Opening port 5432 in linux
Hi,
iam not able to connect to postgresql in linux system from windows.it says "check if the server is listening to tcp/ip address through port 5432.
i configured postgreconf and hba.conf files but it doesnt resolve
The only thing I have seen is this:
http://heroinewarrior.com/quicktime.php3
Good luck
bin
Similar Messages
-
Default LaunchDaemons and open ports?
I recently have written a port scanner for a project at my university and after running it, I discovered that a large portion of my Macbooks' well known ports was open.
These were 21 (ftp), 22 (ssh), 23 (telnet), 53 (domain), 79 (finger)!!, 88 (kerberos), 512 (exec)!!, 513 (login), and a bunch of others (see picture below for open ports - afterwards entered @ grc.com).
I checked, if they are reachable from the internet (see picture below). They were not, but that does not say a lot(?), because if someone wanted to make a bot out of my Mac or collect data from it, this person could contact a C&C server from my machine and start communicating without opening any port of the NAT router, as the router allows bidirectional communication if started by the client(?).
I checked, if these ports are reachable from within a local network, by requesting the services behind them from another computer running Linux. And they are! Everyone within the Non-VPN networks of my university was and is able to fetch personal information from me over fingerd! To prevent further leakage, I will block any incoming connections from now on.
> finger user@{Macbook's IP}
same output as when running locally
> finger user@localhost
[localhost]
Trying ::1...
Login: MyUserName Name: MyNameReplaced
Directory: /Users/MyUserName Shell: /usr/local/bin/fish
On since Sun Oct 26 13:02 (CET) on console, idle 7:52 (messages off)
On since Sun Oct 26 17:15 (CET) on ttys000
On since Sun Oct 26 20:25 (CET) on ttys001, idle 0:05
No Mail.
No Plan.
I am able to login to the Mac via telnet over the LAN, etc.
I checked the configuration of my firewall. It is/was activated. Signed software is allowed to accept incoming connections. Cloaking is not activated and I am not blocking every incoming connection. There are five services in the list below, they are all from Apple. I can not remove them. The minus button is grayed out.
When I ticked 'Block all incoming connections', the services behind the ports were no longer detectable/reachable from the LAN, but the daemons are still running on the Mac!
So my question is, why are these daemons running?! Why on earth is the fingerd running or exec?! This seems not normal. Who has started them (software or person)? I strongly limit access to my computer. I always lock it, when leaving it unattended. I use NoScript in Firefox. Never do I open attachments from mails.
I checked the Mac of a friend with my PortScanner (in his LAN and on his Mac) and his has none of the ports open mine has.
I have not checked my ports/firewall for a long time, so I can't remember if those ports were closed at any time before.
Meanwhile I will read something about launchd, to gather more information.I'm not an expert on this, but I'm not certain what you are concerned about. All messaging in unix systems is done through ports, and so a variety of ports need to be open for normal system operations. OS X out-of-the-box probably strikes a balance between convenience and paranoia - ports that might be more secure closed left open by default so that novice users aren't driven out of their wits - but I can't imagine that it leaves open anything that constitutes a true vulnerability. Or if it does, you should file a bug report.
I'm told every med student suffers from hypochondria at one point or another, and I know that every comp sci student will sooner or later have a short freak-out over security. So take a deep breath... -
RMI firewall issue - opening port 1099 is not enough
Hello,
We have a distributed java desktop app that uses RMI with callbacks to communicate amongst the clients. It all works really well at our dev site and at 2 trial sites.
We are about to deploy out to more customer sites - so I have been doing more testing with firewalls etc and discovered some issues. Our customers are small businesses and typically have between 1 and 10 desktop clients that connect to the server via RMI. These customers are "very NOT technical", so we need to give them set-and-forget firewalls etc.
This is all on a LAN, with RMI using port 1099. On the firewalls (of the various PCs) we open ports 1099 (RMI) and 5432 (for the Postgres DB).
Also, I was using "CurrPorts" and "SmartSniff" to monitor the traffic at each PC - so I had a reasonable view of proceedings.
Basically, opening port 1099 on the server is necessary, but it is NOT ENOUGH. The RMI moves off to ports other than 1099, and the server firewall does not allow the connection.
Procedure ...
(1) start the "server" app - which starts the RMI registry - the "localhost" desktop app also starts and it works well to both the database and the RMI.
(2) start another client - it connects to the DB Server, but NOT the RMI server.
(3) open the server firewall to all traffic for a few seconds - then the client connects successfully.
From CurrPort logging I could watch the RMI comms progress over those first few minutes ...
Initially the comms do include port 1099 on the initial call to the server, but there after there are always 2 or 3 "channels" open, but not to 1099.
I notice that the Postgres DB keeps using port 5432 for all of its active channels - so it does not have the same firewall issue.
After we have opened the firewall for a few seconds - to enable the link - then we can turn the client on and off and the client re-connects without issue - so it would seem to be only an issue with the initial connection.
I am sure that this is all completely standard and correct RMI behavior.
