f



To Port Forward or Not To Port Forward - That is the question

System: DP MDD G4, OS 10.4.9

Inet connection: DSL with static i.p.,Broadcom Gateway to Linksys
WRT54G Wireless Router using DHCP, 1 computer connected via enet, 3
connected wirelessly, basic home use only

Wireless security is very basic: Unique router name and pw, SSID
disabled, and connections allowed by MAC addresses only, Linksys
firewall is enabled with all the other features set to their defaults,
Mac OS firewall is disabled

I recently purchased a Logitec QuickCam Pro 5000 webcam that works just
fine with iChat right out of the box. Learning how to use it I found
some Apple docs and other docs that discuss the various ports that
Apple uses when communicating to the inet whether by text, audio,
video, etc. The Port Forwarding setup window in the Linksys is blank so
I assume it uses whatever port is available for whatever it needs to
do. Is there any distinct advantage (speed-wise or security-wise) to
using the specific port ranges suggested or should I just leave well
enough alone because it all works just fine with no problems? Thanks.

-- 
Deja Moo: I've seen this bullshit before.

My address has been anti-spammed.
Please reply to: scasse@invalid.net replacing invalid with sonic.
0
otto (208)
6/28/2007 4:45:27 AM
comp.sys.mac.comm 3057 articles. 0 followers. Post Follow

6 Replies
652 Views

Similar Articles

[PageSpeed] 26

In article <270620072145270481%otto@bogus.address.invalid>,
 Otto Pylot <otto@bogus.address.invalid> wrote:

> System: DP MDD G4, OS 10.4.9
> 
> Inet connection: DSL with static i.p.,Broadcom Gateway to Linksys
> WRT54G Wireless Router using DHCP, 1 computer connected via enet, 3
> connected wirelessly, basic home use only
> 
> Wireless security is very basic: Unique router name and pw, SSID
> disabled, and connections allowed by MAC addresses only, Linksys
> firewall is enabled with all the other features set to their defaults,
> Mac OS firewall is disabled
> 
> I recently purchased a Logitec QuickCam Pro 5000 webcam that works just
> fine with iChat right out of the box. Learning how to use it I found
> some Apple docs and other docs that discuss the various ports that
> Apple uses when communicating to the inet whether by text, audio,
> video, etc. The Port Forwarding setup window in the Linksys is blank so
> I assume it uses whatever port is available for whatever it needs to
> do. Is there any distinct advantage (speed-wise or security-wise) to
> using the specific port ranges suggested or should I just leave well
> enough alone because it all works just fine with no problems? Thanks.

Router port forwarding is intended for incoming connection requests.  
Many services (.e.g IM) initiate connection by contacting an external 
server, and so are initially outbound.  Do you intend to have internet 
clients initiate connections directly to your computer?  If not, you 
won't need to forward any ports.

-- 
Tom Stiller

PGP fingerprint =  5108 DDB2 9761 EDE5 E7E3 
                   7BDA 71ED 6496 99C0 C7CF
0
tomstiller (3053)
6/28/2007 11:24:09 AM
In article <270620072145270481%otto@bogus.address.invalid>,
 Otto Pylot <otto@bogus.address.invalid> wrote:

> Wireless security is very basic: Unique router name and pw, SSID
> disabled, and connections allowed by MAC addresses only, Linksys
> firewall is enabled with all the other features set to their defaults,
> Mac OS firewall is disabled

Disabling the SSID and using MAC address filtering will *not* stop even 
the most casual hacker from getting right into your router.  If you're 
not using WPA security, your router is not secured in any meaningful way.

> Is there any distinct advantage (speed-wise or security-wise) to
> using the specific port ranges suggested or should I just leave well
> enough alone because it all works just fine with no problems? Thanks.

The short answer: If everything you use is working properly, leave it 
alone.  It's fine!



The long answer:

Your internet connection from your cable or DSL company likely gives you 
a single IP address that the world can connect to when you're online.  
When you're using a router to handle your internet connection, you're 
creating a network-within-a-network.  That "local" network has a 
completely separate set of IP addresses that will only work between 
machines connected directly to that router.  (That's slightly 
simplified, but basically correct.)

Say, for example, you have a web server (which uses port 80) running on 
one of your computers.  If a connection comes in from the outside world 
to port 80, it's going to hit your router and be ignored, because the 
router doesn't know *which* computer can handle that connection.  
Setting up port forwarding is how you provide the router with the 
information about which computers (in your local network) handle 
requests from the outside world.

Most people won't need to touch the port-forwarding settings, because 
most services (such as you sending or checking e-mail, or opening a web 
page) are initiated as *outbound* connections from your computer.  Those 
are processed automatically, no forwarding needed.  In most cases, port 
forwarding is only necessary if you're setting up a server of some sort, 
be it a web server, a file server, and so forth.


