Opening of TCP/IP Port 53 in Firewall

Similar Messages

• Which TCP/UDP ports need to be opened on a firewall for adobe reader and flashplayer?

  Which TCP/UDP ports need to be opened on a firewall for adobe reader and flashplaer to operate properly? This would include updating, linking, and any subset of features.

  The Acrobat Family uses TCP HTTP/HTTPS for all traffic. The following processes and ports may be active on a Windows client machine:
  AdobeARM.exe - automatic updates - port 443
  AcroRd32.exe - brand messages - port 443
  AcroRd32.exe - links in documents - anything specified in the URL
  Acrobat.exe - brand messages - port 443
  Acrobat.exe - links in documents - anything specified in the URL
  AdobeCollabSync.exe - Tracker review data - port 443
  The same ports are used by the  program components on OS X.
  There are no inbound listening ports for any elements of the Acrobat Family. Automatic updates are not pushed and there are no server processes within the software.

• Which TCP/IP ports do I have to open in order to get communication

  I have an enterprise portal. based on EHP1 and I want to patch it. So I need to connect it to Solution manager.
  However systems are in different networks.
  I wander which TCP/IP ports do I have to open in order to get communication between the two systems.
  I am trying to fid documentation for this case but every documentation asumes systems are in same network

  It's fascinating that that document hasn't been replaced/updated in five years.  Regardless, I've noticed an inconsistency in how they list the needed ports. 
  For example, they mention that port 5nn13 is needed for (I think) the Netweaver Start Service, and mention that the nn should be replaced with the instance number (00-99).  That's one hundred ports (50013, 50113, 50213, ... 59913).  Yet, in the "Range" column, they significantly mis-describe that as 50013-59913, which adds another 9801 completely unnecessary holes to put into a firewall.  (e.g. 50026, 51058, 53077, etc etc)
  They do that for most of the ranges they use that nn shorthand with... 5nn00, 5nn01, 5nn14, 5nn16, etc.
  In short, following the description they give in the "Range" column will have one opening thousands upon thousands of unnecessary holes in the firewall.

• HT4814 TCP and UDP ports on router firewall to allow server to server administration running mavericks and server app 3.0?

  What TCP or UDP ports do I need to open on my router firewall to allow server to server administration running maverics and server app 3.0?

  Also you may want to open tcp port 625 so that you can update the server's OD master.
  More info can be found here: http://support.apple.com/kb/ts1629  Well known TCP/UDP ports used by Apple Products.
  HTH
  - Leland

• RDS and Gateway issues: Cannot get remoteapps to run without opening port 3389 on firewall

  I am testing the setup of a small RDweb server to host QuickBooks for some remote sales users (4 users). For the most part, I have everything installed on one virtual server (using 2012r2 "Quick Start" session host deployment with the additional
  Licensing and Gateway server roles added to the same server).
  Everything works excellent with one exception. External clients cannot launch published apps without having port 3389 open on the firewall, even with the gateway role installed and the 'Deployment Properties' set to use the gateway. They can properly connect
  to the RDweb site and view the published apps. The only way it works is open the firewall port (at which time I can disable the gateway or leave it configured and it works either way). Internally, everything works accordingly. I have followed the steps outlined
  on many sites and have combed though the forum here to no avail.
  Error received (summarized but is a well documented error):
  remote desktop can't connect to the remote computer: 1- Your user account is not listed (it actually is) or 2- You might have specified the remote computer in NetBios format . . etc.
  This is an existing SBS 2011 environment with additional virtual servers setup to host QuickBooks as outlined below:
  Current setup:
  Used Quick Start to install Remote Desktop Services in hosted sessions mode
  Installed the additional roles for Licensing and Gateway server on same server
  Configured wild card public certificates on all four services (Connection Broker(2), Web Access and Gateway)
  Configured internal DNS to properly lookup our external FQDN of this server (ex. quickbooks.contoso.com points to quickbooks.contoso.local
  One thing I noticed (just now) when I launch a published app and the firewall has port 3389 closed, a dialog box pops up directly after launching the app that warns about running a RemoteApp program and mentions the Remote Computer and the Gateway Server
  as both the same (which it is); however, I would have assumed one would have listed the internal server's name while, instead, both are listed as the external FQDN. Either way, internal DNS should still allow it to properly route . . no? I don't know . . I'm
  sure I am just missing something in a routing configurations somewhere. The gateway service is not properly looking up the RDweb service and then seeming not routing the encapsulated RDP session through HTTPS. . .. is my guess . .
  I was reading about the "set published name" commandlet; however, I am not experiencing a certificate name mismatch; however, the certificate name does show up as *.contoso.com versus the actual name. I may just be grasping as straws now . . :)

