Search Results

Search found 5390 results on 216 pages for 'ssl vpn'.

Page 174/216 | < Previous Page | 170 171 172 173 174 175 176 177 178 179 180 181  | Next Page >

• Logging the client IP with Nginx/Varnish/Apache

  - by jetboy

  I have Nginx listening on port 443 as an SSL terminator, and proxying unencrypted traffic to Varnish on the same server. Varnish 3 is handling this traffic, and traffic coming in directly on port 80. All traffic is passed, unencrypted, to Apache instances on other servers in the cluster. The Apache instances use mod_rpaf to replace the logged client IP with the contents of the X-Forwarded-For header. My problem is that if the traffic is coming via Nginx, while the 'correct' client IP is getting logged in the VarnishNCSA logs, it looks as if Varnish is (understandably) replacing Nginx's X-Forwarded-For header with 127.0.0.1 downstream, and this is getting logged with Apache. Is there a nice simple way to stop Varnish rewriting X-Forwarded-For if it's already populated?

  Read the article

• Advice on off-site backup of Hyper-V Failover Cluster

  - by Paul McCowat

  We are currently setting up a Server 2008 R2 which will be off-site over a leased line with VPN. At the main site is 2 x Hyper-V hosts in a failover cluster with PowerVault M3000i iSCSI SAN. We are using BackupAssist for local backups and each host backups up itself and it's guests nightly creating a 500GB backup each which is copied to a 2TB rotated NAS drive. Files and SQL DB's are also backed up / log shipped etc. Looking for the best way to backup the Hyper-V VM's and copy them off-site so that the OS's are only a month old and the data is a day old. The main backups are too large to transfer between backups so options discussed so far are: Take rotating individual backups of the VM's each day and copy over, Day 1 SQL VM, Day 2 Exchange VM etc, would require more storage. Look in to Hyper-V snapshots, however don't believe these are supported in clustering. 3rd party replication tools

  Read the article

• No remote access to PostgreSQL db

  - by gattol

  i'm stuck in connecting to a PostresSQL database from remote host. The server is accepting incoming connections on port 5432 and i've configured pg_hba.conf like this: local all all md5 host all all 0.0.0.0/0 md5 and the postgresql.conf like this: listen_addresses = '*' port = 5432 max_connections = 100 I don't have any problem accessing from local but when i try to connect via psql with something like this: psql -U myuser -h hostname db_name I get this error: psql: FATAL: no pg_hba.conf entry for host "87.zz.yy.xxx", user "myuser", database "db_name", SSL off I also tried to put the host 87.zz.yy.xxx in the pg_hba.conf file without success.

  Read the article

• How to specify multiple HostName/Port combinations in .ssh/config

  - by leoluk

  I have multiple notebooks and workstations which pull and push from multiple Mercurial repositories on a central server. I usually use .ssh/config to set an alias: Host repo-server HostName server.somedomain User user143 IdentityOnly yes IdentityFile ~/hgkey Port 156 ... and some more options, you get the idea. I can then simply do a hg push ssh://repo-server//hgroot/someproject on every local repository, and I can change the server address and port in one place. For workstations, this works fine, but the notebooks can access the server either from inside the network or from outside, using a different address and a different port. Is there any way I can specify multiple HostName/Port combinations so that SSH automatically tries them in order? This way, the users could push and pull without having to care about the correct address. (of course, using a VPN would be the most correct solution)

  Read the article

• Win 2008 Server configuration

  - by user123790

  Let me preface my question by saying I'm a novice in regards to server configuration. It's been 12+ years since I've attempted this. What we (our small office) are trying to achieve is to setup a Win 2008 server (located in a home) in a home network configuration (basic wireless router w/DHCP) that we (the office) can VPN to from our office. I have installed the software, installed DHCP, removed DHCP from the router, set the scope for 100 IPs and am now looking for information as to where I go from here? I believe I need to configure DNS and possibly set up static routes on the router for the home devices that need internet? The wireless clients are not receiving IPs is the current issue that I'd like to tackle. Also, would it be feasible to use the router's DHCP to assign IPs rather than having the server do it? If so, what would be the most direct way to accomplish this? I appreciate any help in this matter. Thanks

