Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: fkick1
fkick1 Author
User level: Level 1
91 points

Icefloor blocking Profile Manger Webpage

Hi All,



We recently switched to icefloor 2 to help manage the PF filewall on mac os x server (10.9.1). Something strange we've noticed is that if the PFfirewall is turned on from icefloor, the profile manger webpage becomes unaccessable, even form the local server itself. The mydevices web enrollment pages are also unreachable, but the main domain can be reached fine and so can the "My settings" webpage front end for changing user passwords. All the profile manager and web page ports appear to be open (80, 443, 2195, 2196, 5223, 1640) but connections time out when you try to access https://mydomain.com/profilemanager



As soon as icefloor turns off the pf firewall, the pages immediately come back and are accessible.



Has anyone else had this issue? Am I missing a port that needs to be open?



Thanks!

MAC MINI SERVER (LATE 2012), OS X Mountain Lion (10.8.2), ios 6.0.1

Posted on Feb 14, 2014 2:43 PM

Reply
6 replies
User profile for user: Tearjerker
Tearjerker
User level: Level 1
90 points

Jul 25, 2014 6:55 AM in response to Tearjerker

Same problem here. All needed ports are open...no access to this pages


Fixed:


Problem seems to be a loopback issue in icefloor:

open icefloor.conf

sudo nano /Library/Icefloor/icefloor.conf

delete or uncomment the following line:

set skip on lo0

jump to the end of icefloor.conf

add the following line:

pass quick on lo0

RELOAD!!! icefloor.conf over icefloorgui -> Debug -> Control PF with pfctl -> Reload PF


RELOAD is very important! Because this is a bug from icefloor you have to repeat this step EVERY TIME you START/STOP icefloor because icefloor.conf gets overwritten everytime you start/stop


I dont know how it behaves with startup-scripts because Im not using this!


If somebody tries this and finds ANY PROBLEMS because of this modification/hack, please reply to this thread...ive done a lot of testing and could not find any problems modifying this line! Thanks in advance!

Reply
User profile for user: Wolterink
Wolterink
User level: Level 1
0 points

Nov 14, 2014 4:50 AM in response to Tearjerker

Nice fix

It's working now


Workaround for:

RELOAD is very important! Because this is a bug from icefloor you have to repeat this step EVERY TIME you START/STOP icefloor because icefloor.conf gets overwritten everytime you start/stop

Go to the "icefloor.app" and select "show package content"

Go to Contents>Resources and edit the file "pflists.conf" (this is the master ice floor.conf template which keeps overriding the one stored in the library once you made any changes in the app)

Once you edited this master config file your settings will override the / Library/icefloor.conf file with any changes you made.

Reply

Icefloor blocking Profile Manger Webpage

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up