Minimal open ports for groupwise to use by vpn

Similar Messages

• Open ports for all in LAN

  Hi, a few days ago I bought a wireless router WRT160n. I want to ask how to open some port for all in LAN(3 clients). For example all in LAN have PeerToPeer application for torrents. I want to open port for example 20202 for all. Now I open port from menu Applications & Gaming->Single Port Forwarding, but I must set port for each user IP address.
  Can somebody tell me how to open port for all in LAN without to config for each computer?
  Thanks in advance.

  Hi gv. I read more about UPnP and the WRT160n User Guide. In section Administration>managment int wrote that UPnP is Enabled by default in my router it is corect. I Setup mu PeerToPeer(eMule) TCP/UDP ports to 20202 and check option "Use UPnP to setup ports". I test and close this port on my router configuration for my computer on "Single Port Forwarding", but in eMule the port is still block. Can you explain why it did not work. For UPnP it says that if Enable it allow users with Windows ME and XP automatically to gonfigure Router ports
  Thanks in advance!
  Best Regards.

• Do I need to open ports for NTP?

  I just noticed that my hwclock was off by nearly 30 seconds. It's almost certainly due to the recent initscripts update.
  As I was looking into resetting the clock, I found out that openntpd is deprecated so I've switched to ntp, configured the daemon, reset the time with ntpd -q, and started the daemon. The time is not accurate again.
  I remember back when I first installed Arch I tried to set up ntp but it didn't seem to work, so I tried openntpd and stuck with that. I reached the conclusion that ntp required open ports, which I felt was unnecessary given that openntpd could do the same thing without open ports.
  Now that I'm looking at it again, I can't find any definitive answer...
  Do I need to open ports for ntp if I only want to sync the system that it's running on?

  ISC ntpd (the ntp package) will open UDP 123 on all your interfaces regardless of what you do with it. It will work anyway even if you block this port in iptables, assuming that you're allowing responses to established traffic as usual - your outbound mobilization requests to your chosen servers will be enough to allow the responses, and the same with further traffic sent for the lifetime of ntpd. Using iptables like this is probably the easiest way to secure ntpd.
  There's also some defense in depth you can do:
  - run ntpd as non-root
  - run it chrooted to some safe directory (really only makes sense when doing non-root as well, since root can break out of a chroot)
  - apply ntpd's built-in access controls (see examples in ntpd.conf, and full docs in ntp_acc(5))
  I accomplish the first two of these by chowning /var/lib/ntp (and any contents) to ntp:ntp (so ntpd can write ntp.drift there when non-root), by using a driftfile path relative to the chroot in ntp.conf, and by setting NTPD_ARGS="-g -i /var/lib/ntp -u ntp:ntp" in /etc/conf.d/ntp-client.conf.
  For the third, I chose to not allow any remote traffic to initiate anything with my ntpd, with this /etc/ntp.conf:
  server ac-ntp0.net.cmu.edu iburst
  server ac-ntp1.net.cmu.edu iburst
  server ac-ntp2.net.cmu.edu iburst
  server ac-ntp3.net.cmu.edu iburst
  server ac-ntp4.net.cmu.edu iburst
  restrict default nomodify nopeer noquery
  restrict 127.0.0.1
  driftfile /ntp.drift
  Note the two "restrict" lines. The first shuts out remote access of most kinds, and the second allows the local machine all the access that would also be denied to it as well otherwise by the first rule. Note also the driftfile path, relative to the chroot of /var/lib/ntp/.
  With all these security features, ISC ntpd can be just as safe as openntpd.
  The use of the "iburst" keyword on the server lines to recover more quickly from out-of-contact conditions is also quite nice, and not rude to the remotes like "burst" would be.
  One of the nicest other features of ISC ntpd is that it's smart enough to notice when network state changes occur, like bringing a VPN up/down, changing routes, or switching from wired to wireless and back. openntpd tended to just lose connections in these cases.

• Do I need to open ports for my services if I am connecting through VPN

  Hi,
  I work in a small office and we are trying to connect people remotely to our server through VPN.
  Using the Server App I managed to make VPN work and successfully connected to our file share points, so that means file sharing worked without opening ports for afp on my Airport router.
  On the other side I cant connect to other services as iCal and Address Book as I am locally in the office. Does that mean I have to open the ports for those services on the router, if yes then why use VPN in the first place.
  Thanks,

  If I understood you correctly:
  External client -> (server.domain.name) -> Router -> Server: is working
  Internal client -> (server.domain.name) -> Router -> Server: is not working
  Internal client -> (local ip) -> Server: is working
  If yes, you can implement a-la "split zone DNS".
  1. On the external DNS your domain name server.domain.name resolved to the external router IP.
  2. You should add record (and zone) server.domain.name to your OS X Lion Server DNS pointing to local IP
  When you are connected to VPN, system sets DNS server to your Lion server and server.domain.name is resolving to local IP.
  When you are working without VPN, system use external DNS and server.domain.name is resolving to external IP.
  Of course, you should open ports for your services on the router is you want to use them from external network.
  I am using this configuration and it works perfectly.

