Sketchy response on WAN network port

I've got a Mac Mini Snow Leopard Server. The built in ethernet is plugged into a switch that is outside the firewall the network is something like;
IP : nn.nn.nn.23
SUBNET: 255.255.255.240
Gateway: nn.nn.nn.17
It plays well with my two other servers on the same network, nn.nn.nn.29 and nn.nn.nn.30. Ping, traceroute and portscans fine. It plays well on the internet in general with predictable responses. The problem comes in when I try to access the machine from my LAN through our NAT firewall. 192.168.1.0/24 goes out to 192.168.1.n and gets transformed to nn.nn.nn.19. I cannot get a response from the server. I know there's no fundamental routing flaw as the two other servers on the nn.nn.nn.16/28 network are very functional from the LAN through the exact same switch/router/firewall path. There seems to be something unique about the way 10.6.5 tries to respond. I wonder if the server is not responding TO the port that the connection came FROM. That would baffle the NAT tables. I'm not getting anything in the NAT firewall logs to indicate any kind of misguided response. The only other thing I can imagine is that 10.6.5 is somehow responding to nn.nn.nn.19 as a router and not as a host. Anyone seen this behavior before? I hope to work around the issue by setting up a second network on the LAN and having everything stay inside the FW but the inability to create static routes only allows me to do that with one of my 3 subnets so I'm trying to figure that out as well.
Message was edited by: neotrog

In no particular order, can you get rid of all those addresses and post with made-up names or such and with what works and what does not work.
Having to back-translate 19 to router and 23 to the host or whatever is making my head hurt.
You have an inside host, a NAT gateway box, and an outside host.
Inside host via NAT gateway to the rest of the world works, right?
Inside host via NAT gateway to outside host works, too, right?
What doesn't work is outside host via ARP or via its gateway routing via NAT gateway to inside host, right?
And are you using public or private addresses for your outside host outside your NAT gateway?
Are your outside host and your NAT gateway in the same subnet? (Your outside host would have to send to the NAT address, and get port-forwarded. (Possibly via the IP gateway used by the outside host, depending on how smart your NAT gateway box is.)
And FWIW, there is no particular difference between a router and a non-routing host as far as the packets are concerned; it's all IP addresses to them.

Similar Messages

  • Can Appletalk be active on two network ports for printing?

    Here's the core of my question: Can I keep Appletalk active on my Airport network port (in order to print to a wireless print server on an HP Laserjet 2100M) and simultaneously keep it active on my Ethernet port (in order to print to a Brother HL 2700CN networked through my router)?
    Nothing I have read gives me to believe I can have Appletalk active on more than one network port. If that is the case, my second question would be:
    I there some other way to print to either printer on the network without having to turn off Appletalk manually on the ports not being used?
    Here's the configuration I'm facing
    G4 Quicksilver 10.3.9
    HP Laserjet 2100M with wireless Belkin DP-311P print server
    Brother HL-2700CN wired to Belkin Wireless-G router
    I would appreciate any help on this, even if it's the simple response, "No, you can't print to both without manually de/activating Appletalk."

    for file sharing between computers running 10.4.x and 10.3.x.
    actually, not for that either. 10.4 has dropped support for AppleTalk-only File Sharing to make way for Intel Macs and their protocols. 10.4 does still support AppleTalk printing.
    AppleTalk would be required to print to older Apple LaserWriters that do not support LPD/LPR printing. In all but two cases, the printers have no Ethernet port, so a Bridge device or software would be required:
    Personal LaserWriter NTR
    Personal LaserWriter 320
    LaserWriter Select 310
    LaserWriter Select 360
    LaserWriter 4/600 PS
    LaserWriter IIf
    LaserWriter IIg (Ethernet)
    LaserWriter Pro 600
    LaserWriter Pro 630 (Ethernet)
    Some third-party wireless Access points do not pass AppleTalk packets at all, and cannot be used to print to that class of older LaserWriters.
    In 10.3.9 and previous, AppleTalk may still be used for File Sharing with older Macs.
    Q840AV,5500,G3 AIO,G3 B&W,G4/867   Other OS   and 9.2, 10.3 and Server - LW IIg, LW 4/600, ATalk ImageWriter LQ

  • Can you split the wired network ports through a sub router in the time caps

    I have recently switched my office from PC to Macs, (MacBookPro and IMac, with a Time Capsule (1Tb).
    I have the three wired network ports allocated to some newtwork based equipment and was wondering if I can put an network splitter in (such as a multiport D-link) to create another two wired ports?
    Thanks for any response!

    Hello JeremyHeighton. Welcome to the Apple Discussions!
    Yes, you can add an Ethernet switch to any of the Time Capsule's LAN ports to increase the number of available LAN ports for additional wired clients.

