Dynamic ports and firewall?
Hello:
I'm running a firewall and want to back it up using OSB. I'm trying to find out the range of dynamic ports that OSB uses (in addition to 400 and 10000) so I can open them up.
I can't find it anywhere in the documentation. I only find this reference as part of the Windows installation section:
If your Windows host is protected by a firewall, the firewall must be configured to permit Oracle >Secure Backup daemons on the host to communicate with the other hosts in your administrative >domain. Oracle Secure Backup includes daemon components that listen on ports 400 and 10000, >as well as other dynamically assigned portsWe can allow full access from our backup server to all ports on the firewall, but that is NOT a preferred solution! :-)
Thanks!
The range of port numbers should be above 20,000 but below 32,000 (ie 20,000 - 20,024) in addition to ports 400 and 10000.
The number of ports needed is calculated by multiplying the # of concurrent OSB activities by 5. Or, by the # of tape drives (inside the firewall) and the # of clients (outside the firewall).
Steps:
1) On Firewall, open desired range of ports plus 400 and 10000.
2) Edit the /etc/services file on both the admin host and the client to use:
ob-daemon-low <port low #>/tcp
ob-daemon-high <port high #>/tcp
These parameters are based on ports you select for OSB (from step #1 above).
Similar Messages
-
Changing sshd port and firewall
I edited sshd config file to use another port. The firewall still has port 22 listening and not the new port. How do I get the firewall to let sshd listen on the new port and close 22. Thanks.
I found the answer. You need alter the ssh port in /etc/services.
-
Problems with server license ports and firewall in 2005 B
I found problem in 2005 B related license server.
The customer wants to use the windows firewall for security issues and opened TCP/IP and UDP port for 30000.
Also The customer is using NAT(Network Address Translation) for mapping internal IP and outdoor IP.
But customer got a error message can't access license server.
I heard about 2005 A SP01 had similar problem.
If you have relevant experience please let me know your opinion.Hi,
Theory says that license service´s new approach using CORBA is better becouse it only uses port 30000 for licencing issues... but in our case this wasn´t true becouse it does use some virtual ports. Due to this, we had to disable windows firewall on the server in order to make SBO work. As the other virtual port are asigned in runtime, you cant use the firewalls exceptions (not even the application ones).
What we firstly do was use a net tool to identify which virtual ports was using, and add them to the exceptions. But as you can guess, this only works untill the license server is restarted.
SAP told us that the firewall couldn´t be on the license server machine. The customer wasn´t very pleased, but that´s what we finally do. We didn´t find any other option.
Regards,
Ibai -
Using BC4J Session Bean in OC4J 10.1.3 with dynamic ports
Hi Folks!
I've benn having trouble connecting my BC4J Session Bean to an Oracle 10gAS R3 server instance tha uses dynamic ports.
After migrating a BC4J/Struts/JSP application from 9iAS to 10gAS R3, I'm trying to connect from a client application to my instace in the server. The problem is that the instance uses dynamic ports, and whenever I deploy my application to the server, I've got to update the port number in the bc4j.xcfg file in the client application, wich has became impossible to maintain.
