Search Results

Search found 1249 results on 50 pages for 'iptables'.

Page 47/50 | < Previous Page | 43 44 45 46 47 48 49 50  | Next Page >

• Cisco access-list confusion

  - by LonelyLonelyNetworkN00b

  I'm having troubles implementing access-lists on my asa 5510 (8.2) in a way that makes sense for me. I have one access-list for every interface i have on the device. The access-lists are added to the interface via the access-group command. let's say I have these access-lists access-group WAN_access_in in interface WAN access-group INTERNAL_access_in in interface INTERNAL access-group Production_access_in in interface PRODUCTION WAN has security level 0, Internal Security level 100, Production has security level 50. What i want to do is have an easy way to poke holes from Production to Internal. This seams to be pretty easy, but then the whole notion of security levels doesn't seam to matter any more. I then can't exit out the WAN interface. I would need to add an ANY ANY access-list, which in turn opens access completely for the INTERNAL net. I could solve this by issuing explicit DENY ACEs for my internal net, but that sounds like quite the hassle. How is this done in practice? In iptables i would use a logic of something like this. If source equals production-subnet and outgoing interface equals WAN. ACCEPT.

  Read the article

• Remote access to phpmyadmin from computer belongs to same LAN

  - by Charles

  OK... I solved it. It is because I have not configured the httpd.conf to allow the centos listen port 80 and 8080. Listen 80 Listen 8080 I have setup the myphpadmin on my CentOS 6.4 recently. I can access and login to the myphpadmin on my localhost. However, when I type http://[hostipaddr]/phpmyadmin on my other computer in the same LAN with the CentOS, the browser simply cannot access the page. Below are some of the current configuration. Anyone can help please......? config.inc.php $i++; /* Authentication type */ $cfg['Servers'][$i]['auth_type'] = 'http'; /* Server parameters */ $cfg['Servers'][$i]['host'] = 'localhost'; $cfg['Servers'][$i]['connect_type'] = 'tcp'; $cfg['Servers'][$i]['compress'] = false; /* Select mysql if your server does not have mysqli */ $cfg['Servers'][$i]['extension'] = 'mysql'; $cfg['Servers'][$i]['AllowNoPassword'] = false; phpmyadmin.conf <Directory /var/www/html/phpmyadmin/> order allow,deny allow from all </Directory> Furthermore, I can access the webpage that stored in the CentOS from my other computer without problems. After using wireshark and tcpdump, I found that the server (the Cent OS) keep resetting the connection. (192.168.1.106 is my other computer, 192.168.1.101 is my CentOS) 23:29:42.281473 IP 192.168.1.106.55999 > 192.168.1.101.webcache: Flags [S], seq 2559409090, win 65535, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 23:29:42.281504 IP 192.168.1.101.webcache > 192.168.1.106.55999: Flags [R.], seq 0, ack 2559409091, win 0, length 0 I have disabled the iptables service on the CentOS already.

  Read the article

• Have servers behind OpenVPN subnet reach connecting clients

  - by imaginative

  I am trying to find some relevant documentation or what directives I need in either the OpenVPN server configuration or client configuration to accommodate for this use case. I have an OpenVPN server that clients connect to. The OpenVPN server can communicate directly with any of the clients already, this is not an issue. The client is able to reach any machine on the private subnet where OpenVPN resides, this is also not an issue. My issue is that the reverse is currently not possible - I have servers on the same subnet as the OpenVPN box that cannot reach any of the connecting clients. I'd like to be able to SSH to them and more, the same way the client can reach the servers behind the OpenVPN subnet. What do I need to do to make this possible? I already have masquerading rules set on the OpenVPN box: iptables -t nat -A POSTROUTING -s 192.168.50.0/24 -o eth0 -j MASQUERADE IP Forwarding is enabled: echo 1 >/proc/sys/net/ipv4/ip_forward I added a route on the server behind the private subnet to be aware of the route: 192.168.50.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 What am I missing?

