Problem opening port 5900

Hello,
I have been unable to open port 5900 on a WRT54 or on my current WRT150N router despite spending over 2 hours with tech support. If anyone thinks they can help me please reply.
current config:
distributes fixed IP, 69.2.240.211, traffic to an internal network, 192.168.1.xxx
port 22 open and forwarded
port 80 open and forwarded
port 5900 - nothing
Let me know if you need further details.
Thanks - denis

Logically if you are able to open ports 22 and 80 your router should also be able to open 5900...If not you can just upgrade the Firmware on the router and retry...

Similar Messages

Problems opening ports for Torrent downloads

Is there a how to guide or anything out there on how to properly open and forward ports....for something like a Torrent client?
I thought I was doing everything right, but I still can't get my client to connect to any trackers.
This is what I've done so far:
Added a new protocol for bit torrent with the following ports that my client uses:
TCP Any -> 6881-6891 UDP Any -> 6881-6891
Forwarded that protocol to the static IP of the machine running the client on the network.
I thought that's everything it would take to make it work, but no luck. I did the same thing with ftp and http for a filer server I use and it all works great.
Any tips?

You are very close to allowing users to connect to you, because this is my understanding of the status of ports.
#1 A port will be stealthed / time out / filtered if something is blocking that port.
#2 A port will be closed / connection refused if nothing is blocking that port and the server is not listening.
#3 A port will be opened / success if nothing is blocking that port and the server is running.
Here are example(s), of what I mean...
#1 Stealth / time out / filtered
http://i42.tinypic.com/qo8w9j.jpg
#2 Closed / refused
http://i40.tinypic.com/2wp82e9.jpg
#3 Open / success
http://i42.tinypic.com/vdis8o.jpg
-> You need to start the server for the port to be open. -
If need be: It would help to know more about this single NAS box that runs a web server, ftp server and a torrent client.
Like, the brand and model of it..
If you are the original poster (OP) and your issue is solved, please remember to click the "Solution?" button so that others can more easily find it. If anyone has been helpful to you, please show your appreciation by clicking the "Kudos" button.

Problems opening ports for PS3 and XBOX 360 on WRT160N

i opened all the ports for both system but one system will be lagging while the other will be fast on connection im trying to make both system run on a fast connect is there a step im missing

Which ports you have opened for x-box and ps3..?
Have you done port forwarding or port trigerring..?
Is ps3 and x-box are connected wired or wireless...?
Reduce the MTU sixe to 1364 on the router.Uncheck"Filter Anonymous Internet Requests". Under Wireless tab,click on Advance Wireless Settings tab and Change the Beacon Interval to 75,Fragmentation Threshold to 2304,RTS Threshold to 2304 and Click on Save Settings...
Now,power cycle the entire network and then,try........

Opening port on ultraline series 3 model 9100 em??

I have the ultraline series 3 model 9100 em. I was trying to configure it to open port 5900 (so I can use Mocha VNC on my phone). Can anyone advise how? I attempted to look at portforward.com but can't locate this particular router. I spent an hour yesterday being transferred from india, to tx, back to india...and nobody could get me to tech support...which usually is hit or miss anyways depending on who you get.
Can anyone here help me out, or point me to another site? I've done this on other routers (linksys) but it has been so long, and the layout of this particular router has me perplexed.
Thanks!

After you log-in to this router, show the first screen that you see.
While you do not see a guide for the ultraline series 3 model 9100 em there, the screens of your router may be close to the screens of another router guide that they provide.
^^
If you are the original poster (OP) and your issue is solved, please remember to click the "Solution?" button so that others can more easily find it. If anyone has been helpful to you, please show your appreciation by clicking the "Kudos" button.

VNC, port 5900, help

I want to set up a vnc connection to use my computer through my iphone. When I run the program it tells me "VNC server not found on port 5900".

If you have a firewall running on your computer you have to open port 5900 on that too. You also have to forward port 5900 on your router to the computer on your network (if you want to access it from the outside world).

