Messages server proxy65 behind NAT?

Hi,
How do I get the proxy65 service usable from the internet? It's natted, here's my setup:
I have a messages server runing on x.x.x.x. (private IP)
I have a router that forwards traffic on ports 5222,...,7777 from the public IP y.y.y.y
My proxy65 configuration in /Library/Preferences/com.apple.Proxy65.plist can only accept the ip x.x.x.x as it cannot bind to the external IP.
The messages server advertises the proxy as <streamhost port='7777' host='x.x.x.x' jid='proxy65.domain.com'/>
and that is obviously not usable from outside.
Is there a way to advertise the external IP of the messages host so that wan clients can send files to lan clients?
Thanks,
Anton.

Update:
I commented out this:
 socket.inet_pton(socket.AF_INET, ip)
in this:
/Applications/Server.app/Contents/ServerRoot/usr/share/proxy65/proxy65.py
and now my
/Library/Preferences/com.apple.Proxy65.plist
can use a hostname instead of IP like so:
<dict>
 <key>jid</key>
 <string>proxy65.domain.com</string>
 <key>proxyips</key>
 <string>xmpp.domain.com:7777</string>
so now all works from the outside and from the inside.

Similar Messages

OS X Server Messages Server Jabber Proxy65 File Transfer Solution

Like many others, I'm running OS X 10.9 Server behind NAT, and finding that Messages (aka iChat) which uses Jabber/XMPP is hit-or miss when doing file transfers between LAN and WAN clients.
The solution I found was here: messages server proxy65 behind NAT?
The problem : by default, the proxy65 config (which handles Jabber file transfers) binds to the server's IP address. In a NAT setup, this would be a LAN address. When the file transfer initiates, this LAN address is advertised to the clients, and if they are on the WAN, it's not a routable address.
You might think you could use the WAN IP address instead - but this fails within the proxy65 setup with this error:
twisted.internet.error.CannotListenError: Couldn't listen on 64.XXX.XXX.XXX:7777: [Errno 49] Can't assign requested address.
The solution, as per the post, is to comment out one line in the proxy65.py file and use an actual DNS name in the com.apple.proxy65.plist file.
Although that solution was written for 10.6 this seems to work well for me in 10.9.

FYI, I've submitted this as rdar://19926772

After Installing SAP netweaver abap 7.01 (Message server unreachable)

