What port-range in the firewall of a Socks (e.g. JSocks) server?

Similar Messages

• Can I open a port range in the firewall for one host?

  Can I open a port range in the firewall for one host?  In other words, I want to be able to open ports 54001 to 54050 to allow one remote host in my LAN to access that port range in my Mac Server.  Is this possible?  Currently, the only option I see is to open individual ports for all external hosts (eg http or https)
  Thanks in advance!

  Which version of OS X Server are you using?
  Server 2.2 and earlier includes an interface to a software firewall that can be configured to open specific ports very easily. Descriptions of how to configure the firewall can be found in the documentation for these versions.
  Server 3.x no longer has an interface to the software firewall - it is still there, but you need to use other methods do configure it.  A popular example of such a method is the icefloor utility.
  Apple suggest that for Server 3 you delegate firewall duties to an external router.  Server 3 includes the ability to configure the firewall component of Apple Airport routers 'automatically'
  if you connect a machine running Server 3 directly to an Airport Router the router appears in the LH pane in the Server.app window (usually second line, below the entry for the server itself), and you can control what services are 'enabled' through the firewall there.
  a more common solution perhaps is to use a non-apple router, and configure the firewall (and so open specific ports) through whatever control interface is provided for that router.  There are many many kinds of hardware router you could use, and the control interfaces used vary widely - so you will have to consulting the documentation for your own router to work out how to do this.
  If you post information about your software versions, and hardware configuration, it is possible that you can get more specific help with the tasks involved in opening the ports.
  Hope this helps.

• What ports does Xserve usesfor Global range?

  I am setting the modem to for ward to global ports range but not sure what the range is.:(

  AFAIK, strictly, "modems" don't forward ports. "Modems" and "bridges" are comparatively transparent devices; from the perspective of a network protocol, such electronic devices are largely indistinguishable from the equivalent wiring, for instance. "Modem" devices that provide a combination of modem, firewall and IP router can forward ports. And forwarding all ports through a firewall is usually a bad idea.
  Modem: MOdulator-DEModulator. They're at the lowest levels of the classic Seven-Layer Network Model, and below routing and firewalls and such. But I digress.
  The typical case is forwarding a select few ports, such as port 80 for http web traffic.
  Each port opened through the firewall should be justified, as each port forwarded will be attacked.
  Some "modem" devices (those which have firewall and IP routing capabilities) can have something they call "global ports", and that's seemingly how the particular vendor, um, allows the end-user the joy of researching and identifying the protocol-specific ports for the task at hand.
  With this scheme, the end-user gets to go look up the ports for the particular service, and fill those in for whatever you're looking to forward.
  For forwarding http using port 80, that would be the "global port range" of 80 to 80, for instance.
  [Start reading here|http://portforward.com/routers.htm] for your specific "modem" device.
  I'm taking a very wild guess here around what you're doing and what you're looking at. If I've guessed wrong, some background, some more words around the goal, and some specific device identifications would be helpful in addressing your question.

• No Port Available from the port range

  Hi, Im getting "no port available from the port range" for the default_group/home/default_group process when I attempt to start opmn. I changed the port no through the application server control panel, and now I cant start opmn to change it back again! Could anyone tell me how to go about changing it back please?
  The error report looks like this:
  There are some errors while stopping the following components. Refer to the generated error report for more details.
  ==================================================
  ias-component: default_group
  process-type: home
  process-set: default_group
  Error Message:no port available from the port range
  ==================================================
  ==================================================
  ias-component: default_group
  process-type: home
  process-set: default_group
  Error Message:failed to start a managed process after the maximum retry limit
  ==================================================
  ==================================================
  ias-component: default_group
  process-type: home
  process-set: default_group
  Error Message:no port available from the port range
  ==================================================
  ==================================================
  ias-component: default_group
  process-type: home
  process-set: default_group
  Error Message:no port available from the port range
  ==================================================
  Can anyone help?

  See the Oracle Application Server Administrator's Guide. Here's a link for the 10.1.2.0.2 version of the book:
  http://download-west.oracle.com/docs/cd/B14099_19/core.1012/b13995/ports.htm#i1038905
  Helen

• Tuxedo Application port range

  Hi All,
  Is there any way to restrict tuxedo application to use a specified range of ports while it is up & running (except JSL, WSL, GWTDOMAIN) ?
  Issue - The tux application comes up with random ports getting assigned to the application servers connecting to the DB, which at times occupy either of WSL, JSL, NWADDR of other tuxedo application that's scheduled to come up later on the same box.
  I am looking for a way to restrict the first tux application coming up within specified port range for the servers.So they don't overlap with other tuxes (WSL,JSL,NWADDR).
  Thanks in advance.

