Do I need incoming connections?
I have my firewall (Leopard) set to ask about incoming connections for each application. I always say no, and my apps all work fine. These are apps like MS Office, etc. Is there any reason I should allow incoming connections, and how do I know when to answer yes? Generally, I like to restrict all network communications unless there is a good reason to allow it, even for known applications. What do these apps use incoming connections for?
+"What do these apps use incoming connections for? "+
Mostly they are looking for "update" information. If you disable the application's update feature this should stop. I agree with your concept of restricting any communication I don't feel is necessary. I like to check for updates at my convenience. The Adobe "updater" is the worst...it's always jumping up in your face, trying to "phone home" and most of the time it's just irritating.
Similar Messages
-
Why do apps need *repeatedly* need permission to allow incoming connections
Even though I have added them to the list of allowed programs in the Security preference pane, many apps still ask me to “Allow” or “Block” access to incoming connections for my firewall. In the same dialog it recommends that I can avoid seeing this in the future by adding this app to my list of allowed programs—but I've already done so! And it's still asking me for permission.
Why?Two things come to mind: (a) your ALF is borked and (b) the apps keep changing (for example, you add an app and then update it with a new version).
Try removing the file called com.apple.alf.plist in *Macintosh HD/Library/Preferences/* and rebooting. Then just add the "offending" applications as they request that they should.
<Edited by Moderator> -
How can i allow multiple incoming connections on my windows 8 vpn server?
Hi eveyone,
Im trying to find out how to allow more than 1 incoming VPN connection into my windows 8.1 PC and no clue how to do it without openVPN or other programs (which i have no clue how to set up either)
Im starting to use my home NAS for work where I store everything on it so when ever I go to a job I can either access it or save a new file to it. The problem is my wife also wants to use it and I dont want to not be allowed to connect when I need to or
not allow her to connect.
Is there any way I can allow 2+ incoming connections on my home PC without getting a seperate software?
If the only option is getting a seperate program can anyone provide something that I can settup to my home router so I can access the NAS by the private IP?
Thank youShort answer - no. The client OS only allows one incoming VPN connection.
Bill -
Help needed to connect to remote PPTP VPN via PIX 515e
Hello,
A user in our office needs to connect to a client's remote PPTP VPN but can't connect. The user is running Windows 7. We have a Cisco PIX 515e firewall that is running PIX Version 6.3(3) - this is what our user is having to go through to try and make the connection to the client's remote VPN.
The client's network guys have come back and said the issue is at our side. They say that they can see some of our traffic but not all of it. The standard error is shown below, and they say it's symptomatic of the client-side firewall not allowing PPTP traffic:
"A connection between the VPN server and the VPN client XXX.XXX.XXX.XXX has been established, but the VPN connection cannot be completed. The most common cause for this is that a firewall or router between the VPN server and the VPN client is not configured to allow Generic Routing Encapsulation (GRE) packets (protocol 47). Verify that the firewalls and routers between your VPN server and the Internet allow GRE packets. Make sure the firewalls and routers on the user's network are also configured to allow GRE packets. If the problem persists, have the user contact the Internet service provider (ISP) to determine whether the ISP might be blocking GRE packets."
I have very little firewall experience and absolutely no Cisco experience I'm afraid. From looking at the PIX config I can see the following line:
fixup protocol pptp 1723.
Does this mean that the PPTP protcol is enabled on our firewall? Is this for both incoming and outgoing traffic?
I can see no reference to GRE 47 in the PIX config. Can anyone advise me what I should look for to see if this has been enabled or not?
I apologise again for my lack of knowledge. Any help or advice would be very gratefully received.
RosHi Eugene,
Thank you for taking the time to reply to me. Please see our full PIX config below. I've XX'd out names and IP addresses as I'm never comfortable posting those type of details in a public forum. I hope that the information below is still sufficient for you.
Thanks again for your help,
Ros
PIX(config)# en
Not enough arguments.
