Default LaunchDaemons and open ports?

Similar Messages

• DMZ and open ports

  Hi all!
  This is my first post on this forum I've been tinkering around with honey pots and set one up on my home network. A tutorial I was following mentioned about putting it in the DMZ. So I did. When I was at work I conducted a nmap scan of my home router. SO MANY OPEN PORTS! Of course setting up a DMZ this is to be expected. HH being HH only the honeypot is in it but I'm a little worried that even though I have only put the honey pot in the DMZ, are all the opened ports open to the rest of my network? As I understad it I am wrong but I am concerned just want to double check! Also when I turned of the DMZ and did another scan I found port 4567 to be open. I quick search flagged up a few results. Many people seem to say ignore it but others have said its possible for to be a back door. If I type in my public ip:4567 I get faced with a login page! I have heard that BT install a backdoor on their routers for the NSA and GCHQ normally I'd fob such things off but would be interested to know what is going on with that open port! 
  Thanks in advance guys!

  When you have anchor/foreign, the web auth traffic always go to the anchor, so  with CWA, the traffic from the anchor to the ISE will need to be permitted . go through the following link this may of help
  https://supportforums.cisco.com/docs/DOC-26442

• NIO and open ports not showing up during portscan

  Hi
  I have an application that binds port 4444 and 4445 default. I can establish an conection to both ports with telnet for example and when I just portscan those ports they are detected:
  $ nmap -p 4444-4445 localhost
  Interesting ports on localhost.localdomain (127.0.0.1):
  PORT STATE SERVICE
  4444/tcp open krb524
  4445/tcp open unknown
  but when I try to scan the whole range 4445 disappears. Here is the output:
  $ nmap localhost
  Interesting ports on localhost.localdomain (127.0.0.1):
  PORT STATE SERVICE
  22/tcp open ssh
  25/tcp open smtp
  113/tcp open auth
  1024/tcp open kdm
  4444/tcp open krb524
  5432/tcp open postgres
  I reccon that this means that I will lose some connections during high load.
  Does this have anything to do with the timeouts I specify for select() or is it a problem deaper down in nio?.

  All this means is that there is something seriously wrong with nmap.

• Need some direction on FW Redundancy and opening ports

  I would appreciate any advice on the current ways of connecting 2 Firewalls directly for redundancy and also the best practice for allowing data through the firewall. Do firewalls have a stacking technology similar to StackWise or FlexStack? I need to allow specific ports through my network into another private network. Although this won't be connected to the internet the same type of security as if it were, is important. Sorry if this is a generic question but what methods would be best for allowing data to and from through my network firewall? I would grealty appreciate any sample configurations (I don't plan on configuring zones) or documentation on the current way of allowing these functions. Thanks for your help!

  Hi,
  There are 2 different options to my knowledge to have firewall redundancy with Cisco firewalls.
  The most common one is Active/Standby Failover which you have 2 identical (hardware & software) Cisco firewalls connected by a Failover link. One of the the firewalls is the Active unit and handles traffic while the other unit is Standby monitoring the state of the Active device (and vice versa). When the Active unit fails the Standby unit will take the Active role.
  Another option is Active/Active which basically means that you would be running multiple virtual Firewalls inside the actual hardware firewall. Some virtual firewalls would be Active on hardware unit 1 and some virtual firewalls would be Active unit would be Active on hardware unit 2. Hence the term Active/Active, both firewalls would be handling traffic.
  ASA 9.0 Configuration Guide section on Failover
  http://www.cisco.com/en/US/docs/security/asa/asa90/configuration/guide/ha_overview.html
  The second and new option is Cluster setup where you essentially combine multiple identical firewalls together. This is a subject though that I have not gotten to test myself so my knowledge is very limited. Though to my understanding this is available only with high end ASA5585-X units so it might not be an option for most.
  ASA 9.0 Configuration Guide section on Cluster
  http://www.cisco.com/en/US/docs/security/asa/asa90/configuration/guide/ha_cluster.html
  So most likely you will be using Active/Standby Failover with 2 identical Cisco firewalls.
  Their configuration format compared to a standalone firewall doesnt differ much.
  You will configure a "standby" IP address also on the ASA that will be the IP address that the Standby unit uses
  You will configure the actual Failover interface
  You will configure general Failover related settings
  You can tune the Failover settings and define which interfaces are monitored (and can effect the Failover) and set some other additional parameters
  So there is not that much to configure compared to the standalone Cisco firewall setup.
  Your post seems to indicate that this firewall or firewall pair would be used for Internal network usage. I mean a firewall between 2 LAN/DMZ networks. This would in turn mean that unless you specifically need NAT between these network segments, you could actually leave the NAT configuration of the firewall completely blank and only configure the Routing&Firewalling related settings.
  How you would configure access between the 2 different network segments would naturally depend on your own setup.
  From what I understood from your above post it would seem to me that you should configure ACLs on both interfaces connected to their own network segments. These ACLs would be configured in Inbound direction (which would control traffic heading towards the firewall from that segment and into the other segment). You could then configure both ACLs in the manner that ONLY the required source/destination IP addresses/networks/ports are allowed and all other traffic is blocked.
  I am not really sure what kind of example configuration we could give you as we dont really know what the whole setup is going to be.
  Hope this helps
  - Jouni

