3 Replies Latest reply: Dec 28, 2012 8:54 AM by BobHarris
burnduck Level 1 (0 points)

I am trying to remote administrate a Mac Mini running Mac 10.8 server but couldn't figure out which port to use.


Tried the following but still woudn't connect unless DMZ is opened.


  • Remote Login (SSH) - 22
  • Screen Sharing Service (VNC) - 5900
  • Web Service - 80, 443
  • VPN Service (L2TP) - 500, 1701, 4500
  • VPN Service (PPTP) - 1723


Any clue?

  • JaimeMagiera Level 2 (305 points)

    What are you trying to administer it with? Server.app? Apple Remote Desktop? If the former, port 687 should be open.



  • tzbikowski Level 4 (1,945 points)

    Safest way of doing it is over VPN.


    So only VPN ports open on the router (+ any other public services if you run any - http, https, etc)

    Connect via VPN to your server and then you are on the internal network and you should not have to open any additional ports on the router for your remote administrator software.

  • BobHarris Level 6 (17,709 points)

    When you say administer, do you mean something like control your parent's Mac remotely, or do you mean officially adminster a classroom full of Macs?  If a classroom full of Macs, then you are most likely taking about using the Apple Remote Desktop software which you pay for.


    If, as I suspect, you just want to control your own or a family member's Mac remotely, then you do not need to pay for anything.


    If you need Screen Sharing, you open port 5900 (the VNC port)

    If you need File Sharing, you open port 548 (AFP)


    If you need access to the Unix command line, or you want to use the ssh 'scp' or 'sftp' file transfer commands, then you need to open port 22.


    Visit <http://PortForward.com>, they will provide port forwarding instructions for just about every home router out there.


    I would also suggest you get a free dynamic DNS name so you can address the remote Mac by a constant name instead of having to know the current IP address assigned to the home router, which the ISP can change anytime they want.  No-IP.com or DynDNS.org offer free dynamic DNS names.  You run one of their dynamic DNS updating clients on the remote Mac to keep the dynamic DNS name updated with the current ISP assigned IP address.


    Once you have the port forwarding working, you connect for screen sharing using


    Finder -> Go -> Connect to Server -> vnc://address.of.remote.mac


    and for file sharing


    Finder -> Go -> Connect to Server -> afp://address.of.remote.mac


    If you are going to use ssh, scp, or sftp, then from an Applications -> utilities -> Terminal session you would do something like:


    ssh username@address.of.remote.mac

    scp local.file username@address.of.remote.mac:/path/where/to/put/the/file

    scp username@address.of.remote.mac:/path/of/file/to/get   /local/place/to/put/the/file


    There are also sftp GUI clients you can use to make this part easier.


    If you really cannot get this working, then consider using something like TeamViewer.com which deals with all the messy home router NAT navigation.