Can't update iOS 8 on my iPhone5 through iTunes on Windows 8 (error 3004, 3194). Updated host file, opened port 80, 443; turned off security system and firewall, etc. But nothing works. How to solve this problem?

Can't update iOS 8 on my iPhone5 through iTunes on Windows 8 (error 3004, 3194). Updated host file, opened port 80, 443; turned off security system and firewall, etc. But nothing works. How to solve this problem?

Hi the_mad_movies,
It seems like this article will be the best option for addressing this issue:
Error 3194, Error 17, or "This device isn't eligible for the requested build"
http://support.apple.com/kb/ts4451
Thanks for coming to the Apple Support Communities!
Cheers,
Braden

Port 5900, how to open for local USER?

I'm having the same problem as many on this ARD forum - we canot Observe & Control some Macs. I've noticed that the ones we cannot access are running AppleVNCS through port 5900 via 'root', but those we can access are running AppleVNCS via 'user'.
Is there any way I can force the faulty systems to access through 'user'?
I have tried various tricks through System Preferences, but I'm not getting the desired result.

That's an interesting correlation between the user the server process runs as and whether you can successfully initiate a session, however, it shouldn't matter. AppleVNCServer appears to run as the user that is currently logged into the console. Only if there is no console user (machine is at the real login window, not FUS login window popup) does the server runs as root.
Are you able to connect via screen control if you log a user into the console of one of these machines?
Is the user for AppleVNCServer tracking with the console user ID? Are there more than one copy of AppleVNCServer running?

Open ports problem ASA5505

Hi everyone.
I'm trying to open ports on a specific host but I can't make it work.
I tried to make it clear as possible,
Thanks for helping.
There is my config:
Result of the command: "show run"
: Saved
ASA Version 9.1(3)
hostname ciscoasa
enable password *** encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd *** encrypted
names
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 1.1.1.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address MY-FIREWALL-IP 255.255.255.240
boot system disk0:/asa913-k8.bin
ftp mode passive
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network LAN-SITE-B
subnet 1.1.2.0 255.255.255.0
object network LAN-SITE-A
subnet 1.1.1.0 255.255.255.0
object network Firewall-SITE-B
host VPN-SITE-B-IP
object network SERVER01
host 1.1.1.2 (MY SERVER THAT I WANT TO ACCESS FROM OUTSIDE)
object-group service ALL-IP tcp-udp
description ALL-IP
port-object range 1 65535 (FOR TESTING PURPOSE, I'M TRYING TO OPEN ALL PORTS ON THIS HOST)
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
access-list outside_cryptomap extended permit ip object LAN-SITE-A object LAN-SITE-B
access-list outside_access_in extended permit object-group TCPUDP any host MY-HOST-PUBLIC-IP (DIFFERENT FROM THE OUTSIDE INTERFACE) object-group ALL-IP
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (inside,outside) source static LAN-SITE-A LAN-SITE-B destination static LAN-SITE-B LAN-SITE-A no-proxy-arp route-lookup
object network obj_any
nat (inside,outside) dynamic interface
object network SERVER01
nat (inside,outside) static MY-HOST-PUBLIC-IP (DIFFERENT FROM THE OUTSIDE INTERFACE)
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 MY-GATEWAY 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
no user-identity enable
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
http server enable
http 1.1.1.0 255.255.255.0 inside
http 0.0.0.0 0.0.0.0 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec security-association pmtu-aging infinite
crypto map outside_map 1 match address outside_cryptomap
crypto map outside_map 1 set pfs
crypto map outside_map 1 set peer SITE-B
crypto map outside_map 1 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 1 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map outside_map interface outside
crypto ca trustpool policy
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable outside
crypto ikev1 enable outside
crypto ikev1 policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 inside
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
dhcpd auto_config outside
dhcpd address 1.1.1.100-1.1.1.125 inside
dhcpd dns 24.200.241.37 24.201.245.77 interface inside
dhcpd enable inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
group-policy GroupPolicy_SITE-B internal
group-policy GroupPolicy_SITE-B attributes
vpn-tunnel-protocol ikev1 ikev2
username MY-USER password *** encrypted privilege 15
tunnel-group SITE-B type ipsec-l2l
tunnel-group SITE-B general-attributes
default-group-policy GroupPolicy_SITE-B
tunnel-group SITE-B ipsec-attributes
ikev1 pre-shared-key *****
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:f5d698f2b08e98028f2d487a42c7187e
: end

Hi Jouni,
Thanks for helping again,
Looks like i'm getting the same problem.
ciscoasa# show run access-list
access-list outside_cryptomap extended permit ip object LAN-SITE-A object LAN-SITE-B
access-list OUTSIDE-IN extended permit ip any object SERVER01
ciscoasa#
ciscoasa# show run access-group
access-group OUTSIDE-IN in interface outside
ciscoasa#
ciscoasa# packet-tracer input outside tcp 1.1.1.1 12345 MY-SERVER01-PUBLIC-IP 12345
Phase: 1
Type: UN-NAT
Subtype: static
Result: ALLOW
Config:
object network SERVER01
nat (inside,outside) static MY-SERVER01-PUBLIC-IP
Additional Information:
NAT divert to egress interface inside
Untranslate MY-SERVER01-PUBLIC-IP/12345 to 1.1.1.2/12345
Phase: 2
Type: ACCESS-LIST
Subtype:
Result: DROP
Config:
Implicit Rule
Additional Information:
Result:
input-interface: outside
input-status: up
input-line-status: up
output-interface: inside
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule

Problems opening up ports for E1200

I am trying to open ports 53, 80, 88, 1863 and 3074 for my xbox. I gone through several help pages on how to do this. I then run PFPortChecker by Portforward and it tells me the ports are not open.
background:
I have given my computer a static IP - 192.168.1.50
I have given my xbox a static IP - 192.168.1.101
I have ensured my router has the most up-to-date firmware
I have entered all ports through the " Single Port Forwarding" screen on the web based interface
I am basically computer illiterate. I figure stuff out by trial and error.
Thank you.

Thank you, everyone.
Kawai, I have set the open portson my router to:
Xbox_LIVE1 50 - 50 - Both 192.168.1.99
Xbox_LIVE1 80 - 80 - TCP - 192.168.1.99
Xbox_LIVE1 88 - 88 - UDP - 192.168.1.99
Xbox_LIVE1 1863 - 1863 - Both - 192.168.1.99
Xbox_LIVE1 3074 - 3074 - Both - 192.168.1.99
I aslo change the static IP address on my xbox to - 192.168.1.99.
When I run an internet test, I am now told my NAT is set to moderate. Using the link jibjib provided, I've determined my IP address is private (subnet of 255.255.255.0). Thus I need to bridge my modem.
Am I on the right track here?
So in the meantime, I have called my ISP (Knology) and found out they do not offer static IP addresses.
I'm now on the phone with a Cisco rep and she has offered to connect me to a "third party support provider". But I don't see how any of this can help since my ISP will not provide a static IP address.
Does anyone have any thoughts? Thank you again.

Help open port on ASA5510 (version 8.3)

