|< Day Day Up >|
16.1. Getting Connected
If you're using a Mac as a production server, then you are probably either co-locating it at your hosting provider's facility or bringing a dedicated line into your home or office. In that case, your Internet Service Provider (ISP) or hosting provider is taking care of all the details: setting up Domain Name System (DNS ) records, providing an IP address, and possibly physically hosting your computer in a rack somewhere.
If you're running a Mac at home, you can approximate the same setup, but there are two configuration issues you need to consider:
If you're running a Mac as a server for personal use (for example, remote access via SSH), you can probably get away with plugging into a residential broadband connection and opening a hole in your firewall. However, if you want others to be able to access services such as a web browser, you'll need to solve the DNS and IP address problems. A dynamic DNS service, such as Dynamic Network Services (http://www.dyndns.org) can help with this.
16.1.1. Dynamic DNS
Dynamic Network Services, Inc. has been offering dynamic DNS services for many years, and has long been a favorite of dialup and SOHO broadband users who need a permanent domain name even when their IP address is constantly changing. In order for this service to work, you must update the dyndns.org servers every time your IP address changes. The open source DNSUpdate utility (http://www.dnsupdate.org/) can detect your public IP address and update the dyndns.org servers with that address, rather than your private address. You must select External Interface when you add a host to DNSUpdate for it to detect and register your public IP address, as shown in Figure 16-1.
That's only half the battle; if your Mac resides behind a firewall router (such as the Apple AirPort Base Station), you'll need to configure it to make your network services visible to the outside world. Otherwise, all incoming traffic will be stopped in its tracks at your firewall. The next section has solutions to this problem.
16.1.2. Serving from Behind a Firewall
If you have a SOHO router (such as the AirPort Base Station) between your Internet connection and your Mac, the router probably has a built-in firewall that protects your Mac from the outside world. Since most access points and routers have a firewall that blocks incoming network traffic, you'll need to open a hole in that firewall for each service you want to use. The list that follows describes our recommendations for exposing a server to the outside world on a SOHO network.
Figure 16-1. Configuring Dynamic DNS with DNSUpdate
126.96.36.199. Port mapping with an AirPort Base Station
To configure an AirPort Base Station to direct traffic to a Mac that's acting as a server, you should first make sure that the server has a static IP address. By default, an AirPort Base Station will assign addresses in the range of 10.0.1.2 to 10.0.1.200. This will be different if you've specified a different subnet and pool size (in the AirPort Admin Utility, choose Network Distribute IP addresses Share a single IP address using DHCP and NAT Other and set the values as shown in Figure 16-2).
Figure 16-2. Setting subnet and IP address pool size
You must choose your static IP address from outside this pool. If you were using the default AirPort configuration, 10.0.1.201 would be an acceptable choice. If you were using the settings shown in Figure 16-2, then anything over 192.168.254.148 would be OK (we'll use 192.168.254.201 in the next example). Once you have chosen your static IP address, configure your Macintosh server to use this address in Network Preferences. This ensures that your server always has the same IP address, and you can then configure your base station to forward traffic to it.
To configure port mapping, open the AirPort Admin Utility (in /Applications/Utilities), select your Base Station, and choose Port Mapping. Figure 16-3 shows an AirPort Base Station configured to forward traffic coming in from the outside world on port 22 (ssh) to a machine inside the network with the private address 192.168.254.201 on port 22.
Figure 16-3. Setting up a port mapping with the AirPort Admin Utility
This means that people can ssh to PUBLIC_IP_ADDRESS and be directed to the machine at 192.168.254.201 inside the firewall. You can find the value for PUBLIC_IP_ADDRESS by selecting the View Show Summary menu from within the AirPort Admin Utility and looking at the Public (WAN) IP Address, as shown in Figure 16-4.
If you want to open up every port on a given machine, specify the IP address of a default host in the AirPort Admin Utility (AirPort Base Station Options Enable Default Host). This should be the static IP address of the server on your private network. We do not recommend this because opening every port may expose you to vulnerabilities youre not looking out for. If you've only opened up a select group of services (such as HTTP, SMTP, and SSH), you have a short list of ports to monitor, and therefore, fewer vulnerabilities to worry about.
Figure 16-4. Looking up the public IP address of an AirPort Base Station
Now that you've set up your network so the outside world can talk to your Mac, it's time to configure some services for others to use.
|< Day Day Up >|