Port to be open in Firewall
Hi,
A SQL2012 R2 Express server with reporting services (SSL enabled) is setup on a DMZ zone, the client is on a Trusted zone
Port 80 + 443 should be open but 1443 is necessary or not ?
Beside it will use the windows native authentication so 113 for authentication service is necessary ?
Thanks
Authentication Service
Hello,
If both Database Engine and Reporting Service running on the same machine then you don't need to configure remote Access / open Firewall for the database engine.
See also: Configure a Firewall for Report Server Access
Olaf Helper
[ Blog] [ Xing] [ MVP]
Similar Messages
-
What are the ports need to open at firewall
What are the ports need to open at firewall to access Oracle EBS R12 through internet?
All these following ports need to open at firewall??
Database Port : 1521
RPC Port : 1626
Web SSL Port : 4443
ONS Local Port : 6100
ONS Remote Port : 6200
ONS Request Port : 6500
Web Listener Port : 8000
Active Web Port : 8000
Forms Port : 9000
Metrics Server Data Port : 9100
Metrics Server Request Port : 9200
JTF Fulfillment Server Port : 9300
MSCA Server Port : 10200-10205
MCSA Telnet Server Port : 10200,10202,10204
MSCA Dispatcher Port : 10800
Java Object Cache Port : 12345
OC4J JMS Port Range for Oacore : 23000-23004
OC4J JMS Port Range for Forms : 23500-23504
OC4J JMS Port Range for Home : 24000-24004
OC4J JMS Port Range for Oafm : 24500-24504
OC4J AJP Port Range for Oacore : 21500-21504
OC4J AJP Port Range for Forms : 22000-22004
OC4J AJP Port Range for Home : 22500-22504
OC4J AJP Port Range for Oafm : 25000-25004
OC4J RMI Port Range for Oacore : 20000-20004
OC4J RMI Port Range for Forms : 20500-20504
OC4J RMI Port Range for Home : 21000-21004
OC4J RMI Port Range for Oafm : 25500-25504
DB ONS Local Port : 6300
DB ONS Remote Port : 6400
Oracle Connection Manager Port : 1521 -
Does configuring an endpoint opens a port in the guest VM firewall?
Hi there. I found out that if I want to access a specific port in a VM (Java RMI in my case), I have to configure an endpoint for this port. However, I was surprised that configuring an endpoint was enough to access the port. I didn't change the firewall
rules in the guest for this port and it was immediately accessible from outside Microsoft Azure.
Does configuring an endpoint opens a port in the guest VM firewall?Hi,
According to the official article below, it indicates that "Firewall configuration is done automatically for ports associated with Remote Desktop and Secure Shell (SSH), and in most cases for Windows PowerShell Remoting. For ports specified for
all other endpoints, no configuration is done automatically to the firewall in the guest operating system. When you create an endpoint, you'll need to configure the appropriate ports in the firewall to allow the traffic you intend to route through the endpoint."
How to Set Up Endpoints to a Virtual Machine
Best regards,
Susie -
WRT350N Leaving Port 21 Wide Open with SPI Firewall Enabled
I just ran Shields Up and noticed port 21 (FTP) is wide open, while all the other ports marked as stealthed.
The router is a Linksys WRT350N with the latest firmware 1.03.2. SPI Firewall is enabled and it's blocking "Anonymous Internet Request."
Am I missing something here? Why isn't port 21 being stealthed along with all the other ports? I've run this test before with other Linksys routers and all the ports are stealthed so I'm concerned now.
https://www.grc.com/x/ne.dll?bh0bkyd2
Anyone else with the same router and configuration please run the Shields Up port scan at GRC to see if your port 21 is open and report back. Thanks!Linksys told me that that port had to "stay" open, it is part of the FTP service when you attach the USB storage device. After a lengthy amount of time on the phone, I had to suggest maybe a flash update. But they would not put anyone on the phone to convince me they had a grasp on thiss issue, SO I FIGURED IT OUT. Access the router. Select "Storage", then select "Administration", There you find "Internet Access". Unselect "Enable" and obviously select "Disable". Port 21 now in Stealth. Now who can take it futher and figure out port forwarding/triggering for when one will start to use server? Max
-
Can only port forward port 80, other ports does not open.
