server and firewall confusion

Question

Level 1

8 points

server and firewall confusion

Hi!

Newbie to all this. I appreciate any and all help.

I want to set up Mountain Lion Server. I want to use in with filemaker server and perhaps host a website.

Originally thought that I could do this from home. I've been wasting a lot of time trying to figure out ways of getting out of having a static IP address. DynDNS...

My home ISP has blocked all lower ports except for those for VPN ports. I tried to set this up and managed to get a user (who - I don't know) almost immediately. So I shut down everything.

Now I'm just going to bite the bullet and send my mini to a colocation facility ( was trying to avoid the additional expense while I learned what I'm doing...)

I realize then I will be even more open to invasion. Everything I read on setting up ML server says it is more difficult with a firewall. On the internet I read - you better have a firewall. Where is the firewall in ML server? It sounds like I have to go to the command line to do. This seems scary, and how many books do I have to read to be able to understand what I am doing? I have been a Mac user since the beginning. However, network admin and server admin is all new to me. Apple's online documentation seems either too simplistic or too advanced. I am not afraid to dive in, I just don't know where to dive.

Any recommendations of what I could read to help me out would be greatly appreciated. I've got to get my business online. I've also got to wear all the hats right now- the ask your sys admin for the settings to enter doesn't apply.

thanks

OS X Server

Posted on Apr 2, 2013 8:14 AM

Reply

Answer 1

Best reply

MrHoffman

Community+ 2024

Level 10

115,845 points

Apr 2, 2013 9:06 AM in response to ChillOutDB

Your network provider (ISP) holds the proverbial "high ground" here, both in terms of the network position, and the usual contents of the Terms of Service most ISPs use. Get a static address. Or yes, a co-lo. There are places that offer co-lo Mac systems, too.

Firewall? In OS X Server? In Mountain Lion Server, an adaptive firewall is usually enabled by default; see the firewall setting in the Security & Privacy preferences of System Preferences.

Reply

Answer 2

Linc Davis

Level 10

209,535 points

Apr 2, 2013 3:56 PM in response to ChillOutDB

A packet-filtering firewall is only necessary if you need to provide services that are restricted to certain networks. It doesn't seem that you'll be doing that. Just make sure that all services you don't want to expose are disabled, including Bonjour.

Mac OS X v10.6: Disabling mDNSResponder will disable DNS

Reply

Answer 3

ChillOutDB Author

Level 1

8 points

Apr 3, 2013 6:09 AM in response to MrHoffman

Thanks for your response. This adaptive firewall is in Mac OS system preferences? Also Filemaker server wants these ports open:

If your server computer has a firewall, open the necessary ports in the firewall so that FileMaker Server can communicate with users and administrators:

1 Required on all deployments: 5003, 16000, and 16001.

1 Additionally required for web publishing: 80 (HTTP) or 443 (HTTPS).

1 Ports 5013, 5015, 16004, 16006, 16008, 16010, 16012, 16014, 16016, 16018, 16020, 16021, and 50003 must be available on the machine, but not open in the firewall. For more i

Would I need to do anything to enable these?

Again I really appreciate you for helping me.

Reply

Answer 4

ChillOutDB Author

Level 1

8 points

Apr 3, 2013 6:23 AM in response to Linc Davis

I'm going to need to call filemaker because from what I am reading it looks like on Mac (which is what I'm using) it looks like they are using Bonjour. They mention this in docs:

1 Bonjour is optional on Windows. The FileMaker Server installer optionally installs Bonjour for Windows. If Bonjour services is not installed, the server cannot be displayed to FileMaker Pro users in the Open Remote dialog box or to FileMaker Go users in the File Browser.

1 On Windows 64-bit editions:

1 The 64-bit version of Bonjour is optionally installed.

1 Both the 32-bit and 64-bit versions of Microsoft Visual C++ Redistributable Package ATL Security are installed.

1 FileMaker Server requires the 32-bit version of Java Runtime Environment version 6 to run FileMaker Server Admin Console.

yea looks like I have to enable Bonjour, found this later in docs for installing FM server:

Bonjour installation:

1 Windows: Bonjour is optional.

1 Mac OS: If Bonjour is not installed and enabled, then you cannot install FileMaker Server.

1 If Bonjour services is not installed, the server cannot be displayed to FileMaker Pro users in the Open Remote dialog box or to FileMaker Go users in the File Browser.

So I guess I need Bonjour. Any suggestions?

I really really appreciate your help. Thank you!

Reply

Answer 5

Linc Davis

Level 10

209,535 points

Apr 3, 2013 7:06 AM in response to ChillOutDB

Bonjour won't work over the Internet, whether it's enabled or not.

Reply

Answer 6

ChillOutDB Author

Level 1

8 points

Apr 4, 2013 10:52 AM in response to ChillOutDB

OK

think I've got it now. Ronnie Rios of Filemaker has gotten me straightened out, I think as I haven't done it yet. The way he explained it: ML Server is the same as Mac OS but with more stuff available to control (I'm paraphrasing...) So turning on the Firewall in Mac OS turns it on in server as well- since they are the same.

then I should have open directory open in server when I access filemaker server from the filmaker console. then in open directory - it should ask if want to allow the connections to- answer yes to all concerning filmaker server. And open directory should then open ports through the adaptive firewall. and should be good to go. I believe this is what other replies to this post were telling me. But it wasn't quite getting through to my brain...

Thanks to all!

Reply