Dynamic ports and firewall?

Similar Messages

• Changing sshd port and firewall

  I edited sshd config file to use another port. The firewall still has port 22 listening and not the new port. How do I get the firewall to let sshd listen on the new port and close 22. Thanks.

  I found the answer. You need alter the ssh port in /etc/services.

• Problems with server license ports and firewall in 2005 B

  I found problem in 2005 B related license server.
  The customer wants to use the windows firewall for security issues and opened TCP/IP and UDP port for 30000.
  Also The customer is using NAT(Network Address Translation) for mapping internal IP and outdoor IP.
  But customer got a error message can't access license server.
  I heard about 2005 A SP01 had similar problem.
  If you have relevant experience please let me know your opinion.

  Hi,
  Theory says that license service´s new approach using CORBA is better becouse it only uses port 30000 for licencing issues... but in our case this wasn´t true becouse it does use some virtual ports. Due to this, we had to disable windows firewall on the server in order to make SBO work. As the other virtual port are asigned in runtime, you cant use the firewalls exceptions (not even the application ones).
  What we firstly do was use a net tool to identify which virtual ports was using, and add them to the exceptions. But as you can guess, this only works untill the license server is restarted.
  SAP told us that the firewall couldn´t be on the license server machine. The customer wasn´t very pleased, but that´s what we finally do. We didn´t find any other option.
  Regards,
  Ibai

• Using BC4J Session Bean in OC4J 10.1.3 with dynamic ports

  Hi Folks!
  I've benn having trouble connecting my BC4J Session Bean to an Oracle 10gAS R3 server instance tha uses dynamic ports.
  After migrating a BC4J/Struts/JSP application from 9iAS to 10gAS R3, I'm trying to connect from a client application to my instace in the server. The problem is that the instance uses dynamic ports, and whenever I deploy my application to the server, I've got to update the port number in the bc4j.xcfg file in the client application, wich has became impossible to maintain.
  When I connect to an EJB in the same server, I use the instance name instead of the port number. However, when I do the same with BC4J, I get the following exception:
  javax.naming.NamingException [Root exception is java.lang.NumberFormatException: For input string: "OC4J_dvt20"]
       at oracle.jbo.client.remote.ejb.ias.AmHomeImpl.remoteLookup(AmHomeImpl.java:131)
       at oracle.jbo.client.remote.ejb.ias.AmHomeImpl.getRemoteApplicationModuleHome(AmHomeImpl.java:42)
       at oracle.jbo.client.remote.ejb.AbstractApplicationModuleHomeImpl.lookupUsingPlatformContext(AbstractApplicationModuleHomeImpl.java:82)
       at oracle.jbo.client.ejb.ApplicationModuleHomeImpl.<init>(ApplicationModuleHomeImpl.java:52)
       at oracle.jbo.client.remote.ejb.AbstractApplicationModuleHomeImpl.<init>(AbstractApplicationModuleHomeImpl.java:35)
       at oracle.jbo.client.remote.ejb.ias.AmHomeImpl.<init>(AmHomeImpl.java:35)
       at oracle.jbo.client.remote.ejb.ias.InitialContextImpl.createJboHome(InitialContextImpl.java:28)
       at oracle.jbo.common.JboInitialContext.lookup(JboInitialContext.java:77)
       at javax.naming.InitialContext.lookup(InitialContext.java:347)
       at oracle.jbo.common.ampool.DefaultConnectionStrategy.createApplicationModule(DefaultConnectionStrategy.java:136)
       at oracle.jbo.common.ampool.DefaultConnectionStrategy.createApplicationModule(DefaultConnectionStrategy.java:80)
       at oracle.jbo.common.ampool.ApplicationPoolImpl.instantiateResource(ApplicationPoolImpl.java:2468)
       at oracle.jbo.pool.ResourcePool.createResource(ResourcePool.java:536)
       at oracle.jbo.common.ampool.ApplicationPoolImpl.prepareApplicationModule(ApplicationPoolImpl.java:2094)
       at oracle.jbo.common.ampool.ApplicationPoolImpl.doCheckout(ApplicationPoolImpl.java:1961)
       at oracle.jbo.common.ampool.ApplicationPoolImpl.useApplicationModule(ApplicationPoolImpl.java:2793)
       at oracle.jbo.common.ampool.SessionCookieImpl.useApplicationModule(SessionCookieImpl.java:453)
       at oracle.jbo.common.ampool.SessionCookieImpl.useApplicationModule(SessionCookieImpl.java:424)
       at oracle.jbo.common.ampool.SessionCookieImpl.useApplicationModule(SessionCookieImpl.java:419)
       at oracle.jbo.client.Configuration.getApplicationModule(Configuration.java:1546)
       at oracle.jbo.client.Configuration.createRootApplicationModule(Configuration.java:1504)
       at oracle.jbo.client.Configuration.createRootApplicationModule(Configuration.java:1476)
       at pkg.TesteEjbMCT.findTLS(TesteEjbMCT.java:98)
       at pkg.TesteEjbMCT.main(TesteEjbMCT.java:51)
  My question is: is there a way to configure my bc4j.xcfg, or another way to connect, in order to skip the use of the port number? Or a way to get the port number from the server before I connect?
  Thanks in advance!!!

