Connecting through firewall (weird problem)

Similar Messages

• Client connecting through firewall

  Hi
            We have two clustered servers.Our client is connecting through
            firewall NAT. When iam connect to first server the response is very slow and
            at the same time clustering is not working.If i stop the second server the
            response fast .
            The same configaration is working fine when my client is local.
            Can you explain the reason for this problem ?
            Presently iam using weblogic 6.1 version.
            Thank you
            

  OK I spoke too soon. The user looked like it was working but it was working because it matched another IAS policy further down the list. It seems as though the PIX refuses to use ms-chap of any sort. If I include the authentication type in the VPN policy conditions as ms-chap, it skips the VPN policy I am using to authenticate this. If I remove it, then it gives an invalid authentication type as if whatever the PIX is sending the IAS server does not understand as ms-chap.
  It seems like the PIX authentication is totally wrong for use with IAS. What else do I need to add to this configuration to gewt it to work with ms-chap of any kind? I really don't get it.

• Making connection through firewall

  Hi,
  I'm using Oracle Database server 8i (Enterprise Edition 8.1.7.0.0) and it's working fine. Now the students wants to work at home and I have to route port 1521 to the internet but... Always I try to make a connection to the server I have a time-out. And no, with the option CONNECTION_TIMEOUT_LISTENER = 0 configured at the server, it isn't working....
  For the routing, I'm using debian 3.0 with iptables (all other routing and configurations of the firewall are working)
  Can someone help me with the problem?
  Greets,
  Bart

  not sure what you mean by having a 'EJB listening' on port 6666. Do you mean actually having a socket listening within the EJB code? If so then that is a suspicious EJB activity.
  If not then i guess you mean the ORMI listening port of the OC4J application. This is normally set on port 23791 to allow the RMI communication to flow.
  -lp

• Ip connectivity through firewall segments

  Hi,
  We have an ASA that attaches to 6500-Core. The rough network diagram is attached here.
  IP Segment's B&C have SVI on core, wherease segment A is on the ASA(Segment A is new & needs to be created).
  The leg connecting ASA to Core is on security level 100 with name as Internal , the other leg of ASA connecting upwards to routers are on security level 0 with name as External.
  If we need to add Segment A on ASA, can we assign it a security level of 50 ? The requirement is:
  1. Segment A needs to talk to Segment B , but it shouldn't be talking to Segment C (includes ping response also)
  How can we achieve this? Appreciate all help.

  Hi,
  The use of "security-level" alone as a means to control which traffic is allowed is not advisable unless your network is very simple home/small office network. Judging by your information you have a setup that wont really work well with this kind of simple setting.
  The problem with "security-level" is that it makes no distinction between the networks behind an interface. So if a source interfaces "security-level" is higher than the the destination interfaces "security-level" then all networks behind the source interface can access any network behind the destination interface. This makes it impossible to control the traffic on a per network basis.
  I would suggest that you use an interface ACL to control the traffic on your interfaces. Atleast this new one that you are creating.
  You would have to create an ACL that first blocks traffic from Segment A to Segment C and then allows all other traffic from Segment A (which would mean Internet access and connections to Segment B would be allowed)
  At its simplest the interface ACL would look like this
  access-list SEGMENT-A-IN remark Deny traffic to Segment C
  access-list SEGMENT-A-IN deny ip any 10.60.10.0 255.255.255.0
  access-list SEGMENT-A-IN remark Allow all other traffic
  access-list SEGMENT-A-IN permit ip 10.80.10.0 255.255.255.0 any
  access-group SEGMENT-A-IN in interface
  This would not block the ICMP Echo reply from Segment A to Segment C. You would either have to block ICMP Echo from Segment C to Segment A or you would perhaps need to disable ICMP Inspection if you have it enabled and then the above ACL would also block ICMP Echo Reply.
  Hope this helps
  - Jouni

• Connecting through firewall

  I am connecting remotely to a computer with full access to our company firewall.  The router (WRT54G v6) is causing the IP address to change on the wired computer and rendering it blocked by the company firewall.
  Is there a way to retain the original IP address settings on the wired computer and still hookup wirelessly from mine?

  When you assign your wired computer a static LAN IP address, you will need to do this in the computer itself, not in the router.  Also, be sure to follow the Linksys rules regarding the proper method of assigning a static LAN IP address.
  For more information on this topic, please see my previous post at:
   http://forums.linksys.com/linksys/board/message?board.id=Wireless_Routers&message.id=10070&query.id=...

