Restricting Port 25 connections, firewall or postfix config file best?

Similar Messages

• BIBeans connection with out using config file

  Hi All,
  I am trying to deploy BI Beans but I do not want to use config file. I am establishing connection to OLAP and catalog using connection object and can successfully connect. But the problem arises when I am using JSP to load any presentation as BIThinSession tag needs a config file.
  Can any one tell me how can I get around this problem? How can I present BIBeans presentation with out config file?
  Many thanks
  Shantanu

  try also to run the sql scripts
  AMDPATCH.sql and OLAP.sql,that are in the oracle or jdeveloper folder,launching them i solved this problem
  verify also that the bi_checkconfig don't present any problem loading OLAP metadata
  bye

• RDS and Gateway issues: Cannot get remoteapps to run without opening port 3389 on firewall

  I am testing the setup of a small RDweb server to host QuickBooks for some remote sales users (4 users). For the most part, I have everything installed on one virtual server (using 2012r2 "Quick Start" session host deployment with the additional
  Licensing and Gateway server roles added to the same server).
  Everything works excellent with one exception. External clients cannot launch published apps without having port 3389 open on the firewall, even with the gateway role installed and the 'Deployment Properties' set to use the gateway. They can properly connect
  to the RDweb site and view the published apps. The only way it works is open the firewall port (at which time I can disable the gateway or leave it configured and it works either way). Internally, everything works accordingly. I have followed the steps outlined
  on many sites and have combed though the forum here to no avail.
  Error received (summarized but is a well documented error):
  remote desktop can't connect to the remote computer: 1- Your user account is not listed (it actually is) or 2- You might have specified the remote computer in NetBios format . . etc.
  This is an existing SBS 2011 environment with additional virtual servers setup to host QuickBooks as outlined below:
  Current setup:
  Used Quick Start to install Remote Desktop Services in hosted sessions mode
  Installed the additional roles for Licensing and Gateway server on same server
  Configured wild card public certificates on all four services (Connection Broker(2), Web Access and Gateway)
  Configured internal DNS to properly lookup our external FQDN of this server (ex. quickbooks.contoso.com points to quickbooks.contoso.local
  One thing I noticed (just now) when I launch a published app and the firewall has port 3389 closed, a dialog box pops up directly after launching the app that warns about running a RemoteApp program and mentions the Remote Computer and the Gateway Server
  as both the same (which it is); however, I would have assumed one would have listed the internal server's name while, instead, both are listed as the external FQDN. Either way, internal DNS should still allow it to properly route . . no? I don't know . . I'm
  sure I am just missing something in a routing configurations somewhere. The gateway service is not properly looking up the RDweb service and then seeming not routing the encapsulated RDP session through HTTPS. . .. is my guess . .
  I was reading about the "set published name" commandlet; however, I am not experiencing a certificate name mismatch; however, the certificate name does show up as *.contoso.com versus the actual name. I may just be grasping as straws now . . :)

  Ok, while I was in the server and looking over the BPA scans: "The Remote Desktop Gateway (RD Gateway) server Secure Sockets Layer (SSL) certificate may not have a valid certificate subject name." This may be due to it showing up as *.companyname.com
  versus quickbooks.companyname.com. Anyhow. .. on to the list of actions above:
  Changed RD RAP from "Select Active Directory" group to "Allow any network resource" and tested with port 3389 closed on firewall:
  Worked. Initially it did not as I had used a custom shortcut created from earlier; however, after logging into the RDweb site again, the application loaded fine now (after the RD RAP change)
  No error message appeared; however, I did notice that for a split second, the word Error did appear in the browser's tab title, but only very shortly. The app launch does take a bit longer too now (about 10-15 seconds, up from about 4 seconds with the port
  open). This, I could care less about so long as we are properly forwarding the traffic through the gateway.
  As for log entries, I had spend quite a bit of time in there and only had minor issues with loading user profile setting taking too long and policy settings preventing the redirection of USB devices. Looking again, no issues still. Just a bunch of informational
  entries where I would connect before (and disconnect) but only with the port on the firewall open; otherwise, there was not an entry corrolating to when I would receive an error before. Now though, I am connecting after the RD RAP change and logs are showing
  connections even with the port closed. These are in "operational", the "admin" log only shows the update to the RD RAP configuration.
  Yes, the LAN's DNS server does relay the lookup information for my public FQDN as the local LAN address. No need for a local host record.
  I have now added a new rule in our firewall to allow and forward UDP port 3391 traffic to the internal server hosting remote services
  Thank you very much for your assistance on this matter. The RD RAP rule was default built during the creation of this services. Why is the resource not cross-referencing AD security groups? I could have sworn I created a group for that . . .

