10 Replies Latest reply on Jul 17, 2013 8:53 AM by LSNOVER

    Client network (WiFi) blocks access to remote host

    thomasdalbert

      I have found many discussions and pointers about opening ports and/or port forwarding on the network/machine that FileMaker Server is running but I haven't found a answer to a problem which must be quite common:

       

      We are running FileMaker Server 12 on server that is set up correctly with the necesssary ports open. We can access this server with FileMaker Pro and FileMaker Go from pretty much anywhere through G3/LTE networks and also from many locations over WiFi. But it seems that some WiFi networks are blocking access to our FileMaker Server even though they are open for http, https, ftp, etc. We have encountered this on a network of a larger company but also on a schools network. This obviously is a big problem when developing FileMaker Go applications that are supposed to be able to easily connect to the data on the server.

       

      Are there any specific instructions that we can give to the IT departments of this schools and companies? Do they have to open access to port 5003 on their WiFi network as well? Is that all they have to do or do they also have to allow some other protocoll besides http? As said before, this is not related to the way the host machine is set up. The block is on the client network.

       

      Thank you for any help you can provide.

      Thomas

        • 1. Re: Client network (WiFi) blocks access to remote host
          taylorsharpe

          There are two ways FileMaker finds files, one via URL (e.g., IP or domain) and the other by the Bonjour service.  Bonjour discovery is done over UDP port 5353.  When you do an Open Remote and select "Local", you are using Bonjour to discover files.  If you use "Favorite Hosts", you are using URLs.  Bonjour is only good on local are networks.  Be aware that many WiFi networks cut out network services to make WiFi go faster and Bonjour might not work over your WiFi.  I would start with testing to make sure it is not a Bonjour problem by using a URL  in Favorite Hosts to try to connect. 

          • 2. Re: Client network (WiFi) blocks access to remote host
            thomasdalbert

            The FileMaker Server is remote - it's not even in the same state. There is definitely no way that it could connect locally. The users that are running into those issues are using URLs in the Favorite Hosts to connect. Something must be blocked in the WiFi network since they have no problem connecting once they switch to a cellular connection. I've seen this issue now in a few places - but as I said usually in places controlled by overzealous IT departments protecting their turf.

             

            Thanks,

            Thomas

            • 3. Re: Client network (WiFi) blocks access to remote host
              taylorsharpe

              Well, thanks for the additional info.  But you can be in another country and on the same LAN via a VPN.  That aside, try some additional network testing.  When they can't reach the FileMaker server via Open Remote, try to ping the server or call another service on the same server like web or ftp and see if they work.  Do a Traceroute and see if it works.  Is the behavior the same when using different OS's or computers?

              • 4. Re: Client network (WiFi) blocks access to remote host
                thomasdalbert

                - of course. I wasn't thinking of a VPN. Great idea - I'll have the client test the direct link to the server with http http://71.95.215.34 (should show "It works!")  and will also ask them to do a traceroute tomorrow. Maybe that weill give me some more information. You should be able to see a bunch of databases also with the above IP address.

                 

                For now, thanks for the ideas. I'll post whatever I find out.

                 

                Thomas

                • 5. Re: Client network (WiFi) blocks access to remote host
                  taylorsharpe

                  Good luck with it.  Networks are always interesting to debug and there are always weird things from firewalls to old routers that aren't performing properly, etc.  But you're working in the right direction.  Let us know how it goes!

                  • 6. Re: Client network (WiFi) blocks access to remote host
                    thomasdalbert

                    I think I found the correct answer although I'm a bit surprised this answer does not seem to be well documented or widely discussed.

                     

                    Port 5003 has to be open not only on the Server network/router but also on the client WiFi network! This was today confirmed by a company running FileMaker Servers and also by a FileMaker Inc. supporter.

                     

                    As I was told, most private or small WiFi routers have this port open all the time or open it automatically when needed. I'm not sure if this the right way to put it but I did notice that accessing a remote FileMaker Server via IP address or URL with FileMaker Advanced or GO works almost all the time on smaller private networks.

