I have a few servers set up and was wondering should I allow direct SSH, or have a VPN and then allow SSH (locally)? Are there any drawbacks to direct SSH (aka SSH to external IP). My old set up I required a VPN login, and from there you could RDP/SSH/whatever. My guy for my new VPS setup told me I could just SSH, and VPN was unnecessary.
↧
Should I use VPN or SSH?
↧
New to Linux : IPTables
Hi guys,
Complete Linux noob here.
I recently rented a hosted server with CentOS to host a website. The hosting was sorted by the Webmaster and I would like to lock the server down now but have not idea of how to block everything except http, https and my SSH access.
From examples on the net it looks like I should add these rules to the iptables :
iptables -A INPUT -p tcp -m tcp -m multiport --dports 80,443 -j ACCEPT
iptables -A INPUT -m conntrack -j ACCEPT --ctstate RELATED,ESTABLISHED
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -j DROP
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -j DROP
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -j DROP
If I add this, do I remove all of the other rules currently in the tables? How do I...
↧
↧
DDNS not working on WAP connected to internet router via WAN port
I have a WAP that supports DynDNS and NO-IP DDNS services. I’ve
connected the WAP WAN port to a LAN port on my broadband router. Unfortunately
the DDNS service doesn’t update. I think this is because the DDNS service is
using the IP on the WAN port (which is a private IP) and so isn’t updated.
My router doesn’t support DDNS, I don’t have any device on
all the time that could run a DDNS client, is there any way I can get DDNS
service to run on the WAP?
Would something like OpenWRT or DD-WRT provide a solution?
Do all DDNS services work the same way?
Thanks for your help
↧
UK Leased Lines: BT vs Virgin Media (and the rest!)
We've had our BT leased line (30 mbps on a 100 mbps line) for a few years now, and it's up for renewal next year. BT Local Business have been pretty vigorously trying to get us to upgrade (and thus re-sign on a longer deal) for more than a year now, and as we're approaching the last 18 months of our original deal I thought I'd actually start listening to them. The price they've quoted for upgrading us to 100 mbps is a few hundred pounds lower than we're currently paying, so far so good.
I thought I'd get a competitor quote and first to my mind was Virgin Media, so I gave them a quick call after which they quoted a price about a third of what we're currently paying! Obviously I'm now seriously considering them as our next ISP.
For their part, BT's service has been rock solid, apart from when it hasn't - this year they've had two or three...
↧
Got a big mess and need advice on Clean-Up. AKA - Need pretty Floor IT Cabinet
I just visited a site that has a bit of a mess, to say the least. It is the equivalent of mounting your PoE switches by the RJ-45 plugs. See the pic for a small diversion.
Anyway, it is a great customer who inherited this building. they want us to clean up the mess and make it all better. The spot I have to work with is a 36 inch cube of space on the floor. This cube of space is right next to the power feeding all this stuff and all the cabling. It is a mixture of analog (coax) and IP based cameras. I think the local Ethernet is mixed up in there too. Sorry, I was afraid to really touch anything and move stuff around much. They are working and I did not want to cause any down time.
I have two separate video systems, one uses analog and has 18 cameras. The other video system has 16 IP based cameras. There are two Ethernet PoE switches...
↧
↧
Smoothwall Express VPN 3.0 vs 3.1
I have a brand-new install of Smoothwall Express 3.1 (emergency creation after a power outage and disk crash).
My other site is still up and running on Smoothwall Express 3.0.
I created a new VPN connection. Going from 3.0 to 3.1, I have Green/Open.
Going from 3.1 to 3.0 I have Red/Closed.
Any ideas? I cannot get to the other site to upgrade to 3.1 until tomorrow.
↧
Does anyone see a problem with my script? I get a parse error.
All of my users have a U: drive mapped to a server with their own personal space. I want to back up those four locations on logoff.
The only other hurdle I see is that, if each folder (Downloads, Documents, Desktop, Pictures) doesn't exist, how can I get the script to create it?
Thanks in advance!