When I connect to an EJB in the same server, I use the instance name instead of the port number. However, when I do the same with BC4J, I get the following exception:
javax.naming.NamingException [Root exception is java.lang.NumberFormatException: For input string: "OC4J_dvt20"]
at oracle.jbo.client.remote.ejb.ias.AmHomeImpl.remoteLookup(AmHomeImpl.java:131)
at oracle.jbo.client.remote.ejb.ias.AmHomeImpl.getRemoteApplicationModuleHome(AmHomeImpl.java:42)
at oracle.jbo.client.remote.ejb.AbstractApplicationModuleHomeImpl.lookupUsingPlatformContext(AbstractApplicationModuleHomeImpl.java:82)
at oracle.jbo.client.ejb.ApplicationModuleHomeImpl.<init>(ApplicationModuleHomeImpl.java:52)
at oracle.jbo.client.remote.ejb.AbstractApplicationModuleHomeImpl.<init>(AbstractApplicationModuleHomeImpl.java:35)
at oracle.jbo.client.remote.ejb.ias.AmHomeImpl.<init>(AmHomeImpl.java:35)
at oracle.jbo.client.remote.ejb.ias.InitialContextImpl.createJboHome(InitialContextImpl.java:28)
at oracle.jbo.common.JboInitialContext.lookup(JboInitialContext.java:77)
at javax.naming.InitialContext.lookup(InitialContext.java:347)
at oracle.jbo.common.ampool.DefaultConnectionStrategy.createApplicationModule(DefaultConnectionStrategy.java:136)
at oracle.jbo.common.ampool.DefaultConnectionStrategy.createApplicationModule(DefaultConnectionStrategy.java:80)
at oracle.jbo.common.ampool.ApplicationPoolImpl.instantiateResource(ApplicationPoolImpl.java:2468)
at oracle.jbo.pool.ResourcePool.createResource(ResourcePool.java:536)
at oracle.jbo.common.ampool.ApplicationPoolImpl.prepareApplicationModule(ApplicationPoolImpl.java:2094)
at oracle.jbo.common.ampool.ApplicationPoolImpl.doCheckout(ApplicationPoolImpl.java:1961)
at oracle.jbo.common.ampool.ApplicationPoolImpl.useApplicationModule(ApplicationPoolImpl.java:2793)
at oracle.jbo.common.ampool.SessionCookieImpl.useApplicationModule(SessionCookieImpl.java:453)
at oracle.jbo.common.ampool.SessionCookieImpl.useApplicationModule(SessionCookieImpl.java:424)
at oracle.jbo.common.ampool.SessionCookieImpl.useApplicationModule(SessionCookieImpl.java:419)
at oracle.jbo.client.Configuration.getApplicationModule(Configuration.java:1546)
at oracle.jbo.client.Configuration.createRootApplicationModule(Configuration.java:1504)
at oracle.jbo.client.Configuration.createRootApplicationModule(Configuration.java:1476)
at pkg.TesteEjbMCT.findTLS(TesteEjbMCT.java:98)
at pkg.TesteEjbMCT.main(TesteEjbMCT.java:51)
My question is: is there a way to configure my bc4j.xcfg, or another way to connect, in order to skip the use of the port number? Or a way to get the port number from the server before I connect?
Thanks in advance!!!I've just found the solution from Steve Muench weblog, always useful by the way!
You can find the solution at this link http://radio.weblogs.com/0118231/stories/2004/05/07/handcodingDynamicDiscoveryOfEjbdeployedAppmodule.html
In summary, we need to use the class com.evermind.server.rmi.RMIInitialContextFactory, which supports dynamic lookup, and implement the lookup ourselves.
The code I've written to lookup the service is listed below:
public static ApplicationModule getAppModuleManutencao() {
try {
Context ctx = getContext();
ManutencaoFacadeHome home = (ManutencaoFacadeHome) ctx.lookup(EJB_MANUTENCAO_BEAN_NAME);
ApplicationModule am = ApplicationModuleProxy.create(home, null);
return am;
} catch (NamingException nex) {
nex.printStackTrace();
return null;
private static InitialContext getContext() {
try {
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.evermind.server.rmi.RMIInitialContextFactory");
env.put(Context.SECURITY_PRINCIPAL, "admin");
env.put(Context.SECURITY_CREDENTIALS, "welcome");
env.put(Context.PROVIDER_URL, "opmn:ormi://dsv008:OC4J_dvt20/mct");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
return new InitialContext(env);
}catch (NamingException e) {
e.printStackTrace();
return null;
I hope this helps someone!!!
Cheers! -
AppleTV and Firewall - Streaming Problem
Hi All
I currently have 2 ATV1s which are both linked to iTunes running on a Server (Windows 2008 R2) via Streaming rather than Syncing. I have no issues with the connection until I enable the Fire Wall.
