Is this for FM web publishing only or for FMP traffic?
I don't see port 5003 listed, which is what FMP uses to connect to FMS.
Since you can only open port 5003 once on your firewall / router I would suggest you set up a VPN and let users connect through that. Once they are connected through VPN they are ON the LAN and will be able to see both servers.
Hi! This is a normal FMP traffic, not Web traffic.
This is part of the issue, because Squid uses this configuration line to open the 5003 and 16000 ports:
acl Safe_ports port 591 # filemaker
FileMaker Server 11 is working fine and I can access the server from outside the office. But I cannot do anything with Filemaker Server 12 from outside.
Firewall in the OS X Server box is open. If it were not open we could not see them inside the office.
A VPN could be a solution, however, due to small bandwith has been discarted. It is too slow.
1 of 1 people found this helpful
I think you are looking at the wrong thing. Squid is not a firewall / router as far as I know. So port 5003 and 16000 would be open the firewall at the edge of your network (not the firewall on the OSX server itself).
Since 5003 is a hard-wired port in the FM product that can not be changed, your router can only forward traffic on that port to one internal server.
If VPN is not an option then you would need to look at something like Terminal Services so that users will have a "desktop" inside the LAN.
VPN is much cheaper; so I would invest in faster internet to make that work.
I believe you are right. I am looking at the wrong place. Squid is not blocking anything.
The issue seems related to CentOS routing. This CentOS 5 machine is the main router also, Squid is just a proxy service. The proxy is not blocking FileMaker traffic, since we can see FileMaker Server 11 on Windows machine.
If the router (CentOS machine) can only route traffic to one server and since FM cannot be changed from 5003 seems the only solution is a VPN.
We are migrating to FileMaker Server 12 since it is supposedly more efficient at WAN performance with the same bandwith. I know it must be difficult to believe but this server is located outside USA, and we are paying the highest internet access available in the area. It's a 2 mbps downstream 256 kbps upstream connection. (Really, that's the fastest we can get).
I would like to confirm you are right.
In CentOS 5 the routing is done through the IPtables file located in etc/sysconfig/iptables
FileMaker services are re-routed to our internal Windows machine:
-A PREROUTING -p tcp -m tcp -s 0.0.0.0/0 -i eth0 --dport 5003 -j DNAT --to 192.168.0.2:5003
-A PREROUTING -p tcp -m tcp -s 0.0.0.0/0 -i eth0 --dport 16000 -j DNAT --to 192.168.0.2:16000
-A PREROUTING -p tcp -m tcp -s 0.0.0.0/0 -i eth0 --dport 16001 -j DNAT --to 192.168.0.2:16001
But, it seems there is no way to expose two FileMaker Servers in the router. One with version 11 and another with version 12.
VPN seems the only solution.
keep in mind that the 256 kbps upstream is what is going to be used to SEND data to the users. That is going to be painfully slow. Is there no synchronous option that would give you the same upload as download speed?
Since I have two externally-accessible FileMaker Servers running at my home office, I do know that it can be done. The trick is to have a router that can forward to an internal port that's different from the external one. If the router is CentOS using IPTables as shown above, then you can do something like this for the FM12 server:
-A PREROUTING -p tcp -m tcp -s 0.0.0.0/0 -i eth0 --dport 5004 -j DNAT --to 192.168.0.x:5003
where 192.16.0.x is the internal address of the FM12 server.
The final part of the puzzle is in the connections from outside: your connect files and host entries need to specify the external IP address with ":5004" on the end.
This solution does not allow remote administration of the FM12 server, but it will get you database access.
Thank you so much for your answer!!!