Search Results

Search found 1519 results on 61 pages for 'chain'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 33/61 | < Previous Page | 29 30 31 32 33 34 35 36 37 38 39 40  | Next Page >

  • iptables to allow 80 and 443 on chillispot running ddwrt

    - by user76682
    I am having problems setting this up. this is what I am trying to do. I have Chillispot (hotpsot) running on dd-wrt. Everything is setup, but the client wants only 80 and 443 to go through through the hotspot. I found this tutorial for dd-wrt but that doesnt seem to work. http://www.dd-wrt.com/wiki/index.php/Iptables#Allow_HTTP_traffic_only_to_specific_domain.28s.29 Initially I tried to place the options at the top but didnt work. then i flushed the iptables and set only these three. I can see the pkts number grow but for some reason I can browse. root@DD-WRT:~# iptables -nvL FORWARD Chain FORWARD (policy ACCEPT 3105 packets, 2442K bytes) pkts bytes target prot opt in out source destination 1629 230K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 21,80,443 2346 2792K ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 328 46420 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0 Heres some info from the router, chillispot is the tun0 interface. root@DD-WRT:~# iptables -vnL FORWARD --line-numbers Chain FORWARD (policy DROP 0 packets, 0 bytes) num pkts bytes target prot opt in out source destination 1 0 0 ACCEPT 47 -- * vlan1 192.168.8.0/24 0.0.0.0/0 2 0 0 ACCEPT tcp -- * vlan1 192.168.8.0/24 0.0.0.0/0 tcp dpt:1723 3 32 1851 ACCEPT 0 -- tun0 * 0.0.0.0/0 0.0.0.0/0 state NEW 4 0 0 ACCEPT 0 -- br0 br0 0.0.0.0/0 0.0.0.0/0 5 48 2408 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU 6 756 452K lan2wan 0 -- * * 0.0.0.0/0 0.0.0.0/0 7 756 452K ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 8 0 0 TRIGGER 0 -- vlan1 br0 0.0.0.0/0 0.0.0.0/0 TRIGGER type:in match:0 relate:0 9 0 0 trigger_out 0 -- br0 * 0.0.0.0/0 0.0.0.0/0 10 0 0 ACCEPT 0 -- br0 * 0.0.0.0/0 0.0.0.0/0 state NEW 11 0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0 12 0 0 DROP 0 -- br0 * 0.0.0.0/0 0.0.0.0/0 13 0 0 DROP 0 -- * br0 0.0.0.0/0 0.0.0.0/0 The interfaces: root@DD-WRT:~# ifconfig -a br0 Link encap:Ethernet HWaddr 00:12:17:CF:80:5F inet addr:192.168.8.1 Bcast:192.168.8.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2371 errors:0 dropped:0 overruns:0 frame:0 TX packets:1862 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:259721 (253.6 KiB) TX bytes:254862 (248.8 KiB) br0:0 Link encap:Ethernet HWaddr 00:12:17:CF:80:5F inet addr:169.254.255.1 Bcast:169.254.255.255 Mask:255.255.0.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 eth0 Link encap:Ethernet HWaddr 00:12:17:CF:80:5F UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:5050 errors:0 dropped:0 overruns:0 frame:0 TX packets:2508 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1066410 (1.0 MiB) TX bytes:376001 (367.1 KiB) Interrupt:5 eth1 Link encap:Ethernet HWaddr 00:12:17:CF:80:61 UP BROADCAST RUNNING ALLMULTI MULTICAST MTU:1500 Metric:1 RX packets:729 errors:0 dropped:0 overruns:0 frame:114693 TX packets:697 errors:2 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:107869 (105.3 KiB) TX bytes:473134 (462.0 KiB) Interrupt:4 Base address:0x1000 etherip0 Link encap:Ethernet HWaddr 1E:13:B7:09:CC:8C BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MULTICAST MTU:16436 Metric:1 RX packets:18 errors:0 dropped:0 overruns:0 frame:0 TX packets:18 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:1210 (1.1 KiB) TX bytes:1210 (1.1 KiB) teql0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 NOARP MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:192.168.182.1 P-t-P:192.168.182.1 Mask:255.255.255.0 UP POINTOPOINT RUNNING MTU:1500 Metric:1 RX packets:662 errors:0 dropped:0 overruns:0 frame:0 TX packets:587 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:10 RX bytes:92167 (90.0 KiB) TX bytes:427657 (417.6 KiB) vlan0 Link encap:Ethernet HWaddr 00:12:17:CF:80:5F UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2371 errors:0 dropped:0 overruns:0 frame:0 TX packets:1864 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:269558 (263.2 KiB) TX bytes:262680 (256.5 KiB) vlan1 Link encap:Ethernet HWaddr 00:12:17:CF:80:60 inet addr:10.3.2.47 Bcast:10.255.255.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2675 errors:0 dropped:0 overruns:0 frame:0 TX packets:645 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:705429 (688.8 KiB) TX bytes:102197 (99.8 KiB) The routing table: root@DD-WRT:~# netstat -nr Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 192.168.182.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0 10.3.2.0 0.0.0.0 255.255.255.0 U 0 0 0 vlan1 192.168.8.0 0.0.0.0 255.255.255.0 U 0 0 0 br0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br0 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 10.3.2.1 0.0.0.0 UG 0 0 0 vlan1 Highly appreciate your help. TIA, Arun

