Re: SPI firewalls on third party routers may cause incorrect behavior

Similar Messages

• SPI firewalls on third party routers may cause incorrect behavior

  Disclaimer: Apple does not necessarily endorse any suggestions, solutions, or third-party software products that may be mentioned in the topic below. Apple encourages you to first seek a solution at Apple Support. The following links are provided as is, with no guarantee of the effectiveness or reliability of the information. Apple does not guarantee that these links will be maintained or functional at any given time. Use the information below at your own discretion.
  Some users have reported that image queries to sites such as Google Image Search, Google Maps and Bing do not display results in Snow Leopard. This is because of overaggressive "SYN Flood" protection in the firewalls of some third party routers.
  When image results are to be displayed, Safari and Firefox make multiple simultaneous connections to the host to retrieve them. This is usually faster than downloading one and moving on to the next and on and on.
  Safari in Mac OS X Snow Leopard may make as many as sixteen simultaneous connections to the Google image server's HTTP port within 0.0043 second to retrieve the data; in Mac OS X Leopard it may be as few as eight.
  Some consumer-level SPI firewalls misinterpret the attempt to open that many simultaneous connections to one server as a "SYN flood" and block the traffic. Not good, especially when the connections are being made from your machine to an outside host, so the firewall is effectively blocking you from perpetrating what it thinks is a SYN flood.
  Some Flickr users have experienced a similar issue.
  If your router allows configuration of its SPI firewall, you may be able to solve this problem if it has a setting labeled something like:
  Maximum incomplete TCP/UDP sessions number from same host
  On those routers, this setting is often set to a default of "10"; simply increasing this value to a much higher value - many have had good luck with "20" - will allow accesses to work as desired and will also allow some room for possible future expansion in the number of simultaneous queries made.
  If your router does not offer such a setting, there's no solution other than to disable the firewall.
  Note that any operating system - Linux, Solaris, even perhaps Windows 7 - could trigger the same problem. You can even generate the same issue in Windows XP by applying "speed tweaks" such as this.
  (Some explanation from Microsoft is available as well.)
  In short, it's a bad assumption made on the part of the SPI firewall's designers, not by Apple.
  This is the 1st version of this tip. It was submitted on April 20, 2010 by William Kucharski.
  Do you want to provide feedback on this User Contributed Tip or contribute your own? If you have achieved Level 2 status, visit the User Tips Library Contributions forum for more information.

  Odd,
  What tip ?
  I presume this is a left over from the Previous discussion  thread and a Topic that is now a User Tip.
  9:44 PM      Thursday; April 28, 2011
   G4/1GhzDual MDD (Leopard 10.5.8)
   MacBookPro 2Gb( 10.6.7)
  , Mac OS X (10.6.7),
  "Limit the Logs to the Bits above Binary Images."  No, Seriously

• Airport Extreme/Express vs. third-party routers

  Do the common glitches in network connectivity with Leopard occur almost solely with third-party routers, or is it fairly commonly spreads between them and Extreme/Express users? Just curious.

  In my line of work I setup various brands of wireless routers on a monthly basis.
  I have not experience any network connectivity issues with any macs running leoapard. However there are on 3 models of router I have used since leoaprd came out.
  The linksys wrt54G.
  The Netgear D834
  Apple Basestations.

• Third party routers that need no firmware update

  What are the best third party WiFi routers with LAN ethernet ports that need no firmware update to work with 10.4.8 and Windows XP?

