would you please help me with the following situation ?
I have a Windows server machine on the internet that establishes a site-to-site ikev2 connection to my client's PaloAlto appliance (using RRAS and Add-VpnS2SInterface powershell command on my side). So far, no problem the link goes up without error.
There are two private adresses on my side (10.0.0.19 and 10.0.0.20) that need to communicate to (private) address 10.0.0.18 on my client's side. The problem is that when i don't set up traffic selectors (using Add-VpnS2SInterface -LocalVpnTrafficSelector -RemoteVpnTrafficSelector) on my connection, address 19 can access adress 18 but address 20 can not ! if i set up a local TS for address 20 and a remote TS for address 18, address 20 can reach 18 (and 19 can not). If i try any combination of local TS with 19 and 20, 20 still can not reach 18. On the client's side, proxy ids are set up like this : proxyid_config
The TS/proxyid mismatch is logged when i use the command netsh ras set tracing * enable. It literally says "TS Mismatch". I've tried wireshark on the connection but i can not find the decryption table infos in RRAS (SK_ei, SK_ar, ...). Of course my client is no help in this since he is unable (or unwilling) to dig into his logs and "it works for every other connections"
So i'm left with many questions :
is it "ok" to set up proxy ids like he did ?
why 19 works by default but can not work in conjunction with 20 (20 works on his own too)
can i find wireshark infos (SK_ei, SK_ar, ...) in RRAS to decrypt the traffic ?
where to look in PaloAlto to diagnose the error ?
Thank you for reading, hope you can help =)
Related
Setup: We have a mail server running exchange 2010 and a windows server 2011 for active directory. We also have a draytek router. I have access to all these things just not super familiar.
I work for a company as a junior IT tech so I have not set any of this up but need to find a solution. We're getting added to the spamhaus blocklist every other week or so.
What i've tried so far:
I have scanned the 30 computers with about 5 different virus scanners and mostly found minor things with malwarebytes which have been removed but we keep getting listed.
Also tried running netstat on each PC to monitor port 25 connections but none of the PC's checked seemed to be sending out of this port.
I have access to the router and can login to it and have heard about blocking port 25 but whenever I do this no one can send emails out. On the dreytek syslogs I can see an IP address from a virtual server that is 190.2.141.250 connecting to our main server on port 25 (SMPT). I suspect this is the thing that is sending out the spam but I can't find out how to block it.
I am kinda lost so any ideas would be appreciated
I am connecting to a MSMQ 6.3 private queue in workgroup mode on a Windows Server 2012R2 machine. This is a cross forest connection. I've gotten to where I can send, but I still cannot receive. I've done everything in John Breakwell's posts. I've given the correct domain user, Anonymous Logon and Everyone Full Control.
I've added the registry entries NewRemoteReadServerAllowNoneSecurityClient and AllowNonauthenticatedRPC.
Disable un-athenticated RPC calls is not checked.
I ran Wireshark and I can see traffic coming in to port 135 then getting passed off to port 2105. There it gets access_denied.
I'm not sure where to go from here.
I've installed Postgresql 9.4 on a windows server 2008. I am writing an application that will access this server from our Windows 7 machines. I also installed PGAdminIII on one workstation where I am developing.
I am not able to connect from the workstations. I get a "Server doesn't listen" message. I've looked online for some solutions but none seemed to help me.
On the Server where the service is running. I've tried and change the values through paAdminIII for the files pg_hba.conf and
It looks like pg_hba.conf was setup to listen to the loopback and then a range of ip addresses on the same computer. When I change the "host" key value of the ip_address range from 127.0.0.1/32 to 192.168.2.1/128 (and keep the other values the same -> all, all, md5) the service starts and then stop immediately.
If I leave it with 127.0.0.1/32 then it starts fine but I can not connect from the workstation.
I left the listen_addresses on the postgresql.conf file as the default "*" which is trying to listen to all addresses.
I am trying to develop a client/server app before moving it to the cloud and this is step 0.
I did install on my Windows 7 machine an "add_on" the VisualStudio to help me get a connect string down the line but I am only using the PostgreSql "tools" at this time.
I did some search to see if this question was asked before in this client/server scenario and did not find one. If it has already been answered I'd appreciate some pointers directing me to the correct way to configure server access, if not, then an answer on how to do it would be great.
I can ping the server with no problems from the workstation(s).
The IP address/CIDR mask specification of 192.168.2.1/128 is wrong. The last value indicates the number of bits to be masked, not an IP address range. If you want (most of) the range 192.168.2.1 - 192.168.2.128, the entry in pg_hba.conf should be 192.168.2.0/25 (meaning: take the three highest bytes 192.128.2 (24 bits), plus the highest order bit 0 of the last byte and let the 7 remaining bits vary (values 0 to 127).
Note that this includes 192.168.2.0 and excludes 192.168.2.128, but that is just how bit masking of IP addresses works. You could add 192.168.2.128 with a separate entry in pg_hba.conf, but you cannot get 192.168.2.0 out.
We have a VPS with CentOS combined with DirectAdmin which we use for a Magento shop. This runs fine, except for sending email.
Problem:
It appears that some specific domains won't receive our emails and we get a bounce. If we use any other email sending systems, the mails arrive without problems.
The bounce mail contains the following error:
SMTP error from remote mail server after HELO Company-Shops:
host mx-cluster-b2.one.com [IP ADRESS]: 504 5.5.2 :
Helo command rejected: need fully-qualified hostname
After googling and trying things for a week now, I am a bit lost. I tried checking postfix in CentOS, but this is not installed and I'm not quite sure if this is needed.
Possible issue?
I believe the hostfile in CentOS is setup incorrectly:
127.0.0.1 localhost localhost.localdomain localhost4 ... etc
OUR IP Company-Shops
'Company-Shops' should probably be a domain name, am I right? The same as the rDNS. But I'm afraid if I change this it will kill my site and whatnot. I'm not sure if this entry correlates with the 'company-Shops' helo label in the bounce error.
Some extra info:
- We use the webmail Roundcube from DirectAdmin
- At the moment we run one shop, but this might grow a bit (multiple sites on 1 IP)
- We don't use subdomains
- We've set up a reverse DNS, with the domain
Is there anyone with similiar experiences or with a bit more knowledge about this subject? I appreciate any advice we can get, as we are stuck..
Many thanks.
Yes, that's right: your mail server should identify itself using a fully-qualified domain name when it connects to send mail via SMTP. You don't say what mail server you're running, but since you're using DA, it's probably Exim. If so, you want to edit /etc/exim.conf and set primary_hostname to the FQDN of your server.
This would also be a good time to double-check that reverse DNS is set up properly for your IP address. Many hosts will also reject email from servers on IPs without a valid rDNS record.
I'm not familiar with Magento, but I can't see any way that changing the Exim configuration in this way could impact that program.
After establishing a PPP connection using rasdial (making a dial-up call), how do I get the 'server ip' address that is given to me. It's usually a local ip, but I cannot seem to get it when I do an ipconfig.
However I can see this IP address, if I right click on the connection and select status.
This question has been asked in the past, but by .NET and C# users and their solution is using a certain available library, which I don't have.
Does anyone know how to obtain the PPP server ip? I need that IP address to initiate an FTP traffic with the modem.
I established the connection this way :
system (rasdial [connection_name]); # in perl.
Thanks!
I think your best best is to hook into the Windows API calls with Win32::API. You probably want to start with RasEnumConnections.