Internet Connection Sharing
My university has some very over-bearing policies regarding connecting personal machines to their precious network. Among other things they want your computer registered and they want to know what OS you're running and require anti-virus software and so on. They also do not allow routers as people can't seem to configure them properly and they sometimes supercede the university's servers in handing out IP addresses.
So that's the situation, here's my question: Can I configure OS X.2 to share internet access with only one specific IP address so it doesn't act as a router? I would like to drop another ethernet card into my G3, register it and piggyback access through a linksys wireless router, allowing my girlfriend Airport access, and me to connect my G4 and whatever else I want to the network "cloaked", as I don't trust the information services bastards one bit with my info.
So that's the situation, here's my question: Can I configure OS X.2 to share internet access with only one specific IP address so it doesn't act as a router? I would like to drop another ethernet card into my G3, register it and piggyback access through a linksys wireless router, allowing my girlfriend Airport access, and me to connect my G4 and whatever else I want to the network "cloaked", as I don't trust the information services bastards one bit with my info.
Comments
Originally posted by Altivec_2.0
Hopefully I'm right, this is just my understanding of this. With the internet connection sharing utility in the System Prefs, I think if you have 2 ethernet ports on your computer, you hook the main one up to the internet and then the second one would be connected to your router or other computer. After you turn the internet connection sharing on, I think the computer will pass the connection through the second port. If I'm wrong please tell me, i would like to know also.
i'm not a hundred percent sure, but i think you are right too. the problem is, i'm not completely sure that inet conn sharing through that panel would use both nics, therefore avoiding the dhcp issue. there is a dirtier, and more difficult way to do it, that i know works (i'm using it right now), and only requires one network card on the 'gateway' computer, but also requires a hub or router or switch. my way can also work with two network cards (and would then not require a hub/router/switch).
Originally posted by thuh Freak
i'm not a hundred percent sure, but i think you are right too. the problem is, i'm not completely sure that inet conn sharing through that panel would use both nics, therefore avoiding the dhcp issue. there is a dirtier, and more difficult way to do it, that i know works (i'm using it right now), and only requires one network card on the 'gateway' computer, but also requires a hub or router or switch. my way can also work with two network cards (and would then not require a hub/router/switch).
Well, I've got a 5-port 10-base-T hub sitting right here in my drawer with nothing to do so I'm all ears... er eyes... whatever.
Originally posted by Altivec_2.0
If I'm wrong please tell me, i would like to know also.
Well Altivec, according to Macosxhints.com that's exactly how it'll work. I haven't tried it yet as I need to scrounge up another network card.
Having my System X firewall on to keep anyone from getting in is a must, but when it's on my Linksys wireless router can't get out. I set up a random port number for it to get through on, but I don't know how to tell the router to use it. Anyone have any experience with Linksys 802.11b wireless access point/routers?
http://docs.info.apple.com/article.html?artnum=107653
from Apple.com:
Solution
Turn off the Firewall feature before starting Internet Sharing.
That's not a solution! For a second, I thought you had given me a link to microsoft.
Well, thanks again for trying
How about Brickhouse? Anybody know if it can share while fire-wallin? I've got that but I've only played with it a bit.
Originally posted by Guartho
Well, I've got a 5-port 10-base-T hub sitting right here in my drawer with nothing to do so I'm all ears... er eyes... whatever.
if you DONT want it to act like a router, and give out its own IP's,ect. why not just plug that HUB into the net jack, and then plug the machines that you want to have access into that?
Originally posted by The General
if you DONT want it to act like a router, and give out its own IP's,ect. why not just plug that HUB into the net jack, and then plug the machines that you want to have access into that?
yes, but its not exaclty that easy (though it could be). my school would give out ips based on your nic (you had to register your computer), and hubs can't fake nics. your school may be more easy with ips, and a hub directly into the wall (on its uplink port), then all the comps into the hub may work.
here's what you can do if that doesn't work. first, some nomenclature. in order to share your computer, you need to setup a 'Network Address Translation' service (server), often called a 'nat'. there are three ways u can go about this: the hard way (my favorite) and the easy way, and the more expensive way. since the hard way is (obviously) more difficult, i'll point you to the easy way: ipnetrouter (available from www.sustworks.com). its no-cost, and pretty easy to use. the more expensive way is to buy a router or a switch (i think they range in price from like $40 to $100). a router or a switch will perform all the actions of a nat (and will make it a lot easier to setup), but, obviously, has the initial cost associated with it.
...the easy way...i havent touched it in a while, but basically, in the appropriate boxes, u want to tell ipnetrouter that the external traffic is going to be on enet0, and so is the internal traffic (memory is foggy, it might not be enet0, it might be eth0 or en0, or similar). the internal addresses should be like '192.168.x.y', and i recommend picking a high number for x (up to 255), like 200. y should be 1 (so the whole address with my numbers would be 192.168.200.1). to avoid dhcp troubles (which really are trouble on 1 nic), u should manually setup all the other comps' ips. on macosx, do this in system preferences in the network panel. set it up to ethernet, and manual ip configuration. make their ips 192.168.x.z, where z is unique per computer, in the range 2-255, and x is the number you picked earlier (described above). the router for all the computers EXCEPT the nat box, should be 192.168.x.y; and the subnet for all the non-nat boxes should be '255.255.255.0'. the rest of the network settings should be copied from the nat box. you can see them in the system preferences (in the network panel). i think the only important one is, 'domain name servers' (sometimes called dns servers). ipnetrouter should install a script that saves all these settings and runs automatically on startup.
you can setup a firewall with this kind of inet conn sharing, but the only way i tend to deal with it is playing with 'ipfw' directly. i'm pretty sure that brickhouse uses ipfw, so it should work. if you are interested in using ipfw directly though, i can help you, and so can the manpages (in Terminal, type: man ipfw).