• IE HTTP close (reset) - port reuse causing firewall issues

  Having an issue with some systems reusing the same TCP port number between sessions, causing the firewall to drop the connection.
  Internet Explorer is creating the HTTP socket connection to port 80. An ephemeral port (assigned by Windows) is bound to the local side of the connection. The first connection goes through just fine. The socket is
  closed/reset. However, the very next connection (hundreds of milliseconds later), is using the same ephemeral port, causing the firewall to discard the connection.
  I have tried setting TcpTimedWaitDelay in the registry but that did not help. Since the socket is being reset, it never goes into the TIME_WAIT state.
  Any suggestions? This does not happen consistently - on the order of 10s of times per day.
  Thanks!

  Problem is still occurring. Customer has built a new client system with MS-only software (no virus protection, etc.). Upgraded this system to IE9.  Problem is still occurring. Tried disabling NativeXMLHTTP option but no difference.
  Here is the ASP VBScript code that causes the error to appear:
  function SubmitPost(data,ErrHow)
  var d = new Date();
  return SendData('POST','TDMaster.asp?InstID=' + document.getElementById("tdInstance").value + '&UID=' + d.getTime(),data,ErrHow,0);
  //Returns valid version of MSXML
  function GetMSXML()
  var progIDs = ['Msxml2.XMLHTTP.6.0','Microsoft.XMLHTTP'];
          for (var i = 0; i < progIDs.length; i++) {
              try {
                  var http = new ActiveXObject(progIDs[i]);
                  return http;
              catch (ex) {
          return null;
  // Function that actually sends the data and returns the response
  // Format 0 = XML
  // Format 1 = Binary
  var http;
  var timedOut;
  function SendData(method,url,data,ErrHow,Format)
              http =  GetMSXML() ; 
              var ResultXML;
              var e;
              http.open(method, url, false);
              http.setRequestHeader("Content-Type","application/x-www-form-urlencoded");
              http.setRequestHeader("Content-Length", data.length);
              try {
                          http.send(data);
                          if(Format == 0) {
                              return http.responseText;
                          } else {
                              return http.responseBody;
              } catch(e) {
                                  return CreateError(e.number, e, ErrHow);

• Could not open connection to the host, on port 23: Connect failed

  Can anyone please help with this telnet problem on CISCO 877 ADSL Router
  I am trying to telnet into my ISP Router remotely using public IP which has been dynamically assigned to the router by the ISP.
  I can Ping the Router and I can also go out to the internet on that router but, I can not telnet into that router from Inside the Network nor Outside the Network. There are no Firewalls involved.
  I have tried to clear the config and reconfigure it again, it does not help, I have also applied same config on another CISCO 877 ADSL Router it still does not work.
  ERROR i get on the Command Prompt: Could not open connection to the host, on port 23: Connect failed
  I have shown some of the Show Run out put below if that helps,
  ip nat inside source list 1 interface Dialer0 overload
  access-list 1 permit x.x.x.x 0.0.0.7
  dialer-list 1 protocol ip permit
  line vty 0 4
  password 7 ***********
  login
  Manny Thanks
  Punit

