Hi,
I have a Mac Mini running OS X Server that I am in the process of setting up. There are a whole bunch of ports that need to be opened for various services.
I have read various documentation and watched numerous videos on setting up the NAT and firewall rules on this device. I've done everything as instructed but none of the ports are opening. I've tried various port checker websites. Not sure what I am doing wrong but I've a feeling it has something to do with the firewall rules. I still have all the default firewall rules in place using firmware version 4.13. Then I have just added my firewall rule which has placed itself at priority 1.
The ports I am trying to open are as follows:
Server Administration: TCP Ports 311 & 625
Screen Sharing: TCP & UDP Ports 5900 & 3283
File Sharing: TCP Ports 139 & 548
Profile Manager: TCP Ports 80, 443, & 1640
Messages: TCP Ports 5222, 5223, 5060, 5269, 7777 UDP Ports 16384-16388
VPN: TCP Port 1723 UDP Ports 500, 1701, & 4500
Websites: TCP Ports 80 & 443
Open Directory: TCP & UDP Ports 636 & 389
FTP: TCP 20 & 21
SSH: TCP 22
AFP: TCP 548
For each item here I have created a service object. If there is more than one service object for an item then I have created a service group object for those services. Then I have made an overall ALL SERVER PORTS group object and added the various service/service group objects to it. This ALL SERVER PORTS is what I am using in my single firewall rule.
The firewall rule is as follows:
Enable: Yes
Name: SERVER
From: WAN
To: LAN1
Source: WAN1_IP (Address object pointing to the interface IP on wan1_ppp)
Destination: SERVER (Address object pointing to host IP address on local network)
Service: ALL_SERVER_PORTS
User: Any
Schedule: None
Action: Allow
Log matched traffic: No
This rule is at priority position 1 on the rule list.
Then I have a NAT rule which is as follows:
Enable: Yes
Name: SERVER
Classification: Virtual Server
Incoming Interface: wan1_ppp
Original IP: WAN1_IP
Mapped IP: SERVER
Port Mapping Type: Service Group
Original Service: ALL_SERVER_PORTS
Mapped Service: ALL_SERVER_PORTS
Enable NAT Loopback: No
This is my only NAT rule.
From what I have read online or watched in videos, this should all be correct. But the ports aren't opening and my services on my server are not working as a result.
Any help would be greatly appreciated.
Damien
↧
