Go Back   MacRumors Forums > Apple Systems and Services > OS X > Mac OS X Server, Xserve, and Networking

Reply
 
Thread Tools Search this Thread Display Modes
Old Nov 19, 2012, 12:14 PM   #1
lilabila
macrumors member
 
Join Date: Mar 2011
Special Network Security Problem

Hi,

Since trying to solve this problem for some days now I'd like to ask you and hope you can help me.

I'm living next to my university and can use it's wifi network for internet. On my desk is a mac mini which establishes the connection and shares it via a USB Ethernet Adapter to an Airport Extreme Base Station.
The AE creates it's my own LAN where some devices can connect to the internet and sharing is active because. All devices are protected from the university network except the mac mini.
The mac mini is actually connected to 2 different LAN's now.
Unfortunately I don't know how I can protect the mini from the university LAN when sharing is enabled and the firewall is turned off for my own LAN.
The mini is connected via ethernet to the AEB btw as well

I appreciate any thought or suggestions!

For better understanding is this schematic:

Internet -- LAN(uni) -- Mac Mini -- VPN -- Ethernet(USB) -- Airport -- LAN(private) -- All Devices

In the optimal case I desire that no client of the LAN(uni) can establish a connection to any of my computers and that it is used for internet use only and all devices can securely share in LAN(private) without being attacked, especially the mac mini.

Thank you for reading
lilabila is offline   0 Reply With Quote
Old Nov 20, 2012, 12:34 AM   #2
jahala
macrumors regular
 
Join Date: Feb 2008
Turn on the firewall

It seems to me all you really need is a firewall running on your mac mini that only allows stateful connections between the uni LAN and your internal LAN. What version of OS X are you running? I think since Tiger or Leopard, it ships with ipfw. Mountain Lion and possible Lion also ship with pf. Both are excellent firewalls that can accomplish what you need.
__________________
11" Macbook Air, 1.8 GHz i7, 4GB RAM, 256 GB SSD; lost my 32 GB iPhone 4, now using Blackberry Bold (great for work!)

Last edited by jahala; Nov 20, 2012 at 12:40 AM. Reason: grammar error
jahala is offline   0 Reply With Quote
Old Nov 20, 2012, 02:58 AM   #3
Varun Parikh
macrumors newbie
 
Join Date: Nov 2012
I think you should bring the shared network in another subnet, this will not allow the users from uni. network to access your network.
Varun Parikh is offline   0 Reply With Quote
Old Nov 20, 2012, 07:20 AM   #4
switon
macrumors 6502a
 
Join Date: Sep 2012
Concur...

Hi,

I concur with the above posts, your Mac mini should be acting as a firewall between the university and your private LAN subnet, setup using pfctl and afctl. Sharing should be restricted to your LAN subnet. You should also be running firewalls on all machines on your private LAN.

Switon
switon is offline   0 Reply With Quote
Old Nov 21, 2012, 09:31 AM   #5
lilabila
Thread Starter
macrumors member
 
Join Date: Mar 2011
Thank you for your suggestions. I'm running 10.8, not the Server.
My head is exploding right now after several days of excessive research, can you please assist me in doing it?

The uni LAN is in 172.x.x.x.x, my private is in 10.0.0.x
lilabila is offline   0 Reply With Quote
Old Nov 21, 2012, 10:36 AM   #6
switon
macrumors 6502a
 
Join Date: Sep 2012
RE: exploding heads and the server...

Quote:
Originally Posted by lilabila View Post
Thank you for your suggestions. I'm running 10.8, not the Server.
My head is exploding right now after several days of excessive research, can you please assist me in doing it?

The uni LAN is in 172.x.x.x.x, my private is in 10.0.0.x
Hi lilabila,

Now we wouldn't want to have to scrape brains off the ceiling, would we?

You can do what you wish to do without the Mac OS X Server, but to actually make it secure and flexible and convenient, you really should use the Server software. Yes, I know it is $20, but it is only $20.

To do without the Server.app, we would have to use numerous terminal commands setting up firewall rules, generating SSL certificates, and so forth, running the risk of exploding your head, something we've agreed would be nice to avoid if possible.

With Mac OS X Server running on your Mac mini, you would setup its DNS service to provide reasonable names for the machines on your LAN, such as "MyMBP.private", "LaserPrinter.private", "InkJet.private", "Sig-OthMBP.private", "Macmini.private", etc. Once DNS is setup, you could then start OD (Open Directory) if you wish to allow all or your computers and users to have networked logins from your LAN. You would also setup the VPN server on the Mac mini so that you can reach your LAN from outside (e.g., from the Internet). VPN then allows you to "login" to your LAN from anywhere in the world and use the resources as if you were sitting at home (such as using a shared disk or printer). The Mac mini's firewall, or your router, will keep everyone out except for those allowed to VPN into your LAN from the outside. You could also think about using the server's DHCP server and especially the RADIUS server for authentication, authorization, and accounting on your LAN thereby providing further security.

The Mac OS X Server is nothing to be afraid of using, it is designed to be "nearly" a single button click to start any service you wish to run.

...just some ideas...

Switon
switon is offline   0 Reply With Quote

Reply
MacRumors Forums > Apple Systems and Services > OS X > Mac OS X Server, Xserve, and Networking

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
File security while working in shared network tokolosh Mac Basics and Help 10 Mar 27, 2014 09:37 AM
Security Problem LadySunshine MacBook Pro 5 Mar 23, 2014 06:56 PM
Airport Guest Network Security Davmeister Mac Peripherals 7 Feb 6, 2014 12:53 PM
Change network security cclloyd Mac Basics and Help 1 Jun 7, 2013 11:04 PM
Can network security type impact connection? c073186 Mac Basics and Help 2 May 20, 2013 07:10 PM

Forum Jump

All times are GMT -5. The time now is 09:51 PM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps