DMZ problem with WRT54GH
Hi,
I'm having problems with my router WRT54GH. The DMZ function does not work.
I need it because I have a WEB+FTP server here.
I did several tests, such as turning on and off the firewall and put the DMZ as MAC Address and IP Address, and other changes. I contacted the Cisco/Linksys support and they also ran several tests remotely, but without success.
They asked me to wait, but I think that somebody else might be having the same problem or have solved it.
So, anyone could help me?
Thanks!
Felipe
First assign a static IP address to the WEB/FTP server.
Open the setup page of the router and go to Application and gaming tab. Click on DMZ sub tab.
Set the Source IP address to Any. In Destination IP address type the IP address of your FTP server. Save the settings.
Click on Setup page and change the MTU size to 1365. Save the settings.
Click on Security tab and uncheck ' Filter Anonymous Internet Requests'.
Do not disable the SPI firewall. Save the settings.
Power cycle the router and see if that works.
Make sure that firmware on your router is upgraded. If not then upgrade/re-flash the firmware on your router.
Connect the computer with the Ethernet cable to the router.
Download the latest firmware from Linksys website and save it on your computer. Open the setup page of the router. Click on Administration tab and go to Firmware upgrade sub tab. Browse the firmware file that you have already downloaded and upgrade it on your router.
After upgrading the firmware on the router, it is recommended that you should reset the router and reconfigure it. Press and hold the reset button on the router for 30 seconds. Release the reset button and wait for 30 seconds. Power cycle the router and reconfigure it.
Who is your Internet service provider?
Go to the Status tab of the router setup page and check the Internet IP address. Make sure that it is a public IP address.
You can also try opening only port 21 for FTP sever and see if that works.
Similar Messages
-
RD Gateway 2012 R2 (DMZ) - Problem with authentification (NULL SID)
Hello,
I have a problem with a RD Gateway 2012 R2, that domain users can't log on over the RD Gateway to the RD Sessionhost. I get an error message in the eventlog on the RD Gateway.
Protokollname: Security
Quelle: Microsoft-Windows-Security-Auditing
Datum: 09.12.2014 16:45:24
Ereignis-ID: 4625
Aufgabenkategorie:Anmelden
Ebene: Informationen
Schlüsselwörter:Überwachung gescheitert
Benutzer: Nicht zutreffend
Computer: DMZ2.bptest.local
Beschreibung:
Fehler beim Anmelden eines Kontos.
Antragsteller:
Sicherheits-ID: NULL SID
Kontoname: -
Kontodomäne: -
Anmelde-ID: 0x0
Anmeldetyp: 3
Konto, für das die Anmeldung fehlgeschlagen ist:
Sicherheits-ID: NULL SID
Kontoname: [email protected]
Kontodomäne:
Fehlerinformationen:
Fehlerursache: Bei der Anmeldung ist ein Fehler aufgetreten.
Status: 0xC000005E
Unterstatus:: 0x0
Prozessinformationen:
Aufrufprozess-ID: 0x0
Aufrufprozessname: -
Netzwerkinformationen:
Arbeitsstationsname: SCHULUNG
Quellnetzwerkadresse: -
Quellport: -
Detaillierte Authentifizierungsinformationen:
Anmeldeprozess: NtLmSsp
Authentifizierungspaket: NTLM
Übertragene Dienste: -
Paketname (nur NTLM): -
Schlüssellänge: 0
Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.
Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".
Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).
Die Felder für die Prozessinformationen geben den Prozess und das Konto an, für die die Anmeldung angefordert wurde.
Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. Der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.
Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.
- Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.
- Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.
- Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.
The domain administrator can log on successfully over the RD Gateway. When i log on a domain user on the RD Gateway server console first and then log on over the RD Gateway, the authentication works fine.
The RD Gateway 2012 R2 has been installed as well as the instructions (http://technet.microsoft.com/en-us/library/cc754191.aspx). I have tried a lots of things, but without a result.
e.g.
register NPS in the AD
all ports in the Firewall between LAN and DMZ are opened
set the "Network security: LAN Manager authentication level" to "Send NTLMv2 response only"
re-install of the RD Gateway 2012 R2
Environment:
All machines have Windows Server 2012 R2 or Windows 8/8.1 with the latest updates. All servers are virtualized with Hyper-V.
Domaincontroller (LAN)
RD Sessionhost (LAN)
RD Gateway (DMZ)
Clients (DMZ/WAN)
Hardware-Firewall (3-zone)
Does anyone have an idea, what might be the problem?
Best regards,
BpDkHi,
From your description seems there is user permission issue and that’s the reason you can’t logon to the remote desktop. For this you can I would like to check whether you have done the following steps for troubleshooting.
Need to create RD CAP and RD RAP policies and also add the user under RD CAP properties for proper access. RD CAPs allow you to specify who can connect to an RD Gateway server. You can specify a user group that exists on the local RD Gateway server or in Active
Directory Domain Services. You can also specify other conditions that users must meet to access an RD Gateway server. You can list specific conditions in each RD CAP. For example, you might require a group of users to use a smart card to connect through RD
Gateway.
When there is no AD DS in the perimeter network, ideally the servers in the perimeter network should be in a workgroup, but the RD Gateway server has to be domain-joined because it has to authenticate and authorize corporate domain users and resources.
Please check below article for more troubleshooting and provide access & authenticate user.
RD Gateway deployment in a perimeter network & Firewall rules
http://blogs.msdn.com/b/rds/archive/2009/07/31/rd-gateway-deployment-in-a-perimeter-network-firewall-rules.aspx
Hope it helps!
Thanks.
