Do I need to open ports for my services if I am connecting through VPN

Similar Messages

• Do I need to open ports for NTP?

  I just noticed that my hwclock was off by nearly 30 seconds. It's almost certainly due to the recent initscripts update.
  As I was looking into resetting the clock, I found out that openntpd is deprecated so I've switched to ntp, configured the daemon, reset the time with ntpd -q, and started the daemon. The time is not accurate again.
  I remember back when I first installed Arch I tried to set up ntp but it didn't seem to work, so I tried openntpd and stuck with that. I reached the conclusion that ntp required open ports, which I felt was unnecessary given that openntpd could do the same thing without open ports.
  Now that I'm looking at it again, I can't find any definitive answer...
  Do I need to open ports for ntp if I only want to sync the system that it's running on?

  ISC ntpd (the ntp package) will open UDP 123 on all your interfaces regardless of what you do with it. It will work anyway even if you block this port in iptables, assuming that you're allowing responses to established traffic as usual - your outbound mobilization requests to your chosen servers will be enough to allow the responses, and the same with further traffic sent for the lifetime of ntpd. Using iptables like this is probably the easiest way to secure ntpd.
  There's also some defense in depth you can do:
  - run ntpd as non-root
  - run it chrooted to some safe directory (really only makes sense when doing non-root as well, since root can break out of a chroot)
  - apply ntpd's built-in access controls (see examples in ntpd.conf, and full docs in ntp_acc(5))
  I accomplish the first two of these by chowning /var/lib/ntp (and any contents) to ntp:ntp (so ntpd can write ntp.drift there when non-root), by using a driftfile path relative to the chroot in ntp.conf, and by setting NTPD_ARGS="-g -i /var/lib/ntp -u ntp:ntp" in /etc/conf.d/ntp-client.conf.
  For the third, I chose to not allow any remote traffic to initiate anything with my ntpd, with this /etc/ntp.conf:
  server ac-ntp0.net.cmu.edu iburst
  server ac-ntp1.net.cmu.edu iburst
  server ac-ntp2.net.cmu.edu iburst
  server ac-ntp3.net.cmu.edu iburst
  server ac-ntp4.net.cmu.edu iburst
  restrict default nomodify nopeer noquery
  restrict 127.0.0.1
  driftfile /ntp.drift
  Note the two "restrict" lines. The first shuts out remote access of most kinds, and the second allows the local machine all the access that would also be denied to it as well otherwise by the first rule. Note also the driftfile path, relative to the chroot of /var/lib/ntp/.
  With all these security features, ISC ntpd can be just as safe as openntpd.
  The use of the "iburst" keyword on the server lines to recover more quickly from out-of-contact conditions is also quite nice, and not rude to the remotes like "burst" would be.
  One of the nicest other features of ISC ntpd is that it's smart enough to notice when network state changes occur, like bringing a VPN up/down, changing routes, or switching from wired to wireless and back. openntpd tended to just lose connections in these cases.

• Do i need to open port for crash plan online backup service

  do i need to open port for crash plan online backup service?
  Thanks!

  Possibly. I would start by checking out this CrashPlan support article. CrashPlan does require certain ports on both your computer's and network router's firewall to be open in order to communicate properly.

• Opening ports for Windows computers...

  Hi Everyone! This is my first post on the official forums!
  I am currently sharing my internet connection (ethernet) through my Macbook wirelessly to my windows PC.
  It all works very well as long as just use port 80 for simple web-surfing but whenever i use programs (Steam and Bittorrent) that use other ports i don't seem to get a connection.
  The firewall in my Macbook is turned off...
  Thanks in advance!
  MVH//Kalle from Sweden

  Hi Kalle... & Welcome to the Discussions!
  You might need to open ports on any Roiter the Mac is connected to, but you didn't mention such a thing...
  http://docs.info.apple.com/article.html?artnum=106439
  http://en.wikipedia.org/wiki/Listof_TCP_and_UDP_portnumbers

• Open port for Software Update Point

  hallo
  i need open port for the Software Update Point (wsus) ?
  thanks
  אם תגובתי פתרה את בעייתך - לחץ/י, על "סמן כתשובה" ליד סימן ה V הירוק.

  For a default installation of WSUS that would be HTTP 8530 or HTTPS 8531
  My Blog: http://www.petervanderwoude.nl/
  Follow me on twitter: pvanderwoude

• I have an Airport Extreme and need to open ports in order to view my CCTV system remotely.  How am I able to do this?