  Read the article

• Permission denied (publickey,gssapi-with-mic,password) ssh error

  - by zentenk

  Heads up I'm a noob with linux and networking. I set up a ubuntu server and I have a static ip for my network. When I try to connect to the server at home (external), it prompts me to log in. I supply the correct password (or incorrect pw), I get the error Permission denied, please try again. and after 3 times I get Permission denied (publickey,gssapi-with-mic,password) I am however able to connect with SSH from another computer in the same network with ssh < internal ip of server > I'm connecting with mac os x and my config file is vanilla. Note: During installation of ubuntu it says I don't have a default route or something while doing auto network configuration, but I ignored it and continued the installation, could this be the problem? EDIT: I have tried the below, I have nothing in hosts.allow and also iptables shows the ports that I have allowed, which is 22. I checked the auth.log, and there is nothing when I connect to it remotely (even when it says permission denied). I have tried connecting to it internally and the correct authentication logs show. Any idea whats wrong?

  Read the article

• I've got very brazen pop3 attack how to protect the server?

  - by Ken Tang

  Today I have brazen attack to my pop3-dovecot server and mail log is full over (200MB) with this kind of information: Nov 11 09:28:14 lax dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=<shawn>, method=PLAIN, rip=200.233.152.111, lip=myip Nov 11 09:28:14 lax dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=<shop>, method=PLAIN, rip=200.233.152.111, lip=myip Nov 11 09:28:14 lax dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=<sitetest>, method=PLAIN, rip=200.233.152.111, lip=myip Nov 11 09:28:14 lax dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=<solar>, method=PLAIN, rip=200.233.152.111, lip=myip Nov 11 09:28:15 lax dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=<services>, method=PLAIN, rip=200.233.152.111, lip=myip I just blocked attacker's ip by iptables -A INPUT -s 200.233.152.111 -j DROP But it this can be continued anytime from other ips. My question is: Is there any method to disallow anyone to connect my pop3 server (except only me?) because my ip is dynamic from ISP side so I don't know how to make pop3 server know that it is exactly me connecting to. Thank you in advance!

  Read the article

• Tuning Linux + HAProxy

  - by react

  I'm currently rolling out HAProxy on Centos 6 which will send requests to some Apache HTTPD servers and I'm having issues with performance. I've spent the last couple of days googling and still can't seem to get past 10k/sec connections consistently when benchmarking (sometimes I do get 30k/sec though). I've pinned the IRQ's of the TX/RX queues for both the internal and external NICS to separate CPU cores and made sure HAProxy is pinned to it's own core. I've also made the following adjustments to sysctl.conf: # Max open file descriptors fs.file-max = 331287 # TCP Tuning net.ipv4.tcp_tw_reuse = 1 net.ipv4.ip_local_port_range = 1024 65023 net.ipv4.tcp_max_syn_backlog = 10240 net.ipv4.tcp_max_tw_buckets = 400000 net.ipv4.tcp_max_orphans = 60000 net.ipv4.tcp_synack_retries = 3 net.core.somaxconn = 40000 net.ipv4.tcp_rmem = 4096 8192 16384 net.ipv4.tcp_wmem = 4096 8192 16384 net.ipv4.tcp_mem = 65536 98304 131072 net.core.netdev_max_backlog = 40000 net.ipv4.tcp_tw_reuse = 1 If I use AB to hit the a webserver directly I easily get 30k/s connections. If I stop the webservers and use AB to hit HAProxy then I get 30k/s connections but obviously it's useless. I've also disabled iptables for now since I read that nf_conntrack can slow everything down, no change. I've also disabled the irqbalance service. The fact that I can hit each individual device with 30k/s makes me believe the tuning of the servers is OK and that it must be some HAProxy config? Here's the config which I've built from reading tuning articles, etc http://pastebin.com/zsCyAtgU The server is a dual Xeon CPU E5-2620 (6 cores) with 32GB of RAM. Running Centos 6.2 x64. The private and public interfaces are on separate NICS. Anyone have any ideas? Thanks.

