3 Replies Latest reply: Dec 28, 2012 8:54 AM by BobHarris
burnduck Level 1 Level 1 (0 points)

I am trying to remote administrate a Mac Mini running Mac 10.8 server but couldn't figure out which port to use.

 

Tried the following but still woudn't connect unless DMZ is opened.

 

  • Remote Login (SSH) - 22
  • Screen Sharing Service (VNC) - 5900
  • Web Service - 80, 443
  • VPN Service (L2TP) - 500, 1701, 4500
  • VPN Service (PPTP) - 1723

 

Any clue?

  • 1. Re: What port should i forward in the router if I'm to connect to the mac server behind NAT?
    JaimeMagiera Level 2 Level 2 (305 points)

    What are you trying to administer it with? Server.app? Apple Remote Desktop? If the former, port 687 should be open.

     

    http://support.apple.com/kb/TS1629

  • 2. Re: What port should i forward in the router if I'm to connect to the mac server behind NAT?
    tzbikowski Level 4 Level 4 (1,945 points)

    Safest way of doing it is over VPN.

     

    So only VPN ports open on the router (+ any other public services if you run any - http, https, etc)


    Connect via VPN to your server and then you are on the internal network and you should not have to open any additional ports on the router for your remote administrator software.

  • 3. Re: What port should i forward in the router if I'm to connect to the mac server behind NAT?
    BobHarris Level 6 Level 6 (13,120 points)

    When you say administer, do you mean something like control your parent's Mac remotely, or do you mean officially adminster a classroom full of Macs?  If a classroom full of Macs, then you are most likely taking about using the Apple Remote Desktop software which you pay for.

     

    If, as I suspect, you just want to control your own or a family member's Mac remotely, then you do not need to pay for anything.

     

    If you need Screen Sharing, you open port 5900 (the VNC port)


    If you need File Sharing, you open port 548 (AFP)

     

    If you need access to the Unix command line, or you want to use the ssh 'scp' or 'sftp' file transfer commands, then you need to open port 22.

     

    Visit <http://PortForward.com>, they will provide port forwarding instructions for just about every home router out there.

     

    I would also suggest you get a free dynamic DNS name so you can address the remote Mac by a constant name instead of having to know the current IP address assigned to the home router, which the ISP can change anytime they want.  No-IP.com or DynDNS.org offer free dynamic DNS names.  You run one of their dynamic DNS updating clients on the remote Mac to keep the dynamic DNS name updated with the current ISP assigned IP address.

     

    Once you have the port forwarding working, you connect for screen sharing using

     

    Finder -> Go -> Connect to Server -> vnc://address.of.remote.mac

     

    and for file sharing

     

    Finder -> Go -> Connect to Server -> afp://address.of.remote.mac

     

    If you are going to use ssh, scp, or sftp, then from an Applications -> utilities -> Terminal session you would do something like:

     

    ssh username@address.of.remote.mac

    scp local.file username@address.of.remote.mac:/path/where/to/put/the/file

    scp username@address.of.remote.mac:/path/of/file/to/get   /local/place/to/put/the/file

     

    There are also sftp GUI clients you can use to make this part easier.

     

    If you really cannot get this working, then consider using something like TeamViewer.com which deals with all the messy home router NAT navigation.