  I have an Airport Extreme and need to open ports in order to view my CCTV system remotely.  How am I able to do this?  The company that supports the system says I need to open the following - 8200, 8016, 8116, 10019, 12088.  All help is appreciated.

  Open AirPort Utility on the PC, select the Airport Extreme and click Manual Setup
  Click the Advanced icon
  Click the Port Mapping tab
  Click the + (plus) button at the bottom of the connection list to set things up
  Reference pages 49-51 in the Apple AirPort Networks guide for more info
  IF.....you do not see a Port Mapping tab when you click the Advanced icon, then that would mean that the AirPort Extreme is in Bridge Mode and the main routing functions for the network are being provided by another device.
  You will need to set up the port mapping on that device, which is likely your modem/router or gateway.

• Open ports for all in LAN

  Hi, a few days ago I bought a wireless router WRT160n. I want to ask how to open some port for all in LAN(3 clients). For example all in LAN have PeerToPeer application for torrents. I want to open port for example 20202 for all. Now I open port from menu Applications & Gaming->Single Port Forwarding, but I must set port for each user IP address.
  Can somebody tell me how to open port for all in LAN without to config for each computer?
  Thanks in advance.

  Hi gv. I read more about UPnP and the WRT160n User Guide. In section Administration>managment int wrote that UPnP is Enabled by default in my router it is corect. I Setup mu PeerToPeer(eMule) TCP/UDP ports to 20202 and check option "Use UPnP to setup ports". I test and close this port on my router configuration for my computer on "Single Port Forwarding", but in eMule the port is still block. Can you explain why it did not work. For UPnP it says that if Enable it allow users with Windows ME and XP automatically to gonfigure Router ports
  Thanks in advance!
  Best Regards.

• I installed acrobat pro on my computer, and now I am unable to download items because I get a message that I need to open acrobat for the user agreement. opening acrobat pro does not help.

  I installed acrobat pro on my computer, and now I am unable to download items because I get a message that I need to open acrobat for the user agreement. opening acrobat pro does not help. What do i do?

  I have not contacted Adobe. I am using acrobat pro CC, and haven't noticed any problem with the software itself. The only problem I have had so far is when I try to download.

• Error opening port for replicat

  Hi Guys,
  I m getting below, while sending statust on target.
  GGSCI (PMS) 15>info all
  program Status Group Lag Time Since Ckpt
  MANAGER RUNNING
  REPLICAT RUNNING REPYA 243:53:20 53:49:42
  GGSCI (PMS) 16> send repya status
  Sending STATUS request to REPLICAT REPYA ...
  ERROR: opening port for REPLICAT REPYA (Connection timed out).
  #cat REPYA.pcr
  PROGRAM REPLICAT PROCESSID REPYA PORT PMS.7840 PID 26342
  #telnet PMS 7840
  Trying...
  telnet:Unable to connect to remote host:Connection timed out
  What could be issue ???

  The server where Replicat is running is up? Can the server be pinged/telnet by another server? Can the source server connect anywhere else? Firewall? Network services running? Network troubleshooting 101.

• How to open Ports for App running in VPC

  Trying to open ports for a Windows app that I am running via VPC but the application still shows the port is unreachable.
  So far I have, opened the port in Mac OSX Firewall, opened ports on my D-Link DSL504G router, disabled the Windows firewall (plus opened the ports in case it became enabled).
  Have also redirected the ports to the IP address within VPC Windows and the Mac itself.
  Have run out of ideas as nothing seems to work.
  Regards
  Alan

  Try the following ...
  AEBSn - Port Mapping Setup
  To setup port mapping on an 802.11n AirPort Extreme Base Station (AEBSn), either connect to the AEBSn's wireless network or temporarily connect directly, using an Ethernet cable, to one of the LAN port of the AEBSn, and then use the AirPort Utility, in Manual Setup, to make these settings:
  1. Reserve a DHCP-provided IP address for the host device.
  Internet > DHCP tab
  o On the DHCP tab, click the "+" (Add) button to enter DHCP Reservations.
  o Description: <enter the desired description of the host device>
  o Reserve address by: MAC Address
  o Click Continue.
  o MAC Address: <enter the MAC (what Apple calls Ethernet ID if you are using wired or AirPort ID if wireless) hardware address of the host computer>
  o IPv4 Address: <enter the desired IP address>
  o Click Done.
  2. Setup Port Mapping on the AEBSn.
  Advanced > Port Mapping tab
  o Click the "+" (Add) button
  o Service: <choose the appropriate service from the Service pop-up menu>
  o Public UDP Port(s): <enter the appropriate UDP port values>
  o Public TCP Port(s): <enter the appropriate TCP port values>
  o Private IP Address: <enter the IP address of the host server>
  o Private UDP Port(s): <enter the same as Public UDP Ports or your choice>
  o Private TCP Port(s): <enter the same as Public TCP Ports or your choice>
  o Click "Continue"
  (ref: "Well Known" TCP and UDP ports used by Apple software products)

• Getting error 'opening port for MGR  (Connection refused).