  Read the article

• Linux Centos 6 becomes unavailable from time to time - OS&network issue

  - by adoado0

  I am encountering following problem. There is one server (DL160 G5) running Centos 6.3 with default kernel 2.6.32-220.2.1.el6.x86_64 - at this point I'd like to add that issue appeared also at older version - 6.1 and older kernel (do not remember exactly which version). There is cPanel installed and from time to time it becomes unavailable (network connection). What I've checked is (via KVMoIP): load average is completely normal it does not lack memory or disk space when problem occurs no console notifications checked all access logs and there is no sign that it can be caused by a client script cannot even access local interface (127.0.0.1) or main IP address running tcpdump I can only see packets arriving to server - no responses all services seem to be running properly (mail,sql,http,ssh) checked crontab and all clients' crontabs too network port utilisation is low ( up to several Mbits) arriving packet rate is low - hundreds per second (according to tcpdump) console (via kvmoip) works fine, no lags there is no conntrack at this server there is no ipv6 at this server flushing iptables, unloading modules does not resolve problem restarting network does not resolve problem, no errors appear it also occurs when two sepearate networks are configured (and multiple gateways) as well as one IP, one default gw and one network is configured - so it seems network configuration independent it seems to repeat randomly (load,packet rate,bandwith usage,load independent) checked server with different rootkit detection tools - it seems to be clean server has been rebooted, it did not change anything there are no interface errors it apperas randomly can be once a week or several times per day It usually works fine after 1-15 minutes. What I can also check? It is definitely OS issue - there is traffic at interface only in one direction when problem occurs, can not even ping loopback. Any ideas? Recommended checks? Anything I did not checked above.

  Read the article

• Log connections to program

  - by Zac

  Besides for using iptables to log incoming connections.. Is there a way to log established inbound connections to a service that you don't have the source to (suppose the service doesn't log stuff like this on its own)? What I'm wanting to do is gather some information based on who's connecting to be able to tell things like what times of the day the service is being used the most, where in the world the main user base is, etc. I am aware I can use netstat and just hook it up to a cron script, but that might not be accurate, since the script could only run as frequently as a minute. Here is what I am thinking right now: Write a program that constantly polls netstat, looking for established connections that didn't appear in the previous poll. This idea seems like such a waste of cpu time though, since there may not be a new connection.. Write a wrapper program that accepts inbound connections on whatever port the service runs on, but then I wouldn't know how to pass that connection along to the real service. Edit: Just occurred to me that this question might be better for stackoverflow, though I am not certain. Sorry if this is the wrong place.

  Read the article

• dhcp3-server (dhcpd) is tampering with host NIC

  - by user61000

  Hi all, I have a debian box that is serving as a router (using iptables NAT). When first turned on, everything works fine for a few minutes. Then the dhcp server assigns an IP (other than 192.168.0.1) to its' host NIC, eth0. This is NOT what I want. I just want dhcp3-server to listen on eth0, not assign it an IP, and changes the kernel routing table. This of course ruins the NAT capablities of the box. How can I tell the dhcp3-server NOT to do this? Thanks Before dhcp3-server tampers with eth0, the IP is 192.168.0.1, and the routing table looks like this: ~# netstat -r Kernel IP routing table Destination Gateway Iface 192.168.0.0 * eth0 173.33.220.0 * eth1 default 173.33.220.1 eth1 After dhcp3-server tampers with eth0, the IP is 192.168.0.3, and the routing table looks like this: ~# netstat -r Kernel IP routing table Destination Gateway Iface 192.168.0.0 * eth0 173.33.220.0 * eth1 default 192.168.0.1 eth0 default 173.33.220.1 eth1 SETUP Outbound NIC is eth1 Internal NIC is eth0 /etc/network/interfaces ... iface eth0 inet static address 192.168.0.1 netmask 255.255.255.0 /etc/default/dhcp3-server INTERFACES="eth0"

