Client connecting through firewall

Similar Messages

• Only 2 Clients Connect Through AP 1252

  Hi,
  I am configuring a 1252 in autonomous mode and that's the only AP in the network.
  A very strange behavior is observed.
  Although many clients can associate to this AP with no problem, only the first two associated devices can connect through this AP and access devices on the wired network. For 3rd associated device and above, they can only connect to and ping to AP but nothing beyond AP. In Windows the wireless icon would display "limited access" with an exclamation mark.
  DHCP works fine though for all devices, and they can acquire the IP from DHCP server on a different segment.
  I don't have too much experience with wireless so I am totally lost with no direction.
  Please help and thank you very much.
  configuration attached.

  Problem solved. It has nothing to do with AP. The AP is connected to a ESW 540-8 port SW. This is SOHO SW is blocking the traffic. As soon as I moved AP to main switch, everything went smoothly.

• Client connecting through a proxy

  hi
  i'm new to RMI programming, i need to clear some things up
  . is RMI a standalone protocol like http or does it require another protocol so
  it can run over it ?
  . how does an RMI connection get through a proxy server, ie. if the client is behind a proxy server and the server is a known public host, can the client still get to the server, or does this have to be done in the proxy configuration?
  Is there certain types of proxy servers RMI can't go through or ( they won't let it pass through ) .
  i need those infos because i've been stuck with an RMI server deployed on the net and a client behind a web proxy, the same box ( IP ) hosting the RMI server also hosts a WEB server from which javaWS starts the application but this application exits at a certain point sayin it cannot find the RMI server.
  i didn't have the chance to test through a direct connection, but have tested
  in an intranet environment and it was workin great,
  thanks for any help

  . is RMI a standalone protocol like http or does it
  require another protocol so
  it can run over it ?The question doesn't make much sense. HTTP runs over TCP, and so does RMI. RMI also uses the Serialization protocol.
  how does an RMI connection get through a proxy
  server, ie. if the client is behind a proxy server
  and the server is a known public host, can the
  client still get to the server, or does this have to
  be done in the proxy configuration?http://java.sun.com/j2se/1.5.0/docs/guide/rmi/faq.html#firewallOut
  s there certain types of proxy servers RMI can't go
  through or ( they won't let it pass through ) .Java supports SOCKS and HTTP proxies.

• Connecting through firewall (weird problem)

  Hello,
  I'm having a very weird problem with JMX on a Linux server. I'm aware of the fact that the out-of-the-box JMX agent doesn't work with firewalls and I'm using a custom agent or rather I'm trying to. The problem is that JConsole/Custom Client fails to connect to the agent with a NoSuchObjectException.
  The Server side code looks as follows
  public class TestServer {
  public static void main(String[] args) throws Exception {
  System.setProperty("java.rmi.server.randomIDs", "true");
  LocateRegistry.createRegistry(15003);
  MBeanServer mbs = ManagementFactory.getPlatformMBeanServer();
  JMXServiceURL serviceUrl = new JMXServiceURL(
  "service:jmx:rmi://localhost:15002/jndi/rmi://localhost:15003/jmxrmi");
  JMXConnectorServer connectorServer = JMXConnectorServerFactory
  .newJMXConnectorServer(serviceUrl, null, mbs);
  connectorServer.start();
  Thread.sleep(Integer.MAX_VALUE);
  The Client side code looks as following
  public class TestClient {
  public static void main(String[] args) throws Exception {
  JMXServiceURL u = new JMXServiceURL(
  "service:jmx:rmi:///jndi/rmi://ec2-67-202-2-113.z-2.compute-1.amazonaws.com:15002/jmxrmi");
  JMXConnector c = JMXConnectorFactory.connect(u);
  The Exception I'm getting is
  Exception in thread "main" java.io.IOException: Failed to retrieve RMIServer stub: javax.naming.CommunicationException [Root exception is java.rmi.NoSuchObjectException: no such object in table]
       at javax.management.remote.rmi.RMIConnector.connect(Unknown Source)
       at javax.management.remote.JMXConnectorFactory.connect(Unknown Source)
       at javax.management.remote.JMXConnectorFactory.connect(Unknown Source)
       at foo.bar.TestClient.main(TestClient.java:12)
  The Java version on the Server is
  java version "1.6.0_02"
  Java(TM) SE Runtime Environment (build 1.6.0_02-b05)
  Java HotSpot(TM) Client VM (build 1.6.0_02-b05, mixed mode, sharing)