--
@echo off
set backupcmd=xcopy /c /m /s /d /e /h /r /y
echo Backing up Downloads
%backupcmd% "C:\users\%systemuser%\Downloads\*.* "U:\Downloads"
echo Backing up Documents
%backupcmd% "C:\users\%systemuser%\Documents\*.* "U:\Documents"
echo Backing up Desktop
%backupcmd% "C:\users\%systemuser%\Desktop\*.* "U:\Desktop"
echo Backing up Pictures
%backupcmd% "C:\users\%systemuser%\Pictures\*.* "U:\Pictures"
pause
end
↧
How to open ports in DrayTek 2860n
Hi,
I have this problem. I try to open few port to use them in a physical switchboard. I did it but they don't work. When i scan the ports their show off. The port are 5060. This port are for use them to comunicate from one office with switchboard to another with switchboard.
Thanks!
↧
Brother Printers, AirPrint, and IPv6
Several months ago I bridged my internal WiFi and Wired networks at one of my sites (SonicWALL TZ 105 Wn), and I thought everything was great. Then a couple of weeks ago they reported that the receipt printer (Brother RJ 4040) would not print from the iPads any more. You can see it, it would process the print job and say print job completed successfully, then come up with a different window saying the printer is offline and nothing would print. Prints fine from the Windows PC it is connected to via USB. AirPrint works fine to an HP printer in the same office. Move the iPad and receipt printer to my hotspot, AirPrint works fine. Messed with firmware, drivers, mDNS, Multicast, all that jazz. What eventually fixed the problem was enabling IPv6 in the receipt printer itself. What I want to know is WHY? How in the world is that a fix? I...
↧
↧
10Gb swtich with mixed devices
Hi there,
I've heard a long time ago (when i just studying networking) that if you have a 1Gb switch and plug in a 100/10Mbps device to it, it will affect the entire switch's throughput/performance.
I can't find that information anywhere. Was/is that correct?
(unless I typed in the wrong words in Google)
We have a bit of dilemma here:
We're planning on upgrading a core switch to Dell N4032 (10Gb) from Cisco 3750X but not sure if we need to plug all the non-10Gb devices to a separate 1Gb switch.
Thank you for your advice!
↧
Identify suspicious traffic
Hi
Whht is the best tool to identify weird traffic on my LAN? Our firewall can see a connection being made to a suspect, blacklisted, IP in China but because we run a proxy the Firewall cannot see the local IP it originates from.We have run AVG and Malwarevytes to clean/scan all the PC's. Any idea's?
↧
Help! Nokia Siemens Networks A-2200 Carrier Ethernet
Does anyone know about or have a user manual or guide on a Nokia Siemens Networks A-2200 at22108 Carrier Ethernet switch? I cannot find anything for this online and I need to troubleshoot an amber LED for an 'MJR' indicator, and what it means?
'MJR' I'm thinking stands for 'Major', which doesn't sound good, and an amber light is never good. Any words of wisdom and advice to resolve would be appreciated.
Thanks
↧
Dual NIC's, 2 default gateways
Has anyone experienced issues with having dual nic's that have 2 different default gateways? Our network is divided into 2 VLANS/subnets, a 10 network for Rockwell, PLC machines, and a 172 network for Internet, Office PC's & printers. I have one user who has 2 nic's. Both of his NIC's have different default gateways that point to either the 10 or 172 networks. He needs to have access to the 10 network to monitor the machines and the 172 network to get Internet and access to our servers etc. The user does not complain about connectivity issues, however I notice that when he is not in the office that our network runs faster and smoother. Would him having dual nic's and two default gateways cause any weird issues for the rest of the network? FYI, the 10 network is an internal network and this users machine has a static persistent...
↧
↧
Save files over VPN
Hello guys,
Please does someone had the same problem as this: actualy we have some users who are facing an issue saving their files ( Excel, Word...) over VPN on our fileserver, they get a message like the file is beeing used which is wrong! i have seen on some forums that this could be due to micro cuts of network. Please help!
