OPEN_DATASET_NO_AUTHORITY from WAN

Hi Guys!
I try to write a text file to the application server using oninputprocessing method in a bsp application by OPEN DATASET. If I run the BSP applcation in a LAN environment everything goes well, the application creates the file and writes the data. But if I run the same application from WAN the app. retuns with OPEN_DATASET_NO_AUTHORITY. To login users automatically i use a technical user for the internet service of this BSP application - this user is : service type.
The application is achieved on https. The only difference is the IP range (reached application from WAN or LAN).
How could I preform this file creation from WAN (same as it works in LAN environment)
Thanks Héger A

Dear Tobias!
The problem was solved , by using specified roles for the technical user. In this case the roles are giving rigthts for the used areas and is able to reach the app. outside fom LAN
Back to the original question:
Both occasion I use the mentioned webuser without any rights.
But I can use open_datset in a LAN environmet but couldn't from WAN.
I ran the application in test mode logged in sap as a developer user, in se80 rigtht click on default.htm (entering point of webapp) then Test...
Next step sap calls IE and runs the app, but logging in automatically as the technical user
How does SAP "know" the runing environment? - I know is a stupid question, but this mechanism (i.e. in LAN occasion it runs but WAN doesn't run and evreything is the same in both occassion ) is totally ununderstable for me.
The question is why can

Similar Messages

  • Password protect site from WAN - not LAN

    I did this a while ago, so I'm not exactly sure what I did. I believe I found a post here regarding how to allow only internal IPs to see a web page while blocking WAN IPs from accessing it.
    I added some lines here in the .conf file for the site I want to restrict access to - found at /private/etc/apache2/sites
    <Directory "/Library/WebServer/Documents/website">
    AllowOverride None
    Order deny,allow
    Deny from all
    Allow from 192.168
    <IfModule mod_dav.c>
    DAV Off
    </IfModule>
    Options All -Includes -ExecCGI +MultiViews -Indexes
    </Directory>
    I believe I added:
    AllowOverride None
    Order deny,allow
    Deny from all
    Allow from 192.168
    Which allows LAN IPs to access the website without asking for a password, while denying access from WAN IPs.
    Using a Realm in the Web Service in Server Admin was great as it allowed everyone (LAN/WAN) to access the site with a password. Unfortunately for a project we're doing we can't have a password dialog popping up every time.
    What I would like to do is somehow give our users access to the site on our LAN without them having to see a password dialog and at the same time allow them to access the site via WAN WITH a password dialog tied into their usernames/passwords stored in open directory. Basically I would like to use the Realm functionality and ease of use - just suppress the password dialog only when users are in the office.
    I hope that makes sense. I tried to search yet had no idea what terms to search for and I can't find the posts where I got my original info. Thanks for any assistance.

    i have cop.moblize.com which is hosted outside of my LAN and i am not able to open from my internal LAN but able to open from other netwrok or outside of my LAN. sometime it opens automatically and after few times it will stop opening...
    This topic first appeared in the Spiceworks Community

  • NAT list getting hit for traffic from WAN IP

    I have an 871 setup at home with a fairly basic configuration (NAT, Firewall, EasyVPN, Wireless). What I've noticed is that for traffic going from the WAN interface (FastEthernet4), it seems to be hitting the ACL in place for NAT. My config:
    interface Loopback0
    ip address 192.168.254.1 255.255.255.255
    interface FastEthernet4
    description Cable Modem Connection
    bandwidth 384
    ip address dhcp
    ip nat outside
    ip nat enable
    no ip virtual-reassembly
    duplex auto
    speed auto
    interface Vlan1
    no ip address
    bridge-group 1
    interface BVI1
    ip address 192.168.1.1 255.255.255.0
    ip nat inside
    ip virtual-reassembly
    ip nat inside source list NATLIST interface FastEthernet4 overload
    ip access-list extended NATLIST
    permit ip 192.168.1.0 0.0.0.255 any
    deny ip any any log
    Seems to work just fine, but I will see this in my logs:
    Oct 30 17:21:38 PDT: %SEC-6-IPACCESSLOGP: list NATLIST denied udp 76.22.98.39(0) -> 68.87.69.146(0), 1 packet
    Oct 30 17:21:38 PDT: %SEC-6-IPACCESSLOGP: list NATLIST denied udp 76.22.98.39(0) -> 140.142.16.34(0), 1 packet
    Oct 30 17:21:56 PDT: %SEC-6-IPACCESSLOGDP: list NATLIST denied icmp 76.22.98.39 -> 24.64.94.41 (0/0), 1 packet
    Oct 30 17:23:38 PDT: %SEC-6-IPACCESSLOGP: list NATLIST denied udp 76.22.98.39(0) -> 207.188.29.230(0), 1 packet
    Oct 30 17:25:38 PDT: %SEC-6-IPACCESSLOGDP: list NATLIST denied icmp 76.22.98.39 -> 121.18.13.100 (0/0), 2 packets
    Oct 30 17:27:38 PDT: %SEC-6-IPACCESSLOGDP: list NATLIST denied icmp 76.22.98.39 -> 24.64.94.41 (0/0), 1 packet
    Where 76.22.98.39 is the dynamic IP address from the cable provider. If the traffic isn't passing through the router, why is it trying to NAT it?
    IOS Version is 12.4(6)T9

