Alternative ports for FMS 5003 -- is it possible to customize the port? If so, how?
Port forwarding information | FileMaker
You shouldn't change it on the machine itself; rather, you need to setup port forwarding so inbound traffic to your router on a specified port is "forwarded" via port 5003 to the server on your local network.
That was my first instinct as well.
Unfortunately I ran into a problem trying to do that.
I set up the local port for 5003, the external port routing to that as 5004 and got an "Oops, local start port overlaps" error, which didn't immediately make sense.
Situation: we're trying to deal with: Two FMS systems (separate machines) on one LAN.
Ideas was to route traffic arriving on 5003 to 5003 of one machine, traffic from 5004 to 5003 of the other.
To me that seems like the port forwarding is confused, or I'm just not understanding something.
In the meantime we were looking at possibly running one of the FMS machines on 5004 locally to see if that might help.
It sounds like you only “translated” the port, meaning the router is intaking port 5004 and sending the traffic out blindly to 5003, getting the same conflict.
You need to make sure that port 5004 is setup to direct ALL traffic (local and external) directly to the second server.
You may also need to use NAT as well on the second server. NAT (Network Address Translation) can modify port 5004 traffic to the correct port of 5003.
Thanks again, Mike. You may well be correct -- thought I'm not 100% sure I'm following you correctly.
The reason I would have expected this to work is that the two servers are on different machines and therefore on different LAN IPs, and our port forwarding follows suit, along these lines:
ExternalFmpClient#1 requests [Our WAN IP]:5003 routes to 192.168.0.10:5003 (Server#1)
ExternalFmpClient#2 requests [Our WAN IP]:5004 routes to 192.168.0.11:5003 (Server#2)
Under this configuration I would not have expected a conflict. Is that, for you, a blind translation of the port? If so, how so?
Regarding your two suggestions
I've got TCP and UDP traffic both directing external 5004 to internal Server #2 on port 5003, but it sounds like by "all" you may be referring to something else?
I'm not immediately seeing NAT as a router option. Is that something that has to be set up on the server?
When I say ALL traffic I mean local (LAN) and external (WAN). This way both local computers on your network (LAN) and people from outside of your network (WAN) are routed to the same place.
Here's what we've worked out since the original post:
What didn't work:
- Changing the port from within the router.
We tried a variety of configurations using Port Forwarding.
Port forwarding tests revealed the following
External IP:5004-to-LanIP#1:5003 works fine on its own
ExternalIP:5003-to-LanIP#1:5003 works fine with
ExternaIP:5003-to-LanIP#1:5003 conflicts with
That stumped the folks who support the router and maybe suggests there's something wrong with it.
We ran a few tests with Port Triggers, which seem to route all traffic for all internal IPs on one Port, say 5004, on 5003.
Not what we're looking for.
What did work:
Mike Beargie's suggestion to resolve it on the server machine.
Take all traffic that arrives to the FMS machine on port 5004 and run it on 5003.
We're on Mac OS Sierra. Here's the approach -- a bit involved. LMK if there's a more convenient way:
1 - Create the file /private/etc/pf.anchors/org.user.forwarding
a - Contents are: rdr pass inet proto tcp from any to any port 5004 -> 127.0.0.1 port 5003
rdr pass inet proto tcp from any to any port 5004 -> 127.0.0.1 port 5003
b - Make sure there's a trailing line feed in that file
2 - Modify the file /private/etc/pf.conf
a - Add line rdr-anchor "org.user.forwarding" after existing line nat-anchor "com.apple/*"
b - Add line load anchor "com.apple" from "/etc/pf.anchors/com.apple" after existing line anchor "com.apple/*"
c - Make sure there's a trailing line feed in that file
3 - Modify file /System/Library/LaunchDaemons/com.apple.pfctl.plist
a - Add line <string>-e</string> before line <string>-f</string>
* NOTE: To do #3a requires rebooting the computer with SIP (System Integrity Protection) disabled.
To do that:
- Boot computer in Recovery Mode (boot holding down Command-R)
- Run Terminal command (Menu > Utilities > Terminal) /usr/bin/csrutil disable
- Make change on 3a above
- Re-enable SIP (Boot computer in Recover Mode, run Terminal command /usr/bin/csrutil enable
This to get our second FMS running on a separate machine under the same LAN.
Any FM traffic arriving on our WAN at port 5004 is routed to this FMS on 5004, and the OS takes care of the rest.
Working fine so far.
Retrieving data ...