Network ACL two specific ports
As I know there is no way to set ACLs for network such that only two specific ports are available. I'm using Oracle 11 g 2.I would like a HTTP and SMTP port opened for local loop address. These are ports 7777 and 25. It is my understanding that you can have only one of the ACL for each host. While it seems that you can create others, any additional ACL for the same host does not always work as expected. So does anyone have tips that how can I do this? I'd rather not have all ports between 7777 and 25 available but this is what I currently have...
DBMS_NETWORK_ACL_ADMIN. (ASSIGN_ACL)
ACL = > 'local_loopback.xml '.
, host = > "127.0.0.1"
lower_port = > 25
upper_port = > 7777
);
Captain Egg wrote:
As I know there is no way to set ACLs for network such that only two specific ports are available. I'm using Oracle 11 g 2.
Not the case in my experience. An ACL can be for a specific purpose, but contain multiple ports for this purpose.
For example I assign ports 80, 8080, 7777 and some others, in a single web - acl.xml, to a target of network (host or domain).
Read the usage notes in the PL/SQL package of database, Oracle®, and reference Types.
Tags: Database
Similar Questions
-
How can I assign an IP address and a specific port on a powerconnect switch 6224?
Thanks for the explanation.
When you connect two layer 3 devices, you need a network isolated between devices. The process is similar between Cisco and PowerConnect. The difference is, as you said, you cannot set an ip address on the port itself with Powerconnect. As you would with Layer 3 devices Cisco.
Are the switch A and switch B of PowerConnect? Or is a Cisco and the other Powerconnect.
If both are PowerConnect. You will need to create a VLAN to be only used to one port on each of the 2 devices.
Switch to # config
Switch database has (config) # vlan
A(config-vlan) switch # vlan 2
Switch A(config-vlan) # exit
Switch to (config) # interface vlan 2
A (config-if) # name of the L3 switch connect switch
Switch # 192.168.1.1 ip address A(config-if) 255.255.255.0
Switch A(config-if) # exit
Switch to (config) # interface ethernet xxx
Switch A(config-if) # switchport mode access
Switch A(config-if) # switchport access vlan 2
--------------------
The B switch configuration:
B # config switch
Database switch B (config) # vlan
B(config-vlan) switch # vlan 2
Switch B(config-vlan) # exit
Switch B (config) # interface vlan 2
B (config-if) # name of the L3 switch connect switch
Switch B (config-if) # ip 192.168.1.2 address 255.255.255.0
Switch B (config-if) # exit
Switch B (config) # interface ethernet xxx
Switch B (config-if) # switchport mode access
Switch B (config-if) # switchport access vlan 2
Next, you will want to check to make sure IP routing table that's list a path to all networks on both sides.
You will probably need a specific static route defined for networks or by default.
-
How to restrict multicast traffic to specific ports on GS716Tv3?
I can not find specific instructions to limit traffic of multicast on the smart switch GS715Tv3.
I need to force all multicast traffic to travel on a specific set of interfaces, or at least stay within a given virtual LAN on the switch to which it is native. All the changes you want multicast servers and listeners will be on these interfaces in their separate vLAN.
We have several GS715Tv3 switches configured identically, but multicast traffic does not pass between the switches.
Topology:
Eight GS716Tv3 smart switches, each configured with three VLANS identical.
No traffic should pass between these VLANS on the switch or pass between the switches
In other words, even if all the 8 switches each have a vLAN named "IOSubsystem", I do not considered the same vLAN.
.
vLAN 4 is corresponding to the hosts of Linux to address major
vLAN 5 is for the audio subsystem
vLAN 6 is for the IO subsystem
VLAN each switch 4 has two active ports, a session to the external interface of the main Linux host and the other to a central switch of 9th GS716Tv3 where a system of software development is also linked.
VLAN each 5 switch connects to the components of the audio subsystems (not shown).
VLAN each switch 6 has two active ports, a going inward a lead Linux host interface and one for the IO subsystem.
-> [vLAN4 | g10]---> [Switch #9]-+.
-> [vLAN4 | g9]-> [Linux host #1: eth0] |
[Switch #1]-> [vLAN6: g1]-> [Linux host #1 | eth1] |
-> [vLAN6: g2]-> [e/s 1 subsystem] |
|
-> [vLAN4 | g10]---> [Switch #9]- +---> [software Dev host]
-> [vLAN4 | g9]-> [Linux host #2: eth0] |
[Switch #2]-> [vLAN6: g1]-> [Linux host #2 | eth1] |
-> [vLAN6: g2]-> [subsystem/o 2] |
... ~
|
-> [vLAN4 | g10]---> [Switch #9]-+.
