Trouble shooting firewalls

Firewalls are one of the biggest causes of licensing errors. Due to the number of times this has come up in building this documentation, we decided to make one document with steps for both making exceptions and disabling the firewalls on Windows, Macintosh, and Linux.

Disable the firewall

Windows

Note: The newer versions of the license server installers for Windows make these firewall rules by default. If your version was downloaded after October 2015, this should not be needed.

In order to disable the Windows Firewall, you need to go into the control panel, search for firewall, and then click the ‘Check Firewall Status’ option

_images/winfire1.png

On the left hand side choose ‘Turn Windows Firewall on or off’

_images/winfire2.png

Choose ‘Turn off Windows Firewall’ for all listed types of networks, then hit ok.

_images/winfire3.png

Macintosh OS X

For Macintosh OS X, often the firewall is already disabled. If you aren’t sure, open up System Preferences from the Apple menu, in the upper left hand corner, and choose Security and Privacy.

_images/macsyspref.png

Under Security and Privacy choose the Firewall Tab

_images/secpriv.png

In this tab you will see if the firewall is on or off. If it is on, you will likely notice the ‘Turn Off Firewall’ button is greyed out. You will need to click the lock in the lower left corner.

_images/macfireon.png

Enter your administrative credentcials when prompted.

_images/macfirepass.png

Now you will see the Turn Off Firewall button enabled, and you can turn off the firewall.

_images/macfireunlocked.png

Don’t forget to click the lock again to save your changes.

_images/macfireoff.png

Linux

For disabling the firewall in Linux, we will show how on two different distributions, Red Hat and Debian.

Red Hat

Open a terminal window and type

/etc/init.d/iptables save /etc/init.d/iptables stop

In order to stop the firewall from starting up on boot, you would use

chkconfig iptables off

Debian

First verify the firewall status using

sudo ufw status

If the status is reported as active, then you will want to stop it using

sudo ufw disable

Making a Firewall exception

Windows

In order to add an exception to Windows, open the start menu and type firewall. Then choose the ‘Windows Firewall with Advanced Security’ option.

_images/advmenu.png

Once the window opens you will want to choose ‘Inbound Rules’ on the left, then ‘New Rule…’ on the right.

_images/adv01.png

In the new window choose the Program option and next.

_images/adv02.png

Then give it the path to your lmgrd process (You will need to repeat this for thinkbox.exe).

_images/adv03.png

Next choose ‘Allow the connection’, so that the program can run.

_images/adv04.png

Make sure to allow for all three network types; Domain, Private, and Public.

_images/adv05.png

Give the rule a name, I usually name it after the process. finally, click finish.

_images/adv06.png

Make sure you make exceptions for both thinkbox.exe and lmgrd.exe as these are critical parts of the license server.

Macintosh OS X

For OS X, often the firewall is disabled. If you aren’t sure, open up System Preferences from the Apple menu in the upper left hand corner, and choose Security and Privacy.

_images/macsyspref.png

Under Security and Privacy choose the Firewall Tab.

_images/secpriv.png

In this tab you will see if the firewall is on or off. If it is on, you want to add an exception for the licensing processes. You may need to click the lock in the lower left corner.

_images/macfireon.png

Enter your administrative credentials when prompted.

_images/macfirepass.png

Once unlocked, click the ‘Firewall Options’ button.

_images/macsharepanel.png

This window will have a list of protocols and give you the chance to add a new exception. Click the + symbol.

_images/macfireonexcept.png

You will be prompted to locate the executable you want to add an exception for. You will want to do this to add both lmgrd and thinkbox to the exceptions list.

_images/macfirefile.png

Once you have added both exceptions, click OK on the lock again to save your changes.

_images/macfireon.png

Linux

Please note that due to the complexity and possible complications resulting from editing the Linux IP tables, we recommend only experienced users to attempt this. Otherwise please contact your system administrator or support for assistance on this.

Red Hat

In order to add in a rule for lmgrd on Linux, you would use the command

iptables -I INPUT 1 -p tcp --dport 27000 -j ACCEPT

This assumes your lmgrd is using the default port, if this is not the case you will need to create a rule for any custom ports it may use.

For the vendor daemon using a custom port you will need to add ‘PORT=#####’, to the VENDOR line of the license file. Once finished a second rule for this must be added to the IP tables.

Debian

In order to add in a rule using the ufw on Debian based distributions, you would use the command

sudo ufw allow 27000/tcp

You would change the number to whichever port you need to use, and make sure you make exceptions for both the lmgrd license server executable, and the thinkbox vendor daemon.