  Read the article

• How to convert non key, value java arguments to applet params? (args like -Xmx64m)

  - by bwizzy

  I'm trying to use xvpviewer (based on TightVNC) to VNC into my VMs running on Citirx XenServer. There are a couple of caveats required with trusting the certificate from XenServer which I've got working. Essentially I'm trying to convert the java command below (which works on the command line to launch VncViewer) for use in an applet that can be accessed via HTML page. java -Djavax.net.ssl.trustStore=/tmp/kimo.jks -Xmx64m -jar VncViewer.jar HOST "/console?ref=OpaqueRef:141f4204-2240-4627-69c6-a0c7d9898e6a&session_id=OpaqueRef:91a483c4-bc40-3bb0-121c-93f2f89acc3c" PORT 443 PROXYHOST1 192.168.0.5 PROXYPORT1 443 SocketFactory "HTTPSConnectSocketFactory" I know I can put the HOST, PORT etc arguments into param tags for the applet but I'm not sure how to apply the two initial argments.

  Read the article

• Why are the external IP of my router not the same as the external IP of my computer

  - by Martin

  I have a standard network setup where all my network devices, both WIFI and ethernet, are connected to the same router. Lately, however, I've been experiencing some very strange behavior. It started as a simple connecting error, when I tried to reach an FTP server using the external IP. Of course I went right into one of those CheckMyIP sites, to double check the IP and it turned out to be correct. Then I went into my router setup, which is through a tool called aiport-tool, because I have an Apple Aiport Extreme router. Turns out the router displays a different external IP, and for some reason that external IP works when I try to access the FTP server. Can anyone explain what is going on? Why are the devices connected to the router displaying an incorrect external IP? BTW i have no VPN/proxy setups on any of my devices.

  Read the article

• Is there a way to reliably backup and restore a complex network configuration on Windows XP?

  - by djangofan

  I have some Windows XP laptops (10+) that host a ad-hoc WIFI network connection to wireless PDA devices. The laptop itself is connected via a 3rd party VPN radio network. The radio network itself seems to be reliable. If one small thing goes wrong with the network configuration then the PDA loses connectivity and so I need a way to backup a networking config , either via a script or a 3rd party program, so that I can restore a working network configuration if something goes wrong. Is this possible? Does anyone have any ideas?

  Read the article

• Kill UDP port that has no process?

  - by Chocohound

  I can't bind to UDP port 500 from my code (yes I'm running w/ sudo). The port is reported as "already in use" (Mac os X), but doesn't have an associated process: $ sudo netstat -na | grep "udp.*\.500\>" udp4 0 0 192.168.50.181.500 *.* udp4 0 0 192.168.29.166.500 *.* But sudo lsof doesn't show a process on port 500 (ie sudo lsof -i:500 -P reports nothing). How can I unbind port 500 so I can use it again? I believe I have a bad VPN client that isn't cleaning up after itself, but I can't get rid of this without rebooting the machine.

  Read the article

• Can the traditional remote desktop client be accessed in Windows RT?

  - by nhinkle

  As mentioned in another question, I've been unable to connect through the Remote Desktop metro app to some computers, in particular those requiring VPN access or load balancers. I'm considering purchasing a Microsoft Surface RT, but given that the app store hasn't matured significantly yet and some niche software will likely never be ported to the Modern UI, I must have acess to remote systems somehow. Until Citrix fixes the receiver app for Windows 8, I'm stuck using remote desktop. Which doesn't work. I've heard that Windows RT comes with some of the Microsoft desktop programs built in, like Microsoft Office and File Explorer. Is the "normal" Remote Desktop Connection program available in Windows RT, and if so, is it 100% compatible with previous versions?