  Actually the extra ethernet ports is paramount.
  Otherwise you don't know who is being secure to
  whom. You end up having two routers to setup for
  configuration of security. Simplicity is
  important, since I want to be able to help set it up
  for the friend, and forget it.
  ?? That doesn't make any sense - I think you're missing something fundemental here. The extra ethernet ports are on the LAN side of the secure connection. The firewall in the router isolates the internal, LAN network (wireless + ethernet) from the external WAN (aka the big bad internet). Whether or not you have a switch attached to one of the LAN ports makes no difference, security-wise - you are in control of the devices connected to the LAN side of the router. WEP/WPA/WPA2 security controls who is able to connect to the wireless LAN.
  From a security standpoint, there is ABSOLUTELY no difference between buying a router with eight lan ports and buying a router with four lan ports plus plugging in a five-port switch to one of the lan ports. It's exactly the same thing.
  What you don't control is the WAN side of things - the internet itself. You certainly wouldn't want to connect the switch to the WAN port on the router, at least not unless you wanted to run, say, a web server that is exposed to the internet itself. This wouldn't be a good idea in any case - there are better ways to set this up as well (either by setting up a DMZ, or by setting up port forwards)
  There is absolutely no reason why you would want or need two routers for this setup - this is only an issue for extremely large networks.
  The WRT54G has 1 WAN port and four LAN ports. You can have four hardwired devices (computers, printers, switches, etc) on these LAN ports - they are protected from the internet by the firewall in the router. You can also have any number of wireless devices on this same router; these, as well, are on the LAN side of the router, and are therefore protected.
  Adding a switch to the LAN side of the router has absolutely no impact on security. No additional routers would be required.

• Third Party Routers & Airport

  I'm a noob. I just got an airport express for christmas (i love it). I would like to put it in my room (in client mode), and have another cheap router broadcasting the ethernet signal to it to repeat (WDS). Now, I know that apple says this can't be done but I read all over the internet that it can. All I need to do is change the ip adress and a few settings. My problem is that all of the threads i've read are old, and I need to know of a new compatable third party router that I can buy for cheap and I need to know if it works for sure.

  I disagree with Don's assertion. Certainly that is the first time that I have seen a post claiming that there is 100 devices compatible with Apple's WDS.
  If you are going to search Google for devices, use http://www.google.com/search?hl=en&lr=&q=WDS%2BRouters+%2BMac%2BCompatible&btnG=Search instead of Don's link. It combines search items instead of making them optional. It also greatly reduces the number of hits.
  The devices known to be compatible with Apple's WDS are:
  AirPort Extreme base station (AEBS)
  AirPort Express
  Linksys WRT54G or WRT54GS (not latest versions v5)
  Belkin F5D7230-4 and F5D7231
  one specific model from SMC (don't know the model number)
  one specific model from Buffalo (don't know the model number)
  BT Voyager 2100

• TP Posting Third Party Remittance Documents Status Incorrect

  Hi everyone,
  I have run payroll to an employee and posted the results to FI Posting. Documents are posted in FI Posting. By using Tcode PC00_M99_URME - Evaluation Remittance (New) I am able to do the third party evaluation for this employee. Until this step the system is working fine. But when I am trying to execute using the T code PC00_M99_URMP - Create Posting run the system is generating incorrect documents.
  The message its showing is
  Messages for Document 0000002282Error in document: HRPAY 0000002282 LOG_800 ( Error Message )
  No data was transferred in parameter ACCOUNTPAYABLE (Error Message)
  Regarding configuration everything is correct in HR, I verified several times.
  Kindly let me know is there some thing to do reg vendors in FI such that vendors information will be updated in FI.
  Does anyone faced the similar issue earlier.
  If anyone has an idea in resolving the above issue please guide me.
  Your advices are very much appreciated.
  Thanks,
  lalitha.

  Thanks for your quick response.
  I verified the configuration, but I haven't noticed any issue.
  The problem I noticed is when we run third party evaluation run the amount of sign should be changed fron negative to positive. but its not changing.
  The processing class 73 has specification 1.
  Kindly let me know if you have any idea why  amount sign is  not reserved.
  Regards,
  Lalitha.

• Airport vs third party Routers

  Is there a true advantage of using a Airport router vs. say Net gear Router?  If so why??
  Thank you Wendy99

  Is there a true advantage of using a Airport router vs. say Net gear Router?
  I guess it depends on what features that you need or special requirements that you may have. If one router has the features that you need...and another doesn't....then your choice is pretty much already made.
  As far as wireless signals, the broadcast power of wireless routers is limited by law, and everyone is running their routers full blast, so in that regard, there really won't be much difference....performance wise....from brand to brand.
  It is a good idea to keep all of your routers from the same manufacturer since they will be compatible for other purposes like "extending" the network for more coverage. Trying to "mix" routers from different manufacturers is always a challenge.
  If you already have a Mac or several Macs, it will be easier to set up and configure an Apple router than say a Cisco or Netgear product. If you are used to working with PCs, you will probably be comfortable setting up a router from virtually any manufacturer.