Hi all,
I configured ASA to open port 21, 3389, 5900 (outside access in) but when i check port just success : 21 and 3389, Error: 5900
If i configured with only one port 5900 or 3389, is't ok, i don't undesrtand what 's the problem?
ASA5510>
ASA5510> ena
Password: ***********************
ASA5510# show run
: Saved
ASA Version 8.3(1)
hostname ASA5510
domain-name lohoi.local
enable password *********************** encrypted
passwd *********************** encrypted
names
interface Ethernet0/0
description Connect_to_Modem
nameif outside
security-level 0
ip address 10.0.0.2 255.255.255.0
interface Ethernet0/1
description Connect_to_Router2911
nameif inside
security-level 100
ip address 172.16.17.2 255.255.255.240
interface Ethernet0/2
shutdown
no na
no security-level
no ip address
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
interface Management0/0
description Management
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
ftp mode passive
clock timezone ICT 7
dns server-group DefaultDNS
domain-name lohoi.local
object network obj-any
subnet 0.0.0.0 0.0.0.0
object network ftpserver
host 192.168.88.90
description FTP server
object network Remote_Desktop
host 192.168.100.29
object network VNC
host 192.168.100.4
access-list 101 extended permit icmp any any
access-list 101 extended permit icmp any any echo-reply
access-list 101 extended permit tcp any any
access-list outside_access_in extended permit tcp any object ftpserver eq ftp
access-list outside_in extended permit tcp any host 192.168.100.29
access-list outside_in extended permit tcp any host 192.168.100.4
pager lines 24
mtu outside 1500
mtu inside 1500
mtu management 1500
icmp unreachable rate-limit 1 burst
asdm image disk0:/asdm-631.bin
asdm history enable
arp timeout 14400
object network obj-any
nat (inside,outside) dynamic interface
object network ftpserver
nat (inside,outside) static interface service tcp ftp ftp
object network Remote_Desktop
nat (inside,outside) static interface service tcp 3389 3389
object network VNC
nat (inside,outside) static interface service tcp 5900 5900
access-group outside_in in interface outside
route outside 0.0.0.0 0.0.0.0 10.0.0.1 1
route inside 192.168.88.64 255.255.255.224 1
route inside 192.168.100.0 255.255.255.0 172.16.17.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 management
http authentication-certificate inside
http authentication-certificate management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh 192.168.100.0 255.255.255.0 inside
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
username admin password *********************** encrypted privilege 15
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
service-policy global_policy global
prompt hostname context
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DD
CEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:667cb3ec729681c78ccab9a57abd89df
: end
ASA5510#

ASA5510# show run
: Saved
ASA Version 8.3(1)
hostname ASA5510
domain-name lohoi.local
enable password ****************** encrypted
passwd ****************** encrypted
names
interface Ethernet0/0
description Connect_to_Modem
nameif outside
security-level 0
ip address 10.0.0.2 255.255.255.0
interface Ethernet0/1
description Connect_to_Router2911
nameif inside
security-level 100
ip address 172.16.17.2 255.255.255.240
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
interface Management0/0
description Management
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
ftp mode passive
clock timezone ICT 7
dns server-group DefaultDNS
domain-name lohoi.local
object network obj-any
subnet 0.0.0.0 0.0.0.0
object network ftpserver
host 192.168.88.90
description FTP server
object network remote_desktop
host 192.168.100.2
object network remote_vnc
host 192.168.100.4
access-list 101 extended permit icmp any any
access-list 101 extended permit icmp any any echo-reply
access-list 101 extended permit tcp any any
access-list outside_access_in extended permit tcp any object ftpserver eq ftp
access-list outside_access_in extended permit tcp any host 192.168.100.4 eq 5900
access-list outside_access_in extended permit tcp any host 192.168.100.2 eq 3389
pager lines 24
mtu outside 1500
mtu inside 1500
mtu management 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asd
asdm history enable
arp timeout 14400
object network obj-any
nat (inside,outside) dynamic interface
object network ftpserver
nat (inside,outside) static interface service tcp ftp ftp
object network remote_desktop
nat (inside,outside) static interface service tcp 3389 3389
object network remote_vnc
nat (inside,outside) static interface service tcp 5900 5900
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 10.0.0.1 1
route inside 192.168.88.64 255.255.255.224 172.16.17.1 1
route inside 192.168.100.0 255.255.255.0 172.16.17.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 management
http authentication-certificate inside
http authentication-certificate management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh 192.168.100.0 255.255.255.0 inside
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
username admin password ****************** encrypted privilege 15
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
service-policy global_policy global
prompt hostname context
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DD
CEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:4f061a213185354518601f754e41494c
: end
ASA5510#
So i configured again, but i'm not to access to 5900 port

Firewall in 10.5, how to open ports and how to manage?

