10.6.5 firewall blocking udp ports used by ethernet MFC printer

Hi All, is there any way to apply a custom rule to allow access through the 10.6.5 firewall for a couple of UDP ports? I am trying to enable scanning from the front panel on a Brother MFC990CW with static IP on our local net (adsl router) and the printer docs specify up to 3 ports to be opened. Have played with IPFW via term but my rule attempts are not having any impact. Also unable to find log location where firewall activity is logged.
Would appreciate any tips.
Happy New Year

HI Michalien,
happy new years eve
have you tried adding the Image Capture Utility to the firewall? It Should open the port for you.
system preferences, security, advanced button, + button
navigate to Macintosh HD, Applications, Image Capture (witch handles most scanning in 10.6)
You may also need to add the cannon scan utility as well.

Similar Messages

  • TS1629 Apple destination ip addresses for well known TCP and UDP ports used by Apple software products

    I work for a large enterprise organisation with dual layer firewalls. The Apple article titled "allowing well known ports through the firewall "does not provide enough information on what the destination ip addresses of Apple servers are which host Apple ICloud services.
    Does anyone have information on the destination Apple Ip addresses? So that I can lock down my firewall rules, just so that Apple devices, access Apple services on the Internet.
    Many thanks

    One option is to use "connection-reuse" cli under sip-ua configuration mode.
    sip-ua
      connection-reuse
    This will enable the 7200 to create a connection with source and destination udp port number set to 5060. This feature is available in IOS 12.4(25d) which requires minimum of 256 / 512MB DRAM (depends on the feature set) and flash of 48 MB.

  • Change UDP ports used by SVE

    Hello all,
    I have recently installed a piece of hardware which transmits information to UDP port 6001 on my computer. Some software then runs on the computer listens to this port in order to detect the hardware.
    However, LabVIEW shared variable engine seems to use the same port. On the computer in question the port is used by NITaggerService (National Instruments Variable Engine).
    One solution is to stop this service - this works and allows the software to detect the hardware. However, eventually, I want to run this hardware alongside LabVIEW (indeed, LabVIEW will communicate with the hardware), so this is not a desirable solution.
    http://www.ni.com/white-paper/12402/en suggestst that UDP ports 6000-6010 are used by Shared Variables and Network Streams, which is consistant with the service identified above. It suggests that these ports are fixed, however, I have noticed that on different computers, port 6001 is used by a different NI Service (e.g. on another computer, it is used by lkTimeSync (National Instruements Time Synchronization) ), suggesting that there is /some/ flexibility. In addition, not all the ports from 6000-6010 are used in practice, suggesting that it might be possible to use another port in the range 6000-6010 rather than 6001.
    Does anyone know how to force NI SVE to use a different range of UDP port, or at least to not use 6001?
    All the best
    James Polyblank

    Hi James,
    It is not possible to pre-define which ports the NI services should use. One way to get around this would be to have these services not auto start on windows launch and manually start it once your other software has established communication with the hardware through UDP port 6001.
    You have taken the first step in this direction by stopping the service. After the hardware has been detected (on port 6001), restart the NITaggerService that you stopped. This will automatically start the service on a port that is free and available.
    Try this and see if it works. You can also try starting the service automatically from your labview application using 'System Exec.vi' .
    Thanks and Regards,
    Supreeth.K
    Applications Engineer
    NIUK

  • QOS Network Planning - TCP/UDP Ports used in CWMS 2.5 MDC deployment

    Does anyone know if there is documentation that describes the WAN traffic in CWMS 2.5 MDC?  I'm looking for the TCP/UDP ports that must be prioritized on the WAN to properly class our traffic between the two data centers.  I can't find any such document.  
    Thanks,
    Matt 

    HI Matt,
    All the network requirements are listed in the CWMS 2.5 Planning Guide in Networking Checklist: http://www.cisco.com/c/en/us/td/docs/collaboration/CWMS/2_5/Planning_Guide/Planning_Guide/Planning_Guide_chapter_0100.html
    I hope this is what you are looking for.
    -Dejan