    Read the article

  • What causes winsock 10055 errors? How should I troubleshoot?

    - by Tom Kerr
    I'm investigating some issues with winsock 10055 errors on a chain of custom applications (some of which we control, some not) and was hoping to get some advice on techniques to troubleshoot the problem. No buffer space available. An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full. From research, non-paged pool and ports seem to be the only resources which can cause this error. Is there another resource which might cause 10055 errors? Currently, we have perfmon counters setup on the applications and non-paged pool usage looks low in most circumstances. Open TCP connections looks low and I am unaware of another way to monitor ports. Since it only happens in production, we are unable to use more invasive counters. Is there some other tool or procedure you would recommend to diagnose which application is causing the issue?

    Read the article

  • Exposing the AnyConnect HTTPS service to outside network

    - by Maciej Swic
    We have a Cisco ASA 5505 with firmware ASA9.0(1) and ASDM 7.0(2). It is configured with a public ip address, and when trying to reach it from the outside by HTTPS for AnyConnect VPN, we get the following log output: 6 Nov 12 2012 07:01:40 <client-ip> 51000 <asa-ip> 443 Built inbound TCP connection 2889 for outside:<client-ip>/51000 (<client-ip>/51000) to identity:<asa-ip>/443 (<asa-ip>/443) 6 Nov 12 2012 07:01:40 <client-ip> 50999 <asa-ip> 443 Built inbound TCP connection 2890 for outside:<client-ip>/50999 (<client-ip>/50999) to identity:<asa-ip>/443 (<asa-ip>/443) 6 Nov 12 2012 07:01:40 <client-ip> 51000 <asa-ip> 443 Teardown TCP connection 2889 for outside:<client-ip>/51000 to identity:<asa-ip>/443 duration 0:00:00 bytes 0 No valid adjacency 6 Nov 12 2012 07:01:40 <client-ip> 50999 <asa-ip> 443 Teardown TCP connection 2890 for outside:<client-ip>/50999 to identity:<asa-ip>/443 duration 0:00:00 bytes 0 No valid adjacency We finished the startup wizard and the anyconnect vpn wizard and here is the resulting configuration: Cryptochecksum: 12262d68 23b0d136 bb55644a 9c08f86b : Saved : Written by enable_15 at 07:08:30.519 UTC Mon Nov 12 2012 ! ASA Version 9.0(1) ! hostname vpn domain-name office.<redacted>.com enable password <redacted> encrypted passwd <redacted> encrypted names ip local pool vpn-pool 192.168.67.2-192.168.67.253 mask 255.255.255.0 ! interface Ethernet0/0 switchport access vlan 2 ! interface Ethernet0/1 ! interface Ethernet0/2 ! interface Ethernet0/3 ! interface Ethernet0/4 ! interface Ethernet0/5 ! interface Ethernet0/6 ! interface Ethernet0/7 ! interface Vlan1 nameif inside security-level 100 ip address 192.168.68.250 255.255.255.0 ! interface Vlan2 nameif outside security-level 0 ip address <redacted> 255.255.255.248 ! ftp mode passive dns server-group DefaultDNS domain-name office.<redacted>.com object network obj_any subnet 0.0.0.0 0.0.0.0 pager lines 24 logging enable logging asdm informational mtu outside 1500 mtu inside 1500 icmp unreachable rate-limit 1 burst-size 1 no asdm history enable arp timeout 14400 no arp permit-nonconnected ! object network obj_any nat (inside,outside) dynamic interface timeout xlate 3:00:00 timeout pat-xlate 0:00:30 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 dynamic-access-policy-record DfltAccessPolicy user-identity default-domain LOCAL http server enable http 192.168.68.