Route decisions based on destination TCP port with EIGRP
Need information and plausibility on making routing decisions within EIGRP based on different destination TCP port. I have a third party partner that we communicate too and they are adding a second location which we will connect too. They are wanting to use the same destination host IP but make route decision based on destination TCP port; i.e. if we target tcp 6123 they want us to route down link A to site A, if we target tcp 7123 we would route down link B to site B. I have never had to make that happen so I am looking into whether it actually can and if so what is basic configuration to pursue. We use static IP routes to/from them today and will in the future at the edge, those are distributed internally to our EIGRP. Can EIGRP make decisions based on IP and Port?
No routing protocol makes decisions based on port number as far as I know.
You need to look into PBR (Policy Based Routing) for this where you can use acls to define the route that traffic takes.
Depending on your connections you may well need to use tracking as well but it depends.
If the only reason to use EIGRP is for these connections you probably don't need it as with PBR you are overriding the routing table anyway but you may want to run it for other connectivity.
If you do a search on PBR you should find quite a few examples but if you get stuck then by all means come back.
Similar Messages
-
Airport Extreme Simultaneous Dual-Band port forwarding broken if only TCP ports with firmware 7.6.1
When configuring my Airport Extreme Simultaneous Dual-Band router, port forwarding is broken if you only specify TCP ports to forward. This is with firmware 7.6.1. What happens is that after you hit the Update button, when the router comes back and you open the port forwarding entry, the IP is still there but the port numbers are missing.
I tried all different port numbers and ranges and nothing would stick if i only specified TCP ports. If i added UDP ports with the TCP ports then it would save them. And if you add a new entry with only UDP it saves them too.
Now this is with adding a new port forwarding. I already have existing ports being forwarded that only have TCP. They are still working. I believe i added them with a previous version of the firmware.
Any one else see this issue? Any ideas?
Maybe i should perform a hard reset and reload a saved config.
Peace,
DanI haven't seen the issue but you could just downgrade to an earlier firmware:
-
Need to route traffic based on destination to 2 different routers
I have a 4451X that has a default route of 10.10.48.1. I have 2 other internet routers at 10.10.48.15, and 172.31.1.3.
The router at 172.31.1.3 is a VPN firewall and has a VPN to 3 specific IP networks. 172.31.252.0/24, 192.168.252.0/24, and 192.168.163.0/24.
I need the traffic headed to the 3 VPN'd networks to route to 172.31.1.3, and the remaining traffic to route to 10.10.48.15.
The source network is 172.31.0.0/23 and the gateway of the machines is 172.31.0.1.
I tried creating a PBR but the internet traffic seems to go outbound through the router's default route of 10.10.48.1 and not 10.10.48.15.
I am sure I am just missing something silly.
Here are the relevant portions of the config:
interface GigabitEthernet0/0/1
ip address 172.31.0.20 255.255.254.0
ip nat inside
ip policy route-map Test
negotiation auto
vrrp 1 ip 172.31.0.1
vrrp 1 priority 105
interface GigabitEthernet0/0/1.2
encapsulation dot1Q 2
ip address 10.10.48.12 255.255.255.224
ip nat inside
ip access-group 199 in
vrrp 1 ip 10.10.48.3
vrrp 1 priority 105
vrrp 2 priority 105
no cdp enable
ip route 0.0.0.0 0.0.0.0 10.10.48.1
ip route 0.0.0.0 0.0.0.0 172.31.1.3 2
access-list 116 permit ip 172.31.0.0 0.0.1.255 172.31.254.0 0.0.0.255
access-list 116 permit ip 172.31.0.0 0.0.1.255 192.168.252.0 0.0.0.255
access-list 116 permit ip 172.31.0.0 0.0.1.255 192.168.163.0 0.0.0.255
route-map Test permit 19
match ip address 116
continue 20
set ip next-hop 172.31.1.3
route-map Test1 permit 20
set ip next-hop 10.10.48.15
Thanks in advance.
Burton HallmanFirstly I'm not sure why you have two default routes if everything is meant go via 10.10.48.1 ?
That aside in terms of your PBR -
1) remove the continue statement. I don't know what it is meant to be doing but as far as i know it has no effect with PBR
2) more importantly your second statement is using a different route map name ie Test1 which makes it a completely different route map so the one applied to the interface only has the first statement in it which is the one for VPN traffic.