Hi every one ,
it was a very long night and still continues
It's my first time to install SAP netweaver abap 7.01 .. I'm using Operating System : Vista service Pack 1 .. i installed the NetWeaver Abap 7.01 and when the install shield finished he asked me to run the server ..when i clicked " ok " the install shield couldn't run the server and told me to see the log file .. and here is the log file :
<
(Dec 23, 2008 7:54:39 PM), Install, com.sap.installshield.CheckServicesAction, err, CheckServicesAction(bean17): Expected service (SAPNSP_00) is not currently running
(Dec 23, 2008 7:54:39 PM), Install, com.sap.installshield.CheckServicesAction, wrn, CheckServicesAction(bean17): Service SAPNSP_00 is not available, retry after 10 s.
(Dec 23, 2008 7:54:49 PM), Install, com.sap.installshield.CheckServicesAction, err, CheckServicesAction(bean17): Expected service (SAPNSP_00) is not currently running
(Dec 23, 2008 7:54:49 PM), Install, com.sap.installshield.CheckServicesAction, wrn, CheckServicesAction(bean17): Service SAPNSP_00 is not available, retry after 10 s.
(Dec 23, 2008 7:54:59 PM), Install, com.sap.installshield.CheckServicesAction, err, CheckServicesAction(bean17): Expected service (SAPNSP_00) is not currently running
(Dec 23, 2008 7:54:59 PM), Install, com.sap.installshield.CheckServicesAction, wrn, CheckServicesAction(bean17): Service SAPNSP_00 is not available, retry after 10 s.
(Dec 23, 2008 7:55:09 PM), Install, com.sap.installshield.CheckServicesAction, err, CheckServicesAction(bean17): Expected service (SAPNSP_00) is not currently running
(Dec 23, 2008 7:55:09 PM), Install, com.sap.installshield.CheckServicesAction, wrn, CheckServicesAction(bean17): Service SAPNSP_00 is not available, retry after 10 s.
(Dec 23, 2008 7:55:19 PM), Install, com.sap.installshield.CheckServicesAction, err, CheckServicesAction(bean17): Expected service (SAPNSP_00) is not currently running
(Dec 23, 2008 7:55:19 PM), Install, com.sap.installshield.CheckServicesAction, wrn, CheckServicesAction(bean17): Service SAPNSP_00 is not available, retry after 10 s.
(Dec 23, 2008 7:55:29 PM), Install, com.sap.installshield.CheckServicesAction, err, CheckServicesAction(bean17): Expected service (SAPNSP_00) is not currently running
(Dec 23, 2008 7:55:29 PM), Install, com.sap.installshield.CheckServicesAction, wrn, CheckServicesAction(bean17): Service SAPNSP_00 is not available, retry after 10 s.
(Dec 23, 2008 7:55:40 PM), Install, com.sap.installshield.CheckServicesAction, err, An error occurred and product installation failed. Look at the log file F:\SAP\NSP\log.txt for details.
(Dec 23, 2008 7:55:40 PM), Install, com.sap.installshield.CheckServicesAction, err, ProductException: (error code = 601; message="Services failed to start (see the log for details)")
STACK_TRACE: 12
ProductException: (error code = 601; message="Services failed to start (see the log for details)")
 at com.sap.installshield.CheckServicesAction.install(CheckServicesAction.java:95)
 at com.installshield.product.service.product.PureJavaProductServiceImpl.installProductAction(Unknown Source)
 at com.installshield.product.service.product.PureJavaProductServiceImpl$InstallProduct.getResultForProductAction(Unknown Source)
 at com.installshield.product.service.product.InstallableObjectVisitor.visitComponent(Unknown Source)
 at com.installshield.product.service.product.InstallableObjectVisitor.visitInstallableComponents(Unknown Source)
 at com.installshield.product.service.product.InstallableObjectVisitor.visitProductBeans(Unknown Source)
 at com.installshield.product.service.product.PureJavaProductServiceImpl$InstallProduct.install(Unknown Source)
 at com.installshield.product.service.product.PureJavaProductServiceImpl$Installer.execute(Unknown Source)
 at com.installshield.wizard.service.AsynchronousOperation.run(Unknown Source)
 at java.lang.Thread.run(Unknown Source)
(Dec 23, 2008 7:55:41 PM), Install, com.installshield.product.service.product.PureJavaProductServiceImpl$InstallProduct, err, An error occurred and product uninstallation failed. Look at the log file F:\SAP\NSP\log.txt for details.
(Dec 23, 2008 7:55:41 PM), Install, com.sap.installshield.sdcstepswrapper.StepWrapperInstallFiles, err, ProductException: (error code = 200; message="Java error"; exception = [java.lang.Exception])
STACK_TRACE: 15
ProductException: (error code = 200; message="Java error"; exception = [java.lang.Exception])
 at com.sap.installshield.sdcstepswrapper.StepWrapperInstallFiles.execute(StepWrapperInstallFiles.java:254)
 at com.sap.installshield.sdcstepswrapper.StepWrapperInstallFiles.executeAllSteps(StepWrapperInstallFiles.java:224)
 at com.sap.installshield.sdcstepswrapper.StepWrapperInstallFiles.executeAllUninstallationSteps(StepWrapperInstallFiles.java:192)
 at com.sap.installshield.sdcstepswrapper.StepWrapperInstallFiles.uninstall(StepWrapperInstallFiles.java:313)
 at com.installshield.product.service.product.PureJavaProductServiceImpl.uninstallProductAction(Unknown Source)
 at com.installshield.product.service.product.PureJavaProductServiceImpl$InstallProduct.processActionsFailed(Unknown Source)
 at com.installshield.product.service.product.InstallableObjectVisitor.visitComponent(Unknown Source)
 at com.installshield.product.service.product.InstallableObjectVisitor.visitInstallableComponents(Unknown Source)
 at com.installshield.product.service.product.InstallableObjectVisitor.visitProductBeans(Unknown Source)
 at com.installshield.product.service.product.PureJavaProductServiceImpl$InstallProduct.install(Unknown Source)
 at com.installshield.product.service.product.PureJavaProductServiceImpl$Installer.execute(Unknown Source)
 at com.installshield.wizard.service.AsynchronousOperation.run(Unknown Source)
 at java.lang.Thread.run(Unknown Source)
>
And here is my Services file :
<
Copyright (c) 1993-2004 Microsoft Corp.
This file contains port numbers for well-known services defined by IANA
Format:
<service name> <port number>/<protocol> [aliases...] [#<comment>]
echo 7/tcp
echo 7/udp
discard 9/tcp sink null
discard 9/udp sink null
systat 11/tcp users #Active users
systat 11/udp users #Active users
daytime 13/tcp
daytime 13/udp
qotd 17/tcp quote #Quote of the day
qotd 17/udp quote #Quote of the day
chargen 19/tcp ttytst source #Character generator
chargen 19/udp ttytst source #Character generator
ftp-data 20/tcp #FTP, data
ftp 21/tcp #FTP. control
ssh 22/tcp #SSH Remote Login Protocol
telnet 23/tcp
smtp 25/tcp mail #Simple Mail Transfer Protocol
time 37/tcp timserver
time 37/udp timserver
rlp 39/udp resource #Resource Location Protocol
nameserver 42/tcp name #Host Name Server
nameserver 42/udp name #Host Name Server
nicname 43/tcp whois
domain 53/tcp #Domain Name Server
domain 53/udp #Domain Name Server
bootps 67/udp dhcps #Bootstrap Protocol Server
bootpc 68/udp dhcpc #Bootstrap Protocol Client
tftp 69/udp #Trivial File Transfer
gopher 70/tcp
finger 79/tcp
http 80/tcp www www-http #World Wide Web
hosts2-ns 81/tcp #HOSTS2 Name Server
hosts2-ns 81/udp #HOSTS2 Name Server
