Search Results

Search found 3249 results on 130 pages for 'packet loss'.

Page 84/130 | < Previous Page | 80 81 82 83 84 85 86 87 88 89 90 91  | Next Page >

• Forward mDns from one subnet to another?

  - by user37278

  Is there an ipfw rule that can easily forward mDns packets from one subnet to another? I have a Snow Leopard Server machine serving as the gateway between the two subnets and would like for machines in each subnet to see the services available in the other subnet. The gateway machine is already confirmed as configured correctly such that packets route correctly between the two subnets (ping works, traceroute shows the subnet hop, etc). My problem in designing a ipfw rule is that I don't know how to instruct that I would like multicast packets addressed to 224.0.0.251:5353 on en0 to be addressed to the same ip/port but on fw0 (the other interface). I attempted a rule such as fwd 192.168.10.1 log udp from 192.168.1.0/24 to 224.0.0.251 recv en1 to force the packet to hop over to the other interface (from en1 to fw0), but no dice. The ipfw log shows that the rule is being triggered by packets, but tcpdump isn't showing any packets on the other interface. Also, the only other firewall rules in place are the divert port 8668 and rule #65535 "allow any to any". Any suggestions? Thanks.

  Read the article

• DNS issue on Fedora 12? wget wordpress.org fails where wget www.google.com works

  - by Tom Auger

  I'm administering a Fedora 12 box, but am quite new to networking specifics. Recently one of our WordPress apps hosted on our server has stopped being able to perform its auto-update or auto-download of plugins. Investigating further, I have tried the following: $ wget wordpress.org --2010-12-17 11:26:50-- http://wordpress.org/ Resolving wordpress.org... failed: Temporary failure in name resolution. wget: unable to resolve host address âwordpress.orgâ Whereas: $ wget www.google.com --2010-12-17 11:27:26-- http://www.google.com/ Resolving www.google.com... 74.125.226.82, 74.125.226.84, 74.125.226.80, ... Connecting to www.google.com|74.125.226.82|:80... connected. HTTP request sent, awaiting response... 302 Found Location: http://www.google.ca/ [following] --2010-12-17 11:27:26-- http://www.google.ca/ Resolving www.google.ca... 173.194.32.104 Connecting to www.google.ca|173.194.32.104|:80... connected. HTTP request sent, awaiting response... 200 OK Length: unspecified [text/html] Saving to: âindex.html.4â [ <=> ] 9,079 --.-K/s in 0.02s 2010-12-17 11:27:26 (462 KB/s) - âindex.html.4â Interestingly: $ ping wordpress.org PING wordpress.org (72.233.56.138) 56(84) bytes of data. 64 bytes from wordpress.org (72.233.56.138): icmp_seq=1 ttl=50 time=81.5 ms 64 bytes from wordpress.org (72.233.56.138): icmp_seq=2 ttl=50 time=67.3 ms ^C --- wordpress.org ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1783ms rtt min/avg/max/mdev = 67.361/74.448/81.536/7.092 ms and $ nslookup wordpress.org Server: 192.168.2.1 Address: 192.168.2.1#53 Non-authoritative answer: Name: wordpress.org Address: 72.233.56.138 Name: wordpress.org Address: 72.233.56.139 nscd has been stopped and flushed. iptables appear to be clean. At this point I have exhausted my limited abilities to diagnose the issue. Can anyone suggest a resolution path?

  Read the article

• How do I keep a bridge enabled on a bonded interface?

