Go to page of
Similar user manuals
-
Network Card
Apple Bluetooth Cable
5 pages 1.32 mb -
Printer
Apple 12/600PS
377 pages 3.12 mb -
Server
Apple G0442
35 pages 3.44 mb -
Cell Phone
Apple MD271LL/A
162 pages 26.5 mb -
Laptop
Apple FW800
152 pages 6.27 mb -
Headphones
Apple In-Ear
48 pages 2.09 mb -
Laptop
Apple MD223LL/A
2 pages 2.87 mb -
MP3 Player
Apple MD058LL/A
220 pages 29.28 mb
A good user manual
The rules should oblige the seller to give the purchaser an operating instrucion of Apple 034-2351_Cvr, along with an item. The lack of an instruction or false information given to customer shall constitute grounds to apply for a complaint because of nonconformity of goods with the contract. In accordance with the law, a customer can receive an instruction in non-paper form; lately graphic and electronic forms of the manuals, as well as instructional videos have been majorly used. A necessary precondition for this is the unmistakable, legible character of an instruction.
What is an instruction?
The term originates from the Latin word „instructio”, which means organizing. Therefore, in an instruction of Apple 034-2351_Cvr one could find a process description. An instruction's purpose is to teach, to ease the start-up and an item's use or performance of certain activities. An instruction is a compilation of information about an item/a service, it is a clue.
Unfortunately, only a few customers devote their time to read an instruction of Apple 034-2351_Cvr. A good user manual introduces us to a number of additional functionalities of the purchased item, and also helps us to avoid the formation of most of the defects.
What should a perfect user manual contain?
First and foremost, an user manual of Apple 034-2351_Cvr should contain:
- informations concerning technical data of Apple 034-2351_Cvr
- name of the manufacturer and a year of construction of the Apple 034-2351_Cvr item
- rules of operation, control and maintenance of the Apple 034-2351_Cvr item
- safety signs and mark certificates which confirm compatibility with appropriate standards
Why don't we read the manuals?
Usually it results from the lack of time and certainty about functionalities of purchased items. Unfortunately, networking and start-up of Apple 034-2351_Cvr alone are not enough. An instruction contains a number of clues concerning respective functionalities, safety rules, maintenance methods (what means should be used), eventual defects of Apple 034-2351_Cvr, and methods of problem resolution. Eventually, when one still can't find the answer to his problems, he will be directed to the Apple service. Lately animated manuals and instructional videos are quite popular among customers. These kinds of user manuals are effective; they assure that a customer will familiarize himself with the whole material, and won't skip complicated, technical information of Apple 034-2351_Cvr.
Why one should read the manuals?
It is mostly in the manuals where we will find the details concerning construction and possibility of the Apple 034-2351_Cvr item, and its use of respective accessory, as well as information concerning all the functions and facilities.
After a successful purchase of an item one should find a moment and get to know with every part of an instruction. Currently the manuals are carefully prearranged and translated, so they could be fully understood by its users. The manuals will serve as an informational aid.
Table of contents for the manual
-
Page 1
Mac OS X Ser v er Network Ser vic e s Administr ation For Version 10.3 or Later 034-2351_Cvr 9/12/03 10:26 AM Page 1[...]
-
Page 2
Apple Computer , Inc. © 2003 Apple C omputer , Inc. All rights reser ved. The owner or authoriz ed user of a valid copy of Mac OS X Server software may reproduce this publication for the purpose of learning to use such software. No par t of this publication may be reproduc ed or transmitted for commercial purposes , such as selling copies of t[...]
-
Page 3
3 1 C on ten ts Prefac e 5 How to U se This Guide 5 What’ s Included in T his Guide 5 Using This Guide 6 Setting Up Mac OS X Ser ver for the First Time 6 Getting Help for Everyday Management T asks 6 Getting Additional Information Chapter 1 7 DHCP Service 7 Before Y ou Set Up DHCP Ser vice 9 Setting Up DHCP Ser vice for the First Time 10 Managing[...]