  You were right. There was one more thing though which I figured out with Wireshark/Ethereal. The machines in Amazon's EC2 Network are running behind a NAT or something and I had to specify the external address with -Djava.rmi.server.hostname=BlaBlub.

• Connecting through firewall

  I am connecting remotely to a computer with full access to our company firewall.  The router (WRT54G v6) is causing the IP address to change on the wired computer and rendering it blocked by the company firewall.
  Is there a way to retain the original IP address settings on the wired computer and still hookup wirelessly from mine?

  When you assign your wired computer a static LAN IP address, you will need to do this in the computer itself, not in the router.  Also, be sure to follow the Linksys rules regarding the proper method of assigning a static LAN IP address.
  For more information on this topic, please see my previous post at:
   http://forums.linksys.com/linksys/board/message?board.id=Wireless_Routers&message.id=10070&query.id=...

• Iron port slow connection through firewall interface, data blanked out

  Hi Alll
  Installing a new pair of IronPort c170 appliances behind a ASA 5520 and currently getting blanked out response when connecting via telnet on port 25 to the outside interface.  Testing this internally there are no issues and the hostname is shown, but from the outside, response is very slow and some information is masked as xxxxxxx.
  Going through the ASA, esmtp stateful packet inspection is removed and the IPS has already been ruled out.
  Has anyone come accross this issue before. Please could you shine some light on this.
  Many thanks

  Hello James,
  when some of the information is masked, this means you still have SMTP fixup enabled on the ASA. I am not an expert on these devices, but here is an article on this topic that may be useful:
  Article #1816: Why do we see XXXXXXXA after EHLO and "500 #5.5.1 command not recognized" after STARTTLS? Link: http://tools.cisco.com/squish/E68cB
  Hope that helps.
  Andreas

• Making connection through firewall

  Hi,
  I'm using Oracle Database server 8i (Enterprise Edition 8.1.7.0.0) and it's working fine. Now the students wants to work at home and I have to route port 1521 to the internet but... Always I try to make a connection to the server I have a time-out. And no, with the option CONNECTION_TIMEOUT_LISTENER = 0 configured at the server, it isn't working....
  For the routing, I'm using debian 3.0 with iptables (all other routing and configurations of the firewall are working)
  Can someone help me with the problem?
  Greets,
  Bart

  not sure what you mean by having a 'EJB listening' on port 6666. Do you mean actually having a socket listening within the EJB code? If so then that is a suspicious EJB activity.
  If not then i guess you mean the ORMI listening port of the OC4J application. This is normally set on port 23791 to allow the RMI communication to flow.
  -lp

• Sockets connection through firewall

  Is there any way to make a connection between a socket outside the FireWall and a server socket inside?

  usually a firewall is transparent to software making socket connections, so it would really depend on the firewall configuration, if it will let the communication happen.

• Ip connectivity through firewall segments

  Hi,
  We have an ASA that attaches to 6500-Core. The rough network diagram is attached here.
  IP Segment's B&C have SVI on core, wherease segment A is on the ASA(Segment A is new & needs to be created).
  The leg connecting ASA to Core is on security level 100 with name as Internal , the other leg of ASA connecting upwards to routers are on security level 0 with name as External.
  If we need to add Segment A on ASA, can we assign it a security level of 50 ? The requirement is:
  1. Segment A needs to talk to Segment B , but it shouldn't be talking to Segment C (includes ping response also)
  How can we achieve this? Appreciate all help.