Usage: enable password [] [level ] [encrypted]
no enable password level
show enable
PIX(config)# show config
: Saved
: Written by enable_15 at 10:30:31.976 GMT/BDT Mon Apr 4 2011
PIX Version 6.3(3)
interface ethernet0 auto
interface ethernet1 auto
interface ethernet2 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 DMZ security10
enable password XXX encrypted
passwd XXX encrypted
hostname PIX
domain-name XXX.com
clock timezone GMT/BST 0
clock summer-time GMT/BDT recurring last Sun Mar 1:00 last Sun Oct 2:00
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol pptp 1723
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
name XX.XX.XX.XX Secondary
access-list outside_access_in permit tcp XX.XX.XX.XX 255.255.255.240 host XX.XX.XX.XX eq smtp
access-list outside_access_in permit tcp any host XX.XX.XX.XX. eq https
access-list outside_access_in permit tcp any host XX.XX.XX.XX. eq 993
access-list outside_access_in permit tcp any host XX.XX.XX.XX. eq 587
access-list outside_access_in permit tcp any host XX.XX.XX.XX. eq 82
access-list outside_access_in permit tcp any host XX.XX.XX.XX. eq www
access-list outside_access_in permit tcp any host XX.XX.XX.XX eq www
access-list outside_access_in permit tcp any host XX.XX.XX.XX eq www
access-list outside_access_in permit tcp any host XX.XX.XX.XX eq https
access-list outside_access_in permit tcp any host XX.XX.XX.XX eq 993
access-list outside_access_in permit tcp any host XX.XX.XX.XX eq 587
access-list outside_access_in permit tcp any host XX.XX.XX.XX eq 82
access-list outside_access_in permit tcp host XX.XX.XX.XX host XX.XX.XX.XX eq 82
access-list outside_access_in permit tcp host XX.XX.XX.XX host XX.XX.XX.XX eq 82
access-list outside_access_in permit tcp any host XX.XX.XX.XX eq smtp
access-list outside_access_in permit tcp any host XX.XX.XX.XX eq 8082
access-list outside_access_in permit tcp any host XX.XX.XX.XX eq www
access-list outside_access_in permit tcp any host XX.XX.XX.XX eq https
access-list outside_access_in permit tcp any host XX.XX.XX.XX eq 993
access-list outside_access_in permit tcp any host XX.XX.XX.XX eq 587
access-list outside_access_in permit tcp any host XX.XX.XX.XX eq 82
access-list outside_access_in permit tcp any host XX.XX.XX.XX eq smtp
access-list outside_access_in permit tcp any host XX.XX.XX.XX. eq www
access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.255.0
access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.255.0
access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.255.0
access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.255.0
access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.255.0
access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.255.0
access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.0.0
access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.255.0
access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.255.0
access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.255.0
access-list inside_outbound_nat0_acl deny udp any any eq 135
access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.255.0
access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.255.0
access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.255.0
access-list inside_outbound_nat0_acl permit ip any XX.XX.XX.XX 255.255.255.0
access-list outside_cryptomap_40 permit ip any XX.XX.XX.XX 255.255.255.0
access-list outside_cryptomap_60 permit ip any XX.XX.XX.XX 255.255.255.0
access-list USER1 permit ip any XX.XX.XX.XX 255.255.255.0
access-list outside_cryptomap_10 permit ip any XX.XX.XX.XX 255.255.255.0
access-list outside_cryptomap_20 permit ip any XX.XX.XX.XX 255.255.255.0
access-list outside_cryptomap_30 permit ip any XX.XX.XX.XX 255.255.255.0
access-list outside_cryptomap_50 permit ip any XX.XX.XX.XX 255.255.255.0
access-list outside_cryptomap_70 permit ip any XX.XX.XX.XX 255.255.0.0
access-list USER2 permit ip any XX.XX.XX.XX 255.255.255.0
access-list USER3 permit ip any XX.XX.XX.XX 255.255.255.0
access-list USER4 permit ip any XX.XX.XX.XX 255.255.0.0
pager lines 24
logging on
logging host inside XX.XX.XX.XX
icmp permit any outside
icmp permit any inside
mtu outside 1500
mtu inside 1500
mtu DMZ 1500
ip address outside XX.XX.XX.XX 255.255.255.248
ip address inside XX.XX.XX.XX 255.255.255.0
no ip address DMZ
ip audit info action alarm
ip audit attack action alarm
pdm location XX.XX.XX.XX 255.255.255.255 inside
pdm location XX.XX.XX.XX 255.255.0.0 outside
