Port to be open in Firewall

Similar Messages

• What are the ports need to open at firewall

  What are the ports need to open at firewall to access Oracle EBS R12 through internet?

  All these following ports need to open at firewall??
  Database Port : 1521
  RPC Port : 1626
  Web SSL Port : 4443
  ONS Local Port : 6100
  ONS Remote Port : 6200
  ONS Request Port : 6500
  Web Listener Port : 8000
  Active Web Port : 8000
  Forms Port : 9000
  Metrics Server Data Port : 9100
  Metrics Server Request Port : 9200
  JTF Fulfillment Server Port : 9300
  MSCA Server Port : 10200-10205
  MCSA Telnet Server Port : 10200,10202,10204
  MSCA Dispatcher Port : 10800
  Java Object Cache Port : 12345
  OC4J JMS Port Range for Oacore : 23000-23004
  OC4J JMS Port Range for Forms : 23500-23504
  OC4J JMS Port Range for Home : 24000-24004
  OC4J JMS Port Range for Oafm : 24500-24504
  OC4J AJP Port Range for Oacore : 21500-21504
  OC4J AJP Port Range for Forms : 22000-22004
  OC4J AJP Port Range for Home : 22500-22504
  OC4J AJP Port Range for Oafm : 25000-25004
  OC4J RMI Port Range for Oacore : 20000-20004
  OC4J RMI Port Range for Forms : 20500-20504
  OC4J RMI Port Range for Home : 21000-21004
  OC4J RMI Port Range for Oafm : 25500-25504
  DB ONS Local Port : 6300
  DB ONS Remote Port : 6400
  Oracle Connection Manager Port : 1521

• Does configuring an endpoint opens a port in the guest VM firewall?

  Hi there. I found out that if I want to access a specific port in a VM (Java RMI in my case), I have to configure an endpoint for this port. However, I was surprised that configuring an endpoint was enough to access the port. I didn't change the firewall
  rules in the guest for this port and it was immediately accessible from outside Microsoft Azure.
  Does configuring an endpoint opens a port in the guest VM firewall?

  Hi,
  According to the official article below, it indicates that "Firewall configuration is done automatically for ports associated with Remote Desktop and Secure Shell (SSH), and in most cases for Windows PowerShell Remoting. For ports specified for
  all other endpoints, no configuration is done automatically to the firewall in the guest operating system. When you create an endpoint, you'll need to configure the appropriate ports in the firewall to allow the traffic you intend to route through the endpoint."
  How to Set Up Endpoints to a Virtual Machine
  Best regards,
  Susie

• WRT350N Leaving Port 21 Wide Open with SPI Firewall Enabled

  I just ran Shields Up and noticed port 21 (FTP) is wide open, while all the other ports marked as stealthed.
  The router is a Linksys WRT350N with the latest firmware 1.03.2.  SPI Firewall is enabled and it's blocking "Anonymous Internet Request."
  Am I missing something here?  Why isn't port 21 being stealthed along with all the other ports?  I've run this test before with other Linksys routers and all the ports are stealthed so I'm concerned now.
  https://www.grc.com/x/ne.dll?bh0bkyd2
  Anyone else with the same router and configuration please run the Shields Up port scan at GRC to see if your port 21 is open and report back.  Thanks!

  Linksys told me that that port had to "stay" open, it is part of the FTP service when you attach the USB storage device.  After a lengthy amount of time on the phone, I had to suggest maybe a flash update.  But they would not put anyone on the phone to convince me they had a grasp on thiss issue, SO I FIGURED IT OUT.  Access the router.  Select "Storage", then select "Administration",  There you find "Internet Access".  Unselect "Enable" and obviously select "Disable".  Port 21 now in Stealth.  Now who can take it futher and figure out port forwarding/triggering for when one will start to use server?  Max

• Can only port forward port 80, other ports does not open.

  I am trying to open three ports on my AE (7.6.1), but the only port that actually opens (if set) is port 80.
  - The Airport Extreme is the router and no additional router is in place
  - I have given the three cameras (that I want to access from Internet) static IP
  - I have trired to open three ports for those (45101, 45102, 45103)
  None of above ports open, but if I change one port to 80, that port opens and one camera can work. This is really strange and any suggestions or help is much appreciated!