  Read the article

• Routing and authenticating all access through squid

  - by Knight Samar

  Hi, I want to route all Internet access in my network through a Squid proxy server and authenticate and log all users. I want this to be a client-independent setting so that no one needs to do anything on their browsers or machines. I have set my network gateway as the proxy server so that all traffic will be sent to it. I have done this using options in DHCP server. Now I tried using squid as a transparent proxy, but then it won't authenticate in that mode. I tried using iptables to route all traffic to port 3128 but it won't popup the authentication dialog box from SQUID. I tried telling DHCP to give WPAD to all clients by placing a WPAD file on a webserver containing the following for automatic proxy configuration on clients: Changes in dhcpd.conf option wpad code 252 =test; option wpad "\n\000"; option wpad "http://192.168.1.5/wpad.dat\n"; The WPAD file: function FindProxyForURL(url,host) { return "PROXY squid-server-ip-address:3128 ; DIRECT "; } But the browsers (different versions of Firefox and IE) seem to ignore it. :( What should I do ?

  Read the article

• Do I need to update some of my Debian Squeeze software?

  - by stan31337

  I have installed Debian 6, and LAMP stack from squeeze repository (default). After upgrading Apache 2.2.16 from unstable repository to 2.2.22, thanks to this post - how to upgrade already installed apache2 on debian (lenny) I'm thinking to upgrade all other software packages that I've previously installd from squeeze repository. Should I upgrade them to the ones from unstable repository? Should I upgrade all of them or just selected ones? Here's the list: * arno-iptables-firewall 1.9.2.k-4 >> 2.0.1.c-1 * bind9 1:9.7.3.dfsg-1~squeeze6 >> 1:9.8.1.dfsg.P1-4.2 * php-apc 3.1.3p1-2 >> 3.1.13-1 * fail2ban 0.8.4-3+squeeze1 >> 0.8.6-3 * exim4 4.72-6+squeeze2 >> 4.80-4 * altermime 0.3.10-4 >> 0.3.10-7 * rrdtool 1.4.3-1 >> 1.4.7-2 * vsftpd 2.3.2-3+squeeze2 >> 3.0.0-4 Also I would like to ask how to upgrade 5.3.3 5.3.16, unstable repository has 5.4.x versions only, I don't think I'm ready to move from 5.3 to 5.4 yet. Actually I'm a newbie in Linux, and after Windows experience I have a paranoidal idea to update software to the latest release. I'd be glad for any suggestions and recommendations! Thank you very much!

  Read the article

• is there a man in the middle attacking to my server machine?

  - by GongT

  My server works well about half a year. But a strange thing happened (several hours before). This server has two IP-address 58.17.85.19 & 117.21.178.19 When I navigate to http://58.17.85.19, nothing different as before. But http://117.21.178.19 will return a "302 Object moved" and become a "redirect loop" I do some test: ($cmd = "wget http://117.21.178.19/?xx=$RANDOM --max-redirect 0 -S --no-cache -O -") Step by step: run $cmd on my PC and my firend's one (we live in two side of China, far away). - got 302 run $cmd on this server - got 200 OK (content is correct result of index.php) run $cmd on another server in same computer room - got 200 OK telnet from my PC and build an HTTP request (type by hand) - got 200 OK shutdown php-fpm, run $cmd on my PC - got 302 run $cmd on server - 502 Bad Gateway shutdown nginx, run $cmd on both the server and my PC - Connection refused. create iptables rule, refuse any connection to 58.17.85.19:80. run nc -l 80 -k -vvv on server and run $cmd on my PC NC show me that.... Server accept connection (Connection from [my ip]) My connection closed ! (Remove fd xx from list) wget dump out response - got 302 I know that, normaly, NC will accept connection, then dump HTTP request from client, and client will wait for response. this connection will open forever(infact client will close connection becouse timeout), becouse NC can't give any response. So... where my request gone? who send an response to the client? some virus on my server system? If so, why 58.17.85.19 didn't has this error? or... I was attacked by a middleman?