  Hi Guys,
  I m getting below, while starting replicat on target.
  GGSCI (ggtarget) 16> start replicat RLOAD
  Sending START request to MANAGER ...
  ERROR: opening port for MGR MGR (Connection refused).
  GGSCI (ggtarget) 20> view param mgr
  PORT 7809
  USERID orgg, PASSWORD orgg
  PURGEOLDEXTRACTS /ggs/dirdat/*, USECHECKPOINTS
  GGSCI (ggtarget) 21> view param rload
  REPLICAT RLOAD
  USERID orgg, PASSWORD orgg
  ASSUMETARGETDEFS
  HANDLECOLLISIONS
  APPLYNOOPUPDATES
  GETUPDATEBEFORES
  reperror default, discard
  DISCARDFILE ./dirrpt/rload.dsc, purge
  MAP HR.TCUSTORD, TARGET HR.TCUSTORD;
  MAP HR.TCUSTMER, TARGET HR.TCUSTMER;
  from Source I could able to do the telnet to target...
  What could be issue ???

  Hi,
  Error:
  GGSCI (ggtarget) 16> start replicat RLOAD
  Sending START request to MANAGER ...
  ERROR: opening port for MGR MGR (Connection refused).
  You can start Manager, but when you try to start Replicat, GGSCI gives me a connection timeout error
  Solution:
  GoldenGate uses a TCP/IP socket to communicate between local processes. When you issue a START, STOP, SEND, or other command in GGSCI, the command interface will try to open a local port for the process.
  Here is how to find out which local ports these processes are listening on. In the dirpcs directory, there will be one file for each running GoldenGate process.
  For Manager, the file name will be MGR.pcm.
  For Extract, it will be <GROUP_NAME>.pce.
  For Replicat, it will be <GROUP_NAME>.pcr.
  These are text files that can be viewed by using cat or any equivalent command. For example, the MGR.cpm file content will read like this:
  PROGRAM MGR PROCESSID MGR PORT sys1.4356 PID 60070
  After the keyword PORT will be the local hostname and the port number that Manager is supposed to be running on. In the preceding example, the hostname is sys1, and the port is 4356.
  The program (ggsci) tries to use that hostname to communicate to the process (Extract/Replicat/Manager) when the command is issued in GGSCI. If you get a timeout or connection-refused error on the command, that means GoldenGate could not connect to the local host. Most of the time, you should have no problem connecting to a local host, but when you have the wrong IP address or routine table configured in your TCP/IP settings, connection errors can happen.
  To troubleshoot this, follow the steps below
  1. Try to ping that host name from the OS shell to see if it goes to the correct IP address (which should be the one for the local system).
  2. If the ping is successful, try to telnet to the Manager port on your local host. You will be able to see your telnet session connect if a Manager is listening on that port.
  Here is an example:
  shell>telnet
  telnet> open sys1 4356
  Trying 100.100.100.100...
  Connected to sys1.oracle.com (100.100.100.100).
  Escape character is '^]'.
  3. If your telnet session times out or gets a connection-refused error, that means either the hostname is wrong or the port number is wrong.
  If the ping to the hostname listed in the pcm/pce/pcr file fails, or if you cannot connect your telnet session to the port listed in the file(s), contact your network engineers to get the TCP/IP issue resolved.
  Hope this information helps.
  Thanks & Regards
  Santhosh

• How to forward/open ports for WRT54G?

  Hi. I recently bought a WRT54G because my old router was destroyed by lightening and thunder. I have managed to set it up, and got the interent itself to work with static IP adress (192.168.1.101 for my PC).
  However, even though I have tried to forward/open ports for applications like uTorrent and DC++ as well as Limewire, I have no luck. When I test if the ports are indeed opened, I get the result that they are not. Here are how my port forward setting looks like for utorrent. The port in the settings image is of course the same as in uTorrent.
  http://www.pictub.com/quickupload/01/untitled-1mb4wd.jpg
  I can't seem to open any ports, even though I have followed tutorials like the ones at portforward.com. I have the latest firmware for my router, as I flashed it when I got it. Help .

