jcagle Posted December 3, 2014 Report Share Posted December 3, 2014 I am currently configuring the PF firewall on my retrospect server, yet I believe that I have the firewall locked down too much. Does anyone know the ports and protocols that must be open to automatically detect restrospect clients on our network. Neither the "Use subnet broadcast" or the "Use multicast" selections seem to populate the list of clients. I can turn off the firewall and the list starts to populate but I don't want to have the firewall off. I have enabled the following ports for both udp/tcp 22, 53, 67, 68, 123, 389, 636, 5353, 5354, 137, 138, 139, 445, 497, from specific subnets on our network. I am wondering if I need to allow traffic from multicast addresses? How does the discovery process work for retrospect? Thanks. Quote Link to comment Share on other sites More sharing options...
Lennart_T Posted December 3, 2014 Report Share Posted December 3, 2014 TCP port 497 UDP port 497 (You are probably blocking the latter.) Quote Link to comment Share on other sites More sharing options...
jcagle Posted December 3, 2014 Author Report Share Posted December 3, 2014 I have those both open. The list is still not populating. I am using the pf configuration tool IceFloor. Would you recommend me using the OS X server firewall configuration instead? Quote Link to comment Share on other sites More sharing options...
jcagle Posted December 3, 2014 Author Report Share Posted December 3, 2014 I am getting logs like this. I have the port open. I will talk to hanynet and see what he thinks. Dec 3 10:18:21 <hostname> pf[147]: 00:00:00.000039 rule 9/0(match): block in on en0: <ip address>.497 > <ip address>.51650: UDP, length 196 Quote Link to comment Share on other sites More sharing options...
jcagle Posted December 4, 2014 Author Report Share Posted December 4, 2014 I uninstalled IceFloor and now I cannot see any of the sources even if I turn off the AFW and disable the pf firewall. I am going to rebuild the server and never use IceFloor again. I am not sure what happened but it is all screwed up. I will use the firewall that is included with OS X Server, which is still pf but it should be easier to configure. At least that is what I am hoping for. Any suggestions would be helpful. Quote Link to comment Share on other sites More sharing options...
jcagle Posted December 5, 2014 Author Report Share Posted December 5, 2014 I rebuilt the Retrsospect 11.5.2 server from scratch with Yosemite (OS X 10.10.1) . I configured access using the OS X server utility. Now when I click the Add button and Sources page loads but after about 5 seconds I get the pinwheel of death. No errors. The Retrospect Server Application just freezes. I checked the Activity monitor and the CPU is pegged at 100% for the Retrospect application and it claims that Retrospect is Not Responding. Any suggestions? Quote Link to comment Share on other sites More sharing options...
jcagle Posted December 11, 2014 Author Report Share Posted December 11, 2014 The hang up resolved itself, somehow a few hours later. Not sure why, but it seems to work now. I configured the firewall for the following services: ssh, screen sharing, and Retrospect. It seems to work great now. Beware of IceFloor, It seems to mess up network connectivity after you uninstall it. Maybe other people have had success with it but I have had none. Quote Link to comment Share on other sites More sharing options...
jcagle Posted December 11, 2014 Author Report Share Posted December 11, 2014 Wait... Now it hangs after loading the Add sources page. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.