Closed ports on an open firewall w/ port forwarding enabled.
I'm running a closed network for my game development club and I need to be able to have each computer be able to communicate with each other for when the group tests out their new multiplayer games.
I decided to set up Arch as the operating system since they use Lenovo Thinkcentre M92p's right now. I also set up a seperate network server with Arch to take care of networking issues between the computers and because we aren't allowed to use the campus bandwidth.
The server has its own dhcp server running (dhcpd) and iptables set up to allow any and all connections. The computers have exactly the same iptables setup as well.
I've done basic scans of the computers using nmap and it always comes back with
Nmap scan report for localhost.localdomain (127.0.0.1)
Host is up (0.00033s latency).
All 1000 scanned ports on localhost.localdomain (127.0.0.1) are closed
If I try to scan the other computers, the report is no different. I've set iptables to accept incoming connections, wouldn't nmap say all ports are open?
Last edited by Jakkin (2014-11-04 03:09:56)
I know dhcp servers don't open ports, mainly they just provide IP addresses to computers on the network.
I have ssh installed on all the computers (including the server), but the only computer that shows up on nmap is the server itself.
Its kinda embarrassing, but how I found out about the port problem was from testing the network using TF2. When I used my Netgear router as the dhcp server, TF2 worked perfectly. Since I've migrated to the new server and disabled dhcp on my router, TF2 hasn't worked. The computers can see each other, but, other then sshing into the server, they can't seem to connect to each other.
Last edited by Jakkin (2014-11-04 05:15:00)
Similar Messages
-
What inetd services causes port to be opened?
Hello.
I'd like to find out, what inetd-controlled service is causing a certain port to be opened by inetd. In particular, I'd like to know, why port 6112 is opened.
adm@winds02 ~ $ getent services 6112
dtspc 6112/tcpThis means, that "dtspc" is assigned port 6112, doesn't it?
adm@winds02 ~ $ inetadm | grep dts
enabled maintenance svc:/network/dtspc/tcp:default
adm@winds02 ~ $ inetadm -l svc:/network/dtspc/tcp:default
SCOPE NAME=VALUE
name="dtspc"
endpoint_type="stream"
proto="tcp"
isrpc=FALSE
wait=FALSE
exec="/usr/dt/bin/dtspcd"
arg0="/usr/dt/bin/dtspcd"
user="root"
default bind_addr=""
default bind_fail_max=-1
default bind_fail_interval=-1
default max_con_rate=-1
default max_copies=-1
default con_rate_offline=-1
default failrate_cnt=40
default failrate_interval=60
default inherit_env=TRUE
default tcp_trace=FALSE
default tcp_wrappers=FALSENow I'm disabling dtspc and run pcp <http://www.unix.ms/pcp/> again:
adm@winds02 ~ $ sudo bin/./pcp -p 6112
PID Process Name and Port
274 /usr/lib/inet/inetd 6112
sockname: AF_INET 0.0.0.0 port: 6112
1546 /usr/lib/inet/inetd 6112
sockname: AF_INET 0.0.0.0 port: 6112
1595 /usr/lib/inet/inetd 6112
sockname: AF_INET 0.0.0.0 port: 6112
_________________________________________________________Question: Why is port 6112 still open?
adm@winds02 ~ $ inetadm
ENABLED STATE FMRI
disabled disabled svc:/application/x11/xfs:default
enabled online svc:/application/font/stfsloader:default
disabled disabled svc:/application/print/rfc1179:default
enabled online svc:/network/rpc/gss:default
disabled disabled svc:/network/rpc/cde-calendar-manager:default
enabled online svc:/network/rpc/cde-ttdbserver:tcp
enabled online svc:/network/rpc/ocfserv:default
disabled disabled svc:/network/rpc/smserver:default
disabled disabled svc:/network/rpc/mdcomm:default
enabled online svc:/network/rpc/meta:default
disabled disabled svc:/network/rpc/metamed:default
enabled online svc:/network/rpc/metamh:default
disabled disabled svc:/network/rpc/rex:default
enabled online svc:/network/rpc/rstat:default
disabled disabled svc:/network/rpc/rusers:default
disabled disabled svc:/network/rpc/spray:default
disabled disabled svc:/network/rpc/wall:default
enabled online svc:/network/security/ktkt_warn:default
disabled disabled svc:/network/security/krb5_prop:default
disabled disabled svc:/network/swat:default
enabled online svc:/network/cde-spc:default
enabled online svc:/network/tname:default
enabled online svc:/network/telnet:default
enabled online svc:/network/nfs/rquota:default
disabled disabled svc:/network/uucp:default
disabled disabled svc:/network/chargen:dgram
disabled disabled svc:/network/chargen:stream
disabled disabled svc:/network/daytime:dgram
disabled disabled svc:/network/daytime:stream
disabled disabled svc:/network/discard:dgram
disabled disabled svc:/network/discard:stream
disabled disabled svc:/network/echo:dgram
disabled disabled svc:/network/echo:stream
disabled disabled svc:/network/time:dgram
disabled disabled svc:/network/time:stream
enabled online svc:/network/ftp:default