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart crypto ipsec ikev2 ipsec-proposal DES protocol esp encryption des protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal 3DES protocol esp encryption 3des protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES protocol esp encryption aes protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES192 protocol esp encryption aes-192 protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES256 protocol esp encryption aes-256 protocol esp integrity sha-1 md5 crypto ipsec security-association pmtu-aging infinite crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP crypto map outside_map interface outside crypto map inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP crypto map inside_map interface inside crypto ca trustpoint _SmartCallHome_ServerCA crl configure crypto ca trustpoint ASDM_TrustPoint0 enrollment self subject-name CN=vpn proxy-ldc-issuer crl configure crypto ca trustpool policy crypto ca certificate chain _SmartCallHome_ServerCA certificate ca 6ecc7aa5a7032009b8cebcf4e952d491 <redacted> quit crypto ca certificate chain ASDM_TrustPoint0 certificate f678a050 <redacted> quit crypto ikev2 policy 1 encryption aes-256 integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 10 encryption aes-192 integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 20 encryption aes integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 30 encryption 3des integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 40 encryption des integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 enable outside client-services port 443 crypto ikev2 remote-access trustpoint ASDM_TrustPoint0 telnet timeout 5 ssh 192.168.68.0 255.255.255.0 inside ssh timeout 5 console timeout 0 vpn-addr-assign local reuse-delay 60 dhcpd auto_config outside ! dhcpd address 192.168.68.254-192.168.68.254 inside ! threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept ssl trust-point ASDM_TrustPoint0 inside ssl trust-point ASDM_TrustPoint0 outside webvpn enable outside enable inside anyconnect image disk0:/anyconnect-win-3.1.01065-k9.pkg 1 anyconnect image disk0:/anyconnect-linux-3.1.01065-k9.pkg 2 anyconnect image disk0:/anyconnect-macosx-i386-3.1.01065-k9.pkg 3 anyconnect profiles GM-AnyConnect_client_profile disk0:/GM-AnyConnect_client_profile.xml anyconnect enable tunnel-group-list enable group-policy GroupPolicy_GM-AnyConnect internal group-policy GroupPolicy_GM-AnyConnect attributes wins-server none dns-server value 192.168.68.254 vpn-tunnel-protocol ikev2 ssl-client default-domain value office.<redacted>.com webvpn anyconnect profiles value GM-AnyConnect_client_profile type user username <redacted> password <redacted> encrypted tunnel-group GM-AnyConnect type remote-access tunnel-group GM-AnyConnect general-attributes address-pool vpn-pool default-group-policy GroupPolicy_GM-AnyConnect tunnel-group GM-AnyConnect webvpn-attributes group-alias GM-AnyConnect enable ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum client auto message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect ip-options ! service-policy global_policy global prompt hostname context call-home reporting anonymous Cryptochecksum:12262d6823b0d136bb55644a9c08f86b : end Clearly we are missing something, but the question is, what?

    Read the article

  • How to test if SYN and FIN are both dropped at the same time in hping3?

    - by snow
    One of the rules to prevent unexpected attack is to prevent SYN & FIN being used together. SYN and FIN are both set $IPT -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP How do I use hping to test if this iptable rule works? hping3 192.168.7.0 --keep -S -F??? Is this complete? When just type iptables -L, it shows: Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere DROP tcp -- anywhere anywhere tcp flags:FIN,SYN/FIN,SYN WHY do I need to put the "SYN,FIN" twice before drop? Is it because one for source and one for destination?

    Read the article

  • iptables port forwarding troubleshooting

    - by cbmanica
    I'm trying to forward connections on port 18600 to port 9980. I have this in /etc/sysconfig/iptables: # Generated by iptables-save v1.3.5 on Mon Oct 21 18:30:43 2013 *nat :PREROUTING ACCEPT [2:280] :POSTROUTING ACCEPT [12:768] :OUTPUT ACCEPT [12:768] -A PREROUTING -p tcp -m tcp --dport 18600 -j REDIRECT --to-ports 9980 COMMIT # Completed on Mon Oct 21 18:30:43 2013 and /etc/init.d/iptables status shows me this: Table: nat Chain PREROUTING (policy ACCEPT) num target prot opt source destination 1 REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:18600 redir ports 9980 However, I can telnet from localhost to port 9980, but not 18600. What am I missing? (This is a CentOS-based VM.)

    Read the article

  • How much traffic a linux-based shaper would be able to chew

    - by facha
    Hi, everyone I have a linux based traffic shaper (iptables + tc htb policy). It works in bridge mode. Shapes traffic based on IPs and ports (there are about 100 rules in the "mangle" chain of iptables). Right now its throughoutput is about 100 mb/s (I don't remember pps, there are about 800 users in the network). Just was wondering - when I will hit the limit. How much traffic could a linux-based shaper possibly get throuhg it. If you have one under heavy load, please could you write what machine you use and what load there is. Or if you have any other info about the subj, please write as well. Thanks in advance.

    Read the article

  • Export SSL Cert from IIS and import into GlassFish keystore

    - by Tim H
    What I need: I have an existing SSL certificate installed on IIS 6. On the same machine, I have GlassFish installed and would like to share the same certificate since they both share the same hostname, and they use different ports: IIS uses 443 and GlassFish uses 8181. Why I need it: Reuse existing SSL certs from IIS to GlassFish. I imagine that this is possible. I am able to install an SSL cert into GlassFish's keystore, and then import the same exact cert into IIS. I just want to go the other way - imagine having an SSL cert on IIS being used for months, and now I want to enable SSL on GlassFish. What I have done: Created a keystore with an alias: server.hostname.com Imported intermediate CA certs associated with the existing SSL Cert Imported the existing SSL cert with the same alias: server.hostname.com, but the keytool won’t allow this, as it is not associated: keytool error: java.lang.Exception: Public keys in reply and keystore don't match Why? Using a different alias causes the cert to not be trusted in the CA chain.

    Read the article

  • Firewalling gateways and IDS's

    - by Scott Davies
    Hi, For IDS, I plan to have a Win 2008 server running on the gateway with the majority of roles disabled. I plan to firewall the Internet connection, but I'd also like to install Snort to work as an IDS. However, I am guessing that regardless of the Snort install of the promiscuous Winpcap driver, I won't be able to monitor ports that the firewall blocks. My thinking is that chain of flow is: Internet-Firewall on Win 2008-Winpcap-Snort-internal network Is there a way to still monitor services that the firewall will block (i.e. TCP 445 SMB) ? Perhaps run the data through Snort and then through the firewall ? Thanks

    Read the article

  • How can I connect a SAS drive to USB? [closed]

    - by dave
    I have a Dell T710 with Seagate Cheetah 15k.7 SAS disks. If the T710 motherboard dies, I'll need to resort to one of my nightly off-site backups and salvage the journal/logfile from the SAS disk to bring the backup bang up-to-date. I need a way of reading the healthy-but-inaccessible SAS disc that does not depend on the only SAS-capable machine I have to hand. So I bought: SAS to SATA Adapter and: USB 2.0 to SATA Adapter with Power ...so that I could read the SAS drive via USB. I can plug it all together just fine. The chain looks like: USB - SATA - SAS. But the drive does not spin up and the computer doesn't even acknowledge anything being attached by USB. Is there a cheap external enclosure I can buy for SAS drives? I can't believe these USB to SATA adapters are everywhere but the USB to SAS adapters are almost non-existent...