  Read the article

• Xen virtual host can reach some sites but not others

  - by Tun H S Lee

  Okay, this is killing me. Debian Squeeze, Xen 4.0, brand new install. No iptables rules whatsoever except for the ones added by the default xen bridge script. Dom0 can reach the entire world, no problems. DomU can receive packets from some hosts, but not from others. For instance, if I ping Host A, it works fine. If I ping Host B, the DomU reports 100% packet loss. The hosts are random, but consistent (even after reboots). I can see no pattern to why some work and others don't. In fact, in some cases, different virtual hosts on the same server (an other server at a different data center) are divided; some work and others do not. I can reboot (DomU or Dom0 too) and the same hosts will work or fail as before. If I tcpdump on the Host B while pinging from the DomU, everything looks fine. It sees the echo request coming in and says it's sending one back. However, if I tcpdump peth0 on the Dom0, it never sees the echo reply. Any ideas what could be happening? I'm tearing my hair out here.

  Read the article

• Apache /server-status/ gives a 404 not found

  - by user57069

  I am trying to solve a problem where Apache stats aren't displaying correctly in Munin. I've ran through quite a bit of checks and tests regarding Munin setup, but I think my issue is related to Apache, but my skill set there is lacking. first, system info: monitored server CentOS 5.3 kernel 2.6.18-128.1.1.el5 Apache/2.2.3 "server-status" directive in httpd.conf (i've cross-compared this with another system that i did a successful parallel install of Munin on, correctly showing Apache stats, and the directive below is the same for both) ExtendedStatus On <Location /server-status> SetHandler server-status Order deny,allow Deny from all Allow from 127.0.0.1 </Location> ran lynx http://localhost/server-status got HTTP/1.1 404 taking a look at Apache access_log: 127.0.0.1 - - [13/Oct/2010:07:00:47 -0700] "GET /server-status HTTP/1.0" 404 11237 "-" "Lynx/2.8.5rel.1 libwww-FM/2.14 SSL-MM/1.4.1 OpenSSL/0.9.8e-fips-rhel5" mod_status is also loaded: % grep "mod_status" /etc/httpd/conf/httpd.conf LoadModule status_module modules/mod_status.so iptables is turned off also i did notice that the ownership status on httpd.conf on this system is root.root.. whereas the system that is displaying correctly is apache.www -- not certain that this matters?? its got to be permission issue, but i'm not certain where the permissions are messed up. any thoughts on why the test of server-status is giving me a 404?

  Read the article

• Libvirt/KVM in NAT: can't access from host (and can't forward)

  - by SharkWipf

  I'm trying to set up a port forward to a KVM guest, managed through Libvirt on Debian 6. The VM is running in NAT, through the "default" network. This all runs fine, the VM has full internet connection. However, the host cannot reach the vm internally. Neither ping, nc nor nmap on the NAT network give any signs of the VM. Due to this, the normal iptables forwarding rules don't work either. $ cat /etc/debian_version 6.0.5 $ libvirtd --version libvirtd (libvirt) 0.9.11.3 $ kvm --version QEMU emulator version 1.0 (qemu-kvm-1.0+dfsg-11, Debian), Copyright (c) 2003-2008 Fabrice Bellard ifconfig: eth0 Link encap:Ethernet HWaddr 54:04:a6:f1:6f:10 inet addr:x.x.x.x Bcast:x.x.x.x Mask:255.255.255.x inet6 addr: fe80::5604:a6ff:fef1:6f10/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:118902 errors:0 dropped:0 overruns:0 frame:0 TX packets:142357 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:13247173 (12.6 MiB) TX bytes:95163190 (90.7 MiB) Interrupt:28 Base address:0xe000 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:230646 errors:0 dropped:0 overruns:0 frame:0 TX packets:230646 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:204577107 (195.0 MiB) TX bytes:204577107 (195.0 MiB) virbr0 Link encap:Ethernet HWaddr fe:54:00:e2:d2:60 inet addr:192.168.122.1 Bcast:192.168.122.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:5050 errors:0 dropped:0 overruns:0 frame:0 TX packets:961 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:666759 (651.1 KiB) TX bytes:400701 (391.3 KiB) vnet0 Link encap:Ethernet HWaddr fe:54:00:e2:d2:60 inet6 addr: fe80::fc54:ff:fee2:d260/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:5050 errors:0 dropped:0 overruns:0 frame:0 TX packets:125687 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:500 RX bytes:739803 (722.4 KiB) TX bytes:6886609 (6.5 MiB)