Dharmesh Solanki
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
Problem with Content Server 4 keystore access on Ubuntu 8.04
Hello,
Setting up the Content Server I encounter this problem with the fulfillment server Status check-up:
exception
javax.servlet.ServletException: Servlet execution threw an exception
root cause
java.lang.Error: Problem reading key and certificate from keystore
com.adobe.adept.fulfillment.security.ServerConfig.init(ServerConfig.java:201)
com.adobe.adept.fulfillment.security.ServerConfig.getSigningURL(ServerConfig.java:48)
com.adobe.adept.fulfillment.servlet.FulfillmentServerStatus.getServers(FulfillmentServerStatus.java:34)
com.adobe.adept.common.servlet.Status.checkUp(Status.java:355)
com.adobe.adept.common.servlet.Status.doGet(Status.java:421)
javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
I've created operator.p12 according to the instructions in the Quickstart guide
and placed it in /etc where it is accessible by the server. I used OpenSSL 0.9.8k
for this.
I can use "openssl pkcs12 -in operator.p12 -out file.pem" to view the contents of
the file.
My Content Server fulfillment configuration is as follows:
com.adobe.adept.init1=com.adobe.adept.shared.util.SharedInitialization
com.adobe.adept.log.level=trace
com.adobe.adept.log.file=/var/log/fulfillment.log
com.adobe.adept.persist.sql.driverClass=com.mysql.jdbc.Driver
com.adobe.adept.persist.sql.connection=jdbc:mysql://127.0.0.1:3306/adept
com.adobe.adept.persist.sql.dialect=mysql
com.adobe.adept.persist.sql.user=ereading
com.adobe.adept.persist.sql.password=********
com.adobe.adept.fulfillment.security.licensesignURL=https://eusigningservice.adobe.com/licensesign
com.adobe.adept.fulfillment.security.keystore.user=operator
com.adobe.adept.fulfillment.security.keystore.password=********
com.adobe.adept.fulfillment.security.pkcs12.file=file:///etc/operator.p12
com.adobe.adept.serviceURL=http://******.dmz.******.org/fulfillment
Any ideas?
Best regards,
Teemufor solve this, change this
com.adobe.adept.fulfillment.security.pkcs12.file=file:///etc/operator.p12
for this
com.adobe.adept.fulfillment.security.pkcs12.file=/etc/operator.p12 -
Problem with two Xbox 360's being online at same time with WRT54GS router
Hey guys, I have a bit of an annoying problem. I have multiple 360 consoles which are occasionally online at the same time. When one is on, it either causes connection problems with the other or blocks the other from signing on all together. Both are using the official wireless adapters and are hooked up to my WRT54GS. Usually when one of them fails at the connection test, it's a DNS failure, but it has occasionally been an IP failure.
I've already tried:
-setting them both up with static IPs. This caused NAT issues and didn't really fix the problem with one of the consoles kicking the other off.
-forwarding ports to one while leaving the other alone, setting one up in a DMZ while leaving the other alone, and setting one up in a DMZ and forwarding the ports to the other. All three trials showed no improvement, and caused NAT problems.
Also yes, I do have UPnP enabled.
*sigh*
This problem has been driving me up the wall for months now. No one I've talked to has been able to figure it out. If anyone can offer me a solution I will forever be in your debt.You can set a Static Ip on Both the XBOX and then login to your router and do Port Triggering, this may solve your problem.
-
Problem with Apache reverse proxy after applying SP13 NW
Hello,
we have a NW04 EP Portal and a Apache reverse proxy in the DMZ. After applying SP 13 for the portal we get the following error from the reverse proxy:
Proxy Error
The proxy server received an invalid response from an upstream server.
The proxy server could not handle the request GET /irj/.
Reason: Error reading from remote server
Apache/2.0.52 (Win32) mod_ssl/2.0.52 OpenSSL/0.9.7e Server at servername.company.de Port 443
Is is it possible, that there is a problem with sp13?
Best regards
Daniel HolsteinHi Daniel,
ok I`ll try to find a solution in parallel and keep you up to date.
In the following my settings in case I missed something:
<VirtualHost test.firma.de:443>
SSLEngine on
SSLProxyEngine on
SSLCertificateFile /apache/keys/pac_ssl_qep_dmz_server.crt
SSLCertificateKeyFile /apache/keys/pac_ssl_qep_dmz_server.key
ServerName test.firma.de:443
ServerAdmin [email protected]
LogLevel debug
ErrorLog logs/ssl_443_error
CustomLog logs/ssl_443_access_log common
ProxyVia Off
ProxyPreserveHost On
ReWriteEngine on
ReWriteLogLevel 0
ReWriteLog logs//ssl_443_rewrite_http.log
ProxyPass / https://backend.firma.de:50001/
ProxyPassReverse / https://backend.firma.de:50001/
</VirtualHost>
Regards, Jens -
Problem with no nat after upgrade version
Hello Guys...
Im having problems with nat after upgrade....
source = 10.11.7.14
destination = 10.0.32.10
the next hop for 10.0.32/24 is 10.0.5.1, by inside interface. My firewall Pings this 10.0.5.1. When I change the router to doesnt pass by firewall, the connection works from source to destination, works!
In log, im receiving this message:
6
Nov 23 2012
15:24:54
302303
spbwts02_0303
55517
10.0.32.10
80
Built TCP state-bypass connection 249015 from dmz:spbwts02_0303/55517 (spbwts02_0303/55517) to inside:10.0.32.10/80 (10.0.32.10 /80)
6
Nov 23 2012
15:27:29
302304
spbwts02_0303
51123
10.0.32.10
80
Teardown TCP state-bypass connection 242785 from dmz:spbwts02_0303/51123 to inside:10.0.32.10/80 duration 1:00:10 bytes 0 Connection timeout
In 8.2 I had this NAT:
DMZ interface:
Exempt 10.0.32.0/24 10.11.7.0/24 (outbound)
I have a bypass for those networks and services. I guess I dont need bypass because the packet comes from dmz and goes to inside, right? Anyway, I removed bypass and nothing happen!
