Q: Server 5.1 services only on local network

I just discovered something quite frustrating.

First of all a description of my network, so you can understand what’s going on.

My network consists of a VDSL modem in bridge mode. Following that, there is a Sonicwall router/firewall. All my computers are connected to that firewall, that includes my Apple server. The server has a real IP address, which is verified by all DNS tests (forward and reverse DNS show the proper responses). On the firewall, ports for Contacts, Calendar, email services etc are already open, and they are working fine, when I boot the server in Mavericks using the old (pre-5.1) Server.app. Of course, all other services, from the Wide Area Network to my local area network are blocked on the firewall.

If I boot the server using El Capitan and Server.app 5.1, Reachability shows that the server is accessible using its real FQDN name, but with no available services.

Today, I decided to do a test. I eliminated the firewall rule which was blocking “all other services” to my Apple server, so that anything and anyone could connect to it. Guess what? Reachability immediately showed 6 services running and identified them correctly. Not only that, but all defined services in Server.app, changed from being available on my local network only, to being available on the internet on my server's FQDN!!!

I then switched reachability testing off in Server.app, and all services were immediately changed to being available only on my local network.

This means that unless reachability testing is enabled and it is allowed to cross the firewall, no matter if all the proper ports for the declared services are open in the firewall, Server.app is not allowing access to the defined services, from the internet.

That is NOT GOOD! Why should Server.app be affected by reachability testing? Why should services be stopped from working on the internet, when all relevant ports are open? Why should I have Apple constantly testing my network?

Well, this is becoming an exercise in futility.

Trying to upgrade my Mavericks server disk to El Capitan gets interrupted. I sent the log to Apple server group, but they obviously haven't examined it. So I work on my own, after I migrated the server manually to a new El Capitan disk.

And yes, I did some tests. It's not just the dots, the dots appear even when the services are shown to be available only on the local network. But I did verify that when Reachability is disabled all services are changed to available to "local network" only. If I enable it, they become available to the FQDN. That, of course, provided that my firewall is wide open from 17.0.0.0/8 network. If I block it, again reachability shows no services and all services defined are changed to Internal network only.

The way I found out that something is wrong with El Capitan server, is when my telephone stopped seeing my contacts from the server, when I was out of the house. It showed them fine when I was on the house wifi netwok.