kerberos 88/tcp krb5 kerberos-sec #Kerberos
kerberos 88/udp krb5 kerberos-sec #Kerberos
hostname 101/tcp hostnames #NIC Host Name Server
iso-tsap 102/tcp #ISO-TSAP Class 0
rtelnet 107/tcp #Remote Telnet Service
pop2 109/tcp postoffice #Post Office Protocol - Version 2
pop3 110/tcp #Post Office Protocol - Version 3
sunrpc 111/tcp rpcbind portmap #SUN Remote Procedure Call
sunrpc 111/udp rpcbind portmap #SUN Remote Procedure Call
auth 113/tcp ident tap #Identification Protocol
uucp-path 117/tcp
sqlserv 118/tcp #SQL Services
nntp 119/tcp usenet #Network News Transfer Protocol
ntp 123/udp #Network Time Protocol
epmap 135/tcp loc-srv #DCE endpoint resolution
epmap 135/udp loc-srv #DCE endpoint resolution
netbios-ns 137/tcp nbname #NETBIOS Name Service
netbios-ns 137/udp nbname #NETBIOS Name Service
netbios-dgm 138/udp nbdatagram #NETBIOS Datagram Service
netbios-ssn 139/tcp nbsession #NETBIOS Session Service
imap 143/tcp imap4 #Internet Message Access Protocol
sql-net 150/tcp
sqlsrv 156/tcp
pcmail-srv 158/tcp #PCMail Server
snmp 161/udp #SNMP
snmptrap 162/udp snmp-trap #SNMP trap
print-srv 170/tcp #Network PostScript
bgp 179/tcp #Border Gateway Protocol
irc 194/tcp #Internet Relay Chat Protocol
ipx 213/udp #IPX over IP
rtsps 322/tcp
rtsps 322/udp
mftp 349/tcp
mftp 349/udp
ldap 389/tcp #Lightweight Directory Access Protocol
https 443/tcp MCom #HTTP over TLS/SSL
https 443/udp MCom #HTTP over TLS/SSL
microsoft-ds 445/tcp
microsoft-ds 445/udp
kpasswd 464/tcp # Kerberos (v5)
kpasswd 464/udp # Kerberos (v5)
isakmp 500/udp ike #Internet Key Exchange
crs 507/tcp #Content Replication System
crs 507/udp #Content Replication System
exec 512/tcp #Remote Process Execution
biff 512/udp comsat
login 513/tcp #Remote Login
who 513/udp whod
cmd 514/tcp shell
syslog 514/udp
printer 515/tcp spooler
talk 517/udp
ntalk 518/udp
efs 520/tcp #Extended File Name Server
router 520/udp route routed
ulp 522/tcp
ulp 522/udp
timed 525/udp timeserver
tempo 526/tcp newdate
irc-serv 529/tcp
irc-serv 529/udp
courier 530/tcp rpc
conference 531/tcp chat
netnews 532/tcp readnews
netwall 533/udp #For emergency broadcasts
uucp 540/tcp uucpd
klogin 543/tcp #Kerberos login
kshell 544/tcp krcmd #Kerberos remote shell
dhcpv6-client 546/tcp #DHCPv6 Client
dhcpv6-client 546/udp #DHCPv6 Client
dhcpv6-server 547/tcp #DHCPv6 Server
dhcpv6-server 547/udp #DHCPv6 Server
afpovertcp 548/tcp #AFP over TCP
afpovertcp 548/udp #AFP over TCP
new-rwho 550/udp new-who
rtsp 554/tcp #Real Time Stream Control Protocol
rtsp 554/udp #Real Time Stream Control Protocol
remotefs 556/tcp rfs rfs_server
rmonitor 560/udp rmonitord
monitor 561/udp
nntps 563/tcp snntp #NNTP over TLS/SSL
nntps 563/udp snntp #NNTP over TLS/SSL
whoami 565/tcp
whoami 565/udp
ms-shuttle 568/tcp #Microsoft shuttle
ms-shuttle 568/udp #Microsoft shuttle
ms-rome 569/tcp #Microsoft rome
ms-rome 569/udp #Microsoft rome
http-rpc-epmap 593/tcp #HTTP RPC Ep Map
http-rpc-epmap 593/udp #HTTP RPC Ep Map
hmmp-ind 612/tcp #HMMP Indication
hmmp-ind 612/udp #HMMP Indication
hmmp-op 613/tcp #HMMP Operation
hmmp-op 613/udp #HMMP Operation
ldaps 636/tcp sldap #LDAP over TLS/SSL
doom 666/tcp #Doom Id Software
doom 666/udp #Doom Id Software
msexch-routing 691/tcp #MS Exchange Routing
msexch-routing 691/udp #MS Exchange Routing
kerberos-adm 749/tcp #Kerberos administration
kerberos-adm 749/udp #Kerberos administration
kerberos-iv 750/udp #Kerberos version IV
mdbs_daemon 800/tcp
mdbs_daemon 800/udp
ftps-data 989/tcp #FTP data, over TLS/SSL
ftps 990/tcp #FTP control, over TLS/SSL
telnets 992/tcp #Telnet protocol over TLS/SSL
imaps 993/tcp #IMAP4 protocol over TLS/SSL
ircs 994/tcp #IRC protocol over TLS/SSL
pop3s 995/tcp spop3 #pop3 protocol over TLS/SSL (was spop3)
pop3s 995/udp spop3 #pop3 protocol over TLS/SSL (was spop3)
kpop 1109/tcp #Kerberos POP
nfsd-status 1110/tcp #Cluster status info
nfsd-keepalive 1110/udp #Client status info
nfa 1155/tcp #Network File Access
nfa 1155/udp #Network File Access
activesync 1034/tcp #ActiveSync Notifications
phone 1167/udp #Conference calling
opsmgr 1270/tcp #Microsoft Operations Manager
opsmgr 1270/udp #Microsoft Operations Manager
ms-sql-s 1433/tcp #Microsoft-SQL-Server
ms-sql-s 1433/udp #Microsoft-SQL-Server
ms-sql-m 1434/tcp #Microsoft-SQL-Monitor
ms-sql-m 1434/udp #Microsoft-SQL-Monitor
ms-sna-server 1477/tcp
ms-sna-server 1477/udp
ms-sna-base 1478/tcp
ms-sna-base 1478/udp
wins 1512/tcp #Microsoft Windows Internet Name Service
wins 1512/udp #Microsoft Windows Internet Name Service
ingreslock 1524/tcp ingres
stt 1607/tcp
stt 1607/udp
l2tp 1701/udp #Layer Two Tunneling Protocol
pptconference 1711/tcp
pptconference 1711/udp
pptp 1723/tcp #Point-to-point tunnelling protocol
msiccp 1731/tcp
msiccp 1731/udp
remote-winsock 1745/tcp
remote-winsock 1745/udp
ms-streaming 1755/tcp
ms-streaming 1755/udp
msmq 1801/tcp #Microsoft Message Queue
msmq 1801/udp #Microsoft Message Queue
radius 1812/udp #RADIUS authentication protocol
radacct 1813/udp #RADIUS accounting protocol
msnp 1863/tcp
msnp 1863/udp
ssdp 1900/tcp
ssdp 1900/udp
close-combat 1944/tcp
close-combat 1944/udp
nfsd 2049/udp nfs #NFS server
knetd 2053/tcp #Kerberos de-multiplexor
mzap 2106/tcp #Multicast-Scope Zone Announcement Protocol
mzap 2106/udp #Multicast-Scope Zone Announcement Protocol
qwave 2177/tcp #QWAVE
qwave 2177/udp #QWAVE Experiment Port
directplay 2234/tcp #DirectPlay
directplay 2234/udp #DirectPlay
ms-olap3 2382/tcp #Microsoft OLAP 3
ms-olap3 2382/udp #Microsoft OLAP 3
ms-olap4 2383/tcp #Microsoft OLAP 4
ms-olap4 2383/udp #Microsoft OLAP 4
ms-olap1 2393/tcp #Microsoft OLAP 1
ms-olap1 2393/udp #Microsoft OLAP 1
ms-olap2 2394/tcp #Microsoft OLAP 2
ms-olap2 2394/udp #Microsoft OLAP 2
ms-theater 2460/tcp
ms-theater 2460/udp
wlbs 2504/tcp #Microsoft Windows Load Balancing Server
wlbs 2504/udp #Microsoft Windows Load Balancing Server
ms-v-worlds 2525/tcp #Microsoft V-Worlds
ms-v-worlds 2525/udp #Microsoft V-Worlds
sms-rcinfo 2701/tcp #SMS RCINFO
sms-rcinfo 2701/udp #SMS RCINFO
sms-xfer 2702/tcp #SMS XFER
sms-xfer 2702/udp #SMS XFER
sms-chat 2703/tcp #SMS CHAT
sms-chat 2703/udp #SMS CHAT
sms-remctrl 2704/tcp #SMS REMCTRL
sms-remctrl 2704/udp #SMS REMCTRL
msolap-ptp2 2725/tcp #MSOLAP PTP2
msolap-ptp2 2725/udp #MSOLAP PTP2
icslap 2869/tcp
icslap 2869/udp
cifs 3020/tcp
cifs 3020/udp
xbox 3074/tcp #Microsoft Xbox game port
xbox 3074/udp #Microsoft Xbox game port
ms-dotnetster 3126/tcp #Microsoft .NET ster port
ms-dotnetster 3126/udp #Microsoft .NET ster port
ms-rule-engine 3132/tcp #Microsoft Business Rule Engine Update Service
ms-rule-engine 3132/udp #Microsoft Business Rule Engine Update Service
msft-gc 3268/tcp #Microsoft Global Catalog
msft-gc 3268/udp #Microsoft Global Catalog
msft-gc-ssl 3269/tcp #Microsoft Global Catalog with LDAP/SSL
msft-gc-ssl 3269/udp #Microsoft Global Catalog with LDAP/SSL
ms-cluster-net 3343/tcp #Microsoft Cluster Net
ms-cluster-net 3343/udp #Microsoft Cluster Net
ms-wbt-server 3389/tcp #MS WBT Server
ms-wbt-server 3389/udp #MS WBT Server
ms-la 3535/tcp #Microsoft Class Server
ms-la 3535/udp #Microsoft Class Server