    Read the article

  • Strange port forwarding problem

    - by rAyt
    I've got a strange port forwarding problem. The port forwarding to my internal webserver (10.0.0.10 on Port 80) works without a problem but the port forwarding to a windows server (10.0.0.15) on port 3389 doesn't work. The port 3389 is open. Any ideas? thanks! #!/bin/sh IPTABLES="/sbin/iptables" $IPTABLES --flush $IPTABLES --table nat --flush $IPTABLES --delete-chain $IPTABLES --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE $IPTABLES -t nat -A PREROUTING -p tcp -i eth0 -d 188.40.XXX.XXX --dport 3389 -j DNAT --to 10.0.0.15:3389 $IPTABLES -t nat -A PREROUTING -p tcp -i eth0 -d 188.40.XXX.XXX --dport 80 -j DNAT --to 10.0.0.10:80 $IPTABLES -t nat -A PREROUTING -p tcp -i eth0 -d 188.40.XXX.XXX --dport 222 -j DNAT --to 10.0.0.10:22 $IPTABLES --append FORWARD --in-interface eth1 -j ACCEPT

    Read the article

  • How to set up an SSL Cert with Subject Alternative Name

    - by Darren Oster
    To test a specific embedded client, I need to set up a web server serving a couple of SSL (HTTPS) sites, say "main.mysite.com" and "alternate.mysite.com". These should be handled by the same certificate, with a Subject Name of "main.mysite.com" and a Subject Alternative Name of "alternate.mysite.com". This certificate needs to be in an authority chain back to a 'proper' CA (such as GoDaddy, to keep the cost down). My question is, are there any good tutorials on how to do this, or can someone explain the process? What sort of parent certificate do I need to purchase from the CA provider? My understanding of SSL certificates is limited, but as Manuel said in Fawlty Towers, "I learn...". I'm happy to work in Windows (IIS) or Linux (Apache) (or even OSX, for that matter). Thanks in advance.

    Read the article

  • Grepping grep output fails

    - by viraptor
    I'm trying to grep the output of ngrep. Unfortunately when I add another grep to the pipeline, I get no output at all. It can be some other command too - cat / grep / tee - everything breaks the chain. Example: # this works: $ ngrep -l -q -T -Wbyline -d any udp and port 5060 | egrep -B1 '^SIP/2.0 180' -- U +1.469535 xxx:5060 -> xxx:5060 SIP/2.0 180 Ringing. -- U +0.001384 xxx:5060 -> xxx:2048 SIP/2.0 180 Ringing. but #these don't: $ ngrep -l -q -T -Wbyline -d any udp and port 5060 | egrep -B1 '^SIP/2.0 180' | egrep '^U' $ ngrep -l -q -T -Wbyline -d any udp and port 5060 | egrep -B1 '^SIP/2.0 180' | cat $ ngrep -l -q -T -Wbyline -d any udp and port 5060 | egrep -B1 '^SIP/2.0 180' | tee test If I use cat somefile instead of ngrep at the start, everything works as expected. Any ideas what could go wrong here?

    Read the article

  • Export SSL Cert from IIS and import into GlassFish keystore

    - by Tim H
    What I need: I have an existing SSL certificate installed on IIS 6. On the same machine, I have GlassFish installed and would like to share the same certificate since they both share the same hostname, and they use different ports: IIS uses 443 and GlassFish uses 8181. Why I need it: Reuse existing SSL certs from IIS to GlassFish. I imagine that this is possible. I am able to install an SSL cert into GlassFish's keystore, and then import the same exact cert into IIS. I just want to go the other way - imagine having an SSL cert on IIS being used for months, and now I want to enable SSL on GlassFish. What I have done: Created a keystore with an alias: server.hostname.com Imported intermediate CA certs associated with the existing SSL Cert Imported the existing SSL cert with the same alias: server.hostname.com, but the keytool won’t allow this, as it is not associated: keytool error: java.lang.Exception: Public keys in reply and keystore don't match Why? Using a different alias causes the cert to not be trusted in the CA chain.

