3 Replies Latest reply: Sep 12, 2011 6:20 PM by etresoft
iosw Level 1 Level 1 (0 points)

I need to add specific ports/port ranges to the OS X Lion clients' firewalls, any ideas?

 

OS X Lion firewall settings only allow adding applications.  There is no "LDAP" application, it's built into the Network preferences settings.  The LDAP server is an OS X Lion Server running Open Directory.


Mac OS X (10.7.1)
  • etresoft Level 7 Level 7 (26,140 points)

    You only need open ports on the server side. The clients make outgoing connections which are not restricted by the firewall.

  • iosw Level 1 Level 1 (0 points)

    @etresoft, thanks for pointing that out, that makes sense.  I guess the flexibility in the regular Lion clients with ports is not possible.  It's only possible with OS X Lion Server, fair enough.

     

    We're trying to configure SSL within the Lion clients and didn't know if there was an incoming requirement.  There's a bug (logged even by Apple) when Lion client's attempt to bind to an SSL enabled Open Directory server.  So the firewall preferences wasn't the reason for this failure.  We're resorting to non-SSL binding until Apple fixes the problem, although we running on a private network and can get away with non-SSL for the time being.

     

    Ref to the bug:

    http://support.apple.com/kb/TS3958

  • etresoft Level 7 Level 7 (26,140 points)

    iosw wrote:

     

    I guess the flexibility in the regular Lion clients with ports is not possible.  It's only possible with OS X Lion Server, fair enough.

    No, you can configure both the client and server as much as you want. The only issue is that most people just don't understand what a firewall does (they think it is the same as anti-virus) so neither Apple nor I will bother explaining all the nitty-gritty details right off the bat.

     

    The client version of Lion doesn't need to be providing any services at all. Hence, there is really no need to run the firewall. If you are doing something fancy that the application firewall doesn't quite support, then you might want to run the real ipfw firewall instead. It is also installed on the client, but isn't a tool for the great unwashed.

     

    Personally, I find the fancy stuff pretty interesting, but I don't think you are doing that.

     

    We're trying to configure SSL within the Lion clients and didn't know if there was an incoming requirement.  There's a bug (logged even by Apple) when Lion client's attempt to bind to an SSL enabled Open Directory server.  So the firewall preferences wasn't the reason for this failure.  We're resorting to non-SSL binding until Apple fixes the problem, although we running on a private network and can get away with non-SSL for the time being.

     

    You might want to ask about this in the Server forums. This could be a situation where Apple isn't going to bother explaining the details on how to fix it because it would just confuse most people and they may already have it fixed in-house. It has already been discussed and some people say they have fixes. See the details in this thread.