Newsroom Update

Beginning in May, a special Today at Apple series titled “Made for Business” will offer small business owners and entrepreneurs free opportunities to learn how Apple products and services can support their growth and success. Learn more >

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: wesmason
wesmason Author
User level: Level 1
0 points

Apple Service Toolkit Firewall Rules

I have been charged with setting up a Mac Mini server with the Apple Service Toolkit v. 1.0.9 for our Hardware Support department. I have a 2010 Alumninum Mac Mini Server as well as an Apple USB Ethernet adapter. The machine is configured to connect to the LAN via the built-in ethernet port and serve DHCP and NetBoot via the Apple USB Ethernet.


I followed the directions in the documentation to set up the server, but there is no mention of setting up the firewall, which concerns me. The box will only be handling diagnostics with the Apple Service Toolkit, but I still don't want it completely open to the world.


When I set up the firewall and enable it, the Gateway Manager.app cannot find the Diagnostic Gateway server. In the /var/log/system.log, I get the following errors, repeating:


(/var/log/system.log)
[...]
Aug 16 15:19:16 hostname com.apple.gw_datad[76]: socket bind: Can't assign requested address
Aug 16 15:19:16 hostname com.apple.gw_controld[77]: socket gind: Can't assign requested address
[...]


Has anyone had an experience with a similar setup? Do you have the software firewall (through Server Admin or command line ipfw) enabled?


Thanks!

Posted on Aug 16, 2011 1:18 PM

Reply
Question marked as Best reply
User profile for user: ClassicII
ClassicII
User level: Level 4
1,097 points

Posted on Aug 17, 2011 7:13 AM

Is the server inside a protected network? If so you should be fine. We have our AST server on a mini with in our internal network. Also vesion 1.1 is out now. 🙂


When you start the gateway manager it says "connecting to diagnostic gateway" right?

View in context
9 replies
User profile for user: Hopkins_Tech
Hopkins_Tech
User level: Level 1
0 points

Feb 27, 2012 6:12 AM in response to Andy Boutte

Andy,


This is the reply I got from AST's support:


Unfortunately AST currently does not support bonded ethernet which is why Gateway Manger is not launching. As AST shares it's configuration settings this is also why Gateway Manager on your portable did not launch. There is currently no work around besides to unbind the ethernet port or to use a separate NIC for AST/Netbooting.


I actually have another open NIC on the server and I would go that route, except our switches don't allow any more iphelpers, which is required to netboot across subnets. So we are out of luck.

Reply
User profile for user: Andy Boutte
Andy Boutte
User level: Level 1
0 points

Feb 27, 2012 1:43 PM in response to Hopkins_Tech

That is really unfortunate. I really want to use bond0 for NetRestores and NetBoots but I also have AST running on the same box. I have an extra availble NIC but when I enable that for AST all NetBoots get broadcasted twice on the network and users would have the ability to choose the non bond0 interface which defeats the purpose of having it.


Looks like I will have to move AST to another box or try and find a workaround. Thanks for the confirmation though.

Reply

Apple Service Toolkit Firewall Rules

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up