    Read the article

  • MySQL port 3306 blocked in csf yet can still telnet to port 3306 from external host

    - by Neek
    We have a Centos 6 VPS that was recently migrated to a new machine within the same web hosting company. It's running WHM/cPanel and has csf/lfd installed. csf is set up with mostly vanilla config. I'm no iptables expert, csf has not let me down before. If a port isn't in the TCP_IN list, it should be blocked on the firewall by iptables. My problem is that I can telnet to port 3306 from an external host, yet I think iptables ought to be blocking 3306 because of csf's rules. We are now failing a security check because of this open port. (this output is obfuscated to protect the innocent: www.ourhost.com is the host with the firewall problem) [root@nickfenwick log]# telnet www.ourhost.com 3306 Trying 158.255.45.107... Connected to www.ourhost.com. Escape character is '^]'. HHost 'nickfenwick.com' is not allowed to connect to this MySQL serverConnection closed by foreign host. So the connection is established, and MySQL refuses the connection due to its configuration. I need the network connection to be refused at the firewall level, before it reaches MySQL. Using WHM's csf web UI I can see 'Firewall Configuration' includes a fairly sensible TCP_IN line: TCP_IN: 20,21,22,25,53,80,110,143,222,443,465,587,993,995,2077,2078,2082,2083,2086,2087,2095,2096,8080 (lets ignore that I could trim that a little for now, my concern is that 3306 is not listed in that list) When csf is restarted it logs the usual slew of output as it sets up iptables rules, for example what looks like it blocking all traffic and then allowing specific ports like SSH on 22: [cut] DROP all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 [cut] ACCEPT tcp opt -- in !lo out * 0.0.0.0/0 -> 0.0.0.0/0 state NEW tcp dpt:22 [cut] I can see that iptables is running, service iptables status returns a long list of firewall rules. Here is my Chain INPUT section from service iptables status, hopefully that's enough to show how the firewall is configured. Table: filter Chain INPUT (policy DROP) num target prot opt source destination 1 acctboth all -- 0.0.0.0/0 0.0.0.0/0 2 ACCEPT tcp -- 217.112.88.10 0.0.0.0/0 tcp dpt:53 3 ACCEPT udp -- 217.112.88.10 0.0.0.0/0 udp dpt:53 4 ACCEPT tcp -- 217.112.88.10 0.0.0.0/0 tcp spt:53 5 ACCEPT udp -- 217.112.88.10 0.0.0.0/0 udp spt:53 6 ACCEPT tcp -- 8.8.4.4 0.0.0.0/0 tcp dpt:53 7 ACCEPT udp -- 8.8.4.4 0.0.0.0/0 udp dpt:53 8 ACCEPT tcp -- 8.8.4.4 0.0.0.0/0 tcp spt:53 9 ACCEPT udp -- 8.8.4.4 0.0.0.0/0 udp spt:53 10 ACCEPT tcp -- 8.8.8.8 0.0.0.0/0 tcp dpt:53 11 ACCEPT udp -- 8.8.8.8 0.0.0.0/0 udp dpt:53 12 ACCEPT tcp -- 8.8.8.8 0.0.0.0/0 tcp spt:53 13 ACCEPT udp -- 8.8.8.8 0.0.0.0/0 udp spt:53 14 LOCALINPUT all -- 0.0.0.0/0 0.0.0.0/0 15 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 16 INVALID tcp -- 0.0.0.0/0 0.0.0.0/0 17 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 18 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:20 19 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:21 20 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 21 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:25 22 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:53 23 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80 24 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:110 25 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:143 26 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:222 27 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:443 28 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:465 29 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:587 30 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:993 31 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:995 32 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2077 33 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2078 34 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2082 35 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2083 36 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2086 37 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2087 38 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2095 39 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2096 40 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:8080 41 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:20 42 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:21 43 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:53 44 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:222 45 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:8080 46 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8 47 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 0 48 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 11 49 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 3 50 LOGDROPIN all -- 0.0.0.0/0 0.0.0.0/0 What's the next thing to check?

