 |
 |
How do you configure Tiger's firewall to allow a range of IP addresses through?
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Nov 2004
Location: Fordoche, Louisiana
Status:
Offline
|
|
I'm trying to allow a certain range of IP addresses to connect with my mini through FTP, but even though I have the FTP option checked, I can't connect unless I turn my firewall off. As soon as I turn it off, FTP works.
When I was using XP with Zonealarm, there was an option to allow a trusted range of IP addresses through for sharing purposes. Maybe I'm missing it, but I don't see this option in Tiger's firewall. Can it be done?
Thanks!
|
|
I bought a doughnut and they gave me a receipt for the doughnut... I don't need a receipt for the doughnut. I give you money and you give me the doughnut, end of transaction. We don't need to bring ink and paper into this. I can't imagine a scenario that I would have to prove that I bought a doughnut. To some skeptical friend, don't even act like I didn't buy a doughnut, I've got the documentation right here... It's in my file at home. ...Under "D".
|
| |
|
|
|
|
|
|
|
Mac Elite
Join Date: May 2001
Location: Earth
Status:
Offline
|
|
Make sure your FTP client is using passive mode and it should work.
You can add a range of ports by using Terminal.
man ipfw
|
|
|
| |
|
|
|
|
|
|
|
Mac Elite
Join Date: Oct 1999
Location: San Jose, Ca
Status:
Offline
|
|
The firewall GUI that Apple supplies does not have range options, but the underling firewall software does. You have to manually inject the rules into the firewall using a startup item that runs "last". If this sounds like an advanced user thing, it is.
Another way of doing it is to get one of the third-party firewall rule editors and let that take over managing the firewall.
|
|
|
| |
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Nov 2004
Location: Fordoche, Louisiana
Status:
Offline
|
|
Are there any freeware rule editors out there? I tried manually adding it before, but I didn't make it a startup item, so perhaps that's where I goofed.
|
|
I bought a doughnut and they gave me a receipt for the doughnut... I don't need a receipt for the doughnut. I give you money and you give me the doughnut, end of transaction. We don't need to bring ink and paper into this. I can't imagine a scenario that I would have to prove that I bought a doughnut. To some skeptical friend, don't even act like I didn't buy a doughnut, I've got the documentation right here... It's in my file at home. ...Under "D".
|
| |
|
|
|
|
|
|
|
Professional Poster
Join Date: Jun 2003
Location: Hyrule
Status:
Offline
|
|
|
|
|
Aloha
|
| |
|
|
|
|
|
|
|
Mac Elite
Join Date: Oct 1999
Location: San Jose, Ca
Status:
Offline
|
|
Brickhouse (and every other one out there) use ipfw. They are just frontends that create a startup item and properly configure it.
|
|
|
| |
|
|
|
|
|
|
|
Senior User
Join Date: May 2002
Location: Austria
Status:
Offline
|
|
Originally Posted by pat++
Make sure your FTP client is using passive mode and it should work.
That's not correct. If the FTP server is firewalled, you have to use active FTP. This will work unless the clients are behind a firewall, too. In this case, you won't be able to connect to the FTP server at all.
With active FTP, the client opens a random port and tells the server the port number. The server then connects to that port on the client and transfers the files. Obviously, this won't work if the client is behind a firewall, because the server won't be able to connect to the specified port on the client.
In this case, you use passive FTP. With passive FTP, the server opens a random port and tells the client the port number. This won't work if the server is behind a firewall.
If both computers are behind firewalls, FTP won't work at all.
-------------
Silly Burrito, why don't you use SFTP? Switch off FTP sharing and turn on "remote login". Then you can use SFTP. This will work even when the firewall is turned on, because it uses only a single port and the connection will be completely encrypted. Most good FTP clients support SFTP, too, and there are also free clients available for Mac and Windows, e.g. WinSCP and Fugu.
|
|
|
| |
|
|
|
|
|
|
|
Mac Elite
Join Date: May 2001
Location: Cambridge UK
Status:
Offline
|
|
Apple's Firewall does allow a range, just try this:
Enter:
1024-65535
The dash shows that it's a range. 
|
|
|
| |
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Nov 2004
Location: Fordoche, Louisiana
Status:
Offline
|
|
Well, what I'm doing is trying to transfer Red vs. Blue files to my Xbox for viewing, and I've given the Xbox a static IP address. Apparently the dashboard I'm using doesn't allow passive FTP (that's what Rbrowserlite is telling me). I'll have to check out Brickhouse and see if it'll do what I need.
|
|
I bought a doughnut and they gave me a receipt for the doughnut... I don't need a receipt for the doughnut. I give you money and you give me the doughnut, end of transaction. We don't need to bring ink and paper into this. I can't imagine a scenario that I would have to prove that I bought a doughnut. To some skeptical friend, don't even act like I didn't buy a doughnut, I've got the documentation right here... It's in my file at home. ...Under "D".
|
| |
|
|
|
|
|
|
|
Grizzled Veteran
Join Date: Jun 2001
Location: Melbourne, Australia
Status:
Offline
|
|
Originally Posted by Krypton
Apple's Firewall does allow a range, just try this:
Enter:
1024-65535
The dash shows that it's a range.
That's for ports, not for IP addresses!
|
|
Computer thez nohhh...
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
 
|
|
|
Forum Rules
|
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|
|
Top
