In this screencast I cover the advanced OSX Firewall configuration using the 3rd party IceFloor Firewall utility (free / donation-ware) and talk about the notion of ‘port forwarding’ when you have a Mac mini in a hosted environment. A home computer is usually connected to a router which serves as a physical firewall to the internet.
At MacStadium we open all the ports for you so you have full access to any services you might want to use your server for. As a result you may have some services that you don’t want exposed to the internet which means you need to use a software firewall to close those ports. In this tutorial I cover how to close ports you may not want open and how to keep ports open for services you want access to using a software package called IceFloor. I cover how to:
- Download and install IceFloor.
- How to avoid locking yourself out of your server when you start the firewall with IceFloor.
- How to tell what ports are open for what services and the services you want to make sure you open.
- How to manually open ports for other services not listed in the main window.
- How to add security for the SSH service including the emerging threats list.
Ports required for most Mountain Lion Server Services:
- Server Administration: TCP Ports 311 & 625
- Screen Sharing: TCP & UDP Ports 5900 & 3283
- File Sharing: TCP Ports 139 & 548
- Profile Manager: TCP Ports 80, 443, & 1640
- Contacts: TCP Ports 8800 & 8843
- Calendar: TCP Ports 8008 & 8443
- Messages: TCP Ports 5222, 5223, 5060, 5269, 7777 UDP Ports 16384-16388
- VPN: TCP Port 1723 UDP Ports 500, 1701, & 4500
- Websites: TCP Ports 80 & 443
- Open Directory: TCP & UDP Ports 636 & 389
- Mail: TCP 110, 995, 25, 465, 143, 587, & 993
- FTP: TCP 20 & 21
- SSH: TCP 22
- AFP: TCP 548