firewalls and ports

[anubis]

I'm running V5 of server. I want to access my database over the internet from a remote office. The offices are behind firewalls. What would be the best way to do this?

I have opened port 5003 and am forwarding it to the internal IP of the server but it is not working. Can this be done this way?

Is their a better way for me to do this?

Would web client be better?

How about over a VPN?

Thanks!

[Anatoli]

Try to fiddle with TCP/IP and UDP settings for port 5003.

Something is still blocking that...

[ernst]

Hi Anubis, hi Anatoli,

I seem to remember (from a FAQ at the Netopia website) that you would need to open port 5003 for TCP but BLOCK it for UDP, otherwise the UDP packets that the server generates to announce itself over the network would 'flood' slower connections.

For what it's worth...

Best regards,

Ernst.

[Anatoli]

That is possible, but maybe the UDP is necessary to initiate connection... who knows. That's why I wrote "fiddle" Try everything

[anubis]

I have only TCP/IP ports open not UDP. May be that is the problem.. Will look into this! Thanks for the help!

[C Higham]

Silly question but if fmserver hardened enough to risk opening it up to the whole internet? I understood that there were various vunerabilities which would make placing it "in the wild" a bit risky?

Chris.

[Anatoli]

It will be plain silly

Obviously it should be behind firewall and through VPN etc...

[BobWeaver]

Port 5003 has to be open to both UDP and TCP because when a client searches for hosts, it sends out a UDP message.

[ernst]

Well even Filemaker self are not very clear about the UDP port. If you search there Knowledge base on the term 'UDP' you'll find advise to either block UDP messages or let them through. Filemaker Server before 3.0v4 seems to need UDP being allowed, for 3.0v4 and later they also advise to block UDP.

I do often connect to our company network, and have UDP blocked in the router and still see the list of files being served. I think the point is that if you directly address the server UDP is not necesarry, whilst when you just click on the host button (for example on your local network) the client just transmits a UDP message and all available servers announce themselves.

We are using server 5.5v2 on MacOS X and before on OS 9, same setup in the router.

Regards,

Ernst.

[BobWeaver]

Good point. You don't want a Filemaker server behind a firewall to respond to a broadcast request for hosts.