6 Replies Latest reply on May 29, 2017 8:33 AM by Devon Braun

    Alternative ports for FMS 5003

    Devon Braun

      Alternative ports for FMS 5003 -- is it possible to customize the port?  If so, how?

        • 1. Re: Alternative ports for FMS 5003
          mikebeargie

          Port forwarding information | FileMaker

           

          You shouldn't change it on the machine itself; rather, you need to setup port forwarding so inbound traffic to your router on a specified port is "forwarded" via port 5003 to the server on your local network.

          • 2. Re: Alternative ports for FMS 5003
            Devon Braun

            Thanks Mike,

             

            That was my first instinct as well.

            Unfortunately I ran into a problem trying to do that.

            I set up the local port for 5003, the external port routing to that as 5004 and got an "Oops, local start port overlaps" error, which didn't immediately make sense.

            Error02.png

            for

            Error01.png

             

             

            Situation: we're trying to deal with: Two FMS systems (separate machines) on one LAN.

            Ideas was to route traffic arriving on 5003 to 5003 of one machine, traffic from 5004 to 5003 of the other.

             

            To me that seems like the port forwarding is confused, or I'm just not understanding something.

             

            In the meantime we were looking at possibly running one of the FMS machines on 5004 locally to see if that might help.

            • 3. Re: Alternative ports for FMS 5003
              mikebeargie

              It sounds like you only “translated” the port, meaning the router is intaking port 5004 and sending the traffic out blindly to 5003, getting the same conflict.

               

              You need to make sure that port 5004 is setup to direct ALL traffic (local and external) directly to the second server.

               

              You may also need to use NAT as well on the second server. NAT (Network Address Translation) can modify port 5004 traffic to the correct port of 5003.

              • 4. Re: Alternative ports for FMS 5003
                Devon Braun

                Thanks again, Mike.  You may well be correct -- thought I'm not 100% sure I'm following you correctly.

                The reason I would have expected this to work is that the two servers are on different machines and therefore on different LAN IPs, and our port forwarding follows suit, along these lines:

                 

                ExternalFmpClient#1 requests [Our WAN IP]:5003 routes to 192.168.0.10:5003 (Server#1)

                ExternalFmpClient#2 requests [Our WAN IP]:5004 routes to 192.168.0.11:5003 (Server#2)

                 

                Under this configuration I would not have expected a conflict.  Is that, for you, a blind translation of the port?  If so, how so?

                 

                 

                Regarding your two suggestions

                You need to make sure that port 5004 is setup to direct ALL traffic (local and external) directly to the second server.

                I've got TCP and UDP traffic both directing external 5004 to internal Server #2 on port 5003, but it sounds like by "all" you may be referring to something else?

                 

                You may also need to use NAT as well on the second server. NAT (Network Address Translation) can modify port 5004 traffic to the correct port of 5003.

                I'm not immediately seeing NAT as a router option.  Is that something that has to be set up on the server?

                • 5. Re: Alternative ports for FMS 5003
                  mikebeargie

                  When I say ALL traffic I mean local (LAN) and external (WAN). This way both local computers on your network (LAN) and people from outside of your network (WAN) are routed to the same place.

                  • 6. Re: Alternative ports for FMS 5003
                    Devon Braun

                    Here's what we've worked out since the original post:

                    What didn't work:

                    - Changing the port from within the router.

                    We tried a variety of configurations using Port Forwarding.

                        Port forwarding tests revealed the following

                          External IP:5004-to-LanIP#1:5003 works fine on its own

                           AND

                          ExternalIP:5003-to-LanIP#1:5003 works fine with

                          ExternalIP:5004-to-LanIP#2:5004

                           BUT

                          ExternaIP:5003-to-LanIP#1:5003 conflicts with

                          ExternalP:5004-to-LanIP#2:5003

                    That stumped the folks who support the router and maybe suggests there's something wrong with it.

                     

                    We ran a few tests with Port Triggers, which seem to route all traffic for all internal IPs on one Port, say 5004, on 5003.

                    Not what we're looking for.

                     

                    What did work:

                    Mike Beargie's suggestion to resolve it on the server machine.

                    Take all traffic that arrives to the FMS machine on port 5004 and run it on 5003.

                     

                    We're on Mac OS Sierra.  Here's the approach -- a bit involved.  LMK if there's a more convenient way:

                    1 - Create the file    /private/etc/pf.anchors/org.user.forwarding

                         a - Contents are: rdr pass inet proto tcp from any to any port 5004 -> 127.0.0.1 port 5003

                         b - Make sure there's a trailing line feed in that file

                    2 - Modify the file /private/etc/pf.conf

                         a - Add line     rdr-anchor "org.user.forwarding"    after existing line    nat-anchor "com.apple/*"

                         b - Add line     load anchor "com.apple" from "/etc/pf.anchors/com.apple"     after existing line      anchor "com.apple/*"

                         c - Make sure there's a trailing line feed in that file

                    3 - Modify file    /System/Library/LaunchDaemons/com.apple.pfctl.plist

                         a - Add line     <string>-e</string>     before line    <string>-f</string>

                         * NOTE: To do #3a requires rebooting the computer with SIP (System Integrity Protection) disabled.

                              To do that:

                    - Boot computer in Recovery Mode (boot holding down Command-R)

                    - Run Terminal command (Menu > Utilities > Terminal)    /usr/bin/csrutil disable

                    - Re-boot

                    - Make change on 3a above

                    - Re-enable SIP (Boot computer in Recover Mode, run Terminal command    /usr/bin/csrutil enable

                    - Re-boot

                     

                    This to get our second FMS running on a separate machine under the same LAN.

                    Any FM traffic arriving on our WAN at port 5004 is routed to this FMS on 5004, and the OS takes care of the rest.

                    Working fine so far.