Arno-iptables-firewall and CUPS
Hello everyone.
I'm having a problem with my firewall and CUPS. The thing is, when I try to print when the firewall is active the programs (kword, kcontrol, etc) can't contact cups daemon. But when the firewall is stopped I can print normally. The problem is obviously something with the firewall configuration.
So, the question is, does anyone know how should I configure the firewall (Arno's iptables firewall) in order to solve this problem?. I thought about opening the cups port (631) but this wouldn't be the best solution. I don't want to open a port that shouldn't be open.
The weird thing is that I can access cups thru localhost:631 using konqueror but incredibly slowly. I don't know why the firewall is blocking cups.
I almost forget. Before you ask the printer is connected direcly to my computer. Is not a network printer. I have the needed module loaded (usblp) and the cups server is running.
Thanks in advance,
Gonza
Last edited by Gonzakpo (2008-06-20 20:16:20)
Hello.
I tried the command iptables -F but nothing. The cups server is still unreacheable by kcontrol.
After running arno's firewall, the iptables -vL output is:
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- lo any anywhere anywhere
15 2568 ACCEPT all -- any any anywhere anywhere state ESTABLISHED
0 0 ACCEPT tcp -- any any anywhere anywhere state RELATED tcp dpts:1024:65535
0 0 ACCEPT udp -- any any anywhere anywhere state RELATED udp dpts:1024:65535
0 0 ACCEPT icmp -- any any anywhere anywhere state RELATED
8 1515 HOST_BLOCK all -- any any anywhere anywhere
8 1515 SPOOF_CHK all -- any any anywhere anywhere
8 1515 VALID_CHK all -- eth0 any anywhere anywhere
8 1515 EXT_INPUT_CHAIN !icmp -- eth0 any anywhere anywhere state NEW
0 0 EXT_INPUT_CHAIN icmp -- eth0 any anywhere anywhere state NEW limit: avg 60/sec burst 100
0 0 EXT_ICMP_FLOOD_CHAIN icmp -- eth0 any anywhere anywhere state NEW
0 0 LOG all -- any any anywhere anywhere limit: avg 1/sec burst 5 LOG level info prefix `Dropped INPUT packet: '
0 0 DROP all -- any any anywhere anywhere
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- lo any anywhere anywhere
0 0 TCPMSS tcp -- any eth0 anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
0 0 ACCEPT all -- any any anywhere anywhere state ESTABLISHED
0 0 ACCEPT tcp -- any any anywhere anywhere state RELATED tcp dpts:1024:65535
0 0 ACCEPT udp -- any any anywhere anywhere state RELATED udp dpts:1024:65535
0 0 ACCEPT icmp -- any any anywhere anywhere state RELATED
0 0 HOST_BLOCK all -- any any anywhere anywhere
0 0 UPNP_FORWARD all -- eth0 !eth0 anywhere anywhere
0 0 SPOOF_CHK all -- any any anywhere anywhere
0 0 VALID_CHK all -- eth0 any anywhere anywhere
0 0 LOG all -- any any anywhere anywhere limit: avg 1/min burst 3 LOG level info prefix `Dropped FORWARD packet: '
0 0 DROP all -- any any anywhere anywhere
Chain OUTPUT (policy ACCEPT 8 packets, 552 bytes)
pkts bytes target prot opt in out source destination
0 0 TCPMSS tcp -- any eth0 anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
7 340 ACCEPT all -- any any anywhere anywhere state ESTABLISHED
8 552 HOST_BLOCK all -- any any anywhere anywhere
0 0 LOG all -f any any anywhere anywhere limit: avg 3/min burst 5 LOG level info prefix `FRAGMENTED PACKET (OUT): '
0 0 DROP all -f any any anywhere anywhere
8 552 EXT_OUTPUT_CHAIN all -- any eth0 anywhere anywhere
Chain DMZ_INET_FORWARD_CHAIN (0 references)
pkts bytes target prot opt in out source destination
Chain DMZ_INPUT_CHAIN (0 references)
pkts bytes target prot opt in out source destination
Chain DMZ_LAN_FORWARD_CHAIN (0 references)
