Remote FileMaker Server Admin problems IPNetRouter

[supergrug]

Hi,

We are hosting several DBs with FileMaker 7 Server to a local network, which is behind an IPNetRouter 1.6.8 box acting as our firewall/router.

I can connect to the databases using FIleMaker 7 'client' on the local network, as well as remotely through the router's open port 5003. I can also access the machine using AFP, which I use for uploading databases to be served.

My issue is I can't access the server using the FileMaker Server Admin program from outside the router. I can use it fine on the actual server, as well as from any internal machine. I have opened ports 50003 and 50006 on the router, as well as 5006 (which I don't think is necessary but was in some FileMaker docs, probably a typo). The FileMaker Server's firewall is off.

The error message says 'Connection to the filemaker server is lost', which is different to the message that you get if you type in the wrong IP, so I'm convinced at least part of the connection is getting through.

When trying to resolve the problem, I set the router to forward all traffic on all protocols and ports to the FileMaker machine, but the same error message occurs. From this, I conclude it isn't a problem with having the wrong ports open.

Any insights would be greatly appreciated.

Thanks

SuperGrug

[DykstrL]

You might also try opening port 2399 TCP and UDP.

[dayhox]

SuperGrug,

You didn't happen to have FMS 7 Preview installed on this machine before FMS 7 was released, did you? I know we ran into a similar problem. We neglected to fully erase the Preview release inluding the ./Library/FileMaker Server 7/ folder. After deleting everything FMS (backup your DBs to a secure locale) and reinstalling, we were able to admin the machine remotely.

Your problem may be different though, we could admin localhost, but couldn't on machine 2' away (same subnet) dunno.

Hope it helps,

d

[supergrug]

I will try opening the 2399 port tonight. As mentioned, at one stage I forwarded all traffic to the FileMaker Server through the router, so I don't think this will help.

Thanks

SuperGrug

[Vaughan]

Cardiofuse: this is the third time you have posted your question, and the second thread you have hijacked.

One post is enough.

Edited September 26, 2005 by Guest

[LaRetta]

Hi Cardiofuse,

You appear to be posting the exact same post on several threads. This is (highly) discouraged here. Please choose the BEST forum to fit your needs and only post there, okay? We'd appreciate it. All of your other posts will be deleted.

And now it seems two Moderators are being busy little 'scrubbing bubbles' and deleting posts as quickly as possible. You'll be lucky to have ANY post left if we both delete the same 'last' duplicate simultaneously!! Ahhh, reminds me of deleting duplicate records in multi-user mode - because this post of yours just got deleted by another Moderator! ROFLMAO!

In case you don't get the drift by now (smile), do not post more than once please.

LaRetta

Edited September 26, 2005 by Guest

[Steven H. Blackwell]

You must VPN into the **network** in order to use the SAT Tool behind a NAT configuration. What you are presently trying to do--go thru the router with the tool- is not a supported configuration.

BTW correct Ports for the SAT Tool are 50006 and 50003. Port 5003 is for FileMaker Pro data.

HTH

Steven

[Cardiofuse]

Well the answer to my problem is that the 5003 port was open on the original server machine but not on the demo FMS7 machine. I had to go back and open 5003 on the "specific" local computer (10.0.1.x). That fixed the problem. Thanks for all who hung in there but trial and error won another round. I hope this helps someone. I've been using this configuration for 3 years now with FMP6 and FMS5.5 and it has worked flawlessly behind the NAT configuration...maybe they should support it....or at least recommend a fix to this common setup.

[Steven H. Blackwell]

This was a conscious decision not to work in the fashion you're seeking. FMI is aware of this, I believe, and perhaps in the future they will make some changes. In the meantime all you have to do is VPN into the network. Both macintosh OS X (10.3/10/4) and Windows XP Pro have built-in VPN clients.

HTH

Steven

[cbum]

Dear Mr Blackwell,

re: "You must VPN into the **network** in order to use the SAT Tool behind a NAT configuration. What you are presently trying to do--go thru the router with the tool- is not a supported configuration."

Could you elaborate on that? I just spent a frustrating week with FM tech support and our university IT department trying to get remote admin access to work, so far to no avail, and noone at FM has said anything like your statement.

BTW, VPN is not an option, because the university uses the cisco VPN, which is incompatible with quad PPC macs...

Our IT techs have opened the relevant ports indicated in the thread with NAT, to no avail, and FM tech support insists its something in our firewall that is preventing the FMSadmin to connect. This is the first indication that FM dos not support what we are trying. Please elaborate, particularly since I don't see your statement supprted anywhere in the docs....

thanks for your time.

[Steven H. Blackwell]

Nothing to elaborate upon.[color:red] The SAT Tool does not work through a router when NAT is in effect.

BTW, be sure to update your FMS 7 to the latest v-rev (7.0v4).

Steven

[Steven H. Blackwell]

BTW, VPN is not an option, because the university uses the cisco VPN, which is incompatible with quad PPC macs...

Also, if you're going to be using this machine as a server for FMS 7 Advanced for web publishing, please do be aware that multi-processor CPU's may not work correctly with Server 7 Advanced.

Generally, I'd recommend your review of the Server Tech Brief found at:

http://www.filemaker.com/support/upgrade/techbriefs.html

HTH

Steven

[Wim Decorte]

BTW, VPN is not an option, because the university uses the cisco VPN, which is incompatible with quad PPC macs...

Let me be flippant just to make a point: it's not the VPN that should not be an option, it's the Macs.

Seriously: you'd consider connecting across the internet "in the clear" because some hardware doesn't support VPN??

Either the VPN hardware should be replaced or the incompatible other hardware. VPN is the single most import thing in secure remote connections to a network. It does not make sense to bypass it for any reason.

And this is not a Mac bash. I'd say exactly the same thing if it were Windows, Linux or any flavor of Unix.

Edited December 12, 2005 by Guest

[cbum]

Steven,

why is port forwarding supported and not NAT? Are there different security issues?

Also, your v4 upgrade suggestion is just a general advice, not related to my problem, right?

re: multiprocessor macs, the quad is the remote machine, the server is running on a dual G5 for over a year without a problem so far.

thanks.

Edited December 12, 2005 by Guest

[Steven H. Blackwell]

Regarding the dual processor issue and web publishing, please see FMI Tech Info # 5303.

Regarding NAT and the SAT Tool, basically what I can tell you is that the decision was made that to administer a machine behind a firewall with NAT using the SAT Tool would require VPN access to the network. An alternative would be to use TimBukTu.

Regarding the 7.0v4 issue, that is general advice. However there were some related issues. From the Release Notes:

Remote Administration Password Security When FileMaker Server Admin 7.0v3 or earlier was used to connect to a server remotely, in many cases the password was sent over the network unencrypted. Passwords used for remote administration are now always encrypted. If your FileMaker Server 7 was set to “Allow remote users to administer FileMaker Server” and Administrator Authentication was set to anything other than “Require no password”, the remote administration password for Server, or the passwords for all fmsadmin group accounts, should be changed.

HTH

Steven