-
Page 4
4 Contents 63 P ort Reference 66 Where to F ind More Inf ormation Chapter 4 6 7 NA T Ser vice 67 Star ting and Stopping NA T S er vice 68 Configuring NA T Ser vice 68 Monitoring NA T S er vice 69 Where to F ind More Inf ormation Chapter 5 7 1 VPN Service 72 VPN and Security 73 Before Y ou Set Up VPN Ser vice 73 Managing VPN Ser vice 76 Monitoring V[...]
-
Page 5
5 Prefac e How t o U se This Guide What ’ s Included in This Guide This guide consists primarily of chapters that tell y ou how to administer v arious Mac OS X Ser ver network services: • DHCP • DNS • IP Fir ewall • NA T • VPN • NTP • IPv6 Support Using This Guide Each chapter covers a s pecific network service. Read any chapter tha[...]
-
Page 6
6 Preface How to Use This Guide Setting Up Mac OS X Server for the F irst Time If you haven ’t installed and set up M ac OS X Ser ver, do so now . • Refer to Mac OS X Ser ver Getting Started for V ersion 1 0.3 or Later, the document that came with your sof tware, for instructions on ser ver installation and setup. For many environmen ts, this d[...]
-
Page 7
1 7 1 DHCP Ser vice D ynamic Host Configuration P rotocol (DHCP) service lets you administer and distribute IP addresses to client computers from your ser ver . When you configure the DHCP ser ver , you assign a block of IP addresses that can be made available to clients. Each time a client computer configured t o use DHCP star ts up , it looks for[...]
-
Page 8
8 Chapter 1 DHCP Service Creating Subnets Subnets are groupings of computers on the same netw ork that simplify administration. Y ou can organize subnets an y way that is useful to y ou. For example , you can create subnets for different groups within your organization or for different floors of a building. Once you have grouped client computers in[...]
-
Page 9
Chapter 1 DHCP Service 9 Inter acting With Other DHCP S er vers Y ou may already ha ve other DHCP servers on your network, such as AirPort Base Stations. Mac OS X S er ver can coexist with other DHCP servers as long as each DHCP ser ver uses a unique pool of IP addresses. However , you may want your DHCP ser ver to provide an LDAP server address fo[...]
-
Page 10
10 Chapter 1 DHCP Service Step 2: Set up logs for DHCP ser vice Y ou can log DHCP activit y and errors to help you monitor r equests and identify problems with your ser ver . DHCP ser vice records diagnostic messages in the system log file. T o keep this file from growing too large , you can suppress most messages by changing your log settings in t[...]
-
Page 11
Chapter 1 DHCP Service 11 7 Enter a starting and ending IP address for this subnet range. Addresse s must be contiguous , and they can ’t overlap with other subnets’ ranges. 8 Enter the subnet mask f or the network address range . 9 Choose the Network Interface from the pop-up menu. 10 Enter the IP addre ss of the router for this subnet. If the[...]
-
Page 12
12 Chapter 1 DHCP Service Deleting Subnets Fr om DHCP Ser vice Y ou can delete subnets and subnet IP address ranges when they will no longer be distributed to clients . T o delete subnets or address r anges: 1 In Ser ver Admin, choose DHCP from the Computers & Services list. 2 Click Settings. 3 Select a subnet. 4 Click Delete. 5 Click Save t o [...]
-
Page 13
Chapter 1 DHCP Service 13 Setting LDAP Options for a Subnet Y ou can use DHCP to provide your clients with LDAP ser ver information rather than manually configuring each client’ s LDAP information. The order in which the LDAP ser vers appear in the list determine s their search order in the automatic Open Directory search polic y . If you have ar[...]