-> [vLAN4 | g9]-> [Linux host #8: eth0]
[Switch #8]-> [vLAN6: g1]-> [Linux host #8 | eth1]
-> [vLAN6: g2]-> [i/o subsystem #8]We get multicast traffic unwanted between each of these systems, causing corruption of our stream. We limit the multicast traffic on vLAN6 of each switch to stay on the vLAN6 of this specific switch.
Thanks for any help.
To switch the management VLAN to 4.
Make sure you have 2-way switch, one in VLAN4 in a VLAN1.
4 and apply the value of the system you use to a static IP address to the switch and confirm the access to the web configuration and then change "management VLAN ID. then pass the system that you use on the port or any VLAN 4, then you should have access, otherwise, wait about 60-90sec and try again, because you might have PLEASE and it will block anything on the port for just under its set to "Enabled" 'Fast Link '.
Then under "IP Configuration" value switches other IP address in IP range of VLAN4.
For the love of Simplisicty, unmarked ports should never be in 1 VLAN simultaneously.
And instead of using the point and click, goto "Port PVID Configuration" and just create the VLAN it.
Member of the PVID and VLAN the same thing for a port, on what VLAN, it must be in the database
And to confirm, you have a cable from switch to each VLAN? You can cut down on cables and ports if you tag/trunk ports to the next switch. then all VLAN 3 just 1 cable between each pair of switches, saving you at least 4 ports on each switch.
Just an example of my GS724T (ignore ports g8 and g-19-20, their current PVID is because of something else you do not, LACP and Span/Monitoring):
All ports are configured to a single VLAN, my 'LAN hand' is VLAN12, that the management VLAN is set for, g23-24 ports VLAN trunks, they are set on tagg VLAN12 and 14 when the traffic is out of these ports, then switch to the other side reads the consequence tagg and acts, that way I don't need 2 cables/port for each of them.
-
Application of force to use specific ports
Hi all
I have an application that uses random ports. This could be good behind a typical personal router, but is not possible with the current implementation. The program is an application of video conferencing with Polycom collaboration, and the app is telepresence m100.
The release notes for m100 indicate a few random ports are used for some protocols. (See page 21) Our network firewall device requires a game port assignment and our security protocols do not allow an open machine. We would also like to use this m100 of telepresence on multiple machines, so a DMZ is not an option. The application does not allow the user to select specific ports. Request support with Polycom has been less then helpful (answer: it uses a random port).So here I wonder if there is a way on XP or 7 to force an application to use ports or range of ports, perhaps 4-5 assigned ports, not 65535. The nature of the beast requires several ports open, not one. Also, remote machines will have the same configs, so one of these machines could initiate/receive calls with all the others.
John
Questions of this nature are better asked on Technet
http://social.technet.Microsoft.com/forums/en-us/categories/
-
By the way a specific port number
Hell-o,
My question is about the PIX515e. We have a Server Windows ISA firewall we want to retire. I need to move the ports that have been opened in this area of ISA for the PIX. On AIS, he simply says "send and receive port tcp 5510' for example. Is it possible on the PIX of this port is very simply to apply. Without having to create a static entry? A way to simply open a specific port number?
Suggestions, ideas or advice greatly welcome,
TIA,
Gary
Which starts the connection, the interface of high security to low or low security interface to high? If she is brought down, do nothing, it will allow by default. If it is low to high, you must 1) of static type and 2) an access list. The acl is not reference IPs, but it should (security reasons - the whole point of the PIX). For example:
(1) static (inside, outside) subnet to the 10.10.10.10 x.x.x.x 255.255.255.255 mask (or use a range of IP addresses)
or
static (inside, outside) 10.10.10.10 10.10.10.10 (if nat disabled)
and
(2) access list 102 permit tcp any any eq 5510
or
access list 102 permit tcp any host x.x.x.x eq 5510 (better)
or
access-list 102 permit tcp host y.y.y.y host x.x.x.x eq 5510 (best)
Access-group 102 in external interface
It will be useful.
Steve
-
PIX Site to Site VPN to aid to specific port
Good day to all!
