How to block outbound port in Solaris 10
Hello,
I would like to block OUTBOUND telnets (port 23) - Let me repeat it's OUTBOUND (not inbound).
I need to do it on Server level (not Firewall level).
Any help would highly be appreciated.
TIA
Prvn
Edited by: sun_prvnrk on Sep 30, 2010 10:52 AM
Yes, you need to use ipfilter.
You can filter either inbound or outbound.
There's information in docs.sun.com on how to use svcadm to turn it on and there's an ipfilter mailing list to help you figure out how to use it.
-- Ken
Similar Messages
-
How to block Ping requests in Solaris 10
Hello all,
Could you pls let me know how to block icmp packets (ping) on solaris 10.
thanks a lot
tpiranavare you familiar with ipf? it comes with solaris. check man ipf for some starter background if you are unfamiliar with it.
-
How can i disble ports in Solaris 10.
Hi,
I am new to Solaris. I have done a new installation of the 10 on a sparc and it went well. I need to block all the unwanted ports, for this i have edited the /etc/services. After a rebooted, i don't see any effect, i can see the ports are still listening.
Any help is appreciated.
Tx.Commenting out lines in /etc/services isn't the way to go about disabling services.
You need to find out what is actually the controlling application/server utilizing that port and disable it.
To see what parts are currently available use netstat -a -f inet. If that doesn't give you enough information install lsof and use its output to identify what application is utilizing what port. Once you identify the application you can disable it with svcadm.
For example: If you see port 25/tcp as available, netstat will report that as smtp and lsof will identify it as sendmail. You can then disable it with svcadm disable sendmail . Now if you do a netstat -a -f inet you won't see port 25/tcp listening any more. -
How to Block / Hardening of "Unused Ports" in OracleAS-10gAS
Hi All,
I have installed Oracle 10gAS PatchSet-2 9.0.4.2.0 and Windows-2000 SP-4 OS. The Both instances (INFRA & Mid-Tier) are installed on same box. My AS is working fine and all components are working great.
+
I can find-out the ports being used/configured by 10gAS of this installation. Rest all other Ports are open as such on this OS and are not being used. So basically i want to "Block all those Unused Ports of this 10gAS installation"
1. Is it Possible..? If Yes! how to start about this.
2. Does Oracle Provide a Documentation on this or the details of this is included anywhere in any of the Docs.?
This has been pointed out by one of our Corporate Auditors who has audited our entire IT Infrastructure setup and given us that comment. Can anybody would help me in this regard or suggest me tips / docs. which could be useful to me. Looking for ur help.
Regards,
Kamesh RastogiHello,
I would clarify what i need and intend to do......
Let say my HTTP Server is configured and listening at port 7779 & 7778. And the range of this is 7777 - 7999 as provided by App.Serevr.
SO i want to block all the ports of above range and ONLY want to open or allow requests coming for Port No. 7779 or 7778.
What all is being used by App.Server is know to us and we can find it out and list it....but how to block them...here in App.Server.
Regards,
Kamesh Rastogi -
Examining block diagram- ports on VI- How do I determine which port is wired
Trying to figure out how a block diagram is wired with a a vi that has lots of ports. Is there a way that I can identify where the wire goes on the vi?
As tst said, you can triple click to see the entire wire. Some people don't wire properly, with wires going underneath objects. If you look closely at the attached picture, you can see the highlited wire (the one surrounded by dash lines) goes to the top right corner of the object it is wire to.
Message Edited by tbob on 08-21-2008 12:30 PM
- tbob
Inventor of the WORM Global
Attachments:
Wire.PNG 8 KB -
Hi, I'm having a small problem... My ISP (Comcast) blocks all outgoing connections on port 25. Which as you know is the default SMTP port and the port GWIA normally uses to send email.
Comcast now requires that you send email on their server (smtp.comcast.net) using Port 587 and authentication. I believe I've read enough information to get the Outbound Authentication working, but have been searching high and low for information on how to change GWIAs outbound port.
I know this is easily accomplished on Exchange as that's what I am currently using. Company is looking to switch to Groupwise but this cannot be done unless I can get this problem fixed.