QUESTIONS:
1. Can RMI be "forced" to always use port 1099 for connections, and not move to other ports? (like the database uses 5432)
2. Are there any suggestions for getting around this seemingly standard RMI behaviour?
Other comments ...
The firewall lets me open individual ports (say 1099) - BUT I can not justify opening ALL ports.
The firewall lets me open all ports to an application, say "C:\Program Files\Java\jre6\bin\java.exe", but that app will occasionally change at a customer's site as they will update their java version and suddenly our app will stop working.
Any guidance is appreciated.
Many Thanks,
-Damian1. Can RMI be "forced" to always use port 1099 for connectionsYes. Export all your servers on the same port. See UnicastRemoteObject constructor that takes an int, or UnicastRemoteObject.exportObject(int). If the RMI Registry is a separate process you can't re-use 1099 for this purpose, but see below.
2. Are there any suggestions for getting around this seemingly standard RMI behaviour?Yes. Start the RMI Registry in the same JVM as the code, then you only need to use 1099 for everything.
If you are using server socket factories, make sure they have an equals() method, or use the same instance for all remote objects. -
Hi,
I am using Oracle Enterprise Linux 5.0.Here if I open the port number 2372 by using iptables, it will not open.I am checking this port status by using the command " telnet 192.168.0.1 2372". I get the message as following
telnet: connect to address 192.168.0.1: Connection refused
telnet: Unable to connect to remote host: Connection refused
Is this procedure correct to get the port status? Can anybody please guide me to open this port?A port can have 3 statusses:
-Open (port is reachable, a deamon is using port)
-Closed (port is reachable, NO daemon is using this port)
-Filtered/firewalled (port is NOT reachable)
use nmap to look for the status of a port, NOT telnet. Telnet is only very limited usable for network port investigation.
In your case:
$ nmap localhost -p 2372
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2008-12-19 10:39 CET
Interesting ports on localhost (127.0.0.1):
PORT STATE SERVICE
2372/tcp closed unknown
Nmap finished: 1 IP address (1 host up) scanned in 0.196 seconds
$ telnet localhost 2372
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused
mind the status "closed"
now see how it works when a daemon is using the port:
$ nmap localhost -p 22
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2008-12-19 10:41 CET
Interesting ports on localhost (127.0.0.1):
PORT STATE SERVICE
22/tcp open ssh
Nmap finished: 1 IP address (1 host up) scanned in 0.142 seconds
$ telnet localhost 22
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
SSH-2.0-OpenSSH_4.3p2 Debian-9etch3
^]
telnet> quit
Connection closed.
(nb: if telnet gets stuck, CTRL-] can be used to get the telnet prompt, and quit can be used to quit telnet)
mind the status "open"
Now the final one, a real firewalled port:
$ nmap www.ziggo.nl -p 22
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2008-12-19 10:47 CET
Interesting ports on www.ziggo.nl (213.51.129.54):
PORT STATE SERVICE
22/tcp filtered ssh
Nmap finished: 1 IP address (1 host up) scanned in 10.331 seconds
$ telnet www.ziggo.nl 22
Trying 213.51.129.54...
Mind the status 'filtered'!
Also, because the port is firewalled, there's no communication, so telnet will not show anything besides 'Trying <ipaddress>".
(please mind that nmap pings the host prior to testing the port. If a host is not responding to pings, and you still want to test something, use "-P0" (minus P zero) to disable pinging in advance) -
NIO and open ports not showing up during portscan
Hi
I have an application that binds port 4444 and 4445 default. I can establish an conection to both ports with telnet for example and when I just portscan those ports they are detected:
$ nmap -p 4444-4445 localhost
Interesting ports on localhost.localdomain (127.0.0.1):
PORT STATE SERVICE
4444/tcp open krb524
4445/tcp open unknown
but when I try to scan the whole range 4445 disappears. Here is the output:
$ nmap localhost
Interesting ports on localhost.localdomain (127.0.0.1):
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
113/tcp open auth
1024/tcp open kdm
4444/tcp open krb524
5432/tcp open postgres
I reccon that this means that I will lose some connections during high load.
Does this have anything to do with the timeouts I specify for select() or is it a problem deaper down in nio?.All this means is that there is something seriously wrong with nmap.
-
Port scan results: unexpected open port on my wrt160nl
I ran NMap on the internet side of my wrt160nl, and was surprised to find port 55637 open. I have two ports forwarded and this open port is neither of those. I updated my router firmware and the open port moved to 63932, then after a reboot the open port moved back to 55637. I connected to that port with telnet, and it slammed shut as soon as I tried typing any ASCII key. I can see this open port from both sides of my router. A couple of questions: Could this be malware running on the router? Can anyone recommend any tools that might be able to determine what service is running on that port? Thanks! HeXwAvE
Nope didn't fix fix it. There still seems to be an internet facing port open on my router.