  • Firewall Blocks me from using hostnames... and

    I am running Mac OS X Server 10.4.9 I have setup AFP, Software Update, and Print. (also SSH, and Remote Desktop). When I turn on Firewall I cannot connect to ssh or afp using the local networks hostnames from the server.
    ex. Server.local or PowerBook.local
    I can only connect using IP's. The active rules on my ipfw are:
    01000 0 0 allow ip from any to any via lo0
    01010 0 0 deny log logamount 1000 ip from any to 127.0.0.0/8
    01020 0 0 deny log logamount 1000 ip from 224.0.0.0/4 to any in
    01030 0 0 deny log logamount 1000 tcp from any to 224.0.0.0/4 in out
    12300 0 0 allow tcp from any to any established
    12301 0 0 allow tcp from any to any out
    12302 0 0 allow tcp from any to any dst-port 22
    12302 0 0 allow udp from any to any dst-port 22
    12303 0 0 allow udp from any to any out keep-state
    12304 0 0 allow udp from any to any in frag
    12305 0 0 allow icmp from any to any icmptypes 8
    12306 0 0 allow icmp from any to any icmptypes 0
    12307 0 0 allow igmp from any to any
    12308 0 0 allow tcp from any to any dst-port 3283,5900
    12308 0 0 allow udp from any to any dst-port 3283,5900
    12309 0 0 allow tcp from 172.16.1.0/24 to any dst-port 427
    12309 0 0 allow udp from 172.16.1.0/24 to any dst-port 427
    12310 0 0 allow tcp from 172.16.1.0/24 to any dst-port 515
    12310 0 0 allow udp from 172.16.1.0/24 to any dst-port 515
    12311 0 0 allow tcp from 172.16.1.0/24 to any dst-port 548
    12312 0 0 allow tcp from 172.16.1.0/24 to any dst-port 631
    12312 0 0 allow udp from 172.16.1.0/24 to any dst-port 631
    12313 0 0 allow tcp from 172.16.1.0/24 to any dst-port 3689
    12314 0 0 allow udp from 172.16.1.0/24 to any dst-port 5353
    12315 0 0 allow udp from 172.16.1.0/24 to any dst-port 626
    12316 0 0 allow tcp from 172.16.1.0/24 to any dst-port 8088
    12317 0 0 allow tcp from 172.16.1.0/24 to any dst-port 311
    12318 0 0 allow tcp from 172.16.1.0/24 to any dst-port 625
    65534 0 0 deny log logamount 1000 ip from any to any
    65535 2848 308072 allow ip from any to any
    When the firewall is non-active I can use local hostnames or IP's to connect to local clients. What do i need to open in the firewall? for hostnames to work when connecting to ssh, and afp?
    Also when I port scan my server from out side my local network. it show's rules that are only avaliabe for the local subnet 172.16.1.x. like afp, Print, and software update. how do i change this to limit accsess to services?
    This is a double header sorry about that. =)
    Blessings,
    Robert LaRocca

    Even when you're using .local hostnames, your machine still uses it's NS resolver. Open up port 53 in the firewall and try it again.
    MacBook Pro   Mac OS X (10.4.8)  

  • HT4814 TCP and UDP ports on router firewall to allow server to server administration running mavericks and server app 3.0?

    What TCP or UDP ports do I need to open on my router firewall to allow server to server administration running maverics and server app 3.0?

    Also you may want to open tcp port 625 so that you can update the server's OD master.
    More info can be found here: http://support.apple.com/kb/ts1629  Well known TCP/UDP ports used by Apple Products.
    HTH
    - Leland

  • Anybody know what tcp or udp port # is used by Server Monitor?