    Read the article

  • reaching 99.9999% uptime

    - by user35204
    I am currently developing a project which is mission-critical. The actual domain name is registered with 1 & 1 and I plan on purchasing DynDNS Custom DNS service (which has 5 different geographical locations for DNS) and then another secondary DNS service to make sure my DNS is as failover safe as possible. Does it matter that the registration is with 1 & 1 - are they a weak link in the chain? All I really use them for is to say that DynDNS is my primary DNS nameserver and then my secondary DNS is my other nameserver. I can transfer the registration to DynDNS - Im just not sure if it really matters or not. Thanks

    Read the article

  • Shopping for Fast USB Flash Drives

    - by Jim McKeeth
    I would like to pick up some really fast USB flash drives in the 16 - 64 GB range. When looking at drives they just list their size, their form factor (key chain hook, slider, etc.) and the fact that they are all Hi-Speed USB 2.0. It seems like I have heard that different drives have different performance and life expectancy. The sales guy tells me that they are all the same performance any more, but it wouldn't be the first time a sales guy had the wrong technical details. Our objective is to run Virtual PC images off of them, so good speed and resilience to rewrites it important.

    Read the article

  • postfix, TLS and rapidssl - "verify error:num=19:unable to get local issuer certificate"

    - by technobuddha
    I have been googeling for days! I have a cert from rapidssl. I read up that the problem with num=20, is that indicates it doesn't know the issuer, or doesn't know the ROOT Cert, right? I run this command: openssl s_client -showcerts -connect smtp.server.com:465 I get this error: verify error:num=19:self signed certificate in certificate chain Here is what i have in my postfix main.cf, and what i have done: smtpd_tls_key_file = /etc/postfix/ssl/smtp.server.com.rsa.key (this is the private key) smtpd_tls_cert_file = /etc/postfix/ssl/smtp.server.com.PUBLIC.key (this is the public key given to me by rapidssl) smtpd_tls_CAfile = /etc/postfix/ssl/combo.csr.key This key has both the intermediate keys ON TOP, and the ROOT KEY on the bottom. Here is the Intermediate keys: https://knowledge.geotrust.com/library/VERISIGN/ALL_OTHER/geotrust%20ca/GT_QuickSSL_and_Premium_and_Trial_intermediate_bundle.pem and here is the root CERT: http://www.geotrust.com/resources/root_certificates/certificates/Equifax_Secure_Certificate_Authority.cer anyone know how to use rapidssl certs?

    Read the article

  • Does a USB to RJ-45 console cable exist?

    - by Carl Flippin
    I am aware of the RJ-45 to DB9 adapter commonly used on cisco routers to access console. I am aware of the USB to DB9 adapters to allow laptops without serial to get a serial port. I am looking for a USB to RJ-45 adapter so I don't have to chain two adapters together. I have searched everywhere but even the pre-packaged solutions seem to have the two adapters chained together. Does such a thing exist? If it doesn't is there some technical reason it cannot? It seems like a manufacturer would just have to wire the DB9 end of the USB adapter differently and it would work just fine plugged straight into the console port of the router.

    Read the article

  • IIS 7 with verisign certificate, invalid certificate returned

    - by bh213
    We have IIS7 on windows 2008 and we installed verisign certificate and bound it to https. Certificate seems fine. Chain: mysite.com - not expired VeriSign international server CA class 3 - not expired Verisign Class 3 Public primary certification Authority - not expired Yet when I use verisign online validation, I get that second certificate is expired. https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=AR1130# This is what it reports, mysite is reported to be ok: ---------------- --Issued To-- Organization: VeriSign Trust Network Organizational Unit: www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign Organizational Unit 2: VeriSign International Server CA - Class 3 Organizational Unit 3: VeriSign,, Inc. --Issued By-- Organization: VeriSign,, Inc. Organizational Unit: Class 3 Public Primary Certification Authority Country: US Validity Start: Wed Apr 16 17:00:00 PDT 1997 Validity End: Wed Jan 07 15:59:59 PST 2004 ---------------- Any ideas?

    Read the article

  • How to stop scheduled chkdisk on windows 7?