Jon -
Route to WSA based on destination
Dear
I need to purchase two Iron port box one for ADSL line and second for Leased Line
My aim Is when user open busineed site is go through Leased line and when open Un Business Site is go to ADSL
I need soultion to achive this ?
and i can predfine the Business and un business Site ?Hello,
Unfortunately the WSA cannot control which requests get sent to it, it simply listens for traffic coming to its interface on specific ports (80, 3128, 21, 443). When it comes to specific URLs being routed to one WSA or another it will require that you have a device that can inspect the traffic at Layer 4 (HTTP/HTTPS/FTP) and make a routing decision based on the URI in the HTTP header.
You could add a 3rd WSA to route the traffic using an upstream proxy configuration. You would use proxy groups and routing policies to match Custom URL categories or predefined URL categories to send to one of the two upstream proxies.
Other than adding an additional device to route the traffic, you could look into Policy based routing or using multiple WCCP services (one for each WSA) and creating an ACL to match the business sites IP addresses vs the non-business sites. This could become an issue as most websites use dynamic IP schemes.
Hope this helps.
Best Regards,
Michael Hautekeete
Customer Support Engineer
Cisco Content Security - Web Security Appliance
http://www.cisco.com/en/US/products/ps11169/serv_group_home.html
https://supportforums.cisco.com/community/netpro/security/web
https://supportforums.cisco.com/community/feeds?community=2091 -
ACE session persitence "sticky" TCP port
Hey guys,
I trying to work up some configurations on the ACE for performing session persistence "sticky" on the ACE based on source TCP port. All flows are SSL based therefor, I thought the only option was SSL-ID but I've been running into querky behavior due to clients using IE7. Evidently there are several cases where IE7 causes the SSL-ID to be regenereated causing this weird behavior.
Anybody have example configs of the layer4-payload offset, length, etc. to perform sticky based on TCP source port?
Thanks in advance.
PaulSince source port is not part of the layer 4 payload you cannot use it for sticky. IE changing ssl id is a known problem (does it every 2 minutes).
So you are left with:
terminating SSL on the ace and using cookie sticky (you can always re-encrypt on back end if security demands it)
or
source IP sticky (practical only if clients are not behind a proxy device) -
Dear Expert,
I study the ACL to filter (stop) the tcp port from below URL
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a0080100548.shtml
In the section of "Allow Only Internal Networks to Initiate a TCP Session", grateful if someone would enlighten me the usage of "established"
interface ethernet0
ip access-group 102 in
access-list 102 permit tcp any any gt 1023 established
What is different if the ACL is changed to following:
access-list 102 permit tcp any any gt 1023
rdgsDear Jennifer,
Great helpful.
Gratful if you would comment on following configuration which I digest your advice
interface serial 0/0
description 45M DS3 from HK to US
ip access-group 105 in
interface fastethernet 0/0
Description Internat VLAN 100 for xxx department
ip address 102.168.100.0 255.255.255.0
ip access-group 101 in
access-list 101 remark -- only allow Web service from internal to outside --
access-list 101 permit tcp 192.168.100.0 0.0.0.255 any http
access-list 105 remark -- allow return traffic if destination tcp port great than 1023 --
access-list 105 permit tcp any 192.168.100.0 eq http 0.0.0.255 gt 1023 established
! it should embed the partial function of "permit tcp any eq http 192.168.100.0 0.0.0.255 gt 1023" but the
! traffic should be permit only if it initiates from 192.168.100.0/24. If the traffic is initiate from outside,
! the acl 105 would deny it.
access-list 115 remark -- allow in/return traffic for tcp port great than 1023 --
access-list 115 permit tcp any eq http 192.168.100.0 0.0.0.255 gt 1023
! the traffic is permit no matter it is initiate from internal or external
access-list 125 remark -- allow return traffic for all tcp port --
access-list 125 permit tcp any eq 80 192.168.100.0 0.0.0.255 any established
! include the function of ACL 105, also support tcp port range from 1 to 1023
access-list 135 remark -- allow in/return traffic for all tcp port --
access-list 135 permit tcp any eq 80 192.168.100.0 0.0.0.255 any
! include the function of ACL 115, also support tcp port range from 1 to 1023
If so, I would like to modify the ACL to support more services, grateful if you would comment on it.
