MacOS – Yosemite Server, adaptive firewall not stopping screensharingd attempts

firewallmacososx-server

I'm not certain if the Adaptive Firewall in Yosemite Server 4.0 is just not working or just not working for screensharingd. I have a Mac mini Server in a colo and get lots of attempts at screensharing. So I turned on the adaptive firewall as per Apple docs and it does not seem to be doing anything.

Whats my next step?

Best Answer

The only sure solution I know of for this is to configure VPN on the server then lock down port 5900 on the WAN interface. That will kill the attempts for screen sharing from the public side but allow it when you VPN into the server.

If the port is open on the public-facing WAN side, you can be sure that the port-scanners are going to find it and attempt getting in.

Related Solutions

OS X Server FTP server

I suggest you use what comes with OSX, namely sftp/scp, included with every OSX since the age of dawn.

Enable SSH in the sharing (Remote Login), configure what users have access and then try to use sftp from the Terminal (if you are familiar with it). Try

man sftp

to see the help.

DESCRIPTION sftp is an interactive file transfer program, similar to ftp(1), which performs all operations over an encrypted ssh(1) transport.

You have the benefits of "ftp-like" plus everything is encrypted.

If you still want to go ahead and use ftp, I suggest you take a look at ftpd conf file, located in /etc/ftpd.conf and /etc/ftpusers

In any case, take a look at the man page for ftpd.conf and ftpusers:

man ftpd.conf
man ftpusers

…to see other options you can add there (because the default one will be most likely empty or with little things in it).

There's no pretty program to configure FTP on OSX (there is on the Server version as far as I can remember).

Please note that FTP is not a very secure protocol by default and hence it should be running inside a chroot. (hint: man ftpchroot).

OS X Server – Remote HTTP Connections Ignored but Local Accepted

OS X actually has (at least) 3 firewalls. Since you've turned off the application firewall (in System Preferences -> Security & Privacy -> Firewall) and checked the Berkeley packet filter (pfctl -sa), I'm guessing it's the old ipfw that's doing the blocking. You can check with sudo ipfw show -- that'll list the active rules, along with counts of how many packets and bytes each one has applied to:

$ sudo ipfw show
01000 19228642 23229993542 allow ip from any to any via lo0
01010        0           0 deny ip from any to 127.0.0.0/8
[etc...]
65534    23505     3467352 deny ip from any to any
65535        0           0 allow ip from any to any

If your listing only shows rule #65535 (the allow rule at the end), my guess is wrong and you have to look elsewhere. If it does show other rules, you probably have a third-party firewall config program installed somewhere (I don't think the Apple-supplied ipfw config software is still there in 10.8); take a look in /Library/StartupItems and /Library/LaunchDaemons for things that might be relevant.

Best Answer

Related Solutions

OS X Server FTP server

OS X Server – Remote HTTP Connections Ignored but Local Accepted

Related Question