Firewall blocks Airplay (even under 'allow all traffic')

Similar Messages

• Firewall Allow all traffic on lan

  Is there a way to make a firewall rule to allow all traffic on en1? I have my ip ranges set to allow all traffic, but I still have to turn the firewall off for DHCP to give IP addresses to new devices on the network.

  dtich wrote:
  thx dean, yes, i had certainly looked at the log, which shows these entries:
  Nov 11 21:49:25 north-knoll-server ipfw[8789]: 65534 Deny UDP 169.254.14.242:138 169.254.255.255:138 in via en0
  but i have no idea where 169xxx is, nothing on my lan... if the port is 65534, that's an ftp passive port, tried opening that, doesn't solve the problem. if the port is 138, that's netbios, which would be odd, but i tried opening that too. nothing doing. can't figure it out. and the log really isn't helping too much.
  traceroute gives me:
  traceroute to 169.254.14.242 (169.254.14.242), 64 hops max, 40 byte packets
  1 169.254.14.242 (169.254.14.242) 0.593 ms 0.504 ms 0.195 ms
  so, i guess that's some internal address that my router uses or something..?? wacky. i'm out of my depth here.
  if i allow 169.254.x.x, i still get no joy.
  mean anything else to you?
  yeah, 169.254.x.x is part of the zeroconf net address range. (See http://en.wikipedia.org/wiki/Zeroconf for more details)
  Not sure why the device in particular is trying port 138 unless it's Windows box maybe? Is en0 on your local network or external?

• RV016 Router Allow All Traffic For Outside IP

  Hi,
  I need to configure the firewall to allow all traffice for an IP address of a sever. What steps in the router do i need to configure this? This is a cloud based voip server and we have IP phones and we need to add an IP address of the phone server to allow all traffic for that IP.
  thanks.

  Hi Jonathan,
  I have a similar problem with VOIP traffic being dropped by my new RV016 v3 router.
  I have created one Firewall Rule, to allow ALL traffic from the external VOIP PBX provider (single IP) to connect to the internal VOIP phones, which have assigned addresses in a small IP Address range (eg. 10.1.2.50 - 10.1.2.59)
  The Aastra VOIP phones continually loose their  registration wtih the cloud-based PBX. If you make an outgoing call, it will work, but the PBX will lose connection with the phone, 3 or 4 minutes after you hang up,  and will mark it as offline. Incoming calls made within the 3 or 4 minutes will get through, but after that they go right to voicemail on the PBX system.
  We used to have an RV016 v2 router and VOIP traffic worked  OK,  with a similar Firewall Rule.  We replaced the v2 router  because its CPU crashed. 
  I tested the VOIP traffic with a WRT160 router with minimal Firewall Rules, and it works OK, as long as SIP-ALG is turned Off.   We want to use the RV016 because it provides a larger number of ports for our LAN.
  Any suggestions ?
  Kirk

• Windows 7 firewall blocking airplay after allowing

  Hi guys and gals,
  Windows 7 firewall is blocking airplay from my PC (iTunes) to my Apple TV and also stopping me using my iPhone (remote) to control iTunes.
  If I turn the firewall off all is well with the world but once I reinstate it everything stops working again.
  I've set up incoming and outgoing rules for iTunes and ports TCP 3689 and UDP 5353 as per guides on these forums, i've also selected iTunes in the 'allow a program...' list.
  Everything is running the latest version, I've reset and updated Apple TV and re installed iTunes.
  Help me please as its driving me mad!

  Hmm, not sure I completely understand now. What exactly simultaneously should mean in this context? The thing is that it seems there's no chance in getting the connection to work when I first turn on the client on my Windows computer. The other way (starting on my Linux computer) it works just fine, and I am able to connect from my Windows to my Linux anytime.
  Also I'm not sure that this is the problem, cause it seems that same problem apply to connection to other computers as well (however this impression is based on a testing with just a very few tries, so I'll try to test it more soon).
  Thanks for the explaining anyway!

• Firewall blocks afp even though enabled!?