  Read the article

• LAN Webserver not accessible through PPTP VPN

  - by Joe

  I have this LAN Network with 10 clients and one server. The server has 4 virtual machines and a BIND DNS Server. When the router assigns an IP through the DHCP , it also gives the ip of the DNS Server, to resolve internal domains. Everything apparently works fine, the clients being able to access the server's vm's resources, but I also have to create the possibility of remote access. I installed the PPTP VPN on the server, and the vpn clients would get the same ip address range as the router's dhcp is assigning. Apparently everything is fine here also, except the fact that when we connect through the vpn , we cannot access the webserver on port 80 ( the webserver being one of the server's VM ). The iptables on the webserver has been turned off for testing purposes and the router's firewall is directing all the external traffic to the server. Can somebody suggest a solution to this? Extra details : VPN Server : PPTP Server Centos 6.3 x64 VPN Client : Windows 7 default PPTP VPN Connection The client is successfully connected to the server, everything works ( FTP/MYSQL/SSH/DNS ) , except the fact that when I try to access the webserver IP on the browser, it won't work.Pinging it works perfectly.

  Read the article

• 403 Forbiden on Apache (CentOS) Server

  - by pouya

  These are my VM setup: HOST: windows 7 ultimate 32bit GUEST: CentOs 6.3 i386 Virtualization soft: Oracle virtualBox 4.1.22 Networking: NAT -> (PORT FORWARD: HOST:8080 => GUEST:80) Shared Folder: centos all the project files goes into shared folder and for each project file a virtualhost conf file is created in /etc/httpd/conf.d/ like /etc/httpd/conf.d/$domain I wasn't able to see anything in my browser before disabling both windows firewall and iptables in centos after that if i type for example: http://www.$domain:8080/ all i see is: Forbidden You don't have permission to access / on this server. Apache/2.2.15 (CentOS) Server at www.$domain.com Port 8080 A sample Virtual Host conf file: <VirtualHost *:80> #General DocumentRoot /media/sf_centos/path/to/public_html ServerAdmin webmaster@$domain ServerName www.$domain ServerAlias $domain *.$domain #Logging ErrorLog /var/log/httpd/$domain-error.log CustomLog /var/log/httpd/$domain-access.log combined #mod rewrite RewriteEngine On RewriteLog /var/log/httpd/$domain-rewrite.log RewriteLogLevel 0 </VirtualHost> centos shared folder is availabe to guest at /media/sf_centos These are file permissons for sf_centos: drwxrwx--- root vboxsf vboxsf group includes: apache and root So these are my questions: 1- How to solve Forbidden Problem? 2- How to setup both host and guest firewalls? 3- How can i improve this developement environment to simulate production environment as much as possible specially security improvements?

  Read the article

• Window 7 image in vmware will allow network connection out but not http

  - by Ormis

  I am currently trying to create a set of images to deploy on my network, but I've run in to a snag. When I create my own Windows 7 image I can successfully use NAT for connecting to the network but whenever I try to access a webpage I get nothing. To be more specific, All firewalls/iptables are disabled on my host machine, my virtual machine, and my network. I can do lookups and all addresses respond correctly (i'm even using Google's DNS). On the host OS i have full connectivity. On the virtual machine I can ping any device I want and all addresses resolve correctly. Within a browser I cannot reach any page via hostname or IP. I feel almost like port 80 is being blocked but i can't find any reason this would be the case. If anyone has had this occur before, I would love some insight to the problem. I initially asked this on stackoverflow and now my eyes are now opened up to superuser. Thank you for any help you can provide.

