simonmorley Posted November 10, 2005 Report Share Posted November 10, 2005 Hi all, im running retrospect 6 on mac os x 10.4.3 server and backup hourly a redhat server on our network along with various other machines. I've just organised a particular file to be backed up to an ftp site i own however, im having massive problems with the firewall. I've obviously opened up all possible ftp ports, (20,21) along with TFTP and SFTP just to make sure and the Dantz port. When retrospect connects, i get a connection timed out in the log file. To remedy, I've opened all ports on the firewall, and the connection is made instantly. AM i missing something?! Could someone please advise. Many thanks. Simon Link to comment Share on other sites More sharing options...
mbizer Posted November 11, 2005 Report Share Posted November 11, 2005 This is exactly the problem I'm having. Is Retrospect able to use passive ftp? It seems not. However, I was able to open ports 20-21, and Retrospect works on 10.4.3 client. Link to comment Share on other sites More sharing options...
simonmorley Posted November 11, 2005 Author Report Share Posted November 11, 2005 I have no probs backing up my clients here, its the attaching to ftp server thats an issue. Driving me nuts!!! Have tried pretty much everything i can think of. Simon Link to comment Share on other sites More sharing options...
mbizer Posted November 11, 2005 Report Share Posted November 11, 2005 It seems pretty clear that with the standard firewall on, one isn't going to be able to connect to the ftp server. There are a lot of posts on the Apple discussion forums about this. The solution appears to be to set up some rules manually: sudo ipfw add allow tcp from any to any 20-21 in sudo ipfw add allow tcp from any 20,21 to any 1024-65535 in You may also find it useful to have a look at this thread: http://discussions.info.apple.com/webx?128@494.O3FLauXQVKn.1@.68b23eda It doesn't seem as if Retrospect is able to use passive ftp, although it would be nice ot have confirmation on this issue. Link to comment Share on other sites More sharing options...
CallMeDave Posted November 12, 2005 Report Share Posted November 12, 2005 Quote: It doesn't seem as if Retrospect is able to use passive ftp, although it would be nice ot have confirmation on this issue. From a post by NateW dated 12/02/2004: "Retrospect requires active FTP" http://forums.dantz.com/ubbthreads/showthreaded.php?Cat=&Number=49736&page=&view=&sb=5&o=&vc=1 Search is your friend... Dave Link to comment Share on other sites More sharing options...
mbizer Posted November 12, 2005 Report Share Posted November 12, 2005 That's crazy. Why can't Retrospect do passive ftp? Do you have any experience in configuring the Tiger (10.4) firewall so that it will allow Retrospect to access a LAN ftp server? Link to comment Share on other sites More sharing options...
mbizer Posted November 13, 2005 Report Share Posted November 13, 2005 Can anyone help. What are the Tiger firewall settings that will work with Retrospect? Link to comment Share on other sites More sharing options...
natew Posted November 15, 2005 Report Share Posted November 15, 2005 Hi The firewall rules for OSX changed from OSX 10.3 to 10.4. In 10.3 opening FTP would open ports 20 and 21 as well as a large range of high numbered ports for return connections. The OSX 10.4 FTP firewall exception only opens port 20 and 21. You need to manually open up the high numbered ports. If you still have an OSX 10.3 machine handy you can see which ports it actually opened. Thanks nate Link to comment Share on other sites More sharing options...
mbizer Posted November 15, 2005 Report Share Posted November 15, 2005 Unfortunately, there's no way to implement that 10.3 rule in 10.4 using the UI (to my knowledge). To make matters worse, the firewall seems to block the low-order ftp ports as well, even with ftp enabled: Nov 15 07:30:41 Musa ipfw: 12190 Deny TCP 192.168.1.102:20 192.168.1.100:50335 in via en0 Nov 15 07:30:44 Musa ipfw: 12190 Deny TCP 192.168.1.102:20 192.168.1.100:50335 in via en0 Nov 15 07:30:50 Musa ipfw: 12190 Deny TCP 192.168.1.102:20 192.168.1.100:50335 in via en0 Nov 15 07:31:02 Musa ipfw: 12190 Deny TCP 192.168.1.102:20 192.168.1.100:50335 in via en0 Nov 15 07:31:26 Musa ipfw: 12190 Deny TCP 192.168.1.102:20 192.168.1.100:50335 in via en0 Link to comment Share on other sites More sharing options...
natew Posted November 18, 2005 Report Share Posted November 18, 2005 Hi You can add any rules you like. You just have to do it manually. Thanks Nate Link to comment Share on other sites More sharing options...
mbizer Posted November 18, 2005 Report Share Posted November 18, 2005 If by "manually" you mean using the GUI, you can't just enter any rule. For example, it isn't currently possible to use the GUI to do this: allow tcp from any to any 20-21 in allow tcp from any 20,21 to any 1024-65535 in which is presumably what is required. Now these can be added via Terminal, but they're not maintained across restarts Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.