  I've just found the solution from Steve Muench weblog, always useful by the way!
  You can find the solution at this link http://radio.weblogs.com/0118231/stories/2004/05/07/handcodingDynamicDiscoveryOfEjbdeployedAppmodule.html
  In summary, we need to use the class com.evermind.server.rmi.RMIInitialContextFactory, which supports dynamic lookup, and implement the lookup ourselves.
  The code I've written to lookup the service is listed below:
  public static ApplicationModule getAppModuleManutencao() {
  try {
  Context ctx = getContext();
  ManutencaoFacadeHome home = (ManutencaoFacadeHome) ctx.lookup(EJB_MANUTENCAO_BEAN_NAME);
  ApplicationModule am = ApplicationModuleProxy.create(home, null);
  return am;
  } catch (NamingException nex) {     
  nex.printStackTrace();
  return null;
  private static InitialContext getContext() {   
  try {     
  Hashtable env = new Hashtable();
  env.put(Context.INITIAL_CONTEXT_FACTORY, "com.evermind.server.rmi.RMIInitialContextFactory");
  env.put(Context.SECURITY_PRINCIPAL, "admin");
  env.put(Context.SECURITY_CREDENTIALS, "welcome");
  env.put(Context.PROVIDER_URL, "opmn:ormi://dsv008:OC4J_dvt20/mct");
  env.put(Context.SECURITY_AUTHENTICATION, "simple");
  return new InitialContext(env);
  }catch (NamingException e) {     
  e.printStackTrace();
  return null;
  I hope this helps someone!!!
  Cheers!

• AppleTV and Firewall - Streaming Problem

  Hi All
  I currently have 2 ATV1s which are both linked to iTunes running on a Server (Windows 2008 R2) via Streaming rather than Syncing.  I have no issues with the connection until I enable the Fire Wall.
  I have ebaled the following Ports TCP 123, 3689, 80, 443 and 53 with also UDP 5353.  All are set to bidirectional.  These were gleaned from the following support article http://support.apple.com/kb/HT2463.  I am also looking down the list of "Well known TCP and UDP ports used by Apple software", but as yet can see nothing obvious.
  With these ports open the AppleTVs are seen by iTunes and they can also see the shared library.  This issue happens when I connect the AppleTV to the library, it starts to load the library and the drops the connection.  Occationally it does manage to load the "directory" but then will drop out after a few minutes.  When the ATV drops the connection on iTunes it is still showing as a Device. So it looks like the basic connectivity is in place, just missing a little part of the puzzle.
  Without the FW in place everything works OK.
  Is there any other PORT I need to enable?  I would not really like to run a server without a FW in place even though it is behind a NAT router.
  Any help would be appreciated.
  Regards
  Malcolm

  OK done a little more digging, set up a port monitor to look at connections.
  As well as the ports listed above iTunes also appear to talk on another couple of ranges, tcp 57345-57370 and tcp 57418-57445.  These are obviously dynamic ports and at the moment I have opened up the range tcp 57300-57500 and all apears well.
  I would like to narrow the port range if possible and I will keep people updated on my findings.
  At present though open tcp 57300-57500 appears to have resolved the issue.
  Regards
  Malcolm

• Can't update iOS 8 on my iPhone5 through iTunes on Windows 8 (error 3004, 3194). Updated host file, opened port 80, 443; turned off security system and firewall, etc. But nothing works. How to solve this problem?

  Can't update iOS 8 on my iPhone5 through iTunes on Windows 8 (error 3004, 3194). Updated host file, opened port 80, 443; turned off security system and firewall, etc. But nothing works. How to solve this problem?