  • HH3::Enable ping response on WAN interface- there ...

    HH3::Enable ping response on WAN interface- there must be an easier way!!
    only way I've managed to get this working is to connect an old Buffalo Airstation via Ethernet, enable Ping response on its WAN interface and then assign the Buffalos WAN IP to the DMZ in the HH3
    DISCLAIMER: although I work in the industry I do not work for BT and any opinions given are purely my own.

    Apple's website is acting up.
    Open AirPort Utility on your Mac
    Click on the Time Capsule icon, then click Edit
    Click the Base Station tab at the top of the window
    Enter a check mark in the box next to Allow Setup over WAN
    Click Update
    If you do not see this option, the Time Capsule is not acting as the router for the network....another device is performing routing duties.

  • LaserJet Pro 400 MFP not working on the network port that works HELP !!!

    I have a new LaserJet Pro 400 MFP (M425dn)    USB works fine.  When I remove the USB and plug it into the network Port no network can be found - It doesn't pick up any activity.  So I test the network with my laptop ( connectivity is confirmed ). The network port is working properly- I plug in the LaserJet Pro 400 MFP (M425dn) and restart it -  no network activity. I tried several ports in the front office and the printer can't connect to the network.  BUT HERES THE FUNNY THING .  If I take the printer to the back room where the router/switch is  and plug it directly into the switch
    ( the same port as the front port )   it works !!!!!     so why doesn't the printer work at the front office network port,  where all the other devices work just fine using the same port ?  But it will work, at the  router/switch  using the same port  lol    this is drving me crazy  
     any help ? ? ?

    I am sorry, but to get your issue more exposure I would suggest posting it in the commercial forums since this is a commercial printer. You can do this at http://h30499.www3.hp.com/hpeb/
    I hope this helps.
    Please click “Accept as Solution ” if you feel my post solved your issue, it will help others find the solution.
    Click the “Kudos Thumbs Up" on the right to say “Thanks” for helping!
    Gemini02
    I work on behalf of HP

  • Getting this message when trying to access our cameras, how to fix? This address is restricted This address uses a network port which is normally...

    Just installed Firefox for my boss, and ran into something I've not seen before. When trying to access our private camera system, that uses specific ports, I got this message: "This address is restricted - This address uses a network port which is normally used for purposes other than Web browsing. Firefox has canceled the request for your protection."
    Cannot find a setting in Firefox to correct this problem. Please help.

    Hello,
    Can you please check if either of these links help in the resolution of the issue
    # [http://kb.mozillazine.org/Network.security.ports.banned.override Firefox ports override]
    #[http://blog.christoffer.me/post/2012-02-20-how-to-remove-firefoxs-this-address-is-restricted/ Remove Firefox this address is restricted error]
    Thank you

  • Sun Cluster with Netapps - iSCSI quorum and network port

    I am proposing Sun cluster with Netapps 3020C.
    May I know
    1) OS is Solaris 9. The SUN OSP says that we need to obtain an iSCSI license from Netapps. Is this the iSCSI initiator software for Solaris 9 to talk to the NAS quorum? Or do I need to purchased a 3rd party iSCSI initiator ?
    2) We provide 2 network ports for the Netapps private NAS LAN. Is it a must to cater another dedicated network port for the iSCSI communication with the quorum?
    3) If we need purchase a 3rd party iSCSI initiator, where can we get this? I have checked Qlogic and Cisco, they are both not suitable for my solution.
    Appreciate your help

    Hi,
    1) OS is Solaris 9. The SUN OSP says that we need to
    obtain an iSCSI license from Netapps. Is this the
    iSCSI initiator software for Solaris 9 to talk to the
    NAS quorum? Or do I need to purchased a 3rd party
    iSCSI initiator ?Have a look at http://docs.sun.com/app/docs/doc/817-7957/6mn8834r2?a=view
    I read the "Requirements When Configuring NAS Devices as Quorum Devices"
    section as this is the license for the iSCSI inititator software.
    So you need to enable iSCSI on the netapps box and need to install a package from netapps (NTAPclnas) on the cluster nodes.
    2) We provide 2 network ports for the Netapps
    private NAS LAN. Is it a must to cater another
    dedicated network port for the iSCSI communication
    with the quorum?Have a look at http://docs.sun.com/app/docs/doc/819-0580/6n30eahcc?a=view#ch4_quorum-9
    I don't read such a requirement there.
    3) If we need purchase a 3rd party iSCSI initiator,
    where can we get this? I have checked Qlogic and
    Cisco, they are both not suitable for my solution.
    Appreciate your helpI don't thibk you need such a 3rd party iSCSI initiator, unless this is stated in the above docs.
    Greets
    Thorsten

  • Please help...Always detect new network port and......