I have ebaled the following Ports TCP 123, 3689, 80, 443 and 53 with also UDP 5353. All are set to bidirectional. These were gleaned from the following support article http://support.apple.com/kb/HT2463. I am also looking down the list of "Well known TCP and UDP ports used by Apple software", but as yet can see nothing obvious.
With these ports open the AppleTVs are seen by iTunes and they can also see the shared library. This issue happens when I connect the AppleTV to the library, it starts to load the library and the drops the connection. Occationally it does manage to load the "directory" but then will drop out after a few minutes. When the ATV drops the connection on iTunes it is still showing as a Device. So it looks like the basic connectivity is in place, just missing a little part of the puzzle.
Without the FW in place everything works OK.
Is there any other PORT I need to enable? I would not really like to run a server without a FW in place even though it is behind a NAT router.
Any help would be appreciated.
Regards
MalcolmOK done a little more digging, set up a port monitor to look at connections.
As well as the ports listed above iTunes also appear to talk on another couple of ranges, tcp 57345-57370 and tcp 57418-57445. These are obviously dynamic ports and at the moment I have opened up the range tcp 57300-57500 and all apears well.
I would like to narrow the port range if possible and I will keep people updated on my findings.
At present though open tcp 57300-57500 appears to have resolved the issue.
Regards
Malcolm -
Can't update iOS 8 on my iPhone5 through iTunes on Windows 8 (error 3004, 3194). Updated host file, opened port 80, 443; turned off security system and firewall, etc. But nothing works. How to solve this problem?
Hi the_mad_movies,
It seems like this article will be the best option for addressing this issue:
Error 3194, Error 17, or "This device isn't eligible for the requested build"
http://support.apple.com/kb/ts4451
Thanks for coming to the Apple Support Communities!
Cheers,
Braden -
Ports and IPs to be open/permitted in firewall to download and work in creative cloud
What is the complete list of ports and IP addresses to be open/permited in our enterprise firewall in order to let internal PCs download and work with creative cloud applications?
Our firewall only supports IP configuration (not URL). Do you have IP list?
From: Rajshree [email protected]
Sent: miércoles, 06 de noviembre de 2013 17:23
To: Simon, Mariano
Subject: Ports and IPs to be open/permitted in firewall to download and work in creative cloud
Re: Ports and IPs to be open/permitted in firewall to download and work in creative cloud
created by Rajshree <http://forums.adobe.com/people/Rajshree> in Adobe Creative Cloud - View the full discussion <http://forums.adobe.com/message/5819892#5819892 -
Dynamic port channel and load distribution across the interfaces on th trunk.
WS-C3750G-48TS
NOS-12.2(25)SEE2
I have a dynamic port channenl setup on Cisco+NetApp environemt where i have 6 interfaces(1Gbps) on that trunk for load balancing and reduntancy reason.
But i see the interfaces are not balanced on receives or inbound. I mean most of them are going to only 2 interfaces and other four are almost doing nothing.
I am assuming netapp ports serves the way how Cisco instructs. How i can remediate this situation? What am i missing here?I have alerady mentioned "lacp" in my my last post. Also my understanding LB is set at switch side , not at filer side. Becase i dont have config at filer side. Also loooking the link there also dont see a config which says use a particular LB.But the article clearly says to use "ip load balace", no clue though where it is set. hence my question what is the default LB used/set at switch side. http://now.netapp.com/NOW/knowledge/docs/ontap/rel727/html/ontap/nag/7vifs3.htm https://communities.netapp.com/community/netapp-blogs/sanbytes/blog/2011/12/13/what-value-does-the-leading-fc-switch-vendor-bring-to-ethernet-guest-post-by-brocade http://blog.ioshints.info/2011/04/brocade-vcs-fabric-has-almost-perfect.html may be a good reads i guess.
