13.1 Getting Connected

If you're using a Mac as a production server, then you are probably either co-locating it at your hosting provider's facility or bringing a dedicated line into your home or office.

If you're running a Mac as a server for personal use, you can probably get away with plugging into a residential broadband connection and opening a hole in your firewall. You can do many fun things with a personal server:

Secure mail server

If your email provider isn't reliable, or doesn't support the way you want to access your email, you can forward all your email to your personal server and retrieve it from there ”whether you're in your home office or on the road.

SSH server

When you're on the road, there might be some things you want to access back at the home office. Or perhaps you want to help a family member troubleshoot a computer problem while you're on the road.

VNC/remote desktop/X11

One step up from a VPN or SSH connection is a remote connection that lets you completely take over the desktop of a computer in your home (see Chapter 5). This takes remote access and troubleshooting to the next level. For more information, see Chapter 5.

13.1.1 Life Behind a Firewall

If you have a Small Office/Home Office (SOHO) router between your Internet connection and your Mac, the router probably has a built-in firewall that protects your Mac from the outside world. Since most access points and routers have a firewall that blocks incoming network traffic, you'll need to open a hole in that firewall for each service you want to use. Here are our recommendations for exposing a server to the outside world on a SOHO network:

Use a wired connection

If you have a wireless access point, such as an AirPort Base Station, that's doing double-duty as your wired Ethernet router, we suggest plugging your Mac server into one of the LAN ports on your access point or one of the LAN ports on a switch that's plugged into your access point's LAN port.

Although Wi-Fi speeds typically exceed broadband by quite a lot, actual speeds are often half that of the quoted speed of Wi-Fi networks, and bandwidth is shared among all computers on a given network. So, an 802.11b Wi-Fi network with a raw speed of 11 Mbps is more likely to share 5 to 6 Mbps among machines, and an 802.11g Wi-Fi (AirPort Extreme) network is more likely to have 20 to 25 Mbps available than the 54 Mbps raw speed of the network. This is because Wi-Fi networks have a significant amount of overhead, are susceptible to interference from consumer electronics, and can experience a sharp drop-off in speeds as the distance between the computer and Base Station increases .

Be aware of your ISP's Terms of Service

If your ISP does not permit you to run servers on your network, consider asking them whether they have another tier of service that does permit this. As an added bonus, those tiers of service often include one or more static IP addresses. On the downside, they tend to cost quite a bit more than their consumer offerings.

Consider non-standard ports

If your ISP's Terms of Service do not explicitly prohibit running services, chances are good that they are blocking access to common ports such as 80 (HTTP) in an attempt to reduce paths by which worms can attack Microsoft systems. Although we can't prove that Mac OS X is inherently more secure than Microsoft systems, there are fewer exploits that affect it. If you are diligent about applying security updates and understand the risks and consequences of opening a service (such as a web or IMAP server) to the outside world, you could choose to run these services on an alternate port that's not blocked. You can do this by either reconfiguring the server, or using your router to handle the redirection.

Open your ports

One thing a firewall is really good at is keeping traffic out. However, if you want to run a server on your network, you need to selectively let traffic in.

To configure an AirPort Base Station to send traffic to a Mac that's acting as a server, open the AirPort Admin Utility (in /Applications/Utilities ), select your Base Station, and choose Show All Settings Port Mapping. Figure 13-1 shows an AirPort Base Station configured to forward traffic coming in from the outside world on port 8008 to a machine inside the network with the private address on port 80. Non-Apple wireless access points may have similar functionality. Look in your access point's documentation for information on port mapping (sometimes referred to as forwarding ).

Figure 13-1. Setting up a port mapping with the AirPort Admin Utility

This means that people can type http:// YOUR_IP_ADDRESS :8008 into their web browser and be directed to the web browser listening on port 80 (the standard HTTP port) inside the firewall. You can find the value for YOUR_IP_ADDRESS by clicking Show Summary from within the AirPort Admin Utility and looking at the Public (WAN) IP Address, as shown in Figure 13-2.

Figure 13-2. Looking up the public IP address of an AirPort Base Station

Mac OS X Panther for Unix Geeks
Mac OS X Panther for Unix Geeks
ISBN: 0596006071
EAN: 2147483647
Year: 2003
Pages: 212

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net