.xyz traffic in the info.xyz.com profile. I used the following code: Analytics code for xyz.com domain: <script type="text/javascript"> var _gaq = _gaq || []; _gaq.push(['_setAccount', 'UA-xxxxxx-x']); _gaq.push(['_trackPageview']); (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); })(); </script> Analytics code for info.xyz.com <script type="text/javascript"> var _gaq = _gaq || []; _gaq.push(['_setAccount', 'UA-xxxxxx-x']); _gaq.push(['_setDomainName', 'xyz.com']); _gaq.push(['_trackPageview']); (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); })(); </script>

  Read the article

• esx5 debian VM vlan setup

  - by Kstro21

  i have a server with ESX5, have a switch with about 20 vlans, this is how setup the trunk port interface GigabitEthernet0/1/1 description ToOper port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 2 to 14 stp disable ntdp enable ndp enable bpdu enable then, i created a standar switch(sw1) using the vSphere Client, the VLAN ID is set to All (4095), i also created a VM with Debian 6, with a NIC connected to sw1, now, i want to configure this NIC for a selected group of vlans auto vlan10 iface vlan10 inet static address 11.10.1.0 netmask 255.255.255.224 mtu 1500 vlan_raw_device eth0 auto vlan14 iface vlan14 inet static address 11.10.1.65 netmask 255.255.255.248 mtu 1500 vlan_raw_device eth0 so, when i restart the network using /etc/init.d/networking restart, i got this error Reconfiguring network interfaces...SIOCSIFADDR: No such device vlan14: ERROR while getting interface flags: No such device SIOCSIFNETMASK: No such device SIOCSIFBRDADDR: No such device vlan14: ERROR while getting interface flags: No such device SIOCSIFMTU: No such device vlan14: ERROR while getting interface flags: No such device Failed to bring up vlan14. done. this is just part of the error, so, my questions is: is this possible?, i mean, what i'm trying to achieve using ESX Virtual Machines, VLANS, etc is this a Debian problem? can be solved? i've read about a file named z25_persistent-net.rules in Debian but it doesn't exist in my installation. in the In the vSphere Networking for ESX5 guide, you can read: If you enter 0 or leave the option blank, the port group can see only untagged (non-VLAN) traffic. If you enter 4095, the port group can see traffic on any VLAN while leaving the VLAN tags intact. So, in theory, it should work, right? Hope you can help me up with this one Thanks

  Read the article

• Load is 0, yet site crawls (sometimes). What gives?

  - by Yegor

  I have a ~1.5-2mil page views per day site running on 2 servers. One for mysql, other for everything else. Mysql box has a load of 3, frontend is usually 0.0-0.1. Both are dual quad core with 8GB ram running SAS drives in raid5. CPU is idle for majority of the time, iowait is non-existent. Im running nginx, memcache, and site is built on php. Half the time everything runs perfect, while at other times it lags something severe, when it takes 10-15 seconds for a page to load. Page execution time is always super low, but it seems to hang, waiting for something before it actually loads the page. Whats even more weird is that it only happens to 1 file on the site (but its the one thats most commonly accessed, that actually loads the content on the site). Other pages are super fast at all times, even when it takes 15 seconds to load actual content. I have nginx_stats plugin installed, and if I monitor it, the lag spikes happen when the write column starts going above 100, and it frequently does... all the way to 500-1000. It does so at totally random times... not when traffic is heavy... it can do this in the middle of the night, and work perfectly at 5pm when traffic is at its highest. Any ideas?

  Read the article

• Easiest way to allow direct HTTPS connection in Intercept mode?