-
Exchange 2010 Required Communication (Firewall Ports and Protocols)
Forgive me if this question has been asked before, but a search did not give me much on my scenario.
We currently have one Forest with multiple Domains and Child Domains. We have two departments that have Exchange 2010 running and control their own individual users and mailboxes inside their Domains. These two Exchange servers communicate with each other
just fine.
We now have a department (another domain) that needs control of their own Exchange 2010 server, but here is the catch. They are behind a Firewall. My question is, what Ports and Protocols do I need opened for the Exchange server behind the Firewall to properly
communicate to the two other Exchange servers knowing that the Exchange Environment is a Forest wide activity.
At this point in time, we cannot get Exchange installed as the prereq check fails with an error that we need to prep the AD schema for Exchange, but we know this has been done since we have to other servers in the Forest.
Perhaps we need ports not only opened to the two other exchange servers, but also the Forest Root controller?
Any help is appreciated.Exchange needs to be able to fully access all other Exchange servers, Active Directory Domain Controllers, and Active Directory Global Catalogs. Additionally, if I remember correctly, there was a blog from the Exchange team a couple of years ago that said
Exchange wasn't supported with firewalls between the various Exchange servers in the environment.
I will ask one question - why aren't you centralizing your Exchange management and servers, and granting rights to these groups for their mailbox management (based on an Organizational Unit that their accounts are in, and granted at the Active Directory
level)? You would no longer have this issue each time another group decides they want to host their own Exchange system. -
My first generation AppleTV will not sync with iTunes anymore. I get an error message that says: "The Apple TV is not responding Check that any firewall software running on this comptuter has been set to allow communication on port 3689" firewall is turned off.. Any ideas?
Thanks Rudegar,
I only synch and do not stream off of my 1st Gen AppleTV
I will try with ethernet but will be a pain in the butt if i can not fix it with wifi for long term fix
I may end up trying to do a named IP address vs DHCP for this appleTV (not sure if i can do both and do not want to remove DHCP as i have a bunch of sensors and other devices that I prefer to dynamically add to the network via DHCP vs. assign each one
Will keep working on other fix options (factory reset, etc.)
Thanks again -
Sql server 2012 express - tcp/ip connection to named instance using dynamic port not working
I have a named instance on a SQL 2012 Express server that won't connect via TCP/IP when wanting to connect off of the dynamic port. I can connect via shared memory locally on the server. I can connect to the namespace when specifying the
dynamic port listed in the configuration manager.
This is the only named instance on the server and it is not the default.
TCP/IP is enabled
Allow Remote connections is enabled
the server browser service is running
I can connect via the dynamic port number
I am testing the connection locally on the server, so I don't believe a firewall is the issue. I get the same results if I test it from a remote computer.
When using the sqlcmd (sqlcmd -S tcp:SQLSRVR\NAMEINST -E) I get the message that "the requested protocol isn't supported [xfffffffff]". The command (sqlcmd -S tcp:SQLSRVR\NAMEINST,59992 -E) works.
Through SSMS, I get the message "the connection was actively refused".
On other boxes, I can connect with the named instance without having to specify the port.
I have looked through the sql logs and nothing much shows up. The log does show that is listening on the port # for ipv4 and ipv6. There is also a line in there talking about the SPN not being registered and not to worry about it if
you are not using Kerberos. I logged in through shared memory and it said I was using NTLM.
Any help would be appreciated.
thanks.Hi clw,
I’m writing to follow up with you on this post. According to your description, I do a test, if you configure the database engine to listen on a specific TCP port (59992), and
the port is opened in the firewall. If you want to connect to the SQL Server instance, you 'd better to
use the port number.
In my opinion, by default, the default instance of the Database Engine uses port 1433, usually, if you have configured the server to listen on a non-default port number, when an instance of SQL Server uses dynamic port allocation, the connection string that
is built at the SQL Server client does not specify the destination TCP/IP port unless the user or the programmer explicitly specifies the port. Therefore, the SQL Server client library queries the server on UDP port 1434 to collect the information about the
destination instance of SQL Server.
