One of my customers in a Mac based environment wanted to have a test/dev set of files running in parallel with the live version of their system, but did not want to have any risk of of near identical files becoming confused. The solution of putting another instance of FMServer on the same physical interface of the Mac Server on a secondary VLAN was proposed. The question was, how to limit FMServer to publish on ONLY the secondary VLAN interface.
I thought it might be of interest to others to know what was done to solve the issue.
I have a Mac Server with one physical interface but two VLANs (default - untagged (1), secondary - tagged (100) assigned, how can I limit FMPro server to only publish on the secondary (VLAN 100) interface?”
At present, after adding the new VLAN interface, the server is now publishing on the VLAN 1 address (192.168.1.240), a self-assigned address (169.254.x.x) and on the secondary VLAN 100 (192.168.200.240). I can find no obvious option in the GUI console to administrate this setting. The server just appears to be promiscuous across all configured network interfaces.
I could get around the issue by configuring the internal firewall to block traffic on Filemaker’s known ports to the default VLAN IP, but this is ugly and cumbersome.
I did some more digging but didn’t find anything obvious. One article did confirm my suspicion that perhaps configuring a local firewall application would be a functional hack. So, because the built-in Mac OSX firewall is really not great, I downloaded NetFlows from the AppStore. It's free and enables the real-time monitoring of application flows (TCP/UDP) both inbound and outbound. For an additional £1.79 one can then select a ‘flow’ and block it (in both directions). So, I bought it.
• I initially blocked FMP 5003 inbound/outbound on the main IP (192.168.1.240). The firewall blocked the flow and it disappeared form the monitor
• Within a few seconds, the same process was observed but this time publishing on the 169.254.x.x self-assigned IP. I blocked again blocked it.
• Within a few more seconds, the same process was observed but this time published on the 192.168.200.240 address - i.e. the address I want clients to connect to.
So, all sorted. Happy days