pkts bytes target prot opt in out source destination
Chain EXT_FORWARD_CHAIN (0 references)
pkts bytes target prot opt in out source destination
Chain EXT_ICMP_FLOOD_CHAIN (1 references)
pkts bytes target prot opt in out source destination
0 0 LOG icmp -- any any anywhere anywhere icmp destination-unreachable limit: avg 12/hour burst 1 LOG level info prefix `ICMP-unreachable flood: '
0 0 DROP icmp -- any any anywhere anywhere icmp destination-unreachable
0 0 LOG icmp -- any any anywhere anywhere icmp time-exceeded limit: avg 12/hour burst 1 LOG level info prefix `ICMP-time-exceeded flood: '
0 0 DROP icmp -- any any anywhere anywhere icmp time-exceeded
0 0 LOG icmp -- any any anywhere anywhere icmp parameter-problem limit: avg 12/hour burst 1 LOG level info prefix `ICMP-param.-problem flood: '
0 0 DROP icmp -- any any anywhere anywhere icmp parameter-problem
0 0 LOG icmp -- any any anywhere anywhere icmp echo-request limit: avg 12/hour burst 1 LOG level info prefix `ICMP-request(ping) flood: '
0 0 DROP icmp -- any any anywhere anywhere icmp echo-request
0 0 LOG icmp -- any any anywhere anywhere icmp echo-reply limit: avg 12/hour burst 1 LOG level info prefix `ICMP-reply(pong) flood: '
0 0 DROP icmp -- any any anywhere anywhere icmp echo-reply
0 0 LOG icmp -- any any anywhere anywhere icmp source-quench limit: avg 12/hour burst 1 LOG level info prefix `ICMP-source-quench flood: '
0 0 DROP icmp -- any any anywhere anywhere icmp source-quench
0 0 LOG icmp -- any any anywhere anywhere limit: avg 12/hour burst 1 LOG level info prefix `ICMP(other) flood: '
0 0 DROP icmp -- any any anywhere anywhere
Chain EXT_INPUT_CHAIN (2 references)
pkts bytes target prot opt in out source destination
0 0 LOG tcp -- any any anywhere anywhere tcp dpt:0 limit: avg 6/hour burst 1 LOG level info prefix `TCP port 0 OS fingerprint: '
0 0 LOG udp -- any any anywhere anywhere udp dpt:0 limit: avg 6/hour burst 1 LOG level info prefix `UDP port 0 OS fingerprint: '
0 0 DROP tcp -- any any anywhere anywhere tcp dpt:0
0 0 DROP udp -- any any anywhere anywhere udp dpt:0
0 0 LOG tcp -- any any anywhere anywhere tcp spt:0 limit: avg 6/hour burst 5 LOG level info prefix `TCP source port 0: '
0 0 LOG udp -- any any anywhere anywhere udp spt:0 limit: avg 6/hour burst 5 LOG level info prefix `UDP source port 0: '
0 0 DROP tcp -- any any anywhere anywhere tcp spt:0
0 0 DROP udp -- any any anywhere anywhere udp spt:0
4 1314 ACCEPT udp -- any any anywhere anywhere udp spt:bootps dpt:bootpc
0 0 ACCEPT tcp -- + any anywhere anywhere tcp dpt:4872
0 0 ACCEPT udp -- + any anywhere anywhere udp dpt:4875
0 0 LOG icmp -- any any anywhere anywhere icmp echo-request limit: avg 3/min burst 1 LOG level info prefix `ICMP-request: '
0 0 LOG icmp -- any any anywhere anywhere icmp destination-unreachable limit: avg 12/hour burst 1 LOG level info prefix `ICMP-unreachable: '
0 0 LOG icmp -- any any anywhere anywhere icmp time-exceeded limit: avg 12/hour burst 1 LOG level info prefix `ICMP-time-exceeded: '
0 0 LOG icmp -- any any anywhere anywhere icmp parameter-problem limit: avg 12/hour burst 1 LOG level info prefix `ICMP-param.-problem: '
0 0 DROP icmp -- any any anywhere anywhere icmp destination-unreachable
0 0 DROP icmp -- any any anywhere anywhere icmp time-exceeded
0 0 DROP icmp -- any any anywhere anywhere icmp parameter-problem
0 0 DROP icmp -- any any anywhere anywhere icmp echo-request
0 0 DROP icmp -- any any anywhere anywhere icmp echo-reply
0 0 LOG tcp -- any any anywhere anywhere tcp dpts:1024:65535 flags:!FIN,SYN,RST,ACK/SYN limit: avg 3/min burst 5 LOG level info prefix `Stealth scan (UNPRIV)?: '
