Trouble shooting firewalls¶
Firewalls are one of the biggest causes of licensing errors. Due to the number of times this has come up in building this documentation, we decided to make one document with steps for both making exceptions and disabling the firewalls on Windows, Macintosh, and Linux.
Disable the firewall¶
Windows¶
Note: The newer versions of the license server installers for Windows make these firewall rules by default. If your version was downloaded after October 2015, this should not be needed.
In order to disable the Windows Firewall, you need to go into the control panel, search for firewall, and then click the ‘Check Firewall Status’ option
On the left hand side choose ‘Turn Windows Firewall on or off’
Choose ‘Turn off Windows Firewall’ for all listed types of networks, then hit ok.
Macintosh OS X¶
For Macintosh OS X, often the firewall is already disabled. If you aren’t sure, open up System Preferences from the Apple menu, in the upper left hand corner, and choose Security and Privacy.
Under Security and Privacy choose the Firewall Tab
In this tab you will see if the firewall is on or off. If it is on, you will likely notice the ‘Turn Off Firewall’ button is greyed out. You will need to click the lock in the lower left corner.
Enter your administrative credentcials when prompted.
Now you will see the Turn Off Firewall button enabled, and you can turn off the firewall.
Don’t forget to click the lock again to save your changes.
Linux¶
For disabling the firewall in Linux, we will show how on two different distributions, Red Hat and Debian.
Red Hat¶
Open a terminal window and type
/etc/init.d/iptables save
/etc/init.d/iptables stop
In order to stop the firewall from starting up on boot, you would use
chkconfig iptables off
Debian¶
First verify the firewall status using
sudo ufw status
If the status is reported as active, then you will want to stop it using
sudo ufw disable
Making a Firewall exception¶
Windows¶
In order to add an exception to Windows, open the start menu and type firewall. Then choose the ‘Windows Firewall with Advanced Security’ option.
Once the window opens you will want to choose ‘Inbound Rules’ on the left, then ‘New Rule…’ on the right.
In the new window choose the Program option and next.
Then give it the path to your lmgrd process (You will need to repeat this for thinkbox.exe).
Next choose ‘Allow the connection’, so that the program can run.
Make sure to allow for all three network types; Domain, Private, and Public.
Give the rule a name, I usually name it after the process. finally, click finish.
Make sure you make exceptions for both thinkbox.exe and lmgrd.exe as these are critical parts of the license server.
Macintosh OS X¶
For OS X, often the firewall is disabled. If you aren’t sure, open up System Preferences from the Apple menu in the upper left hand corner, and choose Security and Privacy.
Under Security and Privacy choose the Firewall Tab.
In this tab you will see if the firewall is on or off. If it is on, you want to add an exception for the licensing processes. You may need to click the lock in the lower left corner.
Enter your administrative credentials when prompted.
Once unlocked, click the ‘Firewall Options’ button.
This window will have a list of protocols and give you the chance to add a new exception. Click the + symbol.
You will be prompted to locate the executable you want to add an exception for. You will want to do this to add both lmgrd and thinkbox to the exceptions list.
Once you have added both exceptions, click OK on the lock again to save your changes.
Linux¶
Please note that due to the complexity and possible complications resulting from editing the Linux IP tables, we recommend only experienced users to attempt this. Otherwise please contact your system administrator or support for assistance on this.
Red Hat¶
In order to add in a rule for lmgrd on Linux, you would use the command
iptables -I INPUT 1 -p tcp --dport 27000 -j ACCEPT
This assumes your lmgrd is using the default port, if this is not the case you will need to create a rule for any custom ports it may use.
For the vendor daemon using a custom port you will need to add ‘PORT=#####’, to the VENDOR line of the license file. Once finished a second rule for this must be added to the IP tables.
Debian¶
In order to add in a rule using the ufw on Debian based distributions, you would use the command
sudo ufw allow 27000/tcp
You would change the number to whichever port you need to use, and make sure you make exceptions for both the lmgrd license server executable, and the thinkbox vendor daemon.