  - by Nicolo

  I know the SSL issue has been beaten to death I'm using DNS redirect to force my clients to use my intercept proxy. As we all know, intercepting HTTPS connection is not possible unless I provide a fake certificate. What I want to achieve here is to allow all HTTPS requests connect directly to the source server, thus bypassing Squid: HTTP connection Proxy by Squid HTTPS connection Bypass Squid and connect directly I spent the past few days goolging and trying different methods but none worked so far. I read about SSL tunneling using the CONNECT method but couldn't find any more information on it. I tried a similar method in using RINETD to forward all traffic going through port 443 of my Squid back to the original IP of www.pandora.com. Unfortunately, I did not realize all other HTTPS requests are also forwarded to the IP of www.pandora.com. For example, https://www.gmail.com also takes me to https://www.pandora.com Since I'm running the Intercept mode, the forwarding needs to be dynamic and match each HTTPS domain name with proper original IP. Can this be done in Squid or iptables? Lastly, I'm directing traffic to my Squid server using DNS zone redirect. For example, a client requests www.google.com, my DNS server directs that request to my Squid IP, then my transparent Squid will proxy that request. Will this set up affect what I'm trying to achieve? I tried many methods but couldn't get it to work. Any takes on how to do this?

  Read the article

• Configuring IE to resolve DNS at the proxy rather than locally.

  - by dankilman

  With the intention of tunneling web traffic through an SSH connection, the following has been done: I've manually configured a PAC file in IE7 in the LAN Settings dialog. I've verified that traffic is routed through my SSH tunnel that is setup for SOCKS5 dynamic port forwarding. I see that IE7 is always trying to resolve the name locally first. What I'm looking for is the ability to have the DNS name resolved at the proxy, rather than locally by the browser. There's a setting in Firefox that specifies DNS remote resolution, and Safari does it automatically. I've verified correct operation for these 2 other browsers. It would be nice if I could get IE to work also. This is for reference so you could understand where does the question originate from. Notice: The question was actually found by the help of google but with no answers available. Considering how it is exactly my question I figured I should just copy/paste over here because I don't think I could describe any better (there is a small introduction though).

  Read the article

• Discover the public ip of a network without being connected

  - by Martin Trigaux

  Let say, I'm next to a network and can see the traffic (with airodump or similar tool) but can not decipher it (because I am not connected on the network). Is it possible to discover the public ip address of the network ? I know the MAC address of the users connected on the network but do I know the one of the router ? If yes, maybe there is a way to do the matching. I know IP addresses are not forever but some addresses are static and never change. Maybe there is a database of MAC address having recorded that. Google has a database that match MAC address and geographical coordinates so why not with IP addresses ? Other idea, if I know where am I, I can maybe guess the IP range used in the city by the ISP (is it findable ?) and then try to "ping" each IP on the range (if it is a /24, it's possible, even /16 maybe). Will I get some information like the MAC of the box or see some traffic on the network ? These are two ideas I had. I don't know if they are doable, certainly not perfect. Do you think of some others ? By trying several methods, maybe I can get a guess with a bit of luck. Thank you

  Read the article

• Apache local verses external (domain)

  - by Jessy Houle

  I have an Apache server running on Ubuntu server 10, using Passenger for Ruby on Rails. I have configured my site under the sites-enabled directory of Apache and can hit the server with an internal IP address (192.168.X.X) and the site comes back as expected. However, whenever I try to hit the site externally, either through the domain name or the IP address tied to the domain name, the site will not come back. I have a router in the middle with a static IP address, with Port Forwarding turned on (forwarding 80/443) to the server and I'm quite confident the issue isn't there. In fact, I even DMZed to the Ubuntu Server just to make sure. Also, all router firewall options have been turned off. So here is the question... Is there something else I have to do with Ubuntu server to allow externally requested port 80 traffic? Otherwise, is there some settings that need to be set in Apache to allow domain or external IP address port 80 traffic through? I'm pretty new to Apache, so, please take it a bit easy on me :-) Thank you for your responses. -Jessy Houle