  As you don't want to use the modem as router I would recommend to reconfigure your modem into "bridge" mode. In bridge mode it works like a simple modem. You then have to configure your WRT for your internet connection (usually PPPoE for DSL or DHCP for cable). With this setup, you don't have these chained routers and the WRT has a direct connection into the internet (i.e. the WRT shows your public IP address on the Status page).
  Some chained router setups shows problems with drop outs, connection loss and similar. I recommend to use only one router in home setups.
  On a sidenote: port forwarding is not related to firewall functions. The reason why you need port forwarding is because a router does "NAT" (Network Address Translation). You use private IP addresses inside your LAN (e.g. 192.168.1.*). Private IP addresses are not routed into the internet. Any internet router will immediately drop packets with a private IP addresses. Thus, your router does NAT to map your private IP address to your single public IP address. It's in the nature of this mapping that unsolicited incoming traffic from the internet is dropped unless you configure port forwarding. That's simply because the router would not know where to sent a packet on a port 1234 received on its public IP address unless you tell it. Thus disabling the firewall on a router won't change a thing.

• FTPEx: 425 Possible PASV port theft, cannot open data connection..

  Hi All,
  I am getting the below the error while comminicating to FTP server.
  Delivery of the message to the application using connection File_http://sap.com/xi/XI/System failed, due to: com.sap.aii.af.ra.ms.api.RecoverableException: Possible PASV port theft, cannot open data connection.: com.sap.aii.adapter.file.ftp.FTPEx: 425 Possible PASV port theft, cannot open data connection..
  This error is random. Some times service is working is fine and some times its failed to process.
  Can any one suggest me the peramnent solution for this.
  Thanks & regards,
  Kartikeya

  Hi
    The reason for the error is
  The ip address (+port) is not same for both these operations
      - Control connection
      - Data Connection
  Changing active/passive mode settings might help (as a common solution).
  Problem can occur due to below settings,
     - FTP server/ Firewall on its side (affects Passive Mode)
     - FTP client/ Firewall on its side (affects Active Mode)
  After Initial Control connection is made, the below happens for Data connection
  When Active, the CLIENT opens a dynamic port for DC on which it would be listening, for the server to bind its source port
  When Passive, the SERVER opens a dynamic port for DC on which it would be listening for the client to bind its source port
  when the firewall on Server side does not have these ports open, you get the above error.
  The error could be because of other reasons also, but I suspect that the dynamic port is out range of the ports opened at your FTP server firewall.
  So now I think you are one step forward to fix the issue
  Regards
  Vishnu

• Port 23 (telnet) open

  Hi All,
  I was on line using my airport, and checked in on an internet security site that I've looked at in the past:
  http://scan.sygate.com/prequickscan.html
  This evening I was a bit surprised to see that the site was reporting that my TELNET port #23 was open. I don't recall seeing that port open before.
  My firewall is on, and I have no sharing services enabled. In fact, I can't see a port #23 to enable anywhere in sharing...
  Any thoughts here from anyone?
  Thanks,
  Bob

  I think the key here is that you are using Air Port. As such, you must also be using some form of wireless access point hardware -- a router. Many routers will let you access and change the router's settings via telnet. It is this router that is the one responding to the website that is checking on your security.
  My guess is that if you look at the user's guide for the router, you will find a way to disable accessing the router via telnet. That should solve your problem.
  Matt

• Can't get SMTP to accetp outside email (port 25 not open)