• Need help with ASA 5512 and SQL port between DMZ and inside

  Hello everyone,
  Inside is on gigabitEthernet0/1 ip 192.9.200.254
  I have a dmz on gigabitEthernet2 ip 192.168.100.254
  I need to pass port 443 from outside to dmz ip 192.168.100.80 and open port 1433 from 192.168.100.80 to the inside network. 
  I believe this will work for port 443:
  object network dmz
  subnet 192.168.100.0 255.255.255.0
  object network webserver
  host 192.168.100.80
  object network webserver
  nat (dmz,outside) static interface service tcp 443 443
  access-list Outside_access_in extended permit tcp any object webserver eq 443
  access-group Outside_access_in in interface Outside
  However...How would I open only port 1433 from dmz to inside?
  At the bottom of this message is my config if it helps.
  Thanks,
  John Clausen
  Config:
  : Saved
  ASA Version 9.1(2) 
  hostname ciscoasa-gcs
  domain-name router.local
  enable password f4yhsdf.4sadf977 encrypted
  passwd f4yhsdf.4sadf977 encrypted
  names
  ip local pool vpnpool 192.168.201.10-192.168.201.50
  interface GigabitEthernet0/0
   nameif outside
   security-level 0
   ip address 123.222.222.212 255.255.255.224 
  interface GigabitEthernet0/1
   nameif inside
   security-level 100
   ip address 192.9.200.254 255.255.255.0 
  interface GigabitEthernet0/2
   nameif dmz
   security-level 100
   ip address 192.168.100.254 255.255.255.0 
  interface GigabitEthernet0/3
   shutdown
   no nameif
   no security-level
   no ip address
  interface GigabitEthernet0/4
   shutdown
   no nameif
   no security-level
   no ip address
  interface GigabitEthernet0/5
   shutdown
   no nameif
   no security-level
   no ip address
  interface Management0/0
   management-only
   nameif management
   security-level 100
   ip address 192.168.1.1 255.255.255.0 
  ftp mode passive
  dns server-group DefaultDNS
   domain-name router.local
  object network inside-subnet
   subnet 192.9.200.0 255.255.255.0
  object network netmotion
   host 192.9.200.6
  object network inside-network
   subnet 192.9.200.0 255.255.255.0
  object network vpnpool
   subnet 192.168.201.0 255.255.255.192
  object network NETWORK_OBJ_192.168.201.0_26
   subnet 192.168.201.0 255.255.255.192
  object network NETWORK_OBJ_192.9.200.0_24
   subnet 192.9.200.0 255.255.255.0
  access-list outside_access_in extended permit icmp any4 any4 log disable 
  access-list Outside_access_in extended permit udp any object netmotion eq 5020 
  access-list split standard permit 192.9.200.0 255.255.255.0 
  access-list VPNT_splitTunnelAcl standard permit 192.9.200.0 255.255.255.0 
  pager lines 24
  logging asdm informational
  mtu outside 1500
  mtu inside 1500
  mtu management 1500
  mtu dmz 1500
  icmp unreachable rate-limit 1 burst-size 1
  no asdm history enable
  arp timeout 14400
  no arp permit-nonconnected
  nat (inside,outside) source static inside-network inside-network destination static vpnpool vpnpool
  nat (inside,outside) source static NETWORK_OBJ_192.9.200.0_24 NETWORK_OBJ_192.9.200.0_24 destination static NETWORK_OBJ_192.168.201.0_26 NETWORK_OBJ_192.168.201.0_26 no-proxy-arp route-lookup
  object network netmotion
   nat (inside,outside) static interface service udp 5020 5020 
  nat (inside,outside) after-auto source dynamic any interface
  access-group Outside_access_in in interface outside
  route outside 0.0.0.0 0.0.0.0 123.222.222.1 1
  timeout xlate 3:00:00
  timeout pat-xlate 0:00:30
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  dynamic-access-policy-record DfltAccessPolicy
  user-identity default-domain LOCAL
  http server enable
  http 192.168.1.0 255.255.255.0 management
  http 192.9.200.0 255.255.255.0 inside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
  crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac 
  crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac 
  crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac 
  crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac 
  crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac 
  crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac 
  crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac 
  crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac 
  crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac 
  crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac 