disabled disabled svc:/network/comsat:default
disabled disabled svc:/network/finger:default
disabled disabled svc:/network/login:eklogin
disabled disabled svc:/network/login:klogin
enabled online svc:/network/login:rlogin
enabled online svc:/network/rexec:default
enabled online svc:/network/shell:default
disabled disabled svc:/network/shell:kshell
disabled disabled svc:/network/talk:default
disabled disabled svc:/network/stdiscover:default
disabled disabled svc:/network/stlisten:default
enabled online svc:/network/rpc-100083_1/rpc_tcp:default
enabled online svc:/network/rpc-100235_1/rpc_ticotsord:default
disabled disabled svc:/network/dtspc/tcp:default
enabled online svc:/network/rpc-100068_2-5/rpc_udp:default
disabled disabled svc:/network/bpcd/tcp:default
disabled disabled svc:/network/vnetd/tcp:default
disabled disabled svc:/network/vopied/tcp:default
disabled disabled svc:/network/bpjava-msvc/tcp:default
disabled disabled svc:/network/swat/tcp:defaultThanks a lot,
AlexanderDarren_Dunham,
Even if something's binding to port 6112 in a ngz, why should that matter to the global zone? After all, those are different IPs, and binding means, that something binds to an IP+Port combination (or NIC+Port).So they are. But Zones have a different concept of "ADDR_ANY" than the global zone does, and this difference is not readily apparent in 'pfiles' output.
So a ngz can run an application that binds to ADDR_ANY (0.0.0.0), but it's really bound only to the IP addresses visible inside the zone.
The thing is that from the global zone, 'ps' will see all the processes (including those in ngzs), and 'pfiles' will show that both processes are bound to the same port (and not via a specific IP address).
This document below is really focusing more on exclusive IP zones, but if you look at page 7 and page 8, it shows two normal processes joining a standard TCP stack and two processes in separate shared-IP zones using their own TCP stacks (with the crucial difference that the app can bind to 0.0.0.0 and get different IPs)
http://blogs.sun.com/aland/resource/ipinstances-svosug.pdf
Darren -
IChat AV does not work behind firewall even after opening up correct ports
Hi. I am trying to get my iChat setup so that I can do video and audio. It works fine when my mac is directly plugged into the cable modem. When I plug it into my firewall it will not connect. I have read many online manuals and forums and I have tried opening many ports etc on the fire wall. I am using a MBP thats running the latest software. This is clearly an external firewall issue because my MBP works fine without the firewall.
Here is what I have forwarded.
Ports to Open on Firewall.... BOLD LAN ports only.
TCP: 5220, 5222, 5223
UDP: 5060, 5297, 5353, 5678, 16384-16403
TCP/UDP: 5180, 5190, 5298
according to http://support.apple.com/kb/HT1507
It attempts to connect then fails. I have run it in terminal to try to catch the error logs and figure out what is going on. I have the complete error logs from three seperate attempts if that would help.
The firewall is a FreeBSD based firewall running pfsense. It is also controlling DHCP. My MBP is connecting to the network via a Time Capsule which has been set to not do DHCP and instead forward to the firewall/router. When my MBP connects it is always assigned the same IP based on its mac address. All the firewall rules are set to that IP. Any idea whats going on here?
http://www.pcmofo.com/pictures/ichatfirewall2.png
122748.533380 prepareConnection - remote VCConnectionData: 00db8200, local VCConnectionData: 00cd1a00
122748.533739 ICEStartConnectivityCheck(id[local:1 remote:2] count[local:3 remote:3] candidate[local:0x19BDF980 remote:0x19BD04C0] pair[0x00DBB800]
122748.533999 connectivity check thread start...(-1327992832)
122748.534908 *** Insert conn check events ***
122748.534933 event 192.168.1.17:16402->192.168.1.101:16402 expires 19.143084
122748.534949 event 192.168.1.17:16402->70.118.207.71:16402 expires 19.193084
122748.534963 event 66.24.234.152:56364->192.168.1.101:16402 expires 19.243084
122748.534976 event 192.168.1.17:16402->70.118.207.71:51255 expires 19.293084
122748.534989 event 66.24.234.152:55805->192.168.1.101:16402 expires 19.343084
122748.535003 event 66.24.234.152:56364->70.118.207.71:16402 expires 19.393084
122748.535030 event 66.24.234.152:55805->70.118.207.71:16402 expires 19.443084
122748.535048 event 66.24.234.152:56364->70.118.207.71:51255 expires 19.493084
122748.535062 event 66.24.234.152:55805->70.118.207.71:51255 expires 19.543084
122748.543505 Invoke delegate method vcc:initiateConferenceStartedForParty:(hippyjm2)
122748.543545 ### NEW STATE: to: VC_SIGNALING, from: VC_IDLE
122748.543608 initiateConferenceCallUsingConnectionDataWithErrorInfoToUser - start
122748.543629 Callee connection data 621 bytes. Caller connection data 621 bytes.
122748.543713 ( )( )( ) ---- <nil> valid returned 0
122748.543726 =========== OpenPorts!