  This relates to a G5 running 10.4.11 and a mac pro running 10.5.5
  We are having a nightmare with file sharing between two machines. We can connect fine from the mac pro to the g5 via a ethernet router. We can't however connect from the g5 -we can however connect to the internet and pinging the mac pro works. We have tried connecting with the bonjour adress and the ip addres - no results. The personal file sharing tabs in system preferences on both machines are ticked. The firewall is set to allow essential services, and below are listed printer sharing, file sharing etc. However i opened the log and saw that a few afp connections had just been denied - turn the firewall off and we can connect to the macpro. Surely we should be able to connect on a local area network without the firewall blocking it? It also denies cupsd (we have a printer networked to the g5) but also less frequently nmbd, which seems weird as to my limited knowledge this is to do with windows file sharing - and we do not have a windows machine on the network.
  Weirdly I enabled the firewalls on both machines fairly recently after noticing they were off - however my client (i am a retoucher) has confirmed that filesharing was always like this - even when firewall off which I seem to recollect as correct. In theory if we have a router with firewall enabled do we need the firewall on on the macs?
  Please help I have reached the limit of my knowledge on this one! Many thanks

  On the MacPro > System Preferences > Sharing > File Sharing, is the list of shared folders what you expect and for each shared folder, are the authorized users and permissions set up as you would expect? Clicking on the options button underneath that panel, is AFP checked, and if desired or necessary, SMB and/or FTP?
  In theory, I would say yes, if you have full faith in the personal integrity of all the local users on the LAN, and you believe them to be cautious enough that they won't have inadvertently downloaded and installed some sort of malware onto their machines, and you believe that your LAN is adequately secured (e.g., using WPA2 for the WLAN), then it is true, you should only need to maintain the firewall at the internet-facing router.

• ACE 4710: Config Allows all traffic except large HTTP downloads

  Hi Folks,
  Got an ACE 4710 with a basic config that seems to work for all traffic except large downloads.
  I've attached the current config
  As I mentioned I can do normal HTTP to a standard destination like google or SSH through the ACE or ICMP
  If i try to get a large file from the server side of ACE, then a trace shows that the first and subsequent 1460Byte packets dont go through ACE
  I've thought of parse lengths, but i cannot see any that seem to affect the generic L4 maps that I am trying to use
  Cheers
  Alan

  I've seen a similar fault. I suppose a lower MSS was sent in the TCP SYN handshake packets (1300 or 1380?) and the packets exceeding that value were dropped by the ACE. This is the default behavior which can be switched to a less strict mode by either
  exceed-mss allow
  or
  no normalization
  commands.
  In our case, a linux web server was whose replies wouldn't keep to the MSS limit.

• AVG Firewall blocking AirPlay.

  Hey
  My AVG Firewall is blocking iTunes from sending out AirPlay. And when I want to use it I have to stop my Firewall which I don't really want to do.
  I have iTunes, and Bonjour in the firewall exceptions, but still blocks.

  I finally figured out how to solve this problem. Air play uses port 5353 for AirPlay which is normally blocked by AVG firewall. http://support.apple.com/kb/TA21543
  I unblocked port 5353 in AVG (v10) using this method
  1. Open AVG
  2. Go to Firewall settings
  3. Click on "Tools/Firewall Settings"
  4. Go the the Profile you want (Small Home or Office Network, ect.)
  5. Click "System Services"
  6. Under "User defined system rules" Click "Manage user system rules"
  7. Click add
  8. Make sure you have the settings the same as the following
  protocol - UDP
  direction - Both ways
  local port - User selected port (enter 5353 as the defined port)
  remote ports - Same as local port
  remote address - local network
  9. Name the Rule
  10.Click OK,  (You should see the rule listed now) then OK again
  11. Click Apply and restart iTunes
  Hope this solves your problem
  Taylor

