1282 Views 10 Replies Latest reply: Dec 11, 2007 2:13 PM by direwolf8
port forwarding, unless you are using your computer as a router / NAT point (unlikely), is specifically something that you do in your router. In the firewall settings, you would add exceptions for applications or services that you want to open up to allow access through the firewall.
if you can be more specific, with respect to your router model and what service you are trying to forward, perhaps myself or someone else here can give you a hand?
Thanks for the reply
I need to access a work application via port 10234
In tiger i set this up via the network>>firewall and created a custom entry called work.
Then on my airport export i placed a port forward for all wan traffic on port 10234 to be routed to my lan ip address. It appears this feature is gone and has been replaced by an application firewall or am i looking in the incorrect place?
yes, seems like there were some drastic changes made here... looks like an "application" based firewall.... under Security > Firewall tab...
looks like you can set "Set access for specific services and application" and then, if the service that you need is pointing at a local application installed on your machine, then you may add that app as an authorized breach through the wall.... but this does seem to have lost a gross amount of control compared to Tiger.
if you are not running a local app, but need to share a file via some other method, then you may be able to look at the share settings, perhaps changing public / private port arbitration to make it work?
I too came across this for the first time today_
All the way thru Tiger we were able to specify a Port Number for anything we wanted via the Sharing Prefs under the Firewall Tab_
A litttle skimming around today showed they'd moved the functionality to what used to be the FileVault Icon (now SECURITY) and they've done what Apple does best <insert sarcasm> - dummied things down even more for a basic user and left anyone with half a brain out twisting_ I assume thru Admin Tools we'd regain much control but removing the ability to set this up manually all together seems extreme since some ISPs out there like to play their favorite game of "Let's Block Random Port Numbers - unless the customer pays extra"_
Way to Go Apple_
Or are we missing something hidden in the 300+ "new" features of Leopard?
Here it is boys and girls !
The "official" answer from the horse's mouth_
The watered it down so the basic user can feel like they have better control over their security_ Terminal function is still available thru 'ipfw' -- but otherwise it is now Application Specific and NOT Port Specific_
Completely stupid on Apple's part - once again NOT giving the end user a choice or the option for which they prefer_
I'm doing port forwarding in my AirPort Extreme Base Station. If your router isn't an option and you must fiddle with the built-in firewall, a third party utility is the best bet. Look to sunShield Pro for granular firewall control <www.sunprotectingfactory.com>. It's a GUI to manage Apple's IPFW2 firewall directly and bypass the application firewall interface. By the way, you can still manage the firewall from the command line, if you want to mess with ipfw commands.
If you're using a particular application to communicate with your office, you should be able to set this up fairly easily. Port forwarding in the router will be exactly the same as before. On the Mac side you should set the Security/Firewall preference pane to "Set access for specific services and applications" and add the application that needs to cross the firewall to the list, setting it to "allow incoming connections." This should dynamically enable whatever port connection is requested by your "work" application.
That's not really true. There's no GUI for Dummies anymore, but with the command line
ipfw commands or configuration files, you can still have port specific settings. The
functionality is all there.
It wouldn't be hard for a third party to write a GUI for ipfw. The configuration is plain
text and well documented.