I am trying to open three ports on my AE (7.6.1), but the only port that actually opens (if set) is port 80.
- The Airport Extreme is the router and no additional router is in place
- I have given the three cameras (that I want to access from Internet) static IP
- I have trired to open three ports for those (45101, 45102, 45103)
None of above ports open, but if I change one port to 80, that port opens and one camera can work. This is really strange and any suggestions or help is much appreciated!As you don't want to use the modem as router I would recommend to reconfigure your modem into "bridge" mode. In bridge mode it works like a simple modem. You then have to configure your WRT for your internet connection (usually PPPoE for DSL or DHCP for cable). With this setup, you don't have these chained routers and the WRT has a direct connection into the internet (i.e. the WRT shows your public IP address on the Status page).
Some chained router setups shows problems with drop outs, connection loss and similar. I recommend to use only one router in home setups.
On a sidenote: port forwarding is not related to firewall functions. The reason why you need port forwarding is because a router does "NAT" (Network Address Translation). You use private IP addresses inside your LAN (e.g. 192.168.1.*). Private IP addresses are not routed into the internet. Any internet router will immediately drop packets with a private IP addresses. Thus, your router does NAT to map your private IP address to your single public IP address. It's in the nature of this mapping that unsolicited incoming traffic from the internet is dropped unless you configure port forwarding. That's simply because the router would not know where to sent a packet on a port 1234 received on its public IP address unless you tell it. Thus disabling the firewall on a router won't change a thing. -
FTPEx: 425 Possible PASV port theft, cannot open data connection..
Hi All,
I am getting the below the error while comminicating to FTP server.
Delivery of the message to the application using connection File_http://sap.com/xi/XI/System failed, due to: com.sap.aii.af.ra.ms.api.RecoverableException: Possible PASV port theft, cannot open data connection.: com.sap.aii.adapter.file.ftp.FTPEx: 425 Possible PASV port theft, cannot open data connection..
This error is random. Some times service is working is fine and some times its failed to process.
Can any one suggest me the peramnent solution for this.
Thanks & regards,
KartikeyaHi
The reason for the error is
The ip address (+port) is not same for both these operations
- Control connection
- Data Connection
Changing active/passive mode settings might help (as a common solution).
Problem can occur due to below settings,
- FTP server/ Firewall on its side (affects Passive Mode)
- FTP client/ Firewall on its side (affects Active Mode)
After Initial Control connection is made, the below happens for Data connection
When Active, the CLIENT opens a dynamic port for DC on which it would be listening, for the server to bind its source port
When Passive, the SERVER opens a dynamic port for DC on which it would be listening for the client to bind its source port
when the firewall on Server side does not have these ports open, you get the above error.
The error could be because of other reasons also, but I suspect that the dynamic port is out range of the ports opened at your FTP server firewall.
So now I think you are one step forward to fix the issue
Regards
Vishnu -
Port 23 (telnet) open
Hi All,
I was on line using my airport, and checked in on an internet security site that I've looked at in the past:
http://scan.sygate.com/prequickscan.html
This evening I was a bit surprised to see that the site was reporting that my TELNET port #23 was open. I don't recall seeing that port open before.
My firewall is on, and I have no sharing services enabled. In fact, I can't see a port #23 to enable anywhere in sharing...
Any thoughts here from anyone?
Thanks,
BobI think the key here is that you are using Air Port. As such, you must also be using some form of wireless access point hardware -- a router. Many routers will let you access and change the router's settings via telnet. It is this router that is the one responding to the website that is checking on your security.
My guess is that if you look at the user's guide for the router, you will find a way to disable accessing the router via telnet. That should solve your problem.
Matt -
Can't get SMTP to accetp outside email (port 25 not open)
Hi,
I've got the xServer 10.4 (latest) and it appears to be working fine in all other regards.
I have the mail service on (POP and IMAP both work fine) - I can send myself email using the UNIX command line mail (and get it through POP).
