popak Posted August 28, 2006 Report Share Posted August 28, 2006 Hello, Our Firewall administrator asked me about the ports that need to be open for retrospect, the client is in another subnet behind a very restricted firewall. In the documentation it is saying that port 497 needs to be open for UDP and TCP. Appreantly these ports are open and still no connection between the server and client (error -1028 client is not visiable). Is that all? Is this true that broadcast and mulitcast needs to be allowed as well. what would the rules for those? why do we need to use UDP? IS anybody kind enough to provide a list of firewall rules that needs to be open for retrospect? thank you very much, -Popak Link to comment Share on other sites More sharing options...
CallMeDave Posted August 28, 2006 Report Share Posted August 28, 2006 Quote: Appreantly these ports are open and still no connection between the server and client (error -1028 client is not visiable) - When do you see the -1028 error? Are you using Configure->Clients->Network->Test ? UDP is used for client discovery. This allows clients to be found even if their IP address changes. If you're using static addresses, you might be able to get away with only TCP 497 open. Some additional information about how you are configuring the program would go a long way towards others recognizing where your problem migh lie. Dave Link to comment Share on other sites More sharing options...
popak Posted August 29, 2006 Author Report Share Posted August 29, 2006 Yes I do use static IP. I also went to configure-> Clients-> Network-> test and also configure the subnet broadcasting for that IP as well. The server is at my end and at this moment I have turned off the firewall (system firewall) but the clients is unreachable (restricted subnet). When I took a look at the other servers which they are in the same subnet as the server is they have another rule like this from 224.0.0.1 to any port 497 UDP and TCP. Do you know if I need to add this broadcast rule to the restricted client behind the firewall? -Popak Link to comment Share on other sites More sharing options...
CallMeDave Posted August 29, 2006 Report Share Posted August 29, 2006 Quote: The server is at my end and at this moment I have turned off the firewall (system firewall) but the clients is unreachable (restricted subnet). Sorry, but this is just not clear. Are you saying that the Firewall Administrator has allowd you to completely disable his "very restricted" configuration? If you decide to configure Retrospect to access clients directly by TCP/IP address, you won't need to configure the program's Subnet Broadcast capabalities. And I _think_ that it would be ok if UDP 497 was not open. But without knowing more accurately the network topology you're working in (such as, for example, the operating sytem of the firewall being used), it would be irresponsible for people to suggest rule text. More information, please. Dave Link to comment Share on other sites More sharing options...
smartin Posted August 29, 2006 Report Share Posted August 29, 2006 Hi: The network people here tell me Retrospect uses multi-casting broadcasts for their discovery. I believe you'll need to get the networking guys to open a hole for the autodiscovery to work. Hope it helps. -s Link to comment Share on other sites More sharing options...
Mayoff Posted August 29, 2006 Report Share Posted August 29, 2006 Adding a client by IP address will allow you to avoid all UDP and broadcast traffic but port 497 must be open. Normally Retrospect would use UDP and TCP along with Subnet Broadcast and Multicast. The UDP is used to locate the client and TCP is used for the data transfer. Link to comment Share on other sites More sharing options...
twickland Posted August 29, 2006 Report Share Posted August 29, 2006 You haven't told us what type of client (Windows, OS X, etc.) you're trying to access and what version of the client software is installed. Also, are there multiple Ethernet cards in the client machine? Link to comment Share on other sites More sharing options...
popak Posted August 29, 2006 Author Report Share Posted August 29, 2006 so here is the topology of the network: the server (mac os server X 10.3.9, retro 6.1.126) running in the subnet A (this subnet is not behind any firewall). the client ( OS X server 10.4.7, Retro: 6.1.107) running in the subnet B (this subnet is behind a very restricted firewall, this is a hardware firewall). When I configure the server to see the client, I also set the subnet broadcasting as well. My problem is I keep getting error -1028 and The firewall administrator is telling me that he had open 497 UDP and TCP for bothway incomming and outgoing to the remote machine. My question is if I need to add any rules for broadcasting or multicasting? thank you guys -Popak Link to comment Share on other sites More sharing options...
CallMeDave Posted August 29, 2006 Report Share Posted August 29, 2006 Quote: When I took a look at the other servers which they are in the same subnet as the server is they have another rule like this from 224.0.0.1 to any port 497 UDP and TCP. Do you know if I need to add this broadcast rule to the restricted client behind the firewall? My question is if I need to add any rules for broadcasting or multicasting? Are you saying that the OS X Server in Subnet B is running firewall services of its own? In that case you certainly would have to use Server Admin to configure the services you want. Happily, Apple has included a "Dantz Retrospect" preset for you (wonder if they'll correct the company name for Leopard Server...). Just check the box and you should be good. Dave Link to comment Share on other sites More sharing options...
popak Posted August 29, 2006 Author Report Share Posted August 29, 2006 Thanks Dave for the respond, but that rule (from 224.0.0.1 to any port 497 for TCP and UDP) has been used in the loose subnet (subnet A) for another client in the same subnet (subnet A). I was wondering if I should use above rule for the machine that sitting in subnet B ( behind the hardware firewall) or it doesn't matter? -Popak Link to comment Share on other sites More sharing options...
CallMeDave Posted August 29, 2006 Report Share Posted August 29, 2006 Quote: that rule (from 224.0.0.1 to any port 497 for TCP and UDP) has been used in the loose subnet (subnet A) for another client in the same subnet (subnet A). Again, it's just not clear what you're trying to tell us. - Where was this "rule" used? On a specific machine's ipfw configuration? Can you answer the question posed above: - Are you saying that the OS X Server in Subnet B is running firewall services of its own? Link to comment Share on other sites More sharing options...
popak Posted September 5, 2006 Author Report Share Posted September 5, 2006 Where was this "rule" used? in the client at subnet A in the ipfwconfig, (using operating system firewall) Are you saying that the OS X Server in Subnet B is running firewall services of its own? It is behind the HARDWARE firewall, and theoperating system firewall is not turned ON. thanks -Popak Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.