  Hi,
  I've got the xServer 10.4 (latest) and it appears to be working fine in all other regards.
  I have the mail service on (POP and IMAP both work fine) - I can send myself email using the UNIX command line mail (and get it through POP).
  But I cannot send email either from my client through the xserver or from another account to the xServer - I'll get the message 'cannot send email for 8 hours...'
  A quick port scan shows port 25 is not open (not can I telnet to it). But server admin shows it's running and appears to be happy (it's not over worked anyway).
  Any tips would be greatly aprciated.
  postconf -n says:
  declan:~ frankf$ postconf -n
  command_directory = /usr/sbin
  config_directory = /etc/postfix
  content_filter = smtp-amavis:[127.0.0.1]:10024
  daemon_directory = /usr/libexec/postfix
  debugpeerlevel = 2
  enableserveroptions = yes
  html_directory = no
  inet_interfaces = localhost
  localrecipientmaps =
  luser_relay = frank
  mail_owner = postfix
  mailboxsizelimit = 0
  mailbox_transport = cyrus
  mailq_path = /usr/bin/mailq
  manpage_directory = /usr/share/man
  messagesizelimit = 10485760
  mydomain = declan.com
  mydomain_fallback = localhost
  myhostname = home.declan.com
  mynetworks = 127.0.0.1/32,192.168.0.1/24
  mynetworks_style = host
  newaliases_path = /usr/bin/newaliases
  queue_directory = /private/var/spool/postfix
  readme_directory = /usr/share/doc/postfix
  relayhost = mail.pacbell.net
  sample_directory = /usr/share/doc/postfix/examples
  sendmail_path = /usr/sbin/sendmail
  setgid_group = postdrop
  smtpdpw_server_securityoptions = gssapi,cram-md5,plain,login
  smtpdrecipientrestrictions = permitsasl_authenticated,permit_mynetworks,reject_unauthdestination,permit
  smtpdsasl_authenable = yes
  smtpdtls_certfile = /etc/certificates/Default.crt
  smtpdtls_keyfile = /etc/certificates/Default.key
  smtpduse_pwserver = yes
  smtpdusetls = no
  unknownlocal_recipient_rejectcode = 550
  virtualmailboxdomains = hash:/etc/postfix/virtual_domains
  virtual_transport = lmtp:unix:/var/imap/socket/lmtp

  May help if you can answer these questions.
  1) Did you set this up with the server admin tools or
  have you edited any of the config files?
  100% admin tools - this is even a new install. I'm not shy about editing config files but I figured Server Admin was easier and I can't see anything obviously wrong (not that I know that much about it)
  2) Did you telent to port 25 using the IP address?
  yes, no connection
  3) Did you telent to port 25 using the Server Name?
  yes, no connection
  using port scan of the network utilities shows other ports open, just not 25. Output:
  Port Scanning host: 192.168.0.2
  Open TCP Port: 22 ssh
  Open TCP Port: 53 domain
  Open TCP Port: 80 http
  Open TCP Port: 110 pop3
  Open TCP Port: 143 imap
  and so on.
  4) What domain do you think you are trying to host
  mail?
  Well several (I have the viirtural domains turned on) but declan.com will be the main one, right now it's also home.declan.com and donaldgevans.com.
  From the information you posted (unless you edited
  it) it is not clear how your networks are configured
  or what the server is being asked to host. Answers
  to the above will help clarify these points as even
  if you fix this problem, you may have others.
  OK - this is a fixed IP on the internet, going through a firewall (host mapping, everything passed through to this server which is 192.168.0.2). But I think this is less the issue - I can ssh, http, POP, IMAP to this server from either inside or outside the network. I cannot telnet to port 25 by IP or domain name either inside or outside so I assume it's not the network; it's because port 25 is not open.
  Frank

• Port 1024 permanently open

  Morning all
  I'm using a HH2 which was recently upgraded to the 'new and improved' software.
  Shields up recently showed port 1024 open. I don't know when it changed from the usual stealthed state.
  It appears that this port is opened when the HH is powered up. If I down power the hub, port 1024 goes into stealth mode.
  Why does the Vision box leave this port permanently open?
  Is there anything I can do to keep it stealthed, other than turning off the Vision box?
  Can't find any references to this problem with HH2.
  Cheers
  Dave