  Yes, I did .
  Anyways, look what I found in the uTorrent FAQ:
  1.7 Special note for users with Linksys WRT54G/GL/GS routers, there are severe problems with them when running any P2P application
  To fix it, they say one has to flash with a unofficial firmware, but I will rather get the money back and buy another router tomorrow. Thanks for the help anyways .

• Hello Forum, you need a serial ports for software icprog to program EPROM and Pic

  Hello Forum, you need a serial ports for software icprog to program EPROM and Pic.I was wondering if this or a similar card is compatible with my Lenovo Desktop h50-50 -->  -> PCI-E 2 serial ports and 1 parallel port PCI-Controller Card 3 Port ► http://fli.zz.mu/cut/scheda-pci-e-2-porte-seriali-1-porta-parallela .
  My my Lenovo Desktop h50-50 upgrade to win 10,  If it is not compatible to win 10. I could use it too virtualizing win Xp? Thank since TIME FOR ANSWERS, I apologize for my bad English.
  THANK Joe  

  Unfortunately, no Sanyo phones are iSync compatible so you will not be able to synchronize your Contacts and Calendars with the phone.
  Also, you may have problems with the Bluetooth adapter you purchased, as the only one officially supported by Apple for use with Macs is the D-Link DBT-120.
  The Official Apple list of iSync compatible devices is here:
  http://www.apple.com/macosx/features/isync/devices.html
  It's always a good idea to check this list before purchasing a new phone.
  Other phones are supported by third party plugins from here and here. But still no Samsung, Sanyo, LG etc. who all use thier own proprietary syncing protocols rather than the industry standard SyncML. These manufacturers also don't provide Mac software with their phones like the do for Windows users.
  I'm afraid you're not going to have much luck if you stick with the Sanyo. I would seriously consider taking it back and swapping it for one of the handsets on the above linked pages. Personally I would recommend a Sony Ericsson model. I've always had excellent Mac compatibility with those.

• Can you specify the port for default services when installing OEG?

  Hi everyone,
  The default installation of OEG 11g uses 8090 port for management services, and 8080 for the virtualized services that you register in the gateway. After installation, you can change the ports by editing gateway's Profile Repository in Policy Studio. But is there a way to specify the port number before/during the installation?
  Thanks,
  Iris

  Hi -
  here are the steps to change the listening port (in 11.1.1.6)
  - Connect to OEG using Policy Studio
  - Click on "Edit Active Configuration"
  - Under "Services", find the default services, and you'll see a listener for port 8080 there. Right-click to edit this.
  - Change the port from 8080 to your desired port. Note that if you've installed the software and running it as a non-root user on Linux, then it will not have permission to bind to a low-number port (like port 80 for instance)
  - Now deploy your change (for 11.1.1.6 hit F6 or click on the "deploy" button which is towards the right of the toolbar in Policy Studio).
  - You may also choose to version your configuration at this point (click on "version" which is beside the "deploy" button and enter a comment about your version).
  Now verify that OEG is listening on your new port. You can see it bind to the new port by looking at the trace [Connect a browser to port 8090 on OEG, login as admin or another user who has rights to view the trace, then click on "Trace"].
  It's a usual practice to configure a new listener on SSL (e.g. on port 443) then to delete that pre-configured port 8080 listener, if you want to only receive traffic over SSL.

• What accounts need to be configured for a service tax 10%,a balance sht a/c

  This below error occurred while clearing the entries.
  "Ex.rate diff.accts are incomplete for account 0003260423 currency INR"
  I have gone through this and found that, we should need to configure gain/loss accounts in OB09.
  I am not sure, what accounts need to be configured for a service tax account(3260423), Its a balance sheet account.
  Can someone guide me on this.
  Thanks
  Sudhir Krishna Kumar Singh

  Hello Sudhir,
  regarding to your incident, could you please try the following:
     1.The problem is probably caused by the settings in transaction OBA1.
       The system checks OBA1, if there is an entry for process KDF and
       the relevant G/L account 135090. If there is none -> F5 063 is
       created. Also the exchange rate difference accounts have to be
       maintained in OB09
       If you make a dummy entry in OBA1 & OB09 this account will be
       selected when trying to make an exchange rate difference posting.
       Please also check the documentation to field "No forex rate diff.
       when clearing in LC" in transaction OBY6.
     2.Basically solution is to create the mentioned account for exchange
       rate difference, in order to avoid error F5063.
       But, if you don't want to post that difference, I ask you to check
       the solution proposed into OSS note 546997.
  Hope this could help.
  regards
  Ray