122748.543779 RTP/RTCP ports for PayloadType 1 are 16402 and 16402
122748.543872 RTP vfd (102) accepts pkt (0010)
122748.543881 RTP vfd (103) accepts pkt (0040)
122748.543928 RTP/RTCP ports for PayloadType 0 are 16402 and 16402
122748.544086 RTP vfd (104) accepts pkt (0008)
122748.544097 RTP vfd (105) accepts pkt (0020)
122748.664918 selectedCamera returned Built-in iSight
122748.667540 * Caller SDP *
122748.668290 v=0
o=brett 0 0 IN %RTP-IP-AF% %RTP-IP%
s=pcmofo1
c=IN %RTP-IP-AF% %RTP-IP%
b=AS:2147483647
t=0 0
a=hwi:17412:2:2400
a=iChatEncryption:NO
m=audio %ARTP-PORT% RTP/AVP 110 121 12 3 0
a=rtcp:%ARTCP-PORT%
a=rtpmap:121 speex/16000
a=rtpmap:122 speex/8000
a=rtpmap:113 X-AAC_LD/44100
a=rtpmap:110 X-AAC_LD/22050
a=rtpmap:3 GSM/8000
a=rtpmap:0 PCMU/8000
a=rtpID:2622513995
m=video %VRTP-PORT% RTP/AVP 123 126 34
a=rtcp:%VRTCP-PORT%
a=rtpmap:123 H264/90000
a=rtpmap:126 X-H264/90000
a=rtpmap:34 H263/90000
a=fmtp:34 imagesize 1 rules 30:352:288
a=framerate:30
a=RTCP:AUDIO %ARTCP-PORT% VIDEO %VRTCP-PORT%
a=fmtp:126 imagesize 0 rules 20:640:480:640:480:20
a=fmtp:123 imagesize 0 rules 20:640:480:640:480:20
a=rtpID:3063294723
122748.668656 <<<<<<<<<< Conference initiation API version 2 >>>>>>>>>
122748.671623 join connectivity check thread(-1327992832)...
122748.684178 *** event (192.168.1.17:16402->192.168.1.101:16402) fired ***
122748.684349 BINDING_REQUEST to 192.168.1.101:16402 from 192.168.1.17:16402
122748.684361 OLD STATE(WAITING)->NEW STATE(TESTING)
122748.759544 queue full, avg delay 8.61 ms
122748.760193 queue full, avg delay 8.61 ms
122748.760793 queue full, avg delay 8.61 ms
122748.833412 *** event (192.168.1.17:16402->70.118.207.71:16402) fired ***
122748.833565 BINDING_REQUEST to 70.118.207.71:16402 from 192.168.1.17:16402
122748.833578 OLD STATE(WAITING)->NEW STATE(TESTING)
122748.982643 *** event (66.24.234.152:56364->192.168.1.101:16402) fired ***
122748.982740 BINDING_REQUEST to 192.168.1.101:16402 from 66.24.234.152:56364
122748.982749 OLD STATE(WAITING)->NEW STATE(TESTING)
122749.131799 *** event (192.168.1.17:16402->70.118.207.71:51255) fired ***
122749.132199 BINDING_REQUEST to 70.118.207.71:51255 from 192.168.1.17:16402
122749.132212 OLD STATE(WAITING)->NEW STATE(TESTING)
122749.281319 *** event (66.24.234.152:55805->192.168.1.101:16402) fired ***
122749.281476 BINDING_REQUEST to 192.168.1.101:16402 from 66.24.234.152:55805
122749.281490 OLD STATE(WAITING)->NEW STATE(TESTING)
122749.430647 *** event (66.24.234.152:56364->70.118.207.71:16402) fired ***
122749.430794 BINDING_REQUEST to 70.118.207.71:16402 from 66.24.234.152:56364
122749.430810 OLD STATE(WAITING)->NEW STATE(TESTING)
122749.579896 *** event (66.24.234.152:55805->70.118.207.71:16402) fired ***
122749.580130 BINDING_REQUEST to 70.118.207.71:16402 from 66.24.234.152:55805
122749.580158 OLD STATE(WAITING)->NEW STATE(TESTING)
122749.730792 *** event (66.24.234.152:56364->70.118.207.71:51255) fired ***
122749.730917 BINDING_REQUEST to 70.118.207.71:51255 from 66.24.234.152:56364
122749.730927 OLD STATE(WAITING)->NEW STATE(TESTING)
122749.879979 *** event (66.24.234.152:55805->70.118.207.71:51255) fired ***
122749.880147 BINDING_REQUEST to 70.118.207.71:51255 from 66.24.234.152:55805
122749.880160 OLD STATE(WAITING)->NEW STATE(TESTING)
122751.669238 ===== connectivity check retry =====
122751.669301 *** Insert conn check events ***
