Jump to content

Mac Firewall VNC issue


Recommended Posts

Everyone,

Still new to the policies related to firewalls and ESET/ERA.

If I define a policy to allow VNC traffic outbound to a specific IP (192.168.9.251) from the client and deny everything else except ESET policy traffic, I get the following in the logs:

6/29/17, 2:06:02 PM Communication denied by rule [::ffff:192.168.111.131]:49834 [::ffff:192.168.9.251]:5900 TCP Deny everything else /System/Library/CoreServices/Applications/Screen Sharing.app/Contents/MacOS/Screen Sharing
 

I can fix this by changing the rule to allow VNC traffic to that exact IP (::ffff:192.168.9.251).  But why?  Why doesn't a normal IP designation work?  I feel like I'm missing something in my explanation here so please fire away with questions.

Hopefully this question still applies since it may not be 100% totally related to ERA.

Edited by schnibitz
Link to comment
Share on other sites

  • ESET Staff

Hi, ::ffff: is a subnet prefix for IPv4  addresses inside the IPv6 network. (32bit in 128bit space), basically it is repleacing 0000:0000:ffff:0000, and it is helping the IPv6 processor understand the IPv4 address, that is why it is working only with that prefix.

Link to comment
Share on other sites

Okay thank you.  This follow-up question isn't as important but I wanted to ask anyway.

So is it the case that the endpoint OS is communicating IPv4 over IPv6, or the case that ESET is just seeing it that way?  If it's the latter, why?  Why would it see traffic that way for only that protocol and apparently nothing else?

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...