access-list 101 remark -- only allow Internet services from internal to outside --
access-list 101 permit tcp 192.168.100.0 0.0.0.255 any http
access-list 101 permit tcp 192.168.100.0 0.0.0.255 any smtp
access-list 101 permit tcp 192.168.100.0 0.0.0.255 any pop
access-list 101 permit tcp 192.168.100.0 0.0.0.255 any imap
access-list 101 permit tcp host 192.168.100.120 eq imap any estanlished
access-list 101 permit tcp 192.168.100.0 0.0.0.255 any telnet
access-list 145 remark --- return and in traffic ---
access-list 145 permit tcp any 192.168.100.0 0.0.0.255 gt 1023 established
access-list 145 permit tcp any host 192.168.100.120 imap -
How do I NAT based on destination port while source port can be ANY
Goal - I want to forward Internet bound HTTP and HTTPS traffic to a Proxy via an IPSEC Tunnel - I want to maintain my private IP as it goes accross the IPSEC Tunnel - I also want remaining Internet Traffic to route Normally by NATing to my outside address.
In 8.4 this is quite easy as I can specify a destination port and have "any" source port for the NAT
Here is a snap shot of the config:
object service Proxy_HTTP
service tcp destination eq www
object service Proxy_HTTPS
service tcp destination eq https
nat (inside,outside) source static any any service Proxy_HTTP Proxy_HTTP
nat (inside,outside) source static any any service Proxy_HTTPS Proxy_HTTPS
object network Non_Proxy
nat (any,outside) dynamic interface
PROBLEM: I need this behavior in 8.2.x - I have found no way to mimic this.
You cannot use NAT Exemption as it cannot be port based
A static policy NAT with Access list will not work as you must specify a single source port - Since there is no way to predict the source port this wont work.
I don't see any of the other NAT Types working this way.
If there is a way to make this work in 8.2 please let me know - We have many ASAs and we are not ready to make the leap to 8.4 but we need to use the proxy.Karen-
Results: Did not work. The web based shortcuts did not appear.
Below is the steps taken with your tips incorporated. (Again it's lengthy sorry about that, but anyone can recreate what was done here. Maybe someone can see something left out by doing/reviewing it).
Here is what was done:
1. Installed a fresh install of Windows 8.1 enterprise on a pc. No updates were ran.
2. During setup created the admin account.
3. Logged into the account a simple start screen was arranged and setup by:
Starting desktop Internet Explorer. Going to Technet's website. Clicked tools and then selecting "Add site to Apps" from the drop down menu. Went to Apps screen, right clicked and pinned it to start screen. Repeated this procedure with an
educational web based site.
Right clicked a few provisioned apps and unpinned them from the start screen.
Made a few groups and labeled them. Web based shortcuts were arranged with one provisioned app in that particular group.
4. Opened a Powershell, right clicked it and ran as administrator. Typed the following:
export-startlayout -path C:\Users\Public\Master.xml -as xml
(Master is the name chosen for this test .xml file and was put in a location all users would have privelages to access it).
5. Opened the command prompt and right clicked and "ran as administrator", typed in gpedit.
6. In the Local Group Policy under User Configuration, under Start Menu and Taskbar I choose the Start Screen Layout.
7. Enabled the policy and typed in: C:\Users\Public\Master.xml for the Start Layout File.
8. Opened computer management, under Local Users and Groups I chose Users, right clicked in the middle screen and created a new user called Alpha.
9. Logged out of the inital account and logged into newly created Alpha account.
10. When the Alpha account logged in the start screen came up with everything changed in the inital account but no web based shortcuts were found on the start screen or App view. -
Unknown open TCP ports on router
Anyone know how to close these open ports on my Cisco 7606 router?
Anyone know what these TCP ports are used for?
49 - Not sure what this one is other than what IANA reports about TCP port 49
4510
4509
2222
I'm sure I could add an ACL to block communications to my router based on this ports but would rather figure out how to close 'em so this already overloaded router doesn't have additional processing.
Cisco-7606# sh tcp br all
TCB Local Address Foreign Address (state)
12EFC1C0 172.16.8.3.14401 10.8.2.14.49 TIMEWAIT
1CC4F57C 172.16.8.3.26963 10.8.2.14.49 TIMEWAIT
1A419F90 0.0.0.0.4510 *.* LISTEN
1C581740 0.0.0.0.4509 *.* LISTEN
1A417BBC 0.0.0.0.2222 *.* LISTEN
12FB03A8 10.8.10.2.2222 10.8.1.42.4690 CLOSEWAIT
12FB099C 10.8.10.2.2222 10.8.1.42.2233 CLOSEWAIT
12FA7DF0 10.10.0.3.2222 10.8.1.15.4878 CLOSEWAIT
1CD47780 10.10.0.3.2222 10.8.1.15.3917 CLOSEWAIT
1CDDBCE0 10.8.10.2.2222 10.8.1.42.3964 CLOSEWAIT
Cisco-7606# sh ver | i image
System image file is "disk0:c7600rsp72043-advipservicesk9-mz.122-33.SRD3.bin"
Tks
FrankFrank
I can offer some suggestion about one of your port numbers. TCP port 49 is used for TACACS. If you are using TACACS for authentication, or authorization, or accounting then we know why port 49 is open and blocking TCP49 will prevent TACACS from working with your router.