1. I reset the router.
2. Upgraded the firmware.
3. Ran http://ping.eu/port-chk/
The only change is that no port 63932, rather than 55637 is open. I suspect http://ping.eu/port-chk/ only checks well-know ports below 2200. I re-ran nmap, this time using -sV, and it reports 63932 as "tcpwrapperd", Insecure.org says:
"tcpwrapped" refers to tcpwrapper, a host-based network access control program on Unix and Linux. When Nmap labels something tcpwrapped, it means that the behavior of the port is consistent with one that is protected by tcpwrapper. Specifically, it means that a full TCP handshake was completed, but the remote host closed the connection without receiving any data. It is important to note that tcpwrapper protects programs, not ports.
This means that a valid (not false-positive) tcpwrapped response indicates a real network service is available, but you are not on the list of hosts allowed to talk with it. When such a large number of ports are shown as tcpwrapped, it is unlikely that they represent real services, so the behavior probably means something else.
Which hosts? It looks like a back door or security vulnerabilty from where I'm standing. Scary. -
I have an airport extreme and I am trying to play a new game on my xbox one and it keeps kicking me I have comcast internet that is more than fast enough so I went to the games site and it says I need to either create a static ip or to open ports no idea how to do either of these or what that does any help would be appreciated.
There are heaps of posts here about how to open ports on apple routers specifically for xboxes.
AirPort Extreme and xbox 360 -
I am encountering a strange behavior in new zones created using zonemgr 2.0.6 (this is the only way I create zones, so I do not know if the issue is more general). When I create a new zone, two strange things are happening:
1. Immediately after the zone is created, no services are running, not even ssh
2. About 10 minutes later, a whole bunch of services are running. Most of these are not running on the global zone.
For reference, nmap output on the global zone is the following:
[dcomsm1@dcomsm1:~] $ nmap t2000
Starting Nmap 5.00 ( http://nmap.org ) at 2010-02-28 20:51 EST
Interesting ports on 131.247.16.134:
Not shown: 991 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
2161/tcp open apc-agent
3052/tcp open powerchute
4045/tcp open lockd
32774/tcp open sometimes-rpc11
32775/tcp open sometimes-rpc13
32776/tcp open sometimes-rpc15
32777/tcp open sometimes-rpc17
The new zone is created using the following zonemgr arguments:
[root@t2000:~/zonecfgs] # more ./temp.sh
#!/usr/bin/bash
./zonemgr -a add -n drenkhah -z "/export/zones" -P "root_pw" -I "131.247.16.159|e1000g0|25|drenkhah" -R "/root|/usr/bin/bash" -s "basic|lock"
zone creation output is as follows:
[root@t2000:~/zonecfgs] # ./temp.sh
Checking to see if the zone IP address (131.247.16.159) is already in use...IP is available.
cannot create '/drenkhah': leading slash in name
chmod: WARNING: can't access /export/zones/drenkhah
chown: /export/zones/drenkhah: No such file or directory
Zone drenkhah will be placed in the following directory: /export/zones/drenkhah
Preparing to install zone <drenkhah>.
Creating list of files to copy from the global zone.
Copying <2568> files to the zone.
Initializing zone product registry.
Determining zone package initialization order.
Preparing to initialize <1042> packages on the zone.
Initialized <1042> packages on zone.
Zone <drenkhah> is initialized.
The file </export/zones/drenkhah/root/var/sadm/system/logs/install_log> contains a log of the zone installation.
Creating the sysidcfg file for automated zone configuration.
Booting zone for the first time.
Waiting for first boot tasks to complete.
Waiting for automatic post-install reboot to complete
Updating netmask information.
Updating /etc/inet/hosts of the global zone with the drenkhah IP information.
Generating ssh host keys. Details in the (/root/.zonemgr/zone28330-ssh.log) file.
svcadm: Pattern 'svc:/network/ssh' doesn't match any instances
Setting the root user's home directory to /root
Setting the root user's shell to /usr/bin/bash
Disabling un-necessary services via basic method for the default services.
Zone drenkhah is complete and ready to use.
nmap output just after creating the zone is as follows:
[dcomsm1@dcomsm1:~] $ nmap drenkhah
Starting Nmap 5.00 ( http://nmap.org ) at 2010-02-28 17:53 EST
All 1000 scanned ports on 131.247.16.159 are closed
Nmap done: 1 IP address (1 host up) scanned in 29.39 seconds
nmap output 17 minutes later is as follows:
[dcomsm1@dcomsm1:~] $ nmap drenkhah
Starting Nmap 5.00 ( http://nmap.org ) at 2010-02-28 18:10 EST
Interesting ports on 131.247.16.159:
Not shown: 986 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
23/tcp open telnet
25/tcp open smtp
79/tcp open finger
111/tcp open rpcbind
513/tcp open login
514/tcp open shell
587/tcp open submission
4045/tcp open lockd
6112/tcp open dtspc
6788/tcp open unknown
6789/tcp open ibm-db2-admin
7100/tcp open font-service
Nmap done: 1 IP address (1 host up) scanned in 29.25 seconds
Note that there are many open ports
# uname -a
SunOS t2000 5.10 Generic_137137-09 sun4v sparc SUNW,Sun-Fire-T200
Thanks
ManishThe Leopard OS X firewall is application based and not port based. Honestly, I haven't played with it enough to know for certain how to answer your question.
