User profile for user: ptr88l
ptr88l Author
User level: Level 1
0 points

unable to open ports using terminal

I need to open port 16004 and have attempted to do so via Terminal by entering:
sudo ipfw add allow tcp from 16004 to 1600.
However when i run port scan from the Network Utility it does not show up as open.
Is this the correct syntax? Am I missing something?
If someone could help please.

MacBook Pro, Mac OS X (10.5)

Posted on Mar 6, 2009 9:59 PM

Reply
6 replies
User profile for user: Camelot
Camelot
User level: Level 9
58,461 points

Mar 6, 2009 11:18 PM in response to ptr88l

Is this the correct syntax? Am I missing something?


No. As written your command allows IP address 16004 to connect to IP address 1600 - not that those are even valid IP addresses. In other words, it's wrong.

The correct format for allowing connections to a port is:

sudo add allow tcp from any to any 16004


Although it's far easier to use the System Preferences GUI.
Reply
User profile for user: ptr88l
ptr88l Author
User level: Level 1
0 points

Mar 7, 2009 12:03 AM in response to Camelot

Sorry but can you explain further. I have no knowledge of Terminal. In Leopard (10.5) you cannot add ports from System Preferences. What goes in place of the 'any to any'? anything or is that it?
I am trying to get the Remote Administration Console for FileMaker Server 10 operational from my laptop. I have been informed i need port 16004 open and its not so I was told to enter:
sudo ipfw add allow tcp from 16004 to 16004 and then
sudo ipfw add allow udp from 16004 to 16004
in order to 'force' it open as the install failed to do so.
Reply
User profile for user: Camelot
Camelot
User level: Level 9
58,461 points

Mar 7, 2009 12:23 AM in response to ptr88l

Sorry but can you explain further


man ipfw tells you everything you need to know (and more) about setting ipfw rules.

What goes in place of the 'any to any'? anything or is that it?


The syntax of an ipfw allow rule is:

allow [protocol] from [souce] to [dest] [port]


So the statement:

allow tcp from any to any 16004


says that any source address is allowed to connect to any destination address on port 16004. To be more secure you might lock down the port so that specific IP addresses can connect, e.g.:

allow tcp from 192.168.1.0/24 to in 16004


this says that any machine on the 192.168.1.0/24 network is allowed to connect to any interface on the current machine ('in') on port 16004
Reply
User profile for user: Tim Haigh
Tim Haigh
User level: Level 7
24,198 points

Mar 7, 2009 8:11 AM in response to ptr88l

For clarification. The firewall in the system preferences is an application firewall and is not attached to the UNIX firewall IPFW.

By default IPFW is completely open so you don't need to open any ports. IPFW is already opn.

When you say you have done a port scan in network utility did you do this from another mac on your network or where out doing this from outside your network?
Reply
User profile for user: Tim Haigh
Tim Haigh
User level: Level 7
24,198 points

Mar 7, 2009 12:29 PM in response to ptr88l

I did the port scan on my mac from within the network by entering the fixed ip address I have. It reports 2 other ports needed are open 16000 and 16001 but not 16004.


have you tried turning off your application firewall in the system preferences

then in the terminal flushing your ipfw rules. with the following command


sudo ipfw flush


Then try the port scan.

If you are on a network then you are firewalled by your router so it may not be necessary run any firewall on your mac.
Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

unable to open ports using terminal

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up