  - by jlawer

  I'm working on setting up a pair of CentOS 6.3 servers that will run a couple of KVM vms and have come across a problem setting up a bridge on a bond. I am using Mode 4 (802.3ad) bonding on a pair of stacked Dell Powerconnect 5524 switches connecting to R320 servers. There are 2 links (1 to each switch) that form a Link Aggregation Group (802.3ad / LACP bonding). On top of the bond I have VLAN Tagging. I've verified this is a problem on multiple other bonding modes so it isn't just a mode 4 issue. I am testing what happens when 1 link is dropped (ie switch dies, cable breaks, etc). If I don't have a bridge (for KVM), everything works fine, failover happens as expected. If I have the bridge enabled, it works fine until failover (unplugging a cable). When failover happens /var/log/messages shows the slave link going down, followed within a second by: kernel: br1: port 1(bond0.8) entering disabled state The thing is /proc/net/bonding/bond0 shows the link is up as expected (simply with only 1 slave instead of 2). If I plug the cable back in it recovers and brings the bridge back to an enabled state. I actually have tested this while a ping is occuring and if the timing is right a packet will actually leave the system after the link is lost, but before the disabled message occurs. This disabled state I assumed was STP, but I have disabled STP on the bridge configuration and this issue still occurs. brctl showstp br1 still shows the link as disabled when it is running without a slave. I also switched between the nics in the server (I have 2x Broadcom & 4x intel). It doesn't matter which configuration I have. Does anyone know of a way to force the bridge to stay enabled or why its detecting the bond as disabled, when it isn't?

  Read the article

• iptables to block VPN-traffic if not through tun0

  - by dacrow

  I have a dedicated Webserver running Debian 6 and some Apache, Tomcat, Asterisk and Mail-stuff. Now we needed to add VPN support for a special program. We installed OpenVPN and registered with a VPN provider. The connection works well and we have a virtual tun0 interface for tunneling. To archive the goal for only tunneling a single program through VPN, we start the program with sudo -u username -g groupname command and added a iptables rule to mark all traffic coming from groupname iptables -t mangle -A OUTPUT -m owner --gid-owner groupname -j MARK --set-mark 42 Afterwards we tell iptables to to some SNAT and tell ip route to use special routing table for marked traffic packets. Problem: if the VPN failes, there is a chance that the special to-be-tunneled program communicates over the normal eth0 interface. Desired solution: All marked traffic should not be allowed to go directly through eth0, it has to go through tun0 first. I tried the following commands which didn't work: iptables -A OUTPUT -m owner --gid-owner groupname ! -o tun0 -j REJECT iptables -A OUTPUT -m owner --gid-owner groupname -o eth0 -j REJECT It might be the problem, that the above iptable-rules didn't work due to the fact, that the packets are first marked, then put into tun0 and then transmitted by eth0 while they are still marked.. I don't know how to de-mark them after in tun0 or to tell iptables, that all marked packet may pass eth0, if they where in tun0 before or if they going to the gateway of my VPN provider. Does someone has any idea to a solution? Some config infos: iptables -nL -v --line-numbers -t mangle Chain OUTPUT (policy ACCEPT 11M packets, 9798M bytes) num pkts bytes target prot opt in out source destination 1 591K 50M MARK all -- * * 0.0.0.0/0 0.0.0.0/0 owner GID match 1005 MARK set 0x2a 2 82812 6938K CONNMARK all -- * * 0.0.0.0/0 0.0.0.0/0 owner GID match 1005 CONNMARK save iptables -nL -v --line-numbers -t nat Chain POSTROUTING (policy ACCEPT 393 packets, 23908 bytes) num pkts bytes target prot opt in out source destination 1 15 1052 SNAT all -- * tun0 0.0.0.0/0 0.0.0.0/0 mark match 0x2a to:VPN_IP ip rule add from all fwmark 42 lookup 42 ip route show table 42 default via VPN_IP dev tun0

  Read the article

• Decoding equivalent assembly code of C code...

  - by puffadder

  Hi All, Wanting to see the output of the compiler (in assembly) for some C code, I wrote a simple program in C and generated its assembly file using gcc. The code is this: #include <stdio.h> int main() { int i = 0; if ( i == 0 ) { printf("testing\n"); } return 0; } The generated assembly for it is here (only the main function): _main: pushl %ebpz movl %esp, %ebp subl $24, %esp andl $-16, %esp movl $0, %eax addl $15, %eax addl $15, %eax shrl $4, %eax sall $4, %eax movl %eax, -8(%ebp) movl -8(%ebp), %eax call __alloca call ___main movl $0, -4(%ebp) cmpl $0, -4(%ebp) jne L2 movl $LC0, (%esp) call _printf L2: movl $0, %eax leave ret I am at an absolute loss to correlate the C code and assembly code. All that the code has to do is store 0 in a register and compare it with a constant 0 and take suitable action. But what is going on in the assembly ? Thanks in advance.

