More 10.5.1 firewall questions

Similar Messages

• Need Help on one Firewall Question

  Hi All,
  I am using cisco asa in my environment and which is connected to l2. One server and one router is also connected to L2. Now i want to access port 80 on my server from outside.
  How its possible if the server gateway is routers ip and i don't want to add static route in router or server towards the firewall. Nat and access List is done on firewall. what else i can do on firewall to access port 80 of my server from outside. Dont want to change anything on router/server.
  Below is the IP detail
  1. Firewall inside 192.168.1.1 & Outside 1.1.1.1
  2. Router IP - 192.168.1.2
  3. Server IP - 192.168.1.3 & GW - 192.168.1.2

  Hi,
  Well the only ways I could think that the connections could be gotten working would be
  Policy Based Routing on the Router that would forward the web servers traffic through the firewall instead of the routers default gateway (even just the return traffic for web connections)
  Configuring NAT on the ASA firewall so that all traffic from the Internet would be NATed to an internal IP address from the network 192.168.1.0/24. This would mean that the server would be sending the traffic to ASA instead of using its default gateway. And this is ofcourse because the server would be seeing all connections coming from its connected network and wouldnt have to use the default gateway.
  You havent mentioned what type of NAT you are doing on the ASA for the server Static PAT or Static NAT. Static PAT would be forwarding a single (or several ports) only while Static NAT would be dedicating a single public IP address for the server.
  I would imagine that you would have to configure 2 separate NAT statements
  Dynamic Policy PAT for the External hosts
  This should NAT all traffic coming from the Internet to the IP address of your ASAs "inside" interface WHEN the destination is the public IP address of your Web server.
  access-list POLICY-NAT-WEBSERVER remark NAT inbound web traffic to an internal IP address
  access-list POLICY-NAT-WEBSERVER permit tcp any host 1.1.1.1 eq 80
  nat (outside) 100 access-list POLICY-NAT-WEBSERVER
  global (inside) 100 interface
  Static NAT or Static PAT for Web server
  Either of these NAT configurations should forward the connections to your Web servers public IP address on port TCP/80 to the Web server.
  Together with the above NAT configuration the return traffic from the Web server should flow back through the ASA.
  static (inside,outside) 1.1.1.1 192.168.1.3 netmask 255.255.255.255
  or
  static (inside,outside) tcp 1.1.1.1 80 192.168.1.3 80 netmask 255.255.255.255
  If you are using the public IP address on the ASA "outside" interface then replace the 1.1.1.1 with "interface". The IP address 1.1.1.1 stands for a public IP address that you might use.
  Hope this helps
  Please do remember to mark a reply as the correct answer if it answered your question.
  Feel free to ask more if needed
  - Jouni

• Two firewall questions...

  I went into my firewall to configure it for the World of Warcraft downloader (although it didn't appear that I needed to after the fact). Two questions...
  By default, is "Network Time" the only box that should be clicked?
  Is there any negative to operating in "Stealth Mode"? Particularly, it would seem that this mode should be the default, based on the use of programs like Zone Alarm.
  Thanks!

  1. yes
  2. no

• Coherence and iptable firewall Question

  We have Coherence deployment on 3 linux virtual servers running behind firewall. The deployment is as follows..
  Server 1 - 2 WKA Nodes (Cache Servers) and 7 Storage disabled application Nodes
  Server 2 - 1 Storage Disabled application Node
  Server 3 - 2 WKA Nodes (Cache Servers) and 1 Storage disable application node
  Now the Question is.. do we need to open up firewall for all the local ports. Is there a way to avoid opening up these many ports?

  my say on this one is if the router is working fine dont upgrade the firmware, because whenever you upgrade the firmware of a router there is a itty bitty chance of bricking the router and since you told me that it is about 3 years old its already out of warranty. but if you want to upgrade the firmware of the router you can get the firmware at linksys.com/download, if you are just using the router for basic internet access and you are not changing any advanced configuration i say stick with your current firmware esp if you are not having problems with the router.
  "Love your job but never love your company. Because you never know when your company stops loving you"