  Ok, while I was in the server and looking over the BPA scans: "The Remote Desktop Gateway (RD Gateway) server Secure Sockets Layer (SSL) certificate may not have a valid certificate subject name." This may be due to it showing up as *.companyname.com
  versus quickbooks.companyname.com. Anyhow. .. on to the list of actions above:
  Changed RD RAP from "Select Active Directory" group to "Allow any network resource" and tested with port 3389 closed on firewall:
  Worked. Initially it did not as I had used a custom shortcut created from earlier; however, after logging into the RDweb site again, the application loaded fine now (after the RD RAP change)
  No error message appeared; however, I did notice that for a split second, the word Error did appear in the browser's tab title, but only very shortly. The app launch does take a bit longer too now (about 10-15 seconds, up from about 4 seconds with the port
  open). This, I could care less about so long as we are properly forwarding the traffic through the gateway.
  As for log entries, I had spend quite a bit of time in there and only had minor issues with loading user profile setting taking too long and policy settings preventing the redirection of USB devices. Looking again, no issues still. Just a bunch of informational
  entries where I would connect before (and disconnect) but only with the port on the firewall open; otherwise, there was not an entry corrolating to when I would receive an error before. Now though, I am connecting after the RD RAP change and logs are showing
  connections even with the port closed. These are in "operational", the "admin" log only shows the update to the RD RAP configuration.
  Yes, the LAN's DNS server does relay the lookup information for my public FQDN as the local LAN address. No need for a local host record.
  I have now added a new rule in our firewall to allow and forward UDP port 3391 traffic to the internal server hosting remote services
  Thank you very much for your assistance on this matter. The RD RAP rule was default built during the creation of this services. Why is the resource not cross-referencing AD security groups? I could have sworn I created a group for that . . .

• TCP/UDP Ports and site used by FEP to download updates - needed to allow on perimeter firewall

  Can some one point me with information like what TCP/UDP ports are utilized by FEP and what DNS / site Name it uses to download FEP Updates. This is needed to tighten perimeter FireWall policies
  Thank you

  It should be the same as the documentation for all Software Updates:
  https://technet.microsoft.com/en-us/library/bcf8ed65-3bea-4bec-8bc5-22d9e54f5a6d#BKMK_ConfigureFirewalls
  Make sure to expand the "restrict access to specific domains" section to see the update related URLs.

• Opening a port in the firewall

  I want to be able to use pulptunes, but I need to be able to open a port in my firewall (15000), how do I go about this?

  erikagwen,
  Leopard has a new "Application Firewall." What this means for you is that it will automatically configure itself to allow your application to communicate, opening ports as needed, provided you authorize it to do so. When you first launch the application, the firewall will detect the "sockets" that it creates, and ask if you wish to allow it to accept outside requests.
  It is also likely that you are behind a router, which will be running its own firewall. For this, you'll need to first determine the ports involved, then check and follow your router's documentation for forwarding those ports to your computer.
  Scott

• What TCP/UDP ports need to be open for VPN Client version 4.8?

  What TCP/UDP ports need to be open for Cisco VPN Client version 4.8 to work?
  Thanks,

  Normally, you need the following ports and protocol :
  UDP 500
  UDP 4500
  ESP
  In case, you are using IPSec over TCP you have to open, TCP port 10000 or any other port you want to use for IPSec connections (Its configurable).
  -Kanishka