Any help would be very much appreciated.
Thanks!Don't have any experience with this situation, but was wondering if you can configure your outbound host (/mh switch if using your gwia.cfg file) with the port on it. Try putting 1.2.3.4:587 for your outbound host.
HTH,
Aaron -
b How do I use Port Mapping?
(This document will assume that you are using and ABS/AEBS/AX as an internet router and have DHCP & NAT turned on.)
Sometime you may want to offer access to a computer on your AirPort network to users on the internet, whether it be a web site, or for file sharing, or just remote access for yourself when traveling. If any of these sound like something you want to do, then you need to understand how Port Mapping works.
b AirPort as Firewall
Most of the time your AirPort base station will not let any traffic into your network which did not originate from your network. It will let everything out and replies to your traffic back in, but it will not let sessions initiated on the internet side of the base station in to your network. This is what is referred to as the "NAT firewall" capability of the base station and it provides effective protection for your network from the internet. What Port Mapping does is poke a hole in this wall to allow certain type(s) of traffic into the network and direct this traffic to a specific computer on the network. In the firewall world this is commonly referred to as an "inbound proxy" or "inbound translation" rule or "PAT" (Port Address Translation) in the router world.
b The Need for Manual Addressing
Since a Port Mapping entry in the base station configuration requires an inside private IP address to be specified, the computer to which to mapping entry applies should always have the IP address specified in the mapping entry. Thus, DHCP should not be used for a computer offering services on the internet as the Port Mapping entry will no longer work if the target computer's IP address changes. In general, an Apple base station's DHCP server will try to assign IP addresses in the 10.0.1.2 to 10.0.1.200 range. IP addresses above 10.0.1.200 can be Manually assigned to computers and other devices on the network up to 10.0.1.254. 10.0.1.255 is reserved (it is the broadcast address for the 10.0.1 subnet). To Manually set up the TCP/IP information for a Macintosh running Mac OS X, go to System Preferences -> Network and "Show" the appropriate interface (Ethernet or AirPort) and click on the TCP/IP tab. Select "Configure Manually" and enter the following information:
IP address : 10.0.1.201 (or whatever address you decide to use)
Subnet mask : 255.255.255.0
Router IP : 10.0.1.1 (the AirPort base station LAN IP)
DNS server : 10.0.1.1, or whatever DNS server IP your ISP uses
After making these changes verify that your computer can still access the internet and local resources on the LAN before continuing.
b Port Mapping a service
In our example we will be hosting a web site on a computer which we have given an IP address of 10.0.1.201. Basic web sites are accessed using the HyperText Transport Protocol (HTTP) and this protocol typically uses port 80 to communicate. In order for others to see the web site, we must configure a Port Mapping entry in the base station configuration to not only allow the web browsers in, but to tell the base station what IP address the web server is using. The Port Mapping entry has three parts: Public Port, Private IP, and Private Port. In this case you would use the following values:
Public Port : 80
Private IP : 10.0.1.201 (this is the computer hosting the web site)
Private Port : 80
In order to access the web site from the internet, users must reference the base station's WAN port public IP (determined by looking at the base station configuration summary page in the AirPort Admin Utility). Since this address may change over time, you might want to use a Dynamic DNS service to simplify connecting for your users.
Sometimes the port you wish to use may be blocked by the ISP. In this case, use a different non-standard Public Port number for the service, but keep the Private Port standard. In the above example, if the ISP was blocking port 80, you could potentially use 8080 instead, so:
Public Port :Public Port : 8080
Private IP : 10.0.1.201
Private Port : 80
Your users would then have to enter "http://<publicIP>:8080/" (where <publicIP> is the public IP address of the AirPort base station) to access the web site.
b Internal Access
It should be noted that when accessing these services from within the network you cannot reference the Public IP/Public Port, but rather you must use the Private IP/Private Port. Thus, "http://10.0.1.201:80/" in the above example.