  Hi the_mad_movies,
  It seems like this article will be the best option for addressing this issue:
  Error 3194, Error 17, or "This device isn't eligible for the requested build"
  http://support.apple.com/kb/ts4451
  Thanks for coming to the Apple Support Communities!
  Cheers,
  Braden

• Ports and IPs to be open/permitted in firewall to download and work in creative cloud

  What is the complete list of ports and IP addresses to be open/permited in our enterprise firewall in order to let internal PCs download and work with creative cloud applications?

  Our firewall only supports IP configuration (not URL). Do you have IP list?
  From: Rajshree [email protected]
  Sent: miércoles, 06 de noviembre de 2013 17:23
  To: Simon, Mariano
  Subject: Ports and IPs to be open/permitted in firewall to download and work in creative cloud
  Re: Ports and IPs to be open/permitted in firewall to download and work in creative cloud
  created by Rajshree <http://forums.adobe.com/people/Rajshree>  in Adobe Creative Cloud - View the full discussion <http://forums.adobe.com/message/5819892#5819892

• Dynamic port channel and load distribution across the interfaces on th trunk.

  WS-C3750G-48TS
  NOS-12.2(25)SEE2
  I have a dynamic port channenl setup on Cisco+NetApp environemt where i have 6 interfaces(1Gbps) on that trunk for load balancing and reduntancy reason.
  But i see the interfaces are not balanced on receives or inbound. I mean most of them are going to only 2 interfaces and other four are almost doing nothing.
  I am assuming netapp ports serves the way how Cisco instructs. How i can remediate this situation? What am i missing here?

  I have alerady mentioned "lacp" in my my last post. Also my understanding  LB is set at switch side , not at filer side. Becase i dont have config at filer side. Also loooking the link there also  dont see a config which says use a particular LB.But the article clearly says to use "ip load balace", no clue though where it is set.  hence my question what is the default LB used/set at switch side. http://now.netapp.com/NOW/knowledge/docs/ontap/rel727/html/ontap/nag/7vifs3.htm https://communities.netapp.com/community/netapp-blogs/sanbytes/blog/2011/12/13/what-value-does-the-leading-fc-switch-vendor-bring-to-ethernet-guest-post-by-brocade http://blog.ioshints.info/2011/04/brocade-vcs-fabric-has-almost-perfect.html may be a good reads i guess.

• Exchange 2010 Required Communication (Firewall Ports and Protocols)

  Forgive me if this question has been asked before, but a search did not give me much on my scenario.
  We currently have one Forest with multiple Domains and Child Domains. We have two departments that have Exchange 2010 running and control their own individual users and mailboxes inside their Domains. These two Exchange servers communicate with each other
  just fine.
  We now have a department (another domain) that needs control of their own Exchange 2010 server, but here is the catch. They are behind a Firewall. My question is, what Ports and Protocols do I need opened for the Exchange server behind the Firewall to properly
  communicate to the two other Exchange servers knowing that the Exchange Environment is  a Forest wide activity.
  At this point in time, we cannot get Exchange installed as the prereq check fails with an error that we need to prep the AD schema for Exchange, but we know this has been done since we have to other servers in the Forest.
  Perhaps we need ports not only opened to the two other exchange servers, but also the Forest Root controller?
  Any help is appreciated.

  Exchange needs to be able to fully access all other Exchange servers, Active Directory Domain Controllers, and Active Directory Global Catalogs. Additionally, if I remember correctly, there was a blog from the Exchange team a couple of years ago that said
  Exchange wasn't supported with firewalls between the various Exchange servers in the environment.
  I will ask one question - why aren't you centralizing your Exchange management and servers, and granting rights to these groups for their mailbox management (based on an Organizational Unit that their accounts are in, and granted at the Active Directory
  level)?  You would no longer have this issue each time another group decides they want to host their own Exchange system.

• My first generation AppleTV will not sync with iTunes anymore.  I get an error message that says: "The Apple TV is not responding Check that any firewall software running on this comptuter has been set to allow communication on port 3689"  firewall is off

  My first generation AppleTV will not sync with iTunes anymore.  I get an error message that says: "The Apple TV is not responding Check that any firewall software running on this comptuter has been set to allow communication on port 3689"  firewall is turned off.. Any ideas?