• How to open Ports for App running in VPC

  Trying to open ports for a Windows app that I am running via VPC but the application still shows the port is unreachable.
  So far I have, opened the port in Mac OSX Firewall, opened ports on my D-Link DSL504G router, disabled the Windows firewall (plus opened the ports in case it became enabled).
  Have also redirected the ports to the IP address within VPC Windows and the Mac itself.
  Have run out of ideas as nothing seems to work.
  Regards
  Alan

  Try the following ...
  AEBSn - Port Mapping Setup
  To setup port mapping on an 802.11n AirPort Extreme Base Station (AEBSn), either connect to the AEBSn's wireless network or temporarily connect directly, using an Ethernet cable, to one of the LAN port of the AEBSn, and then use the AirPort Utility, in Manual Setup, to make these settings:
  1. Reserve a DHCP-provided IP address for the host device.
  Internet > DHCP tab
  o On the DHCP tab, click the "+" (Add) button to enter DHCP Reservations.
  o Description: <enter the desired description of the host device>
  o Reserve address by: MAC Address
  o Click Continue.
  o MAC Address: <enter the MAC (what Apple calls Ethernet ID if you are using wired or AirPort ID if wireless) hardware address of the host computer>
  o IPv4 Address: <enter the desired IP address>
  o Click Done.
  2. Setup Port Mapping on the AEBSn.
  Advanced > Port Mapping tab
  o Click the "+" (Add) button
  o Service: <choose the appropriate service from the Service pop-up menu>
  o Public UDP Port(s): <enter the appropriate UDP port values>
  o Public TCP Port(s): <enter the appropriate TCP port values>
  o Private IP Address: <enter the IP address of the host server>
  o Private UDP Port(s): <enter the same as Public UDP Ports or your choice>
  o Private TCP Port(s): <enter the same as Public TCP Ports or your choice>
  o Click "Continue"
  (ref: "Well Known" TCP and UDP ports used by Apple software products)

• Getting error 'opening port for MGR  (Connection refused).

  Hi Guys,
  I m getting below, while starting replicat on target.
  GGSCI (ggtarget) 16> start replicat RLOAD
  Sending START request to MANAGER ...
  ERROR: opening port for MGR MGR (Connection refused).
  GGSCI (ggtarget) 20> view param mgr
  PORT 7809
  USERID orgg, PASSWORD orgg
  PURGEOLDEXTRACTS /ggs/dirdat/*, USECHECKPOINTS
  GGSCI (ggtarget) 21> view param rload
  REPLICAT RLOAD
  USERID orgg, PASSWORD orgg
  ASSUMETARGETDEFS
  HANDLECOLLISIONS
  APPLYNOOPUPDATES
  GETUPDATEBEFORES
  reperror default, discard
  DISCARDFILE ./dirrpt/rload.dsc, purge
  MAP HR.TCUSTORD, TARGET HR.TCUSTORD;
  MAP HR.TCUSTMER, TARGET HR.TCUSTMER;
  from Source I could able to do the telnet to target...
  What could be issue ???

  Hi,
  Error:
  GGSCI (ggtarget) 16> start replicat RLOAD
  Sending START request to MANAGER ...
  ERROR: opening port for MGR MGR (Connection refused).
  You can start Manager, but when you try to start Replicat, GGSCI gives me a connection timeout error
  Solution:
  GoldenGate uses a TCP/IP socket to communicate between local processes. When you issue a START, STOP, SEND, or other command in GGSCI, the command interface will try to open a local port for the process.
  Here is how to find out which local ports these processes are listening on. In the dirpcs directory, there will be one file for each running GoldenGate process.
  For Manager, the file name will be MGR.pcm.
  For Extract, it will be <GROUP_NAME>.pce.
  For Replicat, it will be <GROUP_NAME>.pcr.
  These are text files that can be viewed by using cat or any equivalent command. For example, the MGR.cpm file content will read like this:
  PROGRAM MGR PROCESSID MGR PORT sys1.4356 PID 60070
  After the keyword PORT will be the local hostname and the port number that Manager is supposed to be running on. In the preceding example, the hostname is sys1, and the port is 4356.
  The program (ggsci) tries to use that hostname to communicate to the process (Extract/Replicat/Manager) when the command is issued in GGSCI. If you get a timeout or connection-refused error on the command, that means GoldenGate could not connect to the local host. Most of the time, you should have no problem connecting to a local host, but when you have the wrong IP address or routine table configured in your TCP/IP settings, connection errors can happen.
  To troubleshoot this, follow the steps below
  1. Try to ping that host name from the OS shell to see if it goes to the correct IP address (which should be the one for the local system).
  2. If the ping is successful, try to telnet to the Manager port on your local host. You will be able to see your telnet session connect if a Manager is listening on that port.
  Here is an example:
  shell>telnet
  telnet> open sys1 4356
  Trying 100.100.100.100...
  Connected to sys1.oracle.com (100.100.100.100).
  Escape character is '^]'.
  3. If your telnet session times out or gets a connection-refused error, that means either the hostname is wrong or the port number is wrong.
  If the ping to the hostname listed in the pcm/pce/pcr file fails, or if you cannot connect your telnet session to the port listed in the file(s), contact your network engineers to get the TCP/IP issue resolved.
  Hope this information helps.
  Thanks & Regards
  Santhosh