pdm location XX.XX.XX.XX 255.255.255.0 outside
pdm logging debugging 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) XX.XX.XX.XX XX.XX.XX.XX netmask 255.255.255.255 0 0
static (inside,outside) XX.XX.XX.XX. XX.XX.XX.XX netmask 255.255.255.255 0 0
static (inside,outside) XX.XX.XX.XX. XX.XX.XX.XX netmask 255.255.255.255 0 0
static (inside,outside) XX.XX.XX.XX XX.XX.XX.XX netmask 255.255.255.255 0 0
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 XX.XX.XX.XX 1
route inside XX.XX.XX.XX 255.255.0.0 XX.XX.XX.XX 1
timeout xlate 3:00:00
timeout conn 2:00:00 half-closed 0:30:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
ntp authenticate
ntp server XX.XX.XX.XX source outside prefer
http server enable
http XX.XX.XX.XX 255.255.0.0 outside
http XX.XX.XX.XX 255.255.255.0 outside
http XX.XX.XX.XX 255.255.255.255 inside
snmp-server host inside XX.XX.XX.XX
no snmp-server location
no snmp-server contact
snmp-server community XXX
snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map cola 20 set transform-set ESP-3DES-MD5
crypto dynamic-map dod 10 set transform-set ESP-3DES-MD5
crypto map outside_map 10 ipsec-isakmp dynamic cola
crypto map outside_map 20 ipsec-isakmp
crypto map outside_map 20 match address outside_cryptomap_20
crypto map outside_map 20 set peer XX.XX.XX.XX
crypto map outside_map 20 set transform-set ESP-3DES-MD5
crypto map outside_map 25 ipsec-isakmp
crypto map outside_map 25 match address USER1
crypto map outside_map 25 set peer XX.XX.XX.XX
crypto map outside_map 25 set transform-set ESP-3DES-MD5
crypto map outside_map 30 ipsec-isakmp
crypto map outside_map 30 match address outside_cryptomap_30
crypto map outside_map 30 set peer XX.XX.XX.XX
crypto map outside_map 30 set transform-set ESP-3DES-MD5
crypto map outside_map 40 ipsec-isakmp
crypto map outside_map 40 match address outside_cryptomap_40
crypto map outside_map 40 set peer XX.XX.XX.XX
crypto map outside_map 40 set transform-set ESP-3DES-MD5
crypto map outside_map 50 ipsec-isakmp
crypto map outside_map 50 match address outside_cryptomap_50
crypto map outside_map 50 set peer XX.XX.XX.XX
crypto map outside_map 50 set transform-set ESP-3DES-MD5
crypto map outside_map 60 ipsec-isakmp
crypto map outside_map 60 match address outside_cryptomap_60
crypto map outside_map 60 set peer XX.XX.XX.XX
crypto map outside_map 60 set transform-set ESP-3DES-MD5
crypto map outside_map 70 ipsec-isakmp
crypto map outside_map 70 match address outside_cryptomap_70
crypto map outside_map 70 set peer XX.XX.XX.XX
crypto map outside_map 70 set transform-set ESP-3DES-MD5
crypto map outside_map 75 ipsec-isakmp
crypto map outside_map 75 match address USER4
crypto map outside_map 75 set peer XX.XX.XX.XX
crypto map outside_map 75 set transform-set ESP-3DES-MD5
crypto map outside_map 80 ipsec-isakmp
crypto map outside_map 80 match address USER2
crypto map outside_map 80 set peer XX.XX.XX.XX
crypto map outside_map 80 set transform-set ESP-3DES-MD5
crypto map outside_map 90 ipsec-isakmp
crypto map outside_map 90 match address USER3
crypto map outside_map 90 set peer XX.XX.XX.XX
crypto map outside_map 90 set transform-set ESP-3DES-MD5
crypto map outside_map interface outside
isakmp enable outside
isakmp key ******** address XX.XX.XX.XX netmask 255.255.255.255 no-xauth no-config-mode
isakmp key ******** address 0.0.0.0 netmask 0.0.0.0
isakmp key ******** address XX.XX.XX.XX netmask 255.255.255.255 no-xauth no-config-mode
isakmp key ******** address XX.XX.XX.XX netmask 255.255.255.255 no-xauth no-config-mode
isakmp key ******** address XX.XX.XX.XX netmask 255.255.255.255 no-xauth no-config-mode
isakmp key ******** address XX.XX.XX.XX netmask 255.255.255.255 no-xauth no-config-mode
isakmp key ******** address XX.XX.XX.XX netmask 255.255.255.255 no-xauth no-config-mode
isakmp key ******** address XX.XX.XX.XX netmask 255.255.255.255 no-xauth no-config-mode
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption 3des
isakmp policy 20 hash md5
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
telnet XX.XX.XX.XX 255.255.0.0 outside
telnet XX.XX.XX.XX 255.255.255.255 inside
telnet XX.XX.XX.XX 255.255.255.255 inside
telnet XX.XX.XX.XX 255.255.255.255 inside
telnet timeout 30
ssh XX.XX.XX.XX 255.255.255.248 outside
ssh XX.XX.XX.XX 255.255.255.248 outside
ssh timeout 30
management-access inside
console timeout 0
terminal width 80
Cryptochecksum:XXX
PIX(config)# -
Why is my Mac rejecting incoming connections?