  Hi,
  The use of "security-level" alone as a means to control which traffic is allowed is not advisable unless your network is very simple home/small office network. Judging by your information you have a setup that wont really work well with this kind of simple setting.
  The problem with "security-level" is that it makes no distinction between the networks behind an interface. So if a source interfaces "security-level" is higher than the the destination interfaces "security-level" then all networks behind the source interface can access any network behind the destination interface. This makes it impossible to control the traffic on a per network basis.
  I would suggest that you use an interface ACL to control the traffic on your interfaces. Atleast this new one that you are creating.
  You would have to create an ACL that first blocks traffic from Segment A to Segment C and then allows all other traffic from Segment A (which would mean Internet access and connections to Segment B would be allowed)
  At its simplest the interface ACL would look like this
  access-list SEGMENT-A-IN remark Deny traffic to Segment C
  access-list SEGMENT-A-IN deny ip any 10.60.10.0 255.255.255.0
  access-list SEGMENT-A-IN remark Allow all other traffic
  access-list SEGMENT-A-IN permit ip 10.80.10.0 255.255.255.0 any
  access-group SEGMENT-A-IN in interface
  This would not block the ICMP Echo reply from Segment A to Segment C. You would either have to block ICMP Echo from Segment C to Segment A or you would perhaps need to disable ICMP Inspection if you have it enabled and then the above ACL would also block ICMP Echo Reply.
  Hope this helps
  - Jouni

• How many clients can connect through cisco AP 1310 in wireless network ?

  I had setup wireless network with
  wlc4402,cisco AP 1310.1131 and 1242 and Cisco acs 4.1.My problem is only 30 clients connect through Cisco AP 1310 at a time.I can not connect more than 30 clients at a time.What is the issue in wireless network?please reply .
  Thanks and regards
  By
  D.Anbudurai

  WIRELESS > 802.11 > RRM
  How can do that setting ? Can you reply with
  some brief steps? And also I want to know how
  many clients can connect in wireless network at
  a time exactly through cisco aps?
  Thanks and regards
  d.anbudurai

• ConfigMgr Clients connection over direct access.

  My test client machine is running Windows 8.1 and connecting to network through Direct Access. I am running SCCM 2012 R2 on Windows Server 2012.
  Test Machine: NYWIN8
  SCCM Server: SCCM01
  Domain: demo.local
  I would like to understand how configmgr handles clients connecting through direct access. What all functionality is available for such clients?
  On my client machine is see following errors:
  FSPSTATEMESSAGE.LOG
  Failed in WinHttpSendRequest API, ErrorCode = 0x2ee7
  [CCMHTTP] ERROR: URL=HTTP://SCCM01.demo.local/SMS_FSP/.sms_fsp, Port=80, Options=480, Code=12007, Text=ERROR_WINHTTP_NAME_NOT_RESOLVED
  POLICYAGENT.LOG
  Policy
  http://SCCM01.demo.local/SMS_MP/.sms_pol?WRC10000.SHA256:BE60C5A54E508758261E6EDAE80AB21576A214309B9E1E19EE1D5A96C4508EC4 is not available.
  DATATRANSFERSERVICE.LOG
  DTS job {E6FAADEE-F22E-4E89-92EE-C2D9C10C3056} BITS job {9C444FAB-FD3C-4A6B-B8A4-81DA159E4E45} failed to download source file
  http://SCCM01.demo.local:80/SMS_MP/.sms_pol?WRC10000.SHA256:BE60C5A54E508758261E6EDAE80AB21576A214309B9E1E19EE1D5A96C4508EC4 to destination C:\Windows\CCM\Temp\{C9AA0DDC-BD37-442D-A00E-EE7404D47C12}.tmp with error 0x80190194
  DTS job {E6FAADEE-F22E-4E89-92EE-C2D9C10C3056} BITS job {9C444FAB-FD3C-4A6B-B8A4-81DA159E4E45} partially completed 0/1 with error 0x80190194 context 5
  Software Catalog Update Endpoint
  Failed to open portal registry key 'Software\Policies\Microsoft\CCM'. maybe haven't been created yet. Error 0x80070002
  WEDMTRACE.LOG
  No CCM Identification blob
  CAS.LOG
  The number of discovered DPs(including Branch DP and Multicast) is 0
  SMSCLIUI.LOG
  Failed to set DNSSuffix value to the registry.
  Are there any issues due to connecting using direct access?