• Anyone else having issues with third party routers...

  Last week I started having issues with my Asus RT-N66U where certain wireless devices e.g. PS3, Xbox 360, Laptop, etc. have issues connecting to the internet (the PS3 reporting a DNS issue) even after I replaced it with a second rt-n66u.
  I then tried using the HH3 I got with BT and have none of these problems.
  Back on the Asus I tried a manual DNS (BTs 62.6.40.178 and 62.6.40.162) but these are having issues as well although strangely it will work fine if I use it purely as a wireless access point via the HH3 (With HH3's internal wifi disabled), right now I'm testing it again with Google's DNS but I want to know, is anyone else having any issues?

  Is your firmware up to date? http://support.asus.com/Download.aspx?SLanguage=en&m=RT-N66U+%28VER.B1%29&os=8

• HELP!!!  in-browser editing using third party host "530 Login incorrect."

  I'm trying to set up in-browser editing for a company I designed a site for in Adobe Muse.  The weird thing is that I actually logged in with her credentials and was able to edit them.  I sent her all the info and she can't get in so I went to log-in and I get this message:
  The username and password are invalid for your FTP server.
  Please check them and try again.
  Server Message:
  "530 Login incorrect."
  I went back and double checked everything.  I even created a new ftp user from C-panel on ipage and I still get the same message.  So very frustrating. 

  Can you share what sites are having this problem on login? If you don't want to share that in the public forum, you can use the "Get Help" link in the upper right corner of In-Browser Editing to provide the details privately with the team.

• How to extend a wifi network of third party router with TC 4th generation?

  After searching the communities for a while, I did not find a definitive answer on the following question:
  - I recently bought a 4th generation Time Capsule 2TB (MD0322/A), that I also want to use as an extension for our existing wifi network.
  - This wifi network is maintained by a Sitecom Wireless 300N XR Gigabit Router. Router is set to work over 2.4 GHz (B+G+N) because of several non-N-wifi devices in the network. The channel in use is currently 11.
  - This router provides so called WDS functionality, i.e. the ability for other wifi access points to act as a seamless extension of the basic wifi network (using the same SSID).
  - The security settings in the router are WPA2 Mixed, with a password in plain ASCII.
  - There seems to be no way to set different security levels for WDS-connections versus normal AP (access point) connections. If WDS is enabled, the security settings of the AP-mode are extended to the WDS connection.
  I have set the Sitecom router to enable WDS, and added the MAC-address of the TC in the configuration of this router.
  When configuring the Time Capsule, with Airport Utility 5.5.3, I can select the option to use TC to extend an existing network, and I can select the network of choice using the WPA personal or WPA/WPA personal security. However, the TC does not succeed in extending the network, and reports this back. If I manually configure the TC and select the network of choice, Airport Utility reports back that the selected network cannot be extended.
  I have read several times in other posts that Time Capsule can only connect to third party routers via WDS using WEP-authentication, but these posts were quite old. I was wondering if this is still the case, or that Apple has updated this functionality in newer versions of TC, and thus there could exist a trick to connect to a WDS using WPA.
  I really would appreciate suggestions
  Bram Bos

  gilles13 wrote:
  I have a mac and pc (win7) both are connected thru a network with wifi and allready two access pt.
  Airport can not be used to extend a WiFi created by a non-Apple box.
  You need to turn off the radio in the router (shut down the existing WiFi).  Purchase TWO Airport Express units.  Connect one to the router with an Ethernet cable.  Configure that one as your primary WiFi network and then use the second Express as the extender.
  You need to locate the second Express where it receives a decent WiFi signal.  Too far away and it has nothing to extend.  Too close and it doesn't buy you anything.  Before you plug in the second Express, check to see where the primary WiFi disappears completely.  My personal WAG is that you want to locate the second Express 2/3 the distance to that point.
  If you use Airport Utility to configure the units, it's a snap.  In fact, if you configure the primary first and the extender second, AU will default to exactly the settings that you want.
  By the way, I refereed to the Express because it's less expensive than the Extreme and you didn't indicate any need for the Extreme features.

