DA server within a DMZ - ports needed for internal network

Similar Messages

• HT1338 Attempt to install Mountain Lion has highlighted need for internal disk repair. Even after "repair" ML still says disk is damaged. Attempt to restore from Time Machine back-up failed - cannot 'see' internal HD to restore to. Help!

  Attempt to install Mountain Lion has highlighted need for internal disk repair. Even after "repair" ML still says disk is damaged. Attempt to restore from Time Machine back-up failed - cannot 'see' internal HD to restore to. Help! Has attempt to install ML caused these problems or just highlighted existing need to Repair Disk? Even so, why can back-up from Time Machine not see the internal drive to restore to?

  Csound1, William & Sig .... thanks for taking the trouble to reply. I fear you are right - I'll need a new disk. I'm booked in at the Apple Genius Bar in Bordeaux, France on Wed ... quite a challenge as my French isn't great! The current internal disk is 500gb, does anyone know whether I can upgrade my 21.5" iMac (circa Oct-2009 vintage) to a larger size internal disk, 1Tb or even 2Tb? I already have one external 2Tb drive and another one on order (I have masses of media stored and more planned as I've just taken up photography). Seems a bit of a pain managing with only 500gb internal storage. OR, can you advise me on how I can store all my photos on my new 2Tb external drive - I can't seem to figure out how to set the path for iPhoto to see them (I can't even figure out where they are stored right now!). Same with iTunes, how do I set the default storage to the external drive (I moved everything manually and then imported them all from the new drive - it worked but seemed very convoluted). Any advice on how to manage multiple drives gratefully received. And thanks again for previous replies.

• What Network Firewall Ports Needed For Music Store?

  My PC is on a network that is firewalled to the the Internet. All ports are blocked except for those explicitely enabled, such as port 25 for E-mail, port 80 for browsing, etc.
  When the Windows Firewall is disabled, my PC cannot get past the the Music Store's home page. All links are inoperative.
  When I connect my PC to another router/firewall, that bypasses my network's firewall, I can navigate the music store.
  I believe I have a blocked port issue when the PC is connected to my network.
  Can anyone tell me what Internet/TCP ports I need to have open for the iTunes music store and for QuickTime?
  Thanks for the assist.
  Regards.

  hiya!
  Since you say that iTunes is using standard browser ports, then perhaps it's my network's Proxy Server that iTunes doesn't work well with.
  it might be worth checking on these possibilities:
  iTunes for Windows can't access the Internet if proxy settings are incorrect
  ... but also see:
  iTunes for Windows: Music Store - Using With Internet Filters or Accelerators
  love, b

• Ports needed for CiscoWorks managment

  I am Instaling AP and I don't know which ports should be opened on switch for communication between Access Point and CiscoWork. For now we open all ports to CiscoWorks station, but we want to cut it as much as its possible. Also we've got problems with configuring CiscoWorks to work with AP (AiroNet1130) now it's working but we arn't sure which options are nessesery - so maybe someone could tell me what is exacly needed for this
  Thanks for all replays
  Regards
  Adam

  Here's the official list for CiscoWorks WLSE:
  http://www.cisco.com/en/US/customer/products/sw/cscowork/ps3915/products_user_guide_chapter09186a008052db6f.html
  I thought I saw a post a while ago about some undocumented ports used by WLSE too, but can't find it at the moment.

• Firewall ports needed for remote management?

  Hey guys,
  Does anyone know the ports needed so that I can remotely connect to other Win7 computer through compmgmt.msc, regedit, msinfo32, remote rsop.msc, etc?  I think those are just rpc connections, but not sure.  Is it tcp 135?
  Thanks,
  Dan
  Dan Heim

  Hi Dan,
  Based on my research, remote desktop connections are via RDP instead of RPC, so the ports for Remote Desktop to work, 3389 and 443 are used mostly.
  More information for you:
  Overview of Remote Desktop Gateway
  http://technet.microsoft.com/en-us/library/cc731150.aspx
  What ports are used by a RDS deployment?
  http://social.technet.microsoft.com/wiki/contents/articles/16164.what-ports-are-used-by-a-rds-deployment.aspx
  Getting Remote Desktop to
  work thru most firewalls
  http://blog.jordanterrell.com/post/Getting-Remote-Desktop-to-work-thru-most-firewalls.aspx
  Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
  How RPC Works
  http://technet.microsoft.com/en-us/library/cc738291(v=WS.10).aspx
  Best Regards,
  Amy Wang

• DNS for internal network and Firewall ports?