But... when you do connection sharing, you're essentially doing a port based NAT for the systems on the other side of your Mac. This pretty much keeps you from initiating anything to the other system even without a local firewall unless you were to configure port forwarding.
As for blocking packets, you would need to use the 'ipfw' command to do things at the port level. -
Hello Rogue Amoeba support tells me, in order to get the Airfoil Speakers software to function, I must open port 5000 through 5005 on my router (WRT54G). I have scoured the .pdf manual, perused the web support site as well as the present forums. Mostly, I don’t know what much of this stuff means so I may have inadvertently passed up what I need to know. Mainly, I don’t want to screw up the router function as it is working just dandy. For all I know, ports 5000 through 5005 are already open. If anyone can give me some guidance in plain English, I would certainly appreciate it. Thanks.
Log in to the router set-up page. To do this, open up a web browser ( Internet Explorer , Firefox etc) and type on the address bar your default gateway (if left alone, it is usually 192.168.1.1). Just leave it's username blank, password as a default is admin.
Go to the Applications and Gaming tab then go to the Port Triggering subtab. Start port is 5000 and end is 5005 for both Triggered and Forwarded range. -
Help open port on ASA5510 (version 8.3)
Hi all,
I configured ASA to open port 21, 3389, 5900 (outside access in) but when i check port just success : 21 and 3389, Error: 5900
If i configured with only one port 5900 or 3389, is't ok, i don't undesrtand what 's the problem?
ASA5510>
ASA5510> ena
Password: ***********************
ASA5510# show run
: Saved
ASA Version 8.3(1)
hostname ASA5510
domain-name lohoi.local
enable password *********************** encrypted
passwd *********************** encrypted
names
interface Ethernet0/0
description Connect_to_Modem
nameif outside
security-level 0
ip address 10.0.0.2 255.255.255.0
interface Ethernet0/1
description Connect_to_Router2911
nameif inside
security-level 100
ip address 172.16.17.2 255.255.255.240
interface Ethernet0/2
shutdown
no na
no security-level
no ip address
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
interface Management0/0
description Management
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
ftp mode passive
clock timezone ICT 7
dns server-group DefaultDNS
domain-name lohoi.local
object network obj-any
subnet 0.0.0.0 0.0.0.0
object network ftpserver
host 192.168.88.90
description FTP server
object network Remote_Desktop
host 192.168.100.29
object network VNC
host 192.168.100.4
access-list 101 extended permit icmp any any
access-list 101 extended permit icmp any any echo-reply
access-list 101 extended permit tcp any any
access-list outside_access_in extended permit tcp any object ftpserver eq ftp
access-list outside_in extended permit tcp any host 192.168.100.29
access-list outside_in extended permit tcp any host 192.168.100.4
pager lines 24
mtu outside 1500
mtu inside 1500
mtu management 1500
icmp unreachable rate-limit 1 burst
asdm image disk0:/asdm-631.bin
asdm history enable
arp timeout 14400
object network obj-any
nat (inside,outside) dynamic interface
object network ftpserver
nat (inside,outside) static interface service tcp ftp ftp
object network Remote_Desktop
nat (inside,outside) static interface service tcp 3389 3389
object network VNC
nat (inside,outside) static interface service tcp 5900 5900
access-group outside_in in interface outside
route outside 0.0.0.0 0.0.0.0 10.0.0.1 1
route inside 192.168.88.64 255.255.255.224 1
route inside 192.168.100.0 255.255.255.0 172.16.17.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 management
http authentication-certificate inside
http authentication-certificate management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh 192.168.100.0 255.255.255.0 inside
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
username admin password *********************** encrypted privilege 15
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
service-policy global_policy global
prompt hostname context
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DD
CEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:667cb3ec729681c78ccab9a57abd89df
: end
ASA5510#ASA5510# show run
: Saved
ASA Version 8.3(1)
hostname ASA5510
domain-name lohoi.local
enable password ****************** encrypted
passwd ****************** encrypted
names
interface Ethernet0/0
description Connect_to_Modem
nameif outside
security-level 0
ip address 10.0.0.2 255.255.255.0
interface Ethernet0/1
description Connect_to_Router2911
nameif inside
security-level 100
ip address 172.16.17.2 255.255.255.240
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
interface Management0/0
description Management
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
ftp mode passive