    - by AndrejaKo
    Hi! I have a problem with windows 7 64-bit. I was trying out chkdsk command line options and scheduled a chddsk /r on next start. After that I disassembled the laptop on which I set the chkdsk. After I reassembled it, windows gets normally to the point where it should start the check and then hangs when the countdown reaches 1 second. During the countdown, it doesn't detect any input from keyboard. At first I thought that I didn't correctly install the keyboard, but under GNU/Linux, everything is working fine and I can normally mount the windows partition . So is there any way to stop the scheduled chkdsk? I really don't feel like reinstalling windows again because I just finished setting up my tool-chain the way I like it and compiled about 6GiB worth of dependencies I need for some project I'm working on.

    Read the article

  • Create and use intermediate certificate authority on Windows Server 2012?

    - by Sid
    Background: Server OS is Windows Server 2012. GUI is installed as we come upto speed with powershell. Setup is staging, not production (yet). We have our (internal, domain limited) Root CA installed. I would like to take the Root CA offline to secure storage but before that I'd like to setup an intermediate CA which can take over actual live, online (int-RA-net) functionality Can someone guide me covering: creating the intermediate CA certificate request installing the intermediate CA certificate on domain controller (certification authority role already installed with Root CA online right now) use the intermediate CA to generate a certificate (any use certificate, just for demonstration purposes) Obviously this certification chain would be invalid on computers outside our domain (self trusted root - our root certificate is NOT from common 3rd parties). This last point is NOT a problem.

    Read the article

  • Unable to log iptables

    - by ActuatedCrayon
    I'm having trouble getting iptables to log to any file. My iptables looks like: Chain INPUT (policy ACCEPT 1366 packets, 433582 bytes) pkts bytes target prot opt in out source destination 869 60656 LOG icmp -- venet0 * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 7 Syslogd is the only log helper running. The default syslog.conf didn't work, so I tried adding "kern.=debug -/var/log/iptables.log". But the file already has "kern.* -/var/log/kern.log". There are recent syslog entries, so it's not a permissions thing. I'm running Ubuntu 12.04.1 with 2.6.32-042stab061.2

    Read the article

  • Does a portable secondary laptop LCD monitor exist?

    - by Dougnukem
    I'm looking to buy a portable secondary LCD monitor for my Macbook Pro, does anything like that exist? I found some laptops that provide a dual 15'' monitor solution (but it's already baked into the hardware). Also some ideas posted about creating this type of setup back in 2007. I'm looking for something that is as thin as a laptop LCD (with maybe a bulky power supply that I could easily daisy chain or plug into a power strip along with my laptop). How difficult would it be to buy a 17'' laptop screen and hook up a DVI connector and power supply, and build a simple monitor stand for it? I've gotten to used to a dual-monitor setup at work and at home with my laptop that having to use my laptop in single-screen mode makes me feel crippled.

    Read the article

  • iptables NAT configuration

    - by Sarp Kaya
    Hello I am experiencing some issues with my iptables. Here's what I want to do: A(eth0)--------(eth0)B(eth2)---------------(eth2)C Brackets are interface names A,B and C are hosts. Now I would like to forward port number 80 of host C so that It would be accessed via host A. host A is 192.168.1.254 host C is 192.168.3.2 I intentionally ACCEPTed all FILTER chain options as the default policy because I wanted to make sure that NAT is working properly first. I enabled ip_forward. So here's what I have done: sudo iptables -A PREROUTING -t nat -p tcp - d 192.168.1.254 -j DNAT --to 192.168.3.2 However it is not working. What am I missing here?

    Read the article

  • How to troubleshoot intermittent and irregular connection errors on home network (preferrably Mac client)

    - by Martin
    Hi, I'm experiencing intermittent connection errors in our home network from two different computers, normally "Connection Reset" when browsing, but also other issues such as very slow throughput. I have approximately a network setup as below: ISP-Cable Modem-Dlink DIR 655 Router-(Ethernet)-Fon Router-Mac/Windows laptop Basically, is there a simple way to monitor the network and detect where issues are coming from? Right now we don't know if it is the Fon router, the Dlink router, the modem or the ISP. As the issue is intermittent, is there a software that regularly traceroutes a set of destinations and tests e.g. throughput, something that can help us figure out where in the chain the errors are introduced? The more automatic network monitor, the better.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 29 30 31 32 33 34 35 36 37 38 39 40  | Next Page >