And now, in 8.4(5) I have:
DMZ Inside obj-10.11.7.0/24 obj-10.0.32.0/24 any original original
What can be my problem?route, look:
Before:
route inside 10.0.32.0 255.255.255.0 10.11.5.1 1
Now and working:
route inside 10.0.32.0 255.255.255.0 10.11.2.3 1
I dont have an interface in the 10.11.5.0 network. I guess when someone configured the route, put this 10.11.5.1 as gateway, but I dont know how it was working.
Now, I changed to 10.11.2.3 and OK. My firewall has an interface in 10.11.2.0 newtork.
But the bypass is a mistery to me yet! -
Airport wifi problems with uverse and gigabit switch resolved
I think there is a bug in airport firmware 7.6 with how spanning tree works in addition to problems with the Uverse router. Having an Airport with a uverse 2wire 3801 and gigabit switch will not work. Putting the extreme in NAT mode with DMZ plus behind the uverse resolved the problem.
Network configuration:
Uverse 2wire 3801 router
3801 provides prioritization for upstream traffic so skype and VoIP work better when doing a lot of stuff on Internet
Airport extreme firmware 7.6
two airport express 802.11n hardwired to extreme. Set up in bridge mode. All access points have same SSID "create a network" to enable roaming. Ignore anything to do with extending a network. firmware 7.6
two gigabit switches
Netgear GS608 - 8 port gigabit switch
Trendnet TEG-S80g - 8 port gigabit switch
100BT 5 port switch - did not figure into problem
Three Uverse set top boxes wired on Ethernet. They have to be wire directly to the 2wire box to work correctly. See: http://forums.att.com/t5/Features-and-How-To/At-amp-t-U-Verse-modem-setup-Airpor t-Extreme/td-p/2300785
However, you need to be careful to place your own PCs and other internet devices on the network created by your gear (airport extreme in your case), but keep AT&T's set top boxes for the IPTV services IN FRONT of your own router - so they remain on AT&T's provided network.
So it would work like this ...
Network 1: 2wire RG (4 lan ports) -> Any Set tops, and to the WAN port on your AirportExtreme
Network 2: Airport Extreme LAN ports -> to any computers or internet devices (but not AT&T set top boxes).
The RG prioritizes the traffic for your Uverse Voice and your Uverse TV ahead of internet data traffic, as it rationalizes data heading out of your home. If you place your own equipment in that equation (like putting AT&T set top boxes behind your Airport Extreme) the performance and function of your AT&T set top boxes could really flake out on you.
Symptom:
Everything would be working fine, then intermittently all my wifi access points would stop working. ~6,000 ms latency, dropped packets. Ethernet worked fine. Here is an example of my macbook pinging the extreme when associated with the extreme over wifi with a strong signal.
ping: sendto: Host is down
Request timeout for icmp_seq 23
Request timeout for icmp_seq 24
64 bytes from 192.168.1.64: icmp_seq=25 ttl=255 time=267.051 ms
Request timeout for icmp_seq 26
Request timeout for icmp_seq 27
Request timeout for icmp_seq 28
64 bytes from 192.168.1.64: icmp_seq=26 ttl=255 time=3402.599 ms
Request timeout for icmp_seq 30
Request timeout for icmp_seq 31
Request timeout for icmp_seq 32
64 bytes from 192.168.1.64: icmp_seq=30 ttl=255 time=3060.673 ms
64 bytes from 192.168.1.64: icmp_seq=34 ttl=255 time=24.115 ms
64 bytes from 192.168.1.64: icmp_seq=35 ttl=255 time=31.056 ms
64 bytes from 192.168.1.64: icmp_seq=36 ttl=255 time=39.828 ms
Root cause:
It looks like the 2wire 2801 router has a problem with spanning tree when interoperating with gigabit switches and airports. There is interplay with the airport.
I did not have this problem until the 7.6 airport firmware. I had been using the Netgear hub for about a year with the extreme in bridge mode. I added the Trendnet hub and upgraded airport firmware at the same time which made fault isolation difficult.
Problem recreation:
Set up airport expresses hard wired to extreme
Connect gigabit switch anywhere to network
Everything OK
Dettach one computer from wifi then reattach, then all wifi stops working. It takes a few seconds for the problem to propagate.
Ethernet still works fine
Problem Resolution:
Connect to 2wire with ethernet
Set 2wire route to have subnet as 192.168.2.x
Set extreme in NAT mode behind 2wire. It will complain about double NAT. Override the warning. Set the subnet to 192.168.1.x so you don't have to change any static IP addresses. Note that 2wire uses 192.168.1.254 as default route whereas airport uses 192.168.1.1.
I set DHCP to start at .10 to leave the lower addresses for assigning static IP addresses to computers I want to expose outside the firewall.
Go into firewall settings. Select airport extreme. Select the bottom setting which is "DMZ Plus". When you go into the airport extreme settings, you will now see that it has the uverse public IP address on its WAN port. NAT port mappings work fine on the extreme behind the 2wire router.Keeping this very short here is a summary of the actual problem and solution to allow your Apple Airport Extreme to run in Bridge mode on the same subnet as your uVerse settop boxes (if your Layer 2 switch is configurable).
Devices: Uverse, Cisco SG300, and Airport Extreme
uVerse uses Multicast to broadcast video streams between the uVerse network to the settop box, and from settop box to settop box.
X number of Multicast Groups are created based on X number of settop boxes you have. You can see the multicast definitions by logging into the webinterface of the iNid. Each settop box is a member and can choose to display a broadcasted TV stream or not.
Multicast membership is setup by the use of ICMP messages for IPv4 (MLD for IPv6). Each of the settop boxes become members of each others multicast group by reporting up to the iNid (MultiCast Proxy).
In an ideal world a layer 2 switch will track these memberships and only forward a broadcast packet to the ports on the switch to which the settop boxes are connected to. The switch would do these via snooping on the ICMP packets. Most switches by default do not do this by default and simply forward the broadcast packett out every one of it's switch ports.