clock timezone ICT 7
dns server-group DefaultDNS
domain-name lohoi.local
object network obj-any
subnet 0.0.0.0 0.0.0.0
object network ftpserver
host 192.168.88.90
description FTP server
object network remote_desktop
host 192.168.100.2
object network remote_vnc
host 192.168.100.4
access-list 101 extended permit icmp any any
access-list 101 extended permit icmp any any echo-reply
access-list 101 extended permit tcp any any
access-list outside_access_in extended permit tcp any object ftpserver eq ftp
access-list outside_access_in extended permit tcp any host 192.168.100.4 eq 5900
access-list outside_access_in extended permit tcp any host 192.168.100.2 eq 3389
pager lines 24
mtu outside 1500
mtu inside 1500
mtu management 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asd
asdm history enable
arp timeout 14400
object network obj-any
nat (inside,outside) dynamic interface
object network ftpserver
nat (inside,outside) static interface service tcp ftp ftp
object network remote_desktop
nat (inside,outside) static interface service tcp 3389 3389
object network remote_vnc
nat (inside,outside) static interface service tcp 5900 5900
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 10.0.0.1 1
route inside 192.168.88.64 255.255.255.224 172.16.17.1 1
route inside 192.168.100.0 255.255.255.0 172.16.17.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 management
http authentication-certificate inside
http authentication-certificate management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh 192.168.100.0 255.255.255.0 inside
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
username admin password ****************** encrypted privilege 15
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
service-policy global_policy global
prompt hostname context
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DD
CEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:4f061a213185354518601f754e41494c
: end
ASA5510#
So i configured again, but i'm not to access to 5900 port -
Hi, a few days ago I bought a wireless router WRT160n. I want to ask how to open some port for all in LAN(3 clients). For example all in LAN have PeerToPeer application for torrents. I want to open port for example 20202 for all. Now I open port from menu Applications & Gaming->Single Port Forwarding, but I must set port for each user IP address.
Can somebody tell me how to open port for all in LAN without to config for each computer?
Thanks in advance.Hi gv. I read more about UPnP and the WRT160n User Guide. In section Administration>managment int wrote that UPnP is Enabled by default in my router it is corect. I Setup mu PeerToPeer(eMule) TCP/UDP ports to 20202 and check option "Use UPnP to setup ports". I test and close this port on my router configuration for my computer on "Single Port Forwarding", but in eMule the port is still block. Can you explain why it did not work. For UPnP it says that if Enable it allow users with Windows ME and XP automatically to gonfigure Router ports
Thanks in advance!
Best Regards. -
Open ports on new airport extreme to play online games
hey, i have the new airport extreme and i wanna play online games.
how do i open ports with the utily that came on disk.
i have no clue how to configure it.
i tried in bridge mode, but than the airport starts flashing amber and other users in house wanna surf on the net aswel.
kind regardsAirport Utility -> Manual setup (Cmd+L)
Internet -> NAT
Enable a default host
Then in Internet -> DHCP
permanently assign the default host IP to the machine you're going to play the games on.
This is what other routers call the "DMZ" address. Be sure to run a firewall on that machine! -
Open port issues with Direct Print functionality
Hi, I have been fighting with HP call support about the Photosmart 7525 printer.
Originally I setup and had performed all the functions to enable both web support and WIFI.
Within an hour the printer would not respond to wireless communication, though it had its wireless indecator showing it was connected.
I was told by HP support that the issue will be resolved in March, as there will be a firmware update to fix the issue.
Now that I had the printer install the new firmware I still get the issue.
Though I found through some sniffing, that there are a number of ports enabled and open that are over and beyond print requirements.
Funny thing I can send my printer into instant lockup with all lights flashing with a simple UDP ping sniff. I would think I can do this with other new HP printers using Eprint functions. I will find HP web based printers that are open for public printing and test my theory that HP Eprinters are open to hacking and denyal of service attempts. My Hp print app on andriod list three in my area, and one is at my local Walmart. This would be cool to find this, as I am usually not the first to point such matters out.
I assume some are for Apple devices to print.