    Hi everyone. I've been lookin' all over ****'s half-acre to find out what port # is required for Server Monitor with no luck. Sure, I can access the local IP address on the LAN, but for LOM to be truly useful...I need to access from WAN. Since my public IP takes me direct to the server itself (and other ports on that ip do other things), I really need to know what port # is used to forward Server Monitor traffic. Anyone?
    Thanks!
    Ed

    Ed LaComb-
    I do have this link to well known TCP and UDP ports used by Apple software products.
    I am fairly certain the answer lies within.
    Luck-
    -DaddyPaycheck

  • TCP/UDP Ports and site used by FEP to download updates - needed to allow on perimeter firewall

    Can some one point me with information like what TCP/UDP ports are utilized by FEP and what DNS / site Name it uses to download FEP Updates. This is needed to tighten perimeter FireWall policies
    Thank you

    It should be the same as the documentation for all Software Updates:
    https://technet.microsoft.com/en-us/library/bcf8ed65-3bea-4bec-8bc5-22d9e54f5a6d#BKMK_ConfigureFirewalls
    Make sure to expand the "restrict access to specific domains" section to see the update related URLs.

  • How to unblock UDP ports from the firewall of the Time Capsule

    Hello i just bought a time capsule and i am trying am using it as a router. I am trying to use Shakespeer
    that is like a server where you share files within the University,it runs with Dtella. However, when y try to get online a message tells me that the firewall of the router is blocking the UDP ports needed....how do i unblock those UDP ports so i can get online?
    Here is the message:
    In order for Dtella to communicate properly, it needs to receive UDP traffic
    [19:14] <*Dtella> from the Internet. Dtella is currently listening on UDP port 4000, but the
    [19:14] <*Dtella> packets appear to be getting blocked, most likely by a firewall or a router. If
    [19:14] <*Dtella> this is the case, then you will have to configure your firewall or router to
    [19:14] <*Dtella> allow UDP traffic through on this port. You may tell Dtella to use a different
    [19:14] <*Dtella> port from now on by typing !UDP followed by a number.

    Hello albertoPeralta. Welcome to the Apple Discussions!
    To open ports on the Time Capsule, you would use the AirPort Utility to configure Port Mapping.
    AEBSn - Port Mapping Setup
    To setup port mapping on an 802.11n AirPort Extreme Base Station (AEBSn), either connect to the AEBSn's wireless network or temporarily connect directly, using an Ethernet cable, to one of the LAN port of the AEBSn, and then use the AirPort Utility, in Manual Setup, to make these settings:
    1. Reserve a DHCP-provided IP address for the Shakespeer host device.
    Internet > DHCP tab
    o On the DHCP tab, click the "+" (Add) button to enter DHCP Reservations.
    o Description: <enter the desired description of the host device>
    o Reserve address by: MAC Address
    o Click Continue.
    o MAC Address: <enter the MAC (what Apple calls Ethernet ID if you are using wired or AirPort ID if wireless) hardware address of the host computer>
    o IPv4 Address: <enter the desired IP address>
    o Click Done.
    2. Setup Port Mapping on the AEBSn.
    Advanced > Port Mapping tab
    o Click the "+" (Add) button
    o Public UDP Port(s): 4000
    o Private IP Address: <enter the IP address of the host server>
    o Private UDP Port(s): 4000
    o Click "Continue"

  • Incoming RTP traffic blocked by SPA112 ATA: UDP port unreachable

    Hi folks,
    I'm using a Cisco SPA112 ATA behind a NAT, where port 5060,5061 and 16384-16482 are forwarded. Registration to the SIP proxy also works fine. However, I'm struggling with audio issues, meaning that the RTP session is not setup properly.
    When investigating this issue at the packet-level, I found that the ATA itself is blocking traffic:
    21:00:21.857655 IP 192.168.x.y > 82.197.a.b: ICMP 192.168.x.y udp port 16452 unreachable, length 208
    The blocked port number depends per session, but is always between 16384 and 16482.
    Actually, the issue sounds very much like in [1]. However, the proposed solution (disabling CDP) is not of any help to me, since it's disabled on my ATA by default. Any clue what could be the reason for this behaviour? Your help is greatly appreciated.
    [1] https://supportforums.cisco.com/discussion/11470321/spa-962-intermittently-no-audio-rtp-port-closedunreachable

    Hi,
    You can try this packet Tracer:-
    packet input outside udp <External Source Ip on the internet>  45657 <Outside interface IP> 43139 det
    For the captures , you just need to verify that the ASA device is passing the traffic through as this is UDP traffic , we would not be able to find much.
    For more information on captures:-
    https://supportforums.cisco.com/document/69281/asa-using-packet-capture-troubleshoot-asa-firewall-configuration-and-scenarios
    Let me know if you have any further queries.
    Thanks and Regards,
    Vibhor Amrodia

  • DMVPN-Why received packet doesn't use UDP port 4500 but 500?