pnrp-port 3540/tcp #PNRP User Port
pnrp-port 3540/udp #PNRP User Port
teredo 3544/tcp #Teredo Port
teredo 3544/udp #Teredo Port
p2pgroup 3587/tcp #Peer to Peer Grouping
p2pgroup 3587/udp #Peer to Peer Grouping
upnp-discovery 3702/tcp #UPNP v2 Discovery
dvcprov-port 3776/tcp #Device Provisioning Port
dvcprov-port 3776/udp #Device Provisioning Port
msfw-control 3847/tcp #Microsoft Firewall Control
msdts1 3882/tcp #DTS Service Port
sdp-portmapper 3935/tcp #SDP Port Mapper Protocol
sdp-portmapper 3935/udp #SDP Port Mapper Protocol
net-device 4350/tcp #Net Device
net-device 4350/udp #Net Device
ipsec-msft 4500/tcp #Microsoft IPsec NAT-T
ipsec-msft 4500/udp #Microsoft IPsec NAT-T
llmnr 5355/tcp #LLMNR
llmnr 5355/udp #LLMNR
rrac 5678/tcp #Remote Replication Agent Connection
rrac 5678/udp #Remote Replication Agent Connection
dccm 5679/tcp #Direct Cable Connect Manager
dccm 5679/udp #Direct Cable Connect Manager
ms-licensing 5720/tcp #Microsoft Licensing
ms-licensing 5720/udp #Microsoft Licensing
directplay8 6073/tcp #DirectPlay8
directplay8 6073/udp #DirectPlay8
man 9535/tcp #Remote Man Server
rasadv 9753/tcp
rasadv 9753/udp
imip-channels 11320/tcp #IMIP Channels Port
imip-channels 11320/udp #IMIP Channels Port
directplaysrvr 47624/tcp #Direct Play Server
directplaysrvr 47624/udp #Direct Play Server
sql6 7210/tcp
sapdbni72 7269/tcp
Copyright (c) 1993-2004 Microsoft Corp.
This file contains port numbers for well-known services defined by IANA
Format:
<service name> <port number>/<protocol> [aliases...] [#<comment>]
echo 7/tcp
echo 7/udp
discard 9/tcp sink null
discard 9/udp sink null
systat 11/tcp users #Active users
systat 11/udp users #Active users
daytime 13/tcp
daytime 13/udp
qotd 17/tcp quote #Quote of the day
qotd 17/udp quote #Quote of the day
chargen 19/tcp ttytst source #Character generator
chargen 19/udp ttytst source #Character generator
ftp-data 20/tcp #FTP, data
ftp 21/tcp #FTP. control
ssh 22/tcp #SSH Remote Login Protocol
telnet 23/tcp
smtp 25/tcp mail #Simple Mail Transfer Protocol
time 37/tcp timserver
time 37/udp timserver
rlp 39/udp resource #Resource Location Protocol
nameserver 42/tcp name #Host Name Server
nameserver 42/udp name #Host Name Server
nicname 43/tcp whois
domain 53/tcp #Domain Name Server
domain 53/udp #Domain Name Server
bootps 67/udp dhcps #Bootstrap Protocol Server
bootpc 68/udp dhcpc #Bootstrap Protocol Client
tftp 69/udp #Trivial File Transfer
gopher 70/tcp
finger 79/tcp
http 80/tcp www www-http #World Wide Web
hosts2-ns 81/tcp #HOSTS2 Name Server
hosts2-ns 81/udp #HOSTS2 Name Server
kerberos 88/tcp krb5 kerberos-sec #Kerberos
kerberos 88/udp krb5 kerberos-sec #Kerberos
hostname 101/tcp hostnames #NIC Host Name Server
iso-tsap 102/tcp #ISO-TSAP Class 0
rtelnet 107/tcp #Remote Telnet Service
pop2 109/tcp postoffice #Post Office Protocol - Version 2
pop3 110/tcp #Post Office Protocol - Version 3
sunrpc 111/tcp rpcbind portmap #SUN Remote Procedure Call
sunrpc 111/udp rpcbind portmap #SUN Remote Procedure Call
auth 113/tcp ident tap #Identification Protocol
uucp-path 117/tcp
sqlserv 118/tcp #SQL Services
nntp 119/tcp usenet #Network News Transfer Protocol
ntp 123/udp #Network Time Protocol
epmap 135/tcp loc-srv #DCE endpoint resolution
epmap 135/udp loc-srv #DCE endpoint resolution
netbios-ns 137/tcp nbname #NETBIOS Name Service
netbios-ns 137/udp nbname #NETBIOS Name Service
netbios-dgm 138/udp nbdatagram #NETBIOS Datagram Service
netbios-ssn 139/tcp nbsession #NETBIOS Session Service
imap 143/tcp imap4 #Internet Message Access Protocol
sql-net 150/tcp
sqlsrv 156/tcp
pcmail-srv 158/tcp #PCMail Server
snmp 161/udp #SNMP
snmptrap 162/udp snmp-trap #SNMP trap
print-srv 170/tcp #Network PostScript
bgp 179/tcp #Border Gateway Protocol
irc 194/tcp #Internet Relay Chat Protocol
ipx 213/udp #IPX over IP
rtsps 322/tcp
rtsps 322/udp
mftp 349/tcp
mftp 349/udp
ldap 389/tcp #Lightweight Directory Access Protocol
https 443/tcp MCom #HTTP over TLS/SSL
https 443/udp MCom #HTTP over TLS/SSL
microsoft-ds 445/tcp
microsoft-ds 445/udp
kpasswd 464/tcp # Kerberos (v5)
kpasswd 464/udp # Kerberos (v5)
isakmp 500/udp ike #Internet Key Exchange
crs 507/tcp #Content Replication System
crs 507/udp #Content Replication System
exec 512/tcp #Remote Process Execution
biff 512/udp comsat
login 513/tcp #Remote Login
who 513/udp whod
cmd 514/tcp shell
syslog 514/udp
printer 515/tcp spooler
talk 517/udp
ntalk 518/udp
efs 520/tcp #Extended File Name Server
router 520/udp route routed
ulp 522/tcp
ulp 522/udp
timed 525/udp timeserver
tempo 526/tcp newdate
irc-serv 529/tcp
irc-serv 529/udp
courier 530/tcp rpc
conference 531/tcp chat
netnews 532/tcp readnews
netwall 533/udp #For emergency broadcasts
uucp 540/tcp uucpd
klogin 543/tcp #Kerberos login
kshell 544/tcp krcmd #Kerberos remote shell
dhcpv6-client 546/tcp #DHCPv6 Client
dhcpv6-client 546/udp #DHCPv6 Client
dhcpv6-server 547/tcp #DHCPv6 Server
dhcpv6-server 547/udp #DHCPv6 Server
afpovertcp 548/tcp #AFP over TCP
afpovertcp 548/udp #AFP over TCP
new-rwho 550/udp new-who
rtsp 554/tcp #Real Time Stream Control Protocol
rtsp 554/udp #Real Time Stream Control Protocol
remotefs 556/tcp rfs rfs_server
rmonitor 560/udp rmonitord
monitor 561/udp
nntps 563/tcp snntp #NNTP over TLS/SSL
nntps 563/udp snntp #NNTP over TLS/SSL
whoami 565/tcp
whoami 565/udp
ms-shuttle 568/tcp #Microsoft shuttle
ms-shuttle 568/udp #Microsoft shuttle
ms-rome 569/tcp #Microsoft rome
ms-rome 569/udp #Microsoft rome
http-rpc-epmap 593/tcp #HTTP RPC Ep Map
http-rpc-epmap 593/udp #HTTP RPC Ep Map
hmmp-ind 612/tcp #HMMP Indication
hmmp-ind 612/udp #HMMP Indication
hmmp-op 613/tcp #HMMP Operation
hmmp-op 613/udp #HMMP Operation
ldaps 636/tcp sldap #LDAP over TLS/SSL
doom 666/tcp #Doom Id Software
doom 666/udp #Doom Id Software
msexch-routing 691/tcp #MS Exchange Routing
msexch-routing 691/udp #MS Exchange Routing
kerberos-adm 749/tcp #Kerberos administration
kerberos-adm 749/udp #Kerberos administration
kerberos-iv 750/udp #Kerberos version IV
mdbs_daemon 800/tcp
mdbs_daemon 800/udp
ftps-data 989/tcp #FTP data, over TLS/SSL
ftps 990/tcp #FTP control, over TLS/SSL
telnets 992/tcp #Telnet protocol over TLS/SSL
imaps 993/tcp #IMAP4 protocol over TLS/SSL
ircs 994/tcp #IRC protocol over TLS/SSL
pop3s 995/tcp spop3 #pop3 protocol over TLS/SSL (was spop3)
pop3s 995/udp spop3 #pop3 protocol over TLS/SSL (was spop3)
kpop 1109/tcp #Kerberos POP
nfsd-status 1110/tcp #Cluster status info
nfsd-keepalive 1110/udp #Client status info
nfa 1155/tcp #Network File Access
nfa 1155/udp #Network File Access
activesync 1034/tcp #ActiveSync Notifications
phone 1167/udp #Conference calling
opsmgr 1270/tcp #Microsoft Operations Manager
opsmgr 1270/udp #Microsoft Operations Manager
ms-sql-s 1433/tcp #Microsoft-SQL-Server
ms-sql-s 1433/udp #Microsoft-SQL-Server
ms-sql-m 1434/tcp #Microsoft-SQL-Monitor
ms-sql-m 1434/udp #Microsoft-SQL-Monitor
ms-sna-server 1477/tcp
ms-sna-server 1477/udp
ms-sna-base 1478/tcp
ms-sna-base 1478/udp
wins 1512/tcp #Microsoft Windows Internet Name Service
wins 1512/udp #Microsoft Windows Internet Name Service