  When I try to deploy any software (7-ZIP or Notepad++) to this client I get following error:
  The software change returned error code 0x87D00607(-2016410105).
  I can deploy same software fine to other machines connecting on LAN.
  Server Logs:
  Portlctl
  PORTALWEB's previous status was 0 (0 = Online, 1 = Failed, 4 = Undefined)
  PORTALWEBs http check returned hr=0, bFailed=0
  awbsctl
  AWEBSVCs http check returned hr=0, bFailed=0
  AWEBSVC's previous status was 0 (0 = Online, 1 = Failed, 4 = Undefined)
  Client Logs:
  CAS
  The number of discovered DPs(including Branch DP and Multicast) is 0
  CCMEVAL
  Client's current MP is http://SCCM01.DEMO.local and is accessible
  ClientLocation
  Current AD forest name is Demo.local, domain name is Demo.local
  Domain joined client is in Intranet
  Rotating assigned management point, new management point [1] is: SCCM01.demo.local (7958) with capabilities: <Capabilities SchemaVersion="1.0"><Property Name="SSLState" Value="0"/></Capabilities>
  Assigned MP changed from <SCCM01.demo.local> to <SCCM01.demo.local>.
  ContentTransferManager
  No data since 11/13/2013
  CTM job {F6085C09-4C39-489E-A6F6-2C268398B7F2} successfully processed download completion.
  DataTransfer
  DTS job {B227AB6E-6D0F-4709-B8C6-AA8B66CBBE2D} BITS job {AE61D01C-E251-45FA-8B2C-2E22DDD91016} failed to download source file
  http://SCCM01.demo.local:80/SMS_MP/.sms_pol?WRC10000.SHA256:BE60C5A54E508758261E6EDAE80AB21576A214309B9E1E19EE1D5A96C4508EC4 to destination C:\Windows\CCM\Temp\{22619283-47B1-445A-9262-C1FA54AD0F64}.tmp with error 0x80190194
  DTS job {B227AB6E-6D0F-4709-B8C6-AA8B66CBBE2D} BITS job {AE61D01C-E251-45FA-8B2C-2E22DDD91016} partially completed 0/1 with error 0x80190194 context 5
  Filebits
  BranchCache Is Not Enabled
  Failed to check PeerDistribution status. NOT able to do branch cache.
  FSPSTATEMESSAGE
  Failed in WinHttpSendRequest API, ErrorCode = 0x2ee7
  [CCMHTTP] ERROR: URL=HTTP://SCCM01.demo.local/SMS_FSP/.sms_fsp, Port=80, Options=480, Code=12007, Text=ERROR_WINHTTP_NAME_NOT_RESOLVED
  Successfully sent location services HTTP failure message.
  InternetProxy
  Failed to get proxy for url 'HTTP://SCCM01.demo.local/SMS_FSP/.sms_fsp'. Error 0x87d00215
  InventoryAgent
  Inventory: 9 Collection Task(s) failed.
  SCCLIENT
  Event maps to notification type = Application Enforcement Failed   (Microsoft.SoftwareCenter.Client.Data.WmiConnectionManager at EventWatcher_EventArrived)
  SMSCLIUI
  Failed to set DNSSuffix value to the registry.
  IPCONFIG /ALL from CLIENT:
  Windows IP Configuration
     Host Name . . . . . . . . . . . . : NYWIN8
     Primary Dns Suffix  . . . . . . . : demo.local
     Node Type . . . . . . . . . . . . : Hybrid
     IP Routing Enabled. . . . . . . . : No
     WINS Proxy Enabled. . . . . . . . : No
     DNS Suffix Search List. . . . . . : demo.local
     System Quarantine State . . . . . : Not Restricted
  Ethernet adapter vEthernet (Internal):
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter #3
     Physical Address. . . . . . . . . : 00-15-5D-01-0B-07
     DHCP Enabled. . . . . . . . . . . : Yes
     Autoconfiguration Enabled . . . . : Yes
     Link-local IPv6 Address . . . . . : fe80::d3f:4e51:c648:7b26%26(Preferred)