  Thanks for the reply DS.
  I read through that thread, but didn't find any firm conclusions.
  You said ...
  The port 1024 has been known to lead to a number of malware infections on Windows systems. Since ports are used to exchange information between a computer and the Internet, they are also a pathway for intruders to gain access to your computer or for malware to use your computer for unauthorized activity on the Internet. Applications or services monitor ( "listen" to) the port that they are assigned. If this listening action is done without taking security steps, the port will be open to incoming signals and may be vulnerable to intruders.
  Crackers are constantly using scanning software to probe many thousands of IPs, looking for a computer with open ports. Today no unprotected computer is safe on the Internet. Even if you have a firewall installed, it is wise to have your ports scanned to see if they appear invisible to the outside world.
  This worries me, particularly since Spybot has started to pick up the odd bits of malware which hasn't happened for years.
  Keith Beddoe said ...
  If you have uPNp enabled on your home hub (bad idea), then it will open port 1024 incoming as well. Simply disable uPNp if it worries you, the BT Vision box will still work, as the firewall will still allow incoming connections as replies to the outgoing requests on port 1024.
  If you block outgoing port 1024 on the home hub firewall, then the BT Vision box stops working.
  Does anyone know if this can be done on a HH2 ? I've looked round the interface and can't spot an option.
  Cheers
  Dave

• Port 161 shows open on hub?

  Hi guys, I was double checking to see that my security software firewall is working correctly as Windows 8 has been having problems with Mcafee.
  While doing so i found that Port 161 is showing open using the Shields up in depth port scan (https://www.grc.com/x/ne.dll?bh0bkyd2.
  After googling this i came across this article: http://punj-technology.blogspot.co.uk/2012/04/bt-homehub-v-3-open-ports-161-and-4567.html
  In that article it also gave the BT forum discussion regarding the open port at:http://community.bt.com/t5/Other-BB-Queries/port-161-open-on-home-hub-3/td-p/133207/page/12
  Is there any update on this? Is the Hub going to get an update?
  I dont like seeing open ports on my system and it didnt show up when i was with Virgin Media as being open.
  Happy Xmas, Jay.

  Port 161 is open for BT remote management this link explains about the updates http://community.bt.com/t5/BT-Infinity/Hub-3A-Upgrade-Info-Rollout-starting-7-November/td-p/689584
  If you want to say thanks for a helpful answer,please click on the Ratings star on the left-hand side If the reply answers your question then please mark as ’Mark as Accepted Solution’

• Ports to be open for iTunes U

  Hi,
  I have an issue in my institution. I can't browse my iTunes U content, especially videos. Videos never start and also block iTunes 30 seconds later.
  Do you know which ports need to be open ? My institution is behing a very narrow firewall, we also use a proxy (which is well configurated I guess).
  I've been told that 80 and 443 ports should be open (http and https) but it doesn't help, videos are not launching.
  Are there other ports to be open ?
  Thanks for your help.

  Hello psavoyaud
  Check out the article below to go over other ports that are used by Apple and its services. 
  Well known TCP and UDP ports used by Apple software products
  http://support.apple.com/kb/TS1629
  Regards,
  -Norm G.

• How do I port forward or open a port on the Airport time capsule to hook p a security system?

  I have an airport time capsule and a security system.  The installer doesn't know anything about using routers etc, especially on a mac.  They say I have to port forward or open a port specifically of this device.  I have very few skills when doing this IT type.  Is this hard to do?  Can I do it myself?  He wants to get an IT guy out?  $55 an hour, how long would it take?  Thanks in advance for anyone who can help!

  The method is here.
  AirPort - Port Mapping Basics using AirPort Utility v6.x
  If you need to get someone in, it depends.. The TC can be recalcitrant.. due to your setup of it following the apple guides.. and it depends on the security system and how simple that is.
  There are multiple issues.. for example how do you find your IP address from the web when you have dynamic IP from your ISP.
  Do you intend to setup dynamic DNS? Can the camera /dvr system handle Dynamic DNS?
  I recommend you read very carefully the instructions for what has been installed.. because merely opening the port is only a small part of the issues involved in remote access to the security system.

• SAP Management Console (5NN13 port) does not open in Firefox or IE browser.