ingreslock 1524/tcp ingres
stt 1607/tcp
stt 1607/udp
l2tp 1701/udp #Layer Two Tunneling Protocol
pptconference 1711/tcp
pptconference 1711/udp
pptp 1723/tcp #Point-to-point tunnelling protocol
msiccp 1731/tcp
msiccp 1731/udp
remote-winsock 1745/tcp
remote-winsock 1745/udp
ms-streaming 1755/tcp
ms-streaming 1755/udp
msmq 1801/tcp #Microsoft Message Queue
msmq 1801/udp #Microsoft Message Queue
radius 1812/udp #RADIUS authentication protocol
radacct 1813/udp #RADIUS accounting protocol
msnp 1863/tcp
msnp 1863/udp
ssdp 1900/tcp
ssdp 1900/udp
close-combat 1944/tcp
close-combat 1944/udp
nfsd 2049/udp nfs #NFS server
knetd 2053/tcp #Kerberos de-multiplexor
mzap 2106/tcp #Multicast-Scope Zone Announcement Protocol
mzap 2106/udp #Multicast-Scope Zone Announcement Protocol
qwave 2177/tcp #QWAVE
qwave 2177/udp #QWAVE Experiment Port
directplay 2234/tcp #DirectPlay
directplay 2234/udp #DirectPlay
ms-olap3 2382/tcp #Microsoft OLAP 3
ms-olap3 2382/udp #Microsoft OLAP 3
ms-olap4 2383/tcp #Microsoft OLAP 4
ms-olap4 2383/udp #Microsoft OLAP 4
ms-olap1 2393/tcp #Microsoft OLAP 1
ms-olap1 2393/udp #Microsoft OLAP 1
ms-olap2 2394/tcp #Microsoft OLAP 2
ms-olap2 2394/udp #Microsoft OLAP 2
ms-theater 2460/tcp
ms-theater 2460/udp
wlbs 2504/tcp #Microsoft Windows Load Balancing Server
wlbs 2504/udp #Microsoft Windows Load Balancing Server
ms-v-worlds 2525/tcp #Microsoft V-Worlds
ms-v-worlds 2525/udp #Microsoft V-Worlds
sms-rcinfo 2701/tcp #SMS RCINFO
sms-rcinfo 2701/udp #SMS RCINFO
sms-xfer 2702/tcp #SMS XFER
sms-xfer 2702/udp #SMS XFER
sms-chat 2703/tcp #SMS CHAT
sms-chat 2703/udp #SMS CHAT
sms-remctrl 2704/tcp #SMS REMCTRL
sms-remctrl 2704/udp #SMS REMCTRL
msolap-ptp2 2725/tcp #MSOLAP PTP2
msolap-ptp2 2725/udp #MSOLAP PTP2
icslap 2869/tcp
icslap 2869/udp
cifs 3020/tcp
cifs 3020/udp
xbox 3074/tcp #Microsoft Xbox game port
xbox 3074/udp #Microsoft Xbox game port
ms-dotnetster 3126/tcp #Microsoft .NET ster port
ms-dotnetster 3126/udp #Microsoft .NET ster port
ms-rule-engine 3132/tcp #Microsoft Business Rule Engine Update Service
ms-rule-engine 3132/udp #Microsoft Business Rule Engine Update Service
msft-gc 3268/tcp #Microsoft Global Catalog
msft-gc 3268/udp #Microsoft Global Catalog
msft-gc-ssl 3269/tcp #Microsoft Global Catalog with LDAP/SSL
msft-gc-ssl 3269/udp #Microsoft Global Catalog with LDAP/SSL
ms-cluster-net 3343/tcp #Microsoft Cluster Net
ms-cluster-net 3343/udp #Microsoft Cluster Net
ms-wbt-server 3389/tcp #MS WBT Server
ms-wbt-server 3389/udp #MS WBT Server
ms-la 3535/tcp #Microsoft Class Server
ms-la 3535/udp #Microsoft Class Server
pnrp-port 3540/tcp #PNRP User Port
pnrp-port 3540/udp #PNRP User Port
teredo 3544/tcp #Teredo Port
teredo 3544/udp #Teredo Port
p2pgroup 3587/tcp #Peer to Peer Grouping
p2pgroup 3587/udp #Peer to Peer Grouping
upnp-discovery 3702/tcp #UPNP v2 Discovery
dvcprov-port 3776/tcp #Device Provisioning Port
dvcprov-port 3776/udp #Device Provisioning Port
msfw-control 3847/tcp #Microsoft Firewall Control
msdts1 3882/tcp #DTS Service Port
sdp-portmapper 3935/tcp #SDP Port Mapper Protocol
sdp-portmapper 3935/udp #SDP Port Mapper Protocol
net-device 4350/tcp #Net Device
net-device 4350/udp #Net Device
ipsec-msft 4500/tcp #Microsoft IPsec NAT-T
ipsec-msft 4500/udp #Microsoft IPsec NAT-T
llmnr 5355/tcp #LLMNR
llmnr 5355/udp #LLMNR
rrac 5678/tcp #Remote Replication Agent Connection
rrac 5678/udp #Remote Replication Agent Connection
dccm 5679/tcp #Direct Cable Connect Manager
dccm 5679/udp #Direct Cable Connect Manager
ms-licensing 5720/tcp #Microsoft Licensing
ms-licensing 5720/udp #Microsoft Licensing
directplay8 6073/tcp #DirectPlay8
directplay8 6073/udp #DirectPlay8
man 9535/tcp #Remote Man Server
rasadv 9753/tcp
rasadv 9753/udp
imip-channels 11320/tcp #IMIP Channels Port
imip-channels 11320/udp #IMIP Channels Port
directplaysrvr 47624/tcp #Direct Play Server
directplaysrvr 47624/udp #Direct Play Server
sql6 7210/tcp
sapdbni72 7269/tcp
sapdp00 3200/tcp
sapdp01 3201/tcp
sapdp02 3202/tcp
sapdp03 3203/tcp
sapdp04 3204/tcp
sapdp05 3205/tcp
sapdp06 3206/tcp
sapdp07 3207/tcp
sapdp08 3208/tcp
sapdp09 3209/tcp
sapdp10 3210/tcp
sapdp11 3211/tcp
sapdp12 3212/tcp
sapdp13 3213/tcp
sapdp14 3214/tcp
sapdp15 3215/tcp
sapdp16 3216/tcp
sapdp17 3217/tcp
sapdp18 3218/tcp
sapdp19 3219/tcp
sapdp20 3220/tcp
sapdp21 3221/tcp
sapdp22 3222/tcp
sapdp23 3223/tcp
sapdp24 3224/tcp
sapdp25 3225/tcp
sapdp26 3226/tcp
sapdp27 3227/tcp
sapdp28 3228/tcp
sapdp29 3229/tcp
sapdp30 3230/tcp
sapdp31 3231/tcp
sapdp32 3232/tcp
sapdp33 3233/tcp
sapdp34 3234/tcp
sapdp35 3235/tcp
sapdp36 3236/tcp
sapdp37 3237/tcp
sapdp38 3238/tcp
sapdp39 3239/tcp
sapdp40 3240/tcp
sapdp41 3241/tcp
sapdp42 3242/tcp
sapdp43 3243/tcp
sapdp44 3244/tcp
sapdp45 3245/tcp
sapdp46 3246/tcp
sapdp47 3247/tcp
sapdp48 3248/tcp
sapdp49 3249/tcp
sapdp50 3250/tcp
sapdp51 3251/tcp
sapdp52 3252/tcp
sapdp53 3253/tcp
sapdp54 3254/tcp
sapdp55 3255/tcp
sapdp56 3256/tcp
sapdp57 3257/tcp
sapdp58 3258/tcp
sapdp59 3259/tcp
sapdp60 3260/tcp
sapdp61 3261/tcp
sapdp62 3262/tcp
sapdp63 3263/tcp
sapdp64 3264/tcp
sapdp65 3265/tcp
sapdp66 3266/tcp
sapdp67 3267/tcp
sapdp68 3268/tcp
sapdp69 3269/tcp
sapdp70 3270/tcp
sapdp71 3271/tcp
sapdp72 3272/tcp
sapdp73 3273/tcp
sapdp74 3274/tcp
sapdp75 3275/tcp
sapdp76 3276/tcp
sapdp77 3277/tcp
sapdp78 3278/tcp
sapdp79 3279/tcp
sapdp80 3280/tcp
sapdp81 3281/tcp
sapdp82 3282/tcp
sapdp83 3283/tcp
sapdp84 3284/tcp
sapdp85 3285/tcp
sapdp86 3286/tcp
sapdp87 3287/tcp
sapdp88 3288/tcp
sapdp89 3289/tcp
sapdp90 3290/tcp
sapdp91 3291/tcp
sapdp92 3292/tcp
sapdp93 3293/tcp
sapdp94 3294/tcp
sapdp95 3295/tcp
sapdp96 3296/tcp
sapdp97 3297/tcp
sapdp98 3298/tcp
sapdp99 3299/tcp
sapgw00 3300/tcp
sapgw01 3301/tcp
sapgw02 3302/tcp
sapgw03 3303/tcp
sapgw04 3304/tcp
sapgw05 3305/tcp
sapgw06 3306/tcp
sapgw07 3307/tcp
sapgw08 3308/tcp
sapgw09 3309/tcp
sapgw10 3310/tcp
sapgw11 3311/tcp
sapgw12 3312/tcp
sapgw13 3313/tcp
sapgw14 3314/tcp
sapgw15 3315/tcp
sapgw16 3316/tcp
sapgw17 3317/tcp
sapgw18 3318/tcp
sapgw19 3319/tcp
sapgw20 3320/tcp
sapgw21 3321/tcp
sapgw22 3322/tcp
sapgw23 3323/tcp
sapgw24 3324/tcp
sapgw25 3325/tcp
sapgw26 3326/tcp
sapgw27 3327/tcp
sapgw28 3328/tcp
sapgw29 3329/tcp
sapgw30 3330/tcp
sapgw31 3331/tcp
sapgw32 3332/tcp
sapgw33 3333/tcp
sapgw34 3334/tcp
sapgw35 3335/tcp
sapgw36 3336/tcp
sapgw37 3337/tcp
sapgw38 3338/tcp
sapgw39 3339/tcp
sapgw40 3340/tcp
sapgw41 3341/tcp
sapgw42 3342/tcp
sapgw43 3343/tcp
sapgw44 3344/tcp
sapgw45 3345/tcp
sapgw46 3346/tcp
sapgw47 3347/tcp
sapgw48 3348/tcp
sapgw49 3349/tcp
sapgw50 3350/tcp
sapgw51 3351/tcp
sapgw52 3352/tcp
sapgw53 3353/tcp
sapgw54 3354/tcp
sapgw55 3355/tcp
sapgw56 3356/tcp
sapgw57 3357/tcp
sapgw58 3358/tcp
sapgw59 3359/tcp
sapgw60 3360/tcp
sapgw61 3361/tcp
sapgw62 3362/tcp
sapgw63 3363/tcp
sapgw64 3364/tcp
sapgw65 3365/tcp
sapgw66 3366/tcp
sapgw67 3367/tcp
sapgw68 3368/tcp
sapgw69 3369/tcp
sapgw70 3370/tcp
sapgw71 3371/tcp
sapgw72 3372/tcp
sapgw73 3373/tcp
sapgw74 3374/tcp
sapgw75 3375/tcp
sapgw76 3376/tcp
sapgw77 3377/tcp
sapgw78 3378/tcp
sapgw79 3379/tcp
sapgw80 3380/tcp
sapgw81 3381/tcp
sapgw82 3382/tcp