  Read the article

• SQL server environment

  - by Olegas D

  Hello I'm considering a bit of changes in current sales environment. And trying to check all cons and pros. Current situation. SQL server (quite decent HP server - server1) + backup server (smaller Dell server - server2). all sql files and sql server itself are on the server1. If something goes wrong with server1 I will have to manually move to server2. Connecting to the sql server: 1 HQ (where server located) + 4 sites through VPN. Now I'm considering 2 scenarios: Buy some storage system + update existing servers (add ram, upgrade processors) and go for VMWare ESXI. Rent a server at a datacenter + rent virtual server in case real server goes down. Also rent some space at data storage to keep SQL files there. Have anyone considered these things and maybe found some good pros/cons list? ;) Thanks

  Read the article

• Mitigating the 'firesheep' attack at the network layer?

  - by pobk

  What are the sysadmin's thoughts on mitigating the 'firesheep' attack for servers they manage? Firesheep is a new firefox extension that allows anyone who installs it to sidejack session it can discover. It does it's discovery by sniffing packets on the network and looking for session cookies from known sites. It is relatively easy to write plugins for the extension to listen for cookies from additional sites. From a systems/network perspective, we've discussed the possibility of encrypting the whole site, but this introduces additional load on servers and screws with site-indexing, assets and general performance. One option we've investigated is to use our firewalls to do SSL Offload, but as I mentioned earlier, this would require all of the site to be encrypted. What's the general thoughts on protecting against this attack vector? I've asked a similar question on StackOverflow, however, it would be interesting to see what the systems engineers thought.

  Read the article

• Multiple IPs from one router

  - by ergoen

  I would like to know if it is possible (and if so, how) to configure a router running dd-wrt (or openwrt) to supply connected devices with two ip addresses. The network looks like this: [Internet] | [Router] | | [Comp1] [Comp2] ... My ISP provides me with enough public IP adresses to give all devices on my network one each. The easiest way to set that up is to just use the router as a switch. This will however lead to problems with some LAN based applications. I would still like to use Samba-shares between the computers as well as a vpn server. What I am looking for basically is if it is possible to use the router as a DHCP server for a local network (let's say giving IP adresses 192.168.1.xx to connected computers) while at the same time passing through public IP addresses to each as well?

  Read the article

• How can I measure TCP timeout limit on NAT firewall for setting keepalive interval?

  - by jmanning2k

  A new (NAT) firewall appliance was recently installed at $WORK. Since then, I'm getting many network timeouts and interruptions, especially for operations which would require the server to think for a bit without a response (svn update, rsync, etc.). Inbound SSH sessions over VPN also timeout frequently. That clearly suggests I need to adjust the TCP (and ssh) keepalive time on the servers in question in order to reduce these errors. But what is the appropriate value I should use? Assuming I have machines on both sides of the firewall between which I can make a connection, is there a way to measure what the time limit on TCP connections might be for this firewall? In theory, I would send a packet with gradually increasing intervals until the connection is lost. Any tools that might help (free or open source would be best, but I'm open to other suggestions)? The appliance is not under my control, so I can't just get the value, though I am attempting to ask what it currently is and if I can get it increased.

  Read the article

• IP not detected in terremark enteprise cloud server - how to install VMware on instance?

  - by JohnMerlino

  Using terremark enteprise cloud, when you create a server, you assigned an IP address to them and that IP is visible under Detected IP when selecting the server. However, I created a server, with IP address and I created an internet service and connected it with a node. I used protocol TCP and mapped it to port 3001. But I notice when I select my server, the IP address doesnt dsplay under Detected IP and then I VPN Connect, launch terminal and try to SSH with the IP to my server, and I get connection timed out. I presume the reason lies in that the IP address is not being detected. Someone suggested that my VMware-Tools is out of date and in fact on the server instance for VMware-Tools it does say "out of date". I'm not sure how to mount the instance and install VMware-Tools. I am using Mac OSX. Someone said that it will only work on PC running IE.

  Read the article

• Protecting a SVN server

  - by user35072

  For various reasons we are finding it increasingly difficult to work with remote workers. We are a very small developer shop and it's becoming impractical to do manual merges on a daily basis. So we're left with little choice (?) but to consider opening up our SVN servers. I'm looking into the following: Full HTTPS session Running non-80 port Strong password policy Is this enough to prevent someone hacking and stealing data? I will also look into VPN but first would like to understand any alternative solutions.

