Re: [openthinclient-user] Firewall settings
Please try our openthinclient Advisor: http://vogel-daniel.com/openthinclient/openthinclientAdvisor.jar Sorry, the documentation is only in German available: http://vogel-daniel.com/openthinclient/Advisor.pdf Good luck. Alexander Stecher Dipl.-Ing. (BA) Telefon: +49 711 1378636-0 Handy: +49 151 2761 2961 mailto:a.stec...@openthinclient.com openthinclient gmbh, Heilbronner Straße 150, 70191 Stuttgart, Deutschland Amtsgericht Stuttgart: HRB 245 177; USt-ID: DE216017092 Geschäftsführer: Alexander Stecher, Martin Kreiner http://openthinclient.com 2011/10/26 Greg Lara gl2...@columbia.edu: Hello, I've just installed openthinclient 1.0 on my Windows 2008R2 server, and have opened the following ports in my firewall as described on the prerequisites page: TCP: 1098, 1099, 2069, 3873, , 4445, 8009, 8080, (internal webserver), 8083, 10389 (LDAP server) UDP: 67 (DHCP proxy), 69 (TFTP server), 514 (SYSLOG server), 2069, 4011 (DHCP proxy) However, my clients will not connect with only these ports open. If I turn off the firewall, they connect fine. Can someone let me know if there are ports missing from the above list? Thanks. -- Greg Lara IT Director Columbia University Press 61 West 62nd Street, 3rd Floor New York, NY 10023 212-459-0600, ext 7132 -- The demand for IT networking professionals continues to grow, and the demand for specialized networking skills is growing even more rapidly. Take a complimentary Learning@Cisco Self-Assessment and learn about Cisco certifications, training, and career opportunities. http://p.sf.net/sfu/cisco-dev2dev ___ The Open Source Thin Client Solution http://openthinclient.org openthinclient-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openthinclient-user -- The demand for IT networking professionals continues to grow, and the demand for specialized networking skills is growing even more rapidly. Take a complimentary Learning@Cisco Self-Assessment and learn about Cisco certifications, training, and career opportunities. http://p.sf.net/sfu/cisco-dev2dev ___ The Open Source Thin Client Solution http://openthinclient.org openthinclient-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openthinclient-user
Re: [openthinclient-user] Firewall settings
Thanks Alexander. I ran the advisor and even with the firewall on, all ports seemed to connect successfully, so I guess I'm back to square one. Turning off the firewall isn't really an option, and I'm not sure how else to determine what is being blocked, short of employing a packet analyzer, an option I don't really have time for. Any further thoughts or suggestions would be appreciated. -- Greg Lara IT Director Columbia University Press 61 West 62nd Street, 3rd Floor New York, NY 10023 212-459-0600, ext 7132 On Wed, Oct 26, 2011 at 7:01 AM, Stecher, Alexander a.stec...@openthinclient.com wrote: Please try our openthinclient Advisor: http://vogel-daniel.com/openthinclient/openthinclientAdvisor.jar Sorry, the documentation is only in German available: http://vogel-daniel.com/openthinclient/Advisor.pdf Good luck. Alexander Stecher Dipl.-Ing. (BA) Telefon: +49 711 1378636-0 Handy: +49 151 2761 2961 mailto:a.stec...@openthinclient.com openthinclient gmbh, Heilbronner Straße 150, 70191 Stuttgart, Deutschland Amtsgericht Stuttgart: HRB 245 177; USt-ID: DE216017092 Geschäftsführer: Alexander Stecher, Martin Kreiner http://openthinclient.com 2011/10/26 Greg Lara gl2...@columbia.edu: Hello, I've just installed openthinclient 1.0 on my Windows 2008R2 server, and have opened the following ports in my firewall as described on the prerequisites page: TCP: 1098, 1099, 2069, 3873, , 4445, 8009, 8080, (internal webserver), 8083, 10389 (LDAP server) UDP: 67 (DHCP proxy), 69 (TFTP server), 514 (SYSLOG server), 2069, 4011 (DHCP proxy) However, my clients will not connect with only these ports open. If I turn off the firewall, they connect fine. Can someone let me know if there are ports missing from the above list? Thanks. -- Greg Lara IT Director Columbia University Press 61 West 62nd Street, 3rd Floor New York, NY 10023 212-459-0600, ext 7132 -- The demand for IT networking professionals continues to grow, and the demand for specialized networking skills is growing even more rapidly. Take a complimentary Learning@Cisco Self-Assessment and learn about Cisco certifications, training, and career opportunities. http://p.sf.net/sfu/cisco-dev2dev ___ The Open Source Thin Client Solution http://openthinclient.org openthinclient-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openthinclient-user -- The demand for IT networking professionals continues to grow, and the demand for