Hope that helps!
0
garner (593)
6/28/2007 7:32:46 PM
In article <270620072145270481%otto@bogus.address.invalid>,
 Otto Pylot <otto@bogus.address.invalid> wrote:

> System: DP MDD G4, OS 10.4.9
> 
> Inet connection: DSL with static i.p.,Broadcom Gateway to Linksys
> WRT54G Wireless Router using DHCP, 1 computer connected via enet, 3
> connected wirelessly, basic home use only
> 
> Wireless security is very basic: Unique router name and pw, SSID
> disabled, and connections allowed by MAC addresses only, Linksys
> firewall is enabled with all the other features set to their defaults,
> Mac OS firewall is disabled
> 
> I recently purchased a Logitec QuickCam Pro 5000 webcam that works just
> fine with iChat right out of the box. Learning how to use it I found
> some Apple docs and other docs that discuss the various ports that
> Apple uses when communicating to the inet whether by text, audio,
> video, etc. The Port Forwarding setup window in the Linksys is blank so
> I assume it uses whatever port is available for whatever it needs to
> do. Is there any distinct advantage (speed-wise or security-wise) to
> using the specific port ranges suggested or should I just leave well
> enough alone because it all works just fine with no problems? Thanks.

It ain't broke, don't fix it.
0
6/28/2007 11:54:51 PM
In article <tomstiller-378EEB.07240928062007@comcast.dca.giganews.com>,
Tom Stiller <tomstiller@comcast.net> wrote:

> In article <270620072145270481%otto@bogus.address.invalid>,
>  Otto Pylot <otto@bogus.address.invalid> wrote:
> 
> > System: DP MDD G4, OS 10.4.9
> > 
> > Inet connection: DSL with static i.p.,Broadcom Gateway to Linksys
> > WRT54G Wireless Router using DHCP, 1 computer connected via enet, 3
> > connected wirelessly, basic home use only
> > 
> > Wireless security is very basic: Unique router name and pw, SSID
> > disabled, and connections allowed by MAC addresses only, Linksys
> > firewall is enabled with all the other features set to their defaults,
> > Mac OS firewall is disabled
> > 
> > I recently purchased a Logitec QuickCam Pro 5000 webcam that works just
> > fine with iChat right out of the box. Learning how to use it I found
> > some Apple docs and other docs that discuss the various ports that
> > Apple uses when communicating to the inet whether by text, audio,
> > video, etc. The Port Forwarding setup window in the Linksys is blank so
> > I assume it uses whatever port is available for whatever it needs to
> > do. Is there any distinct advantage (speed-wise or security-wise) to
> > using the specific port ranges suggested or should I just leave well
> > enough alone because it all works just fine with no problems? Thanks.
> 
> Router port forwarding is intended for incoming connection requests.  
> Many services (.e.g IM) initiate connection by contacting an external 
> server, and so are initially outbound.  Do you intend to have internet 
> clients initiate connections directly to your computer?  If not, you 
> won't need to forward any ports.

No. Just garden variety home use. Guess I'll leave well enough alone.
thanks

-- 
Deja Moo: I've seen this bullshit before.

My address has been anti-spammed.
Please reply to: scasse@invalid.net replacing invalid with sonic.
0
otto (208)
6/29/2007 12:41:03 AM
In article
<garner-6A9FE0.15323828062007@spr2-walt2-6-0-cust63.asfd.broadband.ntl.c
om>, Garner Miller <garner@netstreet.net> wrote:

> In article <270620072145270481%otto@bogus.address.invalid>,
>  Otto Pylot <otto@bogus.address.invalid> wrote:
> 
> > Wireless security is very basic: Unique router name and pw, SSID
> > disabled, and connections allowed by MAC addresses only, Linksys
> > firewall is enabled with all the other features set to their defaults,
> > Mac OS firewall is disabled
> 
> Disabling the SSID and using MAC address filtering will *not* stop even 
> the most casual hacker from getting right into your router.  If you're 
> not using WPA security, your router is not secured in any meaningful way.
> 
>Yeah I realize that. I guess I figure I'm relatively safe here in my
own home. However, I can see my neighbors routers on either side of my
house so I really should rethink my "security". Thanks.
> 
> 
> The long answer:
> 
> Your internet connection from your cable or DSL company likely gives you 
> a single IP address that the world can connect to when you're online.  
> When you're using a router to handle your internet connection, you're 
> creating a network-within-a-network.  That "local" network has a 
> completely separate set of IP addresses that will only work between 
> machines connected directly to that router.  (That's slightly 
> simplified, but basically correct.)
> 
> Say, for example, you have a web server (which uses port 80) running on 
> one of your computers.  If a connection comes in from the outside world 
> to port 80, it's going to hit your router and be ignored, because the 
> router doesn't know *which* computer can handle that connection.  
> Setting up port forwarding is how you provide the router with the 
> information about which computers (in your local network) handle 
> requests from the outside world.
> 
> Most people won't need to touch the port-forwarding settings, because 
> most services (such as you sending or checking e-mail, or opening a web 
> page) are initiated as *outbound* connections from your computer.  Those 
> are processed automatically, no forwarding needed.  In most cases, port 
> forwarding is only necessary if you're setting up a server of some sort, 
> be it a web server, a file server, and so forth.
> 
> 
> Hope that helps!