                     

                    But in larger schools, administrations, large companies, etc. many IT admins close all ports except the ones needed for web and email. In other words, connecting to a FileMaker Server with FileMaker GO through a WiFi network in a place like this will in most cases not work. Or it will only work if you can convince the admins to open port 5003 which can be a pretty big task with some IT departments. This puts a bit of a damper on FileMaker Server applications that are geared towards students with iPads...

                     

                    Anyway, if anybody has different information, I would appreciate to know more about it. Thank you!

                     

                    PS: getting to the FileMaker server machine with http and by doing a traceroute was working fine to a couple of different machines running FileMaker Server.

                    • 7. Re: Client network (WiFi) blocks access to remote host
                      taylorsharpe

                      Ports are assigned by IANA and FileMaker has registered port 5003.  Most security plans currently block any ports not used by a server as the default firewall setting.  You have to have access through port 5003 all the way from the client to the server and if any firewall or router blocks the port on the route to the server, it will fail.  Some people will play fancy port forwarding tricks.  But FileMaker does not support providing the service over anything other than port 5003 per it's IANA registration.  FYI, FileMaker also uses other ports including 5353, 16000,160001, 16016, 16018, 16020, 16021 16006, 16008, 16010, 16012, 16014, 16004, 50003, 2399, 80, 443, 591.  Basically you will need to make sure the ports are open at the server LAN and on the client LAN too or else it won't work, as you discovered. 

                       

                      More port info at:  http://help.filemaker.com/app/answers/detail/a_id/6427/~/filemaker-server-and-filemaker-server-advanced-port-numbers

                       

                      Also, Six Fried Rice has a nice graphic of the FIleMaker ports, albeit at an old version of FileMaker, but most if it is still accurate:  http://sixfriedrice.com/wp/filemaker-firewall/

                      1 of 1 people found this helpful
                      • 8. Re: Client network (WiFi) blocks access to remote host
                        thomasdalbert

                        Thank you very much for your detailed answer! I've been aware of the port info tables in the filemaker help files but there it says for port 5003: "This port must be open on the Master machine in the configuration". This wasn't clear enough for me to understand that it has to be open in the client LAN as well. All other ports don't seem to be needed for a normal FileMaker GO connection to database hosted on a FileMaker Server.

                        • 9. Re: Client network (WiFi) blocks access to remote host
                          LyndsayHowarth

                          It is absolutely disgusting the paranoia in the various education systems around the world. They are so fearful of law suits that they limit learning in a big way.

                           

                          NSW Dept of Education has, for the past 5 years via Federal funding, provided every year 9 student with a laptop for study purposes... but they are locked to the Dept's proxy. They filter everything... out! There are 10 web sites the kids can visit but bad luck if they find a link to somewhere else. My daughter went thru an excruciating time when she first got hers as she tried to do a geography assignment... she spent 3 nights locked in a room with that THING and at the end of the process came out crying. We dried her tears and sent her to an iMac connected to our own network and she had the assignment done within an hour.

                           

                          WE... the FileMaker community must educate and lobby Education Departments to come to their senses and greet this new technology with a bit more expertise to make rational educational decisions rather than draconian censorship. They are losing the battle!

                          No doubt financial impacts will eventually change their minds as they start to see the savings in teacher time that computing can bring... but it might just be they have missed the boat and will never catch up.

                           

                          Yes get them to open port 5003... demand they do!

                           

                          - Lyndsay

                          • 10. Re: Client network (WiFi) blocks access to remote host
                            LSNOVER

                            Lyndsay:

                             

                            I can empathize.   But have you been put in charge of a room full of teenage boys and girls with unrestricted access?  It can get MIGHTY interesting what they bring up.  Most of them are smart enough to get around many of the limitations that are impossed.  It's a real problem and a real distraction, especially in suit happy America.   Little Tommy brings up naughty pics or video by beating the system, little Susy sees it and goes home and shares the exciting news.  Little Susy's parents sue the teacher and the school, NOT little Tommy and his parents.  (Lawyers go for the deep pockets).   Sad but true.

                             

                            Cheers!

                            Lee