DNS is primary and you have to have it rock solid before you do anything else. A secondary (192.168.1.101) IP turns into your go to for everything else webish. Leave the primary in place for Server so it can do what it needs to for Open Directory and its internal websites. I multihome my servers due to the aggressive way Server app has been holding onto web ports. Deploy the server and get your SSL certs in place. Forward the appropriate ports for the services you plan to host on your server as you open them up so I don't worry about them yet. Typically I would put the modem into bridge mode and then let the airport handle the routing and NAT. It's not the ideal solution, but it will have work for now until I can work out a solution with my corporate network / firewall teams.Is your modem in bridge mode? What devices are handling NAT, DHCP, DNS? Since these addresses are obviously subject to change, I've built in some monitoring for my application to detect when the APNS servers are no longer reachable (and fall back to these address ranges instead of using DNS). Keep in mind that these are only valid for the midwest portion of the United States, since Apple's CDN will return a set of addresses closest to the server making the query.įor, I'm opening ports 21 on my firewall for: 17.149.35.0 / 24įor .com, I'm opening ports 21 on my firewall for: 17.149.34.66
![apple server ip address apple server ip address](https://cdn.technadu.com/wp-content/uploads/2020/05/ExpressVPN-Apple-TV-Installation-IP-Address.jpg)
Apple developer support provided the same link to the documentation as vcsjones in the first answer.įor my particular situation, I have narrowed the IP addresses down to these ranges after checking DNS regularly for the last couple of weeks. The official answer is, unfortunately, that there is no official answer :) - unless you consider Apple's rather sloppy approach of simply allowing all traffic to 17.0.0.0/8. The firewall team is happy, with implementing a single path, and the external server can connect to the entire 17.0.0.0/8 range used by Apple. I used a simple iptables configuration on the Rackspace server to only allow connections on 2195/2916 from my corporate gateway, and then had my firewall team open a path to the static IP address on the external server. I got the smallest server possible, and the only thing running on it is a port-forwarder that listens on 21 and sends the connections to Apple. I could never get ahead of the constantly changing addresses used by the CDN, so I finally gave up and leased an external server from Rackspace. Update: I've tried asking the firewall team to open Apple's entire IP block (17.0.0.0/8), but they won't do that for me - I need to narrow down the addresses a little bit.Įven though this question is closed, I thought I'd add a note explaining my final solution - and it is not what anyone looking for an answer wants to hear. If anyone has a comprehensive list for both the production and test environments, I'd appreciate it. I'm worried that if I just ask the firewall team to allow the IP Addresses I've seen so far, then my server will simply stop working a day or a week from now when the DNS server decides to serve up a different range. My server that will use the Apple Push Notification Service will be behind a corporate firewall, and I'll need to open up ports 21 for the production and test gateways - however, my firewall team requires specific IP Addresses instead of host names. Sometimes I get one set of addresses: $ nslookup .comĬanonical name = .Īnd other times, I'll get these addresses: Address: 17.172.233.65
![apple server ip address apple server ip address](https://i0.wp.com/sixcolors.com/wp-content/uploads/2019/04/vpnenabler-6c.jpg)
![apple server ip address apple server ip address](https://i.ytimg.com/vi/kuSKE8eNfrA/maxresdefault.jpg)
This list changes every time I query DNS - but all of the addresses seem to be in the same 17. range - but there's no guarantee that tomorrow or next week I'll see a different range.įor the test push server, however, I already get results in different subnets. I know that Apple uses a content delivery network to spread out these requests, and DNS lookups will return servers close to the requestor's location - the problem I have is in locating all of these servers that handle content for the United States.įor example: $ nslookup Ĭanonical name = .net. Does anyone have a complete list of all IP addresses used by the Apple Push Notification Service?