-- 
Deja Moo: I've seen this bullshit before.

My address has been anti-spammed.
Please reply to: scasse@invalid.net replacing invalid with sonic.
0
otto (208)
6/29/2007 12:43:33 AM
In article <nospam.News.Bob-654F29.19531628062007@news.verizon.net>,
Bob Harris <nospam.News.Bob@remove.Smith-Harris.us> wrote:

> In article <270620072145270481%otto@bogus.address.invalid>,
>  Otto Pylot <otto@bogus.address.invalid> wrote:
> 
> > System: DP MDD G4, OS 10.4.9
> > 
> > Inet connection: DSL with static i.p.,Broadcom Gateway to Linksys
> > WRT54G Wireless Router using DHCP, 1 computer connected via enet, 3
> > connected wirelessly, basic home use only
> > 
> > Wireless security is very basic: Unique router name and pw, SSID
> > disabled, and connections allowed by MAC addresses only, Linksys
> > firewall is enabled with all the other features set to their defaults,
> > Mac OS firewall is disabled
> > 
> > I recently purchased a Logitec QuickCam Pro 5000 webcam that works just
> > fine with iChat right out of the box. Learning how to use it I found
> > some Apple docs and other docs that discuss the various ports that
> > Apple uses when communicating to the inet whether by text, audio,
> > video, etc. The Port Forwarding setup window in the Linksys is blank so
> > I assume it uses whatever port is available for whatever it needs to
> > do. Is there any distinct advantage (speed-wise or security-wise) to
> > using the specific port ranges suggested or should I just leave well
> > enough alone because it all works just fine with no problems? Thanks.
> 
> It ain't broke, don't fix it.
 

Agreed.

-- 
Deja Moo: I've seen this bullshit before.

My address has been anti-spammed.
Please reply to: scasse@invalid.net replacing invalid with sonic.
0
otto (208)
6/29/2007 12:43:53 AM
Reply:

Similar Artilces:

Port Forwarding: Device:Port = Router:Port?
- Webcam's IP addr = 10.0.0.140, and it's set up to use port 8000 - Router's IP addr = 1.0.0.1, and it's port forwarding is set up to forward port 8000 to 10.0.140. - I can view the camera using 10.0.0.140:8000, no problem. The Question: Should I be able to view the camera using 10.0.0.1:8000? -- PeteCresswell On Wed, 31 Aug 2011 08:13:01 -0400, "(PeteCresswell)" <x@y.Invalid> wrote: > - Webcam's IP addr = 10.0.0.140, and it's set up to > use port 8000 > > - Router's IP addr = 1.0.0.1, and...

What is the difference between local port forwarding (-L) and remote port forwarding (-R)
Hi! I need to do an SSH tunnel to encrypt the data sent between an agent and a the server. I'm able to establish a tunnel but there's something that I can't understand... What is the difference between the bit -L and the bit -R. I've read the man of SSH on Fedora. It's seems to be simple but in practice, I don't understand. Can somebody help me on this subject? Thanks a lot! Yann > What is the difference between the bit -L and the bit -R. -L forwards a port from the client to the server. -R forwards a port from the server to the client. -- To reply by email, replace "deadspam.com" by "alumni.utexas.net" In article <d73d6e32.0404262310.5dd662ed@posting.google.com>, Yann Laviolette <yann_laviolette@gnome.org> wrote: >What is the difference between the bit -L and the bit -R. I've read >the man of SSH on Fedora. It's seems to be simple but in practice, I >don't understand. Example: "ssh -L 2000:1.2.3.4:2000 server" is a "local" forward and will listen on the client (ie the machine you ssh'ed from) on port 2000. If something connects to the client on port 2000, a "channel" will be opened inside the SSH connection and the server will connect to 1.2.3.4 on port 2000. Any data sent or received will be forwarded over this channel. In contrast, "ssh -R 2000:1.2.3.4:2000 server" is a "remote" forward, which will cause the *server* to listen o...

port forwarding for multiple ports
Hello, Is there any way to do a port forwarding (ssh -L localport:remotehost:remoteport) for a range of ports? If do not, can I do a port forwarding dinamically? (is there any application that do something like this?) Thanks, RFT. rodrigofteixeira@yahoo.com.br (RFT) writes: >Is there any way to do a port forwarding (ssh -L >localport:remotehost:remoteport) for a range of ports? Not readily that I'm aware. >If do not, can I do a port forwarding dinamically? (is there any >application that do something like this?) There's the -D command (which supports SOCKS right now). I've also hacked at the source to do more interesting things. It's certainly possible to do what you want with an unmodified SSH server. The trick is convincing a client to do it. I've been playing with Twisted.Conch to do this. --kyler In article <610789b8.0404261242.35824a3b@posting.google.com>, RFT <rodrigofteixeira@yahoo.com.br> wrote: >Is there any way to do a port forwarding (ssh -L >localport:remotehost:remoteport) for a range of ports? Use lots of "-L" command line options :-? >If do not, can I do a port forwarding dinamically? (is there any >application that do something like this?) It depends on what you mean by "dynamically". Some implementations (eg, PuTTY, OpenSSH, possibly others) have a "dynamic forward" option which implements a SOCKS server in the SSH client, so if you application understands...