  crypto ipsec security-association pmtu-aging infinite
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group5
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
  crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
  crypto map outside_map interface outside
  crypto ca trustpool policy
  crypto ikev1 enable outside
  crypto ikev1 policy 10
   authentication crack
   encryption aes-256
   hash sha
   group 2
   lifetime 86400
  crypto ikev1 policy 20
   authentication rsa-sig
   encryption aes-256
   hash sha
   group 2
   lifetime 86400
  crypto ikev1 policy 30
   authentication pre-share
   encryption aes-256
   hash sha
   group 2
   lifetime 86400
  crypto ikev1 policy 40
   authentication crack
   encryption aes-192
   hash sha
   group 2
   lifetime 86400
  crypto ikev1 policy 50
   authentication rsa-sig
   encryption aes-192
   hash sha
   group 2
   lifetime 86400
  crypto ikev1 policy 60
   authentication pre-share
   encryption aes-192
   hash sha
   group 2
   lifetime 86400
  crypto ikev1 policy 70
   authentication crack
   encryption aes
   hash sha
   group 2
   lifetime 86400
  crypto ikev1 policy 80
   authentication rsa-sig
   encryption aes
   hash sha
   group 2
   lifetime 86400
  crypto ikev1 policy 90
   authentication pre-share
   encryption aes
   hash sha
   group 2
   lifetime 86400
  crypto ikev1 policy 100
   authentication crack
   encryption 3des
   hash sha
   group 2
   lifetime 86400
  crypto ikev1 policy 110
   authentication rsa-sig
   encryption 3des
   hash sha
   group 2
   lifetime 86400
  crypto ikev1 policy 120
   authentication pre-share
   encryption 3des
   hash sha
   group 2
   lifetime 86400
  crypto ikev1 policy 130
   authentication crack
   encryption des
   hash sha
   group 2
   lifetime 86400
  crypto ikev1 policy 140
   authentication rsa-sig
   encryption des
   hash sha
   group 2
   lifetime 86400
  crypto ikev1 policy 150
   authentication pre-share
   encryption des
   hash sha
   group 2
   lifetime 86400
  telnet 192.9.200.0 255.255.255.0 inside
  telnet timeout 5
  ssh timeout 5
  ssh key-exchange group dh-group1-sha1
  console timeout 0
  dhcpd address 192.168.1.2-192.168.1.254 management
  dhcpd enable management
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  ssl encryption aes128-sha1 3des-sha1
  webvpn
   enable outside
   anyconnect image disk0:/anyconnect-win-2.5.2014-k9.pkg 2 regex "Windows NT"
   anyconnect image disk0:/anyconnect-macosx-i386-2.5.2014-k9.pkg 3 regex "Intel Mac OS X"
   anyconnect enable
   tunnel-group-list enable
  group-policy SSLVPN internal
  group-policy SSLVPN attributes
   dns-server value 192.9.200.13
   vpn-tunnel-protocol ssl-client 
   split-tunnel-policy tunnelspecified
   split-tunnel-network-list value split
   default-domain value router.local
  group-policy VPNT internal
  group-policy VPNT attributes
   dns-server value 192.9.200.13
   vpn-tunnel-protocol ikev1 l2tp-ipsec 
   split-tunnel-policy tunnelspecified
  split-tunnel-network-list value VPNT_splitTunnelAcl
   default-domain value router.local
  username grimesvpn password 7.wersfhyt encrypted
  username grimesvpn attributes
   service-type remote-access
  tunnel-group SSLVPN type remote-access
  tunnel-group SSLVPN general-attributes
   address-pool vpnpool
   default-group-policy SSLVPN
  tunnel-group SSLVPN webvpn-attributes
   group-alias SSLVPN enable
  tunnel-group VPNT type remote-access
  tunnel-group VPNT general-attributes
   address-pool vpnpool
   default-group-policy VPNT
  tunnel-group VPNT ipsec-attributes
   ikev1 pre-shared-key *****
  class-map inspection_default
   match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
   parameters
    message-length maximum client auto
    message-length maximum 512
  policy-map global_policy
   class inspection_default
    inspect dns preset_dns_map 
    inspect ftp 
    inspect h323 h225 
    inspect h323 ras 
    inspect rsh 
    inspect rtsp 
    inspect esmtp 
    inspect sqlnet 
    inspect skinny  
    inspect sunrpc 
    inspect xdmcp 
    inspect sip  
    inspect netbios 
    inspect tftp 
    inspect ip-options 
    inspect icmp 
  service-policy global_policy global
  prompt hostname context 
  no call-home reporting anonymous
  Cryptochecksum:36271b5a1b9382621e14c3aa635e2fbb
  : end