• Iron port slow connection through firewall interface, data blanked out

  Hi Alll
  Installing a new pair of IronPort c170 appliances behind a ASA 5520 and currently getting blanked out response when connecting via telnet on port 25 to the outside interface.  Testing this internally there are no issues and the hostname is shown, but from the outside, response is very slow and some information is masked as xxxxxxx.
  Going through the ASA, esmtp stateful packet inspection is removed and the IPS has already been ruled out.
  Has anyone come accross this issue before. Please could you shine some light on this.
  Many thanks

  Hello James,
  when some of the information is masked, this means you still have SMTP fixup enabled on the ASA. I am not an expert on these devices, but here is an article on this topic that may be useful:
  Article #1816: Why do we see XXXXXXXA after EHLO and "500 #5.5.1 command not recognized" after STARTTLS? Link: http://tools.cisco.com/squish/E68cB
  Hope that helps.
  Andreas

• Sockets connection through firewall

  Is there any way to make a connection between a socket outside the FireWall and a server socket inside?

  usually a firewall is transparent to software making socket connections, so it would really depend on the firewall configuration, if it will let the communication happen.

• RMI Connection Refused through Firewall

  Hi,
  I am having problems making an RMI connection through a firewall. On the server outside the firewall I have my servlet application running in an OC4J container and inside the firewall I have an EJB listening on port 6666. I have setup the firewall to allow connections through on port 6666. If I telnet from the machine outside the firewall on port 6666 I am able to make a connection to the EJB. So I know the firewall has been setup to handle the connection.
  I run the servlet application and when it tries to make the connection it gives an error:
  javax.naming.NamingException: Lookup error: java.net.ConnectException: Connection refused; nested exception is:
  java.net.ConnectException: Connection refused
  When I do a snoop on the external machine to see what data is trying to be sent to the internal machine there is no data. When doing the telnet test there was data.
  I have the same servlet application deployed on a machine internally and it is able to make a connection to the EJB. The only problem is either the configuration of the application server on the external machine or the firewall configuration.
  Anyone able to help me see what I am missing?
  Thanks
  Shawn Clark

  not sure what you mean by having a 'EJB listening' on port 6666. Do you mean actually having a socket listening within the EJB code? If so then that is a suspicious EJB activity.
  If not then i guess you mean the ORMI listening port of the OC4J application. This is normally set on port 23791 to allow the RMI communication to flow.
  -lp

• Connect to Server HTTPs through Proxy Server Problem

  I am trying to connect through a company proxy via port 8080 to a https connection on a server so that it can mount on a desktop. Using 10.4.11 on Mac Pro
  The connection works http through the company network and works http and https through my home network. The company require we use secure connections or something they will supply which will be out of date and clunky to use. I am using FullSwitch as a workflow so need the volume to mount.
  Basically I do the following:
  Go
  Connect to Server
  type address https://??????????????????/???????
  I then get a Proxy Auth where I put my domain, user name and password
  A certificate is then returned and I press continue
  It then attempts to pass through the proxy tunnel to connect but just keeps going and going......
  It should come up at this point with the server login but it doesn't
  We are told by the IT team which only supports PCs that it is then that the Mac tries to create 2000+ connections but doesn't just creates lots of network traffic.
  In between us and the proxy we sit behind a firewall but are told that there are no rules to stop https etc. I can connect to the site through Safari via https but as I need to upload files I need to be able to mount via https as a volume
  Are there any suggestions as to what the issue may be or questions that I can try and ask IT to gather more info?
  Many thanks

  Many thanks for your reply. We can use ftp but can not tunnel sftp through the proxy.
  As I use fullswitch for automation I would like to keep the simplicity of mounting the server as files can be uploaded easily. Currently using http no problems but am being forced to use https from IT Security and of course being in a large corporation with only 35 Macs they say they don't support Macs and hey you have to do it our way or else. Driving me mad.
  Sorry for going off on one but it is so frustrating as the supplier we are sending to wants the files the way we currently send them as they have their system workflow but my company wants us to use their sftp system that is clunky for in and out going file connections forcing suppliers to go to our sftp servers and not us supplying to them.....................
  Right then I currently use Transmit with Type 7 on the proxy type for FTPing files using FTP Protocol not SFTP and have no problems going to the sites we have asked to get specific access to (again takes 2-14 days to get all the firewall rules changed to allow access to new ftp sites we are given, very efficient working practice)
  So as you can see I really want to get the https working as it is the best option for workflow if IT security want us to secure.
  Many thanks, again sorry for my ranting

• Itunes locking up when ipod is connected.  Firewall problem?