Hi,
I had the same problem, but i didn't get any answer in that forum.
I deinstalled the SAP Software (regard the end of the threat
https://forums.sdn.sap.com/click.jspa?searchID=22036513&messageID=6625975) and then I installed the software again. Then the system ran and i didn't have any more problems with the message server.
I didn't installed the MS Loopback Adapter, because i am connected to a network.
Best regards,
Günther Klee

Messages Server doesn't allow login of any user

I've tried setting up a messages server on two different networks and have yet to be able to get a running messages server. Everything feels as though it setup correctly, but when I try to connect a user to the server, it continuosly says the password is incorrect. Below are my settings.
Jabber Setting
jabber:state = "RUNNING"
jabber:roomsState = "RUNNING"
jabber:logPaths:PROXY_LOG = "/private/var/jabberd/log/proxy65.log"
jabber:logPaths:MUC_STD_LOG = "/var/log/system.log"
jabber:logPaths:JABBER_LOG = "/var/log/system.log"
jabber:proxyState = "RUNNING"
jabber:currentConnections = "0"
jabber:currentConnectionsPort1 = "0"
jabber:currentConnectionsPort2 = "0"
jabber:pluginVersion = "10.8.200"
jabber:servicePortsAreRestricted = "NO"
jabber:servicePortsRestrictionInfo = _empty_array
jabber:hostsCommaDelimitedString = "harpy.dev"
jabber:hosts:_array_index:0 = "harpy.dev"
jabber:setStateVersion = 1
jabber:startedTime = "2012-12-14 01:42:13 +0000"
jabber:readWriteSettingsVersion = 1
Jabber Status
jabber:dataLocation = "/Library/Server/Messages"
jabber:s2sRestrictDomains = no
jabber:jabberdDatabasePath = "/Library/Server/Messages/Data/sqlite/jabberd2.db"
jabber:sslCAFile = "/etc/certificates/harpy.dev.23D54969CF2AA8202E22679C3DD926225476B021.chain.pem "
jabber:jabberdClientPortTLS = 5222
jabber:sslKeyFile = "/etc/certificates/harpy.dev.23D54969CF2AA8202E22679C3DD926225476B021.concat.pe m"
jabber:initialized = yes
jabber:enableXMPP = yes
jabber:savedChatsArchiveInterval = 7
jabber:authLevel = "STANDARD"
jabber:hostsCommaDelimitedString = "harpy.dev"
jabber:jabberdClientPortSSL = 5223
jabber:requireSecureS2S = yes
jabber:savedChatsLocation = "/Library/Server/Messages/Data/message_archives"
jabber:enableSavedChats = yes
jabber:enableAutoBuddy = no
jabber:s2sAllowedDomains:_array_index:0 = "harpy.dev"
jabber:logLevel = "ALL"
jabber:hosts:_array_index:0 = "harpy.dev"
jabber:eventLogArchiveInterval = 7
jabber:jabberdS2SPort = 5269
$>> scutil --get HostNamee
harpy.dev
System.log
Dec 13 18:43:55 harpy.dev jabberd/c2s[1975]: [8] [::ffff:192.168.7.23, port=50163] connect
Dec 13 18:43:55 harpy.dev jabberd/c2s[1975]: [8] [::ffff:192.168.7.23 port=50163] disconnect jid=unbound, packets: 0

Thank you a lot.
I could fix the problem.
stop the jabber server (sudo serveradmin stop jabber)
The entry in part <local> in /Library/Server/Messages/Config/jabberd/sm.xml was like
<id>domain.local</id>
I changed it to the real local domain of the server like
<id>server.domain.lan</id>
started the server and it works now
(sudo serveradmin start jabber)

RE: 1) Changing name and IP address of an AIX 4.2 Server 2)Using NAT

Daniel,
you (normaly) just have to :
1) edit the $FORTE_ROOT/fortedef.sh fileand change the value of variable
FORTE_NS_ADDRESS
2) shutdown and restart forte environment
3) put the new values in the control panel of the client and run !
It worked on our site with the same configuration (Aix 4.2)
Good luck
De : Daniel[SMTP:[email protected]]
Répondre à : Daniel
Date : vendredi 18 juin 1999 13:08
A : [email protected]
Cc : Jose Ignacio
Objet : 1) Changing name and IP address of an AIX 4.2 Server 2)
Using NAT to reach forte
Hello Forte Users :
 I have 2 questions to make:
 1)
 I've installed a Forte Server Central Node (Release 3.0.F.2) in an
IBM RS/6000 with OS AIX 4.2
 (The name of the server is Name_1 and the IP address is
125.125.50.50 with mask 255.255.255.0)
 Nowadays we had to change the name and IP address of this server
lets say to Name_2 and 125.125.60.60 with mask 255.255.255.0.
 After that we try to find any reference to old name and IP address
in the forte directory and all of its subdirectories changing them to
the new ones.
 After these changes we found than forte could'nt start the nodemgr
server.
 We have too many reasons to avoid installing FORTE again.
 Does anybody know if I have to change anything more to make
nodemgr server work.
 2)
 The second question is about NAT (Network Address Translation).
 To reach a Forte Server Central Node from a Forte Client we have
to pass through a Firewall and NAT.
 We are researching and at this moment we can not reach the server
from the client, has anybody any suggestion to correctly configure
Forte (Client and Server) to use NAT between them.
 If anyone could help me I would be very pleased.
 Thank you very much in advance,
 Daniel GonzáLucas (EAM Sistemas Informáticos SL, Spain,
e-mail: [email protected])
To unsubscribe, email '[email protected]' with
'unsubscribe forte-users' as the body of the message.
Searchable thread archive <URL:http://pinehurst.sageit.com/listarchive/>

>> 15 Mins is not enough for completely the replication.
>> use repadmin /syncall /aEpd - for force replication.
>> Wait 3 hrs minimum.
Regards,
Biswajit
MCTS, MCP 2003,MCSA 2003, MCSA:M 2003, CCNA, Enterprise Admin, ITIL F 2011
Blog:
Script Gallary:
LinkedIn:
Note: Disclaimer: This posting is provided & with no warranties or guarantees and confers no rights..