  Hi Vibor. Apologies if my comment was misunderstood.  What I meant to say was that the security level of the dmz interface should probably be less than 100. 
  And therefore traffic could be controlled between DMZ and inside networks. 
  As per thr security level on the DMZ interface. ....... that command is correct. :-)

• Lion server doesn't delete open port service once added in time capsule mgmt from server app.

  I was trying to set a specific port to avoid file sharing conflict using time capsule as main router with lion server.
  I added a new public service in Server.app in time capsule section where you can manage Airport setting and open ports for mail cal vpn etc. I  assigned a port and given a name as requested. In my case a named "test"  and gave port number 5678 to try.
  Once I decided to delete this public service I noticed that anytime I make a changes in Server.app in Time capsule settings Server.app perform a refresh and the deleted servirce appear again and again with the same name and same setting in airport utility (ports management)
  The only way to delet it is to go in airport utility and delete that from there. But in the chance you want to make another change in TC managemnet from Server.app you.ll see the service deleted from everywhere magically appearing again in your airport device in my case a TC.
  Callled Apple and they said to investigate the forum.
  Now if I maje a change in Server app. TC section to add or remouve public service I have 10 usefull open ports (not enabled) in Airport ( TC)
  Any Help?
  Thx
  Jo

  I have been having this same problem, except that I cannot open basic ports through either app. I've tried opening the standard web services port on 80, but neither app (Server or Airport Utility) will open it. Apple support has been worthless.

• Mac OS X Leopard Firewall/default open ports rpcbind?

  Hi,
  I'm looking into hardening/securing mac os x leopard and noticed that port 111 rpcbind is open. Is rpcbind open by default? What are leopards default open ports on a fresh install?
  Also is there any way to run openbsd/freebsd PF firewall?
  Thanks!