122751.669398 event 192.168.1.17:16402->192.168.1.101:16402 expires 22.277497
122751.669472 event 192.168.1.17:16402->70.118.207.71:16402 expires 22.327497
122751.669517 event 66.24.234.152:56364->192.168.1.101:16402 expires 22.377497
122751.669549 event 192.168.1.17:16402->70.118.207.71:51255 expires 22.427497
122751.669579 event 66.24.234.152:55805->192.168.1.101:16402 expires 22.477497
122751.669611 event 66.24.234.152:56364->70.118.207.71:16402 expires 22.527497
122751.669642 event 66.24.234.152:55805->70.118.207.71:16402 expires 22.577497
122751.669674 event 66.24.234.152:56364->70.118.207.71:51255 expires 22.627497
122751.669706 event 66.24.234.152:55805->70.118.207.71:51255 expires 22.677497
122751.719434 *** event (192.168.1.17:16402->192.168.1.101:16402) fired ***
122751.719949 BINDING_REQUEST to 192.168.1.101:16402 from 192.168.1.17:16402
122751.719970 OLD STATE(TESTING)->NEW STATE(TESTING)
122751.869114 *** event (192.168.1.17:16402->70.118.207.71:16402) fired ***
122751.869267 BINDING_REQUEST to 70.118.207.71:16402 from 192.168.1.17:16402
122751.869278 OLD STATE(TESTING)->NEW STATE(TESTING)
122752.018363 *** event (66.24.234.152:56364->192.168.1.101:16402) fired ***
122752.018599 BINDING_REQUEST to 192.168.1.101:16402 from 66.24.234.152:56364
122752.018626 OLD STATE(TESTING)->NEW STATE(TESTING)
122752.167753 *** event (192.168.1.17:16402->70.118.207.71:51255) fired ***
122752.168144 BINDING_REQUEST to 70.118.207.71:51255 from 192.168.1.17:16402
122752.168174 OLD STATE(TESTING)->NEW STATE(TESTING)
122752.317336 *** event (66.24.234.152:55805->192.168.1.101:16402) fired ***
122752.317448 BINDING_REQUEST to 192.168.1.101:16402 from 66.24.234.152:55805
122752.317458 OLD STATE(TESTING)->NEW STATE(TESTING)
122752.466531 *** event (66.24.234.152:56364->70.118.207.71:16402) fired ***
122752.467779 BINDING_REQUEST to 70.118.207.71:16402 from 66.24.234.152:56364
122752.467831 OLD STATE(TESTING)->NEW STATE(TESTING)
122752.616938 *** event (66.24.234.152:55805->70.118.207.71:16402) fired ***
122752.617268 BINDING_REQUEST to 70.118.207.71:16402 from 66.24.234.152:55805
122752.617290 OLD STATE(TESTING)->NEW STATE(TESTING)
122752.766342 *** event (66.24.234.152:56364->70.118.207.71:51255) fired ***
122752.766479 BINDING_REQUEST to 70.118.207.71:51255 from 66.24.234.152:56364
122752.766488 OLD STATE(TESTING)->NEW STATE(TESTING)
122752.915604 *** event (66.24.234.152:55805->70.118.207.71:51255) fired ***
122752.915744 BINDING_REQUEST to 70.118.207.71:51255 from 66.24.234.152:55805
122752.915760 OLD STATE(TESTING)->NEW STATE(TESTING)
122754.555966 (ICEConnCheck.c:200) connectivity check timed out...
122754.556079 (ICEConnCheck.c:553) RecvAndProcess failed (80150017)
122754.556257 (ICEConnCheck.c:635) Connectivity check returned (80150017)
122754.556707 connectivity check thread(-1327992832) end...(80150017).
122754.556770 Retry using classic invitation sequence.
122754.557007 <<<<<<<<<< Conference initiation API version 1 >>>>>>>>>
122754.557470 [ipAndPortData length] = 120
122754.557487 Length is valid: YES
122754.557553 CALLEE: ifname=[en0], IP=[192.168.1.101:16402]
122754.557593 CALLEE: ifname=[external], IP=[70.118.207.71:16402]
122754.557626 CALLEE: ifname=[], IP=[70.118.207.71:51255]
2009-02-25 12:27:54.557 iChat[3822:16b13] IPAndPortList: (
ip = "192.168.1.101";
port = 16402;
ip = "70.118.207.71";
port = 16402;
ip = "70.118.207.71";
port = 51255;