Here is my sniffing report:
Starting Nmap 6.40 ( http://nmap.org ) at 2014-03-21 07:57 Central Daylight TimeNSE: Loaded 110 scripts for scanning.NSE: Script Pre-scanning.Initiating ARP Ping Scan at 07:57Scanning 192.168.223.1 [1 port]Completed ARP Ping Scan at 07:57, 0.23s elapsed (1 total hosts)Initiating Parallel DNS resolution of 1 host. at 07:57Completed Parallel DNS resolution of 1 host. at 07:58, 16.50s elapsedInitiating SYN Stealth Scan at 07:58Scanning 192.168.223.1 [1000 ports]Discovered open port 445/tcp on 192.168.223.1Discovered open port 139/tcp on 192.168.223.1Discovered open port 80/tcp on 192.168.223.1Discovered open port 443/tcp on 192.168.223.1Discovered open port 8080/tcp on 192.168.223.1Discovered open port 9220/tcp on 192.168.223.1Discovered open port 6839/tcp on 192.168.223.1Discovered open port 631/tcp on 192.168.223.1Discovered open port 7435/tcp on 192.168.223.1Discovered open port 8089/tcp on 192.168.223.1Discovered open port 9100/tcp on 192.168.223.1Completed SYN Stealth Scan at 07:58, 1.71s elapsed (1000 total ports)Initiating UDP Scan at 07:58Scanning 192.168.223.1 [1000 ports]Discovered open port 5353/udp on 192.168.223.1Completed UDP Scan at 07:58, 1.82s elapsed (1000 total ports)Initiating Service scan at 07:58Scanning 20 services on 192.168.223.1Discovered open port 161/udp on 192.168.223.1Discovered open|filtered port 161/udp on 192.168.223.1 is actually open
Starting Nmap 6.40 ( http://nmap.org ) at 2014-03-21 07:51 Central Daylight TimeNmap scan report for 192.168.223.1Host is up (0.0025s latency).Not shown: 93 closed portsPORT STATE SERVICE VERSION80/tcp open http HP Photosmart 7520 series printer http config (Serial TH3AS711XZ05YZ)139/tcp open tcpwrapped443/tcp open ssl/http HP Photosmart 7520 series printer http config (Serial TH3AS711XZ05YZ)445/tcp open netbios-ssn631/tcp open http HP Photosmart 7520 series printer http config (Serial TH3AS711XZ05YZ)8080/tcp open http HP Photosmart 7520 series printer http config (Serial TH3AS711XZ05YZ)9100/tcp open jetdirect?MAC Address: A03:C1:BD:C8:34 (Unknown)Device type: printer|general purposeRunning: HP embedded, Wind River VxWorksOS CPE: cpe:/h:hp:laserjet_cm1415fnw cpe:/h:hp:laserjet_cp1525nw cpe:/h:hp:laserjet_1536dnf cpe:/o:windriver:vxworksOS details: HP LaserJet CM1415fnw, CP1525nw, or 1536dnf printer, VxWorksNetwork Distance: 1 hopService Info: Device: printer; CPE: cpe:/h:hphotosmart_7520OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .Nmap done: 1 IP address (1 host up) scanned in 34.11 secondsOK now I am able to run a full scan on TCP ports without causing a lock up of the printer.
I found that having the printer connect to a router that has been setup to use channel 5, 6 or 7 will cause port scanning issues with the printer.
It is obvious that there are 18 ports that are seen as open, whether they are used or not. Two of which are active but have no service connected to them. Some are just dead like port 25, but over half are active enough to recieve data and lock network connectivity within the printer.
As the firmware states some other laser jets may be affected depending on how the configuration can be set.
I moved my routers channel to channel 1 as it is the only other option I have in a highly congested location. It is not as good as channel 6, but the printer seems to have channel 6 locked in for direct printing.
Here is the latest full scan with UDP enabled, it is the furthest and most complete scan I am able to complete, with UDP ports enabled. The TCP port scan has a bit more and I have placed a simple list below the information given here:
Starting Nmap 6.40 ( http://nmap.org ) at 2014-03-21 13:27 Central Daylight Time
NSE: Loaded 110 scripts for scanning.
NSE: Script Pre-scanning.
Initiating ARP Ping Scan at 13:27
Scanning 192.168.1.211 [1 port]
Completed ARP Ping Scan at 13:27, 0.44s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 13:27
Completed Parallel DNS resolution of 1 host. at 13:27, 0.03s elapsed
Initiating SYN Stealth Scan at 13:27
Scanning 192.168.1.211 [1000 ports]
Discovered open port 443/tcp on 192.168.1.211
Discovered open port 80/tcp on 192.168.1.211
Discovered open port 139/tcp on 192.168.1.211
Discovered open port 8080/tcp on 192.168.1.211
Discovered open port 445/tcp on 192.168.1.211
Discovered open port 631/tcp on 192.168.1.211
Discovered open port 9100/tcp on 192.168.1.211
Discovered open port 7435/tcp on 192.168.1.211
Discovered open port 9220/tcp on 192.168.1.211
Discovered open port 6839/tcp on 192.168.1.211
Completed SYN Stealth Scan at 13:27, 5.25s elapsed (1000 total ports)
Initiating UDP Scan at 13:27
Scanning 192.168.1.211 [1000 ports]
Discovered open port 137/udp on 192.168.1.211
Completed UDP Scan at 13:27, 4.46s elapsed (1000 total ports)
Initiating Service scan at 13:27
Scanning 16 services on 192.168.1.211
Discovered open port 161/udp on 192.168.1.211
Discovered open|filtered port 161/udp on 192.168.1.211 is actually open
Completed Service scan at 13:29, 82.51s elapsed (17 services on 1 host)
Initiating OS detection (try #1) against 192.168.1.211
NSE: Script scanning 192.168.1.211.
Initiating NSE at 13:29
Completed NSE at 13:30, 82.29s elapsed
Nmap scan report for 192.168.1.211
Host is up (0.023s latency).
