Mac OS X Leopard Firewall/default open ports rpcbind?

Similar Messages

• The access to our new chess hall may be blocked by your local firewall. You would need to reconfigure your firewall to open port 15010 for TCP traffic.

  How do I do the following so I can get into my chess program??
  The access to our new chess hall may be blocked by your
  local firewall. You would need to reconfigure your firewall to open port 15010
  for TCP traffic.

  This is not really Firefox related.
  What you need to do here is to read the firewall manual which usually explains how to create a rule for what you want to do.
  If you're using the Windows XP firewall, see this Microsoft article: http://windows.microsoft.com/en-US/windows-vista/Firewall-frequently-asked-questions

• NAT default open ports

  I want to use the NAT firewall of AirPort Express.I scan APE ports when NO ports are forwarded and these ports are open by default:
    Open TCP Port:           21                         ftp
             Open TCP Port:           53                         domain
             Open TCP Port:           139                        netbios-ssn
             Open TCP Port:           445                        microsoft-ds
             Open TCP Port:           548                        afpovertcp
             Open TCP Port:           554                        rtsp
             Open TCP Port:           5009                       winfs
             Open TCP Port:           7070                       arcp
  My question is why?
  And there are some way to close some?
  I don't use FTP and other services.

  By default, all inbound ports on the Apple routers are closed already, but they are not designed to be stealthy. As such, certain utilities can see them as open.
  Please check out the following Chron article. It may be a bit outdated but I think it drives the point across why Apple decided not to make their base station ports stealthy.

• RMI firewall issue - opening port 1099 is not enough

  Hello,
  We have a distributed java desktop app that uses RMI with callbacks to communicate amongst the clients. It all works really well at our dev site and at 2 trial sites.
  We are about to deploy out to more customer sites - so I have been doing more testing with firewalls etc and discovered some issues. Our customers are small businesses and typically have between 1 and 10 desktop clients that connect to the server via RMI. These customers are "very NOT technical", so we need to give them set-and-forget firewalls etc.
  This is all on a LAN, with RMI using port 1099. On the firewalls (of the various PCs) we open ports 1099 (RMI) and 5432 (for the Postgres DB).
  Also, I was using "CurrPorts" and "SmartSniff" to monitor the traffic at each PC - so I had a reasonable view of proceedings.
  Basically, opening port 1099 on the server is necessary, but it is NOT ENOUGH. The RMI moves off to ports other than 1099, and the server firewall does not allow the connection.
  Procedure ...
  (1) start the "server" app - which starts the RMI registry - the "localhost" desktop app also starts and it works well to both the database and the RMI.
  (2) start another client - it connects to the DB Server, but NOT the RMI server.
  (3) open the server firewall to all traffic for a few seconds - then the client connects successfully.
  From CurrPort logging I could watch the RMI comms progress over those first few minutes ...
  Initially the comms do include port 1099 on the initial call to the server, but there after there are always 2 or 3 "channels" open, but not to 1099.
  I notice that the Postgres DB keeps using port 5432 for all of its active channels - so it does not have the same firewall issue.
  After we have opened the firewall for a few seconds - to enable the link - then we can turn the client on and off and the client re-connects without issue - so it would seem to be only an issue with the initial connection.
  I am sure that this is all completely standard and correct RMI behavior.
  QUESTIONS:
  1. Can RMI be "forced" to always use port 1099 for connections, and not move to other ports? (like the database uses 5432)
  2. Are there any suggestions for getting around this seemingly standard RMI behaviour?
  Other comments ...
  The firewall lets me open individual ports (say 1099) - BUT I can not justify opening ALL ports.
  The firewall lets me open all ports to an application, say "C:\Program Files\Java\jre6\bin\java.exe", but that app will occasionally change at a customer's site as they will update their java version and suddenly our app will stop working.
  Any guidance is appreciated.
  Many Thanks,
  -Damian

  1. Can RMI be "forced" to always use port 1099 for connectionsYes. Export all your servers on the same port. See UnicastRemoteObject constructor that takes an int, or UnicastRemoteObject.exportObject(int). If the RMI Registry is a separate process you can't re-use 1099 for this purpose, but see below.
  2. Are there any suggestions for getting around this seemingly standard RMI behaviour?Yes. Start the RMI Registry in the same JVM as the code, then you only need to use 1099 for everything.
  If you are using server socket factories, make sure they have an equals() method, or use the same instance for all remote objects.