122754.558711 SIPConnect start...
122754.558751 ER_AddFilter (2): Adding [hippyjm2]->[u0]
122754.558915 ER_AddFilter (3): Adding [192.168.1.17]->[lip]
122754.558928 ER_AddFilter (4): Adding [192-168-1-17]->[lip]
122754.558940 ER_AddFilter (5): Adding [192.168.1.101]->[rip]
122754.558950 ER_AddFilter (6): Adding [192-168-1-101]->[rip]
122754.559148 TAInviteClientProc Thread start...
122754.559226 ( )( )( )( )( ) TP IS BINARY? (0)
122754.559409 Send to 192.168.1.101:16402 [INVITE sip:[email protected]:16402 SIP/2.0
Via: SIP/2.0/UDP 192.168.1.17:16402;branch=z9hG4bK6992bc811ae8a816
Max-Forwards: 70
To: "hippyjm2" <sip:[email protected]:16402>
From: "pcmofo1" <sip:[email protected]:16402>;tag=849924252
Call-ID: a2ca937e-0361-11de-bfd8-b95bc9334012@192-168-1-17
CSeq: 1 INVITE
Contact: <sip:[email protected]:16402>;isfocus
User-Agent: Viceroy 1.3
Content-Type: application/sdp
Content-Length: 724
v=0
o=brett 0 0 IN IP4 192.168.1.17
s=pcmofo1
c=IN IP4 192.168.1.17
b=AS:2147483647
t=0 0
a=hwi:17412:2:2400
a=iChatEncryption:NO
a=bandwidthDetection:YES
m=audio 16402 RTP/AVP 110 121 12 3 0
a=rtcp:16402
a=rtpmap:121 speex/16000
a=rtpmap:122 speex/8000
a=rtpmap:113 X-AAC_LD/44100
a=rtpmap:110 X-AAC_LD/22050
a=rtpmap:3 GSM/8000
a=rtpmap:0 PCMU/8000
a=rtpID:2622513995
m=video 16402 RTP/AVP 123 126 34
a=rtcp:16402
a=rtpmap:123 H264/90000
a=rtpmap:126 X-H264/90000
a=rtpmap:34 H263/90000
a=fmtp:34 imagesize 1 rules 30:352:288
a=framerate:30
a=RTCP:AUDIO 16402 VIDEO 16402
a=fmtp:126 imagesize 0 rules 20:640:480:640:480:20
a=fmtp:123 imagesize 0 rules 20:640:480:640:480:20
a=rtpID:3063294723
122755.060001 ( )( )( )( )( ) TP IS BINARY? (0)
122755.060709 Send to 192.168.1.101:16402 [INVITE sip:[email protected]:16402 SIP/2.0
Via: SIP/2.0/UDP 192.168.1.17:16402;branch=z9hG4bK6992bc811ae8a816
Max-Forwards: 70
To: "hippyjm2" <sip:[email protected]:16402>
From: "pcmofo1" <sip:[email protected]:16402>;tag=849924252
Call-ID: a2ca937e-0361-11de-bfd8-b95bc9334012@192-168-1-17
CSeq: 1 INVITE
Contact: <sip:[email protected]:16402>;isfocus
User-Agent: Viceroy 1.3
Content-Type: application/sdp
Content-Length: 724
v=0
o=brett 0 0 IN IP4 192.168.1.17
s=pcmofo1
c=IN IP4 192.168.1.17
b=AS:2147483647
t=0 0
a=hwi:17412:2:2400
a=iChatEncryption:NO
a=bandwidthDetection:YES
m=audio 16402 RTP/AVP 110 121 12 3 0
a=rtcp:16402
a=rtpmap:121 speex/16000
a=rtpmap:122 speex/8000
a=rtpmap:113 X-AAC_LD/44100
a=rtpmap:110 X-AAC_LD/22050
a=rtpmap:3 GSM/8000
a=rtpmap:0 PCMU/8000
a=rtpID:2622513995
m=video 16402 RTP/AVP 123 126 34
a=rtcp:16402
a=rtpmap:123 H264/90000
a=rtpmap:126 X-H264/90000
a=rtpmap:34 H263/90000
a=fmtp:34 imagesize 1 rules 30:352:288
a=framerate:30
a=RTCP:AUDIO 16402 VIDEO 16402
a=fmtp:126 imagesize 0 rules 20:640:480:640:480:20
a=fmtp:123 imagesize 0 rules 20:640:480:640:480:20
a=rtpID:3063294723
122755.060967 Dialog(CREATED) Match(STATUS) [a2ca937e-0361-11de-bfd8-b95bc9334012@192-168-1-17]=[a2ca937e-0361-11de-bfd8-b9 5bc9334012@192-168-1-17], [849924252]=[849924252]
122755.061036 TAInviteClientProc Thread end(C00F0041)...
122755.061117 SIPConnect stop(900A002D)...
122755.061188 SIP connect returned 45
122755.061202 ###### Unknown return code from SIPConnect (45)
122755.061560 SIPCloseCall start...
122755.061604 (SIP.c:3666) Cannot find call ID(2)