Thank you very much and happy admin's day :-)
↧
Problems with wireless printers
Our network consists of a Endian Firewall, a managed Cisco SG300 switch as core, 3 unmanaged switches as distribution, two Cisco 3502i access points, two wired Lexmark laserjet MFPs (a x466de and a x656de), two wireless HP inkjet MFPs(Officejet 8600 and Officejet 8600 Pro), two wireless HP laserjet printers (CP1525nw), some servers, desktops and notebooks (split between wireless and wired).
This week we've begun to face some problems regarding to conections between computers and wireless printers.
The printers are mapped in the computers according to the department, and they're mapped manually.
When the machine connects to a wireless printer (OJ8600 or OJ8600Pro), we found that, if the person does not print for some time, the printer is shown as offline in control panel. To make the printer available again, we need to restart the printer,...
↧
Best Program to use for CCNA security
Spiceheads,
I am currently studying for the CCNA security and I am running into a problem for setting up my virtual lab. Do you suggest GNS3 or VIRL?
I know that I can search the web for the IOS images but, what images would be on the 2016 version of the exam?
If I use VIRL, I don't have enough RAM to dedicate to VIRL so, I was thinking of use the packet.net. What are your opinions on VIRL with packet.net?
Thanks
↧
Accelops vs logrythm and archsight
Is anyone familiar with Accelops SIEM? if so, how does it compare to logrythm and archsight?
↧
↧
Latency based load balancing options for second ISP
We run a web application out of carrier colocation where we have a 100Mbit connection from them. Our current connection is a full /24 with BGP. I am looking at another 100Mbit circuit from a different ISP and have looked at BGP but from my understanding this would make the second connection passive and we would have to failover the whole block.
What I am looking for is something that will use both connections, and do it from a latency perspective, meaning if a user from the east/west coast they will go over the faster connection and in the event that one is down everyone will go to the other.
I have looked at some GSLB cloud options, a vendor we work with has suggested Kemp load balancers, we have some monthly Azure credits and I have also looked at their traffic manager product.
Any recommendations on what would be best to achieve...
↧
the ssh pem use to work now just out the blue it stop wiorking
I use to able to ssh to aws instance with a pem file not it just stop for no reason... here is the log
sudo ssh -vvv -i "theftp.pem" ubuntu@ec2-xx-xxx-xx-xxx.compute-1.amazonaws.comOpenSSH_7.2p2 Ubuntu-4ubuntu1, OpenSSL 1.0.2g-fips 1 Mar 2016debug1: Reading configuration data /etc/ssh/ssh_configdebug1: /etc/ssh/ssh_config line 19: Applying options for *debug2: resolving "ec2-xx-xxx-xx-xxx.compute-1.amazonaws.com" port 22debug2: ssh_connect_direct: needpriv 0debug1: Connecting to ec2-xx-xxx-xx-xxx.compute-1.amazonaws.com [xx.xxx.xx.xx] port 22.debug1:
\Connection established.debug1: permanently_set_uid: 0/0debug1: key_load_public: No such file or directorydebug1: identity file theftp.pem type -1debug1: key_load_public: No such file or directorydebug1: identity file theftp.pem-cert type -1debug1: Enabling compatibility mode for protocol...
↧
about dhcp networking limitations, at what point does dhcp interfere?
I'm not greatly experienced with networking and routing so bare with me.
I currently have these DHCP networks on my network; each of these is vlan'd, and there is routing so these can all talk to each other;
* VLAN A: class A network (10.10.10.0 /24) with a subnet of 255.255.255.0
-scope: 10.10.10.50-100
*VLAN B: class B Network (172.24.0.0 /16) 255.255.0.0
-scope: 172.24.5.100-254
---Clearly there is no way the above VLANs and their DHCP scopes can interfere with one another or the routing between them.
I wish to add anoter vlan WITH A DHCP SCOPE for VOIP...
Question 1: should i add another class A network (10.0.0.0 /24) as a VLAN, and put it in DHCP? would this interfere with vlan A's DHCP?
Question 2 (alternative option to question 1): or should i add a VLAN with something like 192.168.5.0 /24 as a different network class than VLAN A, but...
↧