Ports....Ports....Ports...
I have a linksys WRT54G wireless access point and I have't been able to get voice communications using Windows Messenger or Buddy Talk. With a direct PPOE connection to my isp they voice items worked fine. What ports need to be forwarded to allow for voice? Thanx, Grumpy On Fri, 08 Aug 2003 15:05:30 GMT, William Harper spoketh >I have a linksys WRT54G wireless access point and I have't been able to get >voice communications using Windows Messenger or Buddy Talk. With a direct >PPOE connection to my isp they voice items worked fine. What ports need to >be forwarded to allow for voice? > >Thanx, > >Grumpy > http://messenger.msn.com/Help/#LQ10 Lars M. Hansen http://www.hansenonline.net (replace 'badnews' with 'news' in e-mail address) "You're an angel with your wings broken" ...

port forwarding/ opening port
hi i'm having P4 2.4 256MB RAM with Win XP SP-2 Pro installed. i'm using 256 kbps connection using adsl2+ router SmartAX MT882 ADSL Router from Huawei, china its having NAT & built in firewall.,,, i'm also using Win XP Firewall to protect my pc.. i want to know how to use port forwarding & how to open port on router so that i can establish connection, also i didn't understand the UDP & TCP, what is it all about? i want to open port for radmin connection... also, how to know that how much secure my pc is from internet... any resource... i have referred to router manual but i didn't find the information.. Thank you in advance krunal jariwala jariwalakrunal@gmail.com wrote in news:1130958191.680401.263360 @g49g2000cwa.googlegroups.com: > hi > i'm having P4 2.4 256MB RAM with Win XP SP-2 Pro installed. > i'm using 256 kbps connection using adsl2+ router SmartAX MT882 ADSL > Router from Huawei, china > > its having NAT & built in firewall.,,, i'm also using Win XP Firewall > to protect my pc.. > > i want to know how to use port forwarding & how to open port on router > so that i can establish connection, also i didn't understand the UDP & > TCP, what is it all about? > i want to open port for radmin connection... > > also, how to know that how much secure my pc is from internet... any > resource... > > i have referred to router manual but i didn't find the...

Port forwarding question
Greetings to all, Here is the issue that I do not know how to resolve. There is a Debian based internet gateway with iptables firewall. There are 3 servers currently running, all 3 with up and running web servers (apache, apache2 and IIS). How can I direct traffic from the Internet to the web server that is not on gateway, but in the local network? In addition, how can enable users from the internet to use *all* 3 web servers at their discretion (for example, when user writes www.mydomain.net/server1 - IIS on local IP x.x.x.y server pops out, www.mydomain.net/server2 -apache2 server on local IP x.x.x.z pops out, etc...)? I hope I was clear enough. :) TIA! -- Everything will be okay in the end. If it's not okay it's not the end! Bubba a �crit : > There are 3 servers currently running, all 3 with up and running web > servers (apache, apache2 and IIS). How can I direct traffic from the > Internet to the web server that is not on gateway, but in the local > network? In addition, how can enable users from the internet to use > *all* 3 web servers at their discretion (for example, when user writes > www.mydomain.net/server1 - IIS on local IP x.x.x.y server pops out, > www.mydomain.net/server2 -apache2 server on local IP x.x.x.z pops out, > etc...)? If you want to do it based on the URL, then you need to use Apache on the gateway with mod_rewrite. Something like this : RewriteEngine on RewriteRule /server1/(.*) http://10.1.2.3/$1 [proxy,qsa...

Port forwarding question
Are there any tools out there that will do the following? In a nutshell, I would like one process that would listen on two ports on one machine, and one that would initiate a connection on two ports on another machine, allowing a server application to be on machine that initiates a connection to the client machine. I know this is not very clear, so hear is an example: On a webserver, I would run this tool to initiate a connection to port 80 on localhost, and initate another connection to port 777 on a client machine. On the client machine, I would run the tool to listen to port 777, as well as port 80. Then, when I navigate to http://locahost on the client machine, I get a page from the webserver, but the WEBSERVER MACHINE is the one who initiated the TCP/IP connection. I don't think this tool would be that difficult to make, but I figure something like this is already out there? Thanks Dave Spam Tester wrote: > Are there any tools out there that will do the following? In a nutshell, I > would like one process that would listen on two ports on one machine, and > one that would initiate a connection on two ports on another machine, > allowing a server application to be on machine that initiates a connection > to the client machine. I know this is not very clear, so hear is an example: Hi, this is known as "port forwarding" (look at http://en.wikipedia.org/wiki/Port_forwarding). Depending on which platfor...