    Hi, can anyone help me...everytime i start up my imac, i need to open up system preferences "network" and it always show : "A new network port has been detected:
    Built-in Ethernet 1
    Please verify that it is configured correctly, then press Apply Now to activate it.
    And then i will have to click appply now on this "built in ethernet1" so that i can access to internet. After that even i can go internet already, when i open up system preferences "network", the same message(as above) appears.

    Have you run any maintenance routines to check for software issues?
    Have you changed your network hardware,i.e. DSL interface or router recently?

  • Hp compaq d610 d40 laptop network port doesn't wake up

    I have tried looking for a fix for this and can't find one so if there is one and i've missed, it my apologies but basically...
    I have a hp compaq d610 model d40 and with the basic windows xp installation and the default drivers (hp) on, when the system goes into stand and then is brought out of the standby mode everything wakes up except for the network port and the only way to get this to wake up is to go into device manage and scan for hardware changes or reboot.
    I have tried different drivers, bios changes (not update) with no luck but strangelly enough the other 3 makes and models of the same laptop work fine.
    Now, before I look into bios updates has anybody come across this?
    Cheers

    You might consider sending it in for repairs
    http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=260674058980
    Symptoms may include the following:
    Weird colored screen (grey, green, red etc..
    Scrambled or pixelated screen
    Divided split screen (2 screens up to 12 split screens)
    Screen black however backlit
    Screen black with no backlight however blue lights come on the quickplay panel
    Turns on then shuts off immediatly
    Turns on and beeps 3 times (1 long and 2 short)
    Turns on, black screen and keeps restarting by itself
    White or grey screen sometimes with horizontal lines
    Press power button and nothing happens what so ever (seems dead) (mostly on DV2000 models)
    Intel models boot to backlight but no screen
    Cant load Nvidia driver, can only run in VGA mode
    Screen works but no WiFi (does not show up in device manager)

  • Dual Wan and port routing

    Hi,
    I am setting up a configuration with SA520W and 2 Wan, in load balancing. But I face a problem that I could not understand.
    Traffic is HTTP, SIP and 2 servers.
    Servers are for a VPN tunnel and a mail server with ActiveSync
    Both services absolutely need port 443 on the external IP, and that's one of the dual wan reason.
    The 2 wan are running, load balancing mode is enable and NAt routing in firewall tab as follow :
    443  Enabled     WAN     LAN     ALU_OpenVPN     ALLOW always     Any         192.168.0.150     WAN1     Always    
    443   Enabled     WAN     LAN     ActiveSync     ALLOW always     Any         192.168.0.254     WAN2     Always 
    If load balanced
    Port 443 is NOT routed from wan1 to 192.168.0.150
    Port 443 is routed from wan2 to 192.168.0.254
    If only WAN 1
    Port 443 is routed  from wan1 to 192.168.0.150
    If only WAN 2
    Port 443 is routed  from wan2 to 192.168.0.254
    In fact I did other testing and no port routing with WAN1 when load balancing is enable, even on port that is not used at all on Wan2.
    With a FTP filezilla server, it's OK if on wan2, and it stop before logging if on a wan1 (on laod balancing, ok on both case if only one wan)
    Firmware : latest 2.1.18
    Any Clue ??

    Hello,
    I confirm, there is a strange behaviour.
    Simple test :
    Dual Wan configured.
    A FTP server on the LAN (192.168.0.254) port 21
    Firewall , ipv4 config :
    WAN   to   LAN     FTP     ALLOW always     Any         192.168.0.254     WAN1
    WAN   to   LAN     FTP     ALLOW always     Any         192.168.0.254     WAN2
    Then some testing using a FTP client outside the LAN, connection from Internet.
    Then, changing ONLY the Wan Mode :
    1/ Use only single WAN port : Dedicated WAN
    ==> FTP connect through WAN1
    2/ Use only single WAN port : Optional WAN
    ==>FTP connect through WAN2
    3/ Load Balancing
    ==>FTP connect through WAN1
    ==>FTP DO NOT connect through WAN1
    Is that a bug or do I have some strange stuff somewhere ?
    I will pick up another SA520W from stock, brand new, update the firmware, configure the 2 WAN (invering the 2 provider just in case) and do the same test.

  • How can I change network port configuration default setting?

