Enabling TCP Ports 24000-24100

Similar Messages

• TCP Ports 24000-241000

  Hello,
  So I am an avid online scrabble player. Up until today I just logged on and played. No problem. But after installing a whole bunch of updates today, I am unable to go into scrabulous. It says I need to enable TCP ports 24000-24100. Now when I went to system preferences-->sharing-->firewall-->new--> then i made a new port on the tcp port numbers 24000-24100. I was very hopeful and proud of myself for figuring this out. But then I went back to the scrabble site and I got the exact same error message.
  Please help!
  I'm upset that I updated my computer and now it won't do one of its most important duties.
  Thanks.

  Are you using some sort of router with a firewall?

• Pre-Requisite Check SQL Server 2012 SP2 TCP Port Enabled Error

  When doing the pre-requisite check to install SCCM (CAS) using an instance of SQL Server 2012 SP2, you get the following error even though SQL Server TCP port has been enabled, set to static port 4022 on the IP addresses in use in SQL Server Configuration
  Manager under Protocols for <SQLInstanceName>: configuration manager primary site and central administration site require sql server tcp enables and set to static port
  To resolve this issue, make sure "4022" is also set in the IPAll node in SQL Server Configuration Manager under Protocols for <SQLInstanceName> then restart the SQL Service and re-run the pre-requisite check and you should be good to go.
  To avoid SCCM SQL-related install failure, keep in mind that SCCM SQL Service Broker (SSB) (used to replicate data between database sites) is set to port 4022 by default. This is different from and cannot be same as the tcp static port set in SQL Server
  Configuration Manager under Protocols for <SQLInstanceName>. For example SSB can use its default tcp port 4022 while a static tcp port of 4023 can be set in SQL Server Configuration Manager under Protocols for <SQLInstanceName> or vice-versa. The
  SCCM SSB port number can be adjusted during SCCM installation on the Database Information page. My take it so change SSB port to 4023 and leave SQL default port at 4022 since SQL serves potentially many apps while SSB is used within/by SCCM.
  If you are getting errors relating to SQL Server service running accounts, SQL Server Collation, and/or SQL Server sysadmin rights while attempting to install a primary site, unselect the SCCM installation option to install default settings at the beginning
  of the install process.
  Also, ensure to install important updates and restart the server.

  Thank you for sharing.
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Bypassing TCP port 25 restriction (i.e. worst ISP EVER; Mail is not allowed

  Hi
  The private company that runs my DOES NOT ALLOW Smtp connections on its "hi speed internet connection".
  Meaning that Mail cannot function and I have to check via webmail.
  I'm serious.
  Their FAQ states:
  Can I use email clients such as Microsoft Outlook or Outlook Express to send and receive emails?
  No, you will only be able to use web browser based email such as Hotmail or Gmail; this is due to limitations (on TCP port 25) which have been implemented to protect you against other computer users sending unsolicited bulk emails (SPAM) via your computer.
  Does anyone know a way to get around this as I NEED the functionality of Mail.....
  Also,
  Are all British ISPs this ridiculous?
  Dieing to find a solution to this....... Many Many Many Many Thanks
  PS. I already paid extra ($250USD) to enable 'super' internet which doesnt throttle VOIP, STREAMING, gaming, P2P etc.
  Luke

  Beginning January 1, 2006 Port 587 has been standardized as the port to use for authenticated SMTP servers although most will still work with Port 25 as well. More and more ISPs are blocking port 25 as various jurisdictions are holding them responsible for spam and/or viruses originating on their network. With unauthenticated SMTP anyone can send using that server whether they have an account or not. So the ISPs block that port with the sole exception of their own SMTP server so they can scan the messages for spam and viruses. With an authenticated SMTP server where a valid account id and password are required to send messages the provider of the server assumes the responsibility for scanning all traffic through their server thus relieving the ISP of the liability.
  Whether you think this is a big brother step or not, with estimates that spam on the internet is running as high as 70% of all email traffic, if it weren't for restrictions like this email would rapidly become an unusable tool. The only annoying thing I have found about this is how few ISP Tech Support people know about this. To often their solution is "you can only use another email provider through their webmail interface."