  Read the article

• Postfix not delivering from external senders and not logging anything

  - by simendsjo

  Some semi-recent upgrades must have broken my postfix+dovecot configuration, but I'm having problems finding out what the cause is. My domain is simendsjo.me with the MX record mail.simendsjo.me. I can send mail to both local and external recipients, and it delivers mail from internal mailboxes. The problem is that mail from external senders isn't delivered, and nothing is logged at all. The external sender also doesn't receive any errors. I have no idea where to ever start looking as nothing is logged at all when external mail is sent to my server. So the first issue would be: How can I turn on some debug messages for postfix? I've tried: debug_peer_level = 2 debug_peer_list = simendsjo.me .. And _level = 999 and _list = gmail.com where I'm trying to send emails from. but nothing is logged. When sending mails from a local mailbox (but from an outside computer, not localhost), a lot is logged. I don't have any rules in iptables either. Any ideas how I can get some debug messages for postfix?

  Read the article

• empty file from tomcat https redirect?

  - by amertune

  I am using tomcat 6.0.20, with jdk 1.6.0_18 on 64 bit linux (tomcat downloaded from tomcat.apache.org, not installed from repositories). I have iptables redirects from port 80 - 8080 and 443 - 8443. In server.xml, the connector for port 8080 redirects to 443, and the 8443 connector has proxyPort="443". In conf/web.xml, I have added this bit at the end of the file (but still inside the <web-app</webapp tags). <security-constraint> <web-resource-collection> <web-resource-name>Protected Context</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> I also have two contexts, ROOT and mywebapp. If I go to http://myurl.com, then I get redirected to https://myurl.com. If I go to http://myurl.com/mywebapp/, then I get redirected to https://myurl.com/mywebapp/. The problem I'm having is when I go to http://myurl.com/mywebapp (no trailing slash). When I do this I get a prompt to download an empty file that has an empty name. Going to https://myurl.com/mywebapp works. I would think that a user typing myurl.com/mywebapp is far from rare. Is there something I'm missing?

  Read the article

• Follow through - How to setup equivalent USVIDEO.ORG DNS-Proxy on Linux

  - by DNSDC

  I'm quite keen to setup similar service (but FREE) and seems you know how to do this. "you need to run your own private dns with artificial records for example pandora.com you also need a real dns to fall back on. now that all requests for these sites are going to your US located box you can open up port 80 on squid and listen for the traffic. your cache_peer settings should allow you to map each domain to their real ip. The trafic now flows initially from your US located box to the service but then the server responds it responds directly to the host. no magic here. I won't share the fine details as it probably best serves all to not over exploit this." Did you mean we need to 1. Setup Forward-only DNS on a US-based server/ip? 2. Setup cache_peer and cache_peer_domain in Squid, I got this. 3. Any iptables rule, prerouting, postrouting rules needed to accomplish this? Appreciate your expert advice. Cheers, Don

  Read the article

• Ubuntu 12.04 as router with 2 nic

  - by Blue Gene

  I have been trying this setup for weeks and still can not make this to work... ubuntu 12.04 64 bit with 2 nic nic1: eth0:192.168.2.33 -static ip with internet access (connected to modem) nic2: eth1:192.168.1.2 -static ip connected to LAN. enabled ip_forward on ubuntu box net_ip_forward = 1 on the LAN with ip address 192.168.1.5 specified gateway as 192.168.1.2 and able to ping gateway.But can not ping public address.What am i missing? on router box: route -n Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.2.1 0.0.0.0 UG 100 0 0 eth0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 tried ip route add 192.168.2.0/24 via 192.168.1.2 dev eth0 route -n on LAN 192.168.1.5 Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.1.2 0.0.0.0 UG 100 0 0 eth0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 192.168.2.0 192.168.1.2 255.255.255.0 UG 0 0 0 eth0 iptables default policy is to accept all. tracepath 8.8.8.8 from LAN 1: 192.168.1.5 0.060ms pmtu 1500 1: 192.168.1.2 3.367ms 1: 192.168.1.2 3.764ms 2: no reply Is there a way to make this work,other than NAT ing.