  Hi,
  OK, now I'm really really confused.  DB ports as specified in tnsnames.ora or somehow through the OPENINFO string are destination ports, i.e., ports that some Tuxedo process will be connecting to.  Server ports, i.e., ports that a local process opens for listening are only done by Tuxedo system servers such as the JSL, WSL, GWTDOMAIN, GWWS, etc.  Although you can have multiple Tuxedo SHM (or MP) domains on the same physical host, they cannot share TCP/IP ports.  That's a fundamental limitation of the socket implementation on most (all?) operating systems.
  Normal application servers, i.e., server built with the buildserver command don't ever open up listening ports.  All communication to application servers is done via System V IPC queues.  The only servers that listen on network ports are Tuxedo system servers, and all of them have configurable network addresses, including host and port.  So the JSL, WSL, GWTDOMAIN, etc., all can be configured to listen on specific host/port addresses.
  Regarding net.ipv4.ip_local_port_range, this is an OS parameter and not a Tuxedo parameter.  Tuxedo servers just listen on the ports configured in whatever configuration file is appropriate, i.e., WSL and JSL in UBBCONFIG, GWTDOAMIN in the DMCONFIG file, GWWS in the imported WSDF files.  For outgoing connections such as to the database, the source port for those connections is under the control of the operating system.  They should never conflict as the OS allocates free ports for each connection.
  Perhaps you can tell me what it is you are seeing that you would like to see behave differently so I can get a better feeling for what the problem is.  There should never be a port conflict assuming your Tuxedo network address are configured uniquely across whatever domains are on a specific host.
  Regards,
  Todd Little
  Oracle Tuxedo Chief Architect

• Port range being used by Airport Express?

  I am trying (so far unsuccessfully) to connect my airport express to my belkin wireless network to use Airtunes.
  Belkin support tells me that I need to find out what port range the airport express is using and open that range up using the router admin.
  I cannot find that info anywhere. Can anyone provide this
  information?
  Thanks
  Dell Precision   Windows 2000   SP4 belkin wireless router

  all I can do is click "Other..." button, which then asks me for an IP address and password. I'm not sure what to enter on that screen.
  Since you connected the AX directly to your Belkin router, it's going to be assigned a private IP address from the the router's DHCP service...and why the status light is green. I'm not sure why you're not able to see the AX in the AirPort Admin Utility.
  When using the "Other..." option, you will need to enter the IP address of the AX...which, by default, is 10.0.1.1, but is now different. The default password is "public."
  Can you connect directly from your computer, using an Ethernet cable between your computer & the AX, just for the set up phase? If so, then run the AirPort Admin Utility and see if you can now "see" the AX.
  Mac Mini Intel Core Duo   Mac OS X (10.4.8)   1.66 GHz 1 GB RAM 100 GB HD

• ORMI port ranges problem

  From the following Guide:
  http://download-west.oracle.com/docs/cd/B14099_19/core.1012/b13995/ports.htm#ASADM301
  "When changing an OC4J port number, you typically specify a new port range. The range may be a simple port range (12501-12600), a comma separated list of ports (12501, 12504, 12507), or a combination of both (12501-12580, 12583, 12590-12600). By default, the ranges contain 100 ports. If you specify a range that is too narrow, you may encounter problems when starting OC4J instances. The AJP and RMI port ranges are required; the others are optional."
  The problem I'm having is that an external client application needs to know the ORMI port of an OC4J instance running on OAS; but the port can by dynamic. I was thinking of just removing the port range (ex: set it to 3203-3203), but the above warning concerns me...
  Any thoughts?

  Good question.
  What we do in this case is to use a JNDI URL that uses the fixed OPMN service to locate the port for the target OC4J instance. This insulates you from any movement in the ORMI port on the OC4J instance when its started.
  See the EJB doc here --
  http://download-west.oracle.com/docs/cd/B14099_19/web.1012/b15505/access.htm#i1019709
  Location
  All ports, including the RMI port, are dynamically set by OPMN when each OC4J instance starts. When you specify the following URL in the client JNDI properties, the client-side OC4J retrieves the dynamic ports for the instance, and chooses one from the list for communication.
  java.naming.provider.url= opmn:ormi://<opmn_host>:<opmn_port>:<oc4j_instance>/<application-name>
  The OPMN host name and port number is retrieved from the opmn.xml file. In most cases, OPMN is located on the same machine as the OC4J instance. However, you must specify the host name in case it is located on another machine. The OPMN port number is optional; if excluded, the default is port 6003. The OPMN port is specified in opmn.xml.
  The reason we have a port range is
  1. To support multiple installations on the same server, so that ports don't conflict.
  2. To support the situation where you run multiple processes for the OC4J instance definition (so they all need different ports running on the same machine)
  If you don't run into any of these, then setting a single port in opmn.xml for ORMI is fine and you can then configure the client to use the fixed, known port.
  cheers
  -steve-

• Does the firewall apply also for the serial MGT?