Here in lies the problem. Problem is that the Apple AES doesn’t do ICMP snooping / filtering and floods the wireless network with these broadcast streams.
In order to fix this you must turn on ICMP snooping and filtering on the switch (or buy a switch that does this). I have a Cisco SG300 and list out the configuration below.
Other notes:
Ensure that all Media renderers (settop boxes) and servers are wired directly off the switch and not attached to any of the Airport Express ports. This way no media transverses the Airport (only control point traffic goes through the WiFi - which is fine). Obviously if the IGMP snooping switch sees any client requesting Multicast streaming traffic on the same port as the WAP, it will add that Multicast address to the forwarding table for that port, and then, yes it could get flooded.
Remember, you need to allow some Multicast traffic through your WAP to allow UPnP discovery to work (assuming that you will be using Wireless control points.)
Read the Multicast chapter in the SG 300 switch Admin Guide as it explains things very well.
Setting up multicast on the SG300s using the WebUI:
1. Multicast/Properties/
Tick enable Bridge Multicast Filtering Status for VLAN 1, and
set the Forwarding Method to IP Group Address for both IPv4 & IPv6.
2. Multicast/ IGMP snooping/
Tick enable IGMP snooping status then select and edit the entry and ensure that IGMP querier status is ticked.
It's essential for IGMP snooping to work that there must be at least one active IGMP querier on the network - if more than one is enabled, they will carry out an "election" to decide which one should be active (normally the one with the lowest IP address.)
3. Multicast Router Port
Set whichever port that is connected to the uVerse iNid to Status which means that it the uVerse router connected to this port is the Multicast Router
4. Multicast/ Unregistered Multicast
set all ports to Filtering. (The default is Forwarding.)
There are a lot of other variables within all the above - the defaults are OK, you should probably leave them alone!
In the config file you would then expect to see the above appearing as something like this:
ip igmp snooping
ip igmp snooping vlan 1
ip igmp snooping vlan 1 immediate-leave
interface vlan 1
bridge multicast mode ipv4-group
bridge multicast ipv6 mode ip-group
interface range gi1-10
bridge multicast unregistered filtering
ip igmp snooping vlan 1 querier
ip igmp snooping vlan 1 querier address <IP-Addr> -
SFTP MGET of large files fails - connection closed - problem with spool file
I have a new SFTP job to get files from an FTP Server. The files are large (80mg, 150mg). I can get smaller files from the ftp site with no issue, but when attempting the larger files the job completes abnormally after 2 min 1 sec. each time. I can see the file is created on our local file system with 0 bytes, then when the FTP job fails, the 0 byte file is deleted.
Is there a limit to how large an ftp file can be in Tidal? How long an ftp job can run?
The error in the job audit is Problem with spool file for job XXXX_SFTPGet and an exit code of 127 (whatever that is).
In the log, the error is that the connection was closed. I have checked with the ftp host and their logs show that we are disconnecting unexpectedly also.
Below is an excerpt from the log
DEBUG [SFTPMessage] 6 Feb 2015 14:17:33.055 : Send : Name=SSH_FXP_STAT,Type=17,RequestID=12
DEBUG [SSH2Channel] 6 Feb 2015 14:17:33.055 : Transmit 44 bytes
DEBUG [ChannelDataWindow] 6 Feb 2015 14:17:33.055 : Remote window size decreased to 130808
DEBUG [PlainSocket] 6 Feb 2015 14:17:33.071 : RepeatCallback received 84 bytes
DEBUG [SSH2Connection] 6 Feb 2015 14:17:33.071 : ProcessPacket pt=SSH_MSG_CHANNEL_DATA
DEBUG [SFTPMessageFactory] 6 Feb 2015 14:17:33.071 : Received message (type=105,len=37)
DEBUG [SFTPMessageStore] 6 Feb 2015 14:17:33.071 : AddMessage(12) - added to store
DEBUG [SFTPMessage] 6 Feb 2015 14:17:33.071 : Reply : Name=SSH_FXP_ATTRS,Type=105,RequestID=12
DEBUG [SFTPMessage] 6 Feb 2015 14:17:33.071 : Send : Name=SSH_FXP_OPEN,Type=3,RequestID=13
DEBUG [SSH2Channel] 6 Feb 2015 14:17:33.071 : Transmit 56 bytes
DEBUG [ChannelDataWindow] 6 Feb 2015 14:17:33.071 : Remote window size decreased to 130752
DEBUG [PlainSocket] 6 Feb 2015 14:17:33.087 : RepeatCallback received 52 bytes
DEBUG [SSH2Connection] 6 Feb 2015 14:17:33.087 : ProcessPacket pt=SSH_MSG_CHANNEL_DATA
DEBUG [SFTPMessageFactory] 6 Feb 2015 14:17:33.087 : Received message (type=102,len=10)
DEBUG [SFTPMessageStore] 6 Feb 2015 14:17:33.087 : AddMessage(13) - added to store
DEBUG [SFTPMessage] 6 Feb 2015 14:17:33.087 : Reply : Name=SSH_FXP_HANDLE,Type=102,RequestID=13
DEBUG [SFTPMessage] 6 Feb 2015 14:17:33.087 : Send : Name=SSH_FXP_READ,Type=5,RequestID=14
DEBUG [SSH2Channel] 6 Feb 2015 14:17:33.087 : Transmit 26 bytes
DEBUG [ChannelDataWindow] 6 Feb 2015 14:17:33.087 : Remote window size decreased to 130726
DEBUG [PlainSocket] 6 Feb 2015 14:17:33.118 : RepeatCallback received 0 bytes
DEBUG [SFTPChannelReceiver] 6 Feb 2015 14:17:33.118 : Connection closed: (code=0)
ERROR [SFTPMessageStore] 6 Feb 2015 14:17:33.118 : Disconnected unexpectedly ( [errorcode=0])
ERROR [SFTPMessageStore] 6 Feb 2015 14:17:33.118 : EnterpriseDT.Net.Ftp.Ssh.SFTPException: [errorcode=0]
ERROR [SFTPMessageStore] 6 Feb 2015 14:17:33.118 : at EnterpriseDT.Net.Ftp.Ssh.SFTPMessageStore.CheckState()
ERROR [SFTPMessageStore] 6 Feb 2015 14:17:33.118 : at EnterpriseDT.Net.Ftp.Ssh.SFTPMessageStore.GetMessage(Int32 requestId)I believe there is a limitation on FTP and what you are seeing is a timeout built into the 3rd party application that tidal uses (I feel like it was hardcoded and it would be a big deal to change but this was before Cisco purchased tidal) there may have been a tagent.ini setting that tweaks that but I can't find any details.