• Third Party Process (PR through Sales Order)

  Hi all,
  I have to configure the third party scenario (PR through Sales order) for one of my client.
  So can anybody tell me what are all pre-requisite / settings from the configuration point of view as well as from the transaction point of view.
  Thanks
  Shubham

  Hi,
  here is some stuff regarding third party purchasing,
  may be it will use ful,
  u2022     The item category group (BANS) in the sales:sales org.data screen of the material master controls whether or not the material will always be a third party material.  In this case, the item category in the sales order will be defaulted to u201CTAS.u201D   If the material is also procured internally, then the item category group can be set to u201CNORM,u201D and the material can still be used for third-party processing if desired.
  u2022     The item category in the sales order (TAS) informs the system that      procurement data must be maintained for the order.  In addition, this item  category results in a purchase requisition being automatically created with its item   category defaulted (S).
  u2022     The purchase requisition is created as a result of a sales order.  For each schedule line (quantities for sales orders broken up by dates of delivery), a purchase requisition item is created, provided that the item category on the
  sales order is u201CTASu201D for third-party.  The purchase requisitions created can
  be viewed and even edited from the schedule line screen (Edit-
  Procurement  Details).
  u2022     Changes in quantities, dates and account assignments in the purchase order result in the automatic changing of the sales order.
  u2022     A desired vendor (informational field) can be specified in the sales order in the procurement data for the order.  In addition, a fixed vendor may be assigned in this data if known at the time of the sales order. This then becomes the supplier for the third-party items. If the vendor is not specified in the sales order, the purchase requisition goes through the normal source determination.
  u2022     The account assignment in the purchase requisition can be either the sales order (C), or aux. account assignments (X). 
  u2022     Once created, the third-party purchase requisition follows normal
  purchasing procedures.
  u2022     Customer delivery information is copied onto the purchase requisition from the sales procurement data.
  u2022     If you create delivery schedules or change quantities during the purchasing process, these automatically get copied back to the schedule lines on the
  sales order.
  The goods receipt indicator can be found in the purchase requisition which can be edited from the sales order (Click on Item line- Hit Schedule Lines button -Hit Purchase Requisition Button).  This indicator determines whether or not the customeru2019s goods receipts are monitored.  When the indicator is off, invoice verification is done against the purchase order quantity, and the delivery of goods to the customer is not input into the system
  chenna
  Edited by: lakshmi reddy on Oct 6, 2010 2:23 PM

• Can third-party memory ruin my hard drive?

  Sorry this is a wee bit off topic, but since (a) I am more likely to get a straight answer from people here, and (b) I've already brought this problem up before, I'm going to ask..
  I have 2 identical laptops. We bought both for the lab about 2 years ago. They are G4 ppc. I bought an extra half gig of memory for each at the time of purchase, but I think it is from ramjet, not Apple.
  Both drives failed within a few weeks of one another. The second one came back from Apple today with a snotty message saying that the third-party memory had caused the problem and that they will refuse to do a repair if we ever send them a computer in the future with a third-party memory chip in it.
  This strikes me as absolute horse-shiite, but then again, maybe I am not aware of something I should be.