DMVPN Hub and Spoke behind NAT device

Hi All,
I have seen many documents stating about DMVPN Hub behind NAT or DMVPN Spoke behind NAT.
But My case i involve in both situation.
1) HUB have a Load Balancer (2 WAN Link) ISP A & B
2) Spoke have Load Balancer (2 WAN Link) ISP A & B
Now the requirement is Spoke ISP A Tunnel to HUB ISP A. Spoke ISP B tunnel to HUB ISP B
So total of two DMVPN tunnel from spoke to hub, and i will use EIGRP and PBR to select path.
As I know at HUB site, LB must do Static NAT for HUB router IP, so spoke will point to it as tunnel destination address. At spoke LB, i will do policy route to reach HUB ISP A IP via Spoke ISP A link, HUB ISP B IP via Spoke ISP B link.
HUB and Spoke have to create 2 tunnel with two different network ID but using same source interface.
The Tunnel destination IP at spoke router is not directly belongs to HUB router. Its hold by HUB LB , and forwarded to HUB router by Static NAT.
Any problem will face with this setup? Any guide?
Sample config at HUB.
interface Tunnel0
bandwidth 1000
ip address 172.16.1.1 255.255.255.0
ip mtu 1440
ip nhrp authentication cisco123
ip nhrp map multicast dynamic
ip nhrp network-id 1
ip nhrp holdtime 600
delay 1000
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 0
tunnel protection ipsec profile cisco
interface Tunnel1
bandwidth 1000
ip address 172.17.1.1 255.255.255.0
ip mtu 1440
ip nhrp authentication cisco123
ip nhrp map multicast dynamic
ip nhrp network-id 2
ip nhrp holdtime 600
delay 1000
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 1
tunnel protection ipsec profile cisco
Spoke Config
interface Tunnel0
bandwidth 1000
ip address 172.16.1.2 255.255.255.0
ip mtu 1440
ip nhrp authentication cisco123
ip nhrp map 172.16.1.1 199.1.1.1
ip nhrp network-id 1
ip nhrp holdtime 300
ip nhrp nhs 172.16.1.1
delay 1000
tunnel source FastEthernet0/0
tunnel destination 199.1.1.1
tunnel key 0
tunnel protection ipsec profile cisco
interface Tunnel1
bandwidth 1000
ip address 172.17.1.2 255.255.255.0
ip mtu 1440
ip nhrp authentication cisco123
ip nhrp map 172.17.1.1 200.1.1.1
ip nhrp network-id 2
ip nhrp holdtime 300
ip nhrp nhs 172.17.1.1
delay 1500
tunnel source FastEthernet0/0
tunnel destination 200.1.1.1
tunnel key 1
tunnel protection ipsec profile cisco

Hi Marcin,
thanks for your reply. The NAT was set up in a way it was/is just to simulate the spoke to be behind NAT device.
About AH and ESP, you are correct there... this was actually my issue. I should have used pure ESP. At the end, TAC actually assisted me with this. Before I called TAC, i did notice the following. ISAKMP traffic was NATed to 3.3.3.3, as expected. Anything after that, did not work and it has to with NAT and AH. Traffic was no longer NATed so the hub, saw the traffic come from 2.2.2.2 rather than 3.3.3.3, you can also see that in the error message you have pointed out. I also saw it in my packet captures. That caught my eye and i started troubleshooting it. I did not understand that AH can't be NATed, Below is TAC's explanation. All is good now. Thanks
. Essentially, it comes down to the fact that AH will encapsulate the entire IP packet (hence why it is the outermost header) with the exception of a few mutable fields, including the DSCP/ToS, ECN, flags, fragment offset, TTL, and the header checksum. Since the source/destination IP addresses & port numbers are actually protected by the AH integrity checking, this means that a device performing a NAT operation on the packet will alter these IP header fields and effectively cause the hub router to drop the packet due to AH failure.
Conversely, ESP traffic is able to properly traverse NAT because it doesn't include the IP header addresses & ports in its integrity check. In addition, ESP doesn't need to be the outermost header of the packet in order to work, which is why devices will attach an outer UDP/4500 header on the traffic going over NAT."

Client behind NAT

I have been searching for a solution for this issue with all that google knows......
I have my client behind NAT with ip 192.168.27.1
And the server behind NAT with some ip (i am not really worried abt this)
Now I register a client object to server for notification. SImply a hash table in server stores all my client objects. On a expected change, I invoke a method in my client objects.
In this scenario I happened to observer that the client objects sent to server had the client ip (192.168.27.1) inside it and not the NAT ip through which they went out.
So when I went invoke the remote method nothing interestingly happens as the client cannot be located.
I tried creating custom sockets in client and binding it to NAT ip --> obvious bind exception for a ip that is not with client
Setting the NAT ip as java.rmi.hostname in client --> no effect, since still the server is trying to notify (192.16827.1)
Help me to root out this issue. I feel that there must be a solution for this, otherwise RMI it would not have been this much successful.

Hi turing,
thanks for your reply
actually my question is
"maybe if you try using the "real" ip (www,whatismyip.com)
your program will work. "
how to do this in the scenario I explained.
Most of the discussions I saw in this forum are about server behind NAT and resolution approach for it. I can't find an answer for this even in the post you mentioned.
Simply,
When I register a client object in server, how will the server identify the client to notify, when the client is behind NAT.
Will the ip address that the remote object carries will also be NAT'ed. I don't see this happening.

MapVewer Behind NAT

Hi,
I'm using MapViewer and I integrated it with my ADF application. I've generally no problem. I deployed both of them on weblogic server, and they work great. But when I want to have access to my app server (weblogic) from another place behind NAT, MapViewer doesn't work any longer!
My application page (ADF/JSP) works, but the map object (dvt:map) on my page, doesn't render! I think it causes by IP difference. Everything is the same, but just the IP changes behind the NAT.
Because of network back bone, we forced to have another Server IP in client side for Weblogic Server, instead of real Server IP. (e.g. real server IP is 172.18.10.1 but the client machine behind the NAT can see the server by 172.16.2.3)
I want to emphasize that all pages and all other features in my web applications works, and I can see and have access to MapViewer Server from client (behind the NAT) too. But my Map object (dvt:map) on my pages, doesn't render and just show a blank area without any error!
I know, I don't have any problem in accessing to MapViewer server, because I have access to my MapViewer server control panel from client side (behind the NAT) and MapViewer is installed on Weblogic which my Application is installed on. So, my question is if I can work with my application behind the NAT, why I can't see my map on it!

The key is that the NAT-enabled router is the one that will require port mapping/forwarding to be configured. In addition, you don't necessarily need for the Internet router to have a static IP address, but it MUST be a Public IP address. If your HOA controls this router, then most likely, they will NOT be willing to configure it to allow port mapping to your IP camera.

IPlanet Messaging Server -- kill session at browser close

iPlanet Messaging Server 5.2 HotFix 2.09
We found a potential security risk.
When a person loads Messenger Express through the web and closes their browser, another person can come in behind them and resume the previous persons session. This is accomplished by going through the browser history and accessing any of the links that point inside the mail client.
When the browser closes, the session isnt killed. Its only killed/inaccessible if the user times out or clicks log-out. We've tested this on just about any browser we can get our hands on.
Is there a fix/patch/workaround for this? I've combed the documentation and the site and can find nothing.
We are using the product in an University environment and this can be particularly nasty in the labs.
Thanks!

iPlanet Messaging Server 5.2 HotFix 2.09
We found a potential security risk.
When a person loads Messenger Express through the web
and closes their browser, another person can come in
behind them and resume the previous persons session.
This is accomplished by going through the browser
history and accessing any of the links that point
inside the mail client.Yep. that's true. And, it 's not possible to "fix" that. The reason it cannot be fixed, is that http is stateless. The server can't know when you simply close a browser, instead of you still being there.
There is an idletimeout that defaults to 10 minutes.
>
When the browser closes, the session isnt killed. Its
only killed/inaccessible if the user times out or
clicks log-out. We've tested this on just about any
browser we can get our hands on.Right. This is a basic limitation of the http protocol. It's not something we CAN fix.
>
Is there a fix/patch/workaround for this? I've combed
the documentation and the site and can find nothing.
We are using the product in an University environment
and this can be particularly nasty in the labs.You will have to educate your users to log out. That's all I can suggest.
>
Thanks!
ashley

How do can we see the iplanet messaging server statistics?

I need to know how many emails our iplanet messaging server is processing per day/month/year etc and the volume of data that this represents. How can I read the logs? Is there a tool for doing this?
Thanks
Paul

The imap, pop, and http processes have counters, as does the MTA. Check out the manual for the command line utlities for iMS.
As for the MTA logs, the format is documented and thus you can easily write your own tool to parse and report on what you need. I did it years ago and I would share that with you but it has fallen behind in the format and thus needs serious updating.
There is no built in tool to process log files.