  Hello,
  I don't know were to begin, so I guess I'll start with my setup.
  I have Mac OS X server 10.5.7 running DNS, Firewall, Mail, iChat, RADIUS, VPN, SMB. Behind an Airport Base Station in DMZ.
  My DSN setup is just for the server and local clients. I'm also setup to forward my ISP DNS.
  My question is do I need to open any ports in the firewall. I currently have my local subnet 172.16.4.x to allow all. The "Any" subnet to allow DNS outbound. Is this correct or am I creating a security risk?
  I dont want the public to be able to use my DNS server. (I would like to ONLY allow my local network, and VPN users.)
  Thanks!
  Message was edited by: Robert LaRocca

  I always recommend going with a hardware device (including the base station) over IPFW when running a server.
  The main reason is that when you're running behind a NAT device (such as the AirPort Base Station), ALL incoming traffic is blocked unless you specifically enabled it via port forwarding. A positive security model.
  In contrast, Mac OS X Server will open firewall ports based on the services you're running, without regard to whether that service should be publicly accessible or not.
  You then have to go through the motions of securing each service to either block external traffic at the service level (e.g. by telling the application what addresses it can listen to), or at the network level (by configuring the firewall to block external access). This is a bad security model since each service is public by default and you have to go out of your way to secure it.
  Also bear in mind that you might not think this is a problem today since you can just configure IPFW and be done, but what about next week? or next month? or next year when you add another service. Will you remember to reconfigure the firewall to secure it then?

• Port forwarding for Filemaker network

  I want to set up my computer as a host for Filemaker Pro networking. I have 2 other remote computer locations I want to share my FM database file. I am about to purchase a new AEBS for my router.
  Instructions from FM forum was to forward port 5003 on my router & use no-ip.com (to track my dynamic IP address) to get a specific domain name for the remote computers to find when they select Open Remote.
  Reading some of these posts sounds like the AEBS makes this easier. Is the port mapping same as port forwarding? Does the reserve IP address capability negate the need for the no-ip.com service?
  Would appreciate the step-by-step process I need to do this.

  Is the port mapping same as port forwarding?
  Yes, both terms are used interchangeably and mean the same thing.
  Does the reserve IP address capability negate the need for the no-ip.com service?
  No. Reserving an IP address is a means to instruct the DHCP service on the router to "save" a specific Private IP address for a device on the local network. No-IP.com is a service that basically tracks the dynamic Public IP address of your modem or router and provides you with a "static" URL address to access it from the Internet. A similar service to No-IP.com would be DynDNS.
  Accessing a server on the local network from a remote client would require that the client knows the Public IP address and port(s) required to access that server. Servers, like yours that are behind a firewall, must either use port mapping (port forwarding) or be configured to be in a DMZ which would completely expose them to the Internet. Port mapping reduces that risk to only allow predefined ports to be open to the Internet.
  Since most consumers have Internet service with comes with a dynamic (changing) Public IP address, just knowing what it is at any given time won't help in the long run. This is where services, like No-IP come in. Typically they will give you a client utility that you would run on your computer. This utility will provide them with an update every time your ISP changes your Public IP address ... or you may be required to do this manually. They will also provide you with a URL to use instead of using the Public IP address.
  To setup port mapping on an 802.11n AirPort Extreme Base Station (AEBSn), either connect to the AEBSn's wireless network or temporarily connect directly, using an Ethernet cable, to one of the LAN port of the AEBSn, and then use the AirPort Utility, in Manual Setup, to make these settings:
  1. Reserve a DHCP-provided Private IP address for the Filemaker Pro server.
  Internet > DHCP tab
  o On the DHCP tab, click the "+" (Add) button to enter DHCP Reservations.
  o Description: <enter the desired description of the host device>
  o Reserve address by: MAC Address
  o Click Continue.
  o MAC Address: <enter the MAC hardware address of the host computer's Ethernet or wireless depending on how it accesses the network>
  o IPv4 Address: <enter the desired Private IP address you want to assign to the host>
  o Click Done.
  2. Setup Port Mapping on the AEBSn.
  Advanced > Port Mapping tab
  o Click the "+" (Add) button
  o Service: <choose the appropriate service from the Service pop-up menu or leave blank>
  o Public UDP Port(s): <enter the appropriate UDP port values>
  o Public TCP Port(s): <enter the appropriate TCP port values>
  o Private IP Address: <enter the IP address of the host server>
  o Private UDP Port(s): <enter the same as Public UDP Ports or your choice>
  o Private TCP Port(s): <enter the same as Public TCP Ports or your choice>
  o Click "Continue"