  Read the article

• Anonymizing OpenVPN Allow SSH Access to Internal Server

  - by Lionel

  I'm using an anonymizing VPN, but want SSH access to internal computer. How do I access my internal computer through SSH? When I do ssh 98.123.45.6, the connection times out. IP address from cable provider: 98.123.45.6 Anonymous IP through VPN: 50.1.2.3 Internal computer: 192.168.1.123 When searching around, I found recommendations to either set up iptables rules, routing rules, or to add ListenAddress to sshd_config. Which of these applies to my case? Here is my route: Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 10.115.81.1 10.115.81.9 255.255.255.255 UGH 0 0 0 tun0 10.115.81.9 * 255.255.255.255 UH 0 0 0 tun0 50.1.2.3-sta ddwrt 255.255.255.255 UGH 0 0 0 eth0 192.168.1.0 * 255.255.255.0 U 202 0 0 eth0 169.254.0.0 * 255.255.0.0 U 204 0 0 vboxnet0 loopback * 255.0.0.0 U 0 0 0 lo default 10.115.81.9 128.0.0.0 UG 0 0 0 tun0 128.0.0.0 10.115.81.9 128.0.0.0 UG 0 0 0 tun0 default ddwrt 0.0.0.0 UG 202 0 0 eth0

  Read the article

• Limited bandwidth and transfer rates per user.

  - by Cx03

  I searched for a while but couldn't find anything concrete, hopefully someone can help me. I'm going to be running a Debian server on a gigabit port, and want to give each user his/her fair share of internet access. The first objective is easy - transfer rates (speed) per user. From what I've looked at, IPTables/Shorewall could do the job easy. Is this easy to setup, or could one of you point me at a config? I was hoping to limit users at 300mbit or 650mbit each. The second objective gets complicated. Due to the usage of the boxes, most of the traffic will be internal network traffic that does NOT get counted to the quota. However, I still need to limit the external traffic, and if they go over, cut off access (or throttle traffic to a very low speed (10mbit?)). Let's say the user has a 3TB external traffic limit. The IF part is: If the hostname they are exchanging the traffic with DOES NOT MATCH .ovh. or .kimsufi. (company owns multiple TLDs), count to the quota. Once said quota exceeds 3TB, choke them. Where could I find a system to count that for me? It would also need to reset or be able to be manually reset on a monthly basis. Thanks ahead of time!

  Read the article

• ubuntu 12.04 kvm virtual server network setup, can't get the machine to be connectable

  - by xyious

  I have worked on my Ubuntu Server host for weeks now and I just can not manage to get the virtual machines into the network.... here's what I need to do: I need to be able to create virtual machines that have IP addresses that can be reached from the outside (192.168 network). I need to be able to connect to the virtual machines through ssh, ftp, http and preferably https, anything else doesn't matter that much. So far everything seems simple enough and I have a lot of leeway in terms of IP address range and server/client configuration. I have the option of taking part of a /24 net as most IPs aren't used, and if it's absolutely necessary I have the option of creating a new /24 subnet. Also have the option of reformatting and reinstalling OS on the host and recreating the virtual machines as nothing has been done other than trying to get virtual machines to work. I would prefer if the virtual machines were just part of the normal network which would be 192.168.5.0/24. The host machine has 2 network cards so I don't even necessarily need the Host to be connectable in the same /24 network. I have tried (I think) just about everything from about 5 different tutorials on bridging (giving br0 the same IP that eth0 used to have (Host is able to connect to VM and vice versa, VM doesn't have outside network access), having eth0 set up like it always was and having br0 have a different IP (same as above), NAT with port forwarding (which I would have preferred not to use but will if it works), turning off one of the hosts network cards and just using one of them, different subnets.... etc. I do know my way around iptables fairly well.... Host is 64bit Ubuntu Server 12.04, using libvirt/kvm. edits: Local network is 192.168.5.0/24, host has static ip 192.168.5.254, GW .5.1 which is also nameserver. We have a second Local network at 192.168.10.0/24 with .10.1 GW, but both hosts and VMs were supposed to go into the .5 subnet. The .10 subnet isn't required, but it wouldn't be horrible if the Host were only accessible in the .10 subnet.

  Read the article

< Previous Page | 43 44 45 46 47 48 49 50  | Next Page >