We’ve got a server running Mac OS X (10.3.9) and we recently turned on the firewall on it. When trying to access the server using a newer machine that has Apple Remote Desktop 3.2.x on it, we get blocked. I’ve tried making sure ports 3283, 5900 (even though that’s usually for VNC), 5988 are accessible, but am still unable to get in. What am I missing?
[code]
Jul 28 15:06:47 server_name kernel: ipfw: 65000 Deny TCP xx.xxx.xx.xx:62655 server_ip(xx.xx.xxx.xx):5900 in via en0
Jul 28 15:06:48 server_name kernel: ipfw: 65000 Deny TCP xx.xxx.xx.xx:62656 server_ip(xx.xx.xxx.xx):5900 in via en0
Jul 28 15:06:50 server_name kernel: ipfw: 65000 Deny TCP xx.xxx.xx.xx:62657 server_ip(xx.xx.xxx.xx):5900 in via en0
Jul 28 15:06:52 server_name kernel: ipfw: 65000 Deny TCP xx.xxx.xx.xx:62658 server_ip(xx.xx.xxx.xx):5900 in via en0
Jul 28 15:06:54 server_name kernel: ipfw: 65000 Deny TCP xx.xxx.xx.xx:62659 server_ip(xx.xx.xxx.xx):5900 in via en0
Jul 28 15:06:55 server_name kernel: ipfw: 65000 Deny TCP xx.xxx.xx.xx:62660 server_ip(xx.xx.xxx.xx):5900 in via en0
Jul 28 15:06:56 server_name kernel: ipfw: 65000 Deny TCP xx.xxx.xx.xx:62660 server_ip(xx.xx.xxx.xx):5900 in via en0
Jul 28 15:06:57 server_name kernel: ipfw: 65000 Deny TCP xx.xxx.xx.xx:62661 server_ip(xx.xx.xxx.xx):5900 in via en0
Jul 28 15:07:00 server_name kernel: ipfw: 65000 Deny TCP xx.xxx.xx.xx:62662 server_ip(xx.xx.xxx.xx):5900 in via en0
Jul 28 15:07:01 server_name kernel: ipfw: 65000 Deny TCP xx.xxx.xx.xx:62662 server_ip(xx.xx.xxx.xx):5900 in via en0
Jul 28 15:07:02 server_name kernel: ipfw: 65000 Deny TCP xx.xxx.xx.xx:62663 server_ip(xx.xx.xxx.xx):5900 in via en0
Jul 28 15:07:46 server_name kernel: ipfw: 65000 Deny TCP xx.xxx.xx.xx:62667 server_ip(xx.xx.xxx.xx):5900 in via en0
[/code]
The xx.xxx.xx.xx is my client machine trying to connect and “server_ip(xx.xx.xxx.xx)” is the server I’m having problems with and the one this log is pulled from. So does this mean 62000 – 62999 need to be enabled? What’s the 5900 all about? Is it trying to connect in with 62xxx and 5900?
Rule 65000 is one in the advanced tab. It’s labeled as IGMP in the “Service” drop-down, but no ports are specified at all. It’s set as Source address “any” (no ports specified), Destination address “any in setup” (no ports specified). If i turn this rule off I am able to get in via ARD 3.2.x. Is that anything pertinent?
Comments are closed