But I cannot send email either from my client through the xserver or from another account to the xServer - I'll get the message 'cannot send email for 8 hours...'
A quick port scan shows port 25 is not open (not can I telnet to it). But server admin shows it's running and appears to be happy (it's not over worked anyway).
Any tips would be greatly aprciated.
postconf -n says:
declan:~ frankf$ postconf -n
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
debugpeerlevel = 2
enableserveroptions = yes
html_directory = no
inet_interfaces = localhost
localrecipientmaps =
luser_relay = frank
mail_owner = postfix
mailboxsizelimit = 0
mailbox_transport = cyrus
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
messagesizelimit = 10485760
mydomain = declan.com
mydomain_fallback = localhost
myhostname = home.declan.com
mynetworks = 127.0.0.1/32,192.168.0.1/24
mynetworks_style = host
newaliases_path = /usr/bin/newaliases
queue_directory = /private/var/spool/postfix
readme_directory = /usr/share/doc/postfix
relayhost = mail.pacbell.net
sample_directory = /usr/share/doc/postfix/examples
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpdpw_server_securityoptions = gssapi,cram-md5,plain,login
smtpdrecipientrestrictions = permitsasl_authenticated,permit_mynetworks,reject_unauthdestination,permit
smtpdsasl_authenable = yes
smtpdtls_certfile = /etc/certificates/Default.crt
smtpdtls_keyfile = /etc/certificates/Default.key
smtpduse_pwserver = yes
smtpdusetls = no
unknownlocal_recipient_rejectcode = 550
virtualmailboxdomains = hash:/etc/postfix/virtual_domains
virtual_transport = lmtp:unix:/var/imap/socket/lmtpMay help if you can answer these questions.
1) Did you set this up with the server admin tools or
have you edited any of the config files?
100% admin tools - this is even a new install. I'm not shy about editing config files but I figured Server Admin was easier and I can't see anything obviously wrong (not that I know that much about it)
2) Did you telent to port 25 using the IP address?
yes, no connection
3) Did you telent to port 25 using the Server Name?
yes, no connection
using port scan of the network utilities shows other ports open, just not 25. Output:
Port Scanning host: 192.168.0.2
Open TCP Port: 22 ssh
Open TCP Port: 53 domain
Open TCP Port: 80 http
Open TCP Port: 110 pop3
Open TCP Port: 143 imap
and so on.
4) What domain do you think you are trying to host
mail?
Well several (I have the viirtural domains turned on) but declan.com will be the main one, right now it's also home.declan.com and donaldgevans.com.
From the information you posted (unless you edited
it) it is not clear how your networks are configured
or what the server is being asked to host. Answers
to the above will help clarify these points as even
if you fix this problem, you may have others.
OK - this is a fixed IP on the internet, going through a firewall (host mapping, everything passed through to this server which is 192.168.0.2). But I think this is less the issue - I can ssh, http, POP, IMAP to this server from either inside or outside the network. I cannot telnet to port 25 by IP or domain name either inside or outside so I assume it's not the network; it's because port 25 is not open.
Frank -
Morning all
I'm using a HH2 which was recently upgraded to the 'new and improved' software.
Shields up recently showed port 1024 open. I don't know when it changed from the usual stealthed state.
It appears that this port is opened when the HH is powered up. If I down power the hub, port 1024 goes into stealth mode.
Why does the Vision box leave this port permanently open?
Is there anything I can do to keep it stealthed, other than turning off the Vision box?
Can't find any references to this problem with HH2.
Cheers
DaveThanks for the reply DS.
I read through that thread, but didn't find any firm conclusions.
You said ...
The port 1024 has been known to lead to a number of malware infections on Windows systems. Since ports are used to exchange information between a computer and the Internet, they are also a pathway for intruders to gain access to your computer or for malware to use your computer for unauthorized activity on the Internet. Applications or services monitor ( "listen" to) the port that they are assigned. If this listening action is done without taking security steps, the port will be open to incoming signals and may be vulnerable to intruders.
Crackers are constantly using scanning software to probe many thousands of IPs, looking for a computer with open ports. Today no unprotected computer is safe on the Internet. Even if you have a firewall installed, it is wise to have your ports scanned to see if they appear invisible to the outside world.