• Port Monitoring for AirPort Network

  I recently did a port scan of my AirPort Extreme network and there are more ports active on my network than Im comfortable with. I searched each port and got 'kind of' useful information ... enough where I know people aren't hacking the bajesus out of my network. I would like to know if there is a utility somewhere that logs this kind of thing? It would be useful to know who's trying to get in (or out).
  Thanks

  FunkeyJunc wrote:
  Actually, no ... they were the extreme's ports. Indicative of something listening on that port (which is why I can see it when doing a scan). For the really detail thirsty ... I did a port scan in NetWork utility of my Public IP address. I was hoping to identify which programs are listening on which ports through the base station. A log would be helpful.
  I guess it would make sense that an AirPort unit would be listening to ports so as to be able to support port forwarding. That doesn't necessarily mean that there's anything paying attention to those ports on a Mac on your LAN.
  If you search for "firewall" on VersionTracker (http://www.versiontracker.com/macosx) you'll see several products, some offering logging.
  The Mac OS X firewall capability is based on the software "ipfw". You can learn more about it here:
  http://developer.apple.com/mac/library/documentation/Darwin/Reference/ManPages/m an8/ipfw.8.html

• Help needed for java network programming

  How can I implement a GUI as a client in my server-client program.
  I have a window(JFrame)having one Textfield and a "Send" button.
  My requirement: While execution, the GUI should start as a client, and whatever textinput I will give to the Textfield, that should be printed in the server program.
  So, how can I implement a GUI window as a client.
  If any of U have idea,Please let me know soon.
  Regards.

  Well, the client part and the GUI part are separate. The button simply calls a send method.
  As for the networking, you can just use a Socket and a ServerSocket on the client and server, respectively. Then, wrap a PrintStream around one side and a BufferedReader(InputStreamReader()) around the other. You'll be able to talk back and forth once your connection is established; it's up to you to read from the BufferedReader and use the results on the server side.

• Assign wifi for internet and Lan1 for internal network

  I have a lan connection to my office which it has access to internet by proxy and I have wifi to access directly to internet
  How can I assign wifi just for access to the internet and Lan just for internal net work?
  By any chance is there any way to assign for example mail to get internet from wifi and the rest of the application use Lan for connection to internet ?

  not sure if I understand you correctly
  but many people use airplay mirror to mirror apps streaming movies and music from the Internet connection the device have
  be it from a internet connection the device is currently airplaying to is of no relevance
  but the device can't get data from both 3g and wifi at the same time
  not even a computer can do that, it use it's metric settings to only! get data from the fastests source