If UDP port 1434 is disabled, the SQL Server client cannot dynamically determine the port of the named instance of SQL Server. Therefore, the SQL Server client may be unable to connect to the named instance of SQL Server. In this situation, the SQL Server
client must specify the dynamically allocated port where the named instance of SQL Server is listening.
For more information about configuring an instance of SQL Server to listen on a specific TCP port or dynamic port, you can review the following article.
https://support.transfrm.com/entries/503111-How-to-configure-an-instance-of-SQL-Server-to-listen-on-a-specific-TCP-port-or-dynamic-port
Thanks,
Sofiya Li
Sofiya Li
TechNet Community Support -
CVP OAMP dynamic ports requirement
Hi all,
Based on CVP SRND
"Because the Unified CVP Operations Console Server uses dynamic ports for communication with other
components, it cannot be deployed outside of a firewall while the rest of the Unified CVP components
reside inside the firewall"
In an environment where we have Call Server 1 & OAMP (Site A) and Call Server 2 (Site B)
a) how would it be possible to comply to the SRND since Site A & B would definitely be separated by firewall?
b) what method / workaround can be used to allow communication between OAMP (Site A) and Call Server 2 (Site B)?
Thanks!
-JT-Hi,
I have a similar setup what you had descried. The firewall config is in such a way that it is IP to IP communication, where it would allow all the ports of Source and Destination. We have not come across any kind of issues so far
Hope this helps!!!
Thanks,
Dass -
hi all. if my question can be answered by reading TMG documentation, feel free to direct me there (i tried searching for the admin documentation but couldn't find it).
can someone tell me what the purpose of dynamic port assignment is from endpoint -> TMG? Once the traffic leaves the TMG -> Internet, the actual service port is being used but that doesn't help me for internal queries.
many thanks,
-PHi,
Please check the articles below.
ISA/TMG Server
Application protocol
Protocol
Ports
Configuration Storage (domain)
TCP
2171 (note 1)
Configuration Storage (replication)
TCP
2173 (note 1)
Configuration Storage (workgroup)
TCP
2172 (note 1)
Firewall Client Application
TCP/UDP
1025-65535 (note 2)
Firewall Client Control Channel
TCP/UDP
1745 (note 3)
Firewall Control Channel
TCP
3847 (note 1)
RPC
TCP
135 (note 6)
Randomly allocated high TCP ports (note 6)
TCP
random port number between 1024 - 65535
random port number between 10000 - 65535 (note 7)
Web Management
TCP
2175 (note 1, 4)
Web Proxy Client
TCP
8080 (note 5)
Collapse this imageExpand this image
Notes
This port is not used with ISA 2000.
FWC application transport and protocols are negotiated within the FWC control channel.
ISA 2000 FWC control uses UDP. ISA 2004 and 2006 use TCP.
OEM uses Firewall Web Management to provide non-MMC management of ISA Server.
This port is also used for intra-array traffic.
This port is used only by the ISA management MMC during remote server and service status monitoring.
This is the range in TMG. Please note that TMG extends the default dynamic port ranges in Windows Server 2008 R2, Windows 7, Windows Server 2008, and Windows Vista.
