Can't connect to Server if I enable Local Connections Only

hugo · July 25, 2022, 9:20pm

I have not been able to connect a Client to a Server when I enable the “Local connections only” setting.

The server seems to start as expected, however the client computers can’t connect to it anymore.

If I open Available Servers (Server Administration) the server is displayed as _PRIVATE_PanX Server. The name of the server is just PanX Server, not _PRIVATE_PanX Server.

If I ping the server I get “Invalid server reply dictionary”.
Any idea of what might be causing this.

I got the same results running the server on High Sierra and Monterey. b26 both.

admin · July 25, 2022, 9:38pm

That is because “local connections” means “on the same computer,” not “on the local network.” You can use this option if you are hooking up with another web server on the same computer (usually Apache). With this option enabled, Apache can connect to Panorama, but other computers can’t – they have to go thru Apache. If you haven’t set up an external web server, you should not use the Local Connections Only option.

This is all documented and I am pretty sure that I also touched on this in one of the video classes.

hugo · July 26, 2022, 2:10pm

I do have an Apache web server setup and running.

Yes, you covered this in a video which I watched again after encountering this problem. I missed the last paragraph in the documentation about Bonjour which clearly explains why I having this problem. Thanks!

I would really like to have “Local connections only” enabled to increase the security in the server. If I add the server as a remote server in all the client computers, this would be possible. How much do you think this will affect the speed for normal operations in our databases?

admin · July 26, 2022, 10:59pm

I’m sorry, but that would not help you.

When the Local Connections Only option is enabled, the server software will only accept TCP/IP connections from the same computer, i.e. from localhost. It will not accept connections from any other computer, even one that is 6 inches away. This has nothing to do with Bonjour.

If you added the server as a remote server in all the client computers, these computers would send tcp/ip packets to the server computer. But the server software would reject these packets. There is no way that I know of for the server software to allow packets from the local network but not routed from the internet through your router to the server. From the server’s point of view all packets are local – it has no way of knowing that packets that came from the router may have come from outside the network.

Of course you can set up your router so that it doesn’t send outside packets from the internet to your server. In fact, that’s the default configuration, it takes special work to set up port forwarding so that outside computers can access your server. If you don’t want to give outside computers access, simply don’t set up port forwarding!

I think this must not be correctly done. If this is set up correctly, then you’ll be able to connect thru apache to the server.

I would really like to have “Local connections only” enabled to increase the security in the server.

Bottom line, this is something you need to do in the router configuration, not the server configuration.

hugo · July 27, 2022, 12:49pm

The Apache server is configured correctly and the ports are forwarded accordingly. In the local clients I added the remote server using our external IP address, so all communication from the local clients goes through apache. Everything is working as expected with “Local connections only” enabled. Thanks!