122755.061624 SIPCloseCall stop(800C0016)...
122755.062019 ### NEW STATE: to: VC_IDLE, from: VC_SIGNALING
122755.062050 ++++++++ confStatusMapRemoveAll
122755.062066 ( ) -- mapUserIDToSecurityInfo cleared --
122755.062090 Preparing to send VCInitiateConferenceCompleted
122755.062179 Invoke delegate method vcc:initiateConferenceCompletedForParty:(hippyjm2) - retcode: -7
122755.382412 MULTIPOINT VC_API OVERRIDE: endConference
122755.382450 userIDToCallIDMap count = 0
122755.386540 Found 1 cameras:
122755.386587 Built-in iSight - 18446744073663414272
122755.386615 selectedCamera returned Built-in iSight
122755.391808 Microphone devices:
122755.391833 Camera_HasAudio = 0
122755.391902 Internal microphone
122755.391965 Line In
122755.392025 selectedCamera returned Built-in iSight
122755.392050 selectedCamera returned Built-in iSight
122755.392199 Selected mic: Built-in Microphone / imic
122755.691701 Connection closed from the child process
122755.697384 cancelPreview returned 0
122755.701478 Selected microphone is Internal microphone.
122759.261758 Get error report.
122759.261794 Filters: 7/20
122759.261802 - [Brett [email protected]](22) ==> [0](1)
122759.261809 - [pcmofo1](7) ==> [0](1)
122759.261816 - [hippyjm2](8) ==> [u0](2)
122759.261822 - [192.168.1.17](12) ==> [lip](3)
122759.261829 - [192-168-1-17](12) ==> [lip](3)
122759.261835 - [192.168.1.101](13) ==> [rip](3)
122759.261842 - [192-168-1-101](13) ==> [rip](3)I opened all of the right ports. it seems my firewall was randomizing outgoing ports as a security feature and this was messing with the SIP protocol creating a successful connection. I set my outgoing port to be static and now everything works fine!
-
How to open TCP Port on my RV220 Firewall router?
Hello,
I have a windows 8 server for a LAN. This has a Cisco RV220W Firewall which is connected to the T1 router. In order to host a 3rd party video conferencing software I need to have the TCP 1935 port open.
I tried the following -
1. Logged into my RV220W and added a rule using Manage Firewall Rules (Firewall-Access Control-Custome Services). Here I added a rule for TCP start port 1935 and Finish port 1935.
2. Then I added an inbound rule on my Windows 8 server to open TCP 1935.
However when I tested it using porttest.net, it said TCP 1935 is still closed. Can someone please let me know how can I open TCP 1935 port?
Thanks,
AbhiHello
your steps seems to be fine at first look, but somewhere in that chain there is probably something broken.
what kind of service is on that server port?
are you able to open connection from outside with telnet to Router WAN IP and port? example test from outside/internet:
telnet X.X.X.X YYYY
where X.X.X.X is WAN IP of Router and YYYY is port number.
You can confirm that port forwarding is working on both devices:
you can try to connect with computer between Router and Firewall and try that port on firewall.
if previous test works, then for testing purposes move server to subnet between Router and Firewall and perform connectivity test from internet. -
What are the ports need to open at firewall
What are the ports need to open at firewall to access Oracle EBS R12 through internet?
All these following ports need to open at firewall??
Database Port : 1521
RPC Port : 1626
Web SSL Port : 4443
ONS Local Port : 6100
ONS Remote Port : 6200
ONS Request Port : 6500
Web Listener Port : 8000
Active Web Port : 8000
Forms Port : 9000
Metrics Server Data Port : 9100
Metrics Server Request Port : 9200
JTF Fulfillment Server Port : 9300
MSCA Server Port : 10200-10205
MCSA Telnet Server Port : 10200,10202,10204
MSCA Dispatcher Port : 10800
Java Object Cache Port : 12345
OC4J JMS Port Range for Oacore : 23000-23004
OC4J JMS Port Range for Forms : 23500-23504
OC4J JMS Port Range for Home : 24000-24004
OC4J JMS Port Range for Oafm : 24500-24504
OC4J AJP Port Range for Oacore : 21500-21504
OC4J AJP Port Range for Forms : 22000-22004
OC4J AJP Port Range for Home : 22500-22504
OC4J AJP Port Range for Oafm : 25000-25004
OC4J RMI Port Range for Oacore : 20000-20004
OC4J RMI Port Range for Forms : 20500-20504
OC4J RMI Port Range for Home : 21000-21004
OC4J RMI Port Range for Oafm : 25500-25504
DB ONS Local Port : 6300
DB ONS Remote Port : 6400
Oracle Connection Manager Port : 1521 -
Apple's Firewall opens the wrong ports!
This is a follow up question to a problem posted in another forum here. There are a couple of screenshots in the last post that illustrate the problem.
In System Preferences > Sharing > Firewall, checking Apple Remote Desktop opens TCP and UDP ports 3238. The problem is that Apple Remote Desktop needs ports 3283 (not 3238 - note the last two digits are transposed) and 5900. I've already worked around this issue by creating a new firewall entry that opens the correct ports, but I'd really like to get my Sharing Preferences corrected. Plus it bothers me that I can't block port 3238 by unchecking Apple Remote Desktop since that will prevent ARD from working, even though it opens the wrong ports.
