Jump to content

Recommended Posts

Hello,

 

Our Firewall administrator asked me about the ports that need to be open for retrospect, the client is in another subnet behind a very restricted firewall. In the documentation it is saying that port 497 needs to be open for UDP and TCP. Appreantly these ports are open and still no connection between the server and client (error -1028 client is not visiable). Is that all? Is this true that broadcast and mulitcast needs to be allowed as well. what would the rules for those? why do we need to use UDP? IS anybody kind enough to provide a list of firewall rules that needs to be open for retrospect?

 

thank you very much,

 

-Popak

Link to comment
Share on other sites

Quote:

Appreantly these ports are open and still no connection between the server and client (error -1028 client is not visiable)

 


 

- When do you see the -1028 error? Are you using Configure->Clients->Network->Test ?

 

UDP is used for client discovery. This allows clients to be found even if their IP address changes. If you're using static addresses, you might be able to get away with only TCP 497 open.

 

Some additional information about how you are configuring the program would go a long way towards others recognizing where your problem migh lie.

 

Dave

Link to comment
Share on other sites

Yes I do use static IP. I also went to configure-> Clients-> Network-> test and also configure the subnet broadcasting for that IP as well. The server is at my end and at this moment I have turned off the firewall (system firewall) but the clients is unreachable (restricted subnet). When I took a look at the other servers which they are in the same subnet as the server is they have another rule like this from 224.0.0.1 to any port 497 UDP and TCP. Do you know if I need to add this broadcast rule to the restricted client behind the firewall?

 

-Popak

Link to comment
Share on other sites

Quote:

The server is at my end and at this moment I have turned off the firewall (system firewall) but the clients is unreachable (restricted subnet).

 


 

Sorry, but this is just not clear. Are you saying that the Firewall Administrator has allowd you to completely disable his "very restricted" configuration?

 

If you decide to configure Retrospect to access clients directly by TCP/IP address, you won't need to configure the program's Subnet Broadcast capabalities. And I _think_ that it would be ok if UDP 497 was not open.

 

But without knowing more accurately the network topology you're working in (such as, for example, the operating sytem of the firewall being used), it would be irresponsible for people to suggest rule text.

 

More information, please.

 

Dave

Link to comment
Share on other sites

Adding a client by IP address will allow you to avoid all UDP and broadcast traffic but port 497 must be open.

 

Normally Retrospect would use UDP and TCP along with Subnet Broadcast and Multicast. The UDP is used to locate the client and TCP is used for the data transfer.

Link to comment
Share on other sites

so here is the topology of the network:

the server (mac os server X 10.3.9, retro 6.1.126) running in the subnet A (this subnet is not behind any firewall).

the client ( OS X server 10.4.7, Retro: 6.1.107) running in the subnet B (this subnet is behind a very restricted firewall, this is a hardware firewall).

When I configure the server to see the client, I also set the subnet broadcasting as well. My problem is I keep getting error -1028 and The firewall administrator is telling me that he had open 497 UDP and TCP for bothway incomming and outgoing to the remote machine. My question is if I need to add any rules for broadcasting or multicasting?

 

thank you guys

 

-Popak

Link to comment
Share on other sites

Quote:

When I took a look at the other servers which they are in the same subnet as the server is they have another rule like this from 224.0.0.1 to any port 497 UDP and TCP. Do you know if I need to add this broadcast rule to the restricted client behind the firewall?

 

My question is if I need to add any rules for broadcasting or multicasting?

 


 

Are you saying that the OS X Server in Subnet B is running firewall services of its own?

 

In that case you certainly would have to use Server Admin to configure the services you want. Happily, Apple has included a "Dantz Retrospect" preset for you (wonder if they'll correct the company name for Leopard Server...). Just check the box and you should be good.

 

Dave

Link to comment
Share on other sites

Thanks Dave for the respond, but that rule (from 224.0.0.1 to any port 497 for TCP and UDP) has been used in the loose subnet (subnet A) for another client in the same subnet (subnet A). I was wondering if I should use above rule for the machine that sitting in subnet B ( behind the hardware firewall) or it doesn't matter?

 

-Popak

Link to comment
Share on other sites

Quote:

that rule (from 224.0.0.1 to any port 497 for TCP and UDP) has been used in the loose subnet (subnet A) for another client in the same subnet (subnet A).

 


 

Again, it's just not clear what you're trying to tell us.

 

- Where was this "rule" used? On a specific machine's ipfw configuration?

 

Can you answer the question posed above:

 

- Are you saying that the OS X Server in Subnet B is running firewall services of its own?

Link to comment
Share on other sites

Where was this "rule" used?

 

in the client at subnet A in the ipfwconfig, (using operating system firewall)

 

 

Are you saying that the OS X Server in Subnet B is running firewall services of its own?

 

It is behind the HARDWARE firewall, and theoperating system firewall is not turned ON.

 

thanks

 

-Popak

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...