• Firewall ports needed for rpc error in powershell

  In my enviroment we use several different DMZ's to host our servers in. This creates a situation where some of the computers in the domains are in different subnets.  I am trying to run a script in one domain in which all the computers are
  in the same subnet except for 2. In this case there is a firewall between the two subnets i am describing. When i try and run my script i recieve the error below. I have verified the following ports are open on the firewall.
  TCP 5985, 5986, 445, 389    TCP\UDP 135
  I have monitored our firewall and the ports being blocked when i run my script are TCP 4754 on one server and 5002 on the other. I believe these are DCOMM ports. What other ports or range of ports, or any other ports, do I need to open to resolve
  the RPC error? I do not want to just open a bunch of unneeded ports between my DMZ's. I could just open these 2 ports and resolve the issue for now, but i am trying to make this a powershell friendly enviroment, if you take my meaning. I should mention all
  local firewalls are turned off on the servers and the script runs fine on all other servers in the subnet.
  Thank You in advance for your help
  Get-WmiObject : The RPC server is unavailable. (Exception from HRESULT: 0x800706BA)
  At C:\Users\jthomas99\Desktop\Get-IPDetails.ps1:14 char:16
  +    $Networks = Get-WmiObject Win32_NetworkAdapterConfiguration -ComputerName $Co ...
  +                ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      + CategoryInfo          : InvalidOperation: (:) [Get-WmiObject], COMException
      + FullyQualifiedErrorId : GetWMICOMException,Microsoft.PowerShell.Commands.GetWmiObjectCommand
  Thanks for your help

  Here is the DCOM firewall configuration document.  It should be given to your firewall admins and they need to pay special attention to setting up the DCOM port forwarding rules.
  http://support.microsoft.com/kb/154596/en-us
  There are also instructions on how to configure DCOM ports to work with WAN/Internet access issues.
  If you are looking to obtain remote management over a WAN or the Internet you can and should set up WMF as it can be run over a fully encrypted HTTPS port and it does not require odd dynamic port allocation
  as does RPC.
  You can also set up PowerShell Web Service which does not require dynamic ports and can be routed over any port.  It uses the browser to open a PowerShell session on a remote server that can have delegated access to other servers.  DCOM cannot
  do this without making many dangerous changes t your network.
  http://technet.microsoft.com/en-us/library/hh831611.aspx
  ¯\_(ツ)_/¯

• Port needed for File to File scenario

  Hi,
  I am new to XI, just got trained and I want to practice file to file scenario. I am able to access ID and IR.
  I would like to know whether any port have to be enabled for this scenario????
  I got list of ports from the basis people to enable the ports. could you tell me for which scenarios these ports have to be enabled:
  Http Port            50000
  ABAP Port         8000
  Msg server port 3901
  SDM Port            50018
  File Sharing Port  445
  P4 port               50004
  Enqueue server port    3201
  Dispatcher port        3200
  Sql server Port         1433
  Anymaterial to regarding port details would also be helpful.
  Thanks in advance.
  Regards,
  Kiruthiga

  Hi Kiruthiga ,
  I am new to XI, just got trained and I want to practice file to file scenario. I am able to access ID and IR.
  I would like to know whether any port have to be enabled for this scenario????
  --> Not required ..but you ask for FTP site if want to do file to file scenario using FTP . Default FTP port is 21 though ..
  using  got list of ports from the basis people to enable the ports.
  ---> tell them stop sending information which is not required..This is not the way of "Delivering. High Performance. "
  could you tell me for which scenarios these ports have to be enabled:
  Http Port 50000
  ABAP Port 8000
  Msg server port 3901
  SDM Port 50018
  File Sharing Port 445
  P4 port 50004
  Enqueue server port 3201
  Dispatcher port 3200
  Sql server Port 1433
  Any material to regarding port details would also be helpful.
  --> Friend not required...at this point. Though having knowledge is not a harm .
  Regards,

• Multipoint server - What licenses do I need for my classroom

  Good day,
  For our school we want to setup a Multipoint server for 10 user. We also want to use Microsoft Office.
  Can someone help me please, I believe we also need calls? But how many office licenses do I have to buy?
  Best regards
  Paul