  Find Below the Requested Sh run outputs
  ADSL-ROUTER1#sh run | beg line vty
  line vty 0 4
  password 7 ***********
  login
  scheduler max-task-time 5000
  end
  I have removed the IP for security reasons
  ADSL-ROUTER1#sh ip route
  Gateway of last resort is 0.0.0.0 to network 0.0.0.0
       x.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
  S       x.x.x.x/29 is directly connected, Vlan1
  C       x.x.x.x/32 is directly connected, Dialer0
       x.0.0.0/32 is subnetted, 1 subnets
  C       x.x.x.x is directly connected, Dialer0
  S*   0.0.0.0/0 is directly connected, Dialer0
  I also keep getting the message below on the console done know if this is part of the problem
  Mar 13 07:17:32.213: %IP_VFR-4-FRAG_TABLE_OVERFLOW: Vlan1: the fragment table h
  as reached its maximum threshold 16
  Hope this output helps
  Thanks

• Adding NetGear Prosafe 8-port Gigabit VPN Firewall to existing TimeCapsule Network

  I need some help and direction with this one...
  What I currently have setup and what I am doing on a day to day is as follows;
  Cox Cable Broadband > ISP Cable Model > Time Capsule >Airport Express v1 + Airport Express v2 (Both extending wireless). I have a Dell/Windows Server setup as a Media Server and also have it setup to accept  VPN connection as well. I remote into my network quite a bit as well as VPN into it quite a bit, I RDP into the Dell Server as well as an iMAC and MacBook Pro from time to time. I have PS3, Xbox360, Apple TV 1stG and 2ndG, 2011iMac, 2011MacBookPro, iPAD3 and various other wireless clients. I would really like to add as much security as I possibly can and thought adding a Hardware firewall would be a good step.
  So I Purchased a NetGear ProSafe 8-port Gigabit VPN Firewall that I would install on my network and have everything behind that. The problem is I have no idea how to set it up for the best protection and performance. Only thing I found online is putting it behind my TC which would then leave my Wireless Clients outside the Firewall? I'm usually pretty good with this stuff, but this time I'm just completely confused and not even sure if I need this or if it's completely useles. I do like the TimeCapsule also running 2 Airport Express (v1 & v2) to extend my wireless network, but I'm not sure if it's as secure as it could be.
  If this was a good step buying a hardware firewall and from what I've read the model I bought (FVS318G) is pretty good, it's also solving a problem I have had with my network is needed Ethernet access. Time Capsule only has 3 ports so I figured this would also solve the lack of Ethernet ports as well.
  I'm thinking I would go from Modem > NetGear(DHCP Enabled) > Time Capsule (Somehow turn DHCP/Router off) > all my network clients.
  Can Anyone offer advice?? How I should configure this? Is it pointless? Return the Netgear Firewall? Buy a different hardware firewall???
  *BTW* I have software security covered, just want to add hardware as well.
  Any help/suggestions would be extremely helpful!
  Thank you!

  I am not sure who made the suggestion for the vpn router to be behind the TC.. they do that sometimes for connection to vpn for downloading TV shows etc.. but your proposed network layout is correct.
  I'm thinking I would go from Modem > NetGear(DHCP Enabled) > Time Capsule (Somehow turn DHCP/Router off) > all my network clients.
  All correct.. The Netgear has to be the one and only router.. otherwise the VPN will not give you access to the rest of the network behind the NAT.
  So easy peasy.. bridge the TC.. use the 5.6 utility if LIon.. you will need to download and install it..
  http://support.apple.com/kb/DL1482
  Lion v6 is a toy..
  Go to manual setup, internet tab. Connection sharing.. off, bridge mode. update the TC.. voila you are done.
  You should probably reboot the whole network. As the expresses will need to now get IP from the netgear not the TC. Tell us if you run into trouble, but everything should work, although it may require a reset and redo setup of the TC and express to get everything smooth again.
  Next issue.. hardware and software firewalls.. sometimes produces the great wall of china.. very secure... oh so secure nothing gets in.. or out. I do not know the Netgear.. but I would start with whatever the lowest preset is for the firewall. And see if you have issues.
  And of course then do the vpn setup.. which is a lot of fun.. (read strong sarcasm). But once you establish the tunnel should then give you access to the whole network.. you will not need to use RDP unless you need to actually take over a computer.
  VPN firewall is the RIGHT WAY.. albeit it can be painful in the initial stages.