  Read the article

• Port mirroring on multiple switches

  - by Matt

  So here is the deal, I have a server on switch A where port 3 is monitoring traffic for most of the ports on switch A. However I have other users on switch B that needs to have port 3 on switch A monitor as well. Is this possible? I have been reading about rspan but doesnt seem to work. Switch A: monitor session 1 source interface fast0/1 - 2 monitor session 1 source interface fast0/4 - 46 monitor session 1 destination interface fast0/3 (this works great for switch A, I need a solution to get switch B to also have some ports sent to port 3 on switch A for monitoring.) Onxx, All the traffic on switch A is fine, there will be about 10-15 ports on switch B that I need to send to fa0/3 on switch A as the destination. I have the switches connected with a ethernet cable with a trunk port on both switches on port 48 on switch B and A and port 47 on A connects to our sonicwall. So I am assuming they are daisy chained? What if I did the following: Switch A monitor session 1 source interface fast0/1 - 2 monitor session 1 source interface fast0/4 - 46 monitor session 1 destination interface fast0/3 Put all of the ports on vlan 10 because I made an rspan vlan 10 On switch B monitor the ports I need will say 1-10 monitor session 1 source interface fast0/1 - 10 monitor session 1 destination remote vlan 10 as a prerequisite I would have created vlan 10 as a rspan vlan on switch B. Switch A Monitor session 1 destination remote vlan 10 Would this work? By the way I am working with cisco catalyst 3560 switches.

  Read the article

• Juniper SSG20 IP settings for email server

  - by codemonkie

  We have 5 usable external static IP addresses leased by our ISP: .49 to .53, where .49 is assigned to the Juniper SSG20 firewall and NATed for 172.16.10.0/24 .50 is assigned to a windows box for web server and domain controller .51 is assigned to another windows box with exchange server (domain: mycompany1.com) mx record is pointing to 20x.xx.xxx.51 Currently there is a policy set for all SMTP incoming traffic addressed to .51 forward to the NATed address of the exchange server box (private IP: 172.16.10.194). We can send and receive emails for both internal and external, but the gmail is saying mails from mycomany1.com is not sent from the same IP as the mx lookup however is from 20x.xx.xxx.49: Received-SPF: neutral (google.com: 20x.xx.xxx.49 is neither permitted nor denied by best guess record for domain of [email protected]) client-ip=20x.xx.xxx.49; Authentication-Results: mx.google.com; spf=neutral (google.com: 20x.xx.xxx.49 is neither permitted nor denied by best guess record for domain of [email protected]) [email protected] and the mx record in global dns space as well as in the domain controller .50 for mail.mycompany1.com is set to 20x.xx.xxx.51 My attempt to resolve the above issue is to Update the mx record from 20x.xx.xxx.51 to 20x.xx.xxx.49 Create a new VIP for SMTP traffic addressed to 20x.xx.xxx.49 to forward to 172.16.10.194 After my changes incoming email stopped working, I believe it has something to do with the Juniper setting that SMTP addressed to .49 is not forwarded to 172.16.10.194 Also, I have been wondering is it mandatory to assign an external static IP address to the Juniper firewall? Any helps appreciated. TIA

  Read the article

• Routing and authenticating all access through squid

  - by Knight Samar

  Hi, I want to route all Internet access in my network through a Squid proxy server and authenticate and log all users. I want this to be a client-independent setting so that no one needs to do anything on their browsers or machines. I have set my network gateway as the proxy server so that all traffic will be sent to it. I have done this using options in DHCP server. Now I tried using squid as a transparent proxy, but then it won't authenticate in that mode. I tried using iptables to route all traffic to port 3128 but it won't popup the authentication dialog box from SQUID. I tried telling DHCP to give WPAD to all clients by placing a WPAD file on a webserver containing the following for automatic proxy configuration on clients: Changes in dhcpd.conf option wpad code 252 =test; option wpad "\n\000"; option wpad "http://192.168.1.5/wpad.dat\n"; The WPAD file: function FindProxyForURL(url,host) { return "PROXY squid-server-ip-address:3128 ; DIRECT "; } But the browsers (different versions of Firefox and IE) seem to ignore it. :( What should I do ?