• MySQL port open in Leopard firewall (and in ipfw) but can't access

  Hi There,
  I'm trying to allow MySQL access to a Mac Mini dev server I've setup using MAMP Pro. I've installed OS 10.5 server because I couldn't open a port manually using the Terminal under a Snow Leopard client install.
  *MAMP Pro:*
  - "Allow local access only" is unticked under MySQL
  *Leopard Server Admin:*
  - MySQL port 3306 is open for "any"
  - I can also see it's open if I run this from the terminal "$ sudo ipfw list"
  *Querious Database App:*
  - If I try to connect to the database from a client machine using Querious via 3306 or tunnel via ssh I can't connect
  *Network Utility:*
  - If I do a port scan from my client machine no ports are open on the Mac Mini
  *Other info:*
  - Stealth mode is off
  - The Firewall is the only service which is running in Server Admin
  - I can connect via ssh/terminal from this same client machine
  - I'm just trying to connect on a local network (so not through a router etc)
  Obviously I thought this would be much simpler than it is! Are there other things that need to be configured - do I have to forward the port onto MAMP Pro somehow?
  Not sure how it all works sorry so any help would be much appreciated.
  Cheers
  Ben

  Hi Ben,
  I have done some brief digging on MAMP and it would appear that you're trying to override the inherent features in OS X Server by using MAMP instead. Apache, MySQL and PHP are all inherent parts of OS X Server, minus the unified interface of MAMP. (phpMyAdmin is open-source and can be installed independently.) This may have been necessary on a non-server (client) version of OS X, but not for Server. As Harry pointed out, removing those elements from OS X Server are not simple tasks and you would be far better off using the built-in versions over trying to bypass them to run MAMP.
  3306 is the default port for MySQL, so your pings are reaching the mysql service. You may run into the same problem as I did when trying to establish external connections to mysql from anywhere other than on the host machine (whether that be across a LAN or via the Internet though PHP commands to the mysql service) since requests from anything other than the localhost will be rejected. Working around that with MAMP is not well documented. phpMyAdmin doesn't get under the hood to make the changes needed to allow requests from other hosts.
  The MAMP documentation is also lacking on how one can get under the hood of its mysql service, other than that you can access it through Terminal at:
  /Applications/MAMP/Library/bin/mysql
  in which case all normal mysql commands should work when working in that directory:
  +/Applications/MAMP/Library/bin/mysql --host=localhost -uroot -proot+
  All in all, though, I think it would be far easier to use the built-in versions. OS X Server is configured to work with what is already there and Apple's support documentation is built around that. Trying to get MAMP working means that you're pretty much on your own trying to figure out the whats, hows and whys when things aren't working. The Server Admin application gives you access to all those services (at least at a base level, excluding phpMyAdmin).
  For 10.5 Server, the built-in version of MySQL is 5.0.91; PHP version is 5.2.14; Apache version is 2.2.14, all of which are mostly-current, stable releases.
  I don't have any /mysql/msql directories inside the /var/ directory.
  That is really odd, as they should be there for an installation of Server.
  -Doug

• Default LaunchDaemons and open ports?

  I recently have written a port scanner for a project at my university and after running it, I discovered that a large portion of my Macbooks' well known ports was open.
  These were 21 (ftp), 22 (ssh), 23 (telnet), 53 (domain), 79 (finger)!!, 88 (kerberos), 512 (exec)!!, 513 (login), and a bunch of others (see picture below for open ports - afterwards entered @ grc.com).
  I checked, if they are reachable from the internet (see picture below). They were not, but that does not say a lot(?), because if someone wanted to make a bot out of my Mac or collect data from it, this person could contact a C&C server from my machine and start communicating without opening any port of the NAT router, as the router allows bidirectional communication if started by the client(?).
  I checked, if these ports are reachable from within a local network, by requesting the services behind them from another computer running Linux. And they are! Everyone within the Non-VPN networks of my university was and is able to fetch personal information from me over fingerd! To prevent further leakage, I will block any incoming connections from now on.
  > finger user@{Macbook's IP}
  same output as when running locally
  > finger user@localhost
  [localhost]
  Trying ::1...
  Login: MyUserName         Name: MyNameReplaced
  Directory: /Users/MyUserName            Shell: /usr/local/bin/fish
  On since Sun Oct 26 13:02 (CET) on console, idle 7:52 (messages off)
  On since Sun Oct 26 17:15 (CET) on ttys000
  On since Sun Oct 26 20:25 (CET) on ttys001, idle 0:05
  No Mail.
  No Plan.
  I am able to login to the Mac via telnet over the LAN, etc.
  I checked the configuration of my firewall. It is/was activated. Signed software is allowed to accept incoming connections. Cloaking is not activated and I am not blocking every incoming connection. There are five services in the list below, they are all from Apple. I can not remove them. The minus button is grayed out.
  When I ticked 'Block all incoming connections', the services behind the ports were no longer detectable/reachable from the LAN, but the daemons are still running on the Mac!
  So my question is, why are these daemons running?! Why on earth is the fingerd running or exec?! This seems not normal. Who has started them (software or person)? I strongly limit access to my computer. I always lock it, when leaving it unattended. I use NoScript in Firefox. Never do I open attachments from mails.
  I checked the Mac of a friend with my PortScanner (in his LAN and on his Mac) and his has none of the ports open mine has.
  I have not checked my ports/firewall for a long time, so I can't remember if those ports were closed at any time before.
  Meanwhile I will read something about launchd, to gather more information.