• Open port for Software Update Point

  hallo
  i need open port for the Software Update Point (wsus) ?
  thanks
  אם תגובתי פתרה את בעייתך - לחץ/י, על &quot;סמן כתשובה&quot; ליד סימן ה V הירוק.

  For a default installation of WSUS that would be HTTP 8530 or HTTPS 8531
  My Blog: http://www.petervanderwoude.nl/
  Follow me on twitter: pvanderwoude

• Error opening port for replicat

  Hi Guys,
  I m getting below, while sending statust on target.
  GGSCI (PMS) 15>info all
  program Status Group Lag Time Since Ckpt
  MANAGER RUNNING
  REPLICAT RUNNING REPYA 243:53:20 53:49:42
  GGSCI (PMS) 16> send repya status
  Sending STATUS request to REPLICAT REPYA ...
  ERROR: opening port for REPLICAT REPYA (Connection timed out).
  #cat REPYA.pcr
  PROGRAM REPLICAT PROCESSID REPYA PORT PMS.7840 PID 26342
  #telnet PMS 7840
  Trying...
  telnet:Unable to connect to remote host:Connection timed out
  What could be issue ???

  The server where Replicat is running is up? Can the server be pinged/telnet by another server? Can the source server connect anywhere else? Firewall? Network services running? Network troubleshooting 101.

• Do i need to open port for crash plan online backup service

  do i need to open port for crash plan online backup service?
  Thanks!

  Possibly. I would start by checking out this CrashPlan support article. CrashPlan does require certain ports on both your computer's and network router's firewall to be open in order to communicate properly.

• How to forward/open ports for WRT54G?

  Hi. I recently bought a WRT54G because my old router was destroyed by lightening and thunder. I have managed to set it up, and got the interent itself to work with static IP adress (192.168.1.101 for my PC).
  However, even though I have tried to forward/open ports for applications like uTorrent and DC++ as well as Limewire, I have no luck. When I test if the ports are indeed opened, I get the result that they are not. Here are how my port forward setting looks like for utorrent. The port in the settings image is of course the same as in uTorrent.
  http://www.pictub.com/quickupload/01/untitled-1mb4wd.jpg
  I can't seem to open any ports, even though I have followed tutorials like the ones at portforward.com. I have the latest firmware for my router, as I flashed it when I got it. Help .

  Yes, I did .
  Anyways, look what I found in the uTorrent FAQ:
  1.7 Special note for users with Linksys WRT54G/GL/GS routers, there are severe problems with them when running any P2P application
  To fix it, they say one has to flash with a unofficial firmware, but I will rather get the money back and buy another router tomorrow. Thanks for the help anyways .

• Windows Server 2008 opening ports for sql

  Hello we upgraded our server from 2003 to 2008 and we are trying to open up the ports for the sql server and reporting services so the users can access both database and report manager from their desk.  we only have one location so its not like we
  need people from different locations accessing it.  but for some reason the users still cant access the database even after opening ports 1433 and 80.  Can anyone help please

  Hi
  Can you explain why does he need turn off the firewall on prod. server? Running SQL
  Browser service make sense if we use named instance, the OP did not mention that. Moreover if we enable SQL Browser
  service we probably need to add UDP port 1434 to the firewall.
  Best Regards,Uri Dimant SQL Server MVP,
  http://sqlblog.com/blogs/uri_dimant/
  MS SQL optimization: MS SQL Development and Optimization
  MS SQL Consulting:
  Large scale of database and data cleansing
  Remote DBA Services:
  Improves MS SQL Database Performance
  SQL Server Integration Services:
  Business Intelligence

• Problems opening ports for Torrent downloads

  Is there a how to guide or anything out there on how to properly open and forward ports....for something like a Torrent client?
  I thought I was doing everything right, but I still can't get my client to connect to any trackers.
  This is what I've done so far:
  Added a new protocol for bit torrent with the following ports that my client uses:
  TCP Any -> 6881-6891 UDP Any -> 6881-6891 
  Forwarded that protocol to the static IP of the machine running the client on the network.
  I thought that's everything it would take to make it work, but no luck.    I did the same thing with ftp and http for a filer server I use and it all works great.
  Any tips?

