Screen Sharing Blocked by Firewall Despite Exception

Question

Level 1

19 points

Screen Sharing Blocked by Firewall Despite Exception

I'm having the exact same issue as listed here: https://discussions.apple.com/thread/252456766.

13-inch M1 MacBook Pro won't accept screen sharing from a 14-inch MacBook Pro unless the firewall on the 13-inch MacBook is turned off. If the firewall is turned on, despite an exception being listed for screen sharing, the screen sharing fails with the message "Connection failed to 'computer name'". This 13-inch MacBook was set up using Migration Assistant from an Intel Mac to which screen sharing worked fine. All machines are running Monterey.

This sure feels like some weird M1 firewall issue. I've already tried restarting both MacBooks and shutting down the 13-inch MacBook.

Anyone else solved this?

TIA. /jab

Posted on Dec 8, 2021 11:18 PM

Reply

Answer 1

Dec 19, 2021 8:35 AM in response to jab3rd

I'm having the same issue with my M1 MacBook Pro. I did not use migration assistant. It came with Big Sur, Screen Sharing worked as expected then, but once I upgraded to the current version of Monterey, I had to disable the Firewall for Screen Sharing to work. Screen Sharing is listed as an exception, so this definitely looks like a bug to me.

Reply

Answer 2

jab3rd Author

Level 1

19 points

Dec 9, 2021 4:38 PM in response to lllaass

The exception is added automatically by macOS when screen sharing is turned on in System Preferences > Sharing. In System Preferences > Security & Privacy > Firewall > Firewall Options..., the exception is visible and listed as allowing traffic, including a note that to remove the exception, one should turn off screen sharing in Sharing. That this setup works on an Intel Mac running Monterey and does not work on an Apple Silicon Mac running Monterey seems relevant, although it could be some nonsense introduced by Migration Assistant during the move from the Intel Mac to the Apple Silicon Mac.

I note that in the other thread on this topic, at least twenty people indicated they had the same problem and the OP never indicated that he was able to resolve it.

Reply

Answer 3

Barney-15E

Level 10

122,036 points

Dec 9, 2021 6:17 AM in response to jab3rd

Well, the firewall is working as a firewall is designed. It is isolating a device from others on the network.

If you think it provides some security, that's not what it does. If both Macs are behind a NAT router, then turn off the Firewall.

If on a public network, turn off all other Sharing services and turn off the Firewall.

Reply

Answer 4

Barney-15E

Level 10

122,036 points

Dec 9, 2021 9:52 PM in response to jab3rd

I know precisely what a firewall does,

You obviously don’t. Especially how the built-in Application firewall works, which is, it doesn’t.

malicious traffic that might originate inside the LAN

Why do you allow malicious traffic inside your LAN?

Reply

Answer 5

jab3rd Author

Level 1

19 points

Dec 9, 2021 11:47 PM in response to Barney-15E

You are claiming that the built-in macOS firewall does not work? As in it's buggy, it doesn't block any traffic, or it ignores all configured exceptions? Apple's support articles seem to say differently. The fact that my configuration worked on my previous MacBook (Intel) and doesn't work on my current one (Apple Silicon), despite both running Monterey, seems to indicate something a bit more nuanced than you appear to be implying.

How do you ensure there is no malicious traffic inside your LAN?

You can try educating me with details here. I ran a small SaaS provider, originally in a colocation facility on dedicated infrastructure, and later on AWS, so I can probably follow along.

Reply

Answer 6

Barney-15E

Level 10

122,036 points

Dec 10, 2021 5:17 AM in response to jab3rd

The application firewall has been known to “work” exactly as you have found. If you need an actual firewall, configure the built-in Unix firewall.

You keep malicious traffic out by controlling the users and devices. The users are your biggest threat, and if they cannot be trained, kick them out. Blocking all social media from the network will greatly reduce social engineering attacks. If you are not controlling what users install on their devices, there is really no point in doing anything else.

Reply

Answer 7

lllaass

Level 10

210,513 points

Dec 9, 2021 7:10 AM in response to jab3rd

Just how did you add the exception?

Reply

Answer 8

jab3rd Author

Level 1

19 points

Dec 9, 2021 4:33 PM in response to Barney-15E

I know precisely what a firewall does, how to use it, and when to use it. A firewall should permit excepted traffic. The firewall is configured to allow screen sharing. It is not doing so, for reasons that are not clear. You might want to review this: https://support.apple.com/guide/mac-help/change-firewall-preferences-on-mac-mh11783/mac

NAT does not necessarily prevent all undesired traffic and absolutely does not prevent malicious traffic that might originate inside the LAN. Good security practices include deployment of host-based firewalls.

Reply

Screen Sharing Blocked by Firewall Despite Exception

Similar questions