Port 6543 blocked?

Murus
Post Reply
ColdCase
Posts: 3
Joined: Sat Aug 13, 2016 12:56 pm

Port 6543 blocked?

Post by ColdCase » Sat Aug 13, 2016 1:22 pm

I installed Murus and using the lite version with the pass everything option. Its set to block IPs from blacklists and a couple specific addresses.

I'm getting complains from MythTV that port 6543 (or perhaps the connection) is blocked:

"Couldn't communicate with 10.0.1.9 on port 6543: IO::Socket::INET::MythTV: connect timeout"

This is an internal service/app that uses SQL. 10.0.1.9 is the IP address of the computer.

I tried setting Murus preferences to not block local ports, looking at the config file it seems like all ports are set to open to all services early, then more specific ports later.

The MacMini is running OS 10.9.5 with the server package.

All I want to do is Block a few inbound IP addresses without having to learn PF.

Edit:
Looking at the pflog, apparently rule 13/0 is blocking... now to figure out what rule 13 is.... is there any easy way to defeat a hard coded Murus rule (like no-route) in the lite version? short of editing the config file.


I probably should try just using PF directly instead of the Murus GUI, its not clear to me that the pro version would be that much easier to use for the simple task.

Thanks
Last edited by ColdCase on Sun Aug 14, 2016 2:48 pm, edited 1 time in total.

ColdCase
Posts: 3
Joined: Sat Aug 13, 2016 12:56 pm

Re: Port 6543 blocked?

Post by ColdCase » Sun Aug 14, 2016 2:28 pm

Update: rule 13 is the block everything rule (log inet in table "Block_V4" or "Block_V6" tables). Murus lite adds this rule by hard code default. It then overrides the rule to open specified ports, but port 6543 doesn't seem to be one of them.

So now the question is how do I add a override rule to allow port 6543 using Murus lite?

Is this something easily done with the basic, or do I need Murus Pro?

For the moment I've edited the Murus config file (removed the block everything rule) and tables document (manually adding IP addresses to block).I'm not letting Murus update the files, and am starting PF from the command line.

This server sits behind a router with minimum port forwards similar to murus's basic default.

hany
Posts: 483
Joined: Wed Dec 10, 2014 5:20 pm

Re: Port 6543 blocked?

Post by hany » Wed Aug 17, 2016 11:26 am

Murus Lite allows you to configure Inbound rules.
To allow inbound connections to an open local port (= to a network service listening on your Mac) you just have to:

1) create a custom service using a custom name and port 6543
2) drag this new custom service from Library to Inbound
3) set this service's Inbound rules to allow/block ips and/or subnets.

It's really easy and it should take no more than 20 seconds. When finished just press PLAY to update runtime rules.
Please have a look at documentation and video tutorials.

ColdCase
Posts: 3
Joined: Sat Aug 13, 2016 12:56 pm

Re: Port 6543 blocked?

Post by ColdCase » Sat Aug 20, 2016 6:14 pm

Thanks, the documentation is a bit unclear to me in that when I set allow all services I initially expected all ports to be open. After further reading the murus document I see thats not the case.

I tried adding a custom service as you suggested, but the myth connection gets blocked anyway, something else must be going on and I don't have the knowledge to troubleshoot efficiently.

I can manually add IP addresses to the marus.table and refresh using the pfctl command provided in the documents. Thats what I'll be doing until I get around to digging deeper.

Post Reply