Mac OS X Server, Firewall and ftp problems... and a solution
Recently, I turned on the firewall on a clients OS X Server 10.4 installation because there were many attempts to hack into it. I went through and configured the firewall so that any necessary ports were open, and walked away thinking all was well.
Well it wasn't. There were a few clients who couldn't connect via ftp or ftp took a long time to respond after connecting. I realize that ftp is an insecure way of transmitting information, but this client had his hands tied since many of his users don't have an sftp client.
After a bit of troubleshooting, I discovered that the reason the clients were having a hard time connecting to the ftp server: You need to open more than ports 20 and 21 for ftp to work through a firewall.
So what did we do to make things work again? Read more after the cut.
Here's what I did to make OS X Server, ftp and the Firewall work together again. This was done on Mac OS X Server 10.4.9.
- Open Server Admin if it isn't already opened
- Stop the FTP service if it's running
- Open the Terminal application
- type the following:
cd /Library/FTPServer/Configuration
sudo pico ftpaccess
This is where we'll specify which ports to allow passive ftp to work. In this example we'll use ports 49151-49155.
Add this line:
passive ports your_ip_number 49151 49155
your_ip_number is the ip number of your server. - save the file
- Go back to Server Admin. Click Firewall > Settings > Services
- Add ports 49151-49155 to allow only traffic.
- Click the "+" button to add the ports.
- Enter this info:
Name: ftp additional ports
port:49151-49155
protocol:TCP - Click OK
- Click Save
- Next click Firewall > Settings > Advanced
- Make a new rule by clicking the plus sign and enter this data:
Action - Allow
Protocol - TCP
Service - Other
Source Address - Any
Source Port - Blank
Destination Address - (put your servers ip address here)Destination Port - 49151 49155
- Save the rule.
- Restart the Firewall Service.
- Start the FTP Service.
- Test it out!
This solved problems for clients who were using an older version of Dreamweaver as well as older ftp clients.
Useful? Then Digg It.
Del.icio.us | Technorati Tags: mac os x server, mac osx, os x server, osx firewall, osx ftp, osx ftp firewall, osx ftp fix, osx ftp problem, osx server