  Thanks Rudegar,
  I only synch and do not stream off of my 1st Gen AppleTV
  I will try with ethernet but will be a pain in the butt if i can not fix it with wifi for long term fix
  I may end up trying to do a named IP address vs DHCP for this appleTV (not sure if i can do both and do not want to remove DHCP as i have a bunch of sensors and other devices that I prefer to dynamically add to the network via DHCP vs. assign each one
  Will keep working on other fix options (factory reset, etc.)
  Thanks again

• Sql server 2012 express - tcp/ip connection to named instance using dynamic port not working

  I have a named instance on a SQL 2012 Express server that won't connect via TCP/IP when wanting to connect off of the dynamic port.  I can connect via shared memory locally on the server.   I can connect to the namespace when specifying the
  dynamic port listed in the configuration manager.  
  This is the only named instance on the server and it is not the default.
  TCP/IP is enabled
  Allow Remote connections is enabled
  the server browser service is running
  I can connect via the dynamic port number
  I am testing the connection locally on the server, so I don't believe a firewall is the issue.  I get the same results if I test it from a remote computer.
  When using the sqlcmd (sqlcmd -S tcp:SQLSRVR\NAMEINST -E) I get the message that "the requested protocol isn't supported [xfffffffff]".   The command (sqlcmd -S tcp:SQLSRVR\NAMEINST,59992 -E) works.
  Through SSMS, I get the message "the connection was actively refused".
  On other boxes, I can connect with the named instance without having to specify the port. 
  I have looked through the sql logs and nothing much shows up.  The log does show that is listening on the port # for ipv4 and ipv6.   There is also a line in there talking about the SPN not being registered and not to worry about it if
  you are not using Kerberos.  I logged in through shared memory and it said I was using NTLM.
  Any help would be appreciated.
  thanks.

  Hi clw,
  I’m writing to follow up with you on this post. According to your description, I do a test, if you configure the database engine to listen on a specific TCP port (59992), and
  the port is opened in the firewall. If you want to connect to the SQL Server instance, you 'd better to
  use the port number.
  In my opinion, by default, the default instance of the Database Engine uses port 1433, usually, if you have configured the server to listen on a non-default port number, when an instance of SQL Server uses dynamic port allocation, the connection string that
  is built at the SQL Server client does not specify the destination TCP/IP port unless the user or the programmer explicitly specifies the port. Therefore, the SQL Server client library queries the server on UDP port 1434 to collect the information about the
  destination instance of SQL Server.
  If UDP port 1434 is disabled, the SQL Server client cannot dynamically determine the port of the named instance of SQL Server. Therefore, the SQL Server client may be unable to connect to the named instance of SQL Server. In this situation, the SQL Server
  client must specify the dynamically allocated port where the named instance of SQL Server is listening.
  For more information about configuring an instance of SQL Server to listen on a specific TCP port or dynamic port, you can review the following article.
  https://support.transfrm.com/entries/503111-How-to-configure-an-instance-of-SQL-Server-to-listen-on-a-specific-TCP-port-or-dynamic-port
  Thanks,
  Sofiya Li
  Sofiya Li
  TechNet Community Support

• CVP OAMP dynamic ports requirement

  Hi all,
  Based on CVP SRND
  "Because the Unified CVP Operations Console Server uses dynamic ports for communication with other
  components, it cannot be deployed outside of a firewall while the rest of the Unified CVP components
  reside inside the firewall"
  In an environment where we have Call Server 1 & OAMP (Site A) and Call Server 2 (Site B)
  a) how would it be possible to comply to the SRND since Site A & B would definitely be separated by firewall?
  b) what method / workaround can be used to allow communication between OAMP (Site A) and Call Server 2 (Site B)?
  Thanks!
  -JT-

  Hi,
  I have a similar setup what you had descried. The firewall config is in such a way that it is IP to IP communication, where it would allow all the ports of Source and Destination. We have not come across any kind of issues so far
  Hope this helps!!!
  Thanks,
  Dass

• Dynamic port assignments

  hi all. if my question can be answered by reading TMG documentation, feel free to direct me there (i tried searching for the admin documentation but couldn't find it).
  can someone tell me what the purpose of dynamic port assignment is from endpoint -> TMG? Once the traffic leaves the TMG -> Internet, the actual service port is being used but that doesn't help me for internal queries.
  many thanks,
  -P