Why is port forwarding more secure than opening up a port?
I have never understood this very well, here is my current grasp of it.. If I open up port 110 on my router: 1. If hacker is probing random IP addresses on that port, I will be flagged as open and he will come back and pay me a visit. 2. Any Trojans, viruses, or other malware that works its way into PCs via port 110 will eventually stumble across my open port and infect me. Alternatively, if I "forward" port 110 to say 192.168.0.5 (my pop3 server PC): 1. If hacker is probing random IP addresses on that port, will I will be flagged as closed? stealthed? worth a second visit? 2. Any Trojans, viruses or other port 110 malware will squirm through my router and arrive at 192.168.0.5?? Please can someone clear this up for me. Thanks Paul "Paul H" <nospam@nospam.com> wrote in message news:%Ifwd.453$JI3.381@newsfe1-win.ntli.net... > I have never understood this very well, here is my current grasp of it.. > > If I open up port 110 on my router: > > 1. If hacker is probing random IP addresses on that port, I will be flagged > as open and he will come back and pay me a visit. Very unlikely. I'm not running anything on 110 here and I've forgotten when I last saw anything directed at 110. > > 2. Any Trojans, viruses, or other malware that works its way into PCs via > port 110 will eventually stumble across my open port and infect me. What did you mean by "open up port 110 on my router"? It does no...

difference between port redirect and port forwarding
hi all can any body point out the difference between in port redirect and port forwarding? Actually i am trying to forward/redirect all the requests to port 26 to 25, as i cannt access port 25 from my current network. I would appreciate if somebody could suggest a solution for this problem. Thank you Anil On Thu, 30 Oct 2003 18:38:43 GMT, Anil Kommareddy <linuxkid@itslinuxhelp.com> wrote: >Actually i am trying to forward/redirect all the requests to >port 26 to 25, as i cannt access port 25 from my current network. Trying to set up an open relay for SMTP? Having trouble with port blocking? Sorry, but as I can't see any other reason for doing this, I'd not be interested in helping you. -- Joe Zeff The Guy With the Sideburns Where there's a flamethrower, there's a way. http://www.lasfs.org http://home.earthlink.net/~sidebrnz On Thu, 30 Oct 2003 18:38:43 GMT, Anil Kommareddy <linuxkid@itslinuxhelp.com> crossposted: > can any body point out the difference between in port redirect and port > forwarding? Actually i am trying to forward/redirect all the requests to > port 26 to 25, as i can't access port 25 from my current network. I would > appreciate if somebody could suggest a solution for this problem. Just one possible interpretation: Port forwarding: Forwarding connections from port XX on one machine, to port YY on another (such as a web server behind a firewall). Port redirec...

netscreen: not allowed to port forward port outside port < 1024 to one inside >= 1024?
I'm using a netscreen-25 and it seems to be the case that when I try to set up a port forward from virtual port 80 (outside) to port 8080 (inside) it won't let me: "port number should be between 1024 and 32767, or default 1024" .... and then it sets my port 80 to be 1024. Virtuals ports < 1024 are not allowed for some reason.... I am doing the port forwarding by using the VIP (virtual IP) feature btw. Why should there be such a limiation? Is there any compromise possible? alex Alex Hunsley wrote: > I'm using a netscreen-25 and it seems to be the case that when I > try to set up a port forward from virtual port 80 (outside) to port > 8080 (inside) it won't let me: > > "port number should be between 1024 and 32767, or default 1024" > > ... and then it sets my port 80 to be 1024. Virtuals ports < 1024 > are not allowed for some reason.... > > I am doing the port forwarding by using the VIP (virtual IP) > feature btw. > > Why should there be such a limiation? > Is there any compromise possible? > > alex Are you already using Port 80 with another policy or service for your NAT'ed IP address? Another good resource for netscreen issues is www.netscreenforum.com Not-My-Real-Name wrote: > Alex Hunsley wrote: > >>I'm using a netscreen-25 and it seems to be the case that when I >>try to set up a port forward from virtual port 80 (outside) to port >>...

Question about port forwarding in windows
Hello, I am looking for a way to forward ports on my windows box and I would like to know if there excists any particular software to do this (or does windows itself conclude any tools)? I am using Zonealarm and Symantec Client Firewall. LoCusF <LoCusF@locusfmachina.dyndns.org> wrote in news:Pine.CYG.4.58.0511011815440.2524@locusfmachina.dyndns.org: > Hello, > > I am looking for a way to forward ports on my windows box and I would > like to know if there excists any particular software to do this (or > does windows itself conclude any tools)? > > I am using Zonealarm and Symantec Client Firewall. > Then you're going to have to set rules on those personal FW solutions to open the required inbound ports. There is no port forwarding in those solutions as those solutions are running on the machine at the machine level and there is nothing to forward ports too. The Windows O/S, unless you're using XP's FW or IPsec that's on the O/S and those solutions as well would have to have rules set to open the required ports for inbound, has nothing to do with port forwarding ports to an IP/machine that needs the ports open. That would be in the case of a NAT router, FW appliance or network host based FW running on a gateway computer in a LAN situation being used where port forwarding would be done. http://www.homenethelp.com/web/explain/port-forwarding-dmz.asp Duane :) ...