I'm trying to use a Mac Mini running Snow Leopard to retrieve images from my hospital's DICOM server. My C-FIND requests succeed, but my C-MOVE requests fail, and the DICOM administrator tells me it's because my Mac is refusing incoming connections on port 11112, which is the one that I set up for DICOM communication.
Why is my Mac refusing incoming connections? I have turned off the firewall in System Preferences. I used to have a rather strict firewall set up with ipfw, which only allowed incoming ssh connections on port 22, but I have disabled that too. The Mac is still acting like that firewall is enabled -- I can ssh into it, but I can't ping it. At one point I was trying to use port 104 for DICOM, but I realized that 104 is privileged, so I switched to 11112, and yet that didn't fix the problem either, and I'm still getting the same error message.
What's going on? Do I need to enable one of the "sharing" options?Not sure it'll help, but you might want to take a look at this: http://support.apple.com/kb/HT2975?viewlocale=en_US
-
Firewall keeps asking if incoming connections are allowed
Hi all,
Why does the Leopard firewall keep asking me if a application should allow or deny incoming connections for every application that I run? It doesn't happen everytime I ran an application but it happens quite often even for apps that I've already clicked on [Deny]. This is getting really, really annoying. First, why do all apps seem to want to allow incoming connections?
Is there a list of essential Mac OS apps that really need to allow incoming connections? I am not doing and file/printer/connection sharing. And I don't use iChat or any other IM software.
Is there a better software firewall to use with Leopard on my Mac Pro? I have a hardware firewall, a D-Link DIR-655 router, which seems to do quite well. BTW, I have the Mac firewall set to allow specific apps.
Thanks,
StevenI found the answer in another thread:
http://discussions.apple.com/thread.jspa?messageID=6748694
Basically all you have to do is delete iTunes and iPhoto from your firewall access list. OSX already knows how to selectively open the ports for these bundled apps. When you put them onto the firewall access list, something goes wrong and it has to ask for permission every time.
Jason -
Firewall Block incoming connections fails
Whenever I'm on the road or at clients loactions I set my firewall to block all incoming connections.
The explanation of Mac OS X is:
So it shouldn't matter if at the Sharing preferences you have enabled Screen or file sharing, which I have turned on, to be able to transfer files at home.
If "Block all incoming connections" is enabled, nobody should see you have any sharing options enabled. I always understood this is a sort of override.
Alas, this seems not the case. My laptop is actively promoting itself as a VNC enabled computer, while block all incoming connections is checked. Unchecking the screen sharing in the sharing preferences immediately has effect on this and stops VNC braodcasting.
Who knows more about this? Is this a bug or undocumented / wrongly documented feature?
Kind regards,
RoelandPAHU wrote:
Roerei wrote:
Mac OS X explicitely states that "all sharing services" will be blocked.
And they are blocked. With this setting enabled, you cannot connect to the Mac from a remote computer.
What it does not say is that enabling this setting will stop the Mac from being advertised. If you want this then you will need to turn off File Sharing. This will stop the Mac from being seen on the local network.
So in summary, if you want to stop your Mac from being seen on someone else's network you are connected to, then disable File and Screen Sharing. Or trust that with the "Block all incoming" setting enabled, no other user will be able to connect to your Mac even though they can see it.
This is just stupid. Why advertise a service which is blocked? That is just plain dump and not very security minded. If you block a service, you also should not advertise that service. Especially in the firewall preferences checking that box greys out all other options, which gives you kind of the impression that you are stealth.
So you might be right, but it is just wrong.