    Hello Brom,
    I am facing the same situation that I can see a whole bunch of log-entries which state that IP-packets with the source address of the routers own WAN-interface-address are trying to reach a variety of IPs somewhere out there.
    I don't feel fine with just ignoring something - in only very rare situations this has been a good advise. I believe this is not a solution.
    There's just one naging question you should be able to answer.
    Since when needs the routers traffic translation? If the router sends packets because it want's to reach a destination for some reason it uses as source-address the address of the interface the traffic is supposed to leave and send's it directly there, doesn't it?
    So why in the world are there thousends of packets denied by the NAT-process (ofcourse, the NATACL doesn't allow this address), all showing the same pattern
    (pattern == protocol=udp AND source=ownWANIP AND port=0 AND destination=someIPoutthere AND port=0) as you can see from the following output, cause I think this is supicious and tryed it - wow! How do these packets get to the NAT-process anyway?!
    000894: Oct 10 06:57:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.11(0), 1 packet 
    000895: Oct 10 06:58:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 195.96.0.3(0), 4 packets 
    000896: Oct 10 06:59:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 130.149.17.21(0), 1 packet 
    000897: Oct 10 06:59:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.12(0), 1 packet 
    000898: Oct 10 07:02:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.11(0), 1 packet 
    000899: Oct 10 07:04:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 195.96.0.3(0), 16 packets 
    000900: Oct 10 07:05:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 130.149.17.21(0), 2 packets 
    000901: Oct 10 07:05:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.12(0), 2 packets 
    000902: Oct 10 07:08:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.11(0), 1 packet 
    000903: Oct 10 07:09:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 195.96.0.3(0), 5 packets 
    000904: Oct 10 07:11:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 130.149.17.21(0), 1 packet 
    000905: Oct 10 07:11:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.12(0), 1 packet 
    000906: Oct 10 07:13:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.11(0), 1 packet 
    000907: Oct 10 07:14:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 195.96.0.3(0), 14 packets 
    000908: Oct 10 07:16:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 130.149.17.21(0), 2 packets 
    000909: Oct 10 07:16:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.12(0), 2 packets 
    000910: Oct 10 07:18:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.11(0), 2 packets 
    000911: Oct 10 07:19:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 195.96.0.3(0), 2 packets 
    000913: Oct 10 07:22:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 130.149.17.21(0), 2 packets 
    000914: Oct 10 07:22:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.12(0), 3 packets 
    000915: Oct 10 07:23:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.11(0), 2 packets 
    000916: Oct 10 07:24:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 195.96.0.3(0), 8 packets 
    000917: Oct 10 07:27:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 130.149.17.21(0), 3 packets 
    000918: Oct 10 07:27:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.12(0), 2 packets 
    000919: Oct 10 07:29:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.11(0), 3 packets 
    000920: Oct 10 07:30:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 195.96.0.3(0), 2 packets 
    000921: Oct 10 07:33:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 130.149.17.21(0), 3 packets 
    000922: Oct 10 07:33:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.12(0), 3 packets 
    000923: Oct 10 07:34:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.11(0), 2 packets 
    000924: Oct 10 07:35:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 195.96.0.3(0), 24 packets 
    000925: Oct 10 07:38:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 130.149.17.21(0), 2 packets 
    000926: Oct 10 07:38:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.12(0), 2 packets 
    000928: Oct 10 07:39:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.11(0), 3 packets 
    000929: Oct 10 07:43:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 195.96.0.3(0), 1 packet 
    000930: Oct 10 07:43:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 130.149.17.21(0), 2 packets 
    000931: Oct 10 07:43:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.12(0), 2 packets 
    000932: Oct 10 07:44:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.11(0), 2 packets 
    000936: Oct 10 07:47:35: %SEC-6-IPACCESSLOGP: list FAE00IN denied tcp 222.173.130.154(6000) -> 212.152.155.204(1433), 1 packet 
    000937: Oct 10 07:49:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 195.96.0.3(0), 2 packets 
    000938: Oct 10 07:49:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 130.149.17.21(0), 2 packets 
    000939: Oct 10 07:49:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.12(0), 2 packets 
    000940: Oct 10 07:50:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.11(0), 2 packets 
    000941: Oct 10 07:54:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 195.96.0.3(0), 5 packets 
    000942: Oct 10 07:54:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 130.149.17.21(0), 1 packet 
    000943: Oct 10 07:54:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.12(0), 1 packet 
    000946: Oct 10 07:56:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.11(0), 2 packets 
    000947: Oct 10 08:00:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 195.96.0.3(0), 7 packets 
    000948: Oct 10 08:00:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 130.149.17.21(0), 2 packets 
    000949: Oct 10 08:00:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.12(0), 2 packets 
    000950: Oct 10 08:01:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.11(0), 1 packet 
    000951: Oct 10 08:05:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 195.96.0.3(0), 15 packets 
    000952: Oct 10 08:05:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 130.149.17.21(0), 1 packet 
    000953: Oct 10 08:05:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.12(0), 1 packet 
    000954: Oct 10 08:06:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.11(0), 1 packet 