0 0 LOG tcp -- any any anywhere anywhere tcp dpts:0:1023 flags:!FIN,SYN,RST,ACK/SYN limit: avg 3/min burst 5 LOG level info prefix `Stealth scan (PRIV)?: '
0 0 DROP tcp -- any any anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN
0 0 LOG tcp -- any any anywhere anywhere tcp dpts:0:1023 limit: avg 6/min burst 2 LOG level info prefix `Connection attempt (PRIV): '
0 0 LOG udp -- any any anywhere anywhere udp dpts:0:1023 limit: avg 6/min burst 2 LOG level info prefix `Connection attempt (PRIV): '
2 96 LOG tcp -- any any anywhere anywhere tcp dpts:1024:65535 limit: avg 6/min burst 2 LOG level info prefix `Connection attempt (UNPRIV): '
1 57 LOG udp -- any any anywhere anywhere udp dpts:1024:65535 limit: avg 6/min burst 2 LOG level info prefix `Connection attempt (UNPRIV): '
3 144 DROP tcp -- any any anywhere anywhere
1 57 DROP udp -- any any anywhere anywhere
0 0 DROP icmp -- any any anywhere anywhere
0 0 LOG all -- any any anywhere anywhere limit: avg 1/min burst 5 LOG level info prefix `Other-IP connection attempt: '
0 0 DROP all -- any any anywhere anywhere
Chain EXT_OUTPUT_CHAIN (1 references)
pkts bytes target prot opt in out source destination
Chain HOST_BLOCK (3 references)
pkts bytes target prot opt in out source destination
Chain INET_DMZ_FORWARD_CHAIN (0 references)
pkts bytes target prot opt in out source destination
Chain LAN_INET_FORWARD_CHAIN (0 references)
pkts bytes target prot opt in out source destination
Chain LAN_INPUT_CHAIN (0 references)
pkts bytes target prot opt in out source destination
Chain MAC_FILTER (0 references)
pkts bytes target prot opt in out source destination
Chain POST_FORWARD_CHAIN (0 references)
pkts bytes target prot opt in out source destination
Chain POST_INPUT_CHAIN (0 references)
pkts bytes target prot opt in out source destination
Chain POST_OUTPUT_CHAIN (0 references)
pkts bytes target prot opt in out source destination
Chain RESERVED_NET_CHK (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- any any 10.0.0.0/8 anywhere limit: avg 1/min burst 1 LOG level info prefix `Class A address: '
0 0 LOG all -- any any 172.16.0.0/12 anywhere limit: avg 1/min burst 1 LOG level info prefix `Class B address: '
0 0 LOG all -- any any 192.168.0.0/16 anywhere limit: avg 1/min burst 1 LOG level info prefix `Class C address: '
0 0 LOG all -- any any 169.254.0.0/16 anywhere limit: avg 1/min burst 1 LOG level info prefix `Class M$ address: '
0 0 DROP all -- any any 10.0.0.0/8 anywhere
0 0 DROP all -- any any 172.16.0.0/12 anywhere
0 0 DROP all -- any any 192.168.0.0/16 anywhere
0 0 DROP all -- any any 169.254.0.0/16 anywhere
Chain SPOOF_CHK (2 references)
pkts bytes target prot opt in out source destination
8 1515 RETURN all -- any any anywhere anywhere
Chain UPNP_FORWARD (1 references)
pkts bytes target prot opt in out source destination
Chain VALID_CHK (2 references)
pkts bytes target prot opt in out source destination
0 0 LOG tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG limit: avg 3/min burst 5 LOG level info prefix `Stealth XMAS scan: '
0 0 LOG tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,ACK,URG limit: avg 3/min burst 5 LOG level info prefix `Stealth XMAS-PSH scan: '
0 0 LOG tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG limit: avg 3/min burst 5 LOG level info prefix `Stealth XMAS-ALL scan: '
0 0 LOG tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN limit: avg 3/min burst 5 LOG level info prefix `Stealth FIN scan: '
0 0 LOG tcp -- any any anywhere anywhere tcp flags:SYN,RST/SYN,RST limit: avg 3/min burst 5 LOG level info prefix `Stealth SYN/RST scan: '
0 0 LOG tcp -- any any anywhere anywhere tcp flags:FIN,SYN/FIN,SYN limit: avg 3/min burst 5 LOG level info prefix `Stealth SYN/FIN scan(?): '