• ACE VIP OK HTTP, NOK other TCP port

  Hi,
  we are having issues in configuring load balancing for a TCP port. For HTTP it's working without issues and we have the ACE also balancing for other TCP ports.
  Here goes the relevant config:
  probe http PROBE-HTTP
    interval 5
    passdetect interval 2
    passdetect count 1
    request method get url /idc/
    expect status 200 200
  probe tcp PROBE-TCP
    port 4444
    interval 5
    passdetect interval 10
  rserver host PRD1
    ip address 10.10.10.1
    inservice
  rserver host PRD2
    ip address 10.10.10.2
    inservice
  serverfarm host SF-HTTP
    probe PROBE-HTTP
    rserver PRD1 80
      inservice
    rserver PRD2 80
      inservice
  serverfarm host SF-TCP
    probe PROBE-TCP
    rserver PRD1 4444
      inservice
    rserver PRD2 4444
      inservice
  sticky ip-netmask 255.255.255.255 address source SC-IP-PRD-HTTP
    timeout 10
    serverfarm SF-HTTP
  class-map match-all NAT-VIP-HTTP
    2 match virtual-address 10.10.35.1 any
  class-map match-all NAT-VIP-TCP
    2 match virtual-address 10.10.35.1 tcp eq 4444
  policy-map type loadbalance first-match LB-VIP-HTTP
    class class-default
      sticky-serverfarm SC-IP-PRD-HTTP
      insert-http x-forward header-value "%is"
  policy-map type loadbalance first-match LB-NAT-VIP-TCP
    class class-default
      serverfarm SF-TCP
  policy-map multi-match POLICY-RSERVER-VIP
    class NAT-VIP-TCP
      loadbalance vip inservice
      loadbalance policy LB-NAT-VIP-TCP
      loadbalance vip icmp-reply active
      nat dynamic 1 vlan 200
    class NAT-VIP-HTTP
      loadbalance vip inservice
      loadbalance policy LB-VIP-HTTP
      loadbalance vip icmp-reply active
      nat dynamic 1 vlan 200
  interface vlan 200
    description SERVER-SIDE
    ip address 10.10.14.2 255.255.255.0
    alias 10.10.14.1 255.255.255.0
    peer ip address 10.10.14.3 255.255.255.0
    access-group input EVERYONE
    nat-pool 1 10.10.4.6 10.10.4.6 netmask 255.255.255.255 pat
    service-policy input AllowICMP
    service-policy input POLICY-RSERVER-VIP
    no shutdown
  The probe are OK, but nothing seems to get to the VIP:
  ACE/CTX# show probe PROBE-TCP
  probe       : PROBE-TCP
  type        : TCP
  state       : ACTIVE
     port      : 4444    address     : 0.0.0.0         addr type  : -
     interval  : 5       pass intvl  : 10              pass count : 3
     fail count: 3       recv timeout: 10
                         --------------------- probe results --------------------
     probe association   probed-address  probes     failed     passed     health
     ------------------- ---------------+----------+----------+----------+-------
     serverfarm  : SF-TCP
       real      : PRD1[4444]
                         10.10.10.1     8853       1          8852       SUCCESS
       real      : PRD2[4444]
                         10.10.10.2     8853       1          8852       SUCCESS
  ACE/CTX# show serverfarm SF-TCP detail
  serverfarm     : SF-TCP, type: HOST
  total rservers : 2
  active rservers: 2
  description    : -
  state          : ACTIVE
  predictor      : ROUNDROBIN
  failaction     : -
  back-inservice    : 0
  partial-threshold : 0
  num times failover       : 0
  num times back inservice : 1
  total conn-dropcount : 0
  Probe(s) :
      PROBE-TCP,  type = TCP
                                                  ----------connections-----------
         real                  weight state        current    total      failures
     ---+---------------------+------+------------+----------+----------+---------
     rserver: PRD1
         10.10.10.1:4444      8      OPERATIONAL  0          0          0
           max-conns            : -         , out-of-rotation count : -
           min-conns            : -
           conn-rate-limit      : -         , out-of-rotation count : -
