[jaharmi]

Have you had any luck doing this?

I’d really like to do the same thing; I think we are in the same situation.

I would also like to harden my DHCP server a bit. I’m just using DHCP as it’s being run by Apple’s InternetSharing service. But I’d like to be able to block unknown MAC addresses on my wireless LAN.

I would also like to find a way (not involving WEP) that I can disable the broadcast of my wireless network name to everyone in my area. I’m all in favor of wireless community WANs, but I’ve got a TiVo on my network. And my TiVo is a Linux box with about zero security on it (no password required to Telnet in, for example).

I’m at least trying to close up the obvious holes in my security to prevent problems.

[jaharmi]

I don’t know why the Power Mac G3 wouldn’t work. Maybe it only works on later edition machines. I no longer have my Power Mac G3 (b/w) to test on (not that I would have had the spare drives laying around anyway, since I invested in the IBM Deskstar line … sigh).

Which brings me to the rebuilding of a RAID set. I lost one of my IBM 75GXP 75 GB drives. Luckily, I was mirroring drives so I haven’t lost data yet. The RAID set had an error in Disk Utility. I was unable to rebuild it while the workstation (running 10.2.3) was live. So I rebooted into the Mac OS X 10.2 installer CD.

I was able to go through the motions of rebuilding the drive, but about 75% fo the way through the process, it failed. This has now happened twice.

I suspect the second drive is just gone — it’s the older of the two drives, and the one that hasn’t been replaced with a “serviceable used part” by IBM yet. But I can’t seem to even reformat it with Disk Utility, to see if the drive is the problem.

Any ideas?

[jaharmi]

I had to put my forward rule first in my ipfw ruleset in order to make it work while running natd. I ended up throwing away IPNetShareX, but using some of its config file settings, in my own StartupItem. This worked for me under Mac OS X 10.1 and 10.2 (Server for 10.1, client for 10.2).

For example, see the rules below. ($IPFW=/sbin/ipfw, I created a variable so I didn’t have to keep retyping the path. $WANIP is a variable for my outside IP address. $WAN is a variable for my outside Internet interface, which is en0.) These rules are in the order I use them.

forward packets from Web port 80 to Web port 8000

$IPFW add 0001 fwd 127.0.0.1,8000 tcp from any to $WANIP 80 in

Allow loopback traffic; deny spoofing

$IPFW add 1000 allow all from any to any via lo0
$IPFW add 2000 deny all from any to 127.0.0.0/8 via $WAN

enable NAT

$IPFW delete 10
$IPFW add 25000 divert natd all from any to any via $WAN

I found that if I didn’t forward port 80 [i:99482db5e0]before[/i:99482db5e0] I included the natd rule (natd is already running in a previous line in the StartupItem script), I wouldn’t get outside Internet access on my LAN machines, or I couldn’t see the Web server I was forwarding the port to. Or something else would go wrong.

The “delete 10” rule gets rid of the line 10 rule that Apple’s InternetSharing application always inserts into the current ipfw config when it runs. In my firewall script, I also start InternetSharing (I think I was one of the first to find the app responsible for Internet Sharing, if you look in the comments at MacOSXHints.com). That is a line earlier in my script than the firewall rules I’ve listed above, so InternetSharing is already running (and will have inserted its annoying rule 10, which enables natd) when the system executes the rules I printed above.

Note that if you ran IPNetShareX, you could edit its config file to add the rules I have listed above. It should be in /Library/StartupItems/IPNetShareX/. You would need to modify the rules to suit your configuration; you won’t have the variables defined that I have in my rules, for example.

I’m running UserLand Frontier as my Web server. It will not respond on port 80 because it runs in user space (so you even have to run it while a user is logged into the machine, which I don’t like), so I have to use a forwarding rule. I also run Apache on the same system but have it serving on a different port, and that works fine, too.

I don’t understand your “sudo natd -n en0 -redirect_port tcp 192.168.0.1:80 80” command. Are you putting this in natd.conf to configure natd? If so, I would not take that route. I never got forwarding to work in natd under 10.1 or 10.2, so I went the route of telling ipfw (as above) to do the work, and it works fine for me.

Hope this helps …

[jaharmi]

PowerGuardian is a software tool that supports a number of different UPSes:

[url]http://www.powerguardian.com/[/url]

Caveat: I have not tried it myself.

[jaharmi]

Isn’t Workgroup Manager putting users into Open Directory? Wouldn’t that bypass NetInfo in Jaguar?

[jaharmi]

The Cisco VPN 3000 client version 3.6.1 is not compatible with Jaguar. Use version 3.6.2, which was released Oct 1, 2002. (At least, that’s what they told me when I submitted a TAC case, and sure enough, it was there — brand new at the time.) I haven’t tried it yet … and it still has all of the command-line oriented problems of the 3.6.x series clients.

There is a new client coming. If you are interested in it, I suggest you talk to your local Cisco representatives; you may get early access to it.

[jaharmi]

I haven’t looked at that thread, but there does seem to be an “InternetSharing” process in Jaguar workstation. I’ve been trying to track down how Jaguar enables Internet Sharing and the AirPort software base station features, because I want to edit the configs manually.

So far, no tutorial I’ve seen has mentioned the Airport sbs custom configuration — somehow, it looks like an actual access point. This matters a lot, since I use a PowerBook G3 with a Cisco Aironet 350 card from work — and its drivers don’t like computer to computer mode. At least, I haven’t gotten them to work together.

The way Apple does it with Internet Sharing actually works with my Cisco card/client, and as far as the PowerBook is concerned, it’s connection to a real dedicated hardware access point.

[jaharmi]

I can confirm that the software RAID 0 and 1 are bootable in Jaguar. I have set up one Power Mac G4 each way now — one on RAID 0, one on RAID 1. Each system is using Jaguar workstation, not Jaguar Server.

Note: I’ve heard — I think from MacFixit — that the ability to rebuild a RAID is broken in 10.2 and 10.2.1. This worries me a little.

I’m using RAID 1 on a pair of IBM Deskstar 75gxp drives — the infamous “Deathstar” series. (And the infamy is exactly why I wanted RAID 1 in the first place.) This is on an older dual 450 G4, and it works fine. However, either one of the drives is seemingly going bad or something else is going on. I hear whines or chirps twice about every 5-15 minutes, and at least one drive repeatedly spins up and down at about the same interval. I’m wondering if it is the same sort of noise associated with some of the Maxtor drive failures I’ve heard about …

I have not yet tried disconnecting a drive and attempting to rebuild.

[Author]

Posts