• How to free tcp/ip port in Mac OS X v10.6 Snow Leopard

  weeks ago i installed graboid on my imac and it's having trouble downloading files. this is what appears whenever i open graboid:
  +SABnzbd.py 0.4.6 failed to start.+
  +The Graboid Download Manager needs a free tcp/ip port for its internal web service.+
  +Port 11234 on localhost was tried , but it is not available.+
  +Please ensure that your firewall grants access to GraboidDLManager.exe and port 11234 and 119 aren't blocked.+
  +Some other software may be using the port or the download manager is already running.+
  +Please verify that another instance of the download manager is not already running. To do this, press CTRLShiftEsc or open your task manager. Make sure the Processes tab is selected and look for "GraboidDLManager.exe" in the list. If it is there, click on it and then press the "End Process" button. After that, please restart Graboid.+
  +Open a Terminal window and type the line (example):+
  +/Applications/SABnzbd.app/Contents/Resources/SABnzbd.py --server localhost:11235+
  +Open a Terminal window and type the line (example):+
  +/Applications/SABnzbd.app/Contents/Resources/SABnzbd.py --server localhost:11235+
  "/>
  how do i free a port in snow leopard? i already allowed incoming connections from graboid in my security preferences but still it wouldn't work. help please. thanks

  Do you use a router to connect to the internet? If so the port needs to be mapped to your local machine.

• IE HTTP close (reset) - port reuse causing firewall issues

  Having an issue with some systems reusing the same TCP port number between sessions, causing the firewall to drop the connection.
  Internet Explorer is creating the HTTP socket connection to port 80. An ephemeral port (assigned by Windows) is bound to the local side of the connection. The first connection goes through just fine. The socket is
  closed/reset. However, the very next connection (hundreds of milliseconds later), is using the same ephemeral port, causing the firewall to discard the connection.
  I have tried setting TcpTimedWaitDelay in the registry but that did not help. Since the socket is being reset, it never goes into the TIME_WAIT state.
  Any suggestions? This does not happen consistently - on the order of 10s of times per day.
  Thanks!

  Problem is still occurring. Customer has built a new client system with MS-only software (no virus protection, etc.). Upgraded this system to IE9.  Problem is still occurring. Tried disabling NativeXMLHTTP option but no difference.
  Here is the ASP VBScript code that causes the error to appear:
  function SubmitPost(data,ErrHow)
  var d = new Date();
  return SendData('POST','TDMaster.asp?InstID=' + document.getElementById("tdInstance").value + '&UID=' + d.getTime(),data,ErrHow,0);
  //Returns valid version of MSXML
  function GetMSXML()
  var progIDs = ['Msxml2.XMLHTTP.6.0','Microsoft.XMLHTTP'];
          for (var i = 0; i < progIDs.length; i++) {
              try {
                  var http = new ActiveXObject(progIDs[i]);
                  return http;
              catch (ex) {
          return null;
  // Function that actually sends the data and returns the response
  // Format 0 = XML
  // Format 1 = Binary
  var http;
  var timedOut;
  function SendData(method,url,data,ErrHow,Format)
              http =  GetMSXML() ; 
              var ResultXML;
              var e;
              http.open(method, url, false);
              http.setRequestHeader("Content-Type","application/x-www-form-urlencoded");
              http.setRequestHeader("Content-Length", data.length);
              try {
                          http.send(data);
                          if(Format == 0) {
                              return http.responseText;
                          } else {
                              return http.responseBody;
              } catch(e) {
                                  return CreateError(e.number, e, ErrHow);

• Port Forwarding Cisco firewall

  Hi,
  In Cisco Firewall 2900 seires
  trying to use port forwarding
  but not communication please help me.
  Reg
  Manoj.