• Cisco RV042 Firewall Blocking LAN Traffic

  Hello Everyone,
  I currently have an RV042G with a downstream SG-300 connected to one of the LAN interfaces.  Connected to the SG-300 are a couple servers running ESXi.  Intervlan routing is working fine on the current setup; however, I only able to connect to my ESXi hosts on a separate VLAN for approximately a minute before the connection is dropped.  I have concluded that the firewall seems to be culprit in blocking my traffic.  If I turn the firewall off, everything acts as expected.  There is a default "ANY/ANY" rule for LAN traffic enabled and I have added a couple extras allowing all traffic for IP ranges, but I still seem to be losing my connections.  To make matters more confusing, I can see ACCESS_RULE events in the firewall logs permitting the traffic (or so I'm interpretting).
  Regardless, here's how my rules currently stand below.  I put another ANY/ANY rule in because the default didn't seem to be working -- I immediately was able to ping other hosts on different VLANs after adding the rule.  I was under the assumption allowing all traffic from any source to any destination would make the LAN pretty accessible.  I would appreciate any guidance or resources on this topic to set up some quick firewall rules to get things up and running.  Thanks in advance.
  Priority
  Enable
  Action
  Service
  Source
  Interface
  Source
  Destination
  Time
  Day
  Delete
  123
  Allow
  All Traffic [1]
  LAN
  10.10.21.1 ~ 10.10.21.31
  10.10.10.10 ~ 10.10.10.10
  Always
  123
  Allow
  All Traffic [1]
  LAN
  10.10.10.10 ~ 10.10.10.10
  10.10.21.1 ~ 10.10.21.31
  Always
  123
  Allow
  All Traffic [1]
  LAN
  Any
  Any
  Always
  Allow
  All Traffic [1]
  LAN
  Any
  Any
  Always
  Deny
  All Traffic [1]
  WAN1
  Any
  Any
  Always
  Deny
  All Traffic [1]
  WAN2
  Any
  Any
  Always

  I guess I should clarify, the SG-300 is running in Layer 3 mode, and the VLANs are defined on it; however, the static routes are defined on the RV042.  Maybe there's a more efficient way of doing this? 
  Below is a scrubbed copy of my switch configuration. 
  config-file-header
  SWITCH01
  v1.3.5.58 / R750_NIK_1_35_647_358
  CLI v1.0
  set system mode router
  vlan database
  vlan 2
  exit
  no bonjour enable
  hostname SWITCH01
  no logging console
  ip ssh server
  ip ssh password-auth
  clock timezone CEST +1
  interface vlan 1
  ip address 10.10.10.2 255.255.255.0
  no ip address dhcp
  interface vlan 2
  name VIRTUAL-MANAGEMENT
  ip address 10.10.21.1 255.255.255.224
  interface gigabitethernet1
  description ESXI01:VMNIC0:MGMT
  switchport trunk allowed vlan add 2
  interface gigabitethernet20
  description UPLINK
  exit
  ip route 0.0.0.0 /0 10.10.10.1 metric 15
  The routes I have defined is:
  Destination IP
  Subnet Mask
  Default Gateway
  Hop Count
  Interface
  10.10.21.0
  255.255.255.224
  10.10.10.2
  1
  eth0
  10.10.10.0
  255.255.255.0
  0
  eth0
  255.255.252.0
  0
  eth1
  239.0.0.0
  255.0.0.0
  0
  eth0
  default
  0.0.0.0
  40
  eth1
  Just to reiterate the problem, I am able to connect to hosts on VLAN 2 from my computer on VLAN 1, but I am disconnected a minute or so later.  When the firewall is disabled, I have no issues with connecting to the host across VLANs and maintaining that connection.  Maybe I have a misconfiguration somewhere that is causing some issues?  I appreciate the help. 

• Howto allow all inbound traffic on 678?

  I have a 501 behind a 678 (CBOS 2.4.6) The 678 does not allow inbound connection by default. How can I config the 678 to simply terminate the ADSL and allow all traffic both in and out, so that I can let the 501 do all the access control?