specialized networking skills is growing even more rapidly. Take a complimentary Learning@Cisco Self-Assessment and learn about Cisco certifications, training, and career opportunities. http://p.sf.net/sfu/cisco-dev2dev ___ The Open Source Thin Client Solution http://openthinclient.org openthinclient-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openthinclient-user -- The demand for IT networking professionals continues to grow, and the demand for specialized networking skills is growing even more rapidly. Take a complimentary Learning@Cisco Self-Assessment and learn about Cisco certifications, training, and career opportunities. http://p.sf.net/sfu/cisco-dev2dev___ The Open Source Thin Client Solution http://openthinclient.org openthinclient-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openthinclient-user
Re: [openthinclient-user] Firewall settings
Does your firewall report blocked connections, or can it be configured to do so? If so, examine the log for the time period in question. Lee On Wed, Oct 26, 2011 at 4:10 PM, Greg Lara gl2...@columbia.edu wrote: Thanks Alexander. I ran the advisor and even with the firewall on, all ports seemed to connect successfully, so I guess I'm back to square one. Turning off the firewall isn't really an option, and I'm not sure how else to determine what is being blocked, short of employing a packet analyzer, an option I don't really have time for. Any further thoughts or suggestions would be appreciated. -- Greg Lara IT Director Columbia University Press 61 West 62nd Street, 3rd Floor New York, NY 10023 212-459-0600, ext 7132 On Wed, Oct 26, 2011 at 7:01 AM, Stecher, Alexander a.stec...@openthinclient.com wrote: Please try our openthinclient Advisor: http://vogel-daniel.com/openthinclient/openthinclientAdvisor.jar Sorry, the documentation is only in German available: http://vogel-daniel.com/openthinclient/Advisor.pdf Good luck. Alexander Stecher Dipl.-Ing. (BA) Telefon: +49 711 1378636-0 Handy: +49 151 2761 2961 mailto:a.stec...@openthinclient.com openthinclient gmbh, Heilbronner Straße 150, 70191 Stuttgart, Deutschland Amtsgericht Stuttgart: HRB 245 177; USt-ID: DE216017092 Geschäftsführer: Alexander Stecher, Martin Kreiner http://openthinclient.com 2011/10/26 Greg Lara gl2...@columbia.edu: Hello, I've just installed openthinclient 1.0 on my Windows 2008R2 server, and have opened the following ports in my firewall as described on the prerequisites page: TCP: 1098, 1099, 2069, 3873, , 4445, 8009, 8080, (internal webserver), 8083, 10389 (LDAP server) UDP: 67 (DHCP proxy), 69 (TFTP server), 514 (SYSLOG server), 2069, 4011 (DHCP proxy) However, my clients will not connect with only these ports open. If I turn off the firewall, they connect fine. Can someone let me know if there are ports missing from the above list? Thanks. -- Greg Lara IT Director Columbia University Press 61 West 62nd Street, 3rd Floor New York, NY 10023 212-459-0600, ext 7132 -- The demand for IT networking professionals continues to grow, and the demand for specialized networking skills is growing even more rapidly. Take a complimentary Learning@Cisco Self-Assessment and learn about Cisco certifications, training, and career opportunities. http://p.sf.net/sfu/cisco-dev2dev ___ The Open Source Thin Client Solution http://openthinclient.org openthinclient-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openthinclient-user -- The demand for IT networking professionals continues to grow, and the demand for specialized networking skills is growing even more rapidly. Take a complimentary Learning@Cisco Self-Assessment and learn about Cisco certifications, training, and career opportunities. http://p.sf.net/sfu/cisco-dev2dev ___ The Open Source Thin Client Solution http://openthinclient.org openthinclient-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openthinclient-user -- The demand for IT networking professionals continues to grow, and the demand for specialized networking skills is growing even more rapidly. Take a complimentary Learning@Cisco Self-Assessment and learn about Cisco certifications, training, and career opportunities. http://p.sf.net/sfu/cisco-dev2dev ___ The Open Source Thin Client Solution http://openthinclient.org openthinclient-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openthinclient-user -- The demand for IT networking professionals continues to grow, and the demand for specialized networking skills is growing even more rapidly. Take a complimentary Learning@Cisco Self-Assessment and learn about Cisco certifications, training, and career opportunities. http://p.sf.net/sfu/cisco-dev2dev___ The Open Source Thin Client Solution http://openthinclient.org openthinclient-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openthinclient-user