  : Saved
  : Written by enable_15 at 23:01:39.772 UTC Thu Jan 30 2014
  name 10.10.70.X.40 FinalPdf
  name 201.256.x.x Youfinalip
  interface Ethernet0/0
  nameif YOUB
  security-level 0
  ip address 201.256.x.x.254.82 255.255.255.248
  interface Ethernet0/2
  nameif inside
  security-level 100
  ip address 10.10.70.X.1 255.255.255.0
  interface Management0/0
  nameif management
  security-level 100
  ip address 192.168.1.1 255.255.255.0
  management-only
  ftp mode passive
  object-group protocol TCPUDP
  protocol-object udp
  protocol-object tcp
  object-group service ftp tcp
  port-object eq ftp
  port-object eq ftp-data
  port-object eq 14147
  object-group service any tcp-udp
  port-object range 1 65535
  object-group service DM_INLINE_TCP_1 tcp
  group-object ftp
  port-object eq ftp-data
  access-list EXEMPT extended permit ip 10.10.70.X.0 255.255.255.0 192.168.10.0 255.255.255.0
  access-list EXEMPT extended permit ip 10.10.70.X.0 255.255.255.0 10.70.0.0 255.255.0.0
  access-list EXEMPT extended permit ip 10.10.70.X.0 255.255.255.0 192.168.0.0 255.255.0.0
  access-list inside_access_in extended deny object-group TCPUDP any any eq domain
  access-list inside_access_in extended permit ip any any
  access-list YOUB_mpc extended permit ip any any
  access-list YOUB_access_in extended permit object-group TCPUDP any interface YOUB inactive
  access-list YOUB_access_in extended permit tcp any host Youfinalip object-group ftp
  pager lines 24
  logging enable
  logging emblem
  logging asdm-buffer-size 512
  logging buffered debugging
  logging trap debugging
  logging history debugging
  logging asdm debugging
  logging device-id hostname
  logging debug-trace
  logging ftp-bufferwrap
  logging ftp-server 10.10.70.X.251 firwall/ firwall firwall
  logging class auth trap emergencies asdm emergencies
  mtu YOUB 1500
  mtu SIFY 1500
  mtu inside 1500
  mtu WAN 1500
  mtu management 1500
  ip verify reverse-path interface YOUB
  ip verify reverse-path interface inside
  icmp unreachable rate-limit 1 burst-size 1
  asdm image disk0:/asdm-645.bin
  asdm location Testpdf 255.255.255.255 inside
  asdm history enable
  arp timeout 14400
  global (YOUB) 1 interface
  global (SIFY) 1 interface
  nat (inside) 0 access-list EXEMPT
  nat (inside) 1 10.10.70.X.0 255.255.255.0 dns
  static (inside,YOUB) tcp Youfinalip ftp Testpdf ftp netmask 255.255.255.255
  access-group YOUB_access_in in interface YOUB
  access-group inside_access_in in interface inside
  route YOUB 0.0.0.0 0.0.0.0 201.256.x.x.254.81 1 track 1
  route inside 0.0.0.0 0.0.0.0 10.10.70.X.1 10
  route WAN 10.60.0.0 255.255.255.0 10.70.100.38 1
  route WAN 192.168.8.0 255.255.255.0 10.70.100.38 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  dynamic-access-policy-record DfltAccessPolicy
  aaa authentication http console LOCAL
  aaa authentication ssh console LOCAL
  http server enable
  http 192.168.1.0 255.255.255.0 management
  http 0.0.0.0 0.0.0.0 inside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  sla monitor 100
  type echo protocol ipIcmpEcho 4.2.2.2 interface YOUB
  num-packets 3
  frequency 10
  sla monitor schedule 100 life forever start-time now
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec security-association lifetime kilobytes 4608000
  track 1 rtr 100 reachability
  telnet timeout 5
  ssh scopy enable
  ssh 10.10.70.X.0 255.255.255.0 inside
  ssh timeout 5
  console timeout 0
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  webvpn
  username cisco password 3USUcOPFUiMCO4Jk encrypted
  class-map YOUB-class
  match access-list YOUB_mpc
  class-map inspection_default
  match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
  parameters
    message-length maximum client auto
    message-length maximum 512
  policy-map global_policy
  description ftp
  class inspection_default
    inspect dns preset_dns_map
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny 
    inspect sunrpc
    inspect xdmcp
    inspect sip 
    inspect netbios
    inspect tftp
    inspect ip-options
    inspect ftp
  class class-default
    ips inline fail-open
  policy-map YOUB-policy
  class YOUB-class
    ips inline fail-open sensor vs0
  service-policy global_policy global
  service-policy YOUB-policy interface YOUB
  smtp-server 10.10.70.X.18
  prompt hostname context
  no call-home reporting anonymous
  call-home
  profile CiscoTAC-1
    no active
    destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
    destination address email [email protected]
    destination transport-method http
    subscribe-to-alert-group diagnostic
    subscribe-to-alert-group environment
    subscribe-to-alert-group inventory periodic monthly
    subscribe-to-alert-group configuration periodic monthly
    subscribe-to-alert-group telemetry periodic daily
  Cryptochecksum:aace81256bc60bc50469f80cb0c4641a
  : end