    Hello everyone
    I got a problem with my DMVPN. Spoke is behind a NAT device. x.x.x.x is an public IP address which hub uses. I don't know why it discovered that the hub is also inside a NAT device. And after it sends a packet using port 4500, the received packet from hub was not using port 4500 but 500. I'm confused now. Any advise would be much appreciated.
    *Sep 10 08:56:02 UTC: ISAKMP:(0): beginning Main Mode exchange
    *Sep 10 08:56:02 UTC: ISAKMP:(0): sending packet to x.x.x.x my_port 500 peer_port 500 (I) MM_NO_STATE
    *Sep 10 08:56:02 UTC: ISAKMP:(0):Sending an IKE IPv4 Packet.
    *Sep 10 08:56:02 UTC: ISAKMP (0): received packet from x.x.x.x dport 500 sport 500 Global (I) MM_NO_STATE
    *Sep 10 08:56:02 UTC: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
    *Sep 10 08:56:02 UTC: ISAKMP:(0):Old State = IKE_I_MM1  New State = IKE_I_MM2 
    *Sep 10 08:56:02 UTC: ISAKMP:(0): processing SA payload. message ID = 0
    *Sep 10 08:56:02 UTC: ISAKMP:(0): processing vendor id payload
    *Sep 10 08:56:02 UTC: ISAKMP:(0): vendor ID seems Unity/DPD but major 69 mismatch
    *Sep 10 08:56:02 UTC: ISAKMP (0): vendor ID is NAT-T RFC 3947
    *Sep 10 08:56:02 UTC: ISAKMP:(0):found peer pre-shared key matching 
    *Sep 10 08:56:02 UTC: ISAKMP:(0): local preshared key found
    *Sep 10 08:56:02 UTC: ISAKMP : Scanning profiles for xauth ...
    *Sep 10 08:56:02 UTC: ISAKMP:(0):Checking ISAKMP transform 1 against priority 1 policy
    *Sep 10 08:56:02 UTC: ISAKMP:      encryption 3DES-CBC
    *Sep 10 08:56:02 UTC: ISAKMP:      hash MD5
    *Sep 10 08:56:02 UTC: ISAKMP:      default group 1
    *Sep 10 08:56:02 UTC: ISAKMP:      auth pre-share
    *Sep 10 08:56:02 UTC: ISAKMP:      life type in seconds
    *Sep 10 08:56:02 UTC: ISAKMP:      life duration (VPI) of  0x0 0x1 0x51 0x80 
    *Sep 10 08:56:02 UTC: ISAKMP:(0):atts are acceptable. Next payload is 0
    *Sep 10 08:56:02 UTC: ISAKMP:(0):Acceptable atts:actual life: 0
    *Sep 10 08:56:02 UTC: ISAKMP:(0):Acceptable atts:life: 0
    *Sep 10 08:56:02 UTC: ISAKMP:(0):Fill atts in sa vpi_length:4
    *Sep 10 08:56:02 UTC: ISAKMP:(0):Fill atts in sa life_in_seconds:86400
    *Sep 10 08:56:02 UTC: ISAKMP:(0):Returning Actual lifetime: 86400
    *Sep 10 08:56:02 UTC: ISAKMP:(0)::Started lifetime timer: 86400.
    *Sep 10 08:56:02 UTC: ISAKMP:(0): processing vendor id payload
    *Sep 10 08:56:02 UTC: ISAKMP:(0): vendor ID seems Unity/DPD but major 69 mismatch
    *Sep 10 08:56:02 UTC: ISAKMP (0): vendor ID is NAT-T RFC 3947
    *Sep 10 08:56:02 UTC: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
    *Sep 10 08:56:02 UTC: ISAKMP:(0):Old State = IKE_I_MM2  New State = IKE_I_MM2 
    *Sep 10 08:56:02 UTC: ISAKMP:(0): sending packet to x.x.x.x my_port 500 peer_port 500 (I) MM_SA_SETUP
    *Sep 10 08:56:02 UTC: ISAKMP:(0):Sending an IKE IPv4 Packet.
    *Sep 10 08:56:02 UTC: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
