Is this a Windows XP firewall bug? [closed] - windows-xp

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 14 years ago.
Improve this question
I have a webserver running on my Windows XP computer. I have set the firewall to allow incoming HTTP connections: Firewall settings window->'Advanced' tab->select my network connection->Settings->Services->check 'Webserver(HTTP)' checkbox.
Normally, this works. However, sometimes upon restarting the server machine, the firewall again begins blocking HTTP connections, notwithstanding the fact that the 'Webserver(HTTP)' exception is still checked in the Firewall settings window.
The only way, then, to get things working again is to uncheck the said option, save the settings, reopen the firewall dialog and check the option and save again.
My question is, is this some peculiarity of my machine or is this a Windows XP firewall bug?

No, that's not a bug, you're just misunderstanding what the Services tab is for.
The list on that tab are for the scenario where the firewalled system also serves as a NAT gateway ("Internet Connection Sharing" or whichever name Microsoft came up with) for another computer. It's basically a form of DNAT. It controls whether or not to allow the initiation of connections to that port through to hosts running on a private network behind the firewalled system.
What you need is to add an exception for port 80 / TCP on the Exceptions tab (don't forget to click on Change scope and select the appropiate scope!) That will work without a hitch. I also recommend you uncheck what you checked ASAP since Windows client operating systems aren't particularly suited for packet forwarding and settings on that tab sometimes mysteriously interfere with normal network traffic (like in your case.)

Related

Minecraft server hosted on PC without internet, just a router/modem [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 1 year ago.
Improve this question
I'm wondering if its possible to host a Minecraft server on my PC and have my wife connect to that server without any internet connection. We are willing to get a router/modem or switch if need be. We just can't use internet and need instructions on what to get, how to set it up, and how to use it. My hope is that it is possible to have our computers in the same room, plug our PCs into a router that has no internet service via Ethernet cables, turn on the server on my PC, my wife can type in the IP and we can play together.
Yes you can. I am running a Minecraft server on a separate Linux machine, and me and my brother connect to the Minecraft server from separate computers, all of it from our own wireless LAN and without an Internet connection.
We are using a WiFi router that is not connected to the Internet, the computer running the server is an old laptop, and then we have two additional computers, each running an instance of Minecraft, and it all works fine.
I'm not sure about using only a network switch, because you need to be connected at the IP layer, since you need to specify the internal, private IP address of the computer running the Minecraft server from the Minecraft client in order to join.
So in a nutshell, you will need to download and install the Minecraft server, install the latest Java OpenJDK, run the Minecraft server, read the eula, and last in order for this to work completely offline (that is, we want this to work without an Internet connection), you will need to go into the Minecraft server configuration file, locate the property of online-mode=true and set it to online-mode=false.
This setting basically controls whether or not players authenticate to Mojang's servers before they connect to your server, and it prevents players with cracked clients from connecting to your server, but since you will be hosting and joining from within an internal, private network anyways it does not matter. No one will be connecting to your server from the outside world if there is not a connection to the Internet anyway.
For more details about how to install and run a Minecraft server, there are many guides out there. It's actually pretty simple, if you're comfortable using a console screen and know just a little bit about IP addresses and editing a configuration file with a text editor. For me, I run the Mi ecraft server and I was able to connect to it with my brother and start playing right away, without having to mess around with the server at all.
So there you have it, I hope this helps someone.
The very definition of a server is something that provides resources over the internet:
A server is a computer program or a device that provides functionality for other programs or devices, called "clients", over the Internet.
There is a way that would work the way you intend, but without Ethernet, it runs over WiFi. Go into a world, open the Pause menu, and click Open to LAN. Then you can go to a server menu on another computer and it will show up in the LAN Worlds section. However, this will only run vanilla gameplay.
Just FYI, this question would be considered off-topic here and should be asked in the Gaming or Networking communities.
EDIT: Opening to LAN would work over ethernet too.