    000956: Oct 10 08:10:26: %SEC-6-IPACCESSLOGDP: list FORNAT denied icmp 212.152.155.204 -> 172.16.0.151 (0/0), 1 packet 
    000957: Oct 10 08:10:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 195.96.0.3(0), 6 packets 
    000958: Oct 10 08:10:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 130.149.17.21(0), 1 packet 
    000959: Oct 10 08:10:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.12(0), 1 packet 
    000960: Oct 10 08:11:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.11(0), 1 packet 
    000961: Oct 10 08:14:49: %SEC-6-IPACCESSLOGP: list FAE00IN denied tcp 216.133.175.69(2087) -> 212.152.155.204(5900), 1 packet 
    000962: Oct 10 08:16:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.11(0), 1 packet 
    000963: Oct 10 08:16:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 195.96.0.3(0), 11 packets 
    000964: Oct 10 08:16:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 130.149.17.21(0), 2 packets 
    000966: Oct 10 08:16:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.12(0), 2 packets 
    000968: Oct 10 08:21:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.11(0), 1 packet 
    000969: Oct 10 08:21:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 195.96.0.3(0), 6 packets 
    000970: Oct 10 08:21:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 130.149.17.21(0), 1 packet 
    000971: Oct 10 08:21:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.12(0), 1 packet 
    000972: Oct 10 08:27:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.11(0), 2 packets 
    000973: Oct 10 08:27:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 195.96.0.3(0), 3 packets 
    000974: Oct 10 08:27:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 130.149.17.21(0), 1 packet 
    000975: Oct 10 08:27:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.12(0), 1 packet 
    000976: Oct 10 08:33:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.11(0), 1 packet 
    000977: Oct 10 08:33:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 195.96.0.3(0), 29 packets 
    000978: Oct 10 08:33:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 130.149.17.21(0), 2 packets 
    000979: Oct 10 08:33:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.12(0), 2 packets 
    000980: Oct 10 08:38:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.11(0), 1 packet 
    000981: Oct 10 08:39:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 130.149.17.21(0), 1 packet 
    000982: Oct 10 08:39:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.12(0), 1 packet 
    000983: Oct 10 08:43:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.11(0), 2 packets 
    000984: Oct 10 08:43:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 195.96.0.3(0), 1 packet 
    000985: Oct 10 08:44:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 130.149.17.21(0), 1 packet 
    000986: Oct 10 08:44:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.12(0), 1 packet 
    000987: Oct 10 08:49:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 195.96.0.3(0), 2 packets 
    000988: Oct 10 08:50:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 130.149.17.21(0), 1 packet 
    000989: Oct 10 08:50:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.12(0), 1 packet 
    000990: Oct 10 08:52:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.11(0), 1 packet 
    000991: Oct 10 08:54:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 195.96.0.3(0), 5 packets 
    000992: Oct 10 08:59:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 195.96.0.3(0), 6 packets 
    000993: Oct 10 08:59:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 130.149.17.21(0), 1 packet 
    000994: Oct 10 08:59:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.12(0), 1 packet 
    000995: Oct 10 09:00:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.11(0), 1 packet 
    000996: Oct 10 09:05:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 195.96.0.3(0), 17 packets 
    000997: Oct 10 09:07:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 130.149.17.21(0), 1 packet 
    000998: Oct 10 09:07:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.12(0), 1 packet 
    000999: Oct 10 09:09:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.11(0), 1 packet 
    001002: Oct 10 09:10:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 195.96.0.3(0), 7 packets 
    001003: Oct 10 09:15:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 195.96.0.3(0), 14 packets 
    001004: Oct 10 09:16:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 130.149.17.21(0), 1 packet 
    001005: Oct 10 09:16:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.12(0), 1 packet 
    001006: Oct 10 09:17:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.11(0), 1 packet 
    001007: Oct 10 09:21:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 195.96.0.3(0), 6 packets 
    001008: Oct 10 09:24:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 130.149.17.21(0), 1 packet 
    001009: Oct 10 09:24:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.12(0), 1 packet 
    001010: Oct 10 09:26:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.11(0), 1 packet 
    001012: Oct 10 09:27:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 195.96.0.3(0), 4 packets 
    001013: Oct 10 09:32:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 195.96.0.3(0), 26 packets 
    001014: Oct 10 09:33:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 130.149.17.21(0), 1 packet 
    001015: Oct 10 09:33:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.12(0), 1 packet 
    001016: Oct 10 09:35:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.11(0), 1 packet 
    001017: Oct 10 09:37:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 195.96.0.3(0), 1 packet 
    001018: Oct 10 09:41:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 130.149.17.21(0), 1 packet 
    001019: Oct 10 09:41:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.12(0), 1 packet 
    001020: Oct 10 09:43:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.11(0), 1 packet 
    001021: Oct 10 09:43:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 195.96.0.3(0), 1 packet 
    001022: Oct 10 09:48:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 195.96.0.3(0), 74 packets 
    001023: Oct 10 09:50:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 130.149.17.21(0), 1 packet 
    001024: Oct 10 09:50:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.12(0), 1 packet 
    001027: Oct 10 09:52:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.11(0), 1 packet 