-
Page 14
14 Chapter 1 DHCP Service T o set WINS options for a subnet: 1 In Ser ver Admin, choose DHCP from the Computers & Services list. 2 Click Settings. 3 Select the Subnets tab. 4 Select a subnet and click Edit. 5 Click the WINS tab . 6 Enter the domain name or IP addre ss of the WINS/NBNS primar y and secondar y ser vers for this subnet. 7 Enter th[...]
-
Page 15
Chapter 1 DHCP Service 15 Setting the Log Detail Lev el for DHCP Service Y ou can choose the level of detail you want to log for DHCP ser vice. • “Low (err ors only)” will indicate conditions for which you need to take immediate action (for example, if the DHCP ser ver can ’t start up). This level corresponds to bootpd reporting in “ quie[...]
-
Page 16
16 Chapter 1 DHCP Service Where to F ind More Information Request for C omments (RFC) documents pr ovide an overview of a protocol or service and details about how the protocol should behave. I f you’ re a novice ser ver administrator , you ’ll probably find some of the background information in an RFC helpful. If you’ re an experienced ser v[...]
-
Page 17
2 17 2 DNS Ser vice When your clients want to connec t to a network resource such as a web or file ser ver , they typically request it by its domain name (such as www .example .com) rather than by its IP address (such as 1 92. 1 68. 1 2. 1 2). The Domain Name System (DNS) is a distributed database that maps IP addresses to domain names so your clie[...]
-
Page 18
18 Chapter 2 DNS Service Befor e Y ou Set Up DNS Ser vice This section contains information you should consider before setting up DNS on your network. T he issues in volved with DNS administration are complex and numer ous. Y ou should only set up DNS ser vice on your network if you’ re an experienced DNS administrator . Y ou should consider crea[...]
-
Page 19
Chapter 2 DNS Service 19 Once you register a domain name, you can create subdomains within it as long as you set up a DNS ser ver on your network to k eep track of the subdomain names and IP addresses . F or example, if you register the domain name “ example.com,” you could create subdomains such as “host1 .example.com,” “mail.example.com[...]
-
Page 20
20 Chapter 2 DNS Service The configuration file is located in this file: /etc/named.conf The zone file name is based on the name of the zone . For example , the zone file “ example.com ” is located in this file: /var/named/example.com.z one See “Configuring BIND Using the Command Line ” on page 37 f or more information. Step 3: Configure ba[...]
-
Page 21
Chapter 2 DNS Service 21 Managing DNS Ser vice Mac OS X Ser ver provides a simple int er face for starting and stopping DNS ser vice as well as viewing logs and status. Basic DNS settings can be configured with Ser ver Admin. More advanced feature s require configuring BIND from the command-line , and are not cover ed here. Star ting and Stopping D[...]
-
Page 22
22 Chapter 2 DNS Service T o enable or disable recursion: 1 In Ser ver Admin, choose DNS in the Computer & Ser vices list. 2 Click Settings. 3 Select the G eneral tab . 4 Select or deselect Allow Recursion as needed. If you choose to enable recursion, consider disabling it for external IP addresses, but enabling it for LAN IP addresse s, by edi[...]
-
Page 23
Chapter 2 DNS Service 23 T o add a master zone: 1 In Ser ver Admin, choose DNS in the Computer & Ser vices list. 2 Click Settings. 3 Select the Zones tab . 4 Click Add beneath the Z ones list. 5 Enter a zone name . The zone name must ha ve a trailing period: “ example.com.” 6 Choose Master from the Zone T ype pop-up menu. 7 Enter the hostna[...]
-
Page 24
24 Chapter 2 DNS Service Adding a F or ward Z one A forward zone directs all lookup requests to other DNS servers. T o add a forward zone: 1 In Ser ver Admin, choose DNS in the Computer & Ser vices list. 2 Click Settings. 3 Select the Zones tab . 4 Click Add beneath the Z ones list. 5 Enter a zone name . The Zone name must ha ve a trailing peri[...]