I have no insights or suggestions about the other port numbers that you mention.
HTH
Rick -
Tracing TCP Source/Destination Addresses/Ports for ongoing connections
On Solaris 10 U4 through U7, I'm trying the following just to perform basic tracking of TCP source/destination addresses and ports, using code similar to what is available in tcpsnoop_snv and tcptop_snv.
The odd thing is that the addresses/ports appear to be zeroed out - are they being cached outside of the conn_t data structure?
#!/usr/sbin/dtrace -Cs
#pragma D option switchrate=10hz
#pragma D option bufsize=512k
#pragma D option aggsize=512k
#include <sys/file.h>
#include <inet/common.h>
#include <sys/byteorder.h>
#include <sys/socket.h>
#include <sys/socketvar.h>
/* First pass, for all TCP Read/Write actions, collect source/destination
IP + Port - after a few secs, print them all out */
fbt:ip:tcp_send_data:entry
/* Outgoing TCP */
self->connp = (conn_t *)args[0]->tcp_connp;
fbt:ip:tcp_rput_data:entry
/* Incoming TCP */
self->connp = (conn_t *)arg0;
fbt:ip:tcp_send_data:entry,
fbt:ip:tcp_rput_data:entry
/self->connp/
/* fetch ports */
#if defined(_BIG_ENDIAN)
self->lport = self->connp->u_port.tcpu_ports.tcpu_lport;
self->fport = self->connp->u_port.tcpu_ports.tcpu_fport;
#else
self->lport = BSWAP_16(self->connp->u_port.tcpu_ports.tcpu_lport);
self->fport = BSWAP_16(self->connp->u_port.tcpu_ports.tcpu_fport);
#endif
/* fetch IPv4 addresses */
this->fad12 =
(int)self->connp->connua_v6addr.connua_faddr._S6_un._S6_u8[12];
this->fad13 =
(int)self->connp->connua_v6addr.connua_faddr._S6_un._S6_u8[13];
this->fad14 =
(int)self->connp->connua_v6addr.connua_faddr._S6_un._S6_u8[14];
this->fad15 =
(int)self->connp->connua_v6addr.connua_faddr._S6_un._S6_u8[15];
this->lad12 =
(int)self->connp->connua_v6addr.connua_laddr._S6_un._S6_u8[12];
this->lad13 =
(int)self->connp->connua_v6addr.connua_laddr._S6_un._S6_u8[13];
this->lad14 =
(int)self->connp->connua_v6addr.connua_laddr._S6_un._S6_u8[14];
this->lad15 =
(int)self->connp->connua_v6addr.connua_laddr._S6_un._S6_u8[15];
/* At this point, this->{f|l}ad1{2345}->connua_v6addr.connua_{f|l}addr._S6_un.S6_u8
are empty - where is this data? */
}http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11500series/v7.50/command/reference/CmdGrpC.html#wp1139667
portmap [base-port base_number|disable|enable|number-of-ports number|vip-address-range number]
disable
Instructs the CSS to perform Network Address Translation (NAT) only on the source IP addresses and not on the source ports of UDP traffic hitting a particular source group. This option does not affect TCP flows.
For applications with high-numbered assigned ports (for example, SIP and WAP), we recommend that you preserve those port numbers by configuring destination services in source groups. Destination services cause the CSS to NAT the client source ports, but not the destination ports.
Note If you disable flows for a UDP port using the flow-state table and configure the portmap disable command in a source group, traffic for that port that matches on the source group does not successfully traverse the CSS.
The CSS maintains but ignores any base-port or number-of ports (see the options above) values configured in the source group. If you later reenable port mapping for that source group, any configured base-port or number-of ports values will take effect. The default behavior for a configured source group is to NAT both the source IP address and the source port for port numbers greater than 1023.
There is no possibility to disable it for TCP.