I know that to have establish a site to site VPN using 2 PIX firewall, it should be noted the interesting traffic on both sides. Usually, we make the following statement:
accessList AllowedTraffic ip 192.168.2.1 allow 192.168.3.1
But I thought what happens if specify us specific ports on the
The ACL that is used for interesting VPN as HTTPS traffic? Like the one below:
Acccess-list AllowedTraffic tcp 192.168.2.1 192.168.3.1 eq 443
Comments would be nice...
Thank you...
Chris
Here are my configs when I tested it. I hope this helps! If Yes, please rate.
Thank you
-
Direct specific ports down a VPN L2L
I have a client who is trying to use an ISP hosted web filtering and content management a gateway, the ISP wants to use and L2L ISPEC VPN on site at their front door to control the traffic. Today we have the tunnel with an ACL test for peripheral test side customer down the tunnel, but that it blocks all traffic that is not being analyzed. The problem is that they are on an ASA 5510 with 8.2.2. You cannot add ports tcp in the ACL sheep, it error when you try to apply the nat 0 access-list statement sheep (inside). We can define the ports to go down the VPN traffic interesting ACL with number, but there is no way to send just the web ports down the VPN and allow the other ports on regular overflow interface NAT I was look in 8.4 and see if it allows a policy NAT (twice the NAT for virtual private networks) to set a port to a range of IPS (IE (: nat static destination WEBINSPECT-WEBINSPECT (indoor, outdoor) static source a whole) but who only define as web ports.
I do not have an ASA test to use, but I guess that vpn l2l will be only by IP and I can not define a port tunnel.
In any case, it is a strange, but the ideas are welcome. I don't think it's possible, but I thought I'd see if anyone encountered at the front.
Hello
Well to give you a simple example where we use the double NAT / manual transmission NAT to handle traffic
For example a configuration example I just did on my 8.4 (5) ASA
The following configuration will
- Set the 'object' that contains the source network for NAT
- Set the 'object' that contains the service for NAT
- Define the real NAT
The real NAT is going to make any connection from the network under 'Wireless' network object to the destination port TCP/80 will be sent 'WAN' interface without NAT
Of course it is the next step with VPN L2L network under 'network wireless of the object' would correspond to the ACL of VPN L2L. But that seemed straight forward for you already
the subject wireless network
10.0.255.0 subnet 255.255.255.0
service object WWW
Service tcp destination eq www
NAT (WLAN, WAN) static source without WIRE WIRELESS WWW WWW service
The following configuration will
- Define the "object-group", that defines networks of the source of the rule by default PAT for Internet traffic
- Set the 'object' for the PAT address (could just use 'interface' instead of the 'object')
- Define the real NAT
The NAT configuration will just make a rule by default PAT for the wireless network. The key thing to note here is that we use the setting "auto after." This basically inserts the NAT rule to the priority of the very bottom of the ASA.
object-group, network WIRELESS-network
object-network 10.0.255.0 255.255.255.0
network of the PAT object - 1.1.1.1
host 1.1.1.1
NAT (WLAN, WAN) after the automatic termination of wireless - NETWORK PAT dynamic source - 1.1.1.1
Now we can use the command "packet - trace" to confirm that the NAT works as expected.
WWW TEST-TRAFFIC
ASA (config) # packet - trace 12355 1.2.3.4 entry WLAN tcp 10.0.255.100 80
Phase: 1
Type: UN - NAT
Subtype: static
Result: ALLOW
Config:
NAT (WLAN, WAN) static source without WIRE WIRELESS WWW WWW service
Additional information:
NAT divert on the output WAN interface
Untranslate 1.2.3.4/80 to 1.2.3.4/80
Phase: 2
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional information:
Phase: 3
Type: NAT
Subtype:
Result: ALLOW
Config:
NAT (WLAN, WAN) static source without WIRE WIRELESS WWW WWW service
Additional information:
Definition of static 10.0.255.100/12355 to 10.0.255.100/12355
Phase: 4
Type: HOST-LIMIT
Subtype:
Result: ALLOW
Config:
Additional information:
Phase: 5
Type: NAT
Subtype: rpf check
Result: ALLOW
Config:
NAT (WLAN, WAN) static source without WIRE WIRELESS WWW WWW service
Additional information:
Phase: 6
Type: USER-STATISTICS
Subtype: user-statistics
Result: ALLOW
Config:
Additional information:
Phase: 7
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional information:
Phase: 8
Type: USER-STATISTICS
Subtype: user-statistics
Result: ALLOW
Config:
Additional information:
Phase: 9
Type: CREATING STREAMS
Subtype:
Result: ALLOW
Config:
Additional information:
New workflow created with the 1727146 id, package sent to the next module