  Try:
  http://www.cisco.com/en/US/products/sw/netmgtsw/ps528/products_user_guide_book09186a008007ce34.html
  http://www.cisco.com/en/US/products/sw/netmgtsw/ps528/prod_release_note09186a00800eac45.html

• Firewall blocks Apple's Network Time Protocol

  Hi,
  I admit to not fully understanding everything about the Firewall on OS X server 10.4.11 and I'm hoping someone can help with a little(?) problem.
  On the WAN side, my "gateway" server is connected directly to my SpeedTouch 780 modem with a fixed IP address. On the LAN side are a couple of switches and then an Airport Extreme base station (192.168.2.249). This broadcasts wirelessly to a more distant Airport Express (192.168.2.247). Both WiFi devices are configured to obtain the time from Apple's European servers.
  After completing a Carbon Copy Cloner of my OS partition and rebooting on my usual volume I noticed the following denials in my Firewall log:
  Dec 28 12:50:16 nl1 ipfw: 65534 Deny UDP 17.72.255.12:123 192.168.2.249:3987 in via en0
  Dec 28 12:40:25 nl1 ipfw: 65534 Deny UDP 17.72.255.12:123 192.168.2.247:3814 in via en0
  In SA --> Firewall --> Settings --> Services --> Edit Services for: 192.168.1-net (en0/modem connection)
  I have the "Allow only traffic for: 192.168.1-net on these ports" checked and
  NTP - Network Time Protocol UDP/TCP is also checked.
  Under, Edit Services for: any
  I have the "Allow only traffic for: any" checked and
  NTP - Network Time Protocol UDP/TCP is also checked.
  Under, Edit Services for: 192.168.2-net (en1/LAN)
  I have the "Allow all traffic for: 192.168.2-net" checked.
  1) Why is this traffic being blocked?
  2) Why does the port number seem to get changed in transit? (I've got NAT running and Open Directory).
  3) Does the configuration under, "Allow only traffic for: any" overrule all other Firewall settings? So if for example a port under, "Allow only traffic for: 192.168.1-net on these ports" wasn't checked but was under, "Allow only traffic for: any", would the traffic be allowed through?
  Thanks and happy new year!
  Michael Franks

  Do you have NTP activated? Does it work? If it doesn't and you have the firewall activated, then open the required port. If it is working then don't worry about it.

• How do I remove "Allow all connections" for Pando in my firewall settings?

  In System Information under Firewall Settings - Applications, I see the following: com.pando.pando: Allow all connections. However, when I go to System Preferences and look at the firewall options, this is not listed, nor can I find any trace of Pando anywhere else on my computer. Is this hidden somewhere, and how can I get rid of it?

  pirihi,
  open Safari’s Preferences, and select its Privacy tab. For the “Block cookies and other website data” set of radio buttons, select “Never”.

• Firefox apears in firewall even after closing all processes and continues to download file

  firefox continues to download files even after closing all the processes, this behavior was noticed by looking at the my firewall activity log. I am using get them all download manger (firefox extension) to download files in firefox. When first time firefox is started after starting computer it doesnt have any problem, but once I open the download manager and start downloading files it never stops.
  I am using : down them all version 2.05 beta on FF 3.6.12
  1. start computer
  2. open firefox
  3. check firewall status (bitdefender firewall running at report level) - no activity noticed
  3. add url to download file in download them all manager
  4. start download - bitdefinder shows firefox accessing internet
  5. pause download
  6. check firewall status - bitdefinder doesn't show firefox accessing internet in process listing but it does show network activity is going on at its peak.
  7. close all firefox windows and remove firefox.exe from task manager
  8. check bit defiender firewall status it continues to run at peak eating up all the network bandwidth
  9. remove rule of firefox from firewall so as it may prompt when firefox try to connect to internet (bit definder firewall is running in report mode for approval for each connection)
  10. as soon as rule removed, bit definder pops up window sayaing firefox is trying to access remote server (same from where the download was earlier started)
  11. Allow the firefox to access it and again it will start downloading in background and bitdefinder shows up internet activity at its peak.

