Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

10.4: Fix firewall blocking of Mail under internet sharing Network
Tiger only hintWe just put in an PowerMac at a retired relative's house running Tiger connected to the internet via DSL. Normally, the PowerMac will only be used as a standalone machine, but it does have an AirPort card. While we're visiting, we want a wireless network so we can use our notebooks to access the internet.

So, today, we tried it. Web surfing worked immediately. Mail, however, would not work. We figured out that the firewall running on the PowerMac was blocking ports Mail needed, but then it took a bit of playing around to make it work. We turned on logging and found blocked ports that might be used by Mail, told the firewall to allow them, and got things working. Since there was already someone using a port scanner on us, we removed some of the ports from the allowed list that we weren't sure we actually needed there, and things still worked.

Here's what we did...
  1. Go to System Preferences -> Sharing -> Services and turn on "Personal Web Sharing" (if you don't, you'll be prompted to later), and click the "Start" button to turn on the service, if necessary.

  2. Under System Preferences -> Sharing -> Firewall, click "New..." and create an "other" listing with these ports:
    • TCP ports: 110, 143, 587, 993
    • UDP ports: 192
    • Description: Internet bridging. That may not be the best description, but it'll do.
    Click "OK" and the new service should be on. Our firewall was already on, of course. If yours isn't, it should be OK to turn it on.

  3. Under System Preferences -> Sharing -> Internet, choose the options to share your connection from "built-in Ethernet" and turn on sharing to computers using AirPort.

  4. Click "AirPort Options" to create an AirPort network. For a quick network, I leave the computer name, use "automatic" for the channel, enable encryption, and put on a password. To make it more permanent, I'd also turn on MAC filtering, though I'd have to look up how (at home, we have an AirPort Base Station).

  5. Click Start
You may also have to turn on AirPort; I do that via the AirPort icon on the menu bar. To add that icon, go to System Preferences -> Network, show AirPort, and click on the AirPort tab.

I think needing to add the ports to the allowed list on the Firewall is new with Tiger, as we have created such networks in the past without noticing this problem. The last time was a few years back, and we can't remember if the computer connected via AirPort was actually used to send or receive email in the short time we used the wireless net; I can't imagine that it wasn't. Hopefully Apple will at least add an email option to the services pane at some point.
  • Currently 2.00 / 5
  • 1
  • 2
  • 3
  • 4
  • 5
  (4 votes cast)

10.4: Fix firewall blocking of Mail under internet sharing | 3 comments | Create New Account
Click here to return to the '10.4: Fix firewall blocking of Mail under internet sharing' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.4: Fix firewall blocking of Mail under internet sharing
Authored by: raider on Aug 16, '05 01:20:09PM
This really depends on what it is you use for mail. If you need just POP and SMTP all you need are 110 and 25. IMAP and POP/SMTP over SSL use those other ports...

Also, you can use "Brickhouse" to set up firewall rules based on each network adapter - so that your broadband connection doesn't have to open those holes, only the airport local side.

[ Reply to This | # ]
10.4: Fix firewall blocking of Mail under internet sharing
Authored by: clknight on Aug 16, '05 01:52:12PM
Could also use Brickhouse, or a command-line tool like mfw to open all ports on the LAN side, based on either interface or IP address (typically 10.0.x.x for Internet Sharing). That will enable Rendezvous-based happiness within the LAN while still firewalling incoming Internet traffic.


[ Reply to This | # ]

10.4: Fix firewall blocking of Mail under internet sharing
Authored by: ThreeBKK on Oct 02, '08 10:01:59PM

liz4cps: Thanks for posting that hint.

Maybe some updated information would be useful for Mac users in 2008.

I'm sharing internet from Tiger (PPC) to Leopard (Intel). I could receive, but couldn't send Mail messages after opening TCP and UDP ports 993. After adding 587 to TCP, I was able to send, and I found that closing UDP port 993 had no negative effect.

Apparently, port 143 is used for non-SSL Mail, which I don't plan to use anyway.

To summarize:
TCP 587, 993
UDP (nothing)
Personal Web Sharing (enabled)

This works for me, and I'm syncing a MobileMe account, and a Gmail account, both of which are IMAP.

Also of interest: While sharing internet from Leopard (PPC) to Leopard (Intel), Mail "just works". There is no need to open and close individual ports to attain full functionality.

[ Reply to This | # ]