OSX Lion Server part 03 – Getting the Router Prepared
We’ve dealt with the types of server installs in part 01 of this series and the network set-up we need to have in place in part 02. Before we jump in and actually install the software there is one final stage we have to look at before we continue, and that’s router set-up.
Your network router is set-up to allow common tasks like web browsing and mail traffic to come in and out. However, many potential services are blocked by default. This is a good thing since it shields your network from potential intrusion.
So in order to let some of OS X Lion Server’s services pass to and fro we need to set-up something called port forwarding which is opening up ports on the router to allow more services to work.
Apple Airport Extreme or Not.
If this whole idea of port forwarding fills you with dread, then you might consider replacing your current router with Apple’s Airport Extreme router. Why? Well, if Lion Server detects an Airport Extreme on your network, it will set-up port forwarding for you automatically.
So if you are considering one of these then this port forwarding part is easy, just let the server installation do all the work for you.
You can see below how the ports are opened by the server when you access an Airport Extreme base station through Airport utility (see below).
Port Forwarding for Other Routers
Most routers on the market use a web interface to change their settings, so each manufacturer will have a slightly different interface and approach to changing these settings.
There are guides to configure port forwarding for most of the main routers on the market over at the portforward.com website, so check out that site to find a comprehensive guide for your make of router (when you select your router you will see a series of links to specific ports but you might want to find the link to the Default Guide for a general help page). If you don’t find your router’s link, go to the router manufacturers site and seek out the guide to your particular router there. If all else fails, feel free to ask a question on the forums.
Common Ports to Open up for OS X Lion Server.
What ports you need to open depends on what sorts of services you want to cross your network, so take a look at the table below and decide what services you may need. Don’t worry about not opening up some services at this stage since this port forwarding task is one of the things you can do as you start configuring Lion Server.
Take a look at the table below to see the main ports used by Lion Server’s services.
|Address Book Server|
|Address Book Server||8800||TCP|
|Address Book Server SSL||8843||TCP|
|File sharing (Apple AFP)||548||TCP|
|File sharing (Windows SMB/CIFS)||161||TCP|
|iCal Server using SSL||8443||TCP|
|iChat Server using SSL||5223||TCP|
|iChat Server, server-to-server connection||5269||TCP|
|iChat Server’s file transfer proxy||7777||TCP|
|Mail: IMAP using SSL||993||TCP|
|Mail: POP3||110||TCP, UDP|
|Mail: POP3 using SSL||995||TCP, UDP|
|Mail: SMTP legacy SSL submission||465||TCP|
|Mail: SMTP standard||25||TCP, UDP|
|Mail: SMTP submission||587||TCP|
|Remote connection SSH (Secure Shell) *||22||TCP, UDP|
|Remote Management (Apple Remote Desktop)||3283, 5900||TCP, UDP|
|Web service HTTP||80 or 8080||TCP|
|Web service HTTPS (secure web service via SSL)||443||TCP|
|Screen sharing VNC||5900||TCP|
|Virtual Private network|
|VPN L2TP ISAKMP/IKE||500||UDP|
|VPN L2TP IKE NAT Traversal||4500||UDP|
|VPN L2TP ESP (firewall only)||IP protocol 50||n/a|
* The only suggestion I have is that you not enable SSH unless you have a real need for it. Its a favorite port for real techies (it’s used for terminal access to remote computers – if you are interested), but SSH is also a magnet to hackers. You may find that your server logs fill up with attempted SSH intrusions if you enable that port.
Here’s a screen grab of the ports I have opened on the Netgear router that I have on my network.
So, with the router set-up to pass through all the services your server is going to use, we are now ready to actually download and install Lion Server. Notice all inbound services are going to a local address of 192.168.99.200 – that’s the manually assigned IP address we are going to give the machine that we’ll install Lion Server on in the next article.
I told you we would get there in the end.
Note about VPN (Virtual Private networks)
There’s another step to the router set-up if you are going to enable the VPN service, so if you are going to use this then keep following this series as we will cover the VPN service in the next article.