L2TP VPN for servers behind NAT

I have two 2012 R2 servers, both behind NAT, which I'm trying to connect via VPN. I have no problem connecting them via PPTP, but when connecting them via L2TP (with shared key for testing), the dialing server never connects to other server.
I assume that the problem is that they're both behind NAT. In Windows Server 2008, you were able to set a registry value to get the L2TP connections to work under NAT, see
http://support.microsoft.com/kb/926179 by setting the environment variable AssumeUDPEncapsulationContextOnSendRule.
I tried using this with the two servers, but it didn't seem to help. Is there some other way to get the L2TP connection for the two 2012 R2 servers working behind NAT?

Hi,
Thanks for your pointer and sorry for replying so late.
I am sorry to say that I haven’t found any documents to ensure whether NAT-T is supported in Windows server 2012 R2 or not. In addition,
VPN servers that are located behind NAT is not recommended. When a server is behind a network address translator, and the server uses NAT-T, unintended behavior might occur because
of the way NAT translate network traffic.
Best regards,
Susie

Messaging Server 4.15 & firewall problems.

I have Messaging Server 4.15 behind a firewall & external mail server in DMZ. My customers strongly don't want to show their internal information in
the mail headers (hosts names, iPlanet Messaging Server name...)
1. Can I change mail server info & can I remove some information (iPlanet Messaging Server version, user host name & ip) from the mail headers?
2. As far as Messaging Server 4.15 is behind a firewall, some mail servers, which check sender's domain name, can't receive my customers mails (they
can't find iPlanet Messaging Server name because it is behind a firewall). How can I solve this problem? Will the change of mail server info in mail headers help me?

Removing such information is generally frowned upon by the community. By altering such information you could prevent mail from being delivered successfully.
As for point 2 even if your hosts are behind a firewall there should be public DNS records for them. It usually can be something generic like h-10.0.0.1.domain.com so that no real information is given away but other hosts on the internet can determine who you are.

With Mountain Lion Server, can users access the Messages Server from outside your network?

I would like to setup a new messaging service between my employees because we have issues with most online services. I'm thinking of getting a Mac Mini Server, so I can run Messages Server, but I have an employee outside my network. Can they login to the server remotely to use the Messages Server?
Thanks

If you're talking about setting up and using the Jabber messaging service provided by OS X server then yes, it's really easy to set up and use in and out of the office. The only trick it is, and also most other services, is a correct DNS setup so you're able to connect and use the server from the "outside".
I use this myself (via Lion server rather than Moutain Lion server) from behind a dynamic IP addressed ADSL line and have no problems whatsoever.

How do I set the mailhost attribute in Messaging Server 3.5?

Intent of the hostname aliases feature: 
In Messaging Server 3.5, the hostname aliases feature is designed to facilitate migrating and co-hosting. For
instance, if you set up all of your sales and marketing users on one Messaging Server, but suspect that you'll
want to split those groups in the future, you can give the sales users the mailhost value sales.company.com and
the marketing users the mailhost value mktg.company.com. This feature can also be used for fast failover if
you want to be able to move a group of users quickly from one Messaging Server to another.

How to use hostname aliases and how to set mailhost and MessageHostName settings: 
Each user's mailhost attribute can have only one value. All users on a single Messaging Server do not need to
have the same mailhost value in the LDAP directory. The user's mailhost value should match one of the
MessageHostName attribute values in netscape.mail.conf. (On Unix, the path to this file is
/etc/netscape.mail.conf. Windows NT users must use Notepad to create this file in
server-root\bin\mail\Server\etc, where server-root is the base directory where your SuiteSpot servers are
installed.)

With Messaging Server 3.5 and later, MessageHostName can have multiple values. Think of hostnames as
colors. Each mail account in the LDAP server has a single color. Each Messaging Server has one or more
colors. A Messaging Server will check an LDAP account's color (mailhost) against its own color(s)
(MessageHostName), and if they match, the server considers the account to be local. 
For example: 
MessageHostName=red.company.com,green.company.com,blue.company.com
 where original-host-name is the machine's real name. This entry must come first as the server uses the first
entry to generate machine specific postmaster forms. The subsequent host names can be any values that you
wish separated by commas that are inside the brackets. Do not place spaces anywhere on the line.

In this example, if the mailhost setting for the user is set for either red.company.com or green.company.com, or
blue.company.com, the server will consider the user to be local. (Hostname aliases must also be configured in
DNS. Please see the DNS section at the end of this technote.) No other Messaging Server should list either
red.company.com or green.company.com or blue.company.com in the MessageHostName field. Mail could
not be delivered properly if either red.company.com or green.company.com or blue.company.com were listed
in any other server's MessageHostName field. A user with a mailhost setting of violet.company.com would not
be considered local to this machine.

Although it is possible with Messaging Server 3.52 to list more than 16 different host names in the
MessageHostName field, it is not recommended because increasing the number of hostnames in this field beyond
16 will have a negative impact on performance. This feature is intended to provide fast failover and/or
migration of users. If users need to be divided up into many smaller groups, the use of some other LDAP
attribute is recommended.

In Messaging Server 3.0, you can associate a server with only one host name. Consequently, all mail accounts
on a given server must have the same mailhost value in the LDAP directory. This should be the name of the
server, i.e. host.company.com

</A>A note about DNS
Hostname aliases must be configured in DNS. This is done with a CNAME record. For example:
A 128.101.101.101
CNAME

Additional MX records are not required to use hostname aliases.

If you aren't sure about how to configure your DNS records, consult the book DNS and Bind by Paul Albitz and
Cricket Liu.

You can find the connection settings in Tools > Options > Advanced : Network : Connection
See "Firefox connection settings":
*[[Firefox cannot load websites but other programs can]]

PI 7.11: Cannot connect to server using message server:...

Hello Guys,
we make the Application Management for a Customer PI System.
Scenario:
- the SAP Gui Connection to the ABAP Stack is routed via SAPRouter and Works fine.
SAP Gui -> our SAP Router -> VPN Box from Customer -> Firewall Customer -> ABAP Stack PI System
- WebAccess its working fine, the Customer use Webdispatcher on every PI Server...
Browser -> VPN Box from Customer -> Firewall Customer -> Java Stack (Port: 5xx00 btw. 81xx (Webdispatcher))
Problem:
Our Problem ist, we can not proceed the Integration Builder or the ESB, the Java Web Start works fine and open the Logon Screen Correctly -> but i fill the Logon Screen with my User name and Password and press Logon come the follwing Error:
"Cannot connect to server using message server: ms://<hostname>.<domain>:8134/P4"
In the Details from the Error Message:
"<hostname>.<domain>:53404 Reason: com.sap.engine.services.rmi_p4.P4IOException:
Cannot open connection to host: <IP-Adress of Central Instance> and Port: 53404"
The Customer says, the Firewall is open with the IP Adresses and P4 Port but i dont think so...
Can everybody help me, or have tips for me! I have checked a lot of OSS Messages (PI High Availabilty etc... its all correct on the System)
Sorry for my bad English
Best Regards,
Markus

Hi Markus,
did you check if the browser is using a proxy? (In this case your scenario unfortunately won't work).
P4-port should generally be routed via a proxy (described in the help.sap.com), but within the PI-Tools(JNLP) the proxy-usage is not implemented. There is even a SAP-note that describes how to check the JavaWebStart-Proxyconfiguration, but this won't help either.
If there is a proxy defined in the browser everything is working fine till you pass the logon-screen but even with the correct "javaws"-settings you won't be able to go on.
(This problem is pretty bad if you do have developers and the SAP-servers seperated because of security issues. I'm hoping that this malfunction will be solved with upcoming patches.)
Solution: Establish a connection without any proxy in between.
E.g.: a terminal server in the same network
It would be helpful to find more people with the same problem to force a fix from SAP for that.
If anyone else is having problems with this, please add a comment to this thread.
Best regards
Christian

Messages server proxy65 behind NAT?

Similar Messages

Maybe you are looking for