Multiple ichat clients behind firewall?

Similar Messages

• RMI Clients behind firewall

  When the RMI client behind firewall tries to access the server the following error is thrown up:
  java.rmi.ConnectIOException: Exception creating connection to: 10.130.12.128; ne
  sted exception is:
  java.net.NoRouteToHostException: Operation timed out: no further informa
  tion
  java.net.NoRouteToHostException: Operation timed out: no further information
  at java.net.PlainSocketImpl.socketConnect(Native Method)
  at java.net.PlainSocketImpl.doConnect(Unknown Source)
  at java.net.PlainSocketImpl.connectToAddress(Unknown Source)
  at java.net.PlainSocketImpl.connect(Unknown Source)
  at java.net.Socket.<init>(Unknown Source)
  at java.net.Socket.<init>(Unknown Source)
  at sun.rmi.transport.proxy.RMIDirectSocketFactory.createSocket(Unknown S
  ource)
  at sun.rmi.transport.proxy.RMIMasterSocketFactory.createSocket(Unknown S
  ource)
  at sun.rmi.transport.tcp.TCPEndpoint.newSocket(Unknown Source)
  at sun.rmi.transport.tcp.TCPChannel.createConnection(Unknown Source)
  at sun.rmi.transport.tcp.TCPChannel.newConnection(Unknown Source)
  at sun.rmi.server.UnicastRef.invoke(Unknown Source)
  at RMIFaxServer_Stub.getResult(Unknown Source)
  at FaxTest.main(FaxTest.java:51)

  your client is behind the firewall but the server you're trying to access has an address 10.x.x.x which says that it too is behind a firewall and not on the Internet, or is the server in a DMZ. It sounds more like a networking issue than a java problem at this point. If the server is on some side of a firewall, you may need a some sort of "permit established" config setting added to the firewall. Just a thought.

• Callback cannot be done if client behind firewall. But WHY?

  I've read a lot of threads regarding callback is not achievable if client is behind firewall. But i couldn't find the DETAILED reason for that. Can anyone explain that?
  Thank,
  Jax

  In order for a server to asynchronously callback a client, it must create an inbound socket connection to the client, to send the message. This is precisely the type of thing a firewall is designed to prevent.
  To receive callbacks, the firewall would have to open a specific port for inbound connections to the client, and the server would have to be aware of this port as well.

• Rmi/iiop with clients behind firewall?

  I have a client app (standalone/applet) that will be running behind a firewall and I'm trying to connect it to S1AS7 through rmi/iiop. I keep getting some connection exceptions on the server when it tries to connect back to the client. Is there anyway to find out which port the server tries to connect to the client so I can open up that port with the firewall? Is there any other workarounds?

  Check out the below document. This is a document for the earlier version of the appserver, but I guess this part should still hold good in S1AS 7 :
  http://docs.sun.com/source/816-5777-10/jpgrichc.htm#24425
  Basically, during the RMI-IIOP communication, the ports are assigned dynamically and hence we cannot exactly say which ports will be used for the response.
  As a general rule of thumb, the response will be going through the ephemeral ports. (Ephemeral ports are temporary ports assigned by a machine's IP stack, and are assigned from a designated range of ports for this purpose. When the connection terminates, the ephemeral port is available for reuse, although most IP stacks won't reuse that port number until the entire pool of ephemeral ports have been used. So, if the client program reconnects, it will be assigned a different ephemeral port number for its side of the new connection.)
  So, it is advisable to open the the entire ephemeral port range in the firewall.
  On Solaris, the ephemeral port range can be determined using the below command :
  # /usr/sbin/ndd /dev/tcp tcp_smallest_anon_port tcp_largest_anon_port
  These values could also be altered using the below commands :
  # /usr/sbin/ndd -set /dev/tcp tcp_smallest_anon_port 49152
  # /usr/sbin/ndd -set /dev/tcp tcp_largest_anon_port 61000
  Hope that helps...
  Cheers,
  VM

• Java Rmi Client behind firewall

  What port should be opened to let rmi traffic passing through firewall to weblogic app server?

  Dahan <[email protected]> writes:
  What port should be opened to let rmi traffic passing through firewall to weblogic app server?The port the server is listening on?
  andy

• What are prerequisite for Design Studio Client tool behind firewall?