-
Page 25
Chapter 2 DNS Service 25 Modifying a Zone This section describes modifying a zone ’ s t ype and settings but not modifying the records within a zone . Y ou may need to change a zone ’ s administrator addre ss, t ype, or domain name. T o modify a zone: 1 In Ser ver Admin, choose DNS in the Computer & Ser vices list. 2 Click Settings. 3 Selec[...]
-
Page 26
26 Chapter 2 DNS Service • Name Ser ver (NS): Store s the authoritative name server for a given z one. • P ointer (PTR): Store s the domain name of a given IP addre ss (reverse lookup). • T ext ( T XT ): Stor es a text string as a response to a DNS quer y . If you need access to other k inds of records, you’ll need to edit BIND’ s configu[...]
-
Page 27
Chapter 2 DNS Service 27 Modifying a Record in a Z one If you make frequent changes to the namespace for the domain, you ’ll need to update the DNS records as often as that namespace change s. Upgrading hardware or adding to a domain name might require updating the DNS recor ds as well. T o modify a record: 1 In Ser ver Admin, choose DNS in the C[...]
-
Page 28
28 Chapter 2 DNS Service Monitoring DNS Y ou may want to monit or DNS status to troubleshoot name r esolution problems , check how often the DNS service is used, or even check f or unauthoriz ed or malicious DNS ser vice use. This section discusses common monitoring tasks for DNS service. Viewing DNS Ser vice Status Y ou can check the DNS Status wi[...]
-
Page 29
Chapter 2 DNS Service 29 T o change the log detail level: 1 In Ser ver Admin, choose DNS in the Computer & Ser vices list. 2 Click Settings. 3 Select the Logging tab . 4 Choose the detail level from the L og Lev el pop-up menu. The possible log levels are: • Critical (less detailed) • Error • W arning • Notice • Information • Debug [...]
-
Page 30
30 Chapter 2 DNS Service T o see DNS usage statistics: 1 In Ser ver Admin, choose DNS in the Computer & Ser vices list. 2 Click Activity to view operations currently in progress and usage statistics . Securing the DNS Ser ver DNS ser vers are target ed by malicious computer users (commonly called “hack ers”) in addition to other legitimate [...]
-
Page 31
Chapter 2 DNS Service 31 With a copy of your master zone , the hacker can see what kinds of ser vices a domain offers , and the IP addre ss of the ser vers that offer them. He or she can then tr y specific attacks based on those ser vices. This is reconnaissance bef ore another attack. T o defend against this attack, you need to specify which IP ad[...]
-
Page 32
32 Chapter 2 DNS Service It is difficult to prevent this type of attack before it begins. Constant monitoring of the DNS ser vice and ser ver load allows an administrator t o catch the attack early and mitigate its damaging effect. The easiest way t o guard against this attack is to block the off ending IP address with your firewall. See “Creatin[...]
-
Page 33
Chapter 2 DNS Service 33 Common Netw ork Administration T asks That Use DNS Ser vice The following sections illustrate some common netw ork administration tasks that require DNS service. Setting Up MX Records If you plan to provide mail ser vice on your network, you must set up DNS so that incoming mail is sent to the appropriate mail host on your [...]
-
Page 34
34 Chapter 2 DNS Service Configuring DNS f or Mail Ser vice Configuring DNS f or mail service is enabling Mail Exchange (MX) records with y our own DNS ser ver . If you have an Internet Service Provider (ISP) that provides you with DNS ser vice, you’ll need to contact the ISP so that they can enable your MX records. Only follow these steps if you[...]
-
Page 35
Chapter 2 DNS Service 35 Step 2: Create records and priorities f or the auxiliary mail servers These instruction assume you have edited the original MX record. I f not, please do so before proceeding . These instructions also assume you have already set up and configured one or more auxiliary mail ser vers. T o enable backup or redundan t mail serv[...]