Roeland -
FIREWALL / EXPLORER ISSUES (No prompt on blocked incoming connections)
I've spent a week trying to identify the cause of this, and I've just cleared (deleted) several machines (VHDs), thinking they were exhibiting the symptoms, only to find my clean VHD installs are also ... infected?
My firewall appears correctly configured (default settings, nothing's changed)
but it's blocking programs (I think), and not asking me to set rules. I've searched the reg, no references of the exe, I've checked the firewall rules, nothing there. In my configured systems (I've just deleted) I even reverted to factory service settings,
in case I'd stopped/manualised something that needed to be automated....
I'd compared registry shots. Nada. And now I can't use my iPhone as a mouse, and god knows what other problems are in there.
Is this a malware issue? How can I test to see what's blocking 'networked' programs (incoming connections / interactive services)?Maybe it's an issue with the setup. rebooted into bad build that doesn't have this issue.. worked
when it works
About to retry newly extracted files.. thought I'd try them on this machine.. FAIL. Which means there's an issue with the path (?), or some info is written somewhere about the program when it's extracted (again, ?).
when it doesn't work, then does work...
Ok, my money's on path, and my question is this: if you run an .exe off a usb, for example, will windows firewall prompt and manage that program?
I'm wondering if the OS (f/w mgr) is not seeing the app, and therefore not prompting for mgmt...
Moment of truth: rebooting to new build to test (more) 'local' execution of program! -
Every time I open iTunes, it asks me if I want to allow iTunes.app to allow incoming connections. Is there a way to make it always allow connections without asking me every time?
Agreed - delete the app and reinstall worked for me too.
NOTE: In the following process, *do not* touch the iTunes folder inside your user Home directory's Music folder. You need to keep this as it contains all your media and settings. Likewise, there is no need to delete any iTunes preference files. We simply need to remove and reinstall the iTunes application itself:
1. Download the latest version of iTunes from http://www.apple.com/itunes/. Do not install it yet though - first we need to delete the existing iTunes app.
2. Open a finder window, click on "Applications" in the side bar and find the "iTunes" app within the applications folder.
3. Drag the "iTunes" app to the Trash
4. Click and hold the Trash until the "Empty Trash" option appears, then click on "Empty Trash"
5. IF you get an error message saying that the Trash cannot be emptied because "iTunesHelper" is in use, do the following steps. Otherwise, proceed to step 6.
5a. Open a finder window, click on "Applications" in the side bar and find the "Utilities" folder within the applications folder. Open the "Utilities" folder, locate the "Activity Monitor" app and launch it.
5b. Under the "Process Name" column in "Activity Monitor", find the "iTunesHelper" process, click on it to highlight, then click the red "Quit Process" button at the top. (hint: you can sort the processes alphabetically by clicking on the "Process Name" column heading itself)
5c. Repeat step 4 to empty the Trash
6. Install the latest version of iTunes that you downloaded in step 1.
After doing this, I no longer get the annoying "allow incoming connections" popup every time I launch iTunes and it means I can now leave my FireWall enabled - do not listen to those that suggest disabling your FireWall is a way to fix this.
C.
Message was edited by: Ceres1
Message was edited by: Ceres1 -
System asking for permission for incoming connections
When I restart my computer I get messages that ask if I want to allow incoming connections to programs such as qmaster and realplayer. I allow this. The message also says that I can change this in the firewall pane in system preferences. When I go there I see that both already allow incoming connections.
Why is the system asking me each time when I've already said that it is allowed?I had the same problem for iTunes, Connect360 and Transmission. After reading many forum post and trying many things to no end this is what worked for me.
NOTE THIS WORKED FOR ME, IT MAY NOT WORK FOR YOU, DON'T BLAME ME.
1. Log into an Admin account
2. Go to the Firewall under the Security Pane in System Preferences and remove ALL programs listed under "Set access for specific services and applications." (you can try removing just the troublesome apps)
3. Still in the Firewall tab, change setting to "Allow all incoming connections."
4. In the Finder go to your Applications Folder and drag iTunes (or any other offending apps) to the trash and delete from the dock. *This SHOULD NOT delete your music, playlists, ratings or anything else, it did not on mine. But BACKUP if you want to be 100% sure*
5. In the System Preferences, go to Accounts > Login Items and remove ItunesHelper.
6. Restart your mac and log in as the Admin again.
7. Download any apps you deleted, i.e. iTunes. Link: http://www.apple.com/itunes/download/
8. Install the apps (don't open them after install)
9. Go back into the firewall settings and change it back to "Set access for specific services and applications."
10. Open iTunes and any other apps you reinstalled.
11. Add iTunes back to the Dock.
This should have fixed the problem, and iTunes should act like nothing ever happened...