  Hi Experts,
  Can you tell me what are prerequisites for Design Studio Client tool behind firewall?
  Best Regards,
  Pushkar

  Hi Pushkar,
  In which 'mode' would you like to use the Design Studio Client application. Connected to the BI platform, SAP HANA, etc?
  With kind regards,
  Martijn

• Can't get iChat server 10.4.8 to work with iChat client on Tiger 10.4.8

  Guys/Gals
  I have this problem as well - I am running 10.4.8 latest updates as of today on the ol' Powerbook G4. I am setting up the iChat Server on the Xserve we have and somehow my client would not connect - they both are on the same LAN and the firewall is disabled on the Xserve - hence no firewall issues etc.
  The server starts up ok looks like:
  Nov 15 11:57:55 myserver iChatServer-jabberd[6497]: 20061115T16:57:55: [notice] (-internal): initializing server
  Nov 15 11:57:55 myserver iChatServer-jabberd[6497]: 20061115T16:57:55: [notice] (-internal): server started
  The server log however shows the following message whenever I try to connect:
  Nov 15 11:59:27 myserver iChatServer-jabberd[6497]: 20061115T16:59:27: [alert] (mio_xml.c:185): [junk after document element] XML Parsing Error:
  Now I have not modified anything at the server end. Funnier is that I connect happily to Google Talk and our other Jabber server that runs on another box.
  Something awfuwwy scwewy awound hewe.
  Any clues would be appreciated.
  Thanks much

  Something more to add to this:
  I tried Exodus, a freeware jabber client on PC - that works ok with the server - using SSL etc. so there is nothing wrong with the server. The iChat client I have on my machine seems to be the culprit - it somehow sends a wrong message - "XML parse error" - How do I make the iChat server not use SSL so that I can see what is being sent ? Currently the packet capture (tcpdump) shows garbled message - ahem - read encrypted. The SSL option in settings shows only "Default" and it does not let me select the other option.
  How do I tackle this ?

• Adding devices behind firewall

  i have just installed an AirPort Extreme and want to add my thermostat so i can access them remotely.  Do i need to add the MAC address and or IP Address of the thermostats?  How do i do this and where?

  Hi,
  TACACS+ authentication service between Network devices and AAA Server is running on TCP 49. The 2004-5000 port range is only applicable if you need to access ACS Server (for management purposes) from outside/internet. In your case, if you need to access your devices behind firewall from external network, what you need is map your internal network devices with public IP, and open ddesired service port, e.g SSH (tcp 22) on your Firewall outside interface ACL to allow incoming access.
  For your internal devices, you need to have appropriate AAA configuration that point to ACS (e.g TACACS+). In your ACS, set these devices as AAA Client, and configured appropriate IP, secret key and using TACACS+.
  Before you test ssh access from internet/external network, test your SSH access locally. It must be successful to get AAA to authenticate your SSH connection request.
  http://www.cisco.com/en/US/partner/products/sw/secursw/ps2086/products_user_guide_chapter09186a008052e996.html
  Hope this helps.
  Rgds,
  AK

• Problems with Arrowpoint cookies for clients behind a Proxy

  I have in a WebSite clients being load balanced using Arrowpoint cookies to a virtual Server. The CSS load balance between three Apache real servers.
  I have some clients that are behind some kind of Proxy Cache and I have seen with a sniffer that the proxies causing the problem Re-use proxy to our server connections for different requests for multiple clients.
  Then, as I understand the CSS make the forwarding decission based on the cookie of the first request for the first client behind the proxy after establishing the HTTP connection, but when there is a request from other client using this same connection (that must be forwarded to other real server) the request is forwarded to the original web server and fails because we need sticky connections.
  I thought that this wasn't correct but I have read some documents that say that this is called a Proxy role as a "connection cache". Then my question is if there is any workaround for this problem.
  Thanks

  I believe your problem is that the proxy open a few persistent connections with the CSS and loadbalance your client's request over them.
  Once the CSS has associated a connection with a service, it does not look into the request anymore.
  The solution is to disable persistence on the CSS with the command 'no persistent' and 'persistence reset'.
  Find more info at :
  http://www.cisco.com/en/US/products/hw/contnetw/ps789/products_tech_note09186a0080093e06.shtml#crp
  Gilles.

• SMTP behind Firewall

  We have a sever behind firewall, the SMTP ports are opened on firewall. When the application tries to send mail using java mail API, I get the following error. Anything worng with firewall (or) mail api ?
  javax.mail.SendFailedException: Sending failed;
  nested exception is:
  javax.mail.MessagingException: 530 5.7.3 Client was not authenticated
  at javax.mail.Transport.send0(Transport.java:219)
  at javax.mail.Transport.send(Transport.java:81)

  I think you have made it to the mail server (sounds like exchange). Looks like the server is setup to require authentication on incoming SMTP requests. Look here
  http://www.experts-exchange.com/Networking/Email_Groupware/Exchange_Server/Q_20250036.html
  Of course, I could be wrong and your firewall has a custom message for SMTP traffic which isn't coming from a 'authorized' mail server or a authenicating proxy server.