b Limits and Options
There is a maximum of 20 Port Mapping entries that can be made in an Apple base station configuration. If you use an AirPort Extreme or AirPort Express base station there is an option which can be helpful in the case where you need many ports opened to a single computer. This is the "Default Host" option. When using this it is not necessary to use Port Mapping at all as all ports will be opened to the specified "Default Host". This is found in "Base Station Options". The default IP address for the "Default Host" is 10.0.1.253. You may change this IP address. The target computer must be Manually configured as specified above with the same IP address. Since all ports are now open to this computer, you should enable and configure the Mac OS X firewall on the default host computer to protect it from intruders.
b Useful Related Links
<a href="http://docs.info.apple.com/article.html?artnum=52002>"Designing AirPort Extreme Networks: Manuals</a>
"Well Known" TCP and UDP Ports Used By Apple Software Products
IANA Port Number Assignments -
Is there any way to block USB ports through SCCM console
How to Block the client machine USB ports using SCCM 2012 R2 console
we know that so many 3rd party tools are able to block the USB ports for client machines, how cant we add an additional option for SCCM 2012 for Block USB ports for client PC's, to make our network secure
thanks & Regards,
TejaThat's not possible by default, but you can create your own custom script and add it as a right-click action to a device.
My Blog: http://www.petervanderwoude.nl/
Follow me on twitter: pvanderwoude -
How to get the ports on a computer?
Hello!
Do anyone know how to list which ports that are not locked/blocked on a comuter?you could always loop 65000 times (or however many ports there are), trying to set up a connection to a port, if an exception is thrown (i.e. it the port is being used) then simply record what port that was.
Mik� -
How to installed java comm in solaris
I have installed borland jbuilder5 enterprise edition,and
put the libSolarisSerialParallel.so in LD_LIBRARY_PATH
(LD_LIBRARY_PATH=/usr/lib), the comm.jar in jre\lib\,javax.comm.properties in jre\lib .
But when I Open the serial port, the program always raise a exception "null".
What can i do ?sorry :
how to "installed" java comm in solaris
--->
how to install java comm in solaris -
CME:how to block external call to external call
cme have the four fxo and AA,when the external calls come in,and dial 9+ pstn num,it can call from external call to another external call,how can blocking?
Hi,
try to use this command
#call application voice aa max-extension-length 5
This option declares the maximum length of the extension that the user can dial when dial-by-extension-option is chosen. The default value is 5. The value can be 0 with no restriction up to x digits.
or try
3.
Configure Class of Restriction (COR) to block call transfers from B-ACD to PSTN numbers. The sample configuration below prevents the B-ACD from transferring calls out to local and long distance PSTN numbers. The B-ACD can still transfer calls to internal extensions.
Below is an example of such a configuration:
dial-peer cor custom
name longdistance
name local
dial-peer cor list call-longdistance
member longdistance
dial-peer cor list call-local
member local
dial-peer cor list block-pstn
dial-peer voice 1 voip
corlist incoming block-pstn
application aa
destination-pattern 1000
session target ipv4:192.168.1.1
incoming called-number 1000
dtmf-relay h245-alphanumeric
codec g711ulaw
no vad
dial-peer voice 2 pots
corlist outgoing call-longdistance
destination-pattern 91..........
port 0/2/0
dial-peer voice 3 pots
corlist outgoing call-local
destination-pattern 9[2-9]......
port 0/2/0
Thanks
Najeeb -
How to check the port status in IPSec VPN
Hi Experts,
Is there any way by which we can find that the UDP port 500 is blocked at ISP side.
My IPSec VPN configured between two cisco router in production network is not coming up and experts are saying that the ISP has blocked the port 500 somewhere in between, however ISP denying and saying that they dont block any port.
kindly suggest what whould be the best wayout?
ThanksThanks Marvin,
How could I capture the traffic from initiating peer so that I can figure out that UDP port 500 is blocked or not, with the help of wireshark...