  Read the article

• outlook iptables configuration [update]

  - by mediaexpert

  I've a Debian mail server, but only the outlook users can't be able to download the emails. I've seen a lot of post about some kind of forwarding port configuration, I've tried some commands, but I don't be able to solve this problem, please help me. [LAST UPDATE] I find a lot of TIME WAIT on ipv6 netstat tcp6 0 0 my.mailserver.it:imap2 200-62-245-188.ip2:17060 TIME_WAIT - below some config files: pop3d I think the problem was here ##NAME: POP3AUTH:1 # # To advertise the SASL capability, per RFC 2449, uncomment the POP3AUTH # variable: # # POP3AUTH="LOGIN" # # If you have configured the CRAM-MD5, CRAM-SHA1 or CRAM-SHA256, set POP3AUTH # to something like this: # # POP3AUTH="LOGIN CRAM-MD5 CRAM-SHA1" POP3AUTH="" ##NAME: POP3AUTH_ORIG:1 # # For use by webadmin POP3AUTH_ORIG="PLAIN LOGIN CRAM-MD5 CRAM-SHA1 CRAM-SHA256" ##NAME: POP3AUTH_TLS:1 # # To also advertise SASL PLAIN if SSL is enabled, uncomment the # POP3AUTH_TLS environment variable: # # POP3AUTH_TLS="LOGIN PLAIN" POP3_TLS_REQUIRED = 0 POP3AUTH_TLS="" ##NAME: POP3AUTH_TLS_ORIG:0 # # For use by webadmin POP3AUTH_TLS_ORIG="LOGIN PLAIN" ##NAME: POP3_PROXY:0 # # Enable proxying. See README.proxy # # For use by webadmin POP3AUTH_TLS_ORIG="LOGIN PLAIN" ##NAME: POP3_PROXY:0 # # Enable proxying. See README.proxy POP3_PROXY=0 ##NAME: PROXY_HOSTNAME:0 # # Override value from gethostname() when checking if a proxy connection is # required. # PROXY_HOSTNAME= ##NAME: PORT:1 ##NAME: PROXY_HOSTNAME:0 # # Override value from gethostname() when checking if a proxy connection is # required. # PROXY_HOSTNAME= ##NAME: PORT:1 # # Port to listen on for connections. The default is port 110. # # Multiple port numbers can be separated by commas. When multiple port # numbers are used it is possibly to select a specific IP address for a # given port as "ip.port". For example, "127.0.0.1.900,192.68.0.1.900" # accepts connections on port 900 on IP addresses 127.0.0.1 and 192.68.0.1 # The ADDRESS setting is a default for ports that do not have a specified # IP address. # Port to listen on for connections. The default is port 110. # # Multiple port numbers can be separated by commas. When multiple port # numbers are used it is possibly to select a specific IP address for a # given port as "ip.port". For example, "127.0.0.1.900,192.68.0.1.900" # accepts connections on port 900 on IP addresses 127.0.0.1 and 192.68.0.1 # The ADDRESS setting is a default for ports that do not have a specified # IP address. PORT=110 ##NAME: ADDRESS:0 # # IP address to listen on. 0 means all IP addresses. ADDRESS=0 ##NAME: TCPDOPTS:0 # ##NAME: ADDRESS:0 # # IP address to listen on. 0 means all IP addresses. ADDRESS=0 ##NAME: TCPDOPTS:0 # # Other couriertcpd(1) options. The following defaults should be fine. # TCPDOPTS="-nodnslookup -noidentlookup" ##NAME: LOGGEROPTS:0 # # courierlogger(1) options. # LOGGEROPTS="-name=pop3d" ##NAME: DEFDOMAIN:0 # # Optional default domain. If the username does not contain the # first character of DEFDOMAIN, then it is appended to the username. # If DEFDOMAIN and DOMAINSEP are both set, then DEFDOMAIN is appended # only if the username does not contain any character from DOMAINSEP. # You can set different default domains based on the the interface IP # address using the -access and -accesslocal options of couriertcpd(1). DEFDOMAIN="@interzone.it" ##NAME: POP3DSTART:0 # # POP3DSTART is not referenced anywhere in the standard Courier programs # or scripts. Rather, this is a convenient flag to be read by your system # startup script in /etc/rc.d, like this: # # . /etc/courier/pop3d DEFDOMAIN="@mydomain.com" ##NAME: POP3DSTART:0 # # POP3DSTART is not referenced anywhere in the standard Courier programs # or scripts. Rather, this is a convenient flag to be read by your system # startup script in /etc/rc.d, like this: # # . /etc/courier/pop3d # case x$POP3DSTART in # x[yY]*) # /usr/lib/courier/pop3d.rc start # ;; # esac # # The default setting is going to be NO, until Courier is shipped by default # with enough platforms so that people get annoyed with having to flip it to # YES every time. # x[yY]*) # /usr/lib/courier/pop3d.rc start # ;; # esac # # The default setting is going to be NO, until Courier is shipped by default # with enough platforms so that people get annoyed with having to flip it to # YES every time. POP3DSTART=YES ##NAME: MAILDIRPATH:0 # # MAILDIRPATH - directory name of the maildir directory. # MAILDIRPATH=.maildir iptables Chain INPUT (policy DROP 20 packets, 1016 bytes) pkts bytes target prot opt in out source destination 60833 16M ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:143 state NEW,ESTABLISHED 18970 971K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpt:110 state NEW,ESTABLISHED Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT tcp -- * * 192.168.0.0/24 0.0.0.0/0 tcp dpt:110 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT tcp -- * * 192.168.1.0/24 0.0.0.0/0 tcp dpt:110 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:25 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:110 pop3d.cnf RANDFILE = /usr/lib...pop3d.rand [req] default_bits = 1024 encrypt_key = yes distinguidhed_name = req_dn x509_extensions = cert_type prompt = no [req_dn] C=US ST=NY L= New York O=Courier Mail Server OU=Automatically-generated POP3 SSL key CN=localhost [email protected] [cert_type] nsCertType = server