• Wireless printing behind firewall

  Greetings. Since upgrading to 10.5, I am no longer able to wirelessly print behind firewall unless I check "set access for specific services and applications" under system preferences/security/firewall (on computer allowing printer sharing). I would think that I could print after checking "allow only essential services," since printer sharing is on, and this shows in the list of "specific services" allowed. I was hoping that this would be solved after upgrading to 10.5.3, but it is not.
  This applies to all connected USB printers. Router is a Lyksys WRT54GS.
  Although probably unnecessary, I would prefer to use the more secure firewall setting ( "allow only essential services"). Any ideas would be appreciated.

  You need to have the right equipment. You have to put ISP equipment on the DMZ. What you need is an access point that resides on your inside internal network. This AP will associate clients and would place these clients on your internal network. Then you would configure your infrastructure to route the traffic how you wish. The reason you can't do what you want is that an ISP wifi router only has one route it knows..... That is what it knows from the wan port. So all traffic leaves the wan port via the ISP default gateway.
  Posted from my mobile device.

• FTP-client behind RRAS - unable to connect to external FTP servers

  FTP-client behind RRAS - unable to connect to external FTP servers
  A small network (10-20PCs) without any segmentation - one LAN with one Gateway.
  1. If the Gateway is some small hardware device, there are not any problems to make FTP-connections from LAN to Internet FTP-servers
  2. If the Gateway is Win2003+RRAS+NAT or Win2003+ISA2005, there are not any problems to make FTP-connections from LAN to Internet FTP-servers
  3. But if the gateway is Win2008+RAS+NAT or Win2012+RRAS+NAT, the computers in the LAN are not able to connect to Internet FTP-servers
  I made a few tests:
  1. On Win2012+RRAS+NAT
  TurnOff Windows Firewall for All profiles (Domain, Private, Public) - the problem disappears, it it possible to connect to external Internet FTP-servers.
  2. On Win2012+RRAS+NAT
  TurnOff Windows Firewall only for Domain profile - the problem disappears, it it possible to connect to Internet FTP-servers.
  3. On Win2012+RRAS+NAT
  TurnOn Windows Firewall for All profiles (Domain, Private, Public)
  But I excluded the Internal NIC in this list
  Windows Firewall / Properties / Domain Profile / Protected network connections 
  and the problem disappears again
  My question is:
  What new Firewall rule  I have to make and where to place it (to be able to make FTP-connection from LAN to Internet FTP-servers)?
  I made some attempts to allow port21, but any success.

  Thank you, but did you try this ? 
  Can you describe in detail "exclusion rule for FTP traffic" ?!
  In my previous post, I want to say that if you use Win 2008/2012 RAS+NAT as a network gateway, than it is not possible to make FTP-connections to external FTP servers from the computers behind that gateway.
  And the standard attempts to make "Allow"-rules for port 21 in the gateway firewall (Win 2008/2012), do not solve the problem.
  No matter which FTP-client you can try to use.
  To see this problem, just make few simple tests: 
  ">telnet <ftp-server> 21" 
  with firewall on/off  and inbound/outbound "Allow port 21 rule (All/Domain/Private/Public)"
  In my country, the Government Tax Department uses FTP-protocol to collect monthly data from companies. 
  And it is too stupid scenario (to be a small company and to) upgrade from Win 2003 to a newer 2008/2012 and than to not be able to make all your jobs.
  -------EDIT---------
  The same problem (and its solution) is described here:
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/0c68aed6-e22b-4cd4-86bd-f3c767e88349/advanced-firewall-blocking-through-ftp-traffic-rras
  The magic command:
  ">netsh routing ip nat delete ftp"
  solved the problem for me.
  And here is the description of this command - "Disables the FTP proxy on the NAT server."
  http://technet.microsoft.com/en-us/library/cc754535(v=ws.10).aspx#BKMK_106