Port Forwarding LRP Questions
I've got a linux-based LRP firewall that I want to forward 12 ports to serve on IRC. It is the latest Dachstein release from here: http://lrp.steinkuehler.net Let's say I want to forward ports 5987-5999 to ports 5987-5999 on a machine with a static IP address of 192.168.1.1 on the internal interface . 1) Is ipchains the best way to do it? a) If so, what do I need to type to make it work? b) Where do I type it? 2) If not ipchains, what then? a) Same as above b) Same as above ...

SSH Port Forwarding Question
I am having a problem using OpenSSH_3.8.1p1 Debian 1:3.8.1p1-4, OpenSSL 0.9.7d on the client and OpenSSH_3.7p1 for Solaris 7 on the server. I have port forwarded the default Oracle port from my local machine through a bastion host to my Oracle machine like so: ssh -L 1521:oracle_box:1521 username@bastion And all works fine at first. I am doing some load testing on an application and am trying to see how many instances I can run at one time. Each instance of the application initiates its own connection to the Oracle database through the SSH tunnel. This works great until I get to 25 hosts and then I start seeing this error on the console of the bastion host where I have ssh'd to: channel 53: open failed: administratively prohibited: open failed It appears there is some sort of hard limit that I have reached and I am wondering if this is something I can change on the client side, the server side, or whether it is hardcoded into either the server or client and I'm out of luck. I do not have the luxury of simply selecting another local port to forward because of the way the application is configured so I'd really like to be able to get at least 100 connections through per tunnel. I have tried this on 3 different Linux boxes, all with the same result. The per-process limit on concurrent open file descriptors for sshd on the server is probably set to 64; try increasing it. -- Richard Silverman res@qoxp.net ...

Linksys port forwarding question
Hi! I am running RH9 and want to setup a webserver. If I connect my server to my cable modem it works fine. However, I don't want the RH9 box connected directly to it. I want it and other servers sitting behind my router. I have several PCs connected to my router and all gain internet access. But when I setup the port forwarding(port 6000 -> PC1,port 6001 -> PC2, etc) it does not work from the outside. Inside the firewall it works fine. When I check to see what the outside IP is(looking at status on Linksys wireless router) I can type that IP in and specify a particular port and voila I see a particular web server. As soon as I go outside the firewall (from some other location in the world) and try to use the IP, I cannot ping it, I cannot see it at all. I disabled the DHCP server and all the PCs have static IP (inside). My outside IP is usually good for quite a while. What am I missing? As I mentioned when I hook up RH9 directly to the cable modem it works but I want to use my router instead. What needs to be setup or configured on my Linksys router(wireless) in order to gain access from the outside? Thanks When you access the servers from the internet be sure that you are entering in the correct address and port number. You have to use your public IP address to access any of your computers. The router does the translation and forward. Also you can only ping the public IP address, so you are in effect pinging the router unless you have a machine s...

Beginner question, port forwarding
Hi, I'm distributing Java app to SuSe 7.2 I have one problem, I need to receive UDP packets on port 67 (bootp) on Windows that's OK but on Linux I can't bind to the port <1024. Is there a way to route packets from port 67 to some port > 1024 using linux IPtables or some other way, I tried several combinations with no success. Device that is sending UDPs is 10.254.254.100 and it is sending to 255.255.255.255, interface that have to receive UDPs is 10.254.254.1 iptables -t nat -A PREROUTING -i 10.254.254.1 -p udp --dport 67 -j REDIRECT --to-port 6700 iptables -t nat -A OUTPUT -p udp -d 10.254.254.1 --dport 67 -j REDIRECT --to 6700 With tcpdump (tcpdump udp port 67) I can see that packets are coming to the port 67, but nothing to the port 6700. Thanx uk wrote: > Hi, > > I'm distributing Java app to SuSe 7.2 > I have one problem, I need to receive UDP packets on port 67 (bootp) > on > Windows that's OK but on Linux I can't bind to the port <1024. Unless the process attempting this has root access / is run by root. > Is there a way to route packets from port 67 to some port > 1024 using > linux IPtables or some other way, I tried several combinations with no > success. Believe me - at least one "combination" will work ;-) > Device that is sending UDPs is 10.254.254.100 and it is sending to > 255.255.255.255 Why ? > interface that have to receive UDPs is 10.254.254.1 Yes, but that doesn...

ssh port forwarding questions
Folks, I am trying to setup X11 base working environment on my macbook (at home). What I am trying to do is to login to my work unix machine, run commands, bring up GUI's (on my macbook). I was told that SSH port forwarding is best for this. (I am unix VNC, and it works great, but problem is I end up using mouse lot; cant' easily switch between windows on KDE..and on mac I can use all shortcuts to navigate faster). So here is what I have: work machine: name.company.com (I use hostname to find out; not sure how to get ip or full name, I am just assuming that domain is comp...