• More Logic Express 7.2 questions

  I've used Cubase for some years (and Cakewalk before that) so I consider myself pretty au fait with DAWs, but I have a few basic questions about Logic (I would RTFM from cover to cover if it was paper, but online is not an acceptable substitute in a program of this complexity):
  If I record a take in an audio track, and I want to record over the top of it without hearing the previously recorded take. Actually, all I want to be able to do is record into the track. Do I have to set punch points? Can I manually drop in? I don't know how to record over an existing take.
  Although the documentation mentions that the FW-1082 can set punch points and locate points, there's no way I can do this. In fact, how do I set locate points, in/out points, etc. either with or without the FW?
  Is there any audio scrub function when editing a track? And on the subject of editing, are the edits destructive or non-destructive?
  How do I return to my previous start position automatically when I'm not in Cycle mode?
  I'm willing to forgive Logic a lot of things - the latency on this system is much better than it is with Cubase, but so many obvious (to me, anyway) things are buried, and the Environment is confusing to the point of driving me to drink.
  Many thanks if anyone can answer some of these questions.
  PowerMac G5 2 x 2GHz   Mac OS X (10.4)   FW-1082 interface

  Yes, I know about the manual... I've just bought the Martin Sitter Training Guide, though, and I find it incredibly useful - much more than the online PDF (I have enough printed-out manuals from other software lying around the place that I don't necessarily want to print out another 500+ pages). But your point is well-made. I actually write pro audio technical manuals for a living, and I know how difficult it is to get the user to read them.
  Of course I searched in the on-line manual, by the way - but the problem is that I sometimes don't know what I'm searching for - Logic's terminology is confusing if you come from another DAW ("markers", "locators", "location points", "song positions" - you get what I mean?). Also the manual is not accurate in places (Audio Input objects, anyone?) and the section on punch-in didn't give any answer at all to my question. In any case, I still didn't find what I'm looking for (to quote U2) in the manuals, but in less than an hour's reading of the Sitter book, I found what I wanted. That must mean something...
  Whatever, having found out some things from the book, I am basically a lot more confident about knowing the underpinnings of Logic (the manual is very little help in explaining these - and yes, I did read the first sections - they're mainly "how", not "why" or "what") and I feel I can move forward.
  Thanks for your help on the location, anyway. Now if I can only debug the FW-1082's EQ command set to make it work properly...
  PowerMac G5 2 x 2GHz   Mac OS X (10.4)   FW-1082 interface

• Firewall questions

  I am new to the forums but am glad I found them. Some of the posts have really helped me solve some thorny problems.
  I have a couple of questions about firewalls and security. I have a macbook pro and a macbook air both using 10.5.7 connected to the latest version of airport express newly purchased. File sharing is turned off and the firewall for each laptop is set to only receive essential services. The router has a WPA2Personal setting and password.
  I used the Network Utility app and used one laptop to "ping" the other and received the following result: 10 packets transmitted, 0 packets received, 100% packet loss." I used the second laptop on the first and received exactly the same result. Does this mean an outsider will not be able to ping my wireless network successfully?
  Second, how can I test the firewall of the router? What is a program actually testing when it does so? Is it testing the firewall of the router or the initiating computer?
  Thanks.

  Everything passed except the ping test. Does this mean that the router is responding to the ping or is it my laptop?
  The router.
  If so, why did my internal ping test pass?
  Most likely the OS X software firewalls used on your computers is set to "stealth" ports. The AirPort Express does not employ this feature.
  Also, what do I do next? Adjust the security settings on my laptop? Is there a way to adjust the settings for the router?
  Responding to pings is not necessarily a security risk. As you can imagine, there are differing opinions on both sides of the argument, whether or not, having completely "steathly" ports is critical. The combination of a modern Internet router plus a software firewall is quite effective in preventing "attacks" from the Internet. If you require complete stealth, then you will have to look at another vendors' product that offers this. For example, my wired Linksys BEFSR81 completed the GRC test will all "greens."