  Hi!
  I would like to configue IPF. I��m using a v240 with an Hyperterminal cabled in the special SERIAL MGT port (RJ-45) of the server.
  My question is: does the firewall apply also for the serial MGT port?
  Because I��m not directly working on the server with keybord and monitor, I��m worried about not beeing abble to get to the server again in case that I make a mistake with the Firewall��s configuration!
  Is this SERIAL MGT port to be seen like a normal serial port or to be seen like a LAN port?
  Does the firewall��s configuration has to be loaded every time you boot (like in Linux)?
  Thanks for your help.
  XpucTo

  <table border="0" align="center" width="90%" cellpadding="3" cellspacing="1"><tr><td class="SmallText"><b>m-lennon wrote on Sat, 28 January 2006 06:46</b></td></tr><tr><td class="quote">
  These rules are normally initialized when the system is booted.
  </td></tr></table>
  Well I just found in the sun documentation the following explanations:
  "Solaris IP Filter uses the packet filtering rules that you put in to the ipf.conf file. If you locate the rules file for packet filtering in the /etc/ipf/ipf.conf file, this file is loaded when the system is booted. If you do not want the filtering rules to be loaded at boot time, put the in a file of your choice. You can then activate the rules with the ipf command."
  So I guess there would be the possibility to try the rules and to reboot in case the rules don��t allow any connection anymore.
  <table border="0" align="center" width="90%" cellpadding="3" cellspacing="1"><tr><td class="SmallText"><b>m-lennon wrote on Sat, 28 January 2006 06:46</b></td></tr><tr><td class="quote">
  On many commercial networks, network management interfaces are attached to a private network without a route to a public network, such as the Internet, this will completely eliminate the possibility of the system being compromised by an external host.
  </td></tr></table>
  But what does it mean for my concrete question?! Do I have to define a special rule for the serial MGT port? I would tend to think no because this port isn��t a network card and I would tend to think that It could be considere like a keyboard. But of course I��d like to be sure about it.
  XpucTo

• Access-list port range question

  Hi,
  I would like to clarify the exact operation of the below command:
  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Table Normal";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-priority:99;
  mso-style-qformat:yes;
  mso-style-parent:"";
  mso-padding-alt:0in 5.4pt 0in 5.4pt;
  mso-para-margin:0in;
  mso-para-margin-bottom:.0001pt;
  mso-pagination:widow-orphan;
  font-size:11.0pt;
  font-family:"Calibri","sans-serif";
  mso-ascii-font-family:Calibri;
  mso-ascii-theme-font:minor-latin;
  mso-fareast-font-family:"Times New Roman";
  mso-fareast-theme-font:minor-fareast;
  mso-hansi-font-family:Calibri;
  mso-hansi-theme-font:minor-latin;
  mso-bidi-font-family:"Times New Roman";
  mso-bidi-theme-font:minor-bidi;}
  ip access-list extended VoiceACL
  permit udp any any range 16384 16387
  Thus the range statement in the above access list specify that it allow only three ports "16384 to 16387". Is that correct ? Bit confused with this command. One of my friend said that the range statement not just specify 3 ports,but it specify the starting port as 16384 and the end port number 32771 [16384+16387].
  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Table Normal";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-priority:99;
  mso-style-qformat:yes;
  mso-style-parent:"";
  mso-padding-alt:0in 5.4pt 0in 5.4pt;
  mso-para-margin:0in;
  mso-para-margin-bottom:.0001pt;
  mso-pagination:widow-orphan;
  font-size:11.0pt;
  font-family:"Calibri","sans-serif";
  mso-ascii-font-family:Calibri;
  mso-ascii-theme-font:minor-latin;
  mso-fareast-font-family:"Times New Roman";
  mso-fareast-theme-font:minor-fareast;
  mso-hansi-font-family:Calibri;
  mso-hansi-theme-font:minor-latin;
  mso-bidi-font-family:"Times New Roman";
  mso-bidi-theme-font:minor-bidi;}
  Value1] = starting port number
  [Value2] + [Value1] = end port number
  Thanks
  Nachi