Result:
input interface: WLAN
entry status: to the top
entry-line-status: to the top
the output interface: WAN
the status of the output: to the top
output-line-status: to the top
Action: allow
TEST FTP - TRAFFIC
ASA (config) # packet - trace entry tcp 10.0.255.100 WLAN 12355 1.2.3.4 21
Phase: 1
Type:-ROUTE SEARCH
Subtype: entry
Result: ALLOW
Config:
Additional information:
in 0.0.0.0 0.0.0.0 WAN
Phase: 2
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional information:
Phase: 3
Type: INSPECT
Subtype: inspect-ftp
Result: ALLOW
Config:
class-map inspection_default
match default-inspection-traffic
Policy-map global_policy
class inspection_default
inspect the ftp
global service-policy global_policy
Additional information:
Phase: 4
Type: NAT
Subtype:
Result: ALLOW
Config:
NAT (WLAN, WAN) after the automatic termination of wireless - NETWORK PAT dynamic source - 1.1.1.1
Additional information:
Definition of dynamic 10.0.255.100/12355 to 1.1.1.1/12355
Phase: 5
Type: HOST-LIMIT
Subtype:
Result: ALLOW
Config:
Additional information:
Phase: 6
Type: NAT
Subtype: rpf check
Result: ALLOW
Config:
NAT (WLAN, WAN) after the automatic termination of wireless - NETWORK PAT dynamic source - 1.1.1.1
Additional information:
Phase: 7
Type: USER-STATISTICS
Subtype: user-statistics
Result: ALLOW
Config:
Additional information:
Phase: 8
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional information:
Phase: 9
Type: USER-STATISTICS
Subtype: user-statistics
Result: ALLOW
Config:
Additional information:
Phase: 10
Type: CREATING STREAMS
Subtype:
Result: ALLOW
Config:
Additional information:
New workflow created with the 1727154 id, package sent to the next module
Result:
input interface: WLAN
entry status: to the top
entry-line-status: to the top
the output interface: WAN
the status of the output: to the top
output-line-status: to the top
Action: allow
As you can see traffic TCP/80 corresponds to rule on the other. And the FTP used for example corresponds to rule by default PAT as expected.
If you want to know a little more about the new NAT 8.3 format + you can check a document I created
https://supportforums.Cisco.com/docs/doc-31116
Hope this helps you, please mark it as answered in the affirmative or rate of answer.
Naturally ask more if necessary
-Jouni
-
My USB to ethernet adapter works only if plugged into my MacBook Pro.
I tried to use to start an expander USB (power strip), but this has not--a problem when you have only TWO USB ports ports!
Any suggestions?
Juice what 'expander' did you use?
What model of MacBook Pro?
This is the Office Mac Pro forum. I asked that your post be moved to the MacBook Pro laptop forum.
-
Satellite C660 - two USB Ports without function (bad connection)
Hello, sorry for the worst English.
Historically, the touchpad of my Satellite C660-220 used without operation, worked with a mouse of radio. Now, two usb ports can only be used under certain conditions. Can I replace the connections for this part (motherboard / motherboard) for example, a computer used toshiba laptop? Where can I read, one of which models the parts required are the same as well?Best regards from the Germany
Bert
Hi Bert
I guess for you that it is quite simple. Problem is that this repair is not supported, and all we can try it on its own, including all the risks of damaging something.
> Where can I read, one of which models the parts required are the same as well?
This kind of document is not and if it has information that is not for public use, but for only authorized services.Theoretically, you can find the same mainboard with damage CPU or GPU and use parts from there.
Believe me it is not easy to give you some good advice on this subject.
Out of curiosity, but you have some experience with these things? -
Satellite A500 - 14L cannot recognize two USB ports
Hello
I bought a Satellite A500 - 14L three months ago, I've just updated the bios with this link , but after two USB ports (on the left side of the computer) do not work.
I try to download the new driver for them, but without success.
Do anyone now how can I solve this problem?Thank you and sorry for the English, I'm French...
Hello
What operating system do you use?
Is - this Windows 7?How about USB port State in the Device Manager?
Is there visible yellow exclamation points?In your case I would recommend to check if all the necessary drivers have been installed.
For example the Chipset Utility must be installed. It is very important.
There is also the USB Sleep and Charge utility USB Sleep and Charge utility. This utility is able to activate or disable the USB Sleep function and fresh. It shows the positions of the USB ports supporting USB Sleep and Charge function and shows the remaining capacity of the battery.Please check these applications!