• Firewall question -pls help

  okay - so i was reading about system profiler today and opened it and clicked down through the various catogories then I come to Firewall- and it reads
  "Firewall Settings:
  Mode: Allow all incoming connections"
  Now this rings alarm bells - I thought my firewall was on. I go to system preferences and look in Internet& Network> Sharing as this is where (in previous operating systems) I remembered the firewall was set - except it isn't anymore. All the sharing boxes are unticked. I go into security and there is Firewall. "allow all incoming connections" is ticked.
  1) This is presumambly where i turn the firewall on or off, right?
  2) Allow Only Essential services? What does this mean - the firewall is on? what constitutes an essential service?
  3) Hypothetically could my computers privacy been compromised?
  4) Has my firewall potentially been like off since i upgraded to leopard?
  Am feeling a bit stupid right now. Any help graciously accepted!

  No such thing as stupid questions...
  -This will take you trough the basic settings done on a mac to secure it:
  In System preferences go to Security > Firewall, the default setting is "Allow all incoming", this does not compromise your privacy, only that Mac OS X will decide what it needs. I´d go for "allow only essential services" then press "Advanced", from the drop down choose "Enable Firewall Logging" and "Enable Stealth Mode".
  In the Sharing pane make sure no boxes are checked.
  Thats the basics, if you wanna secure your mac in such a way that it would make Fort Knox look like a 7/11 go here for further tips :
  http://www.macshadows.com/kb/index.php?title=HardeningMac_OSX
  ....but this might be a bit over the edge for the normal user
  Best o´luck

• How do u creat BIOS recovery disk + nvidia firewall question.

  WooooHOoOOO....
  after re-formating a dozen times, busted SCSI config, messed up driver install, I FINALLY GOT this board working at 100%!!!
  This mobo powered through my entire DOOM 3 Odyssey to Hell NON-STOP without a SINGLE CRASH!! Definitely a good testament to this board's quality.
  Now for the final few noob question, how do I create a bios recovery disk just in case things happened.
  lastly... how do you properly setup the NV Firewall? After enabling it, none of the other computers in my network can see this computer with the MSI Board, so file and printer sharing all stops when the firewall is enabled.
  Anyone here has a walkthrough on the firewall?
  ONCE AGAIN...thanks to all who helped me!!!

  i havent got my nvidia firewall to work imma wait until they release better drivers for it but for creating the bios recovery disk i think if u use msi's live update it will ask u if u want to create one or not.

• More LR 4 Catalog Conversion Questions

  I have been a LR user since LR1 first came out and consider myself relatively knowledgeable about the program and how it works. However, I recently acquired LR 4 and have run into the problem a number of you seem to have found with moving from LR3 to starting off a new catalog in LR4. I've searced the databases and read a number of the discussions but have yet to find the solution to my particular problem. So, anyone who has the time and knowledge, I'd appreciate some assistence. I use a an iMac 24, with Snow Leopard (soon to upgrade). When I first loaded LR 4  I got the usual LR beta catalog (5 total images). I started from there opening the catalog dialog in the Library menu and selecting the one I thought should be uploaded. I did the same to the others shown. None  of these contained my old LR 3 catalog. Many of the thumbnails were missing as were a lot of files with the evil question mark (and not so evil exclamation points). I've loaded LR4.1, backed up and optimzed the catalog, shut the computer down and started up again with some improvement (fewer question marks and blank thumbnails) but not enough images. I still have LR3 installed but the catalog there has also changed. I had around 18,000 images that were on the original LR3 catalog. I now have 14,000 or so on that catalog and 10,000 or so on the LR 4 catalog. The ones missing on the LR 4 catalog seem to be the most recent and am not sure about the LR 3 catalog though the most recent seem to be there. I presume I have not converted the appropriate catalog though I don't know which one it would be and have no idea how the LR 3 catalog changed. I realize I could start over, reconnect the originals and dump the LR 3 catalog but my negatives and xmps are scattered over lots of folders, many of which are not in order. I took my own advice and ignored folders for many years and now they're an unholy mess. I will continue to plug along and I presume eventually find a way to solve things but I would greatly appreciate suggestions that might lead to more rapid solutions. Thanks in advance.

