8 Replies Latest reply on Nov 2, 2012 7:05 AM by wimdecorte

    Port 50004

    MichaelMaher

      Port 50004 is open on our Win 2008R2 server hosting FMSA11, associated with fmserver.exe

      I haven't found any FM documantation about this port.

      Does anyone know if it can be safely closed? Or what it does?

       

      Michael

        • 1. Re: Port 50004
          CarstenLevin

          Hi Michael, this is probably a mistake.

           

          Is port 50003 open?

           

          50003 = FMS Admin Port

          This port must be available on the Master machine in the configuration

           

          Unless 50004 was opened by mistake, You should find out how/why it was opened. And I for now as the first measure I would close it at once. It is not in use by FileMaker.

           

          Best regards

           

          Carsten

          • 2. Re: Port 50004
            wimdecorte

            Here's a list of all the ports that FMS uses and why you need them:

             

            http://help.filemaker.com/app/answers/detail/a_id/6427/kw/ports/related/1

            • 3. Re: Port 50004
              beverly

              And this from Geoff C is wonderful:

               

              http://sixfriedrice.com/wp/filemaker-firewall/

               

              If it says "9", it's still valid.

               

              -- sent from my iPhone4 --

              Beverly Voth

              • 4. Re: Port 50004
                CarstenLevin

                Hi Michael,

                Just curious: Was it a mistake, somebody opening 50004 when wanting to open 50003?

                Or did you find another explanation?

                 

                And ... I guess that my answer was the correct answer to your question.


                Best regards


                Carsten

                • 5. Re: Port 50004
                  MichaelMaher

                  Thanks for replies - I think I can safely assume 50004 can be closed with impunity - will do it over a weekend just in case.

                  I succeeded in closing 50003 by turning off the remote admin exe, and helper, in the local firewall. We don't need that open as all admin console is done on the host machine.

                  It was the IT guys who found 50004 was open and associated with fmserver.exe, but I have never seen it mentioned in any documentation.

                   

                  We are also considering closing:

                  135     rpc

                  139     netbios

                  445     smb

                   

                  Though I'm not sure we need these or not - the IT guys didn't even know, but I think they were too busy to ask their dedicated Win server experts.

                  So it'll be trial and error with them.

                   

                  Michael

                  • 6. Re: Port 50004
                    MichaelMaher

                    OK, here's what happened:

                     

                    The server (Win 2008 R2) firewall is set up to enable/disable executables, rather than ports (although ports can be opend, but not individually closed).

                    When I was attempting to close 50003, I unchecked fmsadmin.exe and fmshelper.exe in the firewall, as we don't need Remote Admin. That closed 50003. What I didn't realise was that fmserver.exe apparently was not happy about the closure of 50003, so it opened 50004.

                     

                    When the IT guys wanted to close 50004 (not knowing much about fmserver.exe) they unchecked fmserver.exe. Naturally we heard about this immediately from the users.

                    I went in and rechecked/reopened fmserver.exe.

                     

                    The effect from closing and opening fmserver.exe was that 50004 closed and 50003 was opened. fmsadmin and fmshelper are still closed in the firewall.

                     

                    I can only assume that fmserver wants 50003 open, and when it was closed due to closing fmsadmin, it simply opened the next available port.

                     

                    So at this point, we are unable to close 50003 without 50004 replacing it. I think we'll leave it open.

                     

                    Michael

                    • 7. Re: Port 50004
                      BruceHerbach

                      Michael,

                       

                      There are two firewall types to look at.  It sounds like the one you are dealing with is on the server and  the admin tool needs the port available on the server.  The other is an external device that would connect at the router and sit between the internet router and the LAN.   If you have this type of Firewalll then you can close port 50003 here and prevent anyone outside of the company from getting to the admin console.

                       

                      My guess is that running fmsadmin.exe on the server uses the port.   Even if it's going throught the local loop back address. 

                       

                      Most WiFi routers have the second  type of firewall built in.  My old Linksys did as well as my current Apple TimeCapsule.   Your IT lan/wan admin should disable these ports at the router/firewall.  This will prevent access from outside the company.

                       

                      HTH
                      Bruce

                      • 8. Re: Port 50004
                        wimdecorte

                        The FMS admin console has a built-in feature to disallow remote admin.  So if that's the only reason, don't mess with the firewall.   Toggle the restriction setting on and set the IP address to 127.0.0.1

                        FileMaker Server Admin Console-1.png