0 0 LOG tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE limit: avg 3/min burst 5 LOG level info prefix `Stealth Null scan: '
0 0 DROP tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG
0 0 DROP tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,ACK,URG
0 0 DROP tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG
0 0 DROP tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN
0 0 DROP tcp -- any any anywhere anywhere tcp flags:SYN,RST/SYN,RST
0 0 DROP tcp -- any any anywhere anywhere tcp flags:FIN,SYN/FIN,SYN
0 0 DROP tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
0 0 LOG tcp -- any any anywhere anywhere tcp option=64 limit: avg 3/min burst 1 LOG level info prefix `Bad TCP flag(64): '
0 0 LOG tcp -- any any anywhere anywhere tcp option=128 limit: avg 3/min burst 1 LOG level info prefix `Bad TCP flag(128): '
0 0 DROP tcp -- any any anywhere anywhere tcp option=64
0 0 DROP tcp -- any any anywhere anywhere tcp option=128
0 0 DROP all -- any any anywhere anywhere state INVALID
0 0 LOG all -f any any anywhere anywhere limit: avg 3/min burst 1 LOG level warning prefix `Fragmented packet: '
0 0 DROP all -f any any anywhere anywhere
Similar Messages
-
Arno-iptables-firewall and logging
Hello, I have successfully set up arno-iptables and in logging options I have set the following option
FIREWALL_LOG="/var/log/firewall.log"
The log file is however totally empty and I was wondering if this was a problem with syslog-ng? Does anyone have arnos iptables successfully logging traffic on their computer? Any help and advice would be appreciated.Your syslog is still configured to log to iptables.log. I don't see a big reason for changing it as well, Arch firewall service is called iptables etc. so you might as well keep it.
-
New Package: Arno's iptables firewall scripts
I made a PKGBUILD for Arno IPTABLES firewall script. This script has protected my home network for long time and I realized that some other Archers would also like to use it. Also, syslog-ng.conf example is included to get iptable logs into their own log file.
Script has clear, easy and well commented configuration file. Nice list of
Features
Very secure stateful filtering firewall
Both kernel 2.4 & 2.6 support
It can be used for both single- and multi(eg. dual)-homed boxes
Masquerading (NAT) and SNAT support
Multiple external (internet) interfaces
Support multiroute NAT & SNAT (load balancing over multiple (internet) interfaces)
Port forwarding (NAT)
Support MAC address filtering
Support for DSL/ADSL modems
Support for PPPoE, PPPoA and bridging modem setups
Support for static and ISP assigned (DHCP) IPs
Support for (transparent) proxies
Full support for DMZ's and DMZ-2-LAN forwarding. You can also use it to isolate your eg. wireless LAN.
(Nmap)(stealth) portscan detection
Protection against SYN-flooding (DoS attacks)
Protection against ICMP-flooding (DoS attacks)
Extensive user-definable logging with rate limiting to prevent log flooding
Includes options to optimize your throughput
User definable open ports, closed ports, trusted hosts, blocked hosts etc.
Log & protection options are both highly customizable
Support for custom iptables rules in a seperate file
It can be used with chkconfig runlevel system (eg. RedHat/Fedora)
Main focus on TCP/UDP/ICMP but additional support for *ALL* IP protocols
It works with Freeswan IPSEC (VPN) & SSH Sentinel (http://www.freeswan.org) (+virtual IP's)
It works with PoPTop PPTP (http://www.poptop.org)
It works with UPnP
DRDOS protection/detection (experimental)
It's easy to configure
And much more...