  I suggest you first locate all you catalogs spread all over your computer. Then study each one and see what exactly is there and whether you need the images from there or not. Keep your real ones and trash the rest.
  Reconnect all missing files in all the catalogs you have left.
  Choose the biggest, most important and possibly recent one and make it your main catalog. If needed, upgrade it to LR4.
  Import the rest of catalogs into the main one.
  Now that you have only one catalog with all images reconnected, all is left to do is tidy it up.

• More localization woes - upside down question marks.

  With some effort, I am able to load variable values from the database based on the language the user has selected, and display those variable values in my column headings and the like (see thread How are session variables used for localization? for that process).
  However I can only display ASCII values!!
  I can load my translations with the strings "(ENGLISH)" and "(JAPANESE)", and based on whether the user selected English or Japanese, my column headings will in fact show the strings "(ENGLISH)" and "(JAPANESE)".
  Great!
  Except, when I load my database with what Japanese text, all I get in the UI is upside-down question marks.
  I'm using a tool to load this Japanese text into the DB written by someone else who swears(! ) this tool writes data into the DB in a format that is known to have worked for OBIEE Localization. On inspection I find this Japanese is in Unicode.
  I have written a Java app that reads the Japanese text back from the DB. When I inspect the String contents in the debugger, the data returned from the ResultSet does look like the Unicode data in the original text file. So the data looks good (?) in the DB.
  In the debugger, the character values in the String equate to these hex values:
  0x30B5
  0x30FC
  0x30D3
  (8 characters worth, 16 bytes).
  But now how do I turn these 0x30B5 Unicode characters into Japanese in the OBIEE UI?
  I am testing this in OBIEE with Japanese (Nihongo) selected. Most of OBIEE switches to Japanese just fine. It's not a local display issue. But my variables with Unicode values display as nothing but upside-down question marks. D'oh!!
  Thanks for any help!
  - OBIEE 10.1.3.4
  - Oracle DB 10g
  - DB is set to use UTF-8 charset.

  Never mind. I think it's working.

• Much more cumbersome than CS2, several questions

  I just got back from a 10 day trip having shot about 2000 picutures and dowloading them to Aperture day by day. I had previously used Abobe CS2 but since I have a new Macbook Pro I decided to give Aperature a try. Now I'm not sure I won't regret the decision.
  A few quick (I hope) questions.
  If I just shot a jpeg instead of Raw+ jpeg for some pictues, doe sthis still show up in Aperture.
  When I used to import to iPhoto I could go into Finder and locate either the Raw or JPEG or open the Raw in Adobe Bridge/camera raw. Now, the only thing I see in a Finder Window is an icon for the entire Aperature library. IS there no way to locate individual files?
  I don't see anyway to locate the raw files except within Aperture. Does this eman I have no option to process the Raw in anything but Aperture?
  While I was on the road, I did process one raw image. Now, the original shows up in the main window, the processed shows up in the thumnail, and I can't seem to bring the processed image back up in the main window. This seems very cumbersone compared to CS2.
  thanks for your help,
  Jordan