I am pulling my hair out with the new firewall in 10.5. In 10.4 I could just set ports as I liked in the control panel, in 10.5 there is no such thing.
I need to for example open port 49999 to allow PageSender to function in my network.
I need to open port 5901 to work with JollyFast VNC, as port 5900 is used by Apple Remote Desktop and the conflict if they both use the same port.
Some of these ports I need permanent open like 59999 and others for one session and than close again, like 5901. Again in 10.4 I made the rule in the pref pane, ticked the box and Bob was your uncle. Now?
I would like to be able to see what ports are open and active on the machine. I have no idea as to where I could see this.
And at the same time I would like to keep the firewall as closed as possible as I am often on line in hotels etc.
So I need help, is there a manual somewhere someone is aware of? Or do you have any answers?

The new Application Firewall does not work in the same way as IPFW (the main firewall in 10.4).
Instead of managing ports, it simply controls the access of applications to any port. Thus, if you want PageSender to receive connections, you simply need to switch the firewall to "Set access for specific services and applications", and then add PageSender to the list, with "Allow incoming connections". When you do this, PageSender will be able to receive connections on any port that it needs to.
If you don't like this method of controlling connections, you can still use IPFW. Apple has removed the GUI, but you can download a GUI application like [NoobProof|http://www.hanynet.com/noobproof> or [WaterRoof|http://www.hanynet.com/waterroof/index.html], and you can then set access for specific ports.
There are no problems with using both IPFW and Application Firewall.
Cheers,
Rodney

Apple Remote Desktop, VNC, and port 5900 LAN weirdness

Hi all,
I am trying to share screens with a Mac Mini running ARD in OS X 10.3.9 over a LAN from my Macbook Pro (10.4.11). I have an Airport Extreme base station (7.2.1). The Mini is connected to the base station via wired Ethernet cable, the Macbook is wireless.
I'm using Chicken of the VNC (2.0b4) on the MacBook, but I can't get anything but Connection Refused.
* The software firewall on the mini is off (I'm behind NAT)
* I've turned on ARD in the Sharing prefs control panel, set up the users and checked all the "allow" checkboxes (and restarting the mini)
* I've tried connecting to port 5900, 5901, and 3283
* I've tried enabling port mapping on the Airport (which seems crazy, since this is all happening within the LAN)
I can SSH to the mini just fine from the Macbook. Using NetUtility, I can ping it, traceroute to it, you name it.
The only weird thing that I can find is that when I do a Port Scan on the Mini, it never returns port 5900 as open (which it seems like it should). Other ports return as open.
I've Googled my brains out looking for answers on this, and the best info that I can find points toward a network config. problem. But if that's the case, why can I SSH okay?
And yes...I could upgrade to Leopard on the MacBook. Or install OSXvnc on the Mini. But I can't see why I wouldn't have exactly the same problem. And, dadgum it, this should work!
I'm totally stumped (and have a sneaking suspicion that I'm missing something obvious). If anyone can shed light on this, or point me at a resource, I'd be very grateful.
thanks,
c

Thanks to the folks at macosxhints.com, I have discovered that ARD in OS X 10.3.x doesn't support VNC connections.

Why does port scan show an open port for application I've never had?

I don't currently and never have used Bacula to backup my Macbook, but for some reason when I do a portscan it often shows a Bacula file daemon being open on port 9102. It also comes up in Netstat as listening, even with my firewall blocking all unnecessary connections, sharing turned off (all), and an Airport ex in front of it also secured. I also cannot find any related files etc. on my machine after a thorough search. Despite my best google and support searches, I couldn't find anyone with the same problem. Is this reason for concern? Either way why would it be there despite it not being ever used on my Mac? I am not well versed in networking, only know enough to get myself in trouble, so thanks in advance for any help.