  I'm not an expert on this, but I'm not certain what you are concerned about. All messaging in unix systems is done through ports, and so a variety of ports need to be open for normal system operations. OS X out-of-the-box probably strikes a balance between convenience and paranoia - ports that might be more secure closed left open by default so that novice users aren't driven out of their wits - but I can't imagine that it leaves open anything that constitutes a true vulnerability. Or if it does, you should file a bug report.
  I'm told every med student suffers from hypochondria at one point or another, and I know that every comp sci student will sooner or later have a short freak-out over security. So take a deep breath...

• Opening Ports in Leopard 10.6.6

  Hey guys,
  My son has recently purchased a new game, however, the online section of the game did not work for him.
  After getting support for the game, I have been told that to make it work, I need to open certain TCP and UDP ports. We have a wireless network using Airport Extreme. I have searched google and other forums for this answer, however these answers pertain to earlier versions of Leopard.
  If someone could post specifically what I must do, and the steps to do so, it would be greatly appreciated.
  I should mention that the game runs in boot camp, however, my gut tells me that this does not matter, as the network is set up from the mac side.
  Message was edited by: DR46

  It's not clear what you mean by "opening ports." If you mean that outgoing traffic on those ports must be allowed, then you don't have to do anything on the Mac side, though you may have to do something with the internal firewall in Windows, if any. If you mean that incoming connections must be forwarded to your Mac by the gateway, that would involve some relatively advanced network configuration, and would work only temporarily if you have a dynamic IP address, as most residential broadband subscribers do.
  Most commercial network games work through a central server rather than peer-to-peer. Maybe if you post the specific instructions given to you by the game vendor, I can give you a more specific answer.

• Open port 21 for ftp in mac osx server 10.6

  Hello
  I want to open port 21. The firewall in the mac server is already off.The ftp server is enabled in this mac server. The NAT in the router is set accordingly to the internal IP of this MAC computer (OS X Server 10.6). However, whenever I try http://www.t1shopper.com/tools/port-scan/ to check whether the port 21 is open or not, it still says that the port is closed.
  Any idea?
  Thanks a lot

  well if your trying to connect to the host, without an active network port you could try connecting with localhost or 107.0.0.1. You could also try deleting the ethernet interface and re-adding it. And or hard coding the ethernet interface to static ip.

• I transferred files from a NAS server to the Mac Mini Snow Leopard Server and now some of the files have Custom Access and can't  be opened by some users.  How do I fix this?

  We're setting up our Mac Mini Snow Leopard Server, and in the process transferred files that had been stored and accessed from our Blackarmor NAS server over to the Mac.  These files were all created on PC's and are Office Excel files, WordPerfect files or PDF's.  When you look at the files on the Mac from the Mac and bring up Get Info for the affected file, it says that the file has Custom Access.  The files that work properly don't have that configuration.  I can access and open the files on some computers, but some users can't open the files from their computer even though they can see it.  We're all using PC's and they get the Error:  Access Denied-Contact your administrator--or something similar.  I've seen on the web similar issues and it may have something to do with ACL permissions.  I don't know enough about Mac OS to understand this, but what is baffling is that they can be opened from some PC's but not others, and all of the Users have the same accessibility to the files.  Thanks for a solution!!

  Oh, on the losing Internet, try this...
  Make a New Location, Using network locations in Mac OS X ...
  http://support.apple.com/kb/HT2712
  10.7 & 10.8…
  System Preferences>Network, top of window>Locations>Edit Locations, little plus icon, give it a name.
  10.5.x/10.6.x/10.7.x instructions...
  System Preferences>Network, click on the little gear at the bottom next to the + & - icons, (unlock lock first if locked), choose Set Service Order.
  The interface that connects to the Internet should be dragged to the top of the list.
  Instead of joining your Network from the list, click the WiFi icon at the top, and click join other network. Fill in everything as needed.
  For 10.5/10.6, System Preferences>Network, unlock the lock if need be, highlight the Interface you use to connect to Internet, click on the advanced button, click on the DNS tab, click on the little plus icon, then add these numbers...
  208.67.222.222
  208.67.220.220
  Click OK.
  PS. Your English is quite good & completely understandable.

• Firewall in 10.5, how to open ports and how to manage?

