User profile for user: Jannem1970
Jannem1970 Author
User level: Level 1
8 points

How to open specific ports in OS X Firewall (10.9.4)

Hi everyone,


I am running Plex Media Server (PMS) on a Mac Mini and OS X Server (10.9.4) and I am having issues with it to function properly. PMS uses a service called MyPlex for any Plex clients you have outside of your LAN (like iPhones, iPads or roaming MacBooks) to connect to PMS easily. For this MyPlex-service to work I have made a Port Mapping in my Airport Extreme (AEX) pointing to my Mac Mini running PMS-software. Although the Port Mapping looks as if it set correctly within Airport Utility, a port scan reveals that it isn't. The Firewall in OS X server is off, according to System Preferences, but I figured that Apple's Adaptive Firewall is blocking access through this port. Attempts to connect from outside the LAN using the Portforwarding brings down the server, or at least services like the VPN-service. When the block was released and I could VPN back into my server I also noticed that mounted Network shares from within the LAN were ejected.


I don't know where to look to confirm wether or not it is true that the Adaptive Firewall is blocking, but maybe some of you can point out where to look. Also I would like to learn how I can open up a specific port in OS X Server/Mavericks, maybe using Terminal. The things I found on the internet use the ipfw-command, which is deprecated in Mavericks. Can anyone help me?


Many tanks in advance,


Jannem


System Information:

Mac Mini (2009) running OS X Mavericks 10.9.4 (13E28)

Airport Extreme (4th gen), Firmware 7.6.4

Plex Media Server, version 0.9.9.12.504-3e7f93c


Note: the AEX is behind a cable modem which is in Bridge Modus.

Posted on Jul 15, 2014 3:37 PM

Reply
8 replies
User profile for user: Kappy
Kappy
User level: Level 10
362,007 points

Jul 15, 2014 3:54 PM in response to Jannem1970

Configuring the built-in firewall uses the Privacy & Security preferences. Click on Firewall tab. An application or process is blocked unless it is given access in the list.


As for as port forwarding is concerned that must be configured in the router. If the cable modem is also the router you must configure it. If it's just a modem then the AEX is acting as the router in which case it should be configured there.

Reply
User profile for user: Jannem1970
Jannem1970 Author
User level: Level 1
8 points

Jul 15, 2014 5:17 PM in response to Kappy

Thanks Kappy for your reply.


The built-in Firewall is switched off, so that should not hinder PMS. I checked wether there was an exception for PMS when the firewall was switched on and there is; incoming connections are accepted for PMS, even when the firewall is switched on.


Also, the server has a static IP-address, of course, as it handles a few other services for client computers: my AEX has several reserved IP-addresses for network computers based on their MAC-addresses and this has never let me down. The Port Mapping to the server is correct and corresponds to the static IP-address of the server. Somehow OS X server (or something) seems to hinder or block the Port Mapping, as another Port Mapping to a second PMS running on a Synology NAS works just fine. I even experimented by editing/switching the IP-addresses of the server and the NAS in the Port Mapping: the Port Mapping that points to the server does not open up, whereas the Port Mapping to the NAS is registered with every Port Scan that I make, on every edit.


So, for instance if I open external port 32401 up to point at the static IP of the NAS and port 32402 at static IP of the server, only port 32401 registers as opened upon a port scan. If I switch 32401 to point at the server and 32402 at the NAS, then only 32402 is found 'open' by a port scan. BTW, both internal ports are both set at 32400 as the PMS-software expects incoming connections at this port.


So if it is not the adaptive firewall, and Port Mapping seems to work for one network client , then why not for the computer running OS X Server? Any ideas or advices are very welcome.


Thanks!

Reply
User profile for user: Jannem1970
Jannem1970 Author
User level: Level 1
8 points

Jul 15, 2014 11:44 PM in response to Linc Davis

@Linc Davis:

Yes, I can access the media locally via PMS without problems. PMS broadcasts within my LAN without Plex clients having to authenticate (using MyPlex). I have even accessed media from outside of LAN, but then immediately (or after a few seconds) the Plex client freezes/hangs as the PMS on OS X Server is not only disconnected from MyPlex, but also becomes inaccessible when I try to VPN back in to my server. I know for a fact that at these 'freezes' the AEX remains up and running, because the PMS on my Synology NAS is still accessible. The server however looks to be shut out from outside access: no VPN service for a while, privately hosted websites are down and network shares that were mounted prior to the freeze are ejected (indicating a network freeze within the LAN also).


In my troubleshooting I tried to remove the PMS configuration in increments to see what happens:

1. log PMS out of MyPlex, with PMS still running and port forwarding on the AEX still active;

2. log PMS out of MyPlex AND remove PMS from MyPlex dashboard to stop looking for it at the registered port;

3. close down PMS altogether, but with port forwarding still active;

4. all of the above and remove port mapping to my server.


Only with step 4 I seem to have a stable connection to my server as it remains accessible via VPN. I have been troubleshooting this from outside of my network and it has been a tiresome exercise, getting shut out from my network for a few minutes up till a few hours (no VPN). Today I will start to troubleshoot from inside the LAN.


Any ideas what to look for are welcome. All the logs on my server are quite comprehensive and I am out of my depth what to look for in them.


Cheerz,



Jannem

Reply
User profile for user: Jannem1970
Jannem1970 Author
User level: Level 1
8 points

Jul 18, 2014 1:35 AM in response to Linc Davis

In the meantime I have been troubleshooting this problem onsite (within the LAN).


@Linc Davis: to answer your question about VPN, I can and could access my server via VPN. The server is running the VPN service and always has been functioning properly. However after the the configuration of the Port Mappings in AEX and the connection with MyPlex, VPN dropped out as soon as the server got connected to via MyPlex. Troubleshooting on site learned that it was not just VPN that went down, but that the networking of the server went down altogether as screen sharing or ARD was not possible either. So, I powered down the server, relocated it to connect it to a physical screen (I had been accessing the server through ARD from the beginning) to investigate further. Surprisingly, after the shutdown and physical relocation, the problem did not occur and hasn't done so ever since.


At this moment I really can not say what caused the problem in the first place and what caused it to disappear. The full power-down and restart of services, must have done the trick, but it still does not explain why. For now, I keep a close eye on this and will report back to this thread as soon as the problem re-occurs, if ever.


Thanks for reading and thinking along!


Jannem

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

How to open specific ports in OS X Firewall (10.9.4)

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up