(edit) PKGBUILD is in the AUR.
This is my first package ever so tell me what to fix. I will put this to AUR if supported and this really works.1c3d0g wrote:
Is this similar to QuickTables?
http://qtables.radom.org/
Arno's iptables has a config file that will be edited as needed and script reads the config file everytime it is executed.
I can put this pkgbuild to AUR. The init script is not Arch like. I decided to use Arno's script as is in /etc/rc.d/ because I want to see what happens. I could do a Arch type of init script that executes the firewall script arch way.
What do you think? -
Error message about firewall and internet sharing
hello all i have a question regarding the use of firewall and internet sharing.
I have a PMG5 connected to internet through Airport. I've linked an Xbox 360 via the built-in ethernet port in order to access Xbox Live. I had to open specific UDP ports on the OS X firewall but it now works fine. However, in the Sharing Preference Pane, Internet Tab, i still get an error message saying that my Internet Sharing is disturbed by the settings of the firewall and sharing services, it says that i did not activate "personal web sharing" in the first two tabs...but i DID ! And there's no way to get rid of this error message.
I know I know some may consider it's not a real problem because it's just an error message while the connection actually works fine but well, I tend to hate error messages when they're not supposed to show up. So if anyone know the answer, thanks in advance...
Good day to everyone
Vince, Paris...sorry about the delay in replying, was kinda busy
well trashing the pref files was useless and i tried with another user, same thing. As for the second opinion, the problem was not about which port was used cause as i said the connection sharing works fine and anyway it was the correct port that was checked, it's just that i get an error message while there is no apparent error and everything works fine, i'm told that personal web sharing is not enabled but it is...
Anyway as i said, it's probably not a real matter, as long as it works...which brings me to another thing. I've created a special protocol in the firewall to enable a proper dialog with the xbox. it's basically the same thing you do for ichat AV when you have video connection problems, you track down the concerned UDP port using terminal, you allow traffic and all... The protocol for the xbox worked great for some days, but now it seems it's not enough, the game set keeps trying on another port and i constantly have to update the protocol or deactivate the firewall...and enabling back all UDP traffic is not enough to solve it.
In a way i think everything is linked, the initial error message when everything was fine and the current trouble. Any idea?
thanks
Vince -
I get a message that my network connection has timed out while trying to update my iPhone on iTunes. Has anyone else had that problem and if so what solutions have you found? I was told to turn off my firewall and/or virus protection while updating but am nervous about doing that for obvious reasons. I'm also disgusted with Apple not providing free tech support.
See this article about the ports that have to be open during the update process. iTunes has to contact Apple during the download. iTunes for Windows: Troubleshooting security software issues
-
I can't get the IOS 5 to work for windows Vista. I'm running kaspersky pure 2.0, windows firewall and windows defender. I have turned them all off, I then attach my Ipod 4th gen and I get the "cannot connect to itunes update server". I ran diagnostics in itunes and it tells me I dont have a internet connection. I'm on the internet right now, and I DO have a internet connection, but it tells me Itunes says otherwise. I'm able to send this message on the same pc with internet connection but keep running into this error. I have now read discussiong boards through apple and disabled all my firewalls, still no luck. I was able to update the lates version of itunes, and just waiting to get my ipod updated now, please help me.
On the computer you should be able to go to the network properites. Go to the TCP part and unchec the line that says obtaind DNS automatically and check the one that says use the following. Add the 8.8.8.8 and Google other 8.8.4.4.
For more info see:
https://developers.google.com/speed/public-dns/ -
Have deleted temp video, configured anti spam and firewall, and one specific video keeps giving me an error. Just tried downloading a previous episode of the show and it worked just fine. Always sunny in philly "Charlie rules the world" anyone else??
Have deleted temp video, configured anti spam and firewall, and one specific video keeps giving me an error. Just tried downloading a previous episode of the show and it worked just fine. Always sunny in philly "Charlie rules the world" anyone else??