We need to source nat the port to guarantee that the server response comes back on the same module/CPU and the internal packet allocation algorithm is based on src and dst ports.µ
Gilles: -
Changing the TCP port on async ports in Cisco router
Hello,
My goal is to replace old terminal servers from a factory environment.
These terminal servers act as a aggregation point of terminal equipment (printers and factory automation).
Software used in this factory writes to these devices using ip-address of the terminal server and TCP-port starting at 10001, where the last number is a port number.
The problem is that in Cisco equipment, I can not find a way to change the tcp port to this 1000x. The only option would be to change the softwares TCP-port to Cisco default 200x, but this is not the solution I am looking for. This is because the switchover should be done when the machines are running, and the time window is to short to make changes in the factory software.
Is there a way to change the logical TCP-port for Cisco routers asyncronous lines (HWIC-16A) to 10001-16?
Marko TuhkunenSo i figured out that i can use the archive tar /create command:
To copy the entire flash towards TFTP:
archive tar /create tftp://X.X.X.X/flash.tar flash:
Now i will have to insert the new flash and probably format it first towards the correct file systems. Then i will have to use the next archive command:
archive tar /xtract "Here i am unsure of the syntax, i want to be copying and extracting the tar I backed up from the old flash"
After these steps are complete can i just reboot the router with the new flash card, won't there be any issues, since the startup config is on the NVRAM it will load the config properly, and i haven't seen any boot parameters but they shouldn't pose any issues since i'm not changing the flash slot.
Thanks for your assistance -
Good day everyone,
I have a question in regard to real server operation with different server farms, and VIPs
Can a Real Server be associated ( for simpliciy) with two different Server Farms that have a VIP associated with each, servicing the same TCP Port (443).
Example:
SF-A
RSRV-1: 192.168.1.10 /24
RSRV-2: 192.168.1.11 /24
VIP-A: 192.168.1.20 /24
VIP-A: https:web-A
Protocol: HTTPS
SF-B
RSRV-2: 192.168.1.11 /24
RSRV-3: 192.168.1.12 /24
VIP-B: 192.168.1.30 /24
VIP-b: https:web-B
Protocol: HTTPS
Client-A: 172.16.128.10
Client-B: 172.16.128.15
I have attached an sketch depicting the connectivity.
As always any feedback/Suggestions will be greatly apprecaited.
Cheers,
Raman AzizianRaman,
This type of config is no problem. What the server is doing is virtual web hosting. The server would have two different web services running for the same IP, but each listening for a unique host header.
From an IP point of view both connections would be destined to the rserver address on port 80, but in the http header they would have two different Host headers.
one for www.example1.com and the second for www.example2.com. If the web server is configured correct so each host name is tied to one web service it will not have any issues.
The config you attached looks ok. The way you have the sticky group is ok doing source IP. If you use cookies for the sticky group I would suggest you create two sticky groups each with a different cookie name and add the same serverfarm to both groups. The client will only send a cookie for the domain it received it from so using the same cookie in two vips could cause problems if the same client hits both vips.
Hope that helps
Regards
Jim -
MAC Floods ISP with TCP ports and is shutdown when count reaches 200
I was told by ISP provider that my MAC floods them with massive amount of TCP ports when I open a single Safari or FireFox web page. When I am NOT connected, the TCP port count is ABOUT 3 with a Windows XP using a IE connection to APPLE.com PLUS AN SSL CONNECTION. When I open the same web page ON MY MAC, the count INSTANTLY jumps to 70+ and if I connect to another page it jumps to well over 100. If I leave pages open and jump to several different sites, I soon exceed the MAX TCP port limit of 200 and everyone on our home network is pretty much shutdown. Since it is a wireless connection to the ISP, the have to limit TCP ports to 200 per antenna connection. WHY DOES MY MAC USE SO MANY TCP PORTS FOR A SINGLE BROWSER CONNECTION?
