Firewall - Configuration/GUI of the Mac OS X 10.6 / 10.7 Firewall

Here's the problem, as reported by people using MacOSX hosts for VirtualBox -- with Windows guests.

Something changed with OSX and RDP -- Remote Desktop Protocol -- doesn't work, and the virtualbox forums have had a lot of questions and few answers.

I found a clue, perhaps: https://forums.virtualbox.org/viewtopic.php?f=8&t=45815#p206663

This comment:

The firewall of Mac OS X was the problem. thing say the port is open, but it was not.

followed by:

I only had a remote ssh to the Lion machine and according to the documentation I disabled it by command line.

So -- how did he get OSX to allow RDP through on a specific port?

Simple directions would be greatly appreciated.

A question for the people saying a firewall may not be needed --- I found this in my logs while trying to get something to work. Say I took your advice and turned off the firewall in OSX Lion -- would it become a problem? This is a small excerpt, I have thousands of lines of this stuff, it's adding 1 each time to the port number:

Firewall: Stealth Mode connection attempt to UDP 192.168.1.2:162 from 192.168.1.1:2249

Firewall: Stealth Mode connection attempt to UDP 192.168.1.2:162 from 192.168.1.1:2250

Firewall: Stealth Mode connection attempt to UDP 192.168.1.2:162 from 192.168.1.1:2251

Firewall: Stealth Mode connection attempt to UDP 192.168.1.2:162 from 192.168.1.1:2252

Firewall: Stealth Mode connection attempt to UDP 192.168.1.2:162 from 192.168.1.1:2253

Firewall: Stealth Mode connection attempt to UDP 192.168.1.2:162 from 192.168.1.1:2254

Firewall: Stealth Mode connection attempt to UDP 192.168.1.2:162 from 192.168.1.1:2255 ....

(I recognize Stealth Mode is a setting I have checked in the security, not to respond to attempts; now, if the firewall gets turned off, what happens? This stuff has been going on for weeks)

That's your own computer asking for info from the network, and then essentially saying, nevermind. However, the network doesn't get the "nevermind" and sends the packet anyway. The firewall sees the response as an unsolicited attempt to get through.

If you turn off the firewall, you won't see all of those completely irrelevant log entries.

Well, the firewall available from the System Preferences / Security panel has been off all this time.

So this is from the other firewall that has no GUI user controls?

I've been wondering about that, because I have six VirtualBox machines, one of which is visible from Remote Desktop -- and the VirtualBox folks say it's that other firewall, maybe, causing the problem.

Or could the System Preferences panel be lying about the firewall being off?

How do you verify the two firewalls?

The only place I know of that does stealth mode logging is the firewall in system prefrences. If you can set up ipfw to do that, I don't know.

However, the from IP addresses you posted are all internal to your network. It isn't coming from outside. And, even if it was, it is more likely to be some widget that is making requests to servers and ignoring the responses. I had a weather widget in the menubar that did that a lot. So, the server that hosted the weather feed kept showing up in the logs as Stealth attacks. I don't know if that is bad programming or a function of the OS, but it is nothing nefarious.

Ok, sorry, I hoped it was a clue and it was a distraction from the real question I'm trying to ask -- which is, how can you know for sure that _either_ firewall is off?

Quoting from my earlier question, briefly, this is why I'm asking -- which firewall is blocking ports that VirtualBox and the SystemPreferences panel think are available:

Source: https://forums.virtualbox.org/viewtopic.php?f=8&t=45815#p206663

This comment: "The firewall of Mac OS X was the problem. thing say the port is open, but it was not." Not clear _which_ firewall or how to be sure if it's open or not.