-
I used to have iTunes 4.3.1, something like that, it kept asking me to upgrade but i had an older ipod so i couldnt. I recently broke my ipod so now i have one for itunes 10.5.3.3 because my ipod came shipped with ios5.0 installed. So i tried to update itunes, didnt work. I uninstalled it, didnt work. I disabled firewall and antiviurs, didnt work. Ive called tech support, as soon as the person hung up thinking that it was working, it stopped working. I REALLY LOVE MUSIC and want songs on my new ipod. Please someone help....
First try removing and reinstalling all the Apple software using the following or the link within it that applies to XP.
Removing and reinstalling iTunes, QuickTime, and other software components for Windows Vista or Windows 7
Then try the other items in:
iPhone, iPad, or iPod touch: Device not recognized in iTunes for Windows -
Unable to receive internet connection over wifi connection. Shows that I am connected to the network, but do not have internet access. Checked my firewall and turned it off. What else am I missing or should be doing differently?
You might want to try resetting your router and your modem - just unplug the cords, leave them unplugged for about 3-5 minutes and then replug the modem and then the router in that order.
This may or may not correct your problem - call back if it doesn't.
Clinton -
Understanding ERM and CUP integration in AC 10.0
Iu2019m reaching out in hopes to get a better understanding of how AC 10.0 is meant to handle the ERM and CUP integration (Iu2019m still stuck on the old names :). Any feedback would be greatly appreciated.
Currently, we have a requirement to setup the GRC Production box so it can provision user access in the Production ECC but create security roles in Development ECC. This is typically what we see since most clients want to follow their manual transport process to get the security roles from Dev --> QA --> Prod.
Something I noticed in CUP is when a user adds a role to the request form u2013 the role is associated to a system (i.e. Production ECC or Development ECC). If we create a role using ERM and it only gets generated in Development ECC u2013 will we be able to select this role in CUP for user assignment in Production ECC? (assuming itu2019s been transported outside of GRC)
Note: At this point the new role will only be associated to Development ECC from a GRC perspective? So if we assign it in CUP u2013 it will only be associated to Development ECC...?
Do we have to manually perform another u201Crole import / syncu201D from the Production ECC to sync the roles so theyu2019re available in CUP?
This is based on the understanding that CUP looks for available roles for assignment from ERM rather than the Production ECC. Is that correct? Can we have CUP look in the backend rather than ERM?
My question is around the manual u201Crole import / syncu201D that needs to get performed for CUP. Is this really mandatory based on the requirements? It would mean I need to perform a u201Crole import / syncu201D every time a new role is created/deleted/changedu2026 Maybe Iu2019m missing something with the new 10.0 integration / functionality? Are other companies doing something different?
Please let me know what you think. Your insight is greatly appreciated!Frank,
Thanks for clarifying.
Can you clarify what you mean when you say "you just need to tell CUP that the roles are available in PRD"? What does this mean?
This goes back to the original question - do we need to perform another import of the roles from ECC PRD to ERM? My understanding is that the ERM role repository is looking at my original import of roles and then each role I create using ERM after that. How will it know which roles are in PRD if I don't do a routine synch?
Also, you mentioned "each role has attributes that define in which systems it should be available for requests", where does this get defined? I believe you are referring to the "Role Status" which is set to Development, Production or Testing. I only see the ability to set this during the Role Import, but what about roles which have been created using ERM. I don't see it in the Role details screen - where is the setting? -
This is the message I get when I open Firefox:
Unable to connect
Firefox can't establish a connection to the server at en-gb.start3.mozilla.com.
* The site could be temporarily unavailable or too busy. Try again in a few
moments.
* If you are unable to load any pages, check your computer's network
connection.
* If your computer or network is protected by a firewall or proxy, make sure
that Firefox is permitted to access the Web.Remove all rules for Firefox from the permissions list in the firewall and let your firewall ask again for permission to get full unrestricted access to internet for Firefox.
See [[Server not found]] and [[Firewalls]] and http://kb.mozillazine.org/Firewalls
See also http://kb.mozillazine.org/Error_loading_websites -
I can't get artwork, I get a -609 error. I have tried turning off firewall and antivirus. Theewindows firewall is set to allow itunes anyhow. Any suggestions?