  This is what nmap reports:
  Starting Nmap 4.76 ( http://nmap.org ) at 2009-03-02 12:28 EST
  Warning: Unable to open interface vmnet8 -- skipping it.
  Warning: Unable to open interface vmnet1 -- skipping it.
  Interesting ports on localhost (127.0.0.1):
  Not shown: 993 closed ports
  PORT STATE SERVICE
  111/tcp open rpcbind
  631/tcp open ipp
  1021/tcp open unknown
  1022/tcp open unknown
  1023/tcp open netvenuechat
  2049/tcp open nfs
  49152/tcp open unknown
  Nmap done: 1 IP address (1 host up) scanned in 10.55 seconds
  nestat -a | grep LISTEN confirms:
  tcp6 0 0 localhost.ipp . LISTEN
  tcp4 0 0 *.49152 . LISTEN
  tcp4 0 0 *.1021 . LISTEN
  tcp4 0 0 *.1022 . LISTEN
  tcp4 0 0 *.sunrpc . LISTEN
  tcp4 0 0 *.nfsd . LISTEN
  tcp4 0 0 *.1023 . LISTEN
  tcp4 0 0 localhost.ipp . LISTEN
  tcp6 0 0 localhost.ipp . LISTEN
  Not too sure what netvenuechat is and I have no idea why NFS is open/running. I'm not connecting to any NFS shares. How do I lock everything down?
  Any suggested IPFW rules?
  Here is what 'ipfw show' returns:
  3300 36 2160 deny icmp from any to me in icmptypes 8
  65535 866558 351141790 allow ip from any to any
  Thanks,
  Juan

• NAT default open ports

  I want to use the NAT firewall of AirPort Express.I scan APE ports when NO ports are forwarded and these ports are open by default:
    Open TCP Port:           21                         ftp
             Open TCP Port:           53                         domain
             Open TCP Port:           139                        netbios-ssn
             Open TCP Port:           445                        microsoft-ds
             Open TCP Port:           548                        afpovertcp
             Open TCP Port:           554                        rtsp
             Open TCP Port:           5009                       winfs
             Open TCP Port:           7070                       arcp
  My question is why?
  And there are some way to close some?
  I don't use FTP and other services.

  By default, all inbound ports on the Apple routers are closed already, but they are not designed to be stealthy. As such, certain utilities can see them as open.
  Please check out the following Chron article. It may be a bit outdated but I think it drives the point across why Apple decided not to make their base station ports stealthy.

• I have recently updated my CC programs to the latest version and now all of my files wont open by default into their respective programs, only if I open the program and go to file open and open the file from there. How can I fix this?

  I have recently updated my CC programs to the latest version (CC2014) and now all of my files wont open by default into their respective programs, only if I open the program and go to file>open and open the file from there. How can I fix this?
  I have tried 'Open with' and the version of the program now installed on my computer isn't even suggested as an option and when I browse for it, the file wont open with it anyway

  On Windows (don't know about Mac), the latest version will always take over the file association, and become the default for indd files. It's impossible to change it.
  But there is a plugin for ID that makes this possible. Never tried it myself.
  https://www.rorohiko.com/wordpress/downloads/lightning-brain-soxy/

• I have a game on my xbox one that is telling me I need to open ports in order to play it I am not all that tech savvy and have no idea how to do this

  I have an airport extreme and I am trying to play a new game on my xbox one and it keeps kicking me I have comcast internet that is more than fast enough so I went to the games site and it says I need to either create a static ip or to open ports no idea how to do either of these or what that does any help would be appreciated.

  There are heaps of posts here about how to open ports on apple routers specifically for xboxes.
  AirPort Extreme and xbox 360

• Illustrator Default PDF, if open in Acro Pro, drag and drop other .ai files, will they also....

  Hi! I'm trying to archive (for myself and others for easy access) about 50 fairly complex .ai files in a single Illustrator Default PDF and maintain editability and preserve layer and grouping integrity for every separate file, and, i'm probably going to have to do this hundreds of times (at least!) in the future. Once i save the initial first pdf file through Illustrator (wish didn't even have to do this, but seems no way to do in Bridge), then open the resulting pdf w Acrobat Pro, can i then just select an entire folder's worth of ai files in Bridge, drag and drop them into the pages panel and still have the dragged and dropped files also preserve all their AI info and layer/ group integrity? An if not, thinking if not based on 20 similar experiments, what's a fast way to do this. Doing this manually each time: opening each file in AI then saving as AI pdf, then combining and arranging them all after the fact, would be, well, fairly effed in terms of time, carpal tunnel, arthritis etc. Experimented w Bridge PDF Output batching (terrible rasterized lo-res results, but great for its intended purpose) and just dragging and dropping into Acrobat (lose complicated layer names and info, all flattened to single layer). Any help most appreciated, and as i do not have regular access to das interwebs  (i live on a boat) would appreciate and heed gentle admonishment if i've misposted or broached any community etiquette here. I've researched this as well as i can but can't find anything efficient/ elegant not involving InDesign, and even then the details are skimpy. Thank You! Getting mentally exhausted and not a little loopy. Keep in mind had to teach myself both Illustrator, Acrobat etc with access to the very limited offline help menus (the boat), so a complex answer involving learning InDesign would be learning curve can't even imagine with everything else struggling to do. But if you're willing to babystep diagram it out for me or can find me a link that does i will not only be eternally grateful but will do my durndest to master it and pass it on....Thanks Again! lil mc szpf
  PS If it helps I'm running the diligent dogged dusty beloved workhorse CS4 Design Premium on 27" monitor 2010 Mac (OS X 10.6.8), and took advantage of rare housesitting net access to install all most recent updates of everything, i'm barely competent w AI, PS, BR and been tackling Acrobat for past couple of months now....