Newbie Port Forwarding Question
Thanks to everyone in advance. I am stuck in the middle of a project where there was an existing Cisco 1720 that looks like it had grown out of control. I have no experience with cisco other than what I have learned in the groups. I think what I need to do is basic, but I am struggling. I need to forward all SMTP traffic to a specific ip address. Can I just create an access list at the very beginning? Is there anything special I need to do with the interfaces? Any help would be very much appreciated. Here is a little snippet of the code: ip subnet-zero no ip source-route ! ! ip tftp source-interface FastEthernet0 ip domain name indy.local135.com ip name-server 192.168.200.10 ip name-server 192.168.200.12 ! no ip cef ip audit po max-events 100 ftp-server enable ! ! username admin privilege 15 secret 5 username slefevre privilege 15 secret 5 ! ! ! interface FastEthernet0 description $ETH-LAN$ ip address 192.168.200.1 255.255.255.0 ip nat inside ip route-cache flow speed auto full-duplex ! interface FastEthernet0.20 description DMZ Interface encapsulation dot1Q 20 ip address 12.96.76.70 255.255.255.248 ip access-group sdm_fastethernet0.20_in in ip helper-address 192.168.200.10 no ip redirects no ip unreachables no ip proxy-arp no snmp trap link-status no cdp enable ! interface Serial0 description T1(1.54M) to Internet ip address 12.119.206.86 255.255.255.252 ip access-group sdm_serial0_in_test in ...

Ports for DB2 behind firewall / ssh port forward
hi newsgroup, I'd like to connect to a remote DB2 Database V 8.2 using the "DB2 Steuerzentrale" (I guess it's called something like "DB2 management console" in the English version). Since the database host is behind a firewall I tried to communicate through ssh port forwarding. Therefore, I run: ssh -L 6789:remotename:6789 -L 50000:remotename:50000 -L 50001:remotename:50001 -L 523:remotename:523 remotename Though the ssh connection is established, my "DB2 Steuerzentrale" won't connect to localhost successfully and shows an error num...

Do I need port forwarding on 25 port to send messages?
I'm using CDONTS.Newmail (It is using the local SMTP) in a contact form on a web server(IIS) which is behind DMZ. I am trying to figure out why it is not sending the messages. The machine has private IP and port forwarding is set up for 80 port. I don't need to receive, but only to send. In this case - Do I need port forwarding on 25 port if I use the SMTP for CDONTS.Newmail only. Thank you in advance, Rosica "bu" <me@buto.net> wrote in message news:9506ab65.0307161002.420d480d@posting.google.com... | I'm using CDONTS.Newmail (It is using the local SMTP) in a contact | form on a web server(IIS) which is behind DMZ. | | I am trying to figure out why it is not sending the messages. | The machine has private IP and port forwarding is set up for 80 port. | | I don't need to receive, but only to send. | In this case - Do I need port forwarding on 25 port if I use the SMTP | for CDONTS.Newmail only. | | Thank you in advance, | Rosica no. the way broadband routers work, you only need to setup ports from the WAN side. your local side has permissions to send. ken k "Ken Kauffman" <kkauffman@nospam.headfog.com> wrote in message news:fygRa.7072$zd4.1834@lakeread02... | | "bu" <me@buto.net> wrote in message | news:9506ab65.0307161002.420d480d@posting.google.com... | | I'm using CDONTS.Newmail (It is using the local SMTP) in a contact | | form on a web server(IIS) which is behind DMZ. | | | | I am trying ...

port tunneling over ssh (not port-forwarding in the traditional sense)
Does anybody know of a way to do port forwarding over ssh not using the standard ssh functionality, but rather by running a utility on the server and using a special client that forwards data through the terminal session. I think PPP and slirp would do the job, but I would prefer to have a standalone client that exists solely to forward one (or several) ports, rather than acting as my main network connection. > Does anybody know of a way to do port forwarding over ssh not using the > standard ssh functionality, but rather by running a utility on the server > and using a special client that forwards data through the terminal session. > > I think PPP and slirp would do the job, but I would prefer to have a > standalone client that exists solely to forward one (or several) ports, > rather than acting as my main network connection. I don't know of such a method, although it probably can be done. But I'm having trouble understanding what the advantage is. You still have to run an ssh client and ssh server. Then you want to add an additional client and server that will communicate over the ssh connection, in order to forward some ports. But the ssh session will already do this, so where's the benefit? Are you maybe thinking of automation? That is, you want to ports to be forwarded automatically as soon as you boot or log in, without you having to start an ssh client session? If so, then maybe autossh is what you want: http://w...

iptables port forwarding
with the following rules: iptables -A INPUT --protocol tcp --dport 2222 -j ACCEPT iptables -t nat -A PREROUTING -p tcp --dport 2222 -j DNAT --to-destination 127.0.0.1:22 "ssh -p 2222 <host>" doesn't go through and nmap shows port 2222 as being filtered (from within the DMZ). how can i open up the port? thanks. Jason wrote: > with the following rules: > > iptables -A INPUT --protocol tcp --dport 2222 -j ACCEPT > iptables -t nat -A PREROUTING -p tcp --dport 2222 -j DNAT --to-destination 127.0.0.1:22 > > "ssh -p 2222 <host>" doesn't go through and nmap shows port 2222 as > being filtered (from within the DMZ). how can i open up the port? Change the INPUT rule to --dport 22 and it should work. The DNAT rule changes the port in the PREROUTING table, and because of the way the packets traverse the chains the table FILTER and the chain INPUT goes after that, so the packet has destination port 22 when it hits the INPUT rule. > thanks. Regards. -- Jose Maria Lopez Hernandez Director Tecnico de bgSEC jkerouac@bgsec.com bgSEC Seguridad y Consultoria de Sistemas Informaticos http://www.bgsec.com ESPA�A The only people for me are the mad ones -- the ones who are mad to live, mad to talk, mad to be saved, desirous of everything at the same time, the ones who never yawn or say a commonplace thing, but burn, burn, burn like fabulous yellow Roman candles. -- Jack Kerouac, "On the R...