We still need to add iTunesHelper back to the Login Items.
12. In the finder go to Applications, and right-click on iTunes, select "Show Package Contents.
13.Open the System Preferences and go to Login Items under Accounts.
14. Back in the finder (the iTunes Package Contents) go to Contents>Resources>iTunesHelper
15. Drag iTunesHelper into the Login Items list.
This worked for me. I don't think it ever asked for permission for iTunes. And I have only been asked once for the other programs that used to ask me everytime.
Hope this helps you and everyone else with this problem. -
Block incoming connections to ix2-dl by internal firewall/iptables
Hi.
How do I block incoming connection to ix2? I opened rsync and forwarded the port but I need to block all IP except one. How do I do that?
I tried iptables, but they seem not to be working ("libkmod: ERROR ../libkmod/libkmod.c:505 kmod_lookup_alias_from_builtin_file: could not open builtin file '/lib/modules/2.6.31.8/modules.builtin.bin'").The ix2-dl NAS is behind Windows NAT (RASS) and so I cannot apply firewall rules from there.
I think you should add firewall (e.g. iptables based) in next update. -
What is the exact name of the cable I need to connect my old hard drive from my macbook pro, which has been removed from the computer, to my new macbook pro? I need to transfere files from the old hard drive to the new computer.
No eSATA to USB. Just a SATA/IDE to USB adapter. Google SATA/IDE to USB adapter and you will get tons of links to buy them. Most likely your local computer electronics store has them, although they might be more expensive buying locally than online.
I have several. You can get either USB 2, which what I recommend, or USB 3. USB is backward compatible so a USB 3 adapter will work on a USB 2 port and a USB 2 adapter will work on a USB 3 port. Backward compatible in both directions.
I suggest a USB 2 type because there have been some problems with certain USB 3 devices, the USB 3 interface used isn't all that good in those certain devices. USB 3 is still fairly new where as USB 2 has been around for over 10 years.
synghem wrote:
Thank you LowLuster,
At the apple store they said I needed an esata to usb wire. But looking at wires on line has been confusing. Is sata the same as esata? How do I know if I need a usb 3 or usb 2? -
Data Federator on Unix - Need to connect to Informix
Hi,
We are planning to Deploy Data Federator in Linux - SuSE 64 bit environment. We also have a need to connect to Informix and Teradata databases.
According to the supported platforms document, only ODBC drivers are available to connect to Informix and Teradata databases.
Is there a driver bridge available for these ODBC connectivity only databases?
Update: Didnt notice there were Unix ODBC drivers available. I think we should be fine.
Will it be supported if wel use the Informix Type 4 JDBC driver (http://www-01.ibm.com/software/data/informix/tools/jdbc/) as a Generic JDBC driver? Is there any performance impact?
Appreciate the assistance.
Thanks,
Thiag.
Edited by: Thiag Loganathan on Jul 21, 2010 5:43 PM
Edited by: Thiag Loganathan on Jul 21, 2010 8:26 PMHow will you access your third-party module in a NT box from UNIX? If it will be over TCP/IP, you may use the UTL_TCP package.
-
Dear Apple Support,
Good day to you.
This is to report the problem i encountered when i updated my Ipad mini to the new IOS 8.1..
After the update my Ipad restart and after that it appears a picture that need to connect to itunes and need to restore. So i connect it to itunes and wait to restore my ipad mini because it is not opening.
After restoring it my ipad is now opening and it is like new that i need to set up again.
I set up again until i reach the apple id and password.
I put my below apple ID and password to unlock my ipad but it didn't work. The message i receive is "the apple ID cannot be used to unlock this Ipad.
What will I do? Please help.
Thank you
Sent from my iPhone
Begin forwarded message:
From: Apple <[email protected]***>
Date: October 9, 2013 at 11:53:53 PM GMT+4
To: ****
Subject: Your Apple ID was used to sign in to iCloud and iMessage on an iPad mini
Dear Leslie J.,
Your Apple ID was used to sign in to iCloud and iMessage on an iPad mini named “Leslie Joye's iPad”.
