Although Apple published a helpful list of TCP and UDP port numbers used by it’s products, it’s a little unclear as to which ones Workgroup Manager needs.

You can figure it out yourself by enabling firewall logging on your Mac OSX Server and watching as you fail to connect. Or, you can take my word for it — here are the ports that you need to allow access to:

1. TCP 625 for “Remote Directory Access”, as mentioned on the above page.
2. TCP 8175.

For the last port, the only option in the Server Admin firewall interface is to enable ports 8000-8999 for “Web Service, iTunes Radio streams”. If you are running other services on those ports that you want to protect, or if you’re just paranoid, you’ll want to add a custom rule for port 8175.

Add a custom firewall rule by clicking the “Advanced” tab of the Settings panel in the firewall interface of Server Admin. Click the “+” button to add a new rule:

Once you add the new rule, be sure to check off the new rule in the list of rules in the Advanced section, then click the Save button to enable it. You can verify it’s active by running:

ipfw list | grep 8175

…in Terminal. Hopefully this saves someone time!

Tags: Firewall, mac-os-x-server, Workgroup Manager

This entry was posted on Thursday, November 27th, 2008 at 12:36 pm MST and is filed under Articles, System Administration. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.