  Hi ,
  Title: SAP Management Console (5NN13 port) does not open in Firefox or IE browser.
  Iam not able to see the pop up window SAPMC when i run the following in firefox browser but it works fine in my colleague's computer:
  http://hostname:5NN13
  I tested the same sap system with this address and it works fine - http://hostname:5NN00
  Iam sure that something has to be changed in my browser but dont know what. Please help. Thank you.
  Regards,
  Mohan.

  Dear krishna,
  even if your thread is closed:
  If you get this error in firefox you just have to install java plugin.
  Please find documentation [here|http://support.mozilla.com/en-US/kb/Using%20the%20Java%20plugin%20with%20Firefox].
  Best regards,
  Alex
  Edited by: Alexander Foerster on Dec 2, 2011 12:44 PM

• How to be sure port 10443 is open on  vintage airport extreme ( ufo shape, not square)

  My Denon 2112 AV reciever is having intermittent internet connect  issues. Denon says to be sure port 10443 in my router  is open. How do I check this and see if it is open on my vintage (ufo/dome shape) airport extreme?

  To setup port mapping on an 802.11n AirPort Extreme Base Station (AEBSn), either connect to the AEBSn's wireless network or temporarily connect directly, using an Ethernet cable, to one of the LAN port of the AEBSn, and then use the AirPort Utility, in Manual Setup, to make these settings:
  Advanced > Port Mapping tab
  o Click the "+" (Add) button
  o Service: <skip this setting as you will be custom configuring which ports you need opened for the TiVo>
  o Public UDP Port(s): <enter the appropriate UDP port values>
  o Public TCP Port(s): <enter the appropriate TCP port values>
  o Private IP Address: <enter the IP address of the host server>
  o Private UDP Port(s): <enter the same as Public UDP Ports or your choice>
  o Private TCP Port(s): <enter the same as Public TCP Ports or your choice>
  o Click "Continue"

• What inetd services causes port to be opened?