  Read the article

• Change source address based on destination IP

  - by hgj

  We have several "router" machines that gather a lot of external IP addresses on the same host and redirect, NAT or proxy the traffic to the internal network. They also act as routers for the machines on the internal network. This works fine, however I am unable to make the routing table, so I can change the source address, based on the destination a machine from the internal network want to access. Let's say I have a router, that has public addresses P1 (5.5.5.1/24) and P2 (5.5.5.2/24). All traffic goes through P1, but if necessary, the host is reachable on P2 too. This looks like this and works fine: > ip addr ... 1: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether aa:bb:cc:dd:ee:11 brd ff:ff:ff:ff:ff:ff inet 5.5.5.1/24 brd 5.5.5.255 scope global eth1 inet 5.5.5.2/24 brd 5.5.5.255 scope global secondary eth1:p2 ... Now I want to use P2 as the source address, if I want to access the Google DNS service for example (8.8.8.8). So I add a row in the routing table like: > ip route add 8.8.8.8 via 5.5.5.254 dev eth1 src 5.5.5.2 > ip route ... default via 5.5.5.254 dev eth1 5.5.5.0/24 dev eth1 proto kernel scope link src 5.5.5.1 8.8.8.8 via 5.5.5.254 dev eth1 src 5.5.5.2 ... But this does not work. If I ping 8.8.8.8, the host still uses P1 as the source address, and does not use P2 at all for outgoing connections. Am I doing it right? I guess not...

  Read the article

• IP to IP forwarding with iptables [centos]

  - by FunkyChicken

  I have 2 servers. Server 1 with ip 1.1.1.1 and server 2 with ip 2.2.2.2 My domain example.com points to 1.1.1.1 at the moment, but very soon I'm going to switch to ip 2.2.2.2. I have already setup a low TTL for domain example.com, but some people will still hit the old ip a after I change the ip address of the domain. Now both machines run centos 5.8 with iptables and nginx as a webserver. I want to forward all traffic that still hits server 1.1.1.1 to 2.2.2.2 so there won't be any downtime. Now I found this tutorial: http://www.debuntu.org/how-to-redirecting-network-traffic-a-new-ip-using-iptables but I cannot seem to get it working. I have enabled ip forwarding: echo "1" > /proc/sys/net/ipv4/ip_forward After that I ran these 2 commands: /sbin/iptables -t nat -A PREROUTING -s 1.1.1.1 -p tcp --dport 80 -j DNAT --to-destination 2.2.2.2:80 /sbin/iptables -t nat -A POSTROUTING -j MASQUERADE But when I load http://1.1.1.1 in my browser, I still get the pages hosted on 1.1.1.1 and not the content from 2.2.2.2. What am I doing wrong?

  Read the article

• VPS goes slow at more than 20 users online at the same time

  - by hachiari

  I have 512 MB VPS (brustable to 1GB) Somehow, the site goes slow when there are about 10 users, and becomes impossible to load at 20 users online at the same time. I wonder what could be the problem for this. The bandwidth connection of the VPS is 1Gbps. Here is some settings in my VPS: KeepAlive Off <IfModule prefork.c> StartServers 7 MinSpareServers 7 MaxSpareServers 10 ServerLimit 64 MaxClients 64 MaxRequestsPerChild 0 </IfModule> my.cnf settings - calculated Max Memory 300MB Output from UNIXBENCH INDEX VALUES TEST BASELINE RESULT INDEX Dhrystone 2 using register variables 376783.7 13429727.4 356.4 Double-Precision Whetstone 83.1 1137.5 136.9 Execl Throughput 188.3 1637.4 87.0 File Copy 1024 bufsize 2000 maxblocks 2672.0 148868.0 557.1 File Copy 256 bufsize 500 maxblocks 1077.0 79430.0 737.5 File Read 4096 bufsize 8000 maxblocks 15382.0 1410009.0 916.7 Pipe Throughput 111814.6 4419722.0 395.3 Pipe-based Context Switching 15448.6 561505.1 363.5 Process Creation 569.3 10272.7 180.4 Shell Scripts (8 concurrent) 44.8 514.3 114.8 System Call Overhead 114433.5 3537373.8 309.1 ========= FINAL SCORE 295.0 I am afraid that the VPS company limit the number of connection to the VPS... is it possible? The server is in Japan, but the site has global traffic (some of the traffic are from countries with low speed connection). Could this be the problem? This is a serious problem :( my site just cant grow if this keeps on happening... please tell me if you have any idea. Thank You, Bryant