If you have not recently set up an iPad with your Apple ID, then you should change your Apple ID password. Learn more.
Apple Support
<Email Edited By Host>1. It is never a good idea to include personal info like your email address or Apple ID in a post on an open forum.
2. The email you received DOES NOT say your Apple ID cannot be used to unlock this iPad. The email informs you that your Apple ID was used to unlock an iPad. Fortunately the iPad is yours. The message confirms that. If your Apple ID was used to unlock an iPad that was not yours your would then know to change your password. Since the iPad is yours you do not need to change your password.
Is your iPad working? -
Cisco ASA 5505 doesn't forware incoming connection to LAN
Hello everybody.
I just got a Cisco asa 5505 with the next OS and ASDM info
ASA 5505 OS 8.4(3) ASDM 6.47
I configured and enter all rules to allow incoming traffic to LAN but it's not working also, I have one host inside that is configured in a second IP and create the rule to allow traffic to it but it doesn't work too.
Problem 1
I have VNC running in port 5900 tcp and I want to connect from Internet using port 6001 and this has to forware the connection to the real VNC port. In the configuration I have a few host with the same configuration but I use different outside port to get it.
Problem 2.
I have a second IP with services: SMTP, HTTP, HTTPS and port 444 all TCP forwarding to a server in the LAN.
Facts:
SMTP.
Every time that I do telnet to the second IP looking for the SMTP port, the firewall doesn't let the incoming connection goes through and the LOGGING screen doesn't how that connection.
PORT 6001 (outside)
this port is configured to work with the IP in the outside internface and it was to send the incoming connection to a host inside to the real port 5900.
Can any one check my configuration if I'm missing anything? for sure I'm but I didn't find it. Bellow is the configuration, I masked the Public IPs just left the last number in the IP, also I left the LAN network to see better the configuration.
I will appreciate any help.
Thanks a lot..
CONFIGURATION.
: Saved
ASA Version 8.4(3)
hostname saturn1
domain-name mydominio.com
enable password SOMEPASS encrypted
passwd SOMEPASS encrypted
names
name 192.168.250.11 CAPITOLA-LAN
name 192.168.250.15 OBIi110-LAN
name 192.168.250.21 DRP1260-LAN
name 192.168.250.22 HPOJ8500-LAN
name 192.168.250.30 AP-W77-NG-LAN
name 192.168.250.97 AJ-DTOP-PC-LAN
name 192.168.250.96 SWEETHEART-PC-LAN
name 192.168.250.94 KIDS-PC-LAN
name XX.YY.ZZ.250 EXTERNALIP
name XX.YY.ZZ.251 EXTERNALIP2
name XX.YY.ZZ.1 GTWAY
dns-guard
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 192.168.250.2 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address EXTERNALIP 255.255.255.0
boot system disk0:/asa843-k8.bin
ftp mode passive
dns server-group DefaultDNS
domain-name mydominio.com
object network CAPITOLA-LAN
host 192.168.250.11
object network EXTERNALIP
host XX.YY.ZZ.250
description Created during name migration
object network CAPITOLA-PUBLIC
host XX.YY.ZZ.251
object network capitola-int
host 192.168.250.11
object network capitola-int-vnc
host 192.168.250.11
object network aj-dtop-int-vnc
host 192.168.250.97
object network sweetheart-int-vnc
host 192.168.250.96
object network kids-int-vnc
host 192.168.250.94
object network VPNNetwork
subnet 10.10.20.0 255.255.255.0
object network InsideNetwork
subnet 192.168.250.0 255.255.255.0
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network capitola-int-smtp
host 192.168.250.11
object-group service capitola-int-smtp-service tcp
port-object eq smtp
object-group service capitola-int-services tcp
port-object eq smtp
port-object eq https
port-object eq www
port-object eq 444
object-group service capitola-int-vnc-service tcp
port-object eq 6001
object-group service aj-dtop-int-vnc-service tcp
port-object eq 6002
object-group service sweetheart-int-vnc-service tcp
port-object eq 6003
object-group service kids-int-vnc-service tcp
port-object eq 6004
access-list incoming extended permit icmp any any
access-list incoming extended permit tcp any object capitola-int object-group capitola-int-services
access-list incoming extended permit tcp any object capitola-int-vnc object-group capitola-int-vnc-service
access-list incoming extended permit tcp any object aj-dtop-int-vnc object-group aj-dtop-int-vnc-service
access-list incoming extended permit tcp any object sweetheart-int-vnc object-group sweetheart-int-vnc-service
access-list incoming extended permit tcp any object kids-int-vnc object-group kids-int-vnc-service