We wound up purchasing our own FTP software (ipswitch MOVEit Central & DMZ) because we also had the need to host as well as Get/Put to other FTP sites. It now does all our FTP and internal file delivery activity (we use it's api and call from tidal if we need to trigger inside a workflow) -
Problem with Port Forwarding in WRT320N
Good day.
I have a web-server and Internet-radio translator to local network of my provider. And I found a problem with Port Forwarding. I'm trying to setup 80 & 8000 ports to forward. And it's working but only for Internet, without provider's local network. My web-server isn't accessible in local network and radio-translator too.
So is it possible to forward ports absolutely - for any type of connections?
P.S. DMZ is working like Port Forwarding.If you ask questions you have to mention that you have an PPTP connection to the internet and another network directly on the internet port. Otherwise noone will really understand your question as it is a very unusual setup.
Your setup is not one really supported by the router. You are lucky that it works but don't expect too much. Port forwarding only the internet connection. If you use PPTP the network on the internet port is basically hidden. Using that local network on the internet port is not supported.
The DMZ host is the IP address to which all ports are forwarded to which are not forwarded otherwise. The same restriction applies here.
I would recommend to ask your ISP which router they recommend for their internet connection. I think most/all Linksys routers and many other brand's consumer routers won't really support a setup like yours... -
I am getting error while accessing url of lyncweb.domain.com, dialin.domain.com and meet.domain.com pointing to RP server.
502 - Web server received an invalid response while acting as a gateway or proxy server.
There is a problem with the page you are looking for, and it cannot be displayed. When the Web server (while acting as a gateway or proxy) contacted the upstream content server, it received an invalid response from the content server.
Regards, Ganesh, MCTS, MCP, ITILV2 This posting is provided with no warranties and confers no rights. Please remember to click Mark as Answer and Vote as Helpful on posts that help you. This can be beneficial to other community members reading the thread.When i try with https://lyncfrontend.domain.local:4443 and https://lyncfrontend.domain.com:4443 both opens but when i open the external domain name i get certificate .
ARR version installed is 3.0
To throw more light on the configuration:
Lync 2013 implemented, internal domain name is : domain.local and external domain name is : domain.com
All servers in VMs are with 4 core processor, 24gb ram, 1TB drive.
Frontend : Windows 2012r2 with Lync 2012 Standard Edition - 1 No (192.168.10.100)
Edge : Windows 2012 with Lync 2012 Std - 1 No
(192.168.11.101 DMZ) in workgroup
ISS ARR Reverse Proxy 3.0 : Windows 2012 with ARR and IIS configured. (192.168.11.102)
Certificate : Internal Domain root CA for internal and External (Digicert).
Internal Network : 192.168.10.x /24
External Network (DMZ) : 192.168.11.x /24
Public Firewall NAT to DMZ ip for firewall and RP server. So having two public IP facing external network.
Edge has : sip.domain.com, webconf.domain.com, av.domain.com
IIS ARR RP server has : lyncdiscover.domain.com, lyncweb.domain.com, meet.domain.com, dialin.domain.com
Have created SRV record in public : _sip.tls.domain.com >5061>sip.domain.com, _sipfederationtls._tcp.domain.com>5061>sip.domain.com, _xmpp-server._tcp.domain.com>5269>sip.domain.com
Installed frontend server using MS Lync server 2013 step by step for anyone by Matt Landis, Lync MVP.
Internal AD Integrated DNS pointing Front-end
Type of Record FQDN
IP Description
A sip.domain.com
192.168.10.100 Address internal Front End or Director for internal network clients
A admin.domain.com
192.168.10.100 URL Administration pool
A DialIn.domain.com
192.168.10.100 URL Access to Dial In
A meet.domain.com
192.168.10.100 URL of Web services meeting
A lyncdiscoverinternal.domain.com
192.168.10.100 Register for Lync AutoDiscover service to internal users
A lyncdiscover.domain.com
192.168.10.100 Register for Lync AutoDiscover service to external users
SRV Service: _sipinternaltls Protocol: _tcp Port: 5061
sip.domain.com Record pointer services to internal customer connections using TLS
External DNS pointing Edge & Proxy
Type of Record FQDN
IP Endpoint
A sip.domain.com
x.x.x.100 Edge
A webconf.domain.com
x.x.x.100 Edge
A av.domain.com
x.x.x.100 Edge
SRV _sip._tls.domain.com
sip.domain.com: 443 Edge
SRV _sipfederationtls._tcp.domain.com
sip.domain.com:5061 Edge
A Meet.domain.com
x.x.x.110 Reverse Proxy
A Dialin.domain.com
x.x.x.110 Reverse Proxy
A lyncdiscover.domain.com
x.x.x.110 Reverse Proxy
A lyncweb.domain.com
x.x.x.110 Reverse Proxy
In IIS ARR proxy server following server farms are added and configured as per link ttp://y0av.me/2013/07/22/lync2013_iisarr/
In proxy server had setup only following server farm : While running remote connectivity web service test : meet, dialin, lyncdiscover and lyncweb.