Charles Proxy SSL: "SSL Proxying not enabled for this host" [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 3 years ago.
Improve this question
Why am I not able to see responses in Charles Proxy when debugging an app?
It is very strange, all certificates have been installed on my laptop and trusted, same for my devices, and I am still getting SSL Proxying not enabled for this host, even though I have the enable SSL box ticked.
I have never run into this issue before. What can I do?
Charles Proxy does not proxy any domain unless specified in the Proxy Settings. It's on the Charles Proxy Documentation:
You must specifically identify the host names you want to enable SSL Proxying on. The list is in the Proxy Settings, SSL tab. You can also right-click on a host name in the structure view and turn on or off SSL Proxying.
If you want all HTTPS traffic to be captured by Charles, then you can add *:* on that list:
If you're looking to only monitor few domains related to your app. A Simple solution would be, just right click on the domain name that you're trying to monitor and in the context menu shown, click Enable SSL Proxying, charles will take care of filling the url and port itself.

Strange LAN issues with VPN [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 6 years ago.
Improve this question
In my company's physical office, there is no domain controller setup, just a bunch of computers ranging from Windows XP to Windows 10 that are all part of the same workgroup in the same LAN. These computers can access shared folders on other computers in the network by logging with user accounts that exist on those computers. With me so far?
Problem: I've set up a VPN through the router (netgear router with openvpn client), and I can see the shared folders on "Most" computers. I'm using Windows XP Professional, and inside the VPN I can access computers that are Windows XP or newer. I'm getting a local IP address from the router's DHCP and all that seems perfect. But I'm having I'm having problems accessing Windows 2000 computers. I try to log in and receive the error "STATUS_LOGON_FAILURE". I'm typing the correct username and password, and just can't figure out why it's not working.
I'm using Wireshark to analyze the packets and can't really see anything in there that is that much different in the SMB communication between these machines, and I'm not really sure where to start. Since XP machines in the same office behind the same router can access Windows 2000 machines, but I can't through the VPN, it seems the problem might have something to do with that. Any tips on how to trouble-shoot this?
Thanks!
I found the solution. It had to do with this registry setting:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\lmcompatibilitylevel
On all machines in the office, this value was set to 0. If I set mine to 0, I can login fine. Of course, the REAL problem is that 0 seems pretty out-dated and insecure, so now I'll need to review whether all the old machines in the office can support a NTLMv2 so I can update that, but that's a different issue. So this is SOLVED.

Communication between two computers using an Internet Browser and Sockets? [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
How may I create a socket on my computer that could be reachable from other computers via internet, and work like a web server, maybe using WebSockets?
By the way: could my web server become visible from the Internet and how?
I know I can install a LAMP web server on my computer (my OS is Ubuntu) and use it for a local network.
I know I can use sockets to let 2 computers communicate via internet using their IP addresses (I did it in Java).
You can make your LAMP server stack accessible from the internet by forwarding ports from your external internet connection to the computer the server stack is running on. If you're doing this at home, you can usually handle port forwarding from the admin interface for your router/modem.
Alternatively, WebRTC is a newer web technology (still in the testing phase) that allows two browsers to connect to each other without the need for an intermediate web server.
Browser does not permit raw sockets.
You can not create a socket from browser, because it would be security hole.
For example you download a page from internet and script on this page opened all sockets on your computer.
Websockets it is technology on top of TCP protocol.
Using Websockets you can connect two browsers to a Websocket server and exchange information via this server.

SELinux and multiple httpd service context [closed]

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
Using CentOS 6
I have 2 Apache httpd services running. The first one provides REST interfaces and a UI to manage the operating system (start/stop services, execute system command using suid, modify system settings, etc.). This httpd service (running on port 5555) will only be accessible from a certain ip range (firewall) since it will be used for administrative purposes.
The second httpd service (port 80 and 443) will be visible on the Internet. It will serve a web application to external customers.
The first httpd needs selinux policies that give it more access to the OS files/processes. The second needs selinux policies that are strict to what it is allowed to do within its context. The second needs to be this way for better web application security and prevent any web app exploits from even being able to touch the OS.
Both of the httpd processes are running as different users.
Can selinux be used with 2 different sets of policies for the same httpd executable?
How do I/is it possible to set the httpd process context to switch to another set of policies when httpd starts?
Is it just a matter of making a copy of the httpd binary and change its selinux context that uses all new policies (relabel the httpd binary, but I'm sure it will take more than this)?
What are the steps to copy the existing httpd selinux settings to a new name?
I think this comes down to needing a httpdpublic and httpdprivate selinux context. Anyone done anything like this before that could give some guidance or suggest alternative solutions? Thanks