    *Sep 10 08:56:02 UTC: ISAKMP:(0):Old State = IKE_I_MM2  New State = IKE_I_MM3 
    *Sep 10 08:56:02 UTC: ISAKMP (0): received packet from x.x.x.x dport 500 sport 500 Global (I) MM_SA_SETUP
    *Sep 10 08:56:02 UTC: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
    *Sep 10 08:56:02 UTC: ISAKMP:(0):Old State = IKE_I_MM3  New State = IKE_I_MM4 
    *Sep 10 08:56:02 UTC: ISAKMP:(0): processing KE payload. message ID = 0
    *Sep 10 08:56:02 UTC: ISAKMP:(0): processing NONCE payload. message ID = 0
    *Sep 10 08:56:02 UTC: ISAKMP:(0):found peer pre-shared key matching x.x.x.x
    *Sep 10 08:56:02 UTC: ISAKMP:(2746): processing vendor id payload
    *Sep 10 08:56:02 UTC: ISAKMP:(2746): vendor ID is Unity
    *Sep 10 08:56:02 UTC: ISAKMP:(2746): processing vendor id payload
    *Sep 10 08:56:02 UTC: ISAKMP:(2746): vendor ID is DPD
    *Sep 10 08:56:02 UTC: ISAKMP:(2746): processing vendor id payload
    *Sep 10 08:56:02 UTC: ISAKMP:(2746): speaking to another IOS box!
    *Sep 10 08:56:02 UTC: ISAKMP:received payload type 20
    *Sep 10 08:56:02 UTC: ISAKMP (2746): NAT found, both nodes inside NAT
    *Sep 10 08:56:02 UTC: ISAKMP:received payload type 20
    *Sep 10 08:56:02 UTC: ISAKMP (2746): My hash no match -  this node inside NAT
    *Sep 10 08:56:02 UTC: ISAKMP:(2746):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
    *Sep 10 08:56:02 UTC: ISAKMP:(2746):Old State = IKE_I_MM4  New State = IKE_I_MM4 
    *Sep 10 08:56:02 UTC: ISAKMP:(2746):Send initial contact
    *Sep 10 08:56:02 UTC: ISAKMP:(2746):SA is doing pre-shared key authentication using id type ID_IPV4_ADDR
    *Sep 10 08:56:02 UTC: ISAKMP (2746): ID payload 
    next-payload : 8
    type         : 1 
    address      : 192.168.1.101 
    protocol     : 17 
    port         : 0 
    length       : 12
    *Sep 10 08:56:02 UTC: ISAKMP:(2746):Total payload length: 12
    *Sep 10 08:56:02 UTC: ISAKMP:(2746): sending packet to x.x.x.x my_port 4500 peer_port 4500 (I) MM_KEY_EXCH
    *Sep 10 08:56:02 UTC: ISAKMP:(2746):Sending an IKE IPv4 Packet.
    *Sep 10 08:56:02 UTC: ISAKMP:(2746):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
    *Sep 10 08:56:02 UTC: ISAKMP:(2746):Old State = IKE_I_MM4  New State = IKE_I_MM5 
    *Sep 10 08:56:03 UTC: ISAKMP (2746): received packet from x.x.x.x dport 500 sport 500 Global (I) MM_KEY_EXCH
    *Sep 10 08:56:03 UTC: ISAKMP:(2746): phase 1 packet is a duplicate of a previous packet.
    *Sep 10 08:56:03 UTC: ISAKMP:(2746): retransmitting due to retransmit phase 1
    *Sep 10 08:56:04 UTC: ISAKMP:(2746): retransmitting phase 1 MM_KEY_EXCH...
    *Sep 10 08:56:04 UTC: ISAKMP (2746): incrementing error counter on sa, attempt 1 of 5: retransmit phase 1
    *Sep 10 08:56:04 UTC: ISAKMP:(2746): retransmitting phase 1 MM_KEY_EXCH
    *Sep 10 08:56:04 UTC: ISAKMP:(2746): sending packet to x.x.x.x my_port 4500 peer_port 4500 (I) MM_KEY_EXCH
    *Sep 10 08:56:04 UTC: ISAKMP:(2746):Sending an IKE IPv4 Packet.