The home network uses LinkSys WRT54G router and WAP54G configured as Wireless Repeater. Windows does not have this problem. I do not have this problem anywhere else but on this wireless ISP connection. How do I remedy this problem?Here is a trap of opening a browser page:
1. sudo tcpdump –pv tcp
clayton-arndts-computer-2:~ claytonarndt$ sudo tcpdump –pv tcp
tcpdump: WARNING: en0: no IPv4 address assigned
tcpdump: illegal token: –
clayton-arndts-computer-2:~ claytonarndt$
2.
lsof -i
clayton-arndts-computer-2:~ claytonarndt$ lsof -i
COMMAND&nbs p; PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
ARDAgent 2395 claytonarndt 17u IPv4 0x29bc0f0 0t0 UDP *:net-assistant
AppleVNCS 2406 claytonarndt 4u IPv6 0x29c1d90 0t0 TCP *:vnc-server (LISTEN)
SystemUIS 2409 claytonarndt 10u IPv4 0x29bb7a8 0t0 UDP :
firefox-b 3645 claytonarndt 22u IPv4 0x49a966c 0t0 TCP 192.168.1.113:54212->a204-245-162-11.deploy.akamaitechnologies.com:http (ESTABLISHED)
firefox-b 3645 claytonarndt&nbs p; 27u IPv4 0x4a9b270 0t0 TCP 192.168.1.113:54213->a204-245-162-11.deploy.akamaitechnologies.com:http (ESTABLISHED)
firefox-b 3645 claytonarndt 28u IPv4 0x3f3e66c 0t0 TCP 192.168.1.113:54101->216.178.33.45:http (ESTABLISHED)
firefox-b 3645 claytonarndt 38u IPv4 0x3f56e64 0t0 TCP 192.168.1.113:54208->prodwebmail-mtc06.evip.aol.com:http (ESTABLISHED)
firefox-b 3645 claytonarndt 39u IPv4 0x4a36a68 0t0 TCP 192.168.1.113:54178->204.2.241.146:http (ESTABLISHED)
firefox-b 3645 claytonarndt 46u IPv4 0x3fb4e64 0t0 TCP 192.168.1.113:54211->a204-245-162-26.deploy.akamaitechnologies.com:http (ESTABLISHED)
firefox-b 3645 claytonarndt 47u IPv4 0x4a9a66c 0t0 TCP 192.168.1.113:5 4188->a204-245-162-25.deploy.akamaitechnologies.com:http (ESTABLISHED)
firefox-b 3645 claytonarndt 48u IPv4 0x3f56a68 0t0 TCP 192.168.1.113:54105->204.0.5.25:http (ESTABLISHED)
firefox-b 3645 claytonarndt 49u IPv4 0x49b7270 0t0 TCP 192.168.1.113:54135->204.0.5.9:http (ESTABLISHED)
firefox-b 3645 claytonarndt 50u IPv4 0x49b8e64 0t0 TCP 192.168.1.113:54136->204.0.5.27:http (ESTABLISHED)
firefox-b 3645 claytonarndt 51u IPv4 0x4a37270 0t0 TCP 192.168.1.113:54185->a204-245-162-33.deploy.akamaitechnologies.com:http (ESTABLISHED)
firefox-b 3645 claytonarndt 5 5u IPv4 0x49f3e64 0t0 TCP 192.168.1.113:54164->204.0.5.17:http (ESTABLISHED)
firefox-b 3645 claytonarndt 62u IPv4 0x3ec5a68 0t0 TCP 192.168.1.113:54111->204.0.5.16:http (ESTABLISHED)
firefox-b 3645 claytonarndt 64u IPv4 0x4a3666c 0t0 TCP 192.168.1.113:54179->a204-245-162-19.deploy.akamaitechnologies.com:http (ESTABLISHED)
firefox-b 3645 claytonarndt 65u IPv4 0x49d2270 0t0 TCP 192.168.1.113:54155->204.0.5.17:http (ESTABLISHED)
firefox-b 3645 claytonarndt 69u IPv4 0x49c266c 0t0 TCP 192.168.1.113:54142->204.0.5.33:http (ESTABLISHED)
firefox-b 3645 claytonarndt 71u IPv4 0x49eee64 0t0 TCP 192.168.1.113:54168->204.2.241.160:http (ESTABLISH ED)
firefox-b 3645 claytonarndt 72u IPv4 0x49c2270 0t0 TCP 192.168.1.113:54143->204.0.5.24:http (ESTABLISHED)
firefox-b 3645 claytonarndt 76u IPv4 0x4aa0a68 0t0 TCP 192.168.1.113:54215->prodwebmail-mtc06.evip.aol.com:http (ESTABLISHED)
firefox-b 3645 claytonarndt 77u IPv4 0x4a9aa68 0t0 TCP 192.168.1.113:54221->a204-245-162-17.deploy.akamaitechnologies.com:http (ESTABLISHED)
SlingPlay 3655 claytonarndt 6u IPv4 0x3f56270 0t0 TCP 192.168.1.113:53903->192.168.1.100:commplex-link (ESTABLISHED)
SlingPlay 3655 claytonarndt 7u IPv4 0x3ef6270 0t 0 TCP 192.168.1.113:53904->spas.slingmedia.com:http (CLOSED)
SlingPlay 3655 claytonarndt 10u IPv4 0x3f6666c 0t0 TCP 192.168.1.113:53905->192.168.1.100:commplex-link (ESTABLISHED)
clayton-arndts-computer-2:~ claytonarndt$
3.