This isn't really an Apple Remote Desktop problem, it's something wrong with the firewall in this system's version of OS X. Any idea how I can fix it, other than the ugly workaround I'm using, and short of reinstalling OS X?Editing the .plist file is easy with xcode's Property List Editor, which I just installed. However, before I did that I simply copied a "correct" /Library/Preferences/com.apple.sharing.firewall.plist file from another computer. That was even easier
-
Can I open a port range in the firewall for one host?
Can I open a port range in the firewall for one host? In other words, I want to be able to open ports 54001 to 54050 to allow one remote host in my LAN to access that port range in my Mac Server. Is this possible? Currently, the only option I see is to open individual ports for all external hosts (eg http or https)
Thanks in advance!Which version of OS X Server are you using?
Server 2.2 and earlier includes an interface to a software firewall that can be configured to open specific ports very easily. Descriptions of how to configure the firewall can be found in the documentation for these versions.
Server 3.x no longer has an interface to the software firewall - it is still there, but you need to use other methods do configure it. A popular example of such a method is the icefloor utility.
Apple suggest that for Server 3 you delegate firewall duties to an external router. Server 3 includes the ability to configure the firewall component of Apple Airport routers 'automatically'
if you connect a machine running Server 3 directly to an Airport Router the router appears in the LH pane in the Server.app window (usually second line, below the entry for the server itself), and you can control what services are 'enabled' through the firewall there.
a more common solution perhaps is to use a non-apple router, and configure the firewall (and so open specific ports) through whatever control interface is provided for that router. There are many many kinds of hardware router you could use, and the control interfaces used vary widely - so you will have to consulting the documentation for your own router to work out how to do this.
If you post information about your software versions, and hardware configuration, it is possible that you can get more specific help with the tasks involved in opening the ports.
Hope this helps. -
Hi,
A SQL2012 R2 Express server with reporting services (SSL enabled) is setup on a DMZ zone, the client is on a Trusted zone
Port 80 + 443 should be open but 1443 is necessary or not ?
Beside it will use the windows native authentication so 113 for authentication service is necessary ?
Thanks
Authentication ServiceHello,
If both Database Engine and Reporting Service running on the same machine then you don't need to configure remote Access / open Firewall for the database engine.
See also: Configure a Firewall for Report Server Access
Olaf Helper
[ Blog] [ Xing] [ MVP] -
How do you open a port in OSX's firewall?
Hello,
I'm trying to figure out how to open a port in OSX's firewall. I'm trying to use Bits on Wheels or Bit Torrent to download show's from Revision3.com (they distribute their shows via bitorrent). I'm not getting very much speed in downloading my files, which typically means that I'm not uploading as fast as I should. I searched this problem and everything I've read says that I need to open a range of ports in my firewall.
I have a DSL connection which does not use a router, just a direct connection to a DSL modem. Therefore I'm only using the software firewall from MacOSX 10.4.10.
So how does one open a range of ports?
Thanks,
Jeffsystem prefs-->sharing--> firewall tab.
click 'New'
Port name other
tcp port numbers 6881-6889
description Bittorrent -
IBCM SCCM 2012 r2 DO WE HAVE TO OPEN PORT 8531 IN EXTERNAL firewall
Hi All
IBCM SCCM 2012 r2 DO WE HAVE TO OPEN PORT 8531 IN EXTERNAL firewall for our site syatem in DMZ with role MP,sup &DPI agree, for IBCM you need SSL.
But as far as i know your Update Point isn't forced to run on SSL (8531) unless you tick your Update point with "Require SSL" within your update point configuration - which ofcourse is the idael configuration.
And if that's the case it's running 8530.
That's true, but for IBCM, as Peter pointed out HTTPS is required. Thus, if you don't configure your WSUS instance to run using SSL, I doubt that it will work simply because the client agent will be "smart" enough to see that you don't have an SSL
capable WSUS instance and thus won't configure the WUA to use the non-SSL WSUS instance. I can't say I've tested this though, so it's possible that it works, but I doubt it.
Jason | http://blog.configmgrftw.com | @jasonsandys -
Ports to be opened on Outer firewall in DMZ
Hi,
We are planning for an Internet facing portals for which we are putting the SAP Web Dispatcher in the DMZ and the portal and backend systems behind the inner firewall. We have a EP7 connecting to ECC6 and BI systems.
Can anyone tell me if it is sufficient if we open the webdispatcher HTTP/HTTPS port on the outer firewall and the integrated ITS & WAS ports on the inner firewall ?
In short what all ports do i need to open on inner and outer firewalls of DMZ so that SAP transaction iviews & BI iviews are rendered on the internet facing portals.
Thanks!!Hi
yes opening ports in inner firewall is sufficient...ur sap webdispatcher acts like a sap router , from ur web dispatcher machine u should be able access every thing and HTTP/S ports 80 and 81 should be opened on the machine for outer fire wall..