  Hi Nachi,
  This represent the ports ranging between the first number and the last number included, in your case this is actually 4 ports: 16384, 16385, 16386 and 16387
  Regards,
  Raphael

• Port range forwarding on MI424WR Revision I

  I'm trying to get Passive FTP working through my newly installed MI424WR Rev. I router. I tried doing a port range in the "Port Forwarding" section of the configuration page with no luck. I have also tried "Port Triggering" but that didn't seem to work either.
  Does anyone know how I could get the FIOS router to just pass a range along to a server inside the network?

  did you do a custom rule, or did you use the FTP option that is preconfigured through the actiontec.  Look at the preconfigured port list.
  http://www.actiontec.com/howto/h2_detail.php?cat_id=3&id=9

• Temperatures corresponding to voltage ranges with the PXI-4351/TC-2190

  Using a PXI-4351 and TC-2190 with a K-type thermocouple, what temperature range do the voltages (+/- 625 mV, 1.25 V, 2.5 V, 3.75 V, 7.5 V, and 15 V) correspond to? How much accuracy does each different range of voltages have? All I could find was that to get improved accuracy, use a range of 2.5 volts or less (document #1X0F7L3E). Also, will using several channels at vasly different temperatures (ie. room temp. and several hundred degrees) affect which range I should select?

  The full temperature range of a K type thermocouple from -270C to 1370C represents a voltage range from -6.45mV to 54.8mV. If the only sensors you are using are thermocouples then you should choose the smallest range. The 4351 applies one gain setting to all channels, so the only reason you would want to use anything but the smallest range would be if you have other types of sensors with larger voltage swings. You can find voltages for any thermocouple at any temperature at the link below.
  Regards,
  Brent R.
  Applications Engineer
  National Instruments
  http://srdata.nist.gov/its90/menu/menu.html

• PAT port range

  Hi,
  I'm looking for a way to avoid doing 999 individual port address translations for ports in a range 1-999 for the same protocol.
  I'm not finding anything that asa code v9.11 will allow.
  I have the service objects defined but cannot find a way to get the nat statement to allow the service object.
  object network foobarhost 192.168.100.22nat (inside,outside) static interface service fooservice fooservice
  Hope I'm missing something here. Any help appreciated.
  Thanks.

  Hi,
  Seems there is a bug in the 9.1 ASA software as I tried to configure this first with that software. That gave a wierd result and I checked another post on these forums that related to a similiar problem
  I then booted my ASA with 8.4(5) software and the NAT is now working normally. So I imagine you will have to wait for a correcting software or move to a older software to get it working in the meanwhile
  Heres the configuration I did and a "packet-tracer" output to test it
  NAT CONFIGURATION
  Where
  SERVICE-LOCAL = The actual port range on the LAN
  SERVICE-MAPPED = The corresponding NATed/Mapped port range on the WAN
  SERVER-LOCAL = Server IP on the LAN
  SERVER-MAPPED = Server IP NATed/Mapped on the WAN
  nat = The NAT configuration
  Y.Y.Y.Y = One of my public IP addresses assigned to this NAT configuration
  X.X.X.X = My server LAN IP address
  object service SERVICE-LOCAL
  service tcp source range 5000 6000
  object service SERVICE-MAPPED
  service tcp source range 15000 16000
  object network SERVER-LOCAL
  host X.X.X.X
  object network SERVER-MAPPED
  host Y.Y.Y.Y
  nat (LAN,WAN) source static SERVER-LOCAL SERVER-MAPPED service SERVICE-LOCAL SERVICE-MAPPED
  PACKET-TRACER TEST
  Where
  WAN = My ASAs "outside" interface
  1.2.3.4 = Random address behind the WAN interface
  Y.Y.Y.Y = One of my public IP addresses assigned to this NAT configuration
  X.X.X.X = My server LAN IP address
  ASA# packet-tracer input WAN tcp 1.2.3.4 20000 Y.Y.Y.Y 15000
  Phase: 1
  Type: ACCESS-LIST
  Subtype:
  Result: ALLOW
  Config:
  Implicit Rule
  Additional Information:
  MAC Access list
  Phase: 2
  Type: UN-NAT
  Subtype: static
  Result: ALLOW
  Config:
  nat (LAN,WAN) source static SERVER-LOCAL SERVER-MAPPED service SERVICE-LOCAL SERVICE-MAPPED
  Additional Information:
  NAT divert to egress interface LAN
  Untranslate Y.Y.Y.Y/15000 to X.X.X.X/5000
  Link to the dicussion with the NAT problem:
  https://supportforums.cisco.com/thread/2196562?tstart=60
  Link to the BugID (CLICK THE BUG ID AT THE END OF THE LINK)
  https://www.cisco.com/cisco/psn/bssprt/bss?searchType=bstbugidsearch&page=bstBugDetail&BugID=CSCud64705
  Finally the same NAT configuration as above but while running ASA software 9.1(1)
  Where
  WAN = My ASAs "outside" interface
  1.2.3.4 = Random address behind the WAN interface
  Y.Y.Y.Y = One of my public IP addresses assigned to this NAT configuration
  X.X.X.X = My ASA WAN interface IP address
  ASA(config)# packet-tracer input WAN tcp 1.2.3.4 20000 Y.Y.Y.Y 15000
  Phase: 1
  Type: ROUTE-LOOKUP
  Subtype: input
  Result: ALLOW
  Config:
  Additional Information:
  in   X.X.X.X  255.255.255.248 WAN
  Result:
  input-interface: WAN
  input-status: up
  input-line-status: up
  output-interface: WAN
  output-status: up
  output-line-status: up
  Action: drop
  Drop-reason: (no-route) No route to host
  Hope the above information has been helpfull. If so please rate
  - Jouni