• Opening of TCP/IP Port 53 in Firewall

  Hi ,
  I checked few SharePoint blogs which say for SharePoint 2013 need to open Port 53 in Firewall for "User Profile Synchronization Service(FIM)" to
  DNS server.
  - What user profile sync is been done between SP server and DNS server. isn't the user profile sync is from AD server ?
  pl see the link http://technet.microsoft.com/en-us/library/cc262849.aspx
  Thanks 
  Hari
  Hari

  thanks guys.
  My SP farm is in could and AD & DNS are in different cloud zone, hence firewall is in between.
  I am SP guy no much knowledge of firewall, DNS & AD. The cloud infra team has rejected the request to open port 53 to DNS server reason " This rule cannot be allowed
  as it will also cause functional issues for the Cloud VMs. Cloud VMs depends on Cloud internal DNS services to function. One method may be to consider if another AD/ DNS can be configured within G-Cloud as a VM. We apologize as we are unable to advise a solution,
  and even this needs to be submitted in this Pre-Qualification form for approval. Please note that Cloud VMs must not directly join the remote domain as this will cause the required DNS records to be missing."
  So I still this FIM to connect to AD-DS server or DNS server to fetch user information. 
  Thanks
  hari
  Hari

• I want to be able to totally block the FaceTime functionality in my home network.  I would like to do this at the router level.  Does anyone know the hostname or IP address that the FaceTime application uses? Or which port it connects to?

  I want to be able to totally block the FaceTime functionality in my home network so my 4 kids aren't using the Facetime feature- It was easy for Skype just had to enter the work Skype on my Router Security list- and it denies access. I would like to do this at the router level for FaceTime? Only site I find in init.ess.apple.com - is this the startup site for Facetime?   Does anyone know a site I can block, hostname or IP address that the FaceTime application uses? Or which port it connects to?

  I would presume so, but it might be worth your while to experiment and play around with different combinations to see if you can block FaceTime while keeping Game Center open.  Good luck!

• I have a Mac OSX version 10.75 with just one Thunderbolt port. and it has been my Thunderbolt port to connect with Blackmagic wear my intensity. and I no longer can use the port for mini-DVI adapter to connect with me. I do not want to ask any other way f

  i have a Mac OSX version 10.75 with just one Thunderbolt port. and it has been my Thunderbolt port to connect with Blackmagic wear my intensity. and I no longer can use the port for mini-DVI adapter to connect with me. I do not want to ask any other way for me to use to use my monitor. I monitor LG FLATRON E2041 brand .. PLEASE Helpp ME

  i have a Mac OSX version 10.75 with just one Thunderbolt port. and it has been my Thunderbolt port to connect with Blackmagic wear my intensity. and I no longer can use the port for mini-DVI adapter to connect with me. I do not want to ask any other way for me to use to use my monitor. I monitor LG FLATRON E2041 brand .. PLEASE Helpp ME

• How to enter a range of ports in the firewall

  Does anyone know the syntax of how to enter a range of ports in the firewall so I don't have to enter each individual number? 
  For instance, to open port 15000 to 15264, is it possible to type something like "15000 - 15264" instead each port followed by a comma?
  Thanks.

  Hi,
  In Tiger it is the same as the comma and dashes thing I listed for some routers.
  You can also click the Edit button in that pic I posted and look at which ports are listed (they will be greyed out on the Preset ones)
  Windows Sharing should list the SMB ports and the Printing ports.
  EDIT:
  Actually on this page where I listed how to set up iChat - SMB is a separate line.
  (Printing sharing may also list the Windows Print Sharing port)
  If those don't cover the Windows app you want to communicate with you will have to make your own Entry Like the Edit link I just inserted)
  10:37 PM      Friday; May 27, 2011
  Please, if posting Logs, do not post any Log info after the line "Binary Images for iChat"
   G4/1GhzDual MDD (Leopard 10.5.8)
   MacBookPro 2Gb( 10.6.7)
   Mac OS X (10.6.7),
  "Limit the Logs to the Bits above Binary Images."  No, Seriously