• Ichat client get disconnected

  I have ichat client on both leopard and tiger and they all get disconnected at some point in the day, all pretty much at the same time. I'm thinking it's either the server that disconnects everybody or there is some time limit from the client side, I don't know. I have the standard server configuration, everybody has a static IP from our provider, no extra firewall but the one provided by the system, no gateway on the server either and the server is running it's ichat server I think with the kerberos authentication. Can I change that with the standard install and set it to name and password? In documentation, it says that kerberos gives a ticket for a period of time, how long? Can I tell it to be unlimited? All macs are always on, they don't go to sleep because of backups during the night. On my computer, I quit ichat with a script loaded in ical, at 7pm, and relauch it at 8 am, but I too, get disconnected around 10am. So I'm not sure that the time limit is the issue either.
  Anybody else having this problem with Leopard server 10.5.2?
  Jeff

  I am having a similar issue, could you check your ichat log and see if you see any messages similar to the one's I am getting?
  Jun 13 14:13:13 serverName jabberd/router[13286]: [127.0.0.1, port=55648] disconnect
  Jun 13 14:13:13 serverName jabberd/resolver[13288]: shutting down
  Jun 13 14:13:13 serverName jabberd/sm[13287]: shutting down
  Jun 13 14:13:13 serverName jabberd/router[13286]: [c2s] offline
  Jun 13 14:13:13 serverName jabberd/router[13286]: shutting down
  Jun 13 14:13:13 serverName jabberd/router[13286]: [127.0.0.1, port=55649] disconnect
  Jun 13 14:13:13 serverName jabberd/router[13286]: [website.com] offline
  Jun 13 14:13:13 serverName jabberd/router[13286]: [127.0.0.1, port=55654] disconnect
  Jun 13 14:13:13 serverName jabberd/router[13286]: [resolver] offline
  Jun 13 14:13:13 serverName jabberd/router[13286]: [127.0.0.1, port=55653] disconnect
  Jun 13 14:13:13 serverName jabberd/router[13286]: [s2s] default route offline
  Jun 13 14:13:13 serverName jabberd/router[13286]: [s2s] offline
  Jun 13 14:13:13 serverName jabberd/sm[13287]: [5] [router] write error: Broken pipe (32)
  Jun 13 14:13:13 serverName jabberd/sm[13287]: connection to router closed

• Putting Identity Server behind firewall

  Hi All,
  I have an application running on SunONE app server 7 with agent in order to control authentication and authorization. I would like to put the identity server behind firewall. However, everytime when the agent redirect to identity server to perform login, it redirects directly which user can't access the login page. May I know how can I put the Identity server behind firewall? Must I use web proxy server instead? Any other solution? Thx a lot.
  \Tobey

  Hi, this is Tobey again. I have installed Identity Server 6.1 and a web proxy server 3.6 in front of the Identity Server.
  The web proxy server succeed in reverse proxying all usual applications. However, when I try accessing amconsole through proxy server, the console service always re-direct me to Identity Server host directly. And my client browser is not allow to resolve that hostname.
  What I have configured is setting regular and reverse url mapping in Web proxy server. In Identity server, I have set the fqdn mapping, dns alias, adding one more in server list and cookies domain.
  Any one had experience on putting Identity Server behind firewall? How to solve the hostname problem that redirected by Identity Server service? Thx a lot.
  \Tobey

• Devices Behind Firewall ACS 4.0 Local

  All,
  I just read a post labeled "ACS 4.0 Behind Firewall" and it talked about opening ports 2004 to 5000 to access the ACS server that is behind the firewall. My question is does this same port range apply if you are trying to access and authenticate to a device that is behind a firewall. When I try to access one of my devices that is behind the firewall I can't authenticate through the ACS box so I end up using the local username and password. Can anyone tell me what ports I have to open on the firewall to allow the authetication to go back to the ACS server. Thanks

  Hi,
  TACACS+ authentication service between Network devices and AAA Server is running on TCP 49. The 2004-5000 port range is only applicable if you need to access ACS Server (for management purposes) from outside/internet. In your case, if you need to access your devices behind firewall from external network, what you need is map your internal network devices with public IP, and open ddesired service port, e.g SSH (tcp 22) on your Firewall outside interface ACL to allow incoming access.
  For your internal devices, you need to have appropriate AAA configuration that point to ACS (e.g TACACS+). In your ACS, set these devices as AAA Client, and configured appropriate IP, secret key and using TACACS+.
  Before you test ssh access from internet/external network, test your SSH access locally. It must be successful to get AAA to authenticate your SSH connection request.
  http://www.cisco.com/en/US/partner/products/sw/secursw/ps2086/products_user_guide_chapter09186a008052e996.html
  Hope this helps.
  Rgds,
  AK