Apple Remote Desktop (ARD)
-
Hello…
I'm currently running pfSense 2.4.2-RELEASE-p1 (amd64). I've been attempting to connect to a relatives MacBook Pro from my Mac using Apple Remote Desktop with no luck. I've always been able to connect in the past. There are only two things that have changed since that time; my relative got a new router from her ISP which they stated they put it in bridged mode and I began to use pfSense. Each of our Macs are up to date as well. I don't know that pfSense is blocking the connection but am wondering if anyone has any experience with pfSense and Apple Remote Desktop that may be able to provide some guidance?
Thank you.
-
By Default, pfSense will pass all traffic originating from LAN unless the user changes it. Now how are you accessing ARD. Is it open access to the remote desktop or you connect to VPN and then remote in. If its open access, you may have to check if the port is open on the appliance although this is not recommended.
-
I use ARD with my relatives IPv4 address; my Mac to their Mac. Nothing in between. It is interesting to see when my relative begins to read the result from whatismyip.com vs the DynDNSs IP check. It sounds like whatismyip provides an IPv6 address and DynDNS provides and IPv4 address.
I've locked down my LAN pretty tight. In an effort to test if pfSense was blocking the connection, I created a port alias with 3283 and 5900. I then crafted a rule on my LAN to pass traffic from my LAN to any using the port alias and still couldn't get through. Maybe I'm crafting the rules incorrectly.
-
I would disable the existing rules temporarily. Then start with Any Any rule at the very top and take it from there.
-
Ok, I placed an Any Any LAN rule at the top and did a packet capture on my LAN. My relatives internet IPv4 address responded back to my LAN IPv4 address several times with a "udp port 3283 unreachable". Port 3283 is Apple's Remote Management port. My relative of course has always had remote management enabled on their Mac so I could remote. Hmm. Seems something is blocking the port. Maybe their ISP doesn't have their router in bridge mode maybe?
-
Yeah. Looks like the router doesnt have the port open
-
When I have to help a relative regularly I set up an OpenVPN server on their end and VPN in. From there you can ARD straight to the inside address.
If that is not possible I use the screen sharing in Messages so no ports have to be forwarded.
I like ARD too but it's not worth forwarding in ports for.
-
Derelict…I wouldn't be able to setup and OpenVPN server on their end. I know where the Screen Sharing is in System Preferences -> Sharing and they have Remote Management checked in Sharing as well but I'm not sure what you are referencing in "Messages". Can you point me to that so I can try that?
-
In Messages right-click on a user and see the screen sharing options.
For that everyone has to be using iMessages.
 -
Thanks Derelict. I'll give Messages a try.