• Which is best port for connecting external pc vga monitor to macbook pro

  which is best port to connect my macbook pro to external via monitor?

  not sure what you feel your options are most macbooks pro have a minidisplay port or a thunderbolt port which is the same connector
  and all minidisplay -> hdmi or dvi or vga works

• Dynamically Setting a Variable from a Connection String that has been set by a Config File

  Hi Guys
  I'm setting up a Master / Slave (Parent / Child) dtsx environment but I'm unable to work out how to dynamically set a variable in the Master dtsx from a connection string that has had its value set by a config file. I'm sure it's possible.
  Below is the what I'm hoping to achieve. I've set up everything apart from the highlighted section.
  Any ideas?

  First, what version of SQL Server are you using?
  You could switch the problem around.  You could set the value of a variable from the config file, then it is easy to use that variable as the connection string source for your connection manager.  At the same time you can use a parent variable
  configuration to map that variable to variables in your child package.
  Russel Loski, MCT, MCSE Data Platform/Business Intelligence. Twitter: @sqlmovers; blog: www.sqlmovers.com

• Hi.  My air port is connected and wifi is working but i cannot connect to the time capsule to access any files stored there

  Hi.  My air port is connected and wifi is working but i cannot connect to the time capsule to access any files stored there

  Hi.  My air port is connected and wifi is working but i cannot connect to the time capsule to access any files stored there

• I was using my HDMI port to connect to my TV .port just stopped working

  I was using my HDMI port to connect to my TV .port just stopped working
  HP Pavilion g6 Notebook PC
  Version 6.3.9600 Build 9600

  Hey @kirilsubacs ,
  Welcome to the HP Forum!
  I understand the HDMI port has stopped working on your Pavilion G6 notebook.
  It would help to know exactly which notebook you are using and the installed operating system. For information on finding your product and model numbers click here: How Do I Find My Model Number or Product Number? To see which version of Windows you are using click here: Which Windows operating system am I running?
  If this is a new issue I would start by doing a system restore. This will undo any changes to the operating system and uninstall any Windows updates, programs, or program updates installed after the restore date. This will not delete your personal files.
  If that doesn't work try updating the drivers for your graphics card (GPU). You can find the drivers for your notebook here: HP - Drivers & Downloads.
  Let me know if that helps or please provide the model and operating system of the notebook.
  Please click the "Kudos, Thumbs Up" at the bottom of this post if you want to say "Thanks" for helping!
  Please click "Accept as Solution" if you feel my post solved your issue, it will help others find the solution.
  The Great Deku Tree
  I work on behalf of HP.

• Using hdmi mini port to connect to hdtv

  using hdmi mini port to connect to hdtv. the displays mirror just fine but the audio doesnt. under the sound settings for output it only lists the internal speakers and should list the tv but doesn't, why?

  If you connect the MacBook using a Mini DisplayPort to HDMI adapter you will probably need to use external speakers or a 3.5mm stereo headphone jack to RCA sound plugs connected to a stereo sound system if your TV doesn't have separate RCA input plugs or a 3.5mm stereo input plug for audio with the HDMI plug. The Mini DisplayPort to HDMI doesn't carry audio unless you have the Mid 2010 model 7,1 and there're no audio plugs on most TVs to work with HDMI since it's expecting audio with the HDMI.
    If you have the Late 2008 model 5,1 Aluminum Unibody or Late 2009 model 6,1 White Unibody with the Mini DisplayPort rather than the Mini-DVI there is an adapter that uses the Mini DisplayPort and a USB port to combine video and audio to HDMI. It's only 2 channel stereo not 5.1 Dolby Surround.
  http://www.monoprice.com/products/product.asp?c_id=104&cp_id=10428&cs_id=104280 2 &p_id=5969&seq=1&format=2