Using a hardware firewall

Discussion in 'Mac Accessories' started by swindmill, Dec 21, 2005.

  1. swindmill macrumors 6502a

    swindmill

    Joined:
    Mar 17, 2005
    Location:
    KY
    #1
    My roommate uses XP and he has the Sonicwall firewall that he wants to use. He doesn't know how to configure it (his dad owns a networking business and has always done this stuff for him). I have tried to put it between the modem and router, but I can't access it via my browser; I just get a network timeout when I put in the IP address of the firewall. Does anyone have any experience using a harware firewall with OS X? We also have a Linux computer on our network, and I have a feeling this thing is going to cause more trouble than it's worth. (for me at least :p )
     
  2. mkrishnan Moderator emeritus

    mkrishnan

    Joined:
    Jan 9, 2004
    Location:
    Grand Rapids, MI, USA
    #2
    What kind of IP address are you using for the firewall? It sounds like, in your setup, your firewall should be bridging (receiving wholly) the upstream IP address that the modem gets, and that it should in turn pass this IP address wholly over to the router. Which might lead you to a problem because you're trying to reach it via IP address, but the IP address is owned by the router, because the firewall passed the IP address to it. Have you tried configuring it while being directly jacked into it (i.e. wire your computer to the firewall instead of the router)?

    Out of curiosity, doesn't your router already have a firewall, in addition to your computer? How many firewalls do you need? I tend to agree with your more-trouble-than-its-worth assessment... :(
     
  3. swindmill thread starter macrumors 6502a

    swindmill

    Joined:
    Mar 17, 2005
    Location:
    KY
    #3
    I'm not sure about the router having a firewall. I have just a basic Netgear router. I really have no use for a harware firewall on OS X, but he wants to use this with XP, so I guess I don't have a choice. I'm just concerned about the problems it might create with our Linux file/print server, as I'm new to Linux and having enough problems already. I suppose for a Windows user, a firewall that inspects every packet that is sent to you computer is a good thing, I just don't want something in the network that I don't completely understand and have control over. I'll try plugging the firewall directly into my computer and see what happens.
     
  4. mkrishnan Moderator emeritus

    mkrishnan

    Joined:
    Jan 9, 2004
    Location:
    Grand Rapids, MI, USA
    #4
    Well, the firewall shouldn't be acting on intranet business. That is, if your Windows box sends a print request to your Linux box, it never goes higher than the router, and so the firewall never touches it. The firewall only inspects incident communication from OUTSIDE the intranet. If you want a computer that is not on the intranet to print from the Linux server, then you may have a problem with the firewall... but otherwise, you should be fine.

    As for the Netgear router...most of them do have firewalls. What model? Is it a WGR614 or something of the like?
     
  5. swindmill thread starter macrumors 6502a

    swindmill

    Joined:
    Mar 17, 2005
    Location:
    KY
    #5
    Yes, the router is a WGR614v4.

    As far as the Linux pc, I understand why I won't have issues printing to it or connecting to shared volumes, but will configuring it to access the internet for updates, etc, be difficult, or will it be similar to configuring OS X with the firewall? I've looked over the Sonicwall configuration, and it looks a bit complicated.
     
  6. strydr macrumors 6502

    strydr

    Joined:
    Mar 25, 2005
    Location:
    SoCal
    #6
    Well, the XP machine could use all the firewall it can get... (sorry, I had to say it)

    I have a sonicwall Firewall (need it for work VPN), and it's not the easiest setup I've seen (I'm still getting the correct holes poked through). First, do you know the subnet the device is set with (ie 192.168.1.1, or 10.0.0.1, or etc..)? if yes, change your network settings (or create a alternate config.) to be on the same subnet (ie, if the sonicwall is 192.168.1.1, set your IP to 192.168.1.2). After this config is saved, plug in to the sonicwall, and open Safari. point your browser to the sonicwall's IP (ie 192.168.1.1). you should be prompted for a user/password. Helps to know this.
    If you get in, look around for the network tab, here you will need to config. the WAN and LAN. if you'r using cable, you will need (most configs.) to set DHCP (with NAT, i think) on the WAN interface, then reboot your modem (unplug for +60 sec), and (after the modem resets) reboot the sonicwall (you might also try to just renew the IP lease). If you can get online now, things are looking up. If you have a specific IP Scheme in your home network, change the LAN settings on the sonicwall to reflect this.
    Now, you need to get your router set up to act as a switch, that's up to you, cause I don't know about your hardware..

    Hope this helps..
     
  7. strydr macrumors 6502

    strydr

    Joined:
    Mar 25, 2005
    Location:
    SoCal
    #7

    The firewall, by default, should allow all outbound traffic. O-ya, the sonicwall is complicated..
     
  8. mkrishnan Moderator emeritus

    mkrishnan

    Joined:
    Jan 9, 2004
    Location:
    Grand Rapids, MI, USA
    #8
    The WGR614 does have a firewall, by the way... It may even be on by default. I have one, but it's at my parents house, so I can't check it for you. :(
     
  9. trainguy77 macrumors 68040

    Joined:
    Nov 13, 2003
    #9
    If you want a nice firewall, that is easy to set up. I would look into m0n0wall: www.m0n0.ch its a great firewall. I use it for a school of 300+ kids it works great. As stable as a rock. It has IPsec, pptp(types of VPN) traffic shaper. Its great, and its easy to set up!
     
  10. grapes911 Moderator emeritus

    grapes911

    Joined:
    Jul 28, 2003
    Location:
    Citizens Bank Park
    #10
    Why the heck don't you just ask him? He'd seems like a better option then us.
     
  11. SeaFox macrumors 68020

    SeaFox

    Joined:
    Jul 22, 2003
    Location:
    Somewhere Else
    #11
    Have you tried accessing the router's setup page from the XP machine? You might try using the reset button on the router to restore it to factory defaults. Perhaps the firewall has only been allowed to accept connections from certain MAC (not Mac) addresses and your Macintosh is not on that list.

    Actually, better question: Do YOU have an IP address from the firewall? I know it's a silly question but if you don't have a 192 (or whatever) IP address from the firewall you're not connected to it and won't be able to connect into it with your browser. The router may not be set up for DHCP so it's not handing out addresses to whatever connects to it.
     

Share This Page