  Read the article

• What is the replacement of the floppy

  - by alexanderpas

  While CD (and to an lesser extend DVD) disks have reached the price-point of the floppy, they have one significant downside, it is WORM (Write-Once Read-Many) media, allowing it to be used only one single time, and you need to be explicit in writing the data to the actual media (you need to burn it.) While CD-RW solves the "use only once" problem, it is still EWORM (Erasable Write-Once Read-Many) media, which still means you need to be explicit in writing the data to the actual media (you still need to burn it.), and also, you still need to be very explicit in erasing it. (simple delete is not possible.) Okay, we can use a CD-RW in Packet Writing mode, however the downside to that, is that this mode is not very universal, and also, not the native mode of the media. Now, while USB-sticks and SD-cards may not have the poblems of the CD, they have a whole other kind of problem: their PRICE! USB-sticks and SD cards are generally 10 to 100 times as expensive as diskettes per piece. SD-cards, in addition have an added problem, because they need a reader to operate. While it is a very standard thing, it is not default equipment on the computer like the CD drive or USB port (or historically the diskette drive). You wouldn't give out an USB stick or SD card with a 100 kB text file, not caring weither you would get it back or not. So, to recap: CD & DVD are basically WORM media. SD cards and USB sticks are relatively expensive. SD cards also needs special readers. Diskettes have a very low data-rate Diskettes have a very low storage capacity. Now, is there a media out there that solves all these problems, or is there a way to get (very) small USB sticks or SD cards for a very low price (as they're the closest thing to diskette).

  Read the article

• Efficient way to ASCII encode UTF-8

  - by Andreas Gohr

  I'm looking for a simple and efficient way to store UTF-8 strings in ASCII-7. With efficient I mean the following: all ASCII chars in the input should stay ASCII chars in the output the resulting string should be as short as possible the operation needs to be reversable without any data loss there should be no restriction on the input length the whole UTF-8 range should be allowed My first idea was to use Punycode (IDNA) as it fits the first three requirements, but it fails at the last two. Can anyone recommend an alternative encoding scheme? Even better if there's some code available to look at.

  Read the article

• Routing table on Linux not respected

  - by MRHaarmann

  I have a very specific problem, building a Linux VPN endpoint (with external VPN Gateway), which should route certain networks over the tunnel, others via default gateway. The Linux VPN should do a NAT on the outgoing connections for the VPN peers. Setup is as following: Internet gateway LAN 192.168.25.1/24 VPN Gateway LAN 10.45.99.2/24 (VPN tunnel 10.45.99.1 to net 87.115.17.40/29, separate connection to Internet) Linux VPN Router eth0 192.168.25.71/24 eth0:503 10.45.99.1/24 Default 192.168.25.1 route to 87.115.17.40/29 via 10.45.99.2 (send_redirects disabled, ip_forward enabled) Linux clients (multiple): eth0 192.168.25.x/24 Default 192.168.25.1 route to 87.115.17.40/29 via 192.168.25.71 Ping to the machines via tunnel from the VPN Router is working. Now I want to establish a routing from my clients over the VPN gateway and the client packet gets routed to 192.168.25.1 ! traceroute output shows the packets get routed to 192.168.25.71, but then to 192.168.25.1. So the route is not respected in forward ! IPTables and Routing: ip route show 87.115.17.40/29 via 10.45.99.2 dev eth0 10.45.99.0/24 dev eth0 proto kernel scope link src 10.45.99.1 192.168.25.0/24 dev eth0 proto kernel scope link src 192.168.25.71 default via 192.168.25.1 dev eth0 iptables -A INPUT -i eth0:503 -j REJECT iptables -t nat -A POSTROUTING -o eth0:503 -j MASQUERADE iptables -A FORWARD -i eth0:503 -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -s 192.168.25.0/24 -o eth0:503 -j ACCEPT So what is wrong with my setup ? The route is chosen correctly from localhost, but all the clients get forwarded to the Internet GW. thanks for helping, Marcus

  Read the article

• I'm really offtopic. But I've got a really good reason.

  - by lost

  Is there anyway Encryption on an unidentified file can be broken(file in question: config file and log files from ardamax keylogger). These files date back all the way to 2008. I searched everywhere, nothing on slashdot, nothing on google. Ardamax Keyviewer? Should I just write to Ardamax? I am at a loss of what to do. I feel comprimised. Anyone managed to decrpyt files with Crypto-analysis?

  Read the article

• VS2008 Express no longer opens projects after VS2010 express Phone

  - by Alikar

  So I installed the new april release of the VS2010 express for windows phone 7 and now VS2008 express C# no longer opens .csproj files. I'm at a loss as to why this is as I've not changed anything in the files themselves. I'm currently uninstalling windows phone 7 in the hopes that I will be able to open my files again. I have a feeling though I'm going to need to uninstall 2008 as well and the reinstall it to get everything to work. In the future how should I install 2010 express for win 7 phone to prevent it from interfering with 2008 express?

  Read the article

• Linux server: Dropped packets

  - by Lars

  I see dropped packets using ifconfig on my eth0 interface: eth0 Link encap:Ethernet HWaddr 00:15:17:0d:03:ca inet addr:10.0.1.2 Bcast:10.0.1.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:9000 Metric:1 RX packets:30268348 errors:0 dropped:70721 overruns:0 frame:0 TX packets:133076885 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:8699434077 (8.6 GB) TX bytes:194937313025 (194.9 GB) Interrupt:16 Memory:feae0000-feb00000 When i use ethtool -S i dont see anything wrong: NIC statistics: rx_packets: 30267138 tx_packets: 133074510 rx_bytes: 8699356158 tx_bytes: 194934147340 rx_broadcast: 35296 tx_broadcast: 5435 rx_multicast: 0 tx_multicast: 0 rx_errors: 0 tx_errors: 0 tx_dropped: 0 multicast: 0 collisions: 0 rx_length_errors: 0 rx_over_errors: 0 rx_crc_errors: 0 rx_frame_errors: 0 rx_no_buffer_count: 0 rx_missed_errors: 0 tx_aborted_errors: 0 tx_carrier_errors: 0 tx_fifo_errors: 0 tx_heartbeat_errors: 0 tx_window_errors: 0 tx_abort_late_coll: 0 tx_deferred_ok: 0 tx_single_coll_ok: 0 tx_multi_coll_ok: 0 tx_timeout_count: 0 tx_restart_queue: 0 rx_long_length_errors: 0 rx_short_length_errors: 0 rx_align_errors: 0 tx_tcp_seg_good: 5757001 tx_tcp_seg_failed: 0 rx_flow_control_xon: 8649 rx_flow_control_xoff: 62072 tx_flow_control_xon: 0 tx_flow_control_xoff: 0 rx_long_byte_count: 8699356158 rx_csum_offload_good: 30212111 rx_csum_offload_errors: 0 rx_header_split: 10857552 alloc_rx_buff_failed: 0 tx_smbus: 0 rx_smbus: 0 dropped_smbus: 0 rx_dma_failed: 0 tx_dma_failed: 0 I am running Ubuntu 12.04 with kernel 3.2.0-30-generic #48-Ubuntu SMP I have pinged every device on my internal network for about 24 hours, without packet loss. Also checked my router and my interface to the WAN, also no errors there. Does anyone have any clue?

  Read the article

• I'm installing mysql with homebrew, how do I set value to 'log_output'?

  - by imjared

  I've been following directions here: brew install mysql on mac os and have now run into the same issue both on my home machine and work (both MacBook Pro running OSX 10.7.5 and ZSH): 121031 12:18:03 [ERROR] /usr/local/opt/mysql/bin/mysqld: Error while setting value '/Users/me/.mysql/logs/' to 'log_output' The full output of the error can be found in this gist: https://gist.github.com/3988275 I'm really at a loss for what I'm doing incorrectly or what I need to change. It should be noted that there are no logs for me to check in /usr/local/var/mysql. Any help is greatly appreciated.

  Read the article

• Using file-path to images stored within the Application Settings

  - by Bill

  I am trying to develop an application that uses a number of images that are stored in a seperate remote file location. The file-paths to the UI elements are stored within the Application Settings. Although I understand how to access and use the file-path from Settings in C# (Properties.Settings.Default.pathToGridImages + "OK.png"), I am at a loss to figure out how to utilize the Settings paths in WPF, and can only seem to access the file if I include the file-path, such as: <Grid.Background> <ImageBrush ImageSource="C:\Skins\bottomfill.png" TileMode="Tile" /> </Grid.Background> I would have thought that concatenating "Properties.Settings.Default.pathToGridImages" with "bottomfill.png" in WPF could be done much like it can be done in C#. Can anyone please point me in the right direction?

  Read the article

• Preventing DDOS/SYN attacks (as far as possible)

  - by Godius

  Recently my CENTOS machine has been under many attacks. I run MRTG and the TCP connections graph shoots up like crazy when an attack is going on. It results in the machine becoming inaccessible. My MRTG graph: mrtg graph This is my current /etc/sysctl.conf config # Kernel sysctl configuration file for Red Hat Linux # # For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and # sysctl.conf(5) for more details. # Controls IP packet forwarding net.ipv4.ip_forward = 0 # Controls source route verification net.ipv4.conf.default.rp_filter = 1 # Do not accept source routing net.ipv4.conf.default.accept_source_route = 0 # Controls the System Request debugging functionality of the kernel kernel.sysrq = 1 # Controls whether core dumps will append the PID to the core filename # Useful for debugging multi-threaded applications kernel.core_uses_pid = 1 # Controls the use of TCP syncookies net.ipv4.tcp_syncookies = 1 # Controls the maximum size of a message, in bytes kernel.msgmnb = 65536 # Controls the default maxmimum size of a mesage queue kernel.msgmax = 65536 # Controls the maximum shared segment size, in bytes kernel.shmmax = 68719476736 # Controls the maximum number of shared memory segments, in pages kernel.shmall = 4294967296 net.ipv4.conf.all.rp_filter = 1 net.ipv4.tcp_syncookies = 1 net.ipv4.icmp_echo_ignore_broadcasts = 1 net.ipv4.conf.all.accept_redirects = 0 net.ipv6.conf.all.accept_redirects = 0 net.ipv4.conf.all.send_redirects = 0 net.ipv4.conf.all.accept_source_route = 0 net.ipv4.conf.all.rp_filter = 1 net.ipv4.tcp_max_syn_backlog = 1280 Futher more in my Iptables file (/etc/sysconfig/iptables ) I only have this setup # Generated by iptables-save v1.3.5 on Mon Feb 14 07:07:31 2011 *filter :INPUT ACCEPT [1139630:287215872] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [1222418:555508541] Together with the settings above, there are about 800 IP's blocked via the iptables file by lines like: -A INPUT -s 82.77.119.47 -j DROP These have all been added by my hoster, when Ive emailed them in the past about attacks. Im no expert, but im not sure if this is ideal. My question is, what are some good things to add to the iptables file and possibly other files which would make it harder for the attackers to attack my machine without closing out any non-attacking users. Thanks in advance!

  Read the article

• Dajano admin site foreign key fields

  - by user292652

  hi i have the following models setup class Player(models.Model): #slug = models.slugField(max_length=200) Player_Name = models.CharField(max_length=100) Nick = models.CharField(max_length=100, blank=True) Jersy_Number = models.IntegerField() Team_id = models.ForeignKey('Team') Postion_Choices = ( ('M', 'Manager'), ('P', 'Player'), ) Poistion = models.CharField(max_length=1, blank=True, choices =Postion_Choices) Red_card = models.IntegerField( blank=True, null=True) Yellow_card = models.IntegerField(blank=True, null=True) Points = models.IntegerField(blank=True, null=True) #Pic = models.ImageField(upload_to=path/for/upload, height_field=height, width_field=width, max_length=100) class PlayerAdmin(admin.ModelAdmin): list_display = ('Player_Name',) search_fields = ['Player_Name',] admin.site.register(Player, PlayerAdmin) class Team(models.Model): """Model docstring""" #slug = models.slugField(max_length=200) Team_Name = models.CharField(max_length=100,) College = models.CharField(max_length=100,) Win = models.IntegerField(blank=True, null=True) Loss = models.IntegerField(blank=True, null=True) Draw = models.IntegerField(blank=True, null=True) #logo = models.ImageField(upload_to=path/for/upload, height_field=height, width_field=width, max_length=100) class Meta: pass #def __unicode__(self): # return Team_Name #def save(self, force_insert=False, force_update=False): # pass @models.permalink def get_absolute_url(self): return ('view_or_url_name') class TeamAdmin(admin.ModelAdmin): list_display = ('Team_Name',) search_fields = ['Team_Name',] admin.site.register(Team, TeamAdmin) my question is how do i get to the admin site to show Team_name in the add player form Team_ID field currently it is only showing up as Team object in the combo box

  Read the article

• Cisco 3560+ipservices -- IGMP snooping issue with TTL=1

  - by Jander

  I've got a C3560 with Enhanced (IPSERVICES) image, routing multicast between its VLANs with no external multicast router. It's serving a test environment where developers may generate multicast traffic on arbitrary addresses. Everything is working fine except when someone sends out multicast traffic with TTL=1, in which case the multicast packet suppression fails and the traffic is broadcast to all members of the VLAN. It looks to me like because the TTL is 1, the multicast routing subsystem doesn't see the packets, so it doesn't create a mroute table entry. If I send out packets with TTL=2 briefly, then switch to TTL=1 packets, they are filtered correctly until the mroute entry expires. My question: is there some trick to getting the switch to filter the TTL=1 packets, or am I out of luck? Below are the relevant parts of the config, with a representative VLAN interface. I can provide more info as needed. #show run ... ip routing ip multicast-routing distributed no ip igmp snooping report-suppression ! interface Vlan44 ip address 172.23.44.1 255.255.255.0 no ip proxy-arp ip pim passive ... #show ip igmp snooping vlan 44 Global IGMP Snooping configuration: ------------------------------------------- IGMP snooping : Enabled IGMPv3 snooping (minimal) : Enabled Report suppression : Disabled TCN solicit query : Disabled TCN flood query count : 2 Robustness variable : 2 Last member query count : 2 Last member query interval : 1000 Vlan 44: -------- IGMP snooping : Enabled IGMPv2 immediate leave : Disabled Multicast router learning mode : pim-dvmrp CGMP interoperability mode : IGMP_ONLY Robustness variable : 2 Last member query count : 2 Last member query interval : 1000

  Read the article

• iPhone Accelerometer > csv > email

  - by Bradley Powers

  Hi all, I'm trying to collect data for a machine learning project I'm working on. What I'd like to do is collect accelerometer data from an iPhone, save it to a csv and email it to myself. My app currently is able to acquire data from the accelerometer, but I'm at a bit of a loss as to how to proceed. First of all, I'd like to acquire data for a preset amount of time (after playing a sound to the user) which I don't really know how to do, and I can't find good documentation for. Also, I'd like to save that to a csv, which there is some documentation on (specifically using the NSString writeToFile method). Any recommendations/ ideas? Thanks!

  Read the article

• Build an unbound form in Acess 2007

  - by DoubleJ92

  I have an access application that has a form that allows the user to enter case notes. The main field of this form is tied to a SQL Server varchar(MAX) field in the source table. Since the users switched to Access 2007, their program keeps crashing when they are on the case notes form. As a possible solution to this problem, I would like to try unbinding this form and re-building it as an unbound form. This form needs to be able to add and update records into my SQL Server database. It also needs to be able to browse between records. I guess I am at a loss as to where to start. Any suggestions/code snippets is appreciated.

  Read the article

• How Do You Profile & Optimize CUDA Kernels?

  - by John Dibling

  I am somewhat familiar with the CUDA visual profiler and the occupancy spreadsheet, although I am probably not leveraging them as well as I could. Profiling & optimizing CUDA code is not like profiling & optimizing code that runs on a CPU. So I am hoping to learn from your experiences about how to get the most out of my code. There was a post recently looking for the fastest possible code to identify self numbers, and I provided a CUDA implementation. I'm not satisfied that this code is as fast as it can be, but I'm at a loss as to figure out both what the right questions are and what tool I can get the answers from. How do you identify ways to make your CUDA kernels perform faster?

  Read the article

• Port knocking via SSH tunnels

  - by j0ker

  I have a server running in my university's internal network. There is only one SSH daemon running which is secured by port knocking with knockd. Works fine if I try to connect from within the internal network. But since the server has no external IP, I have to tunnel into the internal network every time I want to access the server from outside. And since tunneling only works for a single port I cannot do the port knocking as easily as from an internal client. In fact, I don't get it to work at all. What I'm trying is opening tunnels for all the different ports that have to be knocked. Then I send TCP-SYN packets into the tunnels. But that doesn't work even for a single port. If I establish the tunnel on the first port in the knock sequence and send a packet through it, it doesn't reach the server. There is no entry in the log file of knockd, while there should be something like 123.45.67.89: openSSH: Stage 1 (as shown with internal knocks). So I guess, the problem doesn't exist within my knocking script but is a more general one. Are there any known problems with what I'm trying to do? Is it even possible or am I missing something? Thanks in advance!

  Read the article

• Transparent proxying leaves sockets with SYN_RCVD in MacOS X 10.6 Snow Leopard (and maybe FreeBSD)

  - by apenwarr

  I'm trying to create a transparent proxy on my MacOS machine in order to port the sshuttle ssh-based transproxy VPN from Linux. I think I almost have it working, but sadly, almost is not 100%. Short version is this. In one window, start something that listens on port 12300: $ while :; do nc -l 12300; done Now enable proxying: # sysctl -w net.inet.ip.forwarding=1 # sysctl -w net.inet.ip.fw.enable=1 # ipfw add 1000 fwd 127.0.0.1,12300 log tcp from any to any And now test it out: $ telnet localhost 9999 # any port number will do # this works; type stuff and you'll see it in the nc window $ telnet google.com 80 # any host/port will do # this *doesn't* work! After the latter experiment, I see lines like this in netstat: $ netstat -tn | grep ^tcp4 tcp4 0 0 66.249.91.104.80 192.168.1.130.61072 SYN_RCVD tcp4 0 0 192.168.1.130.61072 66.249.91.104.80 SYN_SENT The second socket belongs to my telnet program; the first is more suspicious. SYN_RCVD implies that my SYN packet was correctly captured by the firewall and taken in by the kernel, but apparently the SYNACK was never sent back to telnet, because it's still in SYN_SENT. On the other hand, if I kill the nc server, I get this: $ telnet google.com 80 Trying 66.249.81.104... telnet: connect to address 66.249.81.104: Connection refused telnet: Unable to connect to remote host ...which is as expected: my proxy server isn't running, so ipfw redirects my connection to port 12300, which has nobody listening on it, ie. connection refused. My uname says this: $ uname -a Darwin mean.local 10.2.0 Darwin Kernel Version 10.2.0: Tue Nov 3 10:37:10 PST 2009; root:xnu-1486.2.11~1/RELEASE_I386 i386 Does anybody see any different results? (I'm especially interested in Snow Leopard vs Leopard results, as there seem to be some internet rumours that transproxy is broken in Snow Leopard version) Any advice for how to fix?

  Read the article

• Packets being dropped by iptables

  - by Shadyabhi

  I am trying to create a Software Access Point in linux. I followed the blog here. Steps I performed: Started dhcp server on wlan0. Properly configured hostapd.conf Enabled packet forwarding & masquerading. Two commands executed regarding iptables: iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE iptables --append FORWARD --in-interface wlan0 -j ACCEPT I enabled logging on iptables & I get this in everything.log Jun 29 19:42:03 MBP-archlinux kernel: [10480.180356] IN=eth0 OUT=wlan0 MAC=c8:bc:c8:9b:c4:3c:00:13:80:40:cd:80:08:00 SRC=195.143.92.150 DST=10.0.0.3 LEN=44 TOS=0x00 PREC=0x00 TTL=52 ID=38025 PROTO=TCP SPT=80 DPT=53570 WINDOW=46185 RES=0x00 ACK URGP=0 Jun 29 19:42:03 MBP-archlinux kernel: [10480.389102] IN=eth0 OUT=wlan0 MAC=c8:bc:c8:9b:c4:3c:00:13:80:40:cd:80:08:00 SRC=195.143.92.150 DST=10.0.0.3 LEN=308 TOS=0x00 PREC=0x00 TTL=52 ID=14732 PROTO=TCP SPT=80 DPT=53570 WINDOW=46185 RES=0x00 ACK PSH URGP=0 Jun 29 19:42:03 MBP-archlinux kernel: [10480.389710] IN=eth0 OUT=wlan0 MAC=c8:bc:c8:9b:c4:3c:00:13:80:40:cd:80:08:00 SRC=195.143.92.150 DST=10.0.0.3 LEN=44 TOS=0x00 PREC=0x00 TTL=52 ID=14988 PROTO=TCP SPT=80 DPT=53570 WINDOW=46185 RES=0x00 ACK FIN URGP=0 Jun 29 19:42:03 MBP-archlinux kernel: [10480.621118] IN=eth0 OUT=wlan0 MAC=c8:bc:c8:9b:c4:3c:00:13:80:40:cd:80:08:00 SRC=195.143.92.150 DST=10.0.0.3 LEN=44 TOS=0x00 PREC=0x00 TTL=52 ID=63378 PROTO=TCP SPT=80 DPT=53570 WINDOW=46185 RES=0x00 ACK FIN URGP=0 I have almost no knowledge of iptables, all I did was through googling. So, can anyone help me in making me understand what wrong is happening here? I have tried running tcpdump on wlan0 & http packets are being sent from wlan0.