-
HP Pavilion 15-n259TX (two Usb ports on the left does not work)
I recently lowered the windows note 8 for windows 7 and found that the two usb ports on the left side of my laptop no longer works, that is, they do not detect anything, be pendrives or external hard drive. Can you help me fixed the problem?
My laptop is HP Pavilion n259TX 15.Hello
Install the driver usb 3.0 on the following link.
http://ftp.HP.com/pub/SoftPaq/sp64501-65000/sp64965.exe
Kind regards
DP - K
-
How can I use the USRP to record a signal using its two RX ports simultaneously?
Hello.
I am trying to record a signal using two antenna cone. The reason that I need two antenna to cover the bandwidth (DC - 6 GHz). a single antenna covers DC - 300 MHz and the other covers 300 MHz to 6 GHz. so I need to use two RX port of USRP at the same time to record the signal. I have two questions:
1. is this all USRP market capable of covering this frequency range?
2. is it possible to use the two RX port at the same time to the signals of the records I described? If this is not the case, how can do?
P.S. I have two NI2920 USRPs and two USRPs N210 in my lab.
Thanks in advance for your time.
Sam.
Hi Sam,
To answer your first question, the USRPs you can reach the bandwidth you want. There is not a USRP, to my knowledge, that can reach this range in a single device.
Also note that you can only use RX convened for two different ports at the same time using LabVIEW and the pilot of the USRP. If you want to use the two lines of RX, you will need to run a session with a single line, close the session and then start a different session for your second RX line.
-
Question of networking: how to open port 8080?
original title: network
How to open port 8080?Hi LaraineChic,
When you post a question, please include as much detail as possible.
In this case, the operating system, the program used and the reasons would be huge help.
This is an XP Microsoft KB on how to manually open ports.
Calculation of the happy,
B Eddie -
How can I configure two ethernet ports to connect to a VPN with Windows Server 2008?
Something I can put in place, but im stuck with an error that I get is that I need two ethernet ports to configure vpn but why and how do I make it work I like
original title: vpn windows Server2008In order to configure the VPN, you can take a look at:
http://TechNet.Microsoft.com/en-us/library/cc725734 (WS.10) .aspx
-
Replace a XP computer with another XP computer in a peer-to-peer network with two other computers. became terribly frustrating. I spent a day and a half by train to get there. I know MS wants everyone to buy their new OS, but I can't afford it right now. In the meantime, I'm trying to add a computer to my existing peer-to-peer network. I have never had so much trouble. I can not get computers to eachother Duke on the network.
Over the past 3 years I have implemented each of the existing computers. I'm familiar with the silly quirks of this operating system (i.e. a few hours waiting see if eventually the computers will warm up to each other and decide to play nice together). All computers are able to connect to the internet through the same router connection, and I was able to get each of the computers to see one another, but not all, but none of the computers is to see the new computer. (The new computer is connected to ONE of the other computers, but stopped doing and do again it). Is there a simple step by step to do this? I don't care even if I can't not all computers on the network as a whole, I would like to just the computer I replace to see the computer I replace by in order to obtain the transferred files and get back to work.
I appreciate sincerely ANY help ANYONE can offer.
Hi okcbz,
- How many computers on the network?
I suggest you have a look at the following links in the article:
Introduction to Windows Peer-to-Peer network
How to set up a small network with Windows XP Home Edition (PART 1)
Maybe you are looking for
-
Firefox 7 not allowing to open several tabs of the same Web site. When tried to open new tab already open web page then it jumps to originally alreay open tab and do not allow me to open multiple instance of the same site.
-
Why firefox doesn't answer after that I submit my crash report?
When I open Mozilla, Mozilla's Crash report screen comes up. After I sent the report, another Mozilla Crash report screen appears asking to send another report. I have dk what crash ID is. When I go to the summary report, it is incredibly long. User
-
Right shift key stopped working on my C50D-A Satellite
Press right shift has stopped working on my C50D-A, I checked to make sticky keys of course it is and turned off and restarted is disabled. Help, please
-
Is there a way to search for patterns in an image independently a difference of scale between the model and the image under inspection?
-
I just install my HP PSC 2410xi Photosmart all-in-one for IP printing via my new usaing Asus RT - 16 Wireless Router the router USB 2 connections, and it prints perfectly for my custom pc company installation Windows 7 64 ultimate. But I can't get ei