  jordan:
  When I used to import to iPhoto I could go into
  Finder and locate either the Raw or JPEG or open the
  Raw in Adobe Bridge/camera raw. Now, the only thing
  I see in a Finder Window is an icon for the entire
  Aperature library. IS there no way to locate
  individual files?
  in short, yes. the Aperture library is actually a special folder called a bundle. the OS generally treats bundles as a single file, but actually it is a folder. if you right click on the Aperture library file and choose "Show Contents" it will open the file as a folder. in here you can see all the projects and XML files that make up the library. unless you really know what you're doing, i wouldn't mess with anything in here. the potential for corrupting your library is very, very high.
  I don't see anyway to locate the raw files except
  within Aperture. Does this eman I have no option to
  process the Raw in anything but Aperture?
  the easiest way to get your RAW files back out of the Aperture library for something like this is to select an image in Aperture and choose Export->Masters from the File menu. however, if you want to have the choice of editing RAW files with another editor, consider importing the files as referenced rather than managed (see the manual for an explaination of the difference).
  While I was on the road, I did process one raw image.
  Now, the original shows up in the main window, the
  processed shows up in the thumnail, and I can't seem
  to bring the processed image back up in the main
  window. This seems very cumbersone compared to
  CS2.
  Aperture lets you toggle between showing the master file (unprocessed RAW file) and the version (which is the file with all the adjustments applied). maybe what you were seeing was the master. showing the master could easily be done by accident as the 'M' key is what causes it to toggle. it would show a badge at the top center of the image with the word "Master" if you were viewing the master image though.
  good luck,
  scott
  PowerMac G5 2.5GHz   Mac OS X (10.4.8)   MacBook Pro 2.0GHz

• Virus Protection and Firewall Question

  I just switched from a PC to a Mac. Should I download virus protection and if so which one is best for a Mac? Also, I believe my computer came with the firewall turned off... should I turn that on?

  Should I download virus protection...
  No. The OS has built-in recognition of known Mac malware in files downloaded from the Internet. All commercial "anti-virus" products for the Mac are worse than useless. Do not install any of them.
  ...and if so which one is best for a Mac?
  Your mind. All Mac malware takes the form of trojans, which depend on the victim's ignorance to be installed. Don't be ignorant.
  Also, I believe my computer came with the firewall turned off... should I turn that on?
  Not unless you are on an untrusted network, such as a public hotspot, and have services enabled in the Sharing preference pane. Under any other circumstances, the firewall should be left off.

• Show more text on the featured question box

  I made some featured questions for the Power BI site using Power BI Q&A but I can't get the box (small or large) to show the whole text.  It is truncated before the where clause which is the important part to see when choosing which featured
  question you would like to see!  Is there a way to get it to display the whole text, or would I have to make my own way of displaying the options, then add the functionality by using the link instead?

  I did find a way to put the "where clause" a little higher in the text.
  Instead of:
  Show community, total unique members, where community category is Technical
  I phrased it this way:
  Show Technical community category, community, total unique members
  and the bold is what shows on the featured question tile on the main page.

• Mac OS X Server 10.5.8 firewall question

  Hello,
  I'm a network administrator in a company, and we use Mac OS X server 10.5.8, with Mac clients.
  I have a problem with the adaptative firewall : when someone wants to connect to the server (by using the finder, and "connect as"), if the password is not correct, the adaptative firewall just cut the access of the client for all (It's a DHCP and DNS server, so there is no access anymore to the LAN and the web).
  I would like to know if there is a way to make the client blacklisted after 3 bad login attempts, not just only one. I used the afctl command, but it's apparently not possible to manage this problem with that (just the time of blacklisting).
  Thanks a lot in advance.

  I don't have a solution for you. But I do remember reading about this one. Apparently what happens is that beneath the surface, the connection attempt is repeated on failure, using differnet authentication protocols. And so one user login attempt with a bad password, leads to three attempts beneath the surface, and "the boot". But unfortunately I don't remember what the solution is, as I was researching for a completely different issue when I read this.

• One more Epson R2880 Mac driver question?

  Using OSX 10.5.7, with the latest R2880 v6.20 driver, does LR 2.3 now correctly bypass Colorsync when selecting a Profile in Color Management in the Printer module? I'm still concerned with the prospect of double profiling. I'm hoping that v2.3 passes the selected profile directly to the driver, where it is applied to the appropriate choice of Media Type in the Print Settings section.

  I have a 3800 so cannot directly answer your question, but at the same time, even with a definitive yes from someone, that doesn't guarantee that it will get set up correctly on your machine. Likely, but no guarantee! I'd suggest a few smallish test prints.