Not shown: 1983 closed ports
PORT STATE SERVICE VERSION
80/tcp open http HP Photosmart 7520 series printer http config (Serial TH3AS711XZ05YZ)
|_http-favicon: Unknown favicon MD5: 76C6E492CB8CC73A2A50D62176F205C9
| http-methods: GET POST PUT DELETE
| Potentially risky methods: PUT DELETE
|_See http://nmap.org/nsedoc/scripts/http-methods.html
|_http-title: Site doesn't have a title (text/html).
139/tcp open tcpwrapped
443/tcp open ssl/http HP Photosmart 7520 series printer http config (Serial TH3AS711XZ05YZ)
|_http-favicon: Unknown favicon MD5: 76C6E492CB8CC73A2A50D62176F205C9
| http-methods: GET POST PUT DELETE
| Potentially risky methods: PUT DELETE
|_See http://nmap.org/nsedoc/scripts/http-methods.html
|_http-title: Site doesn't have a title (text/html).
| ssl-cert: Subject: commonName=HPPS7525/organizationName=HP/stateOrProvinceName=Washington/countryName=US
| Issuer: commonName=HPPS7525/organizationName=HP/stateOrProvinceName=Washington/countryName=US
| Public Key type: rsa
| Public Key bits: 1024
| Not valid before: 2014-02-25T10:12:24+00:00
| Not valid after: 2034-02-20T10:12:24+00:00
| MD5: 9144 ca3b 557e 09cc aba0 8387 2732 2375
|_SHA-1: a6b2 95c0 b72a 7201 578c 32de 662a e6fe b082 48ca
|_ssl-date: 2014-03-21T13:30:09+00:00; -4h59m12s from local time.
445/tcp open netbios-ssn
631/tcp open http HP Photosmart 7520 series printer http config (Serial TH3AS711XZ05YZ)
| http-methods: GET POST PUT DELETE
| Potentially risky methods: PUT DELETE
|_See http://nmap.org/nsedoc/scripts/http-methods.html
6839/tcp open tcpwrapped
7435/tcp open tcpwrapped
8080/tcp open http HP Photosmart 7520 series printer http config (Serial TH3AS711XZ05YZ)
|_http-favicon: Unknown favicon MD5: 76C6E492CB8CC73A2A50D62176F205C9
| http-methods: GET POST PUT DELETE
| Potentially risky methods: PUT DELETE
|_See http://nmap.org/nsedoc/scripts/http-methods.html
|_http-title: Site doesn't have a title (text/html).
9100/tcp open jetdirect?
9220/tcp open hp-gsg HP Generic Scan Gateway 1.0
137/udp open netbios-ns Samba nmbd (workgroup: HPPS7525)
138/udp open|filtered netbios-dgm
161/udp open snmp SNMPv1 server (public)
| snmp-hh3c-logins:
|_ baseoid: 1.3.6.1.4.1.25506.2.12.1.1.1
| snmp-interfaces:
| Wifi0
| IP address: 192.168.1.211 Netmask: 255.255.255.0
| MAC address: a0:d3:c1:bd:c8:32 (Unknown)
| Type: ethernetCsmacd Speed: 10 Mbps
| Status: up
|_ Traffic stats: 6.16 Mb sent, 3.43 Mb received
| snmp-netstat:
| TCP 0.0.0.0:7435 0.0.0.0:0
| TCP 192.168.1.211:56076 15.201.145.52:5222
| UDP 0.0.0.0:3702 *:*
| UDP 127.0.0.1:666 *:*
|_ UDP 192.168.223.1:67 *:*
| snmp-sysdescr: HP ETHERNET MULTI-ENVIRONMENT
|_ System uptime: 0 days, 3:34:23.28 (1286328 timeticks)
| snmp-win32-shares:
|_ baseoid: 1.3.6.1.4.1.77.1.2.27
1022/udp open|filtered exp2
1023/udp open|filtered unknown
3702/udp open|filtered ws-discovery
5355/udp open|filtered llmnr
MAC Address: A03:C1:BD:C8:32 (Unknown)
Device type: general purpose
Running: Wind River VxWorks
OS CPE: cpe:/o:windriver:vxworks
OS details: VxWorks
Uptime guess: 0.150 days (since Fri Mar 21 09:55:04 2014)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=255 (Good luck!)
IP ID Sequence Generation: Busy server or unknown class
Service Info: Hosts: HPA0D3C1BDC832, HPPS7525; Device: printer; CPE: cpe:/h:hphotosmart_7520
Host script results:
| nbstat:
| NetBIOS name: HPA0D3C1BDC832, NetBIOS user: <unknown>, NetBIOS MAC: <unknown>
| Names
| HPA0D3C1BDC832<00> Flags: <unique><active><permanent>
| MSHOME<00> Flags: <group><active><permanent>
| HPA0D3C1BDC832<20> Flags: <unique><active><permanent>
| HPPS7525<00> Flags: <unique><active><permanent>
|_ HPPS7525<20> Flags: <unique><active><permanent>
| smb-security-mode:
| Account that was used for smb scripts: guest
| User-level authentication
| SMB Security: Challenge/response passwords supported
|_ Message signing disabled (dangerous, but default)
TRACEROUTE
HOP RTT ADDRESS
1 23.26 ms 192.168.1.211
NSE: Script Post-scanning.