Ok, I ran a port scan on 9102 and it show it's not responding, but assigned to (bacula-fd)
So what it appears to be is Bacula ( a legitimate program) uses this port, much like Screen Sharing uses port 5900, not necessarily that it's installed on your machine.
It's not uncommong to have open ports, it's so if you ever install the program or use a service it can gain access through the Firewall. You can change that of course to close up everything except certain ports for certain programs.
Now that the firewall is App based, if you don't have the app listed, how do you deny it access?
Well if the program isn't installed on the machine, it can't respond if the port is open or closed.
Simply enable your Firewall and allow the programs you do have and want to access your machine to connect in the Advanced settings.
There is also NoobProof and WaterRoof if you need a GUI/simplicity to enact more complex features of the command line firewall. Block IP addresses and everything. However read up before you mess around, Apple has everythign set up nicely and there are very few successful attacks on Mac's.
If you don't know what your doing, you can actually do more harm opeing up your machine to poential attack.
If your more paranoid, then install LittleSnitch, it's a outgoing firewall and notification software with pop-up window to allow/deny on a per program or request basis. You'll be quite shocked how much is going out in the background without your knowledge.

Port 5900 appears blocked from WAN

I have 39 Macs I am remotely administering but a few (2) seem to have port 5900 for VNC as blocked. We have rules out our router as a PC at the same location can VNC no problem through that route/firewall. So it seems to me that the port is being blocked on that Mac. The remote management setting are all set to allow and the internal ipfw is turned off. At one time IceFloor was installed but those settings have been dumped and uninstalled. Is there a way to restore all the ipfw setting to open to ensure it is not the Mac blocking the port?

Looks like I can't edit my original question...
The problem is still happening, I've been doing some testing to narrow it down...
+ it's not just my computer (have also tried from my mums PowerPC and my sisters iMac), although it could be a mac thing (I don't have a windows machine to test from, only windows running on a mac, though I will give that a shot later)
+ it's not my internet connection (although it could be my ISP - I tested at my sisters place, who uses the same ISP as me, am looking for another testing location that has a different ISP)
+ it's not my website (have tried uploading to a completely unrelated website with similar results)
+ it's not cyberduck (have tried with filezilla, similar results, also tried via terminal - I don't know how to upload files, but when I connected, it connected through a different port, a 5 digit number, can't remember what now).
Not too sure where to go from here...

Xbox 360/one problem and port forwarding

For a couple months now (since I got my AirPort Extreme) I have not been able to connect to a certain friend on xbox. I can connect to anybody else however. The only way we can (kind of) connect is if somebody else is host and we both connect to him.
My NAT type is Moderate. When I try to test my connection on my xbox it says that I can connect but I am limited in matchmaking (this is joining games and using voice chat, which is the problem named above for my particular friend). The xbox shows the error and suggests that I enable UPnP or open the port 3074.
The problem is that I have already have! I gave my xbox a static IP and forwarded the port 3074 to that IP.
(I have also tried forwarding all the ports that xbox live uses to the xbox. These being:
Port 88 (UDP)
Port 3074 (UDP and TCP)
Port 53 (UDP and TCP)
Port 80 (TCP)
as found on the xbox website... https://support.xbox.com/en-US/xbox-360/networking/network-ports-used-xbox-live
I made sure to put them in the right text boxes for UDP and TCP so that is not the problem either.)
I know that the AirPort Extreme does not support UPnP but does have a similar thing called NAT Port Mapping Protocol which was already enabled. (I tried all possibilities of enabling/disabling NAT...Protocol and port forwarding/not port forwarding.) --- This is not the solution as I see it
In short: My xbox tells me to open port 3074. I already have. It still tells me to open it and still won't work.
I posted this on the apple discussion page (instead of the xbox discussion page) because I know that it's not an xbox problem. When I had my old linksys router it worked perfectly.

I have this exact same question and problem. I know this doesn't help, but would appreciate any updated information if you find an answer. I'll keep working on this also and let you know if I find an anwer.

Problem opening port 5900

Similar Messages

Maybe you are looking for