lsof -i -n
clayton-arndts-computer-2:~ claytonarndt$ lsof -i -n
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
ARDAgent 2395 claytonarndt 17u IPv4 0x29bc
0f0 0t0 UDP *:net-assistant
AppleVNCS 2406 claytonarndt 4u IPv6 0x29c1d90 0t0 TCP *:vnc-server (LISTEN)
SystemUIS 2409 claytonarndt 10u IPv4 0x29bb7a8 0t0 UDP :
firefox-b 3645 claytonarndt 22u IPv4 0x49a966c 0t0 TCP 192.168.1.113:54212->204.245.162.11:http (ESTABLISHED)
firefox-b 3645 claytonarndt 27u IPv4 0x4a9b270 0t0 TCP 192.168.1.113:54213->204.245.162.11:http (ESTABLISHED)
firefox-b 3645 claytonarndt 28u IPv4 0x3f3e66c 0t0 TCP 192.168.1.113:54101->216.178.33.45:http (ESTABLISHED)
firefox-b 3645 claytonarndt 38u IPv4 0x3f56e64 0t0 TCP 192.168.1.113:54208->64.12.230.1:http (ESTABLISHED)
firefox-b 3645 claytonarndt 39u IPv4 0
x4a36a68 0t0 TCP 192.168.1.113:54178->204.2.241.146:http (ESTABLISHED)
firefox-b 3645 claytonarndt 46u IPv4 0x3fb4e64 0t0 TCP 192.168.1.113:54211->204.245.162.26:http (ESTABLISHED)
firefox-b 3645 claytonarndt 47u IPv4 0x4a9a66c 0t0 TCP 192.168.1.113:54188->204.245.162.25:http (ESTABLISHED)
firefox-b 3645 claytonarndt 48u IPv4 0x3f56a68 0t0 TCP 192.168.1.113:54105->204.0.5.25:http (ESTABLISHED)
firefox-b 3645 claytonarndt 49u IPv4 0x49b7270 0t0 TCP 192.168.1.113:54135->204.0.5.9:http (ESTABLISHED)
firefox-b 3645 claytonarndt 50u IPv4 0x49b8e64 0t0 TCP 192.168.1.113:54136->204.0.5.27:http (ESTABLISHED)
firefox-b 3645 claytonarndt
51u IPv4 0x4a37270 0t0 TCP 192.168.1.113:54185->204.245.162.33:http (ESTABLISHED)
firefox-b 3645 claytonarndt 55u IPv4 0x49f3e64 0t0 TCP 192.168.1.113:54164->204.0.5.17:http (ESTABLISHED)
firefox-b 3645 claytonarndt 62u IPv4 0x3ec5a68 0t0 TCP 192.168.1.113:54111->204.0.5.16:http (ESTABLISHED)
firefox-b 3645 claytonarndt 64u IPv4 0x4a3666c 0t0 TCP 192.168.1.113:54179->204.245.162.19:http (ESTABLISHED)
firefox-b 3645 claytonarndt 65u IPv4 0x49d2270 0t0 TCP 192.168.1.113:54155->204.0.5.17:http (ESTABLISHED)
firefox-b 3645 claytonarndt 69u IPv4 0x49c266c 0t0 TCP 192.168.1.113:54142->204.0.5.33:http (ESTABLISHED)
firefox-b 3645 claytonarndt 71u IPv4 0x49eee64 0t0 TCP 192.168.1.113:54168->204.2.241.160:http (ESTABLISHED)
fir
efox-b 3645 claytonarndt 72u IPv4 0x49c2270 0t0 TCP 192.168.1.113:54143->204.0.5.24:http (ESTABLISHED)
firefox-b 3645 claytonarndt 77u IPv4 0x4a9aa68 0t0 TCP 192.168.1.113:54221->204.245.162.17:http (ESTABLISHED)
SlingPlay 3655 claytonarndt 6u IPv4 0x3f56270 0t0 TCP 192.168.1.113:53903->192.168.1.100:commplex-link (ESTABLISHED)
SlingPlay 3655 claytonarndt 7u IPv4 0x3ef6270 0t0 TCP 192.168.1.113:53904->157.22.2.7:http (CLOSED)
SlingPlay 3655 claytonarndt 10u IPv4 0x3f6666c 0t0 TCP 192.168.1.113:53905->192.168.1.100:commplex-link (ESTABLISHED)
clayton-arndts-computer-2:~=2
0claytonarndt$
The Famous, the Infamous, the Lame - in your browser. Get the TMZ Toolbar Now!