  im glad that somebody is atleast trying. perhaps i need to be more clear.
  i will step by step describe the issue in detail.
  1) i open an email that contains an attachment .dxf or .pdf
  2) i click on the attachment shown in the email and aprompt comes up asking if i want to open or save the attachment.
  3) i select save. (by default it saves to a downloads folder. but i have also chosen to use other folders (when i did that it wouldnt save them)
  4) i highlight the downloads arrow on the right top side of my browser and click it
  5) it pulls down a list of the files that i USED to be able to click and drag onto my destop, or anyplace i chose
  6) used to be when i clicked and held the left mouse button down on top of a file of my choosing it would highlight and as i began to drag, a ghost image would appear of the file i was dragging. showing a (/) symbol next to it showing i couldnt drop the file within the browser and a + simbol showing that i could drop the file when the file was hovering over a place where i could drop the file such as my desktop or other folder. now, when i click and hold on the file.... I DONT get anything. when i drag. nothing follows. while i am "dragging" in the area that is my browser, i get the pointy finger icon. as soon as i enter an area where i could have dropped the file as before, i get my standard cursor arrow.
  its really as if the drag and drop feature just dosent work IN FIREFOX.
  i can drag and drop files all day long everyplace else.

• Firewall in 10.5, how to open ports and how to manage?

  I am pulling my hair out with the new firewall in 10.5. In 10.4 I could just set ports as I liked in the control panel, in 10.5 there is no such thing.
  I need to for example open port 49999 to allow PageSender to function in my network.
  I need to open port 5901 to work with JollyFast VNC, as port 5900 is used by Apple Remote Desktop and the conflict if they both use the same port.
  Some of these ports I need permanent open like 59999 and others for one session and than close again, like 5901. Again in 10.4 I made the rule in the pref pane, ticked the box and Bob was your uncle. Now?
  I would like to be able to see what ports are open and active on the machine. I have no idea as to where I could see this.
  And at the same time I would like to keep the firewall as closed as possible as I am often on line in hotels etc.
  So I need help, is there a manual somewhere someone is aware of? Or do you have any answers?

  The new Application Firewall does not work in the same way as IPFW (the main firewall in 10.4).
  Instead of managing ports, it simply controls the access of applications to any port. Thus, if you want PageSender to receive connections, you simply need to switch the firewall to "Set access for specific services and applications", and then add PageSender to the list, with "Allow incoming connections". When you do this, PageSender will be able to receive connections on any port that it needs to.
  If you don't like this method of controlling connections, you can still use IPFW. Apple has removed the GUI, but you can download a GUI application like [NoobProof|http://www.hanynet.com/noobproof> or [WaterRoof|http://www.hanynet.com/waterroof/index.html], and you can then set access for specific ports.
  There are no problems with using both IPFW and Application Firewall.
  Cheers,
  Rodney

• I installed 10.6.8 from 10.6.6 on my Macbook Pro and now can't open Safari-think it's something to do with the Intego anti-virus software. Reverted Intego software back to default state and now computer just boots ups up slowly and can't access a thing.