  • 10.5.6 setup on mini with USB nic, not receiving DHCP from WAN (cable modem

    Hello,
    I'm probably in a little over my head thinking I could configure MacOS X Server without much IT knowledge. But I started, so I'm not giving up yet.
    Here's my setup:
    — cable modem ethernet connects to USB nic (the apple macbook air one) plugged into mac mini running 10.5.6 Server
    — ethernet on mac mini connects to switch
    — switch connects to airport base station set-up as bridge
    — in the future other computers will connect over ethernet to the switch (that's why mac mini isn't plugged into base station directly)
    Here's the issue:
    — cable modem uses DHCP (no fixed IP).
    — when first installing 10.5.6 Server, modem was connected directly to ethernet on mac mini, and picked up everything from DHCP, worked fine. Ran all the system updates (started with a 10.5 initial install)
    — after everything was installed, I switched the modem to the USB ethernet adapter and ran NAT setup assistant. configured the USB Ethernet as the WAN, Ethernet as the LAN, turned on VPN.
    — now the USB Ethernet won't pick up the DHCP of the WAN anymore. It did it once, and then never again.
    — I've run the NAT setup assistant to switch the WAN and LAN nics to see if the USB Ethernet was the issue, but with the same results.
    — This setup used to work although not quite stable on 10.5.4 server.
    My initial questions:
    — is the firewall blocking the DHCP?
    — is the LAN DHCP messing with the WAN?
    — in the previous version I had to set the replythresholdseconds from 10 to 0 in the bootpd.plist for it to hand out DHCP on the LAN, but there is no such entry in the pootpd.plist anylonger, and the keynet_address entry that was missing from the previous version of bootpd.plist is now present, so it seems the bootpd.plist has been fixed by apple.
    — what am I doing wrong? Why doesn't this just work as advertised...
    I know there are several of you out there that have the same setup working (I found posts from hirstey and DigiAngel with the same setup) so it must be possible. All your help is much appreciated!!
    Thanks,
    Hagenaer
    Thanks!
    Message was edited by: Hagenaer

    Thanks for your reply, DigiAngel.
    DSL modems differ from cable modems as far as I understand. Where DSL modems are actually routers capable of NAT/DHCP, cable modems are just a network interface/brigde and can't do any of that. So it should pass the external IP to the computer. I'm writing on a laptop with the cable modem directly plugged into it, and it picked up the external IP etc. near instantly. The mac mini did the same before I ran the NAT setup assistant. I believe it picked it up once after that, but never since.
    I had done a clean install, had the ethernet plugged into its internal ethernet port (en0) and was able to download all the system updates. Then plugged in the USB ethernet, I'm pretty sure it still picked up the IP there. Ran the NAT setup assistant and can't get anything to work anymore. Even with all services switched off.
    So the modem is doing its job, but when I connect it to the USB nic the connection gets a self-assigned IP in about 3 seconds after seeing the cable is connected. The one time I've seen it get the right IP, it got a self-assigned IP first and then about 5 seconds later picked up on the correct IP. (And it picked up everything, including DNS server and search domains, which this laptop I'm writing on does not, although it works just the same).
    Unfortunately, this laptop runs 10.4.11 which doesn't recognize the USB nic, so I can't test the adapter outside of the server environment. But I've had the genius bar test the adapter previously and it worked fine then, plus I've run the NAT setup assistant with the connections inverted (WAN over built-in ethernet, LAN over USB ethernet) with the same results: WAN gets self-assigned IP.
    I've also tried configuring manual IP for the WAN from what I saw was given to this laptop (it kept the same IP even after being disconnected/reconnected, so I guess the IP for my modem won't change IP unless I reset it. Although I'm not sure if it's correct logic to assume the mac mini would pick up the same IP as well since I think that's actually tied to the MAC address and the IP doesn't belong to the modem but to the computer behind it).
    Anyway, I'm not sure what to try next...
    Hm. Wait, this might have something to do with it: the firewall logs the following:
    Mar 22 14:12:07 server ipfw[4997]: 65534 Deny UDP 73.227.220.1:67 255.255.255.255:68 in via en 2
    Looking up 73.227.220.1 gives me dns1.inflow.pa.bo.comcast.net, clearly my provider's DNS server. Trying to get me an IP that my wirewall is denying? Turning off the firewall doesn't make it pick up the correct IP though... I have turned off all services and still just got a self-assigned IP.

  • WRT54GS not getting Ip from WAN in any configuration

    Able to configure router and connect it fine but will not pull and IP from provider or any other device on the WAN port. I think the WAN port is dead but not sure.
    Have rebooted and reset to factory. WAN light is solid all the time and does not try to detect connection. LAN ports work fine and assign addresses.
    Also have a wireless N router that does the same thing. Currently using a different brand since it seems the Linksys router keep dying on me.
    Looking for suggestions for a fix if that is possible. 