https://support.microsoft.com/kb/832017?wa=wsignin1.0#method14
Reference:
TCP connection established using Firewall client may close unexpectedly
Regards,
Joyce
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected] -
Server 2012 restrict active directory dynamic ports
Hello,
Has anyone encountered issues with restricting the Active Directory dynamic ports for Netlogon and NTDS in Server 2012? I have followed the added the typical registry entries as described below but I still see my RDS gateway in the DMZ trying to communicate
to my internal DC over other ephemeral ports (49158). I have rebooted the DC after the registry changes and still no effect. Are the reg entries the same in 2012? Any help would be appreciated. Thank you
Registry key 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
Registry value: TCP/IP Port
Value type: REG_DWORD
Value data: 49152 (This value needs to be specified in decimal format)
Registry key 2
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
Registry value: DCTcpipPort
Value type: REG_DWORD
Value data: 49153 (This value needs to be specified in decimal format)
Eddie Espino | Secure Data Solutions | Miami, Florida | Microsoft PartnerHi,
There are at least two options that can be used to allow replication when there are network traffic filters (aka firewall) in the network, across two DCs:
1. Use registry keys on the DCs to force communication over specific ports
2. Use IPsec to restrict the traffic to two ports only (IP 50 and IP 51)
I tried to find some relevant documents, but could not find support for restricting the Active Directory dynamic ports for Netlogon and NTDS in Server 2012. You could refer to the following article, it may help you to solve your issues:
Restricting AD Replication Traffic between DCs to only a few ports
http://blogs.technet.com/b/luistog/archive/2012/05/08/restricting-ad-replication-traffic-between-dcs-to-only-a-few-ports.aspx
Regards,
Mandy Ye -
Dynamic port configured for FILE adapter is not working
Hi,
I have a simple dynamic port in an orchestration that writes a file to a file location. Here is the configuration
================
FilePort(Microsoft.XLANGs.BaseTypes.Address) = "FILE://c:\\TestFolder\\Out";
FilePort(Microsoft.XLANGs.BaseTypes.TransportType) = "FILE";
================
When I run this orchestration, the dynamic port does not write the file to the folder, however I does not show any error either. It is always in "Ready to Run" state where the message is "Queued Awaiting".
I tried all sorts of combinations like FILE:// FILE:\\ File: file:// file:\\ etc... and also without the moniker, just c:\.... I get the same problem.
when I use a static port(subscribed to the same message) it works fine. When I use a static port ALONGWITH this dynamic port then both works fine !!! I receive 2 files.
but when I use only dynamic port it does not work!!
Anybody knows how to solve it.
THANKS IN AVANCE
PLEASE HELP
SuryaIt could be becasue you 're not passing in the file name, Try something like this..
SndPort_Dynamic(Microsoft.XLANGs.BaseTypes.Address)=@"file://C:\Test\Try\Out\Test1.xml";
But even when you don't pass the file name, i was expecting the erro to be like:
The FILE send adapter cannot open file C:\TestFolder\Out\ for writing.
Details: The system cannot find the path specified.
But try with File Name and restart the host instance after the change.
Or use somehting like this:
FilePort(Microsoft.XLANGs.BaseTypes.Address)=@"file://C:\Test\Try\Out\\%MessageID%.xml";
FilePort(Microsoft.XLANGs.BaseTypes.TransportType) = "File";
If this answers your question please mark it accordingly. If this post is helpful, please vote as helpful.
Maybe you are looking for
-
One iPad2 is of my daughter the other is mine I put the same Game Center account, but when I installed the game app in my ipad2 it start in level 1!! when I check my achievements in GC I have them 24 of 61 but not in my level 30 but in level 1... He
-
House move causes non-functioning airport express
I moved house and to a new broadband provider (was BT now Sky) and I can't get my macbook pro or iPad to recognise my airport express. I just get a flashing amber light. I have tried the airport utility and it cant see any airports no matter how clos
-
Is there a way to set up unique alerts for unique text messages?
I have a need to be able to identify text messages from a specific sender. I currently can only find one message alert sound for all messages and want to be able to give certain senders a unique sound. Is this possible on the IPhone?
-
Lexmark T630 network printer - always prints 2 pages per sheet
I'm trying to setup a Lexmark T630 for printing under Leopard 10.5.2. The printer prints just fine, but it always prints documents as half a sheet, thus, printing 1 a document with 1 page results in a sheet that has the page printed on one half and t
-
Creating Contact Form in Dreamweaver
I'm using dreamweaver 8 and am trying to create a simple Contact Us form for my homepage. How do I do this? Just need a form that users fill in with Name, Address, email, etc. Need to be able to capture this data. Help.