           bandwidth-rate-limit : -         , out-of-rotation count : -
           retcode out-of-rotation count : -
           load value           : 0
     rserver: PRD2
         10.10.10.2:4444      8      OPERATIONAL  0          0          0
           max-conns            : -         , out-of-rotation count : -
           min-conns            : -
           conn-rate-limit      : -         , out-of-rotation count : -
           bandwidth-rate-limit : -         , out-of-rotation count : -
           retcode out-of-rotation count : -
           load value           : 0
  ACE/CTX# show service-policy POLICY-RSERVER-VIP
  Status     : ACTIVE
  Interface: vlan 1 200
    service-policy: POLICY-RSERVER-VIP
      class: NAT-VIP-TCP
        nat:
          nat dynamic 1 vlan 200
          curr conns       : 0         , hit count        : 0
          dropped conns    : 0
          client pkt count : 0         , client byte count: 0
          server pkt count : 0         , server byte count: 0
          conn-rate-limit      : 0         , drop-count : 0
          bandwidth-rate-limit : 0         , drop-count : 0
        loadbalance:
          L7 loadbalance policy: LB-NAT-VIP-TCP
          VIP ICMP Reply       : ENABLED-WHEN-ACTIVE
          VIP State: INSERVICE
          curr conns       : 0         , hit count        : 0
          dropped conns    : 0
          client pkt count : 0         , client byte count: 0
          server pkt count : 0         , server byte count: 0
          conn-rate-limit      : 0         , drop-count : 0
          bandwidth-rate-limit : 0         , drop-count : 0
        compression:
          bytes_in  : 0
          bytes_out : 0
  I see a lot of this messages in the logging of the ACE:
  show logging | i 4444
  22:02:52 : %ACE-6-302023: Teardown TCP connection 0x18b6 for vlan200:10.10.14.2/26768 to vlan200:10.10.10.2/4444 duration 0:00:00 bytes 1051 TCP FINs
  22:02:55 : %ACE-6-302022: Built TCP connection 0x14dc for vlan200:10.10.14.2/30318 (10.10.10.1/30318) to vlan200:10.10.10.1/4444 (10.10.14.2/4444)
  22:02:55 : %ACE-6-302023: Teardown TCP connection 0x14dc for vlan200:10.10.14.2/30318 to vlan200:10.10.10.1/4444 duration 0:00:00 bytes 1103 TCP FINs
  22:02:57 : %ACE-6-302022: Built TCP connection 0xc6c for vlan200:10.10.14.2/26784 (10.10.10.2/26784) to vlan200:10.10.10.2/4444 (10.10.14.2/4444)
  22:02:57 : %ACE-6-302023: Teardown TCP connection 0xc6c for vlan200:10.10.14.2/26784 to vlan200:10.10.10.2/4444 duration 0:00:00 bytes 1103 TCP FINs
  22:03:02 : %ACE-6-302022: Built TCP connection 0x151a for vlan200:10.10.14.2/26800 (10.10.10.2/26800) to vlan200:10.10.10.2/4444 (10.10.14.2/4444)
  show logging | i 4444
  22:02:52 : %ACE-6-302023: Teardown TCP connection 0x18b6 for vlan200:10.10.14.2/26768 to vlan200:10.10.10.2/4444 duration 0:00:00 bytes 1051 TCP FINs
  22:02:55 : %ACE-6-302022: Built TCP connection 0x14dc for vlan200:10.10.14.2/30318 (10.10.10.1/30318) to vlan200:10.10.10.1/4444 (10.10.14.2/4444)
  22:02:55 : %ACE-6-302023: Teardown TCP connection 0x14dc for vlan200:10.10.14.2/30318 to vlan200:10.10.10.1/4444 duration 0:00:00 bytes 1103 TCP FINs
  22:02:57 : %ACE-6-302022: Built TCP connection 0xc6c for vlan200:10.10.14.2/26784 (10.10.10.2/26784) to vlan200:10.10.10.2/4444 (10.10.14.2/4444)
  22:02:57 : %ACE-6-302023: Teardown TCP connection 0xc6c for vlan200:10.10.14.2/26784 to vlan200:10.10.10.2/4444 duration 0:00:00 bytes 1103 TCP FINs
  22:03:02 : %ACE-6-302022: Built TCP connection 0x151a for vlan200:10.10.14.2/26800 (10.10.10.2/26800) to vlan200:10.10.10.2/4444 (10.10.14.2/4444)
  The client request it's going trough an ASA, in the ASA side I see that the TCP connection it' half-open with SAaB flags. It seems that the VIP never replies with SYN+ACK to the ASA...
  Thank you.
  Best regards

