Now that we have many services enabled like web, mail, and FTP, let’s get the firewall up so that you can protect your server from unwanted traffic that can potentially be harmful. This is especially important if you have your server in the DMZ, which is open to the Internet.

OS X Server’s firewall is based on the open source IPfirewall, which is highly sophisticated and effective when configured correctly.

• Click on Firewall under Computer & Services for your server and press the Setting tab on the bottom. Click on Services tab.
• Press the Start Service button to start the firewall.

Server Admin should automatically determine which services are active and open ports accordingly. For example, if you have Apache web server running, port 80 will be open for HTTP traffic using TCP protocol. If you have your mail server running, port 25 should be open for SMTP traffic using protocols TCP and UDP.

You should start by keeping the default open ports as is since certain ports are used by the system. If you’re not careful, you can lock yourself out from accessing the server.

Once you start the firewall and enable services at a later time, make sure you check to see that the proper ports are open with the correct protocol to allow traffic through the firewall.

Most of the commonly used services will already be listed along with their port number. If you need to create additional openings, you would press the “+” button and fill in the information.

• Click on the Address Groups tab.

Here you can create and define Address Groups that will follow certain rules for the firewall that are specific to those groups. You can select one of the “any”, “10-net,” or 192.168.net” and press the “+” button to create a new address group.

The “any” group applies to all addresses. The “other” IP address groups are intended for the entire “10-net” range of private addresses, and the entire “192.168-net” range of private addresses.

Once an address group is created, return to the Services tab and select it from the “Edit Service for” drop down menu and make changes to the firewall for that specfic group.

• Click on the Advanced tab.

Stealth Mode is an extra security feature that will make your server invisible to requests made to closed ports as to make your server appear non existent. It is available for both TCP and or UDP protocols.

Stealth Mode is not enabled by default but it’s a nice option to have in certain conditions where security is paramount.

Previous | Next

Trackback URI | Comments RSS