  Hello.
  I'd like to find out, what inetd-controlled service is causing a certain port to be opened by inetd. In particular, I'd like to know, why port 6112 is opened.
  adm@winds02 ~ $ getent services 6112
  dtspc                6112/tcpThis means, that "dtspc" is assigned port 6112, doesn't it?
  adm@winds02 ~ $ inetadm | grep dts
  enabled   maintenance    svc:/network/dtspc/tcp:default
  adm@winds02 ~ $ inetadm -l svc:/network/dtspc/tcp:default
  SCOPE    NAME=VALUE
           name="dtspc"
           endpoint_type="stream"
           proto="tcp"
           isrpc=FALSE
           wait=FALSE
           exec="/usr/dt/bin/dtspcd"
           arg0="/usr/dt/bin/dtspcd"
           user="root"
  default  bind_addr=""
  default  bind_fail_max=-1
  default  bind_fail_interval=-1
  default  max_con_rate=-1
  default  max_copies=-1
  default  con_rate_offline=-1
  default  failrate_cnt=40
  default  failrate_interval=60
  default  inherit_env=TRUE
  default  tcp_trace=FALSE
  default  tcp_wrappers=FALSENow I'm disabling dtspc and run pcp <http://www.unix.ms/pcp/> again:
  adm@winds02 ~ $ sudo bin/./pcp -p 6112
  PID     Process Name and Port
  274     /usr/lib/inet/inetd     6112
          sockname: AF_INET 0.0.0.0  port: 6112
  1546    /usr/lib/inet/inetd     6112
          sockname: AF_INET 0.0.0.0  port: 6112
  1595    /usr/lib/inet/inetd     6112
          sockname: AF_INET 0.0.0.0  port: 6112
  _________________________________________________________Question: Why is port 6112 still open?
  adm@winds02 ~ $ inetadm
  ENABLED   STATE          FMRI
  disabled  disabled       svc:/application/x11/xfs:default
  enabled   online         svc:/application/font/stfsloader:default
  disabled  disabled       svc:/application/print/rfc1179:default
  enabled   online         svc:/network/rpc/gss:default
  disabled  disabled       svc:/network/rpc/cde-calendar-manager:default
  enabled   online         svc:/network/rpc/cde-ttdbserver:tcp
  enabled   online         svc:/network/rpc/ocfserv:default
  disabled  disabled       svc:/network/rpc/smserver:default
  disabled  disabled       svc:/network/rpc/mdcomm:default
  enabled   online         svc:/network/rpc/meta:default
  disabled  disabled       svc:/network/rpc/metamed:default
  enabled   online         svc:/network/rpc/metamh:default
  disabled  disabled       svc:/network/rpc/rex:default
  enabled   online         svc:/network/rpc/rstat:default
  disabled  disabled       svc:/network/rpc/rusers:default
  disabled  disabled       svc:/network/rpc/spray:default
  disabled  disabled       svc:/network/rpc/wall:default
  enabled   online         svc:/network/security/ktkt_warn:default
  disabled  disabled       svc:/network/security/krb5_prop:default
  disabled  disabled       svc:/network/swat:default
  enabled   online         svc:/network/cde-spc:default
  enabled   online         svc:/network/tname:default
  enabled   online         svc:/network/telnet:default
  enabled   online         svc:/network/nfs/rquota:default
  disabled  disabled       svc:/network/uucp:default
  disabled  disabled       svc:/network/chargen:dgram
  disabled  disabled       svc:/network/chargen:stream
  disabled  disabled       svc:/network/daytime:dgram
  disabled  disabled       svc:/network/daytime:stream
  disabled  disabled       svc:/network/discard:dgram
  disabled  disabled       svc:/network/discard:stream
  disabled  disabled       svc:/network/echo:dgram
  disabled  disabled       svc:/network/echo:stream
  disabled  disabled       svc:/network/time:dgram
  disabled  disabled       svc:/network/time:stream
  enabled   online         svc:/network/ftp:default
  disabled  disabled       svc:/network/comsat:default
  disabled  disabled       svc:/network/finger:default
  disabled  disabled       svc:/network/login:eklogin
  disabled  disabled       svc:/network/login:klogin
  enabled   online         svc:/network/login:rlogin
  enabled   online         svc:/network/rexec:default
  enabled   online         svc:/network/shell:default
  disabled  disabled       svc:/network/shell:kshell
  disabled  disabled       svc:/network/talk:default
  disabled  disabled       svc:/network/stdiscover:default
  disabled  disabled       svc:/network/stlisten:default
  enabled   online         svc:/network/rpc-100083_1/rpc_tcp:default
  enabled   online         svc:/network/rpc-100235_1/rpc_ticotsord:default
  disabled  disabled       svc:/network/dtspc/tcp:default
  enabled   online         svc:/network/rpc-100068_2-5/rpc_udp:default
  disabled  disabled       svc:/network/bpcd/tcp:default
  disabled  disabled       svc:/network/vnetd/tcp:default
  disabled  disabled       svc:/network/vopied/tcp:default
  disabled  disabled       svc:/network/bpjava-msvc/tcp:default
  disabled  disabled       svc:/network/swat/tcp:defaultThanks a lot,
  Alexander

  Darren_Dunham,
  Even if something's binding to port 6112 in a ngz, why should that matter to the global zone? After all, those are different IPs, and binding means, that something binds to an IP+Port combination (or NIC+Port).So they are. But Zones have a different concept of "ADDR_ANY" than the global zone does, and this difference is not readily apparent in 'pfiles' output.
  So a ngz can run an application that binds to ADDR_ANY (0.0.0.0), but it's really bound only to the IP addresses visible inside the zone.
  The thing is that from the global zone, 'ps' will see all the processes (including those in ngzs), and 'pfiles' will show that both processes are bound to the same port (and not via a specific IP address).
  This document below is really focusing more on exclusive IP zones, but if you look at page 7 and page 8, it shows two normal processes joining a standard TCP stack and two processes in separate shared-IP zones using their own TCP stacks (with the crucial difference that the app can bind to 0.0.0.0 and get different IPs)
  http://blogs.sun.com/aland/resource/ipinstances-svosug.pdf
  Darren