  Hi Norberto,
  The log messages you are getting are most probably the probe connections and not a failure, looking to them you will see your ACE is establishing TCP connection on 4444 then it will teardown the connection with FIN which is expected since you are using TCP keepalives.
  I would recommend to go back and define the problem exactly, what are you exteriancing when you try to telnet on port 4444 toward the VIP from the client?
  Run sniffing software on the client, the server and enable capture on ACE and ASA will give you exact idea what you are experiencing.
  Note: The ASA and the ACE has great capture feature which will show you exactly the packet flows.
  Note: Since you are applying NAT on the client requests, you should see the NATed IP address on the server capture.
  Note: With L4 load balancing the ACE is not spoofing the clients' request, it just forward the SYN, SYN+ACK and ACK between the server and the client.
  Let me know if you have any other questions.
  Best regards,
  Ahmad

• Database link TCP ports

  We installed database link between two Oracle databases. Does anybody know on whitch TCP port it communicate ? I know only about port 1521. Problem is that we have firewall between computers and we need to enable Oracle communication between them.

  avalanche333 wrote:
  I am attempting to create a database link from a very locked down server (Database A) to Database B which is on my internal network.
  Can someone tell me what ports I need to open in the firewall for a database link to work correctly? My Database B instance is a XE instance running on the default port 1521.
  Thanks,Hans and Devotee have given you the best info so far. I'd like to expand and clarify slightly on their comments.
  There is really nothing special about a db-link. It is just another client process, being used by the 'client' database. It uses exactly the same networking pieces as does sqlplus on the same machine. All of the same considerations are there ... tnsnames.ora on the client machine matching up with the listener configuration on the target machine, listener ports, port redirection for establishing the actual server process, etc. I would start by getting a sqlplus connection working. When you have that, you know you have all of your network configuration issues resolved. At that point any issues you have with the dblink will be in the link definition itself.
  And as Hans pointed out, databases don't run on port 1521. It is a conceptual mistake to think of the database as "running" on any port. By default the listener uses port 1521 to listen for connection requests. The database knows nothing about that. It is also very easy, and not that uncommon, to configure the listener to use another port instead of or in addition to 1521, so it is also a mistake to treat port 1521 as if it were some immutable value.

• Listing and closing open TCP ports

  Hi,
  For security reasons I would like to have as few open TCP ports as possible on my iMac, leaving open only those that I feel are worthwhile having enabled. How can I go about to
  a) identify which TCP ports are currently open on the system
  b) identify the processes that have opened the ports and understand the origin and purpose of those process
  c) disable the processes that have ports open, if I feel that there is no good reason for having them open
  I'm running OS X 10.9.4.
  Thanks!
  Fredrik

  You can run "netstat" in the Terminal or maybe Network Utility to see open ports. However, all you should really do is make sure you don't have any sharing services enabled. Otherwise that is all you can do. Macs are not meant to be used as servers or in secure environments. They are strictly consumer machines. Apple has engineered them to be highly secure, but not configurable by the user. It is highly unlikely that any modifications that an end-user can make would do anything other than reduce security.

• What incoming public TCP ports are blocked?

  I just setup my 890L to forward incoming public TCP ports to to a couple of my LAN devices.  Unfortunately, it looks like VZB is purposefully blocking common incoming TCP ports. 
  I tried searching on google.com for what ports are blocked; but, just found a bunch of posts like this one.  Some people actually tried contacting 1st and 2nd tied VZB tech support about this; but, it's clear they don't have this information available to them.
  Has anyone verified what incoming public TCP ports are not blocked?  There's no easy way for me to test this using my 890L.

  You can find out for yourself which ports are being blocked by using a Port Query utility.  Depending on the OS of your computer there should be multiple utilties available for free floating around.
  As we have seen numerous times before, devices on VZW's new SIM card/4G LTE network are blocked from many of the public facing services and features we have previously been dependant on.  Public IP Addresses, Public Ports, Webcams, VOIP phones, etc. all suffer under the same umbrella of limitations on the new network.  The list is too long to publish everything that is blocked or not working as it previously did.  Much easier for you to post the requirements of your application and have us confirm if its working or not.
  If you have not already experimented with VPN's I'd suggest checking them out.  VPN's are one of the easiest ways around these new limitations.  With a VPN enabled your device will tunnel all of its communications out an allowed port to a VPN server where your traffic is free to act normally before returning to you.

