Hi everyone and thanks for making the place a reference for mac os x server

As of late i acquired a nice MacPro with mac os X server 10.4.7 Universal binary.... everthing checked out fine until port 626 and serialnumberd reared their respective ugly heads. 1) I have 2 machines running one running the classic server install its own serial number. the other machine running mac os x client. Both have server admin installed in the same version. 2) on startup and on server warmup serialnumberd does not seem to have a problem then all of the sudden it mentions it fails because of the firewall i setup ... Let me remind that serialnumberd open port 626 on UDP looking if you have another machine with the same serial number mucking around... that is not the case here .. however i have setup adress ranges to keep kiddies off my ssh's back . My home range is allowed all type of traffic as stated in the server admin gui. All other channels are authorized case by case as needed ... My question would be since serialnumberd creates its own 00001 firewall rule allowing UDP 626 to be opened . there shall be no more need to have a 12307 rule allowing that port to be opened right ? plus since we are running free on a local basis a server admin application within the network range would not meet any firewall problems , correct ? then i am getting that log entry into system.log. Sep 13 00:03:57 mox servermgrd: servermgr_info: [71] SNCheck("server serial number") failed with 5 ipfw show returns the following 00001 0 0 allow udp from any 626 to any dst-port 626 00010 13554 4217091 divert 8668 ip from any to any via en0 01000 71082 12141714 allow ip from any to any via lo0 01010 0 0 deny ip from any to 127.0.0.0/8 01020 0 0 deny ip from 224.0.0.0/4 to any in 01030 0 0 deny tcp from any to 224.0.0.0/4 in 12300 11880 4017707 allow tcp from any to any established 12301 7 420 allow tcp from any to any out 12302 1786 217833 allow udp from any to any out keep-state 12303 0 0 allow udp from any to any in frag 12304 69 4140 allow tcp from any to any dst-port 311 12305 0 0 allow tcp from any to any dst-port 625 12306 48 3312 allow icmp from any to any icmptypes 8 12307 48 3312 allow icmp from any to any icmptypes 0 12308 0 0 allow igmp from any to any 12309 6 336 allow icmp from any to any icmptypes 3,4,11,12 12310 0 0 allow tcp from any to any dst-port 407 12310 0 0 allow udp from any to any dst-port 407 12311 0 0 allow tcp from any to any dst-port 427 12311 4 308 allow udp from any to any dst-port 427 12312 0 0 allow tcp from any to any dst-port 443 12313 0 0 allow gre from any to any 12314 0 0 allow esp from any to any 12315 0 0 allow tcp from any to any dst-port 53 12315 57 3596 allow udp from any to any dst-port 53 12316 0 0 allow tcp from any to any dst-port 53 out keep-state 12316 0 0 allow udp from any to any dst-port 53 out keep-state 12317 0 0 allow tcp from any to any dst-port 88 12317 0 0 allow udp from any to any dst-port 88 12318 0 0 allow tcp from any to any dst-port 106,3659 12318 0 0 allow udp from any to any dst-port 106,3659 12319 0 0 allow tcp from any to any dst-port 110 12319 0 0 allow udp from any to any dst-port 110 12320 0 0 allow tcp from any to any dst-port 113 12321 0 0 allow tcp from any to any dst-port 115 12322 0 0 allow tcp from any to any dst-port 143 12323 0 0 allow udp from any to any dst-port 192 12324 0 0 allow tcp from any to any dst-port 201-208 12325 0 0 allow tcp from any to any dst-port 993 12326 0 0 allow tcp from any to any dst-port 995 12326 0 0 allow udp from any to any dst-port 995 12327 0 0 allow tcp from any to any dst-port 5222 12328 0 0 allow tcp from any to any dst-port 5223 12329 0 0 allow tcp from any to any dst-port 5269 12330 0 0 allow tcp from any to any dst-port 5190 12330 0 0 allow udp from any to any dst-port 5190 12331 156 18563 allow udp from any to any dst-port 5353 12332 0 0 allow tcp from any to any dst-port 8000-8999 12333 0 0 allow tcp from any to any dst-port 8080 12334 0 0 allow tcp from any to any dst-port 9006,8080,8443 12335 0 0 allow tcp from any to any dst-port 20-21 12336 0 0 allow udp from any to any dst-port 161 12337 0 0 allow tcp from any to any dst-port 389 12338 0 0 allow tcp from any to any dst-port 687 12339 0 0 allow tcp from any to any dst-port 660 12340 0 0 allow tcp from any to any dst-port 1085 12340 0 0 allow udp from any to any dst-port 1085 12341 0 0 allow icmp from any to any 12342 0 0 allow tcp from any to any dst-port 80 12343 0 0 allow tcp from any to any dst-port 123 12343 0 0 allow udp from any to any dst-port 123 12344 0 0 allow udp from any to any dst-port 513 12345 3 315 allow ip from myiprange/28 to any And i found this into /Library/Logs/SerialNumberSupport.log Wed Sep 13 01:36:12 2006: LOGERR: The local firewall has more than one rule #1! Assuming (UDP 626) blocked. Wed Sep 13 01:40:18 2006: LOGERR: Local firewall NO LONGER has our port (UDP 626) blocked. Great news ..... daemon i did not put that rule in thanks , you did . Merry Xmass no other rule on port 626 is being applied either. Is there any way to make the poor thing see reason and having it not assuming the port is being blocked whereas it is wide open ? my guess would be that the daemon seeing there might be something related to its port somewhere ends up sawing the branch on which he sits . Any enlightment would be more than welcome on the subject ....