  naah, looks like its problem of firefox, i removed the plugin and tried downloading using the normal download winodw of firefox but same problem, this time it starts picking up item from the download window and continues to download

• Firefox "check for add-on updates" checks even when not selected, request website list for firewall blocking purposes

  I work for the Tech Department in a school district. Our student computers are locked down and all settings are reset after a restart. We have set firefox to always allow all add-ons to run and to never check for updates (we update them on a schedule we control). However, since the latest release, we have been prompted after EVERY flash AND EVERY java update that they are out of date and need to be updated. Having the students click on this every time for every affected webpage is no longer an option. We are also not interested in white-listing pages individually; instead, we would like to prevent firefox from finding the update server to prevent any further prompts.
  Please provide me with all of the websites/web addresses that "check for add-on updates" uses so we can block them at the firewall level.
  Thanks

  Part of the problem may be the recent flurry of required updates to FlashPlayer. As I understand it Mozilla took the exceptional step of blocklisting some of those FlashPlayer versions after fixes were released because there were known exploits in the wild.
  * See the blocklist
  * And flashplayers bulletins https://helpx.adobe.com/security.html#flashplayer
  Possibly you are having difficulty in keeping the software updated and so seeing valid warnings from Firefox. You appear (System info aside) to be posting using Firefox 34. The current Release is Fx35.0.1
  Possibly it would be worth you considering using Firefox ESR, that still has regular updates including backported critical security fixes, but the major version stays the same for longer and there are less frequent feature changes.
  * https://www.mozilla.org/en-US/firefox/organizations/faq/
  I will send links for a couple of other articles by Private Message.
  Steps that may be safe for an IT department may not be recommended for the average reader of this forum.

• 2nd try. 1) firefox isn't blocking popups even though its set to 2) firefox doesn't recognize when I click "allow"

  Firefox has been allowing all sorts of pop-ups even though I've established the block in the content. This is just one of the pop-up sites: http://partners.livingsocial.com/cities/soon?ref=cpxpop
  When I go to a website I'm interested in a ribbon comes up at the top of the screen telling me to "allow". But when I click this it disappears for a second and then comes right back asking again. I have to check the X in order to get it to go away and that doesn't always work. I've even "allowed" certain sites on the options pages but that doesn't seem to make a difference.

  There may be a problem with malware if unrelated pop-ups are opening or you are redirected to unrequested websites.
  Do a malware check with some malware scan programs.<br />
  You need to scan with all programs because each program detects different malware.<br />
  Make sure that you update each program to get the latest version of the database before doing a scan.<br />
  * http://www.malwarebytes.org/mbam.php - Malwarebytes' Anti-Malware
  * http://www.superantispyware.com/ - SuperAntispyware
  * http://www.microsoft.com/windows/products/winfamily/defender/default.mspx - Windows Defender: Home Page
  * http://www.safer-networking.org/en/index.html - Spybot Search & Destroy
  * http://www.lavasoft.com/products/ad_aware_free.php - Ad-Aware Free
  See also "Spyware on Windows": http://kb.mozillazine.org/Popups_not_blocked and [[Searches are redirected to another site]]

• Parental Controls are not working correctly.  Websites I've listed under Allow Access are still blocked.  How can I fix this?

  Parental Controls are not working correctly.  There are websites I've listed under Allow Access, however they are still blocked. - such as:  Yahoo mail and USAA banking.  How can I fix this?

  Hendry
  Just thought I'd let you know.  Our suspicions were correct, it was the OS. After I installed Snow Leopard (10.6.8) all the problems were corrected.  I also updated the RAM from 1 gb to 6 gb. The mac is working all around better. Sorry it took so long to get back to everyone. My superdrive had pooped out. Rather than replace it I got an external drive from OWC connected with firewire 800.  So far everything is running very well, as far as I can tell this external drive is better than the original superdrive. My superdrive has always acted funny, infact I returned the first mac I got after a week because its superdrive was also malfunctioning. Anyway, all that to say everything seems to be fully functioning again.
  Roy
  Re: Function keys are not working correctly