Mac@Work
The
Ultimate
Business Machine


OS X Personal Firewall Settings

If you choose to turn on OS X's built-in Firewall when you're using the machine as a server, these are the settings you should enable.


by: Bernard Teo

Back to weblog:
The Ultimate Business Machine


Creative Commons License

Copyright © 2003
Bernard Teo
Some Rights Reserved.

This work is licensed
under a Creative
Commons License.

Personal Firewall Settings for Mac OS X machines used as Servers

If you should choose to turn on OS X's built-in Personal Firewall when you're using the same machine as a web, mail and DNS server, you must remember to enable the ports associated with web (80), mail (25, 110), and DNS (53) services, respectively.

Otherwise, information coming into your server for these services will not get through.

A good strategy to follow (for setting up your OS X machine as an Internet server) is to turn off the firewall until all the services you want have been made to work.

Web services are easiest to enable and test for, then mail, and then DNS (for when you're running a server behind an Airport Base Station).

Then, when you've got everything running, you should go to Systems Preferences and open the Sharing Panel (particularly the Firewall tab, as shown below).

A pictorial guide

This is what the Firewall Preferences should look like :

For allowing access to your web server, there is a default Personal Web Sharing preference that is already listed. All you have to do is to turn it on, to allow other machines to access your web pages.

Mail and DNS services are not listed by default. But you can create them yourself by clicking on the "New..." button.

To allow access to mail services on this particular machine, enter the values as shown below :

The Description field can contain anything you want, so enter something meaningful (like Mail or DNS). The Port field will contain the value of the port used by that particular service. Mail uses at least two well-known ports : 25 for smtp (for sending mail out) and 110 for pop (for allowing other users in your domain to retrieve mail from this server). DNS uses port 53.

Hit OK and that's it. There's no need to restart since they take effect immediately and will be in force every time you restart the machine.

Further Reading

You can use the firewall to do a few more things, like turning off the probes used by Microsoft Office to check for other copies of Office on the same network, which could create a security breach on your system.

Please look up the references on the right for further information.

.

 References:

Contact : Bernard Teo