  Read the article

• Optimizing Apache for large file serving

  - by D_Guy13

  I have a random problem with Apache that I can't quite figure out, here is my setup, Windows Server 2008 R2, 64 Bit, 5GB RAM, SSD with 200 MB(Read/write) and Dual Core CPU @ 2.1 GHz A dump from mod-staus, Server Version: Apache/2.4.7 (Win32) mod_limitipconn/0.24 mod_antiloris/0.5.2 PHP/5.5.9 Server MPM: WinNT Apache Lounge VC11 Server Built: Nov 21 2013 20:13:01 Current Time: Thursday, 21-Aug-2014 23:38:06 W. Europe Daylight Time Restart Time: Thursday, 21-Aug-2014 20:30:47 W. Europe Daylight Time Parent Server Config. Generation: 1 Parent Server MPM Generation: 1 Server uptime: 3 hours 7 minutes 18 seconds Server load: -1.00 -1.00 -1.00 Total accesses: 283025 - Total Traffic: 1172.2 GB 25.2 requests/sec - 106.8 MB/second - 4.2 MB/request 62 requests currently being processed, 388 idle workers Serving large .zip & iso files using mod_xsendfile. (File size range 500 MB - 1.5 GB) The setup works and is running fine. CPU usage is very unstable, jumps all the time between 10% - 90% and the servers goes down when it hits 100%. In that case I have to hard restart the server. Server it outputting traffic at 30 Mbps. Is there anything else I should think about to get a more stable CPU usage? Is that CPU usage normal? Can switching to Linux help me achieve better CPU usage?

  Read the article

• Is it bad to redirect http to https?

  - by jasondavis

  I just installed an SSL Certificate on my server. I use a web hosting panel called ZPanel that is an open source project. It then set up a redirect for all traffic on my domain on Port 80 to redirect it to Port 443. In other words, all my http://example.com traffic is now redirected to the appropriate https://example.com version of the page. The redirect is done in my Apache Virtual Hosts file with something like this... RewriteEngine on ReWriteCond %{SERVER_PORT} !^443$ RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L] My question is, are there any drawbacks to using SSL? Since this is not a 301 Redirect, will I lose link juice/ranking in search engines by switching to https? I appreciate the help. I have always wanted to set up SSL on a server, just for the practice of doing it, and I finally decided to do it tonight. It seems to be working well so far, but I am not sure if it's a good idea to use this on every page. My site is not eCommerce and doesn't handle sensitive data; it's mainly for looks and the thrill of installing it for learning. UPDATED ISSUE Strangely Bing creates this screenshot from my site now that it is using HTTPS everywhere...

  Read the article

• Adjust iptables

  - by madunix

  cat /etc/sysconfig/iptables: # Firewall configuration written by system-config-securitylevel # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :RH-Firewall-1-INPUT - [0:0] -A INPUT -j RH-Firewall-1-INPUT -A FORWARD -j RH-Firewall-1-INPUT -A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT -A RH-Firewall-1-INPUT -p 50 -j ACCEPT -A RH-Firewall-1-INPUT -p 51 -j ACCEPT -A RH-Firewall-1-INPUT -p udp --dport 5353 -d X.0.0.Y -j ACCEPT -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp -s X.Y.Z.W --dport 3306 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s M.M.M.M --dport 3306 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT I have the above following IPtables on my linux web server(Apache/MySQL), I want to have the following: Block any traffic from multiple IP's to my web server IP1:1.2.3.4.5, IP2:6.7.8.9 ..etc Limiting one host to 20 connections to 80 port, which should not affect non-malicious user, but would render slowloris unusable from one host. Limit MYSQL port 3306 access on my server only to the following IP range A.B.C.D/255.255.255.240 Block any ICMP traffic.

