Sounds like you need to figure out port forwarding on your router. Normally connections are made to IP addresses and ports. The IP address is like some family's phone number and the port is like asking for Mike, Sam or Pete after they pick up. So port 80 is for http (web browsing) while 21 is FTP and there are thousands of others. In the case of a firewall, you can call them but they can't call you. So if you connect out to some server with your web browser on port 80, the firewall will allow the response to come back because you called them. The outside world trying to connect to you is blocked, which is usually a good thing. But in some cases you DO want to have the outside world get to your mac, at least for a specific port. This gets into NAT or Network Address Translation, another firewall technique.
In the normal setup there is the outside world of IP addresses and then there is the IPs on your network. There is a special range of addresses called 'private' or non-routable addresses which oftens start with 192.168.x.y. Normal routers on the internet will not pass any requests to addresses in this range. So what your firewall does is it gets assigned a real routable address on the internet and it assigns one or more private addresses to machines on your private network. When a request from your mac goes out to the internet the private address is pulled out and replaced by the public one and when responses come back the reverse is done. If some bad person tried to trace back your request and connect to your machine they could only get as far as the public address on your firewall since no internet router would work with your private addresses. This is the NAT feature at work. So to get an outside connection to your mac you not only need to tell the firewall to open up a 'hole' but also where to send that incoming traffic on your private network. So if my internal network address was 192.168.130.123 and my public address was 64.12.175.129 I would want to do a simple port map from 64.12.175.129:1972 to 192.168.130.123:1972. That would map any connection requests for port 1972 on your public side to port 1972 on your private network. You can even do fancy things like portmap other ports around to multiple machines on your internal network. For example, SSH runs on port 22 so you could portmap the public 22 to your mac's 22 and be able to ssh to it from anywhere in the world. But what if you have more than one internal mac. Well, you could portmap some other port number to be 22 on your second mac. So if I had two macs with private addresses 192.168.130.123 and 192.168.130.124 and public address 64.12.175.129 I would do portmap entries likes this: 64.12.175.129:22 to 192.168.130.123:22 64.12.175.129:314 to 192.168.130.123:22 So do an ssh to port 314 on my public address would end up going to the normal port 22 on my second mac. Hope this clears up portmapping and how it works. CB Larry Wanger wrote: > Let me try this again. > > > Hi, > > Yesterday I found myself trying to get a couple of > services/applications working on my Mac that require me to allow access to > ports and seemingly complex setup options. I first was trying to set up an > application called Ootunes that enables you to stream your iTunes library > from computers or web enabled devices away from your home computer. I plan > on streaming it to my iPhone but the problem is with setting everything up > on my Mac. In this case, Ootunes has a test program you can run that checks > if you can access your network computer from outside. The test failed saying > it could not access port 1972 and because my firewall blocked access. > > In the second situation I was trying to set up off-site backup through Mozy. > The instructions said I needed to forward a port but I am unsure of how to > do this as well. > > I'm thinking that in the first, if not both cases, the fact that I have the > firewall in the OS plus the firewall on my wireless Apple Airport Express > running in addition to being behind the actual modem is causing problems. I > went in to security and allowed access for all applications but it still > would not pass the testing for Ootunes. > > Does anyone have experience with this and would they be able to offer some > help either via email or off list? > > Thanks. > > > > > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "MacVisionaries" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/macvisionaries?hl=en -~----------~----~----~----~------~----~------~--~---