-
Page 36
36 Chapter 2 DNS Service Mac OS X’ s Rendezvous feature allows you to use hostnames on your local subnet that end with the “.local” suffix without having to enable DNS. Any ser vice or device that supports Rendezvous allows the use of user-defined namespace on your local subnet without setting up and configuring DNS. Network L oad Distributio[...]
-
Page 37
Chapter 2 DNS Service 37 If you set up a private T CP/IP network, you can also provide DNS ser vice. By setting up T CP/IP and DNS on your local area network, your users will be able to easily access file, web , mail, and other ser vices on your network. Hosting Several In ternet Ser vices With a Single IP Address Y ou must ha ve one server supplyi[...]
-
Page 38
38 Chapter 2 DNS Service BIND is configured by editing text files containing inf ormation about how you wan t BIND to behave and information about the ser vers on your network. If you wish to learn more about DNS and BIND , re sources are listed at the end of this chapt er . BIND on Mac OS X Ser ver Mac OS X Ser ver uses BIND version 9 .2.2. Y ou c[...]
-
Page 39
Chapter 2 DNS Service 39 Setting Up Sample Configuration F iles The sample files can be f ound in /usr/share/named/examples. The sample files assume a domain name of example.com behind the NA T . This may be changed, but must be changed in all modified configuration files. T his includes renaming /var/named/example .com.zone to the giv en domain na[...]
-
Page 40
40 Chapter 2 DNS Service If you are using Mac OS X Server as your DHCP Server: 1 In Ser ver Settings, click the Network tab, click DHCP/NetBoot, and choose Configure DHCP/NetBoot. 2 On the Subnet tab , selec t the subnet on the built-in Ethernet port and click Edit. 3 In the General tab , ent er the following inf ormation: Start: 1 0.0. 1 .3 End: 1[...]
-
Page 41
Chapter 2 DNS Service 41 F or instance, if “Bob” walks into work in the morning and starts up his computer , and the DHCP ser ver assigns his computer a dynamic IP addre ss, a DNS entr y “bob .example.com ” can be associated with that IP address. Even though Bob ’ s IP address may change ev ery time he star ts up his computer , his DNS na[...]
-
Page 42
LL2351.Book Page 42 Monday, September 8, 2003 2:47 PM[...]
-
Page 43
3 43 3 IP F irewall S er vice Fir ewall ser vice is software that protects the network applications running on your Mac OS X Ser ver. T urning on firewall service is similar to erecting a wall to limit access. Fir ewall ser vice scans incoming IP packets and rejects or accepts these packets based on the set of filters you create. Y ou can restrict [...]
-
Page 44
44 Chapter 3 IP Firewall Service Ser vices such as W eb and FTP are identified on your ser ver by a T ransmission Contr ol Prot ocol ( T CP) or User Datagram Pr otocol (UDP) port number . When a computer tries to connect to a ser vice, firewall ser vice scans the filter list for a matching port number . • If the por t number is in the filter list[...]
-
Page 45
Chapter 3 IP Firewall Service 45 Understanding F irewall F ilters When you star t firewall ser vice, the default configuration denies access to all incoming packets from remote computers ex cept ports for remote configuration. T his provides a high level of security . Y ou can then add new IP filters to allow ser ver access to those clients who req[...]
-
Page 46
46 Chapter 3 IP Firewall Service Addresse s with subnet masks in CIDR notation corres pond to address notation subnet masks. CIDR Corre sponds to Netmask Number of addresses in the range /1 1 28.0.0.0 4.29x1 0 9 /2 1 92.0.0.0 2. 1 4x1 0 9 /3 22 4.0.0.0 1 .07x1 0 9 /4 240.0.0.0 5 .36x1 0 8 /5 248.0.0.0 1 .34x1 0 8 /6 25 2.0.0.0 6.7 1x1 0 7 /7 254.0.[...]