    Hello,
    I am having trouble connecting to the internet. When I try to connect, it dials, rings, and then has a long tone, then disconnects. Preferences>Network>Assist Me>Diagnostics>Location>Network Port has Built in Ethernet chosen. I unchoose it, choose Internal Modem. It goes on to try to connect, than asks me if I have DSL or Cable (I don't) I choose no, asks me if there is anything else to restart, no, I choose. It then says to check configuration. I go back till the location page then continue, continue, then it connects. It won't stay selected to Internal Modem. I have checked its box and dragged it to the top (and unchecked and dragged Ethernet to the bottom). This happens 90% of the time but not always. I can connect to the internet, but have to go through this. I don't have Built in Ethernet.
    Thanks,
    Maria

    Open Network preferences. Select Internal Modem from the list and click on the Configure button. Click on the PPP tab. Fill in the required information for your dial up ISP including your username and password (for your dial up account.) Check the box to save your password. Click on the Apply button. Click on the TCP/IP tab and select DHCP from the Configure IPv4 drop down menu, click on the Apply button. Click on the Modem tab and select the modem from the drop down menu that corresponds to the one you are using or have installed internally in your computer. Click on the Apply button. Quit Network preferences. This should have you all set. Use Internet Connect to initiate the dial up.
    Why reward points?(Quoted from Discussions Terms of Use.)
    The reward system helps to increase community participation. When a community member gives you (or another member) a reward for providing helpful advice or a solution to their question, your accumulated points will increase your status level within the community.
    Members may reward you with 5 points if they deem that your reply is helpful and 10 points if you post a solution to their issue. Likewise, when you mark a reply as Helpful or Solved in your own created topic, you will be awarding the respondent with the same point values.

  • Which network port do you use on Neo2 Plat ?

    Do you guys use the nvidia network port or the realtek gigabit network port?...which is better

    I also read that the NV port had less overhead somehow, and might be preferred if you only needed one connection.  Unfortunately, mine was plagued with short delays when browsing and frequent disconnects while gaming or downloading.  BIOS and driver updates did not help.  I also tried the manual override on speed/duplex and other settings with no improvement.  So, I use the Realtek with no problems whatsoever.  I disabled the Nvidia LAN in BIOS, along with all my other unwanted onboard systems.

  • I have 2 IMacs and MacBook Pro- can not work on FCP simultaneously when my network ports are on (open). How do I go about changing this?

    Hi!
    I have 2 IMacs and MacBook Pro and can not work simultaneously on FCP on all workstations when the network port is open. Can anyone help me on this?

    Did you purchase Final Cut Pro from the Mac app store? Or install it from disk? If from disk, you may have installed it on all machines using the same serial number, and using all of them simultaneously violates the license agreement. If you purchase from the App store the licensing is different and that may not apply.

  • Network ports hardening between lync clients in different pool

    Dear All,
    We have two different lync pools, Pool A and pool B, both pool users are with enterprise voice and all the external PSTN are connected with POOL A to PSTN.  we have two vlans for user and phones at both pools
    Our security team want to harden the network port between both pools.  please help to get the ports need to be opened between user and phone vlans in between the pool A and Pool B

    Hi sarmakumar,
    There’s a nice tool “Lync Firewall Rules Viewer”, it can help you to determine which ports and protocols are required to let traffic through the firewall.
    For more details,
    http://blogs.technet.com/b/nexthop/archive/2012/07/03/lync-firewall-rules-viewer.aspx
    Best regards,
    Eric
    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]

  • HP management pack - network ports

    Hi all,
    sorry for my englisch . I have server with 4 network ports , but only 2 is connected . The scom alert me to 2 port is not connected. Can I overrite this behavior and control only 2 connected ports ?
    thanx
    Falcon

    You can override it by override rule of monitor of object.
    To configure override rule, refer to below link
    http://technet.microsoft.com/en-us/library/hh212869.aspx
    Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer".

Maybe you are looking for

  • 4.0.3 Version 5a (DON'T DO IT!)

    22 Dec 12 UPDATE: Sony Tier-2 sent me a link to download a flash file. I'm going to be trying that out today. one other issue popping up is apps dissapear from the screens. Seems to happen ramdomly. 23 Dec 12 Wish they would have just sent me the ima

  • How long do I have to view a movie I rent from iTunes?

    How long do I have to view a movie I rent from iTunes?

  • Cascade Filter for Hierarchy dimension

    Hi experts, I try to develop a design Studio Dashboard with BW DS. I would like to create a cascade filter for the same dimension but in different levels from hierarchy. First filter would have upper level node of the dimension that will filter same

  • [svn] 3438: Forgot to change a private variable to protected in my previous check-in.

    Revision: 3438 Author: [email protected] Date: 2008-10-01 08:27:31 -0700 (Wed, 01 Oct 2008) Log Message: Forgot to change a private variable to protected in my previous check-in. Modified Paths: blazeds/trunk/modules/core/src/flex/messaging/services/

  • SUNONE 7 Platform Crash under load

    SunOne is crashing every 14 hours with a message: [07/Apr/2003:01:11:18] FATAL ( 5205): CORE3260: Server crash detected (signal SIGSEGV) [07/Apr/2003:01:11:18] INFO ( 5205): CORE3261: Crash occurred in NSAPI SAF error-j2ee [07/Apr/2003:01:11:18] INFO