the advisability of opening port 3283 to the world

[option8]

one of my clients has their xserve behind a pretty nice little firewall. normally, i go into their office to make major changes and to commune with the server when it’s misbehaving (like today. DNS went FOOM…) but i’d like to be able to make small changes and monitor its status from home.

so, i’m thinking i’ll pop a hole in the firewall for UDP 3283 (according to http://docs.info.apple.com/article.html?artnum=106847) to allow me to take a look at the server’s logs and whatnot through ARD.

are there any security issues or exploits i should worry about when doing this? are there people out trolling the interweb for open ARD machines trying to hijack them? is it possible to have the ARD client connect to a different port – or tunnel through SSH, for example – and forward that port through the firewall to 3283?

many thanks.

[option8]

so… i went ahead and tried it. opened up 3283 (tcp/udp – ARD reporting) and 5900 (tcp – VNC/screen sharing) on the firewall and forwarded them to the xserve. while i was at it, i opened up SSH.

SSH works like a charm. i can log in, see that the server hasn’t yet run amok.

ARD not so much. in order to run remote desktop (or, failing that, a simple VNC connection) to the server, what else do i need to do at the firewall end of things?

all this, of course, is moot if what i’m doing is monumentally stupid – so feel free to tell me, so i can undo it 🙂

thanks

[Author]

Posts