Port Forwarding -All ports shown as "Stealth"
I am unable to get ourtside services to see my computer. I have an ADSL modem/router configured as a "bridge" feeding into a wireless+4xethernet router, with one ethernet port going to my computer, and the wireless port going to my wife's laptop. We have never had full networking, since her intersts and mine don't overlap. I have port forwarding for Ports 80 (Web server) 25 (Mail Server) P2P and VOIP. According to a scan at "Shields Up!", all the first 1056 ports come up as stealth. My servers are not visible. EchoLink (a Ham program using VOIP) can receive a station list, but can't connect to the test server (the necessary ports have been forwarded.) Any suggestions please? I rather suspect that it is due to having the modem in two stages. Doug. -- How wonderful it is that nobody need wait a single moment before starting to improve the world. - Anne Frank. On Fri, 02 Feb 2007 16:06:55 +1100, Doug Laidlaw rearranged some electrons to form: > I am unable to get ourtside services to see my computer. I have an ADSL > modem/router configured as a "bridge" feeding into a wireless+4xethernet > router, with one ethernet port going to my computer, and the wireless port > going to my wife's laptop. We have never had full networking, since her > intersts and mine don't overlap. > > I have port forwarding for Ports 80 (Web server) 25 (Mail Server) P2P and > VOIP. According to a scan at "Sh...

PORT Forwarding
Hi all, I'm newbie to Linux and now I'm working in PORT Forwarding in that, I've two network cards in Linux PC Configs are eth0 : IP :10.128.19.219 (connected with local network IP is 10.128.xx.xxx) eth1: IP : 192.128.10.1 (connected with private network PC and IP is 192.128.10.2) Now I can transfer the http protocols, But I want to communicate from 10.128.19.230 port no 1000 to 192.128.10.2 port no 2000 Is it possible? How could I make it possible through Port Address Translation? Suggest me example rule sets Can anybody help me? On Thu, 29 Nov 20...

port forwarding
i have a linksys BEFSR41 router hooking up two computers both have win xp (home) on them, i was having a problem with IRC and finally figured it out somewhat, i had to forward some ports to get it working, but when i did this i lost the use of the internet on the other computer, so now when i want to use irc i have to make sure no one is going to use the internet on the other computer and go into the routers setup and change the port forwarding while i am using irc, and when i am done i have to change it back...anyone know why i have to do this and how to make it so i dont have to do it...

Web resources about - To Port Forward or Not To Port Forward - That is the question - comp.sys.mac.comm

German question - Wikipedia, the free encyclopedia
"Kleindeutschland" redirects here. For the neighborhood in New York City, see Little Germany, Manhattan . 1820 map of Central Europe showing ...

ATO's private company list kicks up more questions about artistry of tax arrangements
Just $2 billion net tax on total income of $145 billion. What a time to be alive.

ATO's private company list kicks up more questions about artistry of tax arrangements
Just $2 billion net tax on total income of $145 billion. What a time to be alive.

‘If I Stay Here, You’ll Make 500 Questions. I Said I Was Going To Answer One.’
Cuban Pres. Raul Castro is not used to taking questions from the press. But he agreed to today. It didn’t go well. In a joint news conference ...

There's a huge unanswered question in the collapse of Powa Technologies — where did the money go?
It has been a month since London payment company Powa Technologies collapsed into administration and, as the dust settles, we've got some idea ...

Obama visits Cuba, Castro takes questions - Videos - CBS News
During President Obama's historic trip to Cuba, he and dictator Raul Castro gave statements side by side. In a surprising move, Castro took questions ...

12 questions project managers should be prepared for in a job interview
Project management job interviews can be more stressful than the new job itself. Most candidates expect to talk about their strengths, weaknesses, ...

Carmike Investor Questions Its Rush To Merge With AMC While Stock Was Down
Carmike’s largest shareholder continued today to rally fellow investors to oppose its $1.1 billion (including debt) sale to AMC Entertainment ...

Question of the Day: Would You Buy a High-End 4.0″ Android Smartphone?
Apple took the stage this morning and announced the iPhone SE, a premium iPhone device that does not compromise on specs. More interestingly, ...

Northwestern MutualVoice: Before You Retire, Ask Yourself This One Question
You’ve spent the last few decades of life being “a grown-up.” You’ve put others first—as a parent, a significant other or an employee. Now retirement ...

Resources last updated: 3/23/2016 8:25:50 AM