Professional Web Applications Themes

IP Sharing - how does it work? - Mac Networking

I haven't yet found a reasonable description of the mechanism, beyond the dire warnings of what it might do to your network, and the simple instructions to turn it ON or OFF. My situation is on a LAN with full campus management of subnets and firewalling, and volume based metering of traffic per IP number. Computers have different levels of access to the world, some have none, and all with traffic loading potential are "registered" to a real person. This is for billing any excess traffic over quota, and for tracking virus, intrusion, etc incidents. I have minor admin rights ...

  1. #1

    Default IP Sharing - how does it work?

    I haven't yet found a reasonable description of the mechanism, beyond
    the dire warnings of what it might do to your network, and the simple
    instructions to turn it ON or OFF.

    My situation is on a LAN with full campus management of subnets and
    firewalling, and volume based metering of traffic per IP number.
    Computers have different levels of access to the world, some have none,
    and all with traffic loading potential are "registered" to a real
    person. This is for billing any excess traffic over quota, and for
    tracking virus, intrusion, etc incidents.

    I have minor admin rights over our local subnet. Often I find myself at
    a machine with blocked access, but I want to check a distant web page,
    or download software.

    So, can I share my desktop IPnr (MacOS 10.2.6) with just a few specified
    clients, or would it be easier to run a proxy server on my machine?
    Peter KERR Guest

  2. #2

    Default Re: IP Sharing - how does it work?

    In article <user-0DEFDC.09574715082003scream.auckland.ac.nz>,
    Peter KERR <userhost.domain> wrote:
    > I haven't yet found a reasonable description of the mechanism, beyond
    > the dire warnings of what it might do to your network, and the simple
    > instructions to turn it ON or OFF.
    >
    > My situation is on a LAN with full campus management of subnets and
    > firewalling, and volume based metering of traffic per IP number.
    > Computers have different levels of access to the world, some have none,
    > and all with traffic loading potential are "registered" to a real
    > person. This is for billing any excess traffic over quota, and for
    > tracking virus, intrusion, etc incidents.
    >
    > I have minor admin rights over our local subnet. Often I find myself at
    > a machine with blocked access, but I want to check a distant web page,
    > or download software.
    >
    > So, can I share my desktop IPnr (MacOS 10.2.6) with just a few specified
    > clients, or would it be easier to run a proxy server on my machine?
    Many things are possible, but unless you create an isolated network that
    only connects to your Mac via a 2nd ethernet card or maybe an Airport, I
    would advise against enabling IP sharing on your Mac.

    The general idea of internet sharing is that one ethernet port on your
    Mac or your modem is connected to an internet service provider. Via a
    separate networking port, your Mac is also connected to a local network
    (like some attached systems in your home, or in a small office). None
    of these other systems are connected in anyway to the ISP (where ISP in
    this case is your campus network).

    When you enable IP sharing, the Mac will use the IP addresses 10.*.*.*
    for your private little network. The network addresses 10.*.*.* and
    192.168.*.* are reserved for private networks and are not allowed on the
    Internet because they are not unique. In fact there are most likely
    several 100 thousand or milliions of systems out there with IP addresses
    of 10.0.1.2 and 192.168.0.2 all sitting on private networks.

    The router (in this case your Mac) will setup a NAT server that takes
    requests from your private systems and changes their IP address to its
    own IP address and assigns it a unique IP port number when it sends the
    request out to the internet via the ISP. When responses come back to
    that port number, the NAT server will change the request back to the
    originating sytsems IP address and originating port number and route the
    reply back to the originating system.

    Because the system your Mac is sharing its IP address with, have private
    network IP addresses, these systems can not be sitting on anything that
    is directly connected to the internet as those private IP addresses
    would cause problems in general.

    So I suspect that for your setup, you do not have a private little
    network with your Mac acting as the router, so you should not enable
    Ineternet sharing on your Mac.

    ----

    Now you may be able to get what you want by using a port forwarding
    server on your Mac, or running a VNC server on your Mac and a VNC client
    on the other systems you visit.

    Bob Harris
    Bob Harris Guest

  3. #3

    Default Re: IP Sharing - how does it work?

    In article <harris-0E1A93.19201514082003juggl7.zk3.dec.com>,
    Bob Harris <harriszk3.dec.com> wrote:
    >
    > When you enable IP sharing, the Mac will use the IP addresses 10.*.*.*
    > for your private little network. The network addresses 10.*.*.* and
    > 192.168.*.* are reserved for private networks and are not allowed on the
    > Internet because they are not unique. In fact there are most likely
    > several 100 thousand or milliions of systems out there with IP addresses
    > of 10.0.1.2 and 192.168.0.2 all sitting on private networks.
    >
    > The router (in this case your Mac) will setup a NAT server that takes
    > requests from your private systems and changes their IP address to its
    > own IP address and assigns it a unique IP port number when it sends the
    > request out to the internet via the ISP.
    Yes this is how the OS-X server does it. Or rather it assumes that you
    have already assigned private numbers, and it prefers that these are on
    a second interface, but not necessarily. In our case 10.*.*.* numbers
    are "safe" to coexist with real nrs because our building switch is
    configured to not propagate them any further. But all machines already
    have real Class B(?) nrs (yeah I know, a waste if they're not actually
    out there:-(

    What Apple don't explain is, does the OS-X client use the same NAT
    mechanism as the server? If so then I guess I can set up & configure
    ipfw from the terminal. What I want is for one or two other clients to
    have their port 23 & 80 traffic which is blocked at our campus firewall,
    NATed to use my IP nr. No attempt here to defraud or bypass security...
    Peter KERR Guest

Similar Threads

  1. Internet sharing won't work
    By Ian in forum Windows Networking
    Replies: 5
    Last Post: July 25th, 08:09 AM
  2. Sharing & Security
    By Irv in forum Windows Setup, Administration & Security
    Replies: 4
    Last Post: July 16th, 04:33 AM
  3. sharing
    By toyin in forum Windows Setup, Administration & Security
    Replies: 1
    Last Post: July 16th, 01:21 AM
  4. Print and file sharing doesn't work
    By Gilles Chiniara in forum Windows Networking
    Replies: 0
    Last Post: July 1st, 01:52 AM
  5. Can't get iTunes sharing to work
    By Burt Johnson in forum Mac Applications & Software
    Replies: 1
    Last Post: June 24th, 08:44 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139