Jump to content
jcagle

Firewall Configuration for Client Source Automatic Detection

Recommended Posts

I am currently configuring the PF firewall on my retrospect server, yet I believe that I have the firewall locked down too much. Does anyone know the ports and protocols that must be open to automatically detect restrospect clients on our network. Neither the "Use subnet broadcast" or the "Use multicast" selections seem to populate the list of clients. I can turn off the firewall and the list starts to populate but I don't want to have the firewall off.

 

I have enabled the following ports for both udp/tcp 22, 53, 67, 68, 123, 389, 636, 5353, 5354, 137, 138, 139, 445, 497, from specific subnets on our network.

 

I am wondering if I need to allow traffic from multicast addresses?

 

How does the discovery process work for retrospect?

 

Thanks.

Share this post


Link to post
Share on other sites

I have those both open. The list is still not populating. I am using the pf configuration tool IceFloor. Would you recommend me using the OS X server firewall configuration instead?

Share this post


Link to post
Share on other sites

I am getting logs like this. I have the port open. I will talk to hanynet and see what he thinks.

 

Dec  3 10:18:21 <hostname>

pf[147]: 00:00:00.000039 rule 9/0(match): block in on en0: <ip address>.497 > <ip address>.51650: UDP, length 196

Share this post


Link to post
Share on other sites

I uninstalled IceFloor and now I cannot see any of the sources even if I turn off the AFW and disable the pf firewall. I am going to rebuild the server and never use IceFloor again. I am not sure what happened but it is all screwed up. I will use the firewall that is included with OS X Server, which is still pf but it should be easier to configure. At least that is what I am hoping for.  Any suggestions would be helpful.

Share this post


Link to post
Share on other sites

I rebuilt the Retrsospect 11.5.2 server from scratch with Yosemite (OS X 10.10.1) . I configured access using the OS X server utility. Now when I click the Add button and Sources page loads but after about 5 seconds I get the pinwheel of death. No errors. The Retrospect Server Application just freezes.

 

I checked the Activity monitor and the CPU is pegged at 100% for the Retrospect application and it claims that Retrospect is Not Responding.

 

Any suggestions? 

Share this post


Link to post
Share on other sites

The hang up resolved itself, somehow a few hours later. Not sure why, but it seems to work now. I configured the firewall for the following services: ssh, screen sharing, and Retrospect. It seems to work great now.

 

Beware of IceFloor, It seems to mess up network connectivity after you uninstall it. Maybe other people have had success with it but I have had none.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×