  Read the article

• objective-c description method

  - by rocity

  Maybe I'm stupid...and this is my first question so forgive me...but when I run this code, I get the following output: (FROG idle:0 animating:0 rect:(null) position:{{1,2}{3,4}} tongue:{5,6}) This is wrong because it seems to be skipping the rect format string and placing everything displaced by one. So idle and animating are what i expect, then rect is skipped, but the result from NSStringFromCGRect(self.rect) is placed into position, then the result for position is pushed to tongue, then tongue is not displayed at all. I'm at a loss. - (NSString *)description{ return [NSString stringWithFormat:@"(FROG idle:%i animating:%i rect:%@ position:%@ tongue:%@)", self.idleTime, self.animating, NSStringFromCGRect(self.rect), NSStringFromCGPoint(self.position), tongue ]; }

  Read the article

• How to deal with many to many relationships with NSFetchedResultsController?

  - by Phil Yates

  OK so I have two entities in my data model (let's say entityA and entityB), both of these entities have a to-many relationship to each other. I have setup a NSFetchedResultsController to fetch a bunch of entityA. Now I'm trying to have the section names for the tableview be the title of entityB. sectionNameKeyPath:@"entityB.title" Now this causes a problem, where by the section name returned from that relationship appears to be ({title1}) or ({title1,title2...titleN}) obviously depending on how many different entityB's are involved. This doesn't look great in a tableview and doesn't group the objects as I would like. What I would like is a section per entityB title with entityA appearing under each section, under multiple sections if necessary. I'm at a loss as how I am supposed to achieve this whether I need to update the predicate to get the entity to appear multiple times or whether I need to update the section and header functions to do some processing as the controller loops through the objects. Any help is appreciated :) Thanks

  Read the article

• Intermittent extrememly long response times when downloading documents

  - by pap

  I have a Java web application running om Tomcat 7 with an Apache httpd 2.2 fronting with mod_jk/AJP. One part of the application is serving files (up to 4mb size). Now, normally this all runs very smooth with stable, low response-times. However, in rare instances (<0.1% of downloads), the downloadtime will go beyond 1 minute. After activating the ThreadStuckValve in Tomcat, I can see that the long responses seem to be stuck at org.apache.tomcat.jni.Socket.sendbb(Native method) i.e network I/O. At most, these long-running downloads take 5 minutes, which I strongly suspect is because of the default 300 second timout in Apache 2.2 (http://httpd.apache.org/docs/2.2/mod/core.html, "TimeOut directive"). To me, this looks like network problems. The Apache timeout (if that is what is kicking in at the 5 minute mark) indicates that ACK packets are not being transmitted correctly. My questions are what could be causing this? Closed browser at receiving end but socket not signaled as closed properly? Packet loss or some other network failure in transit? Where would I start troubleshooting this? We're running Tomcat and Apache on Windows server 2008-R2 in a vmware virtualized server.

  Read the article

< Previous Page | 80 81 82 83 84 85 86 87 88 89 90 91  | Next Page >