    Connect a Single Cable from LAN Port to WAN port of the router ...
    Check the Light status on both the ports ....
    If getting lights .... the ports are working fine ...
    Also if not light ... ports are daed ,.,....
    Reset for ferw seconds.... & check if any difference is there or not ....

  • Need to block rv110w access to router from wan

    Is there any way to block access to the router logon page from the wan?  By simply going to the router's external WAN IP, the cisco logon screen shows up?  I really think this not that safe and want to block it from showing up.  I have looked at all the settings and don't seem to be able to find something that will keep that from happening.
    Thanks
    M

    Hello Michael,
    You can disable remote management via Firewall --> Basic Settings. In the basis settings page there should be an option to enable remote managment. Make sure that option is unchecked.
    Hope this helps.
    -john

  • Unable to login to CUPC from WAN locations

    Hi,
    I am using CUPS: 8.5 & CUPC: 8.5.4....From LAN, if i try to login to CUPC  it works fine. But from the WAN locations/branches if i try to login to CUPC it doesn't work. Sometimes it says: unable to contact cup server & soemtimes it goes for ever...
    There is no firewall in between...Any clue??

    Hi
    Can you resolve the CUPS server name (i.e. ping it by name) on the remote site? May not be in the branch's DNS server...
    Aaron

  • How to connect to Hyper-V VM from WAN

    Hello everybody!
    I am beginer. I have a dedicate server with Windows Server 2008 R2 En 64bit, and i installed hyper-v with two VM. I created a virtual switch network and the VM can access internet. Now, i want to remote desktop to VM from my PC. In LAN, i typed IP of VM,
    that's OK. So if i want to remote from anywhere to VM through internet, how do type IP??
    /* So sorry because my English is not good*/

    It sounds like your VMs do not have public IP addresses.  In that case, you will need to have your router redirect based on ports coming in.  I've done this and it works quite well.
    On your router, you configure it to listen on your public IP address that you can use for accessing your host.  By default, when you make an RDS connection to that server, you are coming in on port 3389.  What you set up on your router is something
    like this:
    <publicIP>:12345 redirect to <hostIP>:3389
    <publicIP>:12346 redirect to <vm1IP>:3389
    <publicIP>:12347 redirect to <vm2IP>:3389
    and so forth. Then when you connect via RDP from the WAN, you connect to <publicIP>:<desired port>.
    .:|:.:|:. tim

  • Prime Infrastructure 2.0 possible to grab SNMP poll from WAN?

    Our objective is to monitor all our network devices using Cisco Prime Infrastructure 2.0 which include LAN site and WAN site. LAN site we have various of equipments example cisco router 3800, ASA 5510, Catalyst switch 6500 and other access switches. WAN site we have ASA 5520. Currently our ASA is located at ISP which has its own public IP. Question is, it is possible to monitor our ASA 5520 which at WAN site? Attached is our topology sample.
    Note: We has no issues on monitoring LAN equipments.

    Hi Remysyaku
    Are you able to do snmp polling on ASA from any other software like net-snmp etc.
    I mean you need to check whther problem is snmp connectivity or PI is not able to manage ASA.
    Also there is a bug due to which ASA5515x will be shown as unsupported in PI 2.0 but ASA 5520 and further should show managed correctly.
    Thanks
    Mahavir

  • RV320 restart and behave unstable after failover from WAN to USB3G modem.

    I've setup a RV320 router with a 500Mbps internet link and a 3G modem in Hot standby mode.
    But when I try to unplug the WAN and it failover to the 3G internet connection, the RV 320 behave very unstable and it frequently either
    1. crash and restart and end up not able to access via webgui without network connectivity(All Led still remains on). 
    2. Fail over to 3G, works for a period of time, crash and restart.
    For recover back from 3G modem to WAN, it usually able to fall back to WAN but crash and restart after a period of time, sometime after it restarted, the RV320 no longer respond, and webgui not available again. even it has down, all LED remains on and it looks still functioning.
    Do you encounter similar problem and how do you fix it?
    Can anyone from Cisco can help to fix this in next version firmware? I'm ok to help collect information from my RV320 for troubleshoot the problem.

