Firewall settings on Pace router for Mac Screensharing

[metolius]

Hi there,

I recently switched (upgraded, I guess) to the Pace router from something 4+ years old, and mostly I'm very pleased with it.

The only thing that I can't seem to get working is the Mac Screensharing feature—this used to work just fine, and now seems to be blocked.

I'm assuming this is a matter of finding the right firewall settings, but I'm not having a ton of luck. So far, I've tried enabling VNC and creating a custom UDP port 88 opening for Kerberos, but that has not done the job yet. I added a screenshot to the attachments here.

Any suggestions very welcome! I have a message into Sonic customer care, too, and will report back if they figure it out.

Thanks!

[ankh]

I don't know the answer to your question -- my screen sharing works OK between two Macs.

But I will caution you to make sure not to allow screen sharing by default.

I get a screen sharing request every week or two from some unfamiliar IP address not part of, well, anything near me at all. Eastern Europe or Asia.

If there's a way to firewall these at the Pace router, mine's not set up for that.

I have what you want, and vice versa, apparently.

[Guest]

But I will caution you to make sure not to allow screen sharing by default.

I get a screen sharing request every week or two from some unfamiliar IP address not part of, well, anything near me at all. Eastern Europe or Asia.

If there's a way to firewall these at the Pace router, mine's not set up for that.

Any standard firewall should automatically block these types of requests unless if your machines are in a DMZ and no firewall in place in that zone. I no longer use a Mac but it appears Mac Screen Sharing is just VNC, which uses 5800/5900. You should recheck your configuration and use a port scanner like GRC's ShieldsUP! after you enable a service l like SSH. Or maybe you have it configured but you've forgotten about it. My suggestion is to only forward SSH and allow loopback connections only in VNC. That way you're forced to use SSH to create a tunnel and connect using that.