Read data files from: F:\Progs\Nmap
OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 180.90 seconds
Raw packets sent: 2030 (74.829KB) | Rcvd: 2921 (149.377KB)
+++++++++++++++++++++++++++++++++++++++++++++++++++++===
Full TCP port scan without UDP scanning of all ports, showing up as open... * designates open and active.
192.168.223.1Discovered open port 25/tcp on
*192.168.223.1Discovered open port 80/tcp on
*192.168.223.1Discovered open port 110/tcp on
*192.168.223.1Discovered open port 119/tcp on
*192.168.223.1Discovered open port 139/tcp on
192.168.223.1Discovered open port 143/tcp on
*192.168.223.1Discovered open port 443/tcp on
*192.168.223.1Discovered open port 445/tcp on
192.168.223.1Discovered open port 465/tcp on
192.168.223.1Discovered open port 563/tcp on
192.168.223.1Discovered open port 587/tcp on
*192.168.223.1Discovered open port 631/tcp on
192.168.223.1Discovered open port 993/tcp on
192.168.223.1Discovered open port 995/tcp on
*192.168.223.1Discovered open port 7435/tcp on
*192.168.223.1Discovered open port 6839/tcp on
*192.168.223.1Discovered open port 8080/tcp on
192.168.223.1Discovered open port 8089/tcp on
*192.168.223.1Discovered open port 9100/tcp on
*192.168.223.1Discovered open port 9220/tcp on -
Firewall in 10.5, how to open ports and how to manage?
I am pulling my hair out with the new firewall in 10.5. In 10.4 I could just set ports as I liked in the control panel, in 10.5 there is no such thing.
I need to for example open port 49999 to allow PageSender to function in my network.
I need to open port 5901 to work with JollyFast VNC, as port 5900 is used by Apple Remote Desktop and the conflict if they both use the same port.
Some of these ports I need permanent open like 59999 and others for one session and than close again, like 5901. Again in 10.4 I made the rule in the pref pane, ticked the box and Bob was your uncle. Now?
I would like to be able to see what ports are open and active on the machine. I have no idea as to where I could see this.
And at the same time I would like to keep the firewall as closed as possible as I am often on line in hotels etc.
So I need help, is there a manual somewhere someone is aware of? Or do you have any answers?The new Application Firewall does not work in the same way as IPFW (the main firewall in 10.4).
Instead of managing ports, it simply controls the access of applications to any port. Thus, if you want PageSender to receive connections, you simply need to switch the firewall to "Set access for specific services and applications", and then add PageSender to the list, with "Allow incoming connections". When you do this, PageSender will be able to receive connections on any port that it needs to.
If you don't like this method of controlling connections, you can still use IPFW. Apple has removed the GUI, but you can download a GUI application like [NoobProof|http://www.hanynet.com/noobproof> or [WaterRoof|http://www.hanynet.com/waterroof/index.html], and you can then set access for specific ports.
There are no problems with using both IPFW and Application Firewall.
Cheers,
Rodney -
How can I open ports on my AirPort Extreme, from WINDOWS?
I have an Airport Extreme as my router, and I have a Windows-based computer. I need to open ports on the router (ironically, it is for my Apple TV).
However, even though I can use the Airport Utility for Windows (latest version 5.5.3), I cannot open ports from the application.
Everywhere I look, I am supposed to have a firewall tab in the Advanced section, but I do not have it. The only tabs that I have in Advanced are:
Logging and Statistics
MobileMe
IPv6
How can I open ports on my Airport Extreme router from Windows?Is your AirPort Extreme the only router in your network configuration?
Maybe you are looking for
-
Solution for Data transfer from Non-network location
If i needed 10 non-networked locations around Australia to submit data (say text files ranging from 20 - 100 mb each) each day to my server, and the data loaded and manipulated into a database in a secure environment, would you be able to describe t
-
Hi I am using oracle 9i . Is there any option to change the time format ie. for eg: when iam inserting values (in the fields declared as timestamp) as '22-06-2005' it is showing errors but when changed to '22-jun-2005'it is working. In my case i want
-
What's wrong with the New iMac's AirPort?
Hello Last night I spent 4 hours trying to connect with my brand new wireless router (Netgear DG834PN). The one time I did connect and tried to configure using Netgear's Wizard (using Safari) my Mac's AirPort Extreme dropped the connection, never to
-
Link from Travel back to Overview Homepage
Hi All, In ESS Travel after completing the expense report a link takes me back to the wrong homepage framework. Its taking me to the original page with all 10 icons set as default. I have created a new simplictic homepage framework which only has the
-
Some Hyperlinks Non Functional in MS Excel Browser App (Sharepoint 2010)
I have an Excel File that has Hyperlinks that work 100% in the Desktop App, but only 50% of them work in the Excel Web App. The other 50% go to incorrect locations. I am looking for clues on this very strange behavior......