    Latest developments: we also own an Airport Express, so this afternoon I tried creating a network with it, instead of with the Airport Extreme. Same problem happened: the cable modem / router supplied by our ISP (Telia) has issues. It is a ZyXEL P-660H-D1 Triple Play. Unfortunately I cannot enter its config page (one is supposed to be able to access at 192.168.1.1 – it doesn't work), so I can't modify any of its settings.
    It remains possible, however, to plug connect a computer directly to the ZyXEL with an ethernet cable and access the internet.
    Also, the Airport Extreme can create a wireless network so its router functionality still works. Same with the Airpot Express. It looks as though the problem sits with our modem. Grateful if anyone has ideas.

  • VoIP (UDP) and Video (mpeg4) Benefit from WAN Optimization?

    From what I am reading VoIP and (Video)MPEG4 are "integrated" into a vendor's WAN acceleration/optimization app/device but I don't read VoIP or mpeg4 will benefit? Is this a true statement?

    Sorry I have taken so long to reply but work got in the way.
    This User Defined Firewall.
    Can you tell us more about that.
    Access Control = NO Valid Filtering Rule!!!
    MAC Filtering Table = Disabled
    URL Blocking = No entries
    Schedule rule = No Valid Schedule Rule!!!
    Intrusion Detection Feature
    SPI firewall protection = ticked
    Anti-DoS firewall protection = ticked
    RIP defect = blank
    Discard Ping To WAN Interface = blank
    Stateful Packet Inspection
    Packet Fragmentation = ticked
    TCP Connection = ticked
    UDP Session = ticked
    FTP Service = ticked
    H.323 Service = ticked
    TFTP Service = ticked
    When hackers attempt to enter your network, we can alert you by Email
    Your Email Address :empty
    SMTP Server Address :empty
    Connection Policy
    Fragmentation half-open wait: 10 secs
    TCP SYN wait: 30 sec.
    TCP FIN wait: 5 sec.
    TCP connection idle timeout: 3600 sec.
    UDP session idle timeout: 30 sec.
    H.323 data channel idle timeout: 180 sec.
    DoS Detect Criteria:
    Total incomplete TCP/UDP sessions HIGH: 120 session
    Total incomplete TCP/UDP sessions LOW: 115 session
    Incomplete TCP/UDP sessions (per min) HIGH: 115 session
    Incomplete TCP/UDP sessions (per min) LOW: 110session
    Maximum incomplete TCP/UDP sessions number from same host:30
    Incomplete TCP/UDP sessions detect sensitive time period: 900 msec.
    Maximum half-open fragmentation packet number from same host:20
    Half-open fragmentation detect sensitive time period: 10000 msec.
    Flooding cracker block time: 300 sec.
    DMZ = disable
    There are NO ports set.
    The NAT Mapping table is 16 pages long.
    SIP/VoIP only mentions 5060 with no ranges
    Well I hope that is the info you wanted
    Cheers
    Message was edited by: greatfinewine
    Message was edited by: greatfinewine

  • I am unable to set up my new Time Capsule with my BT Home Hub - every time i connect the ethernet cable from Wan port to Home Hub, the internet signal drops

    Hi there -
    I've just purchased a new Time Capsule, and would like to set up a small home network with my Laptop, iMac and wireless printer. I'm following the first steps, but as soon as I connect an ethernet cable between the WAN port of the TC and the ethernet port of the HH, my BT internet connection drops out and I have to restart the HH. Upon which point it drops out again. The airport utility can see my TC, and gets as far as me typing in the new network name and setting up a password, but then it can't quite get through to the next stage. All the time it's just flashing amber.
    Please help!

    Setup the TC in bridge mode before you cannot it to the HH.
    Simply do the setup fully in isolation. And do it by ethernet.
    Setup wireless to create a wireless network.
    You can use either same SSID =Wireless name as the HH .. same security same password.
    Or use a different name and setup.. totally up to you.
    Update the TC and then plug it into the HH by ethernet.