  I installed 10.6.8 from 10.6.6 OS on my MacBook Pro and have not been able to open secure sites on Safari.  Think it has something to do with the Intego Anti-virus installed.  Tried restoring Intego to default status and now my Mac barely boots up and does nothing else but spin.  Ugh.  Has anyone had similar issues and if so, were you able to resolve?  How?  Thanks, 

  1: Backup your user files folders of Documents, Music, Pictures etc., to a external powered drive (not TimeMachine) and disconnect.
  2: Insert the 10.6 installer disk and reboot holding c
  3: Simply reinstall OS X without erasing the drive, it will overwrite the installed version of OS X and the root level software, but leave your Applications folder contents (expect Apple bundled programs) and user files alone. (but backup anyway in case it fails)
  4: Reboot and the Integro is gone out of your system, but there may still be something laying around in Applicaitons to delete. Use Software Update to get up to date.
  5: You don't need anti-virus on a Mac, Apple provides it already for you sight unseen.
  6: If you Software update, the bad certificate issues are pulled, thus are not a threat.

• How do I open ports on my airport extreme and assign a fixed IP Address for a device connected to my network?

  I recently had a security system installed in my house.  One of the features is an EPAD which enables me to have a virtual keypad on my iphone, and computer to operate the alarm system.  The technician was not familiar with Mac's and Airports.  How do I open port 80 to 80 in my airport and assign a fixed IP address for the EPAD?  Apparently this is what is needed to make this work.

  There are three ranges of "strictly local" IP addresses reserved for local Network use:
  192.168.xxx.yyy
  172.16.xxx.yyy
  10.xxx.yyy.zzz
  What your Router does for you is to act as your agent on the Internet.Your requests are packaged up and forwarded on your behalf, and only when a response is expected is the response returned to your local IP address.
  Directing Network Traffic to a Specific Computer on Your
  Network (Port Mapping)
  AirPort Extreme uses Network Address Translation (NAT) to share a single IP address with the computers that join the AirPort Extreme network. To provide Internet access to several computers with one IP address, NAT assigns private IP addresses to each computer on the AirPort Extreme network, and then matches these addresses with port numbers. The wireless device creates a port-to-private IP address table entry when a computer on your AirPort (private) network sends a request for information to the Internet.
  If you’re using a web, AppleShare, or FTP server on your AirPort Extreme network, other computers initiate communication with your server. Because the Apple wireless device has no table entries for these requests, it has no way of directing the information to the appropriate computer on your AirPort network.
  To ensure that requests are properly routed to your web, AppleShare, or FTP server, you need to establish a permanent IP address for your server and provide inbound port mapping information to your Apple wireless device.
  To set up inbound port mapping:
  1) Open AirPort Utility, select your wireless device, and then choose Base Station > Manual Setup, or double-click the device icon to open its configuration in a separate window. Enter the password if necessary.
  2) Click the Advanced button, and then click Port Mapping.
  3) Click the Add button and choose a service, such as Personal File Sharing, from the Service pop-up menu.

• I have a dvr and I want to monitor from my phone.  this worked when I had a Belkin router that let me open ports.  I use "canyouseeme" and it can't see 80, 9000 or 1025. How do I make them available?

  I have a Lorex DVR that I want to monitor from my IPhone and IPad.  I used to be able to do this when I had a Belkin router (easy to open ports) but I bought the AirPort Extreme router and no longer have that capability.  When I use "canyouseeme" they can NOT see 80, 9000 or 1025.  Lorex says I need them all available in order to access.  Help!  And all the help I see refers to a earlier version of the AirPort Utility so I cant use those to look at anything, I cant find the same screens, I have version 6.1 (610.31).  I also don't really understand how ports work, so I need a pretty basic explanation.

  Well...I went to the modem (Westell, WireSpeed), found the NAT settings, once again, I'm WAY over my head, I am assuming this is a TCP connection (as opposed to a UDP) and per Lorex my mobile devices will use port 1025.  So I gave it a "global port range" of 1-10 and I indicated that the "base host port" was 80, 1025, & 9000 (ports 1,2,3).  When I selected the 'enable' it asked for a "host devise" my choices are my IPhone, IMac and the IP address for the dvr, so I choose the dvr.  I still cannot connect and canyouseeme still can NOT find these open ports.  This is taking up my whole day! I don't know how people figure this stuff out.