-
Page 47
Chapter 3 IP Firewall Service 47 Using A ddress Ranges When you create filters using Ser ver Admin, you enter an IP address and the CIDR format subnet mask. Ser ver Admin shows you the resulting address range, and you can change the range by modifying the subnet mask. When y ou indicate a range of possible values f or any segment of an addr ess , t[...]
-
Page 48
48 Chapter 3 IP Firewall Service Setting Up F irewall Ser vice for the F irst Time Once you’v e decided which filters you need to create, follow these overview steps to set up firewall ser vice. If you need more help to per form any of these steps, see “Managing Firewall Service” on page 49 and the other topics referred to in the steps . Step[...]
-
Page 49
Chapter 3 IP Firewall Service 49 Step 5: S av e firewall service changes Once you have configured your filters and determined which ser vices to allow , sa ve your changes so the new settings take effect. Managing F irewall Service This section gives step-by-st ep instructions for starting, stopping , and configuring firewall address groups and fil[...]
-
Page 50
50 Chapter 3 IP Firewall Service • DNS/Rendezvous • ICMP Echo Reply (incoming pings) • IGMP (Internet Gateway Multicast P rot ocol) • PPTP VPN • L2TP VPN • QT SS media streaming • iT unes Music Sharing T o open the firewall for standard services: 1 In Ser ver Admin, choose Firewall from the C omputers & Services list. 2 Click Sett[...]
-
Page 51
Chapter 3 IP Firewall Service 51 Editing or Deleting an Addr ess Group Y ou can edit your address groups to change the range of IP addresses effected. The default address group is for all addresses. Y ou can remove address groups from your firewall filter list. The filters associated with those addr esses are also deleted . Addresse s can be listed[...]
-
Page 52
52 Chapter 3 IP Firewall Service T o create an IP filt er for TCP ports: 1 In Ser ver Admin, choose Firewall from the C omputers & Services list. 2 Click Settings. 3 Select the Advanced tab . 4 Click the New button. Alternatively , you can selec t a rule similar to the one you want to create, and click Duplicate then Edit. 5 Select whether this[...]
-
Page 53
Chapter 3 IP Firewall Service 53 • Remote Desktop • NFS • NetInfo UDP ports above 1 02 3 are allocated dynamically by certain ser vices, so their exact por t numbers may not be determined in adv ance. Addresse s can be listed as individual addresse s (1 9 2. 1 68.2.2) or IP address and CIDR netmask (1 92 . 1 68.2.0/24). T o easily configure U[...]
-
Page 54
54 Chapter 3 IP Firewall Service Editing Adv anced IP F ilters If you edit a filter after turning on firewall ser vice, your changes affect connections already established with the server . F or example, if an y computers are connected to your W eb server , and you change the filter to deny all access to the ser ver , connected computers will be di[...]
-
Page 55
Chapter 3 IP Firewall Service 55 Monitoring F irewall Ser vice Fir ewalls are a networks first line of def ense against malicious computer users (commonly called “hackers”). T o maintain the securit y of your computers and users , you need to monitor firewall activity and deter potential threats. This sections explains how to log and monitor yo[...]
-
Page 56
56 Chapter 3 IP Firewall Service Log Example 1 Dec 12 13:08:16 ballch5 mach_kernel: ipfw: 65000 Unreach TCP 10.221.41.33:2190 192.168.12.12:80 in via en0 This entry shows that firewall service used rule 65000 to deny (unreach) the remote client at 1 0.22 1 .4 1 .33:2 1 90 from accessing server 1 92. 1 68. 1 2. 1 2 on W eb port 80 via Ethernet port [...]
-
Page 57
Chapter 3 IP Firewall Service 57 Pr actical Examples The IP filters you create work together to provide securit y for your network. The examples that follow sho w how to use filters t o achieve some specific goals . Block Acce ss to In ternet Users This section shows you, as an example, how to allow users on your subnet access to your ser ver’ s [...]
-
Page 58
58 Chapter 3 IP Firewall Service T o do this: 1 In Ser ver Admin, choose Firewall from