  You are very close to allowing users to connect to you, because this is my understanding of the status of ports.
  #1 A port will be stealthed / time out / filtered if something is blocking that port.
  #2 A port will be closed / connection refused if nothing is blocking that port and the server is not listening.
  #3 A port will be opened / success if nothing is blocking that port and the server is running.
  Here are example(s), of what I mean...
  #1 Stealth / time out / filtered
  http://i42.tinypic.com/qo8w9j.jpg
  #2 Closed / refused
  http://i40.tinypic.com/2wp82e9.jpg
  #3 Open / success
  http://i42.tinypic.com/vdis8o.jpg
  -> You need to start the server for the port to be open. -
  If need be: It would help to know more about this single NAS box that runs a web server, ftp server and a torrent client.
  Like, the brand and model of it..
  If you are the original poster (OP) and your issue is solved, please remember to click the "Solution?" button so that others can more easily find it. If anyone has been helpful to you, please show your appreciation by clicking the "Kudos" button.

• Why does port scan show an open port for application I've never had?

  I don't currently and never have used Bacula to backup my Macbook, but for some reason when I do a portscan it often shows a Bacula file daemon being open on port 9102.  It also comes up in Netstat as listening, even with my firewall blocking all unnecessary connections, sharing turned off (all), and an Airport ex in front of it also secured.  I also cannot find any related files etc. on my machine after a thorough search.  Despite my best google and support searches, I couldn't find anyone with the same problem.  Is this reason for concern? Either way why would it be there despite it not being ever used on my Mac?  I am not well versed in networking, only know enough to get myself in trouble, so thanks in advance for any help.

  Ok, I ran a port scan on 9102 and it show it's not responding, but assigned to (bacula-fd)
  So what it appears to be is Bacula ( a legitimate program) uses this port, much like Screen Sharing uses port 5900, not necessarily that it's installed on your machine.
  It's not uncommong to have open ports, it's so if you ever install the program or use a service it can gain access through the Firewall. You can change that of course to close up everything except certain ports for certain programs.
  Now that the firewall is App based, if you don't have the app listed, how do you deny it access?
  Well if the program isn't installed on the machine, it can't respond if the port is open or closed.
  Simply enable your Firewall and allow the programs you do have and want to access your machine to connect in the Advanced settings.
  There is also NoobProof and WaterRoof if you need a GUI/simplicity to enact more complex features of the command line firewall. Block IP addresses and everything. However read up before you mess around, Apple has everythign set up nicely and there are very few successful attacks on Mac's.
  If you don't know what your doing, you can actually do more harm opeing up your machine to poential attack.
  If your more paranoid, then install LittleSnitch, it's a outgoing firewall and notification software with pop-up window to allow/deny on a per program or request basis. You'll be quite shocked how much is going out in the background without your knowledge.

• Opening ports for Windows computers...

  Hi Everyone! This is my first post on the official forums!
  I am currently sharing my internet connection (ethernet) through my Macbook wirelessly to my windows PC.
  It all works very well as long as just use port 80 for simple web-surfing but whenever i use programs (Steam and Bittorrent) that use other ports i don't seem to get a connection.
  The firewall in my Macbook is turned off...
  Thanks in advance!
  MVH//Kalle from Sweden

  Hi Kalle... & Welcome to the Discussions!
  You might need to open ports on any Roiter the Mac is connected to, but you didn't mention such a thing...
  http://docs.info.apple.com/article.html?artnum=106439
  http://en.wikipedia.org/wiki/Listof_TCP_and_UDP_portnumbers

• Open port for application

  Hi
  I have just installed Yosemite OS X 10.10.1 and realised one of the application stopped synchronising data with my iPhone 4. I have asked the technical support for help and been told that application needs Bonjour and ports from 49152 up to 65535 to work. I have used Network Utility and found out that ports are blocked and nothing get through to my router. This is why applications on iPhone and Mac cannot see each other.
  I have tested syncing by temporally disabling the firewall in Mac and applications eventually got connected.
  My question is, how to open, if I can, a specific range of ports for an individual application in Mac? In future, I would simply like to avoid disabling the firewall as not very secure work around.
  Kind regards.
  Zb

  Why do you even have the firewall enabled? If you have NAT enabled to distribute local IP addresses, then you don't need the firewall unless you are being specifically attacked/hacked.
  You would need to specifically open ports via Airport Utility or remove whatever you are protecting from the firewall.