Re: [openthinclient-user] Firewall settings
Lee, thank you for your comment, it ultimately led me to my answers. It turns out the Windows firewall doesn't log blocked requests by default, but can be configured to do so. Once I enabled that, I was able to troubleshoot which port requests were being dropped. I had to unblock the following ports in order to successfully boot my client: TCP/UDP 111 TCP 62189 In addition, I had to make sure the scope for the UDP/67 rule included all computers--I was originally only allowing access from my local IP range. This is because the port 67 request is a broadcast (0.0.0.0/255.255.255.255), which was outside of my local scope. Once again, the community saves the day. Thanks. -- Greg Lara IT Director Columbia University Press 61 West 62nd Street, 3rd Floor New York, NY 10023 212-459-0600, ext 7132 On Wed, Oct 26, 2011 at 5:02 PM, Lee Allen l...@leecallen.com wrote: Does your firewall report blocked connections, or can it be configured to do so? If so, examine the log for the time period in question. Lee On Wed, Oct 26, 2011 at 4:10 PM, Greg Lara gl2...@columbia.edu wrote: Thanks Alexander. I ran the advisor and even with the firewall on, all ports seemed to connect successfully, so I guess I'm back to square one. Turning off the firewall isn't really an option, and I'm not sure how else to determine what is being blocked, short of employing a packet analyzer, an option I don't really have time for. Any further thoughts or suggestions would be appreciated. -- The demand for IT networking professionals continues to grow, and the demand for specialized networking skills is growing even more rapidly. Take a complimentary Learning@Cisco Self-Assessment and learn about Cisco certifications, training, and career opportunities. http://p.sf.net/sfu/cisco-dev2dev___ The Open Source Thin Client Solution http://openthinclient.org openthinclient-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openthinclient-user
Re: [openthinclient-user] Firewall settings
Nice catch on the broadcast request, I wouldn't have caught that. Lee On Wed, Oct 26, 2011 at 6:11 PM, Greg Lara gl2...@columbia.edu wrote: Lee, thank you for your comment, it ultimately led me to my answers. It turns out the Windows firewall doesn't log blocked requests by default, but can be configured to do so. Once I enabled that, I was able to troubleshoot which port requests were being dropped. I had to unblock the following ports in order to successfully boot my client: TCP/UDP 111 TCP 62189 In addition, I had to make sure the scope for the UDP/67 rule included all computers--I was originally only allowing access from my local IP range. This is because the port 67 request is a broadcast ( 0.0.0.0/255.255.255.255), which was outside of my local scope. Once again, the community saves the day. Thanks. -- Greg Lara IT Director Columbia University Press 61 West 62nd Street, 3rd Floor New York, NY 10023 212-459-0600, ext 7132 On Wed, Oct 26, 2011 at 5:02 PM, Lee Allen l...@leecallen.com wrote: Does your firewall report blocked connections, or can it be configured to do so? If so, examine the log for the time period in question. Lee On Wed, Oct 26, 2011 at 4:10 PM, Greg Lara gl2...@columbia.edu wrote: Thanks Alexander. I ran the advisor and even with the firewall on, all ports seemed to connect successfully, so I guess I'm back to square one. Turning off the firewall isn't really an option, and I'm not sure how else to determine what is being blocked, short of employing a packet analyzer, an option I don't really have time for. Any further thoughts or suggestions would be appreciated. -- The demand for IT networking professionals continues to grow, and the demand for specialized networking skills is growing even more rapidly. Take a complimentary Learning@Cisco Self-Assessment and learn about Cisco certifications, training, and career opportunities. http://p.sf.net/sfu/cisco-dev2dev ___ The Open Source Thin Client Solution http://openthinclient.org openthinclient-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openthinclient-user -- The demand for IT networking professionals continues to grow, and the demand for specialized networking skills is growing even more rapidly. Take a complimentary Learning@Cisco Self-Assessment and learn about Cisco certifications, training, and career opportunities. http://p.sf.net/sfu/cisco-dev2dev___ The Open Source Thin Client Solution http://openthinclient.org openthinclient-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openthinclient-user