• Need to accept incoming TCP port

  Hi All
  I manage a netware small business suite 6.5 server at the radio station where i work. The problem is that we have a peer-2-peer app that we use to transfer data between our 'sister' stations all over the country. Essentially, I'm wondering how to go about setting up a filter to allow incoming connections on TCP port 6699 for example ?? I had a hack at it and basically came up with the following:
  Source Interface: Public
  Destination InterfaceL All Interfaces
  protocol: TCP
  Src Ports: All
  Dest Ports: 6699
  ACK Bit Filt: disabled
  Stateful Filt: Enabled
  Scr Addr Type: Host
  Src IP Add: xxx.xxx.xxx.xx
  Dest Addr Type: Any Address
  Will this allow port 6699 through? This may be the wrong newsgroup for this next question, but will i need to get some BorderManager Access rules going also to allow it through?
  Thanks All! Any and all help appreciated!
  Joel

  [email protected] wrote:
  > Source Interface: Public
  > Destination InterfaceL All Interfaces
  > protocol: TCP
  > Src Ports: All
  > Dest Ports: 6699
  > ACK Bit Filt: disabled
  > Stateful Filt: Enabled
  > Scr Addr Type: Host
  > Src IP Add: xxx.xxx.xxx.xx
  > Dest Addr Type: Any Address
  >
  > Will this allow port 6699 through?
  Yes, your statefule exception will allow inbound TCP connections on
  6699, and the dynamic "response" packets to let the traffic back out.
  Whether this will actually work or not depends on how the P2P app works.
  I assume the app at *your* location will need to be able to initiate
  connections with other hosts, and this filter will not allow that. You'd
  need one going in the other direction as well.
  Jim
  NSC SYsop

• Unable to telnet on command prompt for udp port 514, but able to on cmd for tcp port 514

  I am unable to telnet on command prompt for udp port 514. But when I use packet snifer or wireshark I am able to see traffic going to the targetted server from udp port 514. I thought it might be a firewall issue blocking the port from communicating. But
  I figured out that windows firewall is disabled. I am able to make similar connections on the cmd for tcp port 514.
  I did a netstat -an and see that udp:514 is enabled and listening on the server.
  What am I missing here?

  Telnet actually supports TCP only. You might want to try another tool as suggested here: http://serverfault.com/questions/263032/how-to-connect-to-a-udp-port-command-line
  This posting is provided AS IS with no warranties or guarantees , and confers no rights.
  Ahmed MALEK
  My Website Link
  My Linkedin Profile
  My MVP Profile

• How to do a silent configuration of SQL Server 2005 to a static tcp port ?

  Hello,
  I have a SQL server 2005 but after checking the ports of sql server,it is observed that dynamic ports are being used.
  I want to install SQL server 2005 and configure SQL serevr to a static TCP port by using silent mode of installation.There are ways to do it using SQL configuration manager and using server network utility but I want it through the silent mode.
  Please help to assist how this can be achieved through silent mode of installation.

  Hi AshishB,
  According to your description, you want to configure SQL Server to a static TCP port by using silent mode of installation. I recommend you use WMI scripting and the SQL Server WMI provider. After installation, change the TCP/IP port with the script. For
  more information about silent installing with fixed TCP port, you can review the following article.
  http://social.msdn.microsoft.com/Forums/sqlserver/en-US/914f8b72-3164-47ae-91fb-f7ed6f8ea7e6/silent-install-with-fixed-tcp-port?forum=sqlexpress
  There is detail about how to configure that manual by launching the SQL Server configuration manager, enabling TCP/IP connections, specifying the ports from the command line, you can review the following post.
  http://stackoverflow.com/questions/9138172/enable-tcp-ip-remote-connections-to-sql-server-express-already-installed-databas
  Regards,
  Sofiya Li
  Sofiya Li
  TechNet Community Support

• 922 TCP ports closed!