  Hi,
  general informations under :
  http://www.microsoft.com/education/ww/buy/Pages/volume-licensing.aspx
  ...our "school" distributor in Germany said:
  - multipontserver standard, over 10 users premium, Software assurance optional
  - 1 CAL per device and 1 for the Server/teacher(!)
  - office per device and 1 for the Server
  ...there are special conditions for schools.
  Regards
  Hubert

• Web server type of standalone oc4j needed for SSL Certificate

  Hi,
  We have a standalone oc4j 10.1.3 that hosts an application whose many of its pages use https and so we need to buy SSL certificate from any of CAs like Verisign, GeoTrust, etc.. All of these CAs are asking us about the web server type that the standalone OC4J uses. I read the following statement from this url:
  http://download.oracle.com/docs/cd/B32110_01/web.1013/b28950/intro.htm#JICON100
  "communications in a standalone environment is provided through the built-in *_OC4J Web server_*, which supports HTTP and HTTPS communications natively without the use of the Oracle HTTP Server"
  On all of the SSL certificate systems of above CAs websites, they ask us to choose the web server type from a list of server types but I don't see OC4J web server listed and I am told that it is very important to make sure the web server type is correct otherwise the SSL Certificate that we buy may not be compatible with our web server type.
  So, I like to know the exact built in web server type name that goes with Standalone OC4J or one that is closest and for which SSL Certificate is compatible.
  Shown below is a list of web server types that I am asked to choose from on Verisign website.The closest to standalone oc4j according to below list is Oracle Wallet Manager but isn't this meant for Oracle Application Server (OAS) and not the standalone OC4J? we are using the java keytool to generate the CSR that we look to sign it via the verisign but again we are not sure about the web server type in the case of standalone OC4J that is not listed below. Please advice and thanks in advance to any of your responses in helping out.
  Webstar 4.x
  ApacheSSL mod_ssl
  WebLogic 6.0
  WebLogic 8.1
  Cisco
  ACS 3.2
  Covalent
  Apache ERS 2.4
  Apache ERS 3.0
  F5
  BIG-IP
  IBM
  Websphere MQ
  HTTP Server
  Lotus
  Domino 5.0
  Domino 6.0
  Domino 7.0
  Domino 8.0
  Windows NT - IIS 4.0
  Windows 2000 - IIS 5.0
  Windows 2003 - IIS 6.0
  Windows 2008 - IIS 7.0
  Exchange 2007
  iPlanet 4.x
  iPlanet 6.x
  ScreenOS
  SSL Accelerator
  Oracle Wallet Manager_
  Secure Web Server
  SSL Offloaders
  Stronghold
  Java Web Server 6.x
  Sun ONE
  AS Server w/IIS 4
  AS Server w/IIS 5
  EA Server
  Tomcat
  Zeus

  Hi Zeus,
  Type of certificate depends the method you will use to deploy the certificate on your application server.
  Please refer the links,
  http://download.oracle.com/docs/cd/B31017_01/web.1013/b28957/configssl.htm
  http://download.oracle.com/docs/cd/B14099_19/core.1012/b13995/wallets.htm#ASADM400
  http://download.oracle.com/docs/cd/B14099_19/web.1012/b14013/configssl.htm
  Regards,
  mYth

• Open ports needed for remote hd login

  what ports should i have open to remotely connect to my AEBS external hard drive??

  The following worked for me to access my airdisk via inet
  1: Set the AE to bridging modus
  2: If you have a firewall active, you have to forward port TCP 548 (afp) to the internal IP address of your AE. You can see the IP in the main screen of the airport utility program. It has the format 192.168.1.xx or 10.1.1.xx.
  3: Figure out your external ip address -There's widgets that do that, e.g. iStat Nano-
  You can access the airdisk as follows:
  Open finder
  Press command-k or select 'Connect to server' from the 'Go' menu.
  Type afp://external ip/name of your airdisk
  example: afp://86.354.32.45/MyDisk
  And click connect.
  Note: You must be connected to the inet from another location than yours, otherwise it won't connect.
  That's it
  Marc