  Read the article

• linux intrusion detection software

  - by Sam Hammamy

  I have an Ubuntu VPS that I use for practice and deploying prototypes as I am a python developer. I recently started teaching my self sys admin tasks, like installing OpenLDAP. I happened to turn off the ufw firewall for just a minute, and when I ran an netstat command, I saw a foreign ip connected to ssh that I traced to china. I'd like to know a few things: 1) Is there any good network intrusion detection software, such that if any IP that's outside a specific range connects to the VPN, I can be notified? -- I am thinking about scripting this, but I'm pretty sure there's something useful out there and I believe in the wisdom of crowds. 2) How did this person gain access to my server? Is it because my firewall was down? Or is it because they browsed my LDAP directory and from there figured out a way to connect (there was a clear text password in the tree but it wasn't one used by the server's sshd)?

  Read the article

• Error moving a certificate to remote server

  - by edh

  Hi- I am trying to obtain a certificate and move it to a remote server. It is a report server which requires its own certificate for SSL but is not running IIS. I have a server running IIS 6 so i created a fake website to create a csr, obtained a certificate from a 3rd party, then processed and installed the cert on the fake website. I want to then move the certificate to a remote server. when it asks for the server name and credentials i supply them, hit next, then get the error, 'class not registered'. any ideas? Thanks -Ed

  Read the article

• Accessing subfolders of a windows share from linux

  - by Born2Smile

  Hi, at my work they have a funny setup: my home folder is a subfolder to a share, as such: \\server\share\subfolder Now I have full permissions to the subfolder, but no permissions to share. From windows I can connect to the VPN of my work place, type the above address into any address field, and voila: I see the contents of my home folder. In Linux (using Ubuntu) however, I can't figure out how to connect directly to the subfolder. Every attempt I can think of keeps returning "Access denied", because I don't have permission to view the share. Any help on how to connect to the subfolder would be greatly appreciated :) Cheers, Born2Smile