Ask ur basis consultant for more information.. from Netweaver2004s ucan use webdispatcher..
Regards
Krishna.. -
Opening specific ports on Leopard's firewall
How can I open a specific port - e.g. 49237 - on Mac OS X 10.5.2 firewall, rather than using the System Preferences GUI which points at apps?
I understand that there is some sort of a Terminal command.
Please adviseTry this.....
Log in with the Username of admin, and the password should be your router's Serial Number found on the bottom of the router on a sticker. -
WRT350N Leaving Port 21 Wide Open with SPI Firewall Enabled
I just ran Shields Up and noticed port 21 (FTP) is wide open, while all the other ports marked as stealthed.
The router is a Linksys WRT350N with the latest firmware 1.03.2. SPI Firewall is enabled and it's blocking "Anonymous Internet Request."
Am I missing something here? Why isn't port 21 being stealthed along with all the other ports? I've run this test before with other Linksys routers and all the ports are stealthed so I'm concerned now.
https://www.grc.com/x/ne.dll?bh0bkyd2
Anyone else with the same router and configuration please run the Shields Up port scan at GRC to see if your port 21 is open and report back. Thanks!Linksys told me that that port had to "stay" open, it is part of the FTP service when you attach the USB storage device. After a lengthy amount of time on the phone, I had to suggest maybe a flash update. But they would not put anyone on the phone to convince me they had a grasp on thiss issue, SO I FIGURED IT OUT. Access the router. Select "Storage", then select "Administration", There you find "Internet Access". Unselect "Enable" and obviously select "Disable". Port 21 now in Stealth. Now who can take it futher and figure out port forwarding/triggering for when one will start to use server? Max
-
Is there a way to open a remote port programmatically in java code
Hi,
I'm trying to open a remote port which is closed by the windows firewall in a java code. I want to know weather this is possible?
If yes, tell me a way to do this?
Thanks.
BuddhikaBecause, that port should be kept closed and I want to open it when i need it in runtime. Also i have full privileges to access that remote machine. So i >want to change the firewall setting while application running.Can't you have a application running on the remote PC that makes use of two ports, and Admin port and a General port?
The Admin port will be created on startup and use some authentation to make sure that a the application that connects to it will have admin rights
Use that application to tell the "Server" to open and close the General port. -
As the title suggests...
I have a mix of five Mac and PC's at home using an Airport Extreme Base Station as the router. I need many ports opened on the AEBS for all of the computers- not just one computer. (for example: three people want to play TF2 on Steam at the same time; each machine needs the correct ports open on the router). Port forwarding only allows me to forward a given port to a single IP, yet I need that port open for five differnt IP's, all at the same time.
How do I do that on an AEBS?
In the same way, I have a small office of four iMacs using an old airport with the same exact issue. I would like to be able to connect to all of them remotely with Apple Remote Desktop, but the port forwarding on the airport only allows a port to forward to a single IP. I want to be able to tunnel into the office network and log onto any machine behind the Airport extreme... not just a single IP. I currently have it set up where I can tunnel into the office from my house, I can find the one machine that the port forwarding has been assigned to, I can log on and everything is just fine... with one machine. How do I open the firewall for the other machines?
TL,DR version: How do you open ports on an Airport Extreme Base Station instead of forwarding ports? Forwarding ports doesn't work for multiple IP's.You can open a single or multiple ports to a single device or different ports to different devices, but you cannot open the same port to multiple devices via the AirPort Utility for the Apple routers.
Maybe you are looking for
-
Inter company PO is not pulling the valuation price from Material Master
Hi Experts, We have a scenario, Inter-company PO with pricing procedure which pulls Material Price from Material Master (Std Price), similar to intra company PO Even after maintaining the std price in the supplying plant , system is not pulling the V
-
How do I make a Full screen button in inDesign for interactive PDF?
I posted this question in the inDesign forum and someone told me to post it in the Acrobat forums. I would like to make a button in inDesign to give users the option to view a PDF at Full Screen. Much like the button the inDesign Magazine PDFs have.
-
I just traded my old iPad for a retina display. I keep getting error message: This iPad has not been backed up..etc." I have it plugged into my iMac and the photos did x-fer. I cannot however open the iPad. If I could get it open I could back it up.
-
Values not updated in CRM ,CRM_BADI_BUPA_MOBILE_CHANGE for Sybasemobile
Hi All, We are unable to make changes in CRM Implemented the Change BADI CRM_BADI_BUPA_MOBILE_CHANGE (For language and timezone fields). please check my previous post. Implementing CRM_BADI_BUPA_MOBILE_CHANGE for Sybasemobile On mobile made changes
-
I have a RGB-color and I want to make it a little bit brighter or darker. First I tried out the two functions java.awt.Color.brighter() and darker(), but I noticed that both functions turn a random color to white in a few steps. Therefore I tried to