This worries me, particularly since Spybot has started to pick up the odd bits of malware which hasn't happened for years.
Keith Beddoe said ...
If you have uPNp enabled on your home hub (bad idea), then it will open port 1024 incoming as well. Simply disable uPNp if it worries you, the BT Vision box will still work, as the firewall will still allow incoming connections as replies to the outgoing requests on port 1024.
If you block outgoing port 1024 on the home hub firewall, then the BT Vision box stops working.
Does anyone know if this can be done on a HH2 ? I've looked round the interface and can't spot an option.
Cheers
Dave -
Port 161 shows open on hub?
Hi guys, I was double checking to see that my security software firewall is working correctly as Windows 8 has been having problems with Mcafee.
While doing so i found that Port 161 is showing open using the Shields up in depth port scan (https://www.grc.com/x/ne.dll?bh0bkyd2.
After googling this i came across this article: http://punj-technology.blogspot.co.uk/2012/04/bt-homehub-v-3-open-ports-161-and-4567.html
In that article it also gave the BT forum discussion regarding the open port at:http://community.bt.com/t5/Other-BB-Queries/port-161-open-on-home-hub-3/td-p/133207/page/12
Is there any update on this? Is the Hub going to get an update?
I dont like seeing open ports on my system and it didnt show up when i was with Virgin Media as being open.
Happy Xmas, Jay.Port 161 is open for BT remote management this link explains about the updates http://community.bt.com/t5/BT-Infinity/Hub-3A-Upgrade-Info-Rollout-starting-7-November/td-p/689584
If you want to say thanks for a helpful answer,please click on the Ratings star on the left-hand side If the reply answers your question then please mark as ’Mark as Accepted Solution’ -
Hi,
I have an issue in my institution. I can't browse my iTunes U content, especially videos. Videos never start and also block iTunes 30 seconds later.
Do you know which ports need to be open ? My institution is behing a very narrow firewall, we also use a proxy (which is well configurated I guess).
I've been told that 80 and 443 ports should be open (http and https) but it doesn't help, videos are not launching.
Are there other ports to be open ?
Thanks for your help.Hello psavoyaud
Check out the article below to go over other ports that are used by Apple and its services.
Well known TCP and UDP ports used by Apple software products
http://support.apple.com/kb/TS1629
Regards,
-Norm G. -
How do I port forward or open a port on the Airport time capsule to hook p a security system?
I have an airport time capsule and a security system. The installer doesn't know anything about using routers etc, especially on a mac. They say I have to port forward or open a port specifically of this device. I have very few skills when doing this IT type. Is this hard to do? Can I do it myself? He wants to get an IT guy out? $55 an hour, how long would it take? Thanks in advance for anyone who can help!
The method is here.
AirPort - Port Mapping Basics using AirPort Utility v6.x
If you need to get someone in, it depends.. The TC can be recalcitrant.. due to your setup of it following the apple guides.. and it depends on the security system and how simple that is.
There are multiple issues.. for example how do you find your IP address from the web when you have dynamic IP from your ISP.
Do you intend to setup dynamic DNS? Can the camera /dvr system handle Dynamic DNS?
I recommend you read very carefully the instructions for what has been installed.. because merely opening the port is only a small part of the issues involved in remote access to the security system. -
SAP Management Console (5NN13 port) does not open in Firefox or IE browser.
Hi ,
Title: SAP Management Console (5NN13 port) does not open in Firefox or IE browser.
Iam not able to see the pop up window SAPMC when i run the following in firefox browser but it works fine in my colleague's computer:
http://hostname:5NN13
I tested the same sap system with this address and it works fine - http://hostname:5NN00
Iam sure that something has to be changed in my browser but dont know what. Please help. Thank you.
Regards,
Mohan.Dear krishna,
even if your thread is closed:
If you get this error in firefox you just have to install java plugin.
Please find documentation [here|http://support.mozilla.com/en-US/kb/Using%20the%20Java%20plugin%20with%20Firefox].
