One of the main functions of your network router is to direct common tasks (services) like web browsing and mail to come in and out of your network. Initially, before properly configuring the router, many potential services are blocked by default. This is actually a good thing and it is doing exactly what it is meant to do: protect your network from potential threats and/or intrusions.
In order to allow OS X Lion Server’s services to pass between the internal private and external public network we need to set-up port forwarding. This process opens up ports on the router to allow more services to work in your home or business network.
Step One: Get a Static IP Address and Domain Name
Make sure to set up a static IP (Internet Protocol) address this is a unique address on your local network. Having this static IP will allow port forwarding services from the router to the computer it is hosted on.
In most cases your Mac will have a dynamic IP address. Dynamic addresses change periodically, usually when you reset your router, while static IP addresses always stay the same.
To change the IP address of your Mac:
- Go to System Preferences > Network
- Click on your WIFI connection method in the top right-hand corner.
- If you are connected to the Internet via Wi-Fi, select AirPort.
- Once you have selected your connection method, click “Advanced”.
This will open a new dialog. From here:
- Click the TCP/IP tab
- Select “Using DHCP with manual address” from the “Configure IPv4” drop-down menu.You will now need to enter a static address for your Mac in the IPv4 Address field. This number will typically begin with the first 3 segments of numbers from your Router field, however you will have to enter a new number for the last digit. For example, if your router address is: 192.168.1.1, a possible address you could use is: 192.168.1.19. Do not use an address that is identical to another system, this can cause network connectivity problems.Notate what you have designated as the static IP address because you will need it later. Next click OK and then save the changes.
Apple Airport Extreme
Apple’s Airport Extreme router sets up port forwarding automatically when Lion Server detects an Airport Extreme on the network.
You can see below how the ports are opened by the server when you access an Airport Extreme base station through Airport utility (see below).
Airport utility and the Apple routers on your network
When you select a router, you can see ports opened automatically by Lion server
Port Forwarding for Other Routers
Most routers on the market use a web interface to change their settings, so each manufacturer will have a slightly different interface and approach to changing these settings.
Configuring Port Forwarding On Your Router
The next step is to configure port forwarding on the network router. Port forwarding will tell the router to access your Mac when this port is connected to your home or business Internet connection.
This example uses an AirPort Extreme router to configure the port forwarding, but you can do this on almost any router that you may already own.
- Open AirPort Utility on your Mac
- Click on your AirPort router in the sidebar
- Click the Manual Setup button
Once entering the manual setup mode, go to:
- Internet > NAT > Configure Port Mappings
- Click the plus (+) button to add a new port forwarding service
- The Network Address Translation service handles port forwarding, enabling one IP address to host many different services. This is another service usually handled by routers: it’s the reason why multiple computers and other devices can access the Internet despite having only one IP address (to see your true IP address, as opposed to the IP address assigned to your device by your router, you can use a service like whatismyip.com or IP Chicken).
The Port Mapping Setup Assistant will show a drop-down menu, allowing configuration of several settings.
- Service drop-down menu à default selection (“Choose a service”)
- Public UDP Port à9091
- Public TCP Port à9091
- Private UDP Port à9091
- Private TCP Port à9091
Some Common Ports to Open on Lion Server
What ports you need to open depend on what sorts of services you want to cross your network. An example from Mac Forums’ louishen:
|Address Book Server|
|Address Book Server||8800||TCP|
|Address Book Server SSL||8843||TCP|
|File sharing (Apple AFP)||548||TCP|
|File sharing (Windows SMB/CIFS)||161||TCP|
|iCal Server using SSL||8443||TCP|
|iChat Server using SSL||5223||TCP|
|iChat Server, server-to-server connection||5269||TCP|
|iChat Server’s file transfer proxy||7777||TCP|
|Mail: IMAP using SSL||993||TCP|
|Mail: POP3||110||TCP, UDP|
|Mail: POP3 using SSL||995||TCP, UDP|
|Mail: SMTP legacy SSL submission||465||TCP|
|Mail: SMTP standard||25||TCP, UDP|
|Mail: SMTP submission||587||TCP|
|Remote connection SSH (Secure Shell) *||22||TCP, UDP|
|Remote Management (Apple Remote Desktop)||3283, 5900||TCP, UDP|
|Web service HTTP||80 or 8080||TCP|
|Web service HTTPS (secure web service via SSL)||443||TCP|
|Screen sharing VNC||5900||TCP|
|Virtual Private network|
|VPN L2TP ISAKMP/IKE||500||UDP|
|VPN L2TP IKE NAT Traversal||4500||UDP|
|VPN L2TP ESP (firewall only)||IP protocol 50||n/a|
* Do not enable SSH if at all possible, computer techs sometimes use it for terminal access to remote computers, but SSH can attract hackers.
Here is an example of the ports that are opened on the Netgear router from Mac Forums’ louishen.
After completing, click the Continue button. On the next screen, give your port mapping a description, then click Done and click the Update button when you are done configuring the router. At this point your router will restart, make sure to save your settings.
So, with the router set-up to bypass all the services your network server is going to use, you can now download and install Lion Server.