• TCP/UDP Ports

  Does anyone know which ports on the firewall/router do I need to open for NAT (Network Address Translation) so that I can access the database from outside the firewall by SQLnet.

  default tcp/1521
  but u can change it

• TCP/UDP ports between Cisco PI 2.0 and WLC5508

  Hello,
  I will install Cisco PI 2.0 behind a firewall for security reason. The WLC5508 is before a firewall. Can anybody let me know which TCP/UDP ports need to be open specifically between the Cisco PI and WLC? I don't see that from the below link.
  Cisco Prime Infrastructure 2.0 Quick Start Guide
  http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/2-0/quickstart/guide/cpi_qsg.html#wp46865
  Thanks,
  Robert

  Firewall Between the WCS and Controller or WCS and the WCS User Interface
  When a PI server and a PI user interface are on different sides of a firewall, they cannot communicate unless these ports on the firewall are open to two-way traffic:
  80 (for initial http)
  69 (tftp)
  162 (trap port)
  443 (https)
  Open these ports in order to configure your firewall to allow communications between a PI server and a PI user interface.
  Regards
  Dont forget to rate helpful posts

• Checking TCP/UDP ports!

  What's up everybody,
  Does anyobody know how to check if a port is open? (tcp/udp)
  thanks!
  matio,

  Welcome to the forums.
  Common Mac OS X tools used here include Network Utility, lsof, and telnet and ping, and dns-sd and ping for Bonjour and mDNS, depending on details are sought.
  (With the Windows entries from your footer, various of these tools and equivalents are what can be obtained by loading Cygwin or by loading Microsoft's SUA/SFU tools, and with some add-ons. PowerShell might or does have analogs here, but the old MS-DOS shell was pretty limited in what diagnostics were available without additions. There was telnet and ping, but some other bits were missing.)
  Add-on tools include nmap. (nmap is a fairly gonzo-useful tool for this sort of thing.)
  telnet works nicely for brute-force port tests on the LAN.
  And FWIW, if those public web site tools do work and if you're on your own LAN, then definitely also consider checking the settings of and consider upgrading the LAN security. Those tools and those web sites should be blocked by default by the firewall or the gateway device found on most any LAN; whether that's a low-end NAT device, a server-grade firewall, or otherwise.

• CTC TCP/UDP Ports numbers

  Does anyone know the TCP/UDP Port numbers that have to be opened up when using NAT, this is what I have:
  CTC PC >>>>>>>>>>> ROUTER >>>>>>>>>>>ONS15454
  The CTC PC and the ONS are on different IP Networks so I'm the router to translate from one to the other with NAT, configured the ONS15454 to use Socks.
  I used to have a document that explained this but I've lost it.
  THanks
  Chris

  Hi Chris.
  I see you already have provisioned the node for SOCKS Proxy.  If you want to be able to still have IP connectivity (for ping or telnet) to the ENE's, then enable the SOCKS Proxy Only option.  The SOCKS Proxy needs to be provisioned on the LAN connected 15454 at the very least.  You can also go to the CTC drop down menu:  Edit -> Preferences -> Firewall and change the port from being variable to static default.  That will further restrict the ports that are used by CTC.  This should resolve any intermittent connectivity issues in CTC if it is being caused by a firewall.
  www.cisco.com/en/US/docs/optical/15000r9_1/15454/sonet/reference/guide/454a91_nwconnectivity.html#wp42216
  "If  you launch CTC against a node through a Network Address Translation  (NAT) or Port Address Translation (PAT) router and that node does not  have proxy enabled, your CTC session starts and initially appears to be  fine. However, CTC never receives alarm updates and disconnects and  reconnects every two minutes. If the proxy is accidentally disabled, it  is still possible to enable the proxy during a reconnect cycle and  recover your ability to manage the node, even through a NAT/PAT  firewall."
  Lastly, to answer your question directly below is a link to the list:
  www.cisco.com/en/US/docs/optical/15000r9_1/15454/sonet/reference/guide/454a91_nwconnectivity.html#wp59962
  Table 14-6 Ports Used by the TCC2/TCC2P
  Thanks,
  Will