The Famous, the Infamous, the Lame - in your browser. Get the TMZ Toolbar Now! -
How to open TCP Port on my RV220 Firewall router?
Hello,
I have a windows 8 server for a LAN. This has a Cisco RV220W Firewall which is connected to the T1 router. In order to host a 3rd party video conferencing software I need to have the TCP 1935 port open.
I tried the following -
1. Logged into my RV220W and added a rule using Manage Firewall Rules (Firewall-Access Control-Custome Services). Here I added a rule for TCP start port 1935 and Finish port 1935.
2. Then I added an inbound rule on my Windows 8 server to open TCP 1935.
However when I tested it using porttest.net, it said TCP 1935 is still closed. Can someone please let me know how can I open TCP 1935 port?
Thanks,
AbhiHello
your steps seems to be fine at first look, but somewhere in that chain there is probably something broken.
what kind of service is on that server port?
are you able to open connection from outside with telnet to Router WAN IP and port? example test from outside/internet:
telnet X.X.X.X YYYY
where X.X.X.X is WAN IP of Router and YYYY is port number.
You can confirm that port forwarding is working on both devices:
you can try to connect with computer between Router and Firewall and try that port on firewall.
if previous test works, then for testing purposes move server to subnet between Router and Firewall and perform connectivity test from internet. -
Routing based on destination IP and traffic type
Is it possible to route traffic based on the destination IP and the type of traffic?
ASA5512
Software 9.2.1
We have an ASA 5512 that is used as a VPN termination point. Our employees connect from one of our customer sites to this VPN point. The customer also hosts services on the same IP address that our employees use to access our VPN on.
What I want to do is to use a different route for certain traffic to take to get to these other services provide by our customer, for instance they offer an FTP site and I want to use a different route to get our internal users to this FTP site. Is this possible to achieve?
Any help would be greatly appreciated.
MurrayTechnically speaking the ASA doesn't do policy based routing. However, you might be able to simulate something similar to PBR by using a combination of static routes and NAT.
If you describe your Network setup, ASA, and how the alternate route is connected to your customer, we might be able to help you better.
Please remember to select a correct answer and rate helpful posts -
Saprouter config with RFC on tcp port 33xx
I have a customer who has configured saprouter to allow remote (from the Internet) connections via the SAP GUI. These connections work great. However, when they try to add entries to the route tables for TCP port 3300, 3301, and 3303 the external application they are using (a gateway connection on these ports) fails. Is there some special configuration which needs to take place to allow the RFC connections vs. the regular SAP GUI connections on ports 32xx?
Kind Regards,
Eric J.I was able to fix the problem by configuring profile parameter "gw/alternative_hostnames" to the public IP of the SAP system.
Maybe you are looking for
-
Urgent help with quick translation questions
Hello, I am somewhat new to Java. I have a translation to hand in in a few hours (French to English). Argh! I have questions on how I worded some parts of the translation (and also if I understood it right). Could you, great developers, please take a
-
Hi everyone, I have a problem with the NOT EXISTS operator in oracle. I have 3 tables. Customer(cust_id, cust_name) Truck(truck_id,driver) Shipment(shipment_id,cust_id,truck_id) truck_id and cust_id are foreign keys in shipment table. I have to List
-
Ive purchased ringtones from Itunes. They were working before I did the recent update. I cannot find them on the iPhone and they are no longer assigned - I had five. I have synced several times and does anyone know where they are or how to assign t
-
Monitor settings lost when switching user accounts.
Hi! I just recently noticed that every time i switch user accounts, my monitor settings get corrupted. There are 2 user accounts in my ibook. One account is used for work while the other one is used for home purposes. The work account has a specific
-
Is display brightness reduced in Leopard?
Hi everyone, I have a question about the display brightness in Leopard. I just upgraded my SR MBP from Tiger to Leopard, and I noticed that the display brightness has been reduced. I used to work with half maximum brightness in Tiger, but now I have