Jump to content

leopard firewall vs retroclient


jaypublix

Recommended Posts

After fighting with retrospect and leopard's firewall for the last 2 ways, I was wondering if anyone here knows the magical invocation to make retrospect 6.3.027 (or 6.2.234) actually work in conjunction with leopard's application firewall and the "set access for specific services and applications" setting. I have searched thru the forum, and the best answer seems to be don't use leopard's firewall, which I don't think is a good answer, i.e. retro should work with the firewall.

 

Thanks in advance....

 

 

Link to comment
Share on other sites

To follow up on my own post, it seems that retrospect client 6.3.027 is problematic with 10.5.8 when the firewall is configured to "set access for specific services and applications"....If stealth mode is enabled, firewall does not allow access to retroclient on port 497 (verified with network utility > port scan). If stealth mode is off, and you cannot connect via port scan, downgrade retrospect client to 6.2.234 and the client is happy...

 

Long story short, if running later/latest version of leopard, and you don't want your machine to be wide open (i.e. you want application firewall), use 6.2.234, and make sure stealth mode is off if it doesn't just work....

 

 

Link to comment
Share on other sites

Sorry, from my limited testing in my environment, stealth mode needs to be off.

 

Just disabling stealth mode does not guarantee that 6.3.027 will work, I've had to downgrade most of my clients to 6.2.234 in order to get retro to communicate thru the firewall reliably...

 

First I check to make sure that stealth mode is disabled, if I can port scan and add/configure the client then I leave the client at 6.3.027, if I can't, I downgrade the client to 6.2.234

 

Wouldn't it be nice if there was an uninstaller for the newer clients (which are based on installer)?

 

Wouldn't it also be nice if this was in the release notes/documentation?

 

While I'm at it, wouldn't it be nice if a major software developer would actually test their software BEFORE they release it?

 

Lastly, retro's phone support is ridiculous, they know this is a problem, but they pretend that no one has EVER called them about this, then they turn around and try and blame you!

 

 

Link to comment
Share on other sites

I flipped the firewall on here with stealth mode off and my backups have still run fine (but I'm at 10.6.x and I know the firewall is different under 10.6 than 10.5...)

 

One of my compatriots here seems to have similar issues like you do -- sometimes his clients will back up, other times they appear not to be seen by the engine. He's not been able to figure that one out. I should probably recommend he try downgrading the client to see if that works.

Link to comment
Share on other sites

downgrading the client is worth the shot, but I would have them use the network utility > port scan first to see if it is a firewall issue...Basically, I put the hosts ip addy, then select the checkbox "only test ports between" then enter 496 and 498 (this will test port 497)...if you have screen sharing/ARD you can look at the firewall log on the client and see if it is receiving the request...

 

In network util, if retro is behaving, you will get a response immediately that looks like this:

 

Port Scanning host: xxx.xxx.xxx.xxx

 

Open TCP Port: 497 dantz

Port Scan has completed…

 

If toggling stealth mode doesn't help, then I would downgrade.....

 

 

 

Link to comment
Share on other sites

Hey JQP,

 

You can make the client work with Leopard's app firewall, but you have to delete the previous firewall setting for 'retroclient' before every client upgrade. Otherwise, the firewall is seeing it as the appropriate executable path, but not the same, since it has changed. Retrospect needs to code-sign their clients for Mac to truly fix the problem. See the following thread, towards the end:

 

http://forums.dantz.com/showtopic.php?tid/31704/

 

Larry

Link to comment
Share on other sites

Larry, I definitely uninstalled the previous retroclient using 6.2.234's installer, I also deleted the entry manually once 6.3.027 was installed prior to downgrading.

 

I don't remember if I tried manually deleting 6.2.234 retroclient firewall entry prior to upgrading, however, to 6.3.027, so it might be that...Maybe I'll try that next time......

 

To be honest though, we shouldn't have to jump thru all these hoops, this is really on emc to figure out before releasing their bugware....

Link to comment
Share on other sites

JQP,

 

You don't have to reinstall. Just command-click the Off button in the Client (stops the background process), then delete the firewall setting, quit System Prefs, then click the On button in the Client.

 

You should be prompted for Allow/Deny for the firewall, maybe twice (don't know why that is yet).

 

Then the client should be seen on the network. Unless you have un-installed then re-installed again it should work again as the stored source for that client. Un-installing the Cleint leads to the source not looking the same to the admin, even itf it is found on the network, and you have to drop the old source and add the newly found one, even though they are the same client. I recommend never running the un-install for the Client.app unless you have to.

 

 

Larry

Link to comment
Share on other sites

  • 3 months later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...