How to Allow Services through Lion Server’s Firewall
Server Admin lets you set which services you want to allow through the Lion Server firewall by selecting them from a list. The list of services is much larger in Server Admin. If your service isn’t in the list, you can add it to the list. You can also change the port number.
To change the port number in Server Admin:
Click the triangle next to your server in the left column to expand the list of services and select Firewall from the list.
Click the Settings icon in the toolbar and then click the Services tab.
Select check boxes next to the services/ports that you want to allow traffic on.
The list of ports includes many services not included in Lion Server (such as FTP and WINS), as well as ports for some third-party products that may be on a network. Notice also that the protocol (TCP or UDP) is already set.
To change a port number, service name, or protocol, double-click the service you want to edit.
A dialog appears, with fields for the service name and port number.
In the new dialog, type a new service name and/or port number or choose TCP, UDP, or TCP and UDP from the Protocol pop-up menu; click OK.
The Port field can contain a range of ports (such as 8000–8999) or a list of port numbers separated by commas (with no spaces).
To add a new port, click the Add (+) button under the list of services.
When the same dialog from Step 5 appears, type a service name and a port number and choose a protocol from the pop-up menu.
Click OK and then click the Save button.
Near the top of the Server Admin Firewall window is a pop-up menu called Editing Services For. In the preceding steps, the assumption is made that Any was chosen in this menu. Any means that the set of ports you selected is applied to all IP addresses that receive traffic.
You can also choose an address group, which is a range of addresses that you apply settings to. Lion Server automatically creates two address groups covering the range of private IP addresses: the 10-net range (10.x.x.x) and the 192.168-net range (192.168.x.x). This isn’t a choice of one address group or another; you can set different port settings for different address groups.