    This could be because the port 4500 packet that is being sent is not being received by the peer side or it is ignoring that packet. 
    Since the port 500 packet that you are receiving is a duplicate of the previous packet it is definitely not a reply packet for the port 4500 packet. 
    If you can get the debugs from the other end, then you could see if the peer side is receiving the udp port 4500 packets.
    If not that then this could be a UDP port 4500 block with the ISP.

  • Should I block TCP/UDP ports 135 to 139 on my router?

    For the sake of Internet and Desktop security should I block TCP/UDP ports 135 to 139 both ways at all times on my router?  This seems to be recommended for Windows environments. Does Mavericks need these ports for its proper operation?  When tested, ports 135, 137,18 show as closed whereas all other ports are Stealth.  Ideally, they should all be Stealth.

    Have a read here: http://securityspread.com/2013/07/26/firewall/
    Stealth is just as good as closed, some would argue that stealth is just as much of a giveaway of the port being present as it being closed.
    The specific ports you mention pose no risk to OS X as far as I am aware.

  • Smb firewall ports used

    I am very new to the Mac world, I have recently bought a duo core mini. I am having tremendous problems getting it to work with the rest of my Windows XP based network.
    If I turn off the firewall on the PC, using smb and the ip address for the PC I can gain access to the shares on the PC hard drives. If I turn on the firewall again I can continue to access the share that I have logged onto, but no others, I get an error 36. If I unmount the share, I can no longer get back into it. I have set the firewall up with smb enabled and ports 135-139, 445 open for tcp and udp.
    Does smb use a different port during the connection and mount routine does anyone know ? Am I missing something very basic ?
    David

    Hello,
    we updated from 11.3.1 to 11.3.2
    Now i can not run the command chkconfig -a novell-proxydhcp to set the proxydhcp to autorun because i get...

  • The access to our new chess hall may be blocked by your local firewall. You would need to reconfigure your firewall to open port 15010 for TCP traffic.

    How do I do the following so I can get into my chess program??
    The access to our new chess hall may be blocked by your
    local firewall. You would need to reconfigure your firewall to open port 15010
    for TCP traffic.

    This is not really Firefox related.
    What you need to do here is to read the firewall manual which usually explains how to create a rule for what you want to do.
    If you're using the Windows XP firewall, see this Microsoft article: http://windows.microsoft.com/en-US/windows-vista/Firewall-frequently-asked-questions

  • Are UDP 500, 1701 and 4500 ports being blocked -- VPN ports ??

    I recently set up a VPN back into my network (for use on public wi-fi, keep they prying eyes away). 
    Everything was working and now it is not.  I checked the access to the port via the internet and they are now closed.
    Is VZ blocking UDP 500, 1701 and 4500 now.

    #1 Is the computer that you are forwarding to a Static IP? 
    Yes, the server on the inside is a static IP.
    #2 Is that Static IP outside of the DHCP Range of the router?
    Yes, the static iP is  well above my 4 devices that get their normal dhcp address
    i put the starting VPN DHCP address well above my static IP  and yet below where the set boxes start using IPs.
    #3 If you don't know what the DHCP Range of the router is, it would help to know the brand and model of your router.
    I believe the router is the standard VZ issue ActionTek MIR some model, can dig it up when i get home.
    Things to note: 
    All my other port forwards (ssh, http, https) are still working, they terminate on the same host as the VPN.
    DNS is up-to-date as i can still access the box from the internet  (I am using dyndns updater).
    I nmapped from the internet to my host on ports 500, 1701 and 4500 and they are close, where my other port forward ports are open.

Maybe you are looking for