  The letter states "During the testing process, it was
  determined that a part Apple has not approved for use
  with your product resulted in your product's failure.
  When the part was removed, your product successfully
  passed all Apple diagnostic and reliability tests"
  (then it checks RAM in the space provided."
  (A new hard drive, which is 15 GB larger than the
  original, was put in, along with an obsolete version
  of OS X. One has to wonder why the drive was
  replaced if removing the memory resulted in all tests
  being passed.)
  It has been well documented that Mac memory meet strict requirements because of very tight timing and sync on the MLB... memory with sloppy gating (inconsistent timing) will cause read/write errors on HDs and that it can cause corruption in the boot record and index sectors... this in turn can cause the drive to seek for data trying to fix itself and excessively work the drive and shorten it's MTBF. So, Indirectly... cause damage... sorta... but not like taking a hammer to it.. You basically got a form letter.. but the memory that you are using may be causing some problems and contributing to problems on your HD. Even if your system may not call for matched memory if you always stick to using matched sticks, (especially the speeds, not just size) you will save your self a bunch of headaches in the long run. Pull any 3rd party memory before sending it in for repair... you don't always get the system back with the same sticks (even if they weren't officially replaced.
  OS9 was problematic in this similar reguard... I went thru 3 HDs before figuring out that an extension conflict was the cause of my data being hosed on my old Performa. (Apple had replaced all components at least once and I was still having problems until I killed the offending extension).

• Third party router

  My HH3 is slowly expiring, I decided rather than getting into a lenghty frustrating exchange with BT I'd replace it with a 3rd party router. It hasn't went well.
  First replacement: TP-Link TLWR841N. I've download speed issues I can't reslove and sometimes on setup there's no WAN connection. Fustrated I moved on to ....
  Second replacement: Belkin F5D8236-4. Thought it was working great (Download speed ways) and then I discovered that my BTTV IP channels don't work. My G4 YouView box conncts fine and all IP address match (Tried auto and manual assigment) But no IP channels or recordings. I assume it's something to do with Multicast settings but my brain shout down reading this rather lenghty thread.
  https://community.bt.com/t5/YouView-Boxes/Multicast-Settings-for-3rd-Party-Routers-may-not-work/td-p...
  I can't find any multicast settings in the router, can someone confirm that the router isn't suitable for BTTV or that they got one working. Ta.
  <edit> Just put the TP-Link back in and confirm BTTV does work with it but I still have download speed issues.

  sangerm wrote:
  Hi,
  My HH3 started misbehaving last month and BT changed it for a Home Hub 4 for free. The phone call to support wasn't too arduous - about 15mins on the phone and the new hub arrived next day.
  Alternatively, pick up a HH4 on ebay. There's one on their right now for 99p + £3.20 postage with 1 hour to end of bidding!
  I picked up a new HH4 on ebay last week, wasnt as cheap as above but I'd change out of £15
  So 3rd time (router) lucky then, sounds like itmight have been easier to ring CS!
  Thanks

• Airport with third party wireless router?

  Will Airport Extreme units play well with third party routers? I have Verizon FIOS and would like to use my Airport Extreme base station and Airport Express unit on my home network. I have successfully set up Airport Express in my office as a WDS. Can Airport Extreme base station be set up as part of a WDS?
  Thanks for any insights.

  Will Airport Extreme units play well with third party routers?
  No industry-wide standard exists for WDS, so it is impossible to predict how Apple's implementation of it (or anyone else's for that matter) will interface with other equipment.
  Wikipedia has a short but fairly comprehensive list of third party equipment that allegedly support WDS. Missing from the list is a Linksys access point, which I nonetheless successfully configured as a WDS remote station. They call it "repeater mode".
  Yes Verizon FiOS is absent.

• Intune & Third Party Software Automatic Updates

  Can Windows Intune ensure third party software such as Java, Adobe Reader, & Flash is updated? I at-least want an email when a PC has an out of date version of the above software. If Windows Intune can't do
  this, any recommendations?
  We're a small business that simply uses Windows Intune and Office 365. Recently a PC had a vulnerable/out of date version of Java and visited a compromised site, resulting in a nasty virus. Obviously I don't want this to happen again.
  Update: I ended up using GFI Cloud's patch management to address the lack of automatic third party patching in Windows Intune.

  That requires manually uploading patch files for third party software daily... I'm looking for something that can automatically update common third party software that cause major security concerns, or at-least notify me when they are out of date.