  Hi,
  Please check the articles below.
  ISA/TMG Server
  Application protocol
  Protocol
  Ports
  Configuration Storage (domain)
  TCP
  2171            (note 1)
  Configuration Storage (replication)
  TCP
  2173   (note 1)
  Configuration Storage (workgroup)
  TCP
  2172   (note 1)
  Firewall Client   Application
  TCP/UDP
  1025-65535 (note 2)
  Firewall Client Control Channel
  TCP/UDP
  1745   (note 3)
  Firewall Control Channel
  TCP
  3847 (note   1)
  RPC
  TCP
  135 (note 6)
  Randomly allocated high TCP ports (note   6)
  TCP
  random port number between 1024 - 65535
  random port number between 10000 - 65535 (note 7)
  Web Management
  TCP
  2175 (note 1, 4)
  Web Proxy Client
  TCP
  8080 (note 5)
  Collapse this imageExpand this image
  Notes
  This port is not used with ISA 2000.
  FWC application transport and protocols are negotiated within the FWC control channel.
  ISA 2000 FWC control uses UDP. ISA 2004 and 2006 use TCP.
  OEM uses Firewall Web Management to provide non-MMC management of ISA Server.
  This port is also used for intra-array traffic.
  This port is used only by the ISA management MMC during remote server and service status monitoring.
  This is the range in TMG. Please note that TMG extends the default dynamic port ranges in Windows Server 2008 R2, Windows 7, Windows Server 2008, and Windows Vista.
  https://support.microsoft.com/kb/832017?wa=wsignin1.0#method14
  Reference:
  TCP connection established using Firewall client may close unexpectedly
  Regards,
  Joyce
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• Server 2012 restrict active directory dynamic ports

  Hello,
  Has anyone encountered issues with restricting the Active Directory dynamic ports for Netlogon and NTDS in Server 2012?  I have followed the added the typical registry entries as described below but I still see my RDS gateway in the DMZ trying to communicate
  to my internal DC over other ephemeral ports (49158).  I have rebooted the DC after the registry changes and still no effect.  Are the reg entries the same in 2012?  Any help would be appreciated.  Thank you
  Registry key 1 
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters 
  Registry value: TCP/IP Port 
  Value type: REG_DWORD 
  Value data: 49152 (This value needs to be specified in decimal format)
  Registry key 2 
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters 
  Registry value: DCTcpipPort 
  Value type: REG_DWORD 
  Value data: 49153 (This value needs to be specified in decimal format)
  Eddie Espino | Secure Data Solutions | Miami, Florida | Microsoft Partner

  Hi,
  There are at least two options that can be used to allow replication when there are network traffic filters (aka firewall) in the network, across two DCs:
  1. Use registry keys on the DCs to force communication over specific ports
  2. Use IPsec to restrict the traffic to two ports only (IP 50 and IP 51)
  I tried to find some relevant documents, but could not find support for restricting the Active Directory dynamic ports for Netlogon and NTDS in Server 2012. You could refer to the following article, it may help you to solve your issues:
  Restricting AD Replication Traffic between DCs to only a few ports
  http://blogs.technet.com/b/luistog/archive/2012/05/08/restricting-ad-replication-traffic-between-dcs-to-only-a-few-ports.aspx
  Regards,
  Mandy Ye

• Dynamic port configured for FILE adapter is not working

  Hi,
  I have a simple dynamic port in an orchestration that writes a file to a file location. Here is the configuration
  ================
  FilePort(Microsoft.XLANGs.BaseTypes.Address) = "FILE://c:\\TestFolder\\Out";
  FilePort(Microsoft.XLANGs.BaseTypes.TransportType) = "FILE";
  ================
  When I run this orchestration, the dynamic port does not write the file to the folder, however I does not show any error either. It is always in "Ready to Run" state where the message is "Queued Awaiting".
  I tried all sorts of combinations like FILE:// FILE:\\ File: file:// file:\\ etc... and also without the moniker, just c:\.... I get the same problem.
  when I use a static port(subscribed to the same message) it works fine. When I use a static port ALONGWITH this dynamic port then both works fine !!! I receive 2 files.
  but when I use only dynamic port it does not work!!
  Anybody knows how to solve it.
  THANKS IN AVANCE
  PLEASE HELP
  Surya

  It could be becasue you 're not passing in the file name, Try something like this..
  SndPort_Dynamic(Microsoft.XLANGs.BaseTypes.Address)=@"file://C:\Test\Try\Out\Test1.xml";
  But even when you don't pass the file name, i was expecting the erro to be like:
  The FILE send adapter cannot open file C:\TestFolder\Out\ for writing.
  Details: The system cannot find the path specified.
  But try with File Name and restart the host instance after the change.
  Or use somehting like this:
  FilePort(Microsoft.XLANGs.BaseTypes.Address)=@"file://C:\Test\Try\Out\\%MessageID%.xml";
  FilePort(Microsoft.XLANGs.BaseTypes.TransportType) = "File";
  If this answers your question please mark it accordingly. If this post is helpful, please vote as helpful.