access-list incoming extended permit tcp any object capitola-int-smtp object-group capitola-int-smtp-service
access-list split-tunnel standard permit 192.168.250.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip any object VPNNetwork
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool vpnpool 10.10.20.1-10.10.20.50 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-647.bin
no asdm history enable
arp timeout 14400
nat (inside,any) source static any any destination static VPNNetwork VPNNetwork no-proxy-arp
object network capitola-int
nat (any,any) static XX.YY.ZZ.251
object network capitola-int-vnc
nat (inside,outside) static interface service tcp 5900 6001
object network aj-dtop-int-vnc
nat (inside,outside) static interface service tcp 5900 6002
object network sweetheart-int-vnc
nat (inside,outside) static interface service tcp 5900 6003
object network kids-int-vnc
nat (inside,outside) static interface service tcp 5900 6004
object network obj_any
nat (inside,outside) dynamic interface
object network capitola-int-smtp
nat (any,outside) static interface service tcp smtp smtp
access-group incoming in interface outside
route outside 0.0.0.0 0.0.0.0 GTWAY 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
http server enable
http server idle-timeout 2
http server session-timeout 1
http 192.168.1.0 255.255.255.0 inside
http CAPITOLA-LAN 255.255.255.255 inside
http AJ-DTOP-PC-LAN 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh CAPITOLA-LAN 255.255.255.255 inside
ssh AJ-DTOP-PC-LAN 255.255.255.255 inside
ssh timeout 15
console timeout 0
vpn-addr-assign local reuse-delay 2
dhcpd auto_config outside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
username admin password SOMEPASS encrypted privilege 15
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect pptp
inspect ip-options
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:036b82d3eb5cffc1c65a3b381246d043
: end
asdm image disk0:/asdm-647.bin
no asdm history enableJose, your fix to problem 1 allows all access from the outside, assuming you applied the extended list to the outside interface. Try to be more restrictive than an '...ip any any' rule for outside_in connections. For instance, this is what I have for incoming VOIP (access list and nat rules):
access list rule:
access-list outside_access_in extended permit udp any object server range 9000 9049 log errors
nat rule:
nat (inside,outside) source static server interface service voip-range voip-range
- 'server' is a network object *
- 'voip-range' is a service group range
I'd assume you can do something similar here in combination with my earlier comment:
access-list incoming extended permit tcp any any eq 5900
Can you explain your forwarding methodology a little more? I'm by no means an expert on forwarding, but the way I read what you're trying to do is that you have an inbound VNC request coming in on 5900 and you want the firewall to figure out which host the request should go to. Or is it vice-versa, the inbound VNC request can be on port 6001-6004 ?
Maybe you are looking for
-
Noob needs help with Logic and Motu live setup.
Hello everyone, I'm a noob / semi noob who could use some help with a live setup using 2 MOTU 896HD's and Logic on a Mac. Here's the scenario: I teach an outdoor marching percussion section (a drumline and a front ensemble of marimbas and vibes). We
-
Is any extra isolation required when using Analog output to dirve higer power circuitry?
I want to connect the analog output of a DAQcard-1200 to a current amplifier to give 5A and a tranformer to give approx 200V, is any extra isolation required to protect the card?
-
Jasonneuerburg1's D800 question
Re: this thread: http://forums.adobe.com/thread/1053666 Can somebody please tell me what the take-away message of this thread is? I have no idea what relevance there is to the original question in linking to a thread primarily arguing about the numbe
-
recieved phone from a friend. I believe it to be a iphone 4s. I dont know from which carrier it originated CDMA or GSM.Turns on and begins setup. I enter my language and location , it begins to search for a wifi signal which is present then it says
-
How to make the auto generated java script not to have any html comments.
Hello BEA Experts, As you know that auto generated javascript functions like getNetuiTagNames in Workshop are included with in the the HTML comment tags like <b><!-- --!></b> its another thing they should be generated correctly as follows <b><!-- //-