  Hi All,
  Nmap gave me some disturbing news last night; I have 922 TCP ports closed on my computer, including stuff like Trinoo, Elite and some other trojans that I would think are Windows threats only. Even though the ports are closed (I've got firewall enabled), I have no idea how and why they appeared on my computer. I have a wireless router, but don't know if that matters. Thanks 4 your help.

  Hi,
  as you said, the ports are closed, this does mean that they are inaccessible so you don't have to worry. Additionally, when you're sitting behind a wireless router, it's own firewall should protect you from outside access. Anyway, it would be helpful if you could provide the whole output of nmap and tell us if you've scanned the IP which belongs to your local network or the IP which was assigned to your wireless router by your ISP.
  Cheers,
  ulrik

• Open TCP Ports on 9216i

  We are auditing open TCP ports on our network equipment and discovered a number of open TCP ports on our 9216i. Is there any way to tell what the open ports are used for and shut them down if unnecessary? The show tcp command is not available. show tech did not reveal anything.

  There is the standard set of ports that are open for mgmt by ssh, telnet, and SNMP v2 or v3. Additionally, there is port 80 open so you can point web browser to it and get the FM code. The list is as follows.
  Common to all applications
  * SSH 22 (TCP)
  * TELNET 23 (TCP)
  * HTTP 80 (TCP)
  * SYSLOG 514 (UDP)
  Fabric Manager Server and Performance Manager
  * SNMP_TRAP 2162 (UDP)
  * SNMP picks a random free local port (UDP) - (can be changed in server.properties)
  * Java RMI 9099, 9199 to 9299 (TCP)
  Fabric Manager Client
  * Java RMI 9099, 9199 to 9299 (TCP)
  * SNMP picks a random free local port. (UDP) or 9189 (TCP) if SNMP proxy is enabled (can be changed in server.properties)
  Device Manager
  * SNMP_TRAP 1163 to 1170 (UDP) (picks one available in this range)
  * SNMP picks a random free local port (UDP) or 9189 (TCP) if SNMP Proxy is enabled (can be changed in server.properties)
  You can shut off telnet in lieu of ssh in the configuration. Also, it is possible to use access-lists on the mgmt ports to limit IP addresses/ports/etc. Also, don't forget that the IPS ports will be listening for FCIP and ISCSI if enabled.

• Xfce 4.6 session binds to tcp port (ICE layer)

  As topic.
  However to be more specific, since the new Xfce4 xfce4-session automatically listens on a (random?) port. This being a tcp-binding to the ICE layer.
  See xfce4-session man page:
  --disable-tcp
  Disable binding to TCP ports in the ICE layer. This is not possible on every platform. If you
  use this option on a platform that does not support it, xfce4-session will print a warning message and ignore the setting.
  Thus, by default its enabled.
  netstat -apn
  Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
  tcp 0 0 0.0.0.0:45505 0.0.0.0:* LISTEN 5318/xfce4-session
  tcp 0 0 :::42892 :::* LISTEN 5318/xfce4-session
  Since I'm paranoid this seems to me like a security risk. It is possibly fixable by appending --disable-tcp to the xfce4-session entry in /etc/xdg/xfce4/xinitrc. Or is there a better place?
  Is this worth putting in the bug-tracker, is it intended, should Arch by default disable xfce4-session listening to a tcp-port? Or is there a similar entry somewhere already?
  In my opinion, it should be disabled by default, since if it is not specifically required, its just another hole in the system.
  m.

  ...gremlins. That's the only explanation I can think of. An hour and a half after I changed the APN settings, it fixed itself. I guess there's a bit of lag somewhere in the system somewhere.
  Regardless, it works now, and thanks for the advice. I'd not found the BTSC earlier; thanks much for pointing me at it. And I do believe I might hang around. It seems a friendly place.
  -Chris

• TCP port blocked

  I am getting an "...unable to connect to server due to network security (TCP port 8080 blocked)" message. Any idea what settings should I change before going to SFR support? BES not enabled. 

  This will have been a false alarm triggered during the 7.7 upgrade.  The warning occurs when a site fires an event but does not have a current heartbeat connection.  I suspect this was caused by bad sequencing of a service restart and we will look into how that hapened.  The upgrade started yesterday at 9am and was completed at noon US-CST.
  Logs show a large number of these events were triggered between 9:30am and 10:20am CST.  If you are still receiving these, please let us know so we can investigate further.
  Andy