  Read the article

• windows: force user to use specific network adapter

  - by Chad

  I'm looking for a configuration/hack to force a particular application or all traffic from a particular user to use a specific NIC. I have an legacy client/server app that has a "security feature" that limits connections based on IP address. I'm trying to find a way to migrate this app to a terminal server environment. The simple solution is for the development team to update the code in the application, however in this case that's not an option. I was thinking I might be able to install VMware NIC's installed for each user on the terminal server and do some type of scripting to force that user account to use a specific NIC. Anybody have any ideas on this? EDIT 1: I think I have a hack to work around my specific problem, however I'd love to hear of a more elegant solution. I got lucky in that the software reads the server IP address out of a config file. So I'm going to have to make a config file for each user and make a customer programs files for each user. Then add a VMware NIC for each user and make each server IP address reside on a different subnet. That will force the traffic for a particular user to a particular IP address, however its really messy and all the VM NIC's will slow down the terminal server. I'll setup a proof of concept Monday and let the group know how it affects performance.

  Read the article

• What Device/System to use as a "router on a stick"

  - by Jeff Leyser

  I need to create several distinct VLANs, and provide a way for traffic to move between them. A "router on a stick" approach seems ideal: Internet | Router with Trunking Capability ("router on a stick") * * Trunk between router and switch * Switch with Trunking Capability | | | | | | | | | | | LAN 2 | LAN 4 | | 10.0.2.0/24 | 10.0.4.0/24 | | | | LAN 1 LAN 3 LAN 5 10.0.1.0/24 10.0.3.0/24 10.0.5.0/24 We have trunk-capable Layer-2 switches. The question is what to use as the router on a stick. My choices seem to be: 1) Use an existing Cisco 5505 ASA firewall. It appears the ASA can do the routing, but it's a 100Mbps device, and so seems sub-optimal at best 2) Buy a router. This seems overkill. 3) Buy a Layer-3 switch. Also seems overkill. 4) Use an existing Linux Box as a router 5) Use a new Linux box as a router' 6) Something I'm not thinking of I think either (4) or (5) is my best option, but I'm not sure how to choose between them. I expect the amount of traffic that has to cross the VLANs to be somewhat small, but bursty. How much load does routing add to a CentOS machine?

  Read the article

• How to handle OpenVPN client as a service, when the laptop is physically on the network already?

  - by James

  The Setup I've gotten OpenVPN working on our Windows XP laptops. Users are limited, so I went ahead and set OpenVPN client to run as a service, which is great anyway because that means they are on the VPN before logging in, so login scripts work, plus we can do remote support even if the user can not log in (such as connecting via VNC or resetting passwords). It is also configured to send all traffic over the tunnel, so when, for example, they browse the internet it is just like browsing from our corporate network. The Qestion(s) So, I'm wondering how does the OpenVPN client act when the computer is already physically on the same network as the OpenVPN server? Right now, the client is configured to connect the the public dns name which will resolve to the public ip address which will NOT get reflected back to the OpenVPN server, so it is affectively blocked from connecting to the OpenVPN server while on the network. Is that a good thing? Or will it constantly try to connect, using up system resources and network resources? We will likely have hundreds of laptops regularly on the physical network with this, so it could contribute to a lot of unnecessary network chatter. Alternatively Would it be better to have the firewall reflect the port back to the OpenVPN server and let it connect? Or have our internal dns resolve the name to the private ip and allow them to connect directly? Would traffic then go over the vpn connection (which I do not want, when already on the physical network)? Or is it possible to tell it to ignore the connection when the client and server are already on the same network? TLDR What's a sane way of handling OpenVPN client running as an always-on service when the client and server will often be on the same network?

  Read the article

• How to resume XMPP groupchat window in Irssi (using bitlbee)?