  • Address Book Server - access from WAN

    I can access my Address Book Server using the server's LAN IP address but not its domain name.
    I have set up a global Address Book using the technique suggested in this thread https://discussions.apple.com/message/10571482#10571482 which works well. I have a couple of users set up who can see changes the other user makes to the Global Address Book.
    The Global Address Book is accessed at my OS X Server's LAN address, 192.168.1.1 with the details as stated in the above thread.
    I should (and want to) be able to access the Global Address Book from outside my LAN using the OS X Server's fully qualified domain name, myserver.mydomain.tld. But it doesn't. The client (10.7) Address Book fails to access. The domain address is correctly mapped to the server and works for other services such as iChat. Router ports are (obviously) open.
    So I can set up a client Address book using 192.168.1.1:8800/principals/groups/abglobal/ but not myserver.mydomain.tld:8800/principals/groups/abglobal/ nor over port 8843 & SSL.
    Any clues?
    Thanks!
    Message was edited by: David Gordon to correct a typo.

    aneez_backer wrote:
    The application retrieves the contents of 'address book' when provided with login information of yahoo or any other email account. Can somebody let me know the way to do it??
    Yahoo might...
    I believe that for different email service providers, the method to access the address-book would be different. Can anybody leads to any of the service providers??
    It likely would be, if it's supported at all. Ask the support department of your service provider.

  • My mac mini is sleeping 2mn after being woken up from WAN

    I am using Mountain Lion, and I set my energy settings to sleep 15mns after system idle.
    I set up my router to proxy the wake on WAN to a Wake on LAN via a Magic Packet on port 9. Any hints?

    Hello,
    Open console in Applications>Utilities, check the system log for the date/time of the last problem  & the Startup right after that for clues.
    Search for sleep.

  • Port 5900 appears blocked from WAN

    I have 39 Macs I am remotely administering but a few (2) seem to have port 5900 for VNC as blocked.  We have rules out our router as a PC at the same location can VNC no problem through that route/firewall.  So it seems to me that the port is being blocked on that Mac.  The remote management setting are all set to allow and the internal ipfw is turned off.  At one time IceFloor was installed but those settings have been dumped and uninstalled.  Is there a way to restore all the ipfw setting to open to ensure it is not the Mac blocking the port?

    Looks like I can't edit my original question...
    The problem is still happening, I've been doing some testing to narrow it down...
    + it's not just my computer (have also tried from my mums PowerPC and my sisters iMac), although it could be a mac thing (I don't have a windows machine to test from, only windows running on a mac, though I will give that a shot later)
    + it's not my internet connection (although it could be my ISP - I tested at my sisters place, who uses the same ISP as me, am looking for another testing location that has a different ISP)
    + it's not my website (have tried uploading to a completely unrelated website with similar results)
    + it's not cyberduck (have tried with filezilla, similar results, also tried via terminal - I don't know how to upload files, but when I connected, it connected through a different port, a 5 digit number, can't remember what now).
    Not too sure where to go from here...

Maybe you are looking for

  • Servlets Vs Standalone Application?

    Servlets Vs Standalone Application? I know this is an extremely broad subject, but put very simply can anyone give me a basic list of pros & cons in writing an application on a network with either of the two mentioned technologies?!? We will need sec

  • Problems reinstalling after system restore.

    Hey. I tried to address this with the Adobe helpdesk, but I couldn't get through the process. The system seems to be under the impression I don't own an adobe product. Anyway, I've been having some problems recently with cs3. I bought it about one ye

  • Oracle select data from ms access database

    please dear sirs, exactly what i need is when i make select statment from oracle sql, i can select data from ms access database please help me thanks in advance Yasser Edited by: user4490340 on 27-Oct-2010 01:09

  • PI Certification TechEd 2009

    Hello, This would be my first visit to SAP TechEd and I am aspiring to apply for the PI Certification. Kindly guide me as to whether the ILT pre-requisite courses of TBIT40 & 44 are mandatory to attend in order to register for the certification. What

  • Elements 11 Organizer hangs up loading preferences

    I have noticed people have had the same issues with previous versions. please I have had elemens for 2 weeks and can't use ut. Specifics - I launch Organizer, go edit preferences and any one I pick just gets hung up loading My computer is a Windows P