  I am pulling my hair out with the new firewall in 10.5. In 10.4 I could just set ports as I liked in the control panel, in 10.5 there is no such thing.
  I need to for example open port 49999 to allow PageSender to function in my network.
  I need to open port 5901 to work with JollyFast VNC, as port 5900 is used by Apple Remote Desktop and the conflict if they both use the same port.
  Some of these ports I need permanent open like 59999 and others for one session and than close again, like 5901. Again in 10.4 I made the rule in the pref pane, ticked the box and Bob was your uncle. Now?
  I would like to be able to see what ports are open and active on the machine. I have no idea as to where I could see this.
  And at the same time I would like to keep the firewall as closed as possible as I am often on line in hotels etc.
  So I need help, is there a manual somewhere someone is aware of? Or do you have any answers?

  The new Application Firewall does not work in the same way as IPFW (the main firewall in 10.4).
  Instead of managing ports, it simply controls the access of applications to any port. Thus, if you want PageSender to receive connections, you simply need to switch the firewall to "Set access for specific services and applications", and then add PageSender to the list, with "Allow incoming connections". When you do this, PageSender will be able to receive connections on any port that it needs to.
  If you don't like this method of controlling connections, you can still use IPFW. Apple has removed the GUI, but you can download a GUI application like [NoobProof|http://www.hanynet.com/noobproof> or [WaterRoof|http://www.hanynet.com/waterroof/index.html], and you can then set access for specific ports.
  There are no problems with using both IPFW and Application Firewall.
  Cheers,
  Rodney

• Can't update iOS 8 on my iPhone5 through iTunes on Windows 8 (error 3004, 3194). Updated host file, opened port 80, 443; turned off security system and firewall, etc. But nothing works. How to solve this problem?

  Can't update iOS 8 on my iPhone5 through iTunes on Windows 8 (error 3004, 3194). Updated host file, opened port 80, 443; turned off security system and firewall, etc. But nothing works. How to solve this problem?

  Hi the_mad_movies,
  It seems like this article will be the best option for addressing this issue:
  Error 3194, Error 17, or "This device isn't eligible for the requested build"
  http://support.apple.com/kb/ts4451
  Thanks for coming to the Apple Support Communities!
  Cheers,
  Braden

• I'm using bridge cc2014 on my mac and when I go to open photos, it opens on PS6 even though I have PS CC.  How do I change the default?

  I'm using bridge cc2014 on my mac and when I go to open photos, it opens on PS6 even though I have PS CC.  How do I change the default?

  Change File Associations in Mac OS X

• Since yesterday all my usual .xls files will not open (Office for Mac 2011). Can open .xlxs files. Default 'open with' is Microsoft Excel.app. No software updates done. Have repaired disc permissions. What next?

  Since yesterday all my usual .xls files will not open (Office for Mac 2011). CAN open .xlxs files. Default 'open with' is Microsoft Excel.app. No software updates done yesterday or the day before (or maybe a Silverlight or an Acrobat one by accident?). Have repaired disc permissions. HHD name is still same as it always was. What next? Thanks
  PS I'm not a great techie so assume I don't know what you're talking about!

  You may need to rebuild permissions on your user account. To do this,boot to your Recovery partition (holding down the Command and R keys while booting) and open Terminal from the Utilities menu. In Terminal, type:  ‘resetpassword’ (without the ’s), hit return, and select the admin user. You are not going to reset your password. Click on the icon for your Macs hard drive at the top. From the drop down below it select the user account which is having issues. At the bottom of the window, you'll see an area labeled Restore Home Directory Permissions and ACLs. Click the reset button there. The process takes a few minutes. When complete, restart.   
  Repair User Permissions

• I am unable to open my downloaded library books in ADE.  I have a Mac running Snow Leopard and want

  I am unable to open my downloaded library books in ADE.  I have a Mac running Snow Leopard and want to transfer the books to a Kobo reader.  Was able to load books perfectly until recently.  I have tried trashing ADE and re-installing but have received the message that the version of ADE will not run with my current operating system.  Tried resetting the Kobo reader and thought maybe it was not authorized but it appears in ADE when I plug it in.  Any help would be greatly appreciated - getting very frustrated!

  You nshould ask in the Digital Editions forum,
  http://forums.adobe.com/community/adobe_digital_editions

• Opening port in Firewall with Script instead of ServerAdmin?

  Hi,
  I tried to google this but didn't find good leads. What is the way to open ports in the OS X Server 10.5 Software Firewall by using a shellscript instead of the GUI ServerAdmin tool?
  thanks a lot
  simon

  At the most basic level:
  #!/bin/bash
  HOST_IP = "123.123.123.123"
  /sbin/ipfw -f add 30000 allow tcp from $HOST_IP to any dst-port 20-21
  This would add a single rule, assigned to rule number 30000. It opens ports 20 and 21 for the specified IP. After installing this rule via script there are various things that will cause your firewall to be flushed and the rule will be lost. For example, just poking around in ServerAdmin can cause an unintentional flush and reloading of the firewall rules - you'll need a way to run your script again when it happens.
  Check the man page and google for info on ipfw.
  David
  Message was edited by: DavidWil