Best regards,
Alex
Edited by: Alexander Foerster on Dec 2, 2011 12:44 PM -
My Denon 2112 AV reciever is having intermittent internet connect issues. Denon says to be sure port 10443 in my router is open. How do I check this and see if it is open on my vintage (ufo/dome shape) airport extreme?
To setup port mapping on an 802.11n AirPort Extreme Base Station (AEBSn), either connect to the AEBSn's wireless network or temporarily connect directly, using an Ethernet cable, to one of the LAN port of the AEBSn, and then use the AirPort Utility, in Manual Setup, to make these settings:
Advanced > Port Mapping tab
o Click the "+" (Add) button
o Service: <skip this setting as you will be custom configuring which ports you need opened for the TiVo>
o Public UDP Port(s): <enter the appropriate UDP port values>
o Public TCP Port(s): <enter the appropriate TCP port values>
o Private IP Address: <enter the IP address of the host server>
o Private UDP Port(s): <enter the same as Public UDP Ports or your choice>
o Private TCP Port(s): <enter the same as Public TCP Ports or your choice>
o Click "Continue" -
What inetd services causes port to be opened?
Hello.
I'd like to find out, what inetd-controlled service is causing a certain port to be opened by inetd. In particular, I'd like to know, why port 6112 is opened.
adm@winds02 ~ $ getent services 6112
dtspc 6112/tcpThis means, that "dtspc" is assigned port 6112, doesn't it?
adm@winds02 ~ $ inetadm | grep dts
enabled maintenance svc:/network/dtspc/tcp:default
adm@winds02 ~ $ inetadm -l svc:/network/dtspc/tcp:default
SCOPE NAME=VALUE
name="dtspc"
endpoint_type="stream"
proto="tcp"
isrpc=FALSE
wait=FALSE
exec="/usr/dt/bin/dtspcd"
arg0="/usr/dt/bin/dtspcd"
user="root"
default bind_addr=""
default bind_fail_max=-1
default bind_fail_interval=-1
default max_con_rate=-1
default max_copies=-1
default con_rate_offline=-1
default failrate_cnt=40
default failrate_interval=60
default inherit_env=TRUE
default tcp_trace=FALSE
default tcp_wrappers=FALSENow I'm disabling dtspc and run pcp <http://www.unix.ms/pcp/> again:
adm@winds02 ~ $ sudo bin/./pcp -p 6112
PID Process Name and Port
274 /usr/lib/inet/inetd 6112
sockname: AF_INET 0.0.0.0 port: 6112
1546 /usr/lib/inet/inetd 6112
sockname: AF_INET 0.0.0.0 port: 6112
1595 /usr/lib/inet/inetd 6112
sockname: AF_INET 0.0.0.0 port: 6112
_________________________________________________________Question: Why is port 6112 still open?
adm@winds02 ~ $ inetadm
ENABLED STATE FMRI
disabled disabled svc:/application/x11/xfs:default
enabled online svc:/application/font/stfsloader:default
disabled disabled svc:/application/print/rfc1179:default
enabled online svc:/network/rpc/gss:default
disabled disabled svc:/network/rpc/cde-calendar-manager:default
enabled online svc:/network/rpc/cde-ttdbserver:tcp
enabled online svc:/network/rpc/ocfserv:default
disabled disabled svc:/network/rpc/smserver:default
disabled disabled svc:/network/rpc/mdcomm:default
enabled online svc:/network/rpc/meta:default
disabled disabled svc:/network/rpc/metamed:default
enabled online svc:/network/rpc/metamh:default
disabled disabled svc:/network/rpc/rex:default
enabled online svc:/network/rpc/rstat:default
disabled disabled svc:/network/rpc/rusers:default
disabled disabled svc:/network/rpc/spray:default
disabled disabled svc:/network/rpc/wall:default
enabled online svc:/network/security/ktkt_warn:default
disabled disabled svc:/network/security/krb5_prop:default
disabled disabled svc:/network/swat:default
enabled online svc:/network/cde-spc:default
enabled online svc:/network/tname:default
enabled online svc:/network/telnet:default
enabled online svc:/network/nfs/rquota:default
disabled disabled svc:/network/uucp:default
disabled disabled svc:/network/chargen:dgram
disabled disabled svc:/network/chargen:stream
disabled disabled svc:/network/daytime:dgram
disabled disabled svc:/network/daytime:stream