  Hi folks. For years I have been running itunes, an ipod touch and NOD32 firewall with no problems at all. But a couple of days ago I connected up my ipod and there is a problem.
  itunes launches as you would expect, but it immediately hangs. After a few minutes, it will free up, but the ipod is not visible in itunes. I can see it in Windows and the USB driver is working fine.
  If I disconnect the ipod whilst itunes is "stuck", then itunes immediately starts responding properly. So it looks very much like this freezing is caused by itunes hanging on the ipod.
  Here's the wierd thing: I have found that if I disable my firewall, the problem goes away. i.e. everything works fine if the firewall is disabled. No lockups and itunes can see the ipod and will happily sync with it.
  I really don't see how the firewall can be the culprit though. I didn't think firewalls applied to USB connections??!
  I have tried uninstalling and reinstalling itunes and it makes no difference. I have also upgraded from 9.1 to 9.2 and that didn't fix it either.
  Any ideas what's going on (And how to fix it?)
  Thanks

  After re-installing iTunes, and doing a full restore on my iPod, I have determined that it was some album cover art that seemed to be causing the problem. The iPod would start to sync, and then hang on one song. Deleted that song, and it synced a little more, and got hung up again on another song from the same album.
  I deleted the entire album from my iTunes library, and the iPod synced just fine. I re-ripped the CD in question, this time with out adding ablum cover art, and it worked perfectly.
  Now I wonder why iTunes is getting stuck on certian album cover art. The CD in question is Eric Clapton's "Crossroads". iTunes was unable to retreive the album cover art when I ripped the CD [perhaps because iTunes has it listed as "Crossroads (Box Set)"], so I just scanned the cover of the CD and added it that way. I have done this with other CDs, and had no problems what so ever. Anyone have any clue as to why this would happen?

• I am facing a weird problem with my iphone 4s Wi-Fi connectivity. As i connect my iphone to my office Wi-Fi, internet works in one building, but it doesnt work in the other building, although the phone shows Wi-Fi is connected. Please help me out!!

  I am facing a weird problem with my iphone 4s Wi-Fi connectivity. As i connect my iphone to my office Wi-Fi, internet works in one building, but it doesnt work in the other building, although the phone shows Wi-Fi is connected in the other building. This problem was not there earlier but has occured recently. I would also like to mention that none of my other colleauges who uses iphone are not facing this issue. Please help me out!!

  Assuming you entered the correct WiFi password for your network, see these articles:
  iOS: Troubleshooting Wi-Fi networks and connections
  iOS and OS X: Recommended settings for Wi-Fi routers and access points

• Problems sharing internet connection through Airport with a PS3

  Does anybody know how to share an internet connection wirelessly with a PS3? I've tried everything including following directions from the tech support people from both Sony and my ISP (Verizon) and nothing works. Last time I've talked to Verizon I've obtained a IP number from them as Sony recommended and that did not work either. Is anybody out there with a PS3 sharing the internet connection through Airport successfully? I'd really appreciate any help. Thanks.!!
  Message was edited by: pbranda

  Let's double-check your Mac's Internet Sharing settings ...
  To setup for Internet Sharing (Wired to Wireless):
  Setup the Network
  Cable Modem > (Ethernet cable) > \[Ethernet port] Mac > (wireless) > PS3
  Enable Software Firewall
  System Preferences > Security > Firewall
  o Block all incoming connections (enabled)
  Enable Internet Sharing
  System Preferences > Sharing
  o Select "Internet Sharing" from the options in the left column
  o Share your connection from: Built-in Ethernet
  o To computers using: AirPort (checked) (Note: Uncheck all other entries in the list.)
  AirPort Options...
  o Network Name: <anything you want>
  o Channel: Automatic
  o Enable encryption (using WEP) (optional)
  o Password: (optional)
  o Confirm Password: (optional)
  o WEP Key Length: (optional)
  o Click OK
  o Select "Internet Sharing" again
  o Click "Start" to start Internet Sharing
  o Click Start