In my network ONT/Modem (having four ethernet port) is installed at both the end and from one of its port the router is connected at each side and IPSec VPN is configured between the router. to check the UDP port status, my question is, should i connect my laptop (running with wireshark) with one of the port of ONT and capture the traffice or is there any other way and how that traffice will tell me that port 500 is blocked or not? -
How to block yahoo new messenger option in mail beta
Hi,
Anyone know how to block yahoo's new option of messenger being in the
yahoo mail beta? I know we could just block access to yahoo mail, but
that hasn't been a real problem at this point (according to our logs
anyway) but now that messenger has been added there, it certainly could
become a problem.
Have already blocked webmessenger for yahoo and msn, are there others
now? we have the other general blocks for the clients (port
redirections etc)
Thank you,
MikeMike,
It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Do a search of our knowledgebase at http://support.novell.com/search/kb_index.jsp
- Check all of the other support tools and options available at
http://support.novell.com.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://support.novell.com/forums)
Be sure to read the forum FAQ about what to expect in the way of responses:
http://support.novell.com/forums/faq_general.html
If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Product Support Forums Team
http://support.novell.com/forums/ -
How do I unblock port 80 on a D-Link 2650-B DSL Modem?
I am unable to play Texas Holdem on MSN Games. Tested port 80 and it timed out. I can't seem to figure out how to open the port correctly. Why does verizon block this port?
This will help you better http://zone.msn.com/en/support/article/multiplayerloadhelp.htm Also, see as need be http://answers.microsoft.com/en-us/newmsn/forum/newmsn_browse-newmsn_browseart/cant-play-texas-hold-em-on-msn-games-general-error/41bd4da0-6a71-48e2-9669-b863aa44ecfa
-
How to make outbound plug to Public attr
Hi All,
I am trying to call outbound plug from get_v method for f4 help. But when i click on f4 help, it getting dump by giving below error.
View 'ZXXXX/GeneralData' does not have the public outbound plug 'OP_FINDXXXX' for value help navigation
In get_v method, using below piece of code.
CREATE OBJECT rv_valuehelp_descriptor TYPE cl_bsp_wd_valuehelp_navdescr
EXPORTING
iv_outbound_plug = 'FINDXXXX'. "#EC NOTEXT
My concern is how to make Outbound plug to public or if there any other way to call Outbound plug from Get_v then please advice.
I appriciate your suggestion.
Thanks
RIHi Imran!
To make outbound plug public please do the following things:
1)In BSP_WD_CMPWB: go to the code of your outbound plug and switch to edit mode;
2)Save & Activate your outbound plug.
3)Menu "Go to" -> "Method Definition"-> tab "Attributes":
- set "Visibility" = Public
- "Event" block: "Active" should be marked.
Warning: after changing of visibility the content(code) of method will be removed automatically!
So, save it beforehand.
4) Then go to method and try to do save and activate.
You will get a error message. Double click at this message - so you will be redirected to the error place - protected section of the current class.
5) Find out in this protected section the rows with your outbound plug - cut out them.
6)On the toolbar you will see button for public section - go there and past you rows there.
7) save and activate everything.
8) Now you can fill your outbound plug with your logic and activate again.
I did this just recently many times and it worked fine.
Please tell me if something is unclear or doesn't work.
Good luck!
Evgenia
Maybe you are looking for
-
Whenever I launch a new Google window, Google immediately re-opens all other windows I happen to have open but minimized. I then have to either close or re-minimize each window, one at a time. What a pain!!
-
Lenovo G550 move partition to new HDD (including one key recovery)
Hi guys. I have a Lenovo G550 laptop. I am looking to change out the existing stock HDD with a new SSD drive (from what I understand from other Lenovo support services, it is SATA II compatible (see http://forums.lenovo.com/t5/Lenovo-3000-and-Essent
-
How do you change default settings for Pdf document viewing?
Somehow the default setting for all my PDF documents and photos is now ColorSync. How do I change the main default setting, which I think should be Safari?
-
Is it possible to change the iPhone4s settings so that it records video at 30 fps versus the current setting of 24fps?
-
Can u please give me inforamation on SRM flow ?
Hi All, Can u please give me inforamation on SRM flow and shopping cart? and any usefull links or information to find tech information like tables BADI's transactions and where master tables. Thanks for ur time Kiran.