  - by mcnesium

  I use Bitlbee to chat in XMPP-networks within my IRC-client Irssi. This works great so far, and recently I started using XMPP Multi User Chats as an alternative to IRC-channels. I set up a channel using chat add <account> <[email protected]> in the &bitlbee control window, set chan <room> set autojoin true and entered /join #room in the &bitlbee window to join that groupchat. It then appears as a unique Irssi window in the status bar. This seems to work ok too, but with one exception: Since I idle in the channels 24/7 my irssi has to cope with the every-night-24h-DSL-disconnection by the ISP. After it automatically reconnects, it does kind of rejoin that XMPP-groupchat, but the traffic of the groupchat does not go back to the unique irssi window, but keeps flooding &bitlbee with messages from root telling me about a Groupchat Message from unknown JID <jid>: <message> - which is the traffic of the groupchat. The unique groupchat window is gone after the reconnect, and I will again have to go /join #room in &bitlbee to get it back. Even worse, the window number is unused before I rejoin the groupchat, and if I get a query from any network, the window nests in that unused window spot, so I will first have to remove that query from the spot, and then move the rejoined groupchat to that window number. I want my groupchat window to resume after the reconnect just like every other IRC channel too. How can I get this done? Any ideas?

  Read the article

• ASA access lists and Egress Filtering

  - by Nate

  Hello. I'm trying to learn how to use a cisco ASA firewall, and I don't really know what I'm doing. I'm trying to set up some egress filtering, with the goal of allowing only the minimal amount of traffic out of the network, even if it originated from within the inside interface. In other words, I'm trying to set up dmz_in and inside_in ACLs as if the inside interface is not too trustworthy. I haven't fully grasped all the concepts yet, so I have a few issues. Assume that we're working with three interfaces: inside, outside, and DMZ. Let's say I have a server (X.Y.Z.1) that has to respond to PING, HTTP, SSH, FTP, MySQL, and SMTP. My ACL looks something like this: access-list outside_in extended permit icmp any host X.Y.Z.1 echo-reply access-list outside_in extended permit tcp any host X.Y.Z.1 eq www access-list outside_in extended permit tcp any host X.Y.Z.1 eq ssh access-list outside_in extended permit tcp any host X.Y.Z.1 eq ftp access-list outside_in extended permit tcp any host X.Y.Z.1 eq ftp-data established access-list outside_in extended permit tcp any host X.Y.Z.1 eq 3306 access-list outside_in extended permit tcp any host X.Y.Z.1 eq smtp and I apply it like this: access-group outside_in in interface outside My question is, what can I do for egress filtering? I want to only allow the minimal amount of traffic out. Do I just "reverse" the rules (i.e. the smtp rule becomes access-list inside_out extended permit tcp host X.Y.Z.1 any eq smtp ) and call it a day, or can I further cull my options? What can I safely block? Furthermore, when doing egress filtering, is it enough to apply "inverted" rules to the outside interface, or should I also look into making dmz_in and inside_in acls? I've heard the term "egress filtering" thrown around a lot, but I don't really know what I'm doing. Any pointers towards good resources and reading would also be helpful, most of the ones I've found presume that I know a lot more than I do.

  Read the article

• Uploads fail with shorewall enabled

  - by JamesArmes

  I have an Ubuntu 8.04 server with shorewall 4.0.6 installed. When I try to upload files using FTP, SCP, or cURL the file upload stalls almost immediatly and eventually times out. If I turn off shorewall then the uploads work fine. I don't have any rules that specifically allow FTP and I'm not too concerned with it, but I do need to be able to upload via 22 (SCP) and 80 & 443 (cURL). This is what my rules look like: COMMENT Allow Server to respond to any web (80) and SSL (443) requests ACCEPT net $FW tcp 80 ACCEPT $FW net tcp 80 ACCEPT net $FW tcp 443 ACCEPT $FW net tcp 443 COMMENT Allow Server to respond to SNMPD (161) requests ACCEPT net $FW udp 161 COMMENT Allow Server to respond to MySQL (3306) requests (for MySQL Graphing) ACCEPT net $FW tcp 3306 COMMENT Allow Server to respond to any SSH connection attempts, and to SSH out. SSH/ACCEPT net $FW SSH/ACCEPT $FW net COMMENT Allow Server to make DNS Requests out. DNS/ACCEPT $FW net COMMENT Default "close" anything else. Ping/REJECT net $FW ACCEPT $FW net icmp #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE I expected the top four ACCEPT lines to allow inbound and outbound traffic over 80 and 443 and I expected the two SSH/ACCEPT lines to allow inbound and outbound trffic over 22, including SCP. Any help is greatly appreciated. /etc/shorewall/policy contains the following (all lines above are commented out): # # Allow all connection requests from teh firewall to the internet # $FW net ACCEPT # # Policies for traffic originating from the Internet zone (net) # Drop (ignore) all connection requests from the Internet to the firewall # net all DROP info # THE FOLLOWING POLICY MUST BE LAST # Reject all other connection requests all all REJECT info #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE

  Read the article

• Cisco FWSM -> ASA upgrade broke our mail server

  - by Mike Pennington

  We send mail with unicode asian characters to our mail server on the other side of our WAN... immediately after upgrading from a FWSM running 2.3(2) to an ASA5550 running 8.2(5), we saw failures on mail jobs that contained unicode. The symptoms are pretty clear... using the ASA's packet capture utility, we snagged the traffic before and after it left the ASA... access-list PCAP line 1 extended permit tcp any host 192.0.2.25 eq 25 capture pcap_inside type raw-data access-list PCAP buffer 1500000 packet-length 9216 interface inside capture pcap_outside type raw-data access-list PCAP buffer 1500000 packet-length 9216 interface WAN I downloaded the pcaps from the ASA by going to https://<fw_addr>/pcap_inside/pcap and https://<fw_addr>/pcap_outside/pcap... when I looked at them with Wireshark Follow TCP Stream, the inside traffic going into the ASA looks like this EHLO metabike AUTH LOGIN YzFwbUlciXNlck== cZUplCVyXzRw But the same mail leaving the ASA on the outside interface looks like this... EHLO metabike AUTH LOGIN YzFwbUlciXNlck== XXXXXXXXXXXX The XXXX characters are concerning... I fixed the issue by disabling ESMTP inspection: wan-fw1(config)# policy-map global_policy wan-fw1(config-pmap)# class inspection_default wan-fw1(config-pmap-c)# no inspect esmtp wan-fw1(config-pmap-c)# end The $5 question... our old FWSM used SMTP fixup without issues... mail went down at the exact moment that we brought the new ASAs online... what specifically is different about the ASA that it is now breaking this mail? Note: usernames / passwords / app names were changed... don't bother trying to Base64-decode this text.

  Read the article

• Route outbound connections from local network through VPN

  - by Sharkos

  I have a server A running OpenVPN, an OpenVPN client B (a rooted Android phone as it happens) and a third party C (a laptop, tablet etc.) tethered to B. B can use the VPN to access the internet via A; C can use the tethered connection WITHOUT the VPN to access the internet via B. However, with the VPN on B active, I cannot load information from the internet on C. A appears to log similar traffic inbound and outbound when B or C attempt to load a webpage, say, but the VPN on device B reports no inbound traffic when the connection originated from C. Where should I look for packets being dropped, and what ip rules should I use to make sure they are passed back through the VPN and into the local network B <- C? (I'll obviously post whatever further information is needed.) Further info Without VPN: root@android:/ # ip route default via [B's External Gateway] dev rmnet0 [B's External Subnet] dev rmnet0 proto kernel scope link src [B's External IP] [B's External Gateway] dev rmnet0 scope link 192.168.43.0/24 dev wlan0 proto kernel scope link src 192.168.43.1 With VPN: root@android:/ # ip route 0.0.0.0/1 dev tun0 scope link default via [B's External Gateway] dev rmnet0 [B's External Subnet] dev rmnet0 proto kernel scope link src [B's External IP] [B's External Gateway] dev rmnet0 scope link [External address of A] dev tun0 scope link 128.0.0.0/1 dev tun0 scope link 172.16.0.0/24 dev tun0 scope link 172.16.0.8/30 dev tun0 proto kernel scope link src 172.16.0.10 192.168.43.0/24 dev wlan0 proto kernel scope link src 192.168.43.1 192.168.168.0/24 dev tun0 scope link

  Read the article

< Previous Page | 95 96 97 98 99 100 101 102 103 104 105 106  | Next Page >