• Connecting online - weird problem

  I have 2 Mac's which are connected wirelessly through an AEBS to a linksys router to a high speed modem. The last 24 hours I have come up against a very strange problem connecting to certain websites. I seem to be unable to connect to certain websites, some sites will work and others won't (error message that comes up is that "can't find the server"). If I reload a webpage that was just loaded sometimes it will come up and other times I get the above message. I have looked at the "Netwok utility tool" and tried pinging websites, and this may or may not work (message: "Unknown host"). It's almost random what connects or pings and what does not. I have also tried a direct wired connection through the router and the same problem occurs. Same problem on both computers ...
  Any ideas what is the cause of this?
  Thanks in advance
  Rob

  Yes, I have used the linksys router for the wired connection.
  A HP LaserJet 2100 M printer is connected to the router in the basement, so I have to have the router. It's worked OK like this for the last 2 years, with occasional issues losing the wireless network. However, this hasn't been an issue for several months following an apple download.
  I haven't checked lately for a router upgrade. I assume that you think the router is the problem? I also get intermittent similar problems pinging (wirelessly through the AEBS) to the linksys router -- i.e it either works correctly or gives the error message “cannot resolve http://192.168.150.100/: Unknown host“.
  Thanks
  Rob

• Problem while connecting through ldap console

  hi ,
  we have our directory server 5.2 sp4 on red hat linux 4.
  i am able to connect through ldap broswer and ldapsearch is working but when i mtrying to connect through console it is saying as incorrect password or directory problem.i m not able to figure out what can be the problem. any help is appreciated.
  Thanks
  Message was edited by:
  ap7926

  yes admin server is up and here is the log
  - Sun Java(TM) System Directory Server/5.2_Patch_4 B2005.230.0415 (32-bit) starting up
  [18/Aug/2007:09:55:11 -0400] - Listening on all interfaces port 389 for LDAP requests
  [18/Aug/2007:09:55:11 -0400] - slapd started.
  [18/Aug/2007:09:55:11 -0400] - INFO: 100 entries in the directory database.
  [18/Aug/2007:09:55:11 -0400] - INFO: add:0, modify:0, modrdn:0, search:0, delete:0, compare:0, bind:0 since startup.
  and here is log from access
  conn=37 op=-1 msgId=-1 - fd=30 slot=30 LDAP connection from 192.168.1.43 to 192.168.1.4
  conn=37 op=-1 msgId=-1 - closing - B1
  conn=37 op=-1 msgId=-1 - closed.

• Weird Problem: TC does NOT drop the internet connection

  Hi there,
  I recently installed the TimeCapsule without any problems and since then I am happily surfing wirelessly as well as backing up with Time Machine. However, there is a weird problem which I cannot seem to solve:
  The TC is connected to my DSL modem, in the Airport Utility I have chosen under "Internet / PPPoE" to connect "automatically" und disconnect after "10 minutes". However, the connection is never dropped, basically because I can see that the Data LED on the DSL modem keeps blinking every 10 seconds or so, thus effectively preventing the TC from disconnecting.
  I first thought the automatic time check (AirPort / Time Capsule) was the culprit, but this was not the case. Also there are no internet requests coming from the MacBook since the blinking (and hence the maintaining of the connection) persisted even with AirPort disabled on the MacBook.
  So now the TC never drops the connection which is not was I prefer (I have to unplug the power supply of TC to really drop the connection). Could it be some "rogue" connection attempt to the TC?
  Has anybody had a similar problem and maybe can suggest a possible solution?
  Clueless,
  Martin

  Open AirPort Utility and select your Time Capsule. Click on Manual Setup and look at the Summary tab. It'll show you how many clients are connected to the TC. If it's more than one and you don't have an encrypted network setup on your TC, then it's most likely an outsider trying to use your Internet for free. Click on the Wireless Clients label on the Summary page to get a list of MAC addresses currently using the TC. If none of the addresses are recognized, then it's an outsider sniffing on your network.
  It might be a good time to change the name/channel of your TC network and enable WPA2 Personal encryption with a strong 13-character password, using a mix of letters, number and symbols. Instead of using "dingleberry21", you can use "d!ngl3b3rry21" or something to that effect. Though not strong deterrents, you can also make your network a closed one and set up Access Control to only your computers at home.
  Hope it's not an intruder.