• How to Block the AppsLocalLogin.jsp on a www facing iRecurtment Server

  I have an iRec server that faces the internet. My current production setup blocks this page. I believes it is being done at the Firewall with a filter, but me new server admin feels it is being done by Apache.
  Any idea on this? Any recomendations on how to do this?
  The messages you get when trying to hit it now in production is:
  The page cannot be displayed
  Explanation: There is a problem with the page you are trying to reach and it cannot be displayed.
  Try the following:
  Refresh page: Search for the page again by clicking the Refresh button. The timeout may have occurred due to Internet congestion.
  Check spelling: Check that you typed the Web page address correctly. The address may have been mistyped
  Access from a link: If there is a link to the page you are looking for, try accessing the page from that link.
  Technical Information (for support personnel)
  Error Code: 500 Internal Server Error. The request was rejected by the HTTP filter. Contact your ISA Server administrator. (12217)

  Hi Hussein;
  I took a look and this looks like what I want to happen, but am not sure how to set it up. When a user from the Internet attemps to load a non iRec related page shuch as "AppsLocalLogin.jsp" I what it to be blocked.

• How to enter a range of ports in the firewall

  Does anyone know the syntax of how to enter a range of ports in the firewall so I don't have to enter each individual number? 
  For instance, to open port 15000 to 15264, is it possible to type something like "15000 - 15264" instead each port followed by a comma?
  Thanks.

  Hi,
  In Tiger it is the same as the comma and dashes thing I listed for some routers.
  You can also click the Edit button in that pic I posted and look at which ports are listed (they will be greyed out on the Preset ones)
  Windows Sharing should list the SMB ports and the Printing ports.
  EDIT:
  Actually on this page where I listed how to set up iChat - SMB is a separate line.
  (Printing sharing may also list the Windows Print Sharing port)
  If those don't cover the Windows app you want to communicate with you will have to make your own Entry Like the Edit link I just inserted)
  10:37 PM      Friday; May 27, 2011
  Please, if posting Logs, do not post any Log info after the line "Binary Images for iChat"
   G4/1GhzDual MDD (Leopard 10.5.8)
   MacBookPro 2Gb( 10.6.7)
   Mac OS X (10.6.7),
  "Limit the Logs to the Bits above Binary Images."  No, Seriously

• What is the Firewall ports need to be open for TED distribution working properly

  Hi ,
  May I know what ports need to be open at the firewall in order the TED
  distribution to be working properly.
  I suspect it is firewall problem because the inventoried server which
  is install at the same segment with the TED distributor server, I manage to
  push the policy and collect inventory data , but for those inventoried
  server which is install at the remote site, I fail to push the TED into the
  server. At the TED distributor server, the log say that computer refused
  connection. And there is a firewall in between the TED distributor server
  and the remote inventoried server.
  Thank you.
  Steven Foong

  TED is using 1229
  Ron
  <[email protected]> wrote in message
  news:X7lAe.2193$[email protected]..
  > Hi ,
  >
  > May I know what ports need to be open at the firewall in order the
  TED
  > distribution to be working properly.
  >
  > I suspect it is firewall problem because the inventoried server which
  > is install at the same segment with the TED distributor server, I manage
  to
  > push the policy and collect inventory data , but for those inventoried
  > server which is install at the remote site, I fail to push the TED into
  the
  > server. At the TED distributor server, the log say that computer refused
  > connection. And there is a firewall in between the TED distributor server
  > and the remote inventoried server.
  >
  > Thank you.
  >
  >
  > Steven Foong