disabled disabled svc:/network/discard:dgram
disabled disabled svc:/network/discard:stream
disabled disabled svc:/network/echo:dgram
disabled disabled svc:/network/echo:stream
disabled disabled svc:/network/time:dgram
disabled disabled svc:/network/time:stream
enabled online svc:/network/ftp:default
disabled disabled svc:/network/comsat:default
disabled disabled svc:/network/finger:default
disabled disabled svc:/network/login:eklogin
disabled disabled svc:/network/login:klogin
enabled online svc:/network/login:rlogin
enabled online svc:/network/rexec:default
enabled online svc:/network/shell:default
disabled disabled svc:/network/shell:kshell
disabled disabled svc:/network/talk:default
disabled disabled svc:/network/stdiscover:default
disabled disabled svc:/network/stlisten:default
enabled online svc:/network/rpc-100083_1/rpc_tcp:default
enabled online svc:/network/rpc-100235_1/rpc_ticotsord:default
disabled disabled svc:/network/dtspc/tcp:default
enabled online svc:/network/rpc-100068_2-5/rpc_udp:default
disabled disabled svc:/network/bpcd/tcp:default
disabled disabled svc:/network/vnetd/tcp:default
disabled disabled svc:/network/vopied/tcp:default
disabled disabled svc:/network/bpjava-msvc/tcp:default
disabled disabled svc:/network/swat/tcp:defaultThanks a lot,
AlexanderDarren_Dunham,
Even if something's binding to port 6112 in a ngz, why should that matter to the global zone? After all, those are different IPs, and binding means, that something binds to an IP+Port combination (or NIC+Port).So they are. But Zones have a different concept of "ADDR_ANY" than the global zone does, and this difference is not readily apparent in 'pfiles' output.
So a ngz can run an application that binds to ADDR_ANY (0.0.0.0), but it's really bound only to the IP addresses visible inside the zone.
The thing is that from the global zone, 'ps' will see all the processes (including those in ngzs), and 'pfiles' will show that both processes are bound to the same port (and not via a specific IP address).
This document below is really focusing more on exclusive IP zones, but if you look at page 7 and page 8, it shows two normal processes joining a standard TCP stack and two processes in separate shared-IP zones using their own TCP stacks (with the crucial difference that the app can bind to 0.0.0.0 and get different IPs)
http://blogs.sun.com/aland/resource/ipinstances-svosug.pdf
Darren
Maybe you are looking for
-
Getting a new MBP and I have a few questions
I'm getting a new MacBook Pro, replacing my Late 2008 model (2.8 GHz T9600, 320 GB HD, 4 GB RAM) for this years' late 2011 model, a 2.4 GHz (2760QM) quad-core Intel Core i7 Sandy Bridge, 750 GB, 4 GB RAM. Now, this new computer is basically an early
-
Any way to increase the default Heap size for all Java VMs in Solaris 8
Hello, I have a java product that deals with large databases under Solaris 8. It is a jar file, started by a cron job every night. Some nights it will fail because it runs out of Heap memory depending on the amount of records it has to deal with. I k
-
RE: (forte-users) search and replace within aTextData
Welll, you're both right. The MoveToChar makes it unnecessary (if a little sloppy) to MoveNext as long as you've changed the character. thus, outStr: TextData = new; outStr.SetValue(inStr); while (outStr.MoveToChar(' ')) do outStr.ReplaceRange('_', o
-
Close socket hangs in SunOS5.6
The close() function is hanging when I attempt to close a socket. I have a small multi-threaded program, which I will attach below, which replicates the problem. Basically, the program creates a thread which listens for a datagram from a socket using
-
IPod function: fine-grained time movement
Maybe I just haven't gotten this figured out yet, but I'm having trouble moving ahead and back in audio with any precision. With a standard iPod, I'm used to hitting the center button, and then being able to navigate exactly to the time in a podcast