Perhaps try the "Error -609" section in the Specific Conditions and Alert Messages: (Mac OS X / Windows) section of the following document:
iTunes: Advanced iTunes Store troubleshooting -
After installing the new update for Firefox 3.6, no matter what I do, I cannot connect to the internet using Firefox. I can get on the internet using my other browsers (Google Chrome and Internet Explorer), so Firefox is the only one that doesn't work. I have already checked my firewall and have added and removed Firefox from my firewall to no avail. I've also already uninstalled and reinstalled Firefox, but so far it hasn't helped.
I have already tried removing firefox from my firewall. Even when I do that, my firewall doesn't detect firefox and prompt me to add it. And when I manually add it, it still doesn't work anyways. I've already tried the link as well, but it has been unhelpful. :/
I'm not sure if it matters, but a few weeks before this, I did download Microsoft Security Essentials. -
How to configure array for UAG 2010 with topology Between a frontend firewall and a backend firewall
Hi,
We want to publish exchange 2013 through UAG 2010. What is the best topology for UAG 2010?
Can we configure UAG 2010 arrawy with topology "Between a frontend firewall and a backend firewall" ?
Can we configure UAG 2010 array in workgroup?
What is the drawback to use ARR to publish exchange 2013?
Thanks
Jitender
jitenderHi Jitender - I have doen quite a few UAG deployments like this and is fully supported sitting in a DMZ between Firewalls. However, for an array the UAG Servers muts be domain joined. In these deployments the question is whether to place a Domain In the
DMZ (locked down of course) or allow traffic through to a domain controller via the backend firewall.
The link you require is here -
http://technet.microsoft.com/en-gb/library/ee428826.aspx
Kr
John Davies -
Business Process and sub Process IN ERM and CUP
Hi Friends,
We are in intial stage of GRC implimentation. Now I am uploading the roles into ERM and CUP. I have defined business processes and sub processes for the roles and upload the roles successfully in ERM. But when I am doing the same excercise in CUP especially during creation of sub process it is not allowing the charecter "-" in the name space.
E.g. Business process name is EHS-SM (Uploaded to CUP)
Sub process name is EHS-SM1.1 (not allowing to create in CUP wher as successfully created in ERM)
My question is
1. why it allows me to do the same thing in ERM but not in CUP.
2. Is there any way to maintain the name with chaecter "-".
For your information I am in the phase of defining the attributes for the roles.
Thanks & Regards,
Satyabrat
Edited by: Sunil Varghese on Oct 28, 2009 10:59 AM
Edited by: Sunil Varghese on Oct 28, 2009 11:01 AMHi all,
I will have a hard time ahead with BP and SBP. all are in the same format. I dont think my company will agree to change the name of there BP or SBP because they are thousands in count and also there is no other way around in GRC,
Let give me a try...
Thanks Guys for your support and time.
Maybe you are looking for
-
Itunes won't let me delete items on my Ipod Touch
I am trying to delete songs on my newly purchased Ipod Touch, and Itunes instructions say to: Connect your iPod to your computer. When the iPod icon appears in iTunes, select it. If the disclosure triangle to the left of your iPod is closed, click it
-
How to get extra information in server response "250 OK extra info here "
Hello all, I am using javamail to send e-mail messages via an SMTP server that responds in the following way when I finish sending my DATA: 250 OK <extra information here> How can I get the <extra information here> text using javamail? I am using jav
-
Cursor is trapped in white rectangle (in windows) when trying to exit certain programs
I recently installed windows 8.1 using bootcamp 5 onto my 2011 macbook pro that's running on mavericks. I really only wanted it so I would be able to play some old pc games through steam. The install seemed to go pretty smooth but I ran into a huge
-
Which table will contain user entry info
HI all, I have duplicated user in OID and I am finding the way to clean them up. Any way, I am looking for tables in ODS schema that contained users and group they belong to so I can use ldapdelete to clean them up. Please let me know which tables in
-
Create New Variable for COPA Drilldown Reports in KE3E
Hi, How can we create a formula variable for COPA Drill down reports in KE3E? In standard global variables formula variable is not avaiable, I need to create a formula variables like ...from period, to period, last fiscal year and next fiscal year..