     Autoconfiguration IPv4 Address. . : 169.254.123.38(Preferred)
     Subnet Mask . . . . . . . . . . . : 255.255.0.0
     Default Gateway . . . . . . . . . :
     DHCPv6 IAID . . . . . . . . . . . : 872420701
     DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-EA-A9-CE-E0-DB-55-D2-5E-59
     DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                         fec0:0:0:ffff::2%1
                                         fec0:0:0:ffff::3%1
     NetBIOS over Tcpip. . . . . . . . : Enabled
  Ethernet adapter vEthernet (External):
     Connection-specific DNS Suffix  . : home
     Description . . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter #2
     Physical Address. . . . . . . . . : 84-A6-C8-AF-03-DE
     DHCP Enabled. . . . . . . . . . . : Yes
     Autoconfiguration Enabled . . . . : Yes
     Link-local IPv6 Address . . . . . : fe80::9cb5:5132:1f47:e7c6%24(Preferred)
     IPv4 Address. . . . . . . . . . . : 192.168.1.5(Preferred)
     Subnet Mask . . . . . . . . . . . : 255.255.255.0
     Lease Obtained. . . . . . . . . . : Thursday, January 2, 2014 1:27:53 PM
     Lease Expires . . . . . . . . . . : Saturday, January 4, 2014 12:27:55 PM
     Default Gateway . . . . . . . . . : 192.168.1.1
     DHCP Server . . . . . . . . . . . : 192.168.1.1
     DHCPv6 IAID . . . . . . . . . . . : 730113736
     DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-EA-A9-CE-E0-DB-55-D2-5E-59
     DNS Servers . . . . . . . . . . . : 192.168.1.1
     NetBIOS over Tcpip. . . . . . . . : Enabled
  Wireless LAN adapter Local Area Connection* 3:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
     Physical Address. . . . . . . . . : 84-A6-C8-AF-03-DF
     DHCP Enabled. . . . . . . . . . . : Yes
     Autoconfiguration Enabled . . . . : Yes
  Ethernet adapter Bluetooth Network Connection:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
     Physical Address. . . . . . . . . : 84-A6-C8-AF-03-E2
     DHCP Enabled. . . . . . . . . . . : Yes
     Autoconfiguration Enabled . . . . : Yes
  Ethernet adapter Ethernet:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . : home
     Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
     Physical Address. . . . . . . . . : E0-DB-55-D2-5E-59
     DHCP Enabled. . . . . . . . . . . : Yes
     Autoconfiguration Enabled . . . . : Yes
  Tunnel adapter isatap.home:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . : home
     Description . . . . . . . . . . . : Microsoft ISATAP Adapter
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
  Tunnel adapter iphttpsinterface:
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : iphttpsinterface
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
     IPv6 Address. . . . . . . . . . . : fd64:fc00:d17b:1000:e1a7:9cc8:c3c7:d819(Preferred)
     Temporary IPv6 Address. . . . . . : fd64:fc00:d17b:1000:c598:7f17:e286:369d(Preferred)
     Link-local IPv6 Address . . . . . : fe80::e1a7:9cc8:c3c7:d819%10(Preferred)
     Default Gateway . . . . . . . . . :
     DHCPv6 IAID . . . . . . . . . . . : 369098752
     DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-EA-A9-CE-E0-DB-55-D2-5E-59
     NetBIOS over Tcpip. . . . . . . . : Disabled
  Tunnel adapter isatap.{DC7D2C63-1506-49EC-A40F-AA4E56DE4001}:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes

• Certificate error when Lync client login through VPN connection

  Hello,
  I am using the certificates from internal cert authority on Lync 2013 frontend servers and on edge server internal network. Edge external is using a third part certificate.
  The users always use MS VPN connection when work remotely. We have multiple subnets in the company so "use default gateway on remote network" is enabled for routing.
  When the users try to log in Lync client from non-domain joined computers while on VPN, they can't log in and get certificate error. It is hard to import the internal certificate on the computers.
  What change do I need to do to the Lync certificates? Thanks

  You have a few options:
  1) You could attempt to hardcode the client so that it always connects through the edge.  This can be done through tools->options->personal->advanced->manual configuration (but you may have to hardcode the FQDN in your hosts file so it doesn't
  attempt to resolve via internal DNS).  This may not work since your firewall may not be too happy with "internal" traffic leaving and coming back through the edge.
  2) Write a script that helps automate the certificate installation and try to walk users through it.
  3) Bite the bullet and use a third party certificate on the internal servers.
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
  SWC Unified Communications

• How can I know which clients are connected to my network through express and which are connected through extreme?

  I have an airport express extending, through wireless, a network provided by an airport extreme. How can I know which clients are connected to my network through express and which are connected through extreme?
  Here you can see both routers:
  I would expect to some clients connected to the express, other than the extreme. And that's all I see: only the airport extreme appears as client of the airport express.
  Below, one can see the summary of the config for both routers.
  Would somebody explain it?
  Thanks,
  Marcelo
  Message was edited by: Marcelão

  please disregard this answer.
  Message was edited by: Marcelão

• BO -  Problem to connect through windows client

  Server OS: Windows Server 2003 SP2
  BOE Version: XI Release 2
  Client SO: Windows XP Professional SP2
  DB: Oracle 10 v 10.2
  Problem:
  I have a BOE XI Release 2 installed on a server and if I try to connect via WEB everything is perfect but when I try to connect using windows clients (Designer, DESKiu2026)
  I am getting the following error:
  " No se puede acceder al repositorio. (USR0013)"
  u201C[repo_proxy 13] SessionFacade::openSessionLogon with user info has failed(Error en el transporte: Fallo en la comunicación.(hr=#0x80042a01)u201D
  I'm using the standard port which is the 6400.
  I hope your comments.
  Thanks!

  Hi,
    Are you using any authentication ?
  If you are using LDAP, then try this...
  Symptom
  Error logging onto Desktop Intelligence or Designer using LDAP authentication:
  "(USR0013) [repo_proxy 13] SessionFacade::openSessionLogon with user info has failed (The LDAP authentication could not log you on.) Verify your logon information. If your account is under a different domain as o=u2026, please enter your dn (hr=#0x80042a01)."
  Reproducing the Issue
  Configure LDAP authentication
  Error appears from a client computer running Desktop Intelligence or Designer
  Logon to Desktop Intelligence or Designer on the server works
  Cause
  LDAP authentication from the client connects directly to the LDAP directory without passing the CMS
  The server has been configured on the firewall, but not the client computer
  Resolution
  Configure the firewall for the client machines to pass, so that they can reach the LDAP directory

• RMI Connection Refused through Firewall

  Hi,
  I am having problems making an RMI connection through a firewall. On the server outside the firewall I have my servlet application running in an OC4J container and inside the firewall I have an EJB listening on port 6666. I have setup the firewall to allow connections through on port 6666. If I telnet from the machine outside the firewall on port 6666 I am able to make a connection to the EJB. So I know the firewall has been setup to handle the connection.
  I run the servlet application and when it tries to make the connection it gives an error:
  javax.naming.NamingException: Lookup error: java.net.ConnectException: Connection refused; nested exception is:
  java.net.ConnectException: Connection refused
  When I do a snoop on the external machine to see what data is trying to be sent to the internal machine there is no data. When doing the telnet test there was data.
  I have the same servlet application deployed on a machine internally and it is able to make a connection to the EJB. The only problem is either the configuration of the application server on the external machine or the firewall configuration.
  Anyone able to help me see what I am missing?
  Thanks
  Shawn Clark

  not sure what you mean by having a 'EJB listening' on port 6666. Do you mean actually having a socket listening within the EJB code? If so then that is a suspicious EJB activity.
  If not then i guess you mean the ORMI listening port of the OC4J application. This is normally set on port 23791 to allow the RMI communication to flow.
  -lp