  Read the article

• VoIP and IPv6 with IPsec

  - by PhilCisco

  Hi, I had some basic questions about VoIP in a IPv6 architecture, right now I'm running VoIP in a v4 architecture, and I was thinking about to change everything to v6. my questions are not that practical but I would like to understand it well. Question 1: if i had internet full v6 or v4 and that I enable IPsec on my v6 router do I still need a VPN through the internet ? because my routers will anyway exchange their pub/priv key or their certificate to ensure the communication. Question 2: If the answer to question 1 is yes then I only have two advantages to put my VoIP architecture to IPv6 the second advantage for me is the NAT which I will not have anymore. I know that right now I should anyway still use things like NAT-PT, Tunnelling and so one but in full v6 are their any other advantages ? Thank you

  Read the article

• Backup solution

  - by user66115

  We are currently looking for a new backup solution. Our current network is 5 remote location with a tape backup in each plant. Right now we are looking at a MPLS VPN and running backups out of our main plant. The main thing that we backup are user private folders and department files. And each plant has it's own file server that houses CAD drawings. My main plan is to have every thing but that CAD drawing at the main faculty. We would start with a main backup of the drawing files and then do change backups back to the main plant. Besides tapes what would be the best way to backup. Our contact at Pc Connection is point us toward a Tandberg Data device.

  Read the article

• How to setup email server in ubuntu 12.04LTS(debian 7 wheezy/sid) running on linode vps

  - by shihon

  I am working on email server, since i tried several times to create email server on ubuntu12.04LTS with postfix + dovecote + postfixadmin + courier + clamav + spamassassin. But everytime i install these packages i face new problems, like mails send to localhost users and found in users maildir. But I can't determine how to configure/setup for send an email to external smtp like gmail, yahoo. The most worst thing i can't determine how to use sasl, because i am not using SSL so it is not worthy for my domain. This is so complicated, i search everywhere on google: links are https://help.ubuntu.com/community/PostfixCompleteVirtualMailSystemHowto http://www.starbridge.org/spip/spip.php?article1&lang=fr http://knopix.wordpress.com/2008/01/16/postfixadmin-postgresql-courier-squirrelmail-on-debian-etch-howtotutorial/ http://flurdy.com/docs/postfix/ Is there any article for install email server on ubuntu 12.04LTS. Please help me to understand these things.

  Read the article

• Ping IP: connect: no such process

  - by Matthew

  I am trying to figure out this issue and am getting a weird error. We have two boxes which used to talk to one another on the network. Both are reachable via ssh from a separate network, which means they are able to talk to their default gateways just fine. When we try to ping from the linux machine to the linux machine, we get a bunch of timeouts. When we try to ping from the linux box back, we are getting connect: no such process. I can't seem to find much documentation on this error, though there consistently seem to be references to VPN stuff when googling for this error. The

  Read the article

• Routing DHCP traffic over the internet

  - by rmanna

  i'd like to know if it's possible for the internet to be between a DHCP server and the network it's "assigned" to? so basically, something like this: -------------- ------------- ------------- | DHCP Server | | DHCP | | Clients | | |-----Internet-----| Relay Agent |------| 192.168.0.* | | | | 192.168.0.1 | | | -------------- ------------- ------------- the behavior i'm seeing is that the DHCP server is offering 192.168.0.* IPs and sending them back to 192.168.0.1, which it can't reach. i tried masquerading the packets sent by the relay agent but that doesn't seem to work. from what i've been reading, this is normal behavior since the DHCP server uses the GIADDR as the destination address for its OFFERs, and not the actual source IP of the packets it receives from the relay agent. sooo, given that my DHCP server needs to be "on the other side of the internet" as depicted above, how can i get this working? are there settings for dhcpd to do this or is creating a VPN containing the DHCP server and the relay agent the only way? thanks!

  Read the article

< Previous Page | 170 171 172 173 174 175 176 177 178 179 180 181  | Next Page >