The client inside works fine internally and through vpn. Login with external client also working fine. But we are getting error in MRCA as follows.
a) While testing remote connectivity for lync getting error : The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.
Certificate was installed properly.
b) For remote web test under Lync throws error : A Web exception occurred because an HTTP 502 - BadGateway response was received from IIS7.
HTTP Response Headers:
Content-Length: 1477
Content-Type: text/html
Date: Wed, 14 May 2014 10:03:40 GMT
Server: Microsoft-IIS/8.0
Elapsed Time: 1300 ms.
Regards, Ganesh, MCTS, MCP, ITILV2 This posting is provided with no warranties and confers no rights. Please remember to click Mark as Answer and Vote as Helpful on posts that help you. This can be beneficial to other community members reading the thread. -
IChat video conferencing problems with D-Link WBR-1310
Howdy,
I am having a few problems with iChat video conferencing. I use the D-Link WBR-1310 wireless router and a MacBook. My girlfriend has a MacBook Pro at her school which she connects to via ethernet. I connect to my router via wireless. The routher is connected to a DSL modem. iChat video conferencing tends to work sometimes but very rarely. I have DMZ on the router turned on as i read somewhere on these forums that it was recommended. I also have the Apple firewall turned off so my laptop is pretty much naked as far as security is concerned. Three other computers use the network One desktop PC connected directly into the router and two Apple iBooks which are connected via the wireless. The problem is that i keep getting error message -8. Can anyone please help?
Thanks in AdvanceI'd start by verifying you have the most recent firmware installed on your router.
Next, start off by trying to test to a user that has no known issues: http://www.ralphjohnsuk.dsl.pipex.com/ContactTesters.html (Bottom of the page)
That will help pinpoint where the connection issue lies.
Once you can succefully connected, then you should set up a static ip address on your mac and port forward the necessary ports in your router. If you router supports UPnP, I'd try enabling the first.
I hope this helps! -
I've seen similar issues here but haven't seen a solution yet. Whenever I send an email there is a 30 second delay. This is true for all computers on my network, windows or linux and for two different SMTP servers at different locations. Also Thunderbird and Outlook show the same problem, the router seems to be the common element.
I used Wireshark to capture the transaction and found a consistent problem. The TCP/IP connection gets created very quickly (SYN/SYN-ACK/ACK) and then there is a 30 second delay before receiving the first SMTP 220 packet.
My theory is that the first packet returned from the SMTP server is getting blocked by the router, causing it to time out and retry. To test this idea I put one of my systems in the DMZ and the message got sent right away.
Now, here's where it gets a little more interesting. I had expected only the DMZ machine to be helped but *all* of the systems worked correctly with this one machine in the DMZ. I even tried putting an embedded linux based NAS server as the DMZ machine and again the situation improved. I also tried setting the DMZ to an unused IP address in the subnet and that did not make the problem go away, otherwise I might just have left it at that, but I don't want to have any real machines in DMZ.
I am only seeing this problem with SMTP packets, and then it's only the first one that comes back from the server. HTTP, SSH, everything is fine.
BTW, firewall on the router is disabled as well as on the clients. The router is at firmware revision 4.30.5 which is the most recent that I found on the Linksys site.
Any clues, things to try? I can provide any details for network captures if it will help.
Thanks in advance,
Joe MeadowsWell, 30 seconds sounds like something tries to connect to a "stealth" port and retries until it times out. This usually happens, when you have a SMTP, POP or IMAP server running on Unix which still uses the identd service on port 113. With ident the server asks the client about the username which is trying to connect. This service is pretty useless in the internet because it is totally unsecure and thus no server can rely on this anymore, but some libraries still have it built-in.
The problem arises when the client computer or the gateway in front of the client is "stealth"ing ports. If a port is closed (because no service is running on port 113) the computer would immediately reply to that no connection can be established. However, people think it is better when the port is "stealth" meaning: the computer does not answer at all, thinking the computer would be invisible (which it is not because a computer that is not answering is obviously there...)
The standard IP procedure for the server is to wait for the answer until it times out. Then retry 2 or 3 times. Quickly you have 30 seconds until the server gives up on the identd and continues.
However, you say you have the firewall disabled on your router. That would mean that the ident port should be properly reported closed and is not stealth. You could test with a port scan in the internet whether your internet ports are really reported closed or "stealth"ed. It should be closed if the firewall is off. (By the way, firewall off means access to the web-based management from the internet is possible...)
Many routers have the option to filter ident in the security settings. Usually you would turn off that option if you experience this problem. It should be off with the firewall turned off. However, all the symptoms you describe would fit.
If you put a host into DMZ which is not running a firewall and thus does not keep port 113 stealth it obviously helps any client that connects: the ident request is always sent to the DMZ and the DMZ reports the port closed and immediately the connection continues.
I used to forward port 113 on a different router to my network printer because it has a static IP address and it does not have a firewall thus reports 113 closed.
You could try to remove the DMZ and only forward port 113 to that computer.
You could also install a packet sniffer on the DMZ to see what packets arrive when you try to connect with a client to the SMTP server. Then you should see that a ident SYN on port 113 arrives (or something else if it is not ident...) -
I am trying to implement some kind of a server listening for requests. The listener part of the app, is a daemon thread that listens for connections and instantiates a handling daemon thread once it gets some. However, my problem is that i must be able to kill the listening thread at the user's will (say via a sto button). I have done this via the Sun's proposed way, by testing a boolean flag in the loop, which is set to false when i wish to kill the thread. The problem with this thing is the following...
Once the thread starts excecuting, it will test the flag, find it true and enter the loop. At some point it will LOCK on the server socket waiting for connection. Unless some client actually connects, it will keep on listening indefinatelly whithought ever bothering to check for the flag again (no matter how many times you set the damn thing to false).
My question is this: Is there any real, non-theoretical, applied way to stop thread in java safely?
Thank you in advance,
LeftyThis was one solution from the socket programming forum, have you tried this??
public Thread MyThread extends Thread{
boolean active = true;
public void run(){
ss.setSoTimeout(90);
while (active){
try{
serverSocket = ss.accept();
catch (SocketTimeoutException ste){
// do nothing
// interrupt thread
public void deactivate(){
active = false;
// you gotta sleep for a time longer than the
// accept() timeout to make sure that timeout is finished.
try{
sleep(91);
}catch (InterruptedException ie){
interrupt();
} -
Problem with Threads and a static variable
I have a problem with the code below. I am yet to make sure that I understand the problem. Correct me if I am wrong please.
Code functionality:
A timer calls SetState every second. It sets the state and sets boolean variable "changed" to true. Then notifies a main process thread to check if the state changed to send a message.
The problem as far I understand is:
Assume the timer Thread calls SetState twice before the main process Thread runs. As a result, "changed" is set to true twice. However, since the main process is blocked twice during the two calls to SetState, when it runs it would have the two SetState timer threads blocked on its synchronized body. It will pass the first one, send the message and set "changed" to false since it was true. Now, it will pass the second thread, but here is the problem, "changed" is already set to false. As a result, it won't send the message even though it is supposed to.
Would you please let me know if my understanding is correct? If so, what would you propose to resolve the problem? Should I call wait some other or should I notify in a different way?
Thanks,
B.D.
Code:
private static volatile boolean bChanged = false;
private static Thread objMainProcess;
protected static void Init(){
objMainProcess = new Thread() {
public void run() {
while( objMainProcess == Thread.currentThread() ) {
GetState();
objMainProcess.setDaemon( true );
objMainProcess.start();
public static void initStatusTimer(){
if(objTimer == null)
objTimer = new javax.swing.Timer( 1000, new java.awt.event.ActionListener(){
public void actionPerformed( java.awt.event.ActionEvent evt){
SetState();
private static void SetState(){
if( objMainProcess == null ) return;
synchronized( objMainProcess ) {
bChanged = true;
try{
objMainProcess.notify();
}catch( IllegalMonitorStateException e ) {}
private static boolean GetState() {
if( objMainProcess == null ) return false;
synchronized( objMainProcess ) {
if( bChanged) {
SendMessage();
bChanged = false;
return true;
try {
objMainProcess.wait();
}catch( InterruptedException e ) {}
return false;
}Thanks DrClap for your reply. Everything you said is right. It is not easy to make them alternate since SetState() could be called from different places where the state could be anything else but a status message. Like a GREETING message for example. It is a handshaking message but not a status message.
Again as you said, There is a reason I can't call sendMessage() inside setState().
The only way I was able to do it is by having a counter of the number of notifies that have been called. Every time notify() is called a counter is incremented. Now instead of just checking if "changed" flag is true, I also check if notify counter is greater than zero. If both true, I send the message. If "changed" flag is false, I check again if the notify counter is greater than zero, I send the message. This way it works, but it is kind of a patch than a good design fix. I am yet to find a good solution.
Thanks,
B.D. -
Problem with threads running javaw
Hi,
Having a problem with multi thread programming using client server sockets. The program works find when starting the the application in a console using java muti.java , but when using javaw multi.java the program doesnt die and have to kill it in the task manager. The program doesnt display any of my gui error messages either when the server disconnect the client. all works find in a console. any advice on this as I havent been able to understand why this is happening? any comment would be appreciated.
troy.troy,
Try and post a minimum code sample of your app which
does not work.
When using javaw, make sure you redirect the standard
error and standard output streams to file.
Graeme.Hi Graeme,
I dont understand what you mean by redirection to file? some of my code below.
The code works fine under a console, code is supposed to exit when the client (the other server )disconnects. the problem is that but the clientworker side of the code still works. which under console it doesnt.
public class Server{
ServerSocket aServerSocket;
Socket dianosticsSocket;
Socket nPortExpress;
ClientListener aClientListener;
LinkedList queue = new LinkedList();
int port = 0;
int clientPort = 0;
String clientName = null;
boolean serverAlive = true;
* Server constructor generates a server
* Socket and then starts a client threads.
* @param aPort socket port of local machine.
public Server(int aPort, String aClientName, int aClientPort){
port = aPort;
clientName = aClientName;
clientPort = aClientPort;
try{
// create a new thread
aServerSocket = new ServerSocket(port) ;
// connect to the nPortExpress
aClientListener = new ClientListener(InetAddress.getByName(clientName), clientPort, queue,this);
// aClientListener.setDaemon(true);
aClientListener.start();
// start a dianostic port
DiagnosticsServer aDiagnosticsServer = new DiagnosticsServer(port,queue,aClientListener);
// System.out.println("Server is running on port " + port + "...");
// System.out.println("Connect to nPort");
catch(Exception e)
// System.out.println("ERROR: Server port " + port + " not available");
JOptionPane.showMessageDialog(null, (e.toString()),"ERROR: Server port " + port + " not available", JOptionPane.ERROR_MESSAGE);
serverAlive = false;
System.exit(1);
while(serverAlive&&aClientListener.hostSocket.isConnected()){
try{
// connect the client
Socket aClient = aServerSocket.accept();
//System.out.println("open client connection");
//System.out.println("client local: "+ aClient.getLocalAddress().toString());
// System.out.println("client localport: "+ aClient.getLocalPort());
// System.out.println("client : "+ aClient.getInetAddress().toString());
// System.out.println("client port: "+ aClient.getLocalPort());
// make a new client thread
ClientWorker clientThread = new ClientWorker(aClient, queue, aClientListener, false);
// start thread
clientThread.start();
catch(Exception e)
//System.out.println("ERROR: Client connection failure");
JOptionPane.showMessageDialog(null, (e.toString()),"ERROR: Client connection failure", JOptionPane.ERROR_MESSAGE);
}// end while
} // end constructor Server
void serverExit(){
JOptionPane.showMessageDialog(null, "Server ","ERROR: nPort Failure", JOptionPane.ERROR_MESSAGE);
System.exit(1);
}// end class Server
*** connect to another server
public class ClientListener extends Thread{
InetAddress hostName;
int hostPort;
Socket hostSocket;
BufferedReader in;
PrintWriter out;
boolean loggedIn;
LinkedList queue; // reference to Server queue
Server serverRef; // reference to main server
* ClientListener connects to the host server.
* @param aHostName is the name of the host eg server name or IP address.
* @param aHostPort is a port number of the host.
* @param aLoginName is the users login name.
public ClientListener(InetAddress aHostName, int aHostPort,LinkedList aQueue,Server aServer) // reference to Server queue)
hostName = aHostName;
hostPort = aHostPort;
queue = aQueue;
serverRef = aServer;
// connect to the server
try{
hostSocket = new Socket(hostName, hostPort);
catch(IOException e){
//System.out.println("ERROR: Connection Host Failed");
JOptionPane.showMessageDialog(null, (e.toString()),"ERROR: Connection to nPort Failed", JOptionPane.ERROR_MESSAGE);
System.exit(0);
} // end constructor ClientListener
** multi client connection server
ClientWorker(Socket aSocket,LinkedList aQueue, ClientListener aClientListener, boolean diagnostics){
queue = aQueue;
addToQueue(this);
client = aSocket;
clientRef = aClientListener;
aDiagnostic = diagnostics;
} // end constructor ClientWorker
* run method is the main loop of the server program
* in change of handle new client connection as well
* as handle all messages and errors.
public void run(){
boolean alive = true;
String aSubString = "";
in = null;
out = null;
loginName = "";
loggedIn = false;
while (alive && client.isConnected()&& clientRef.hostSocket.isConnected()){
try{
in = new BufferedReader(new InputStreamReader(client.getInputStream()));
out = new PrintWriter(new OutputStreamWriter(client.getOutputStream()));
if(aDiagnostic){
out.println("WELCOME to diagnostics");
broadCastDia("Connect : diagnostics "+client.getInetAddress().toString());
out.flush();
else {
out.println("WELCOME to Troy's Server");
broadCastDia("Connect : client "+client.getInetAddress().toString());
out.flush();
String line;
while(((line = in.readLine())!= null)){
StringTokenizer aStringToken = new StringTokenizer(line, " ");
if(!aDiagnostic){
broadCastDia(line);
clientRef.sendMessage(line); // send mesage out to netExpress
out.println(line);
out.flush();
else{
if(line.equals("GETIPS"))
getIPs();
else{
clientRef.sendMessage(line); // send mesage out to netExpress
out.println(line);
out.flush();
} // end while
catch(Exception e){
// System.out.println("ERROR:Client Connection reset");
JOptionPane.showMessageDialog(null, (e.toString()),"ERROR:Client Connection reset", JOptionPane.ERROR_MESSAGE);
try{
if(aDiagnostic){
broadCastDia("Disconnect : diagnostics "+client.getInetAddress().toString());
out.flush();
else {
broadCastDia("Disconnect : client "+client.getInetAddress().toString());
out.flush();
// close the buffers and connection;
in.close();
out.close();
client.close();
// System.out.println("out");
// remove from list
removeThreadQueue(this);
alive = false;
catch(Exception e){
// System.out.println("ERROR: Client Connection reset failure");
JOptionPane.showMessageDialog(null, (e.toString()),"ERROR: Client Connection reset failure", JOptionPane.ERROR_MESSAGE);
}// end while
} // end method run
* method run - Generates io stream for communicating with the server and
* starts the client gui. Run also parses the input commands from the server.
public void run(){
boolean alive = true;
try{
// begin to life the gui
// aGuiClient = new ClientGui(hostName.getHostName(), hostPort, loginName, this);
// aGuiClient.show();
in = new BufferedReader(new InputStreamReader(hostSocket.getInputStream()));
out = new PrintWriter(new OutputStreamWriter(hostSocket.getOutputStream()));
while (alive && hostSocket.isConnected()){
String line;
while(((line = in.readLine())!= null)){
System.out.println(line);
broadCast(line);
} // end while
} // end while
catch(Exception e){
// System.out.println("ERRORa Connection to host reset");
JOptionPane.showMessageDialog(null, (e.toString()),"ERROR: Connection to nPort reset", JOptionPane.ERROR_MESSAGE);
try{
hostSocket.close();
}catch(Exception a){
JOptionPane.showMessageDialog(null, (a.toString()),"ERROR: Exception", JOptionPane.ERROR_MESSAGE);
alive = false;
System.exit(1);
} // end method run
Maybe you are looking for
-
Can i move a boot volume (to a partition on another HD)?
i have a boot install of windows xp and windows 7 on two separate HD's in my mac pro and i would like to consolidate these (along with my primary mac OS) onto one single drive. can i migrate these somehow to a new partitioned drive? TIA
-
I purchased several older James Bond movies 2 years ago that have all disappeared from my iTunes and are no longer available. Will I be refunded for these items?
-
Do I need a fast system drive if i also have a RAID 0 array for media?
If my video and media files are all on a Fast RAID array then do i need a fast system drive? Im building a system. The only thing on my system drive will be programs. And I will have a RAID array for my video and PSD files - but my System drive is an
-
Certificate problem in Proxy Server (ODSEE 11g)
I am having a problem adding a CA Certificate to the Proxy Server. I followed the steps in the documentation, however I get the error: "keytool error: java.lang.Exception: Public keys in reply and keystore don't match". From what I have read, this er
-
Hi All, Plz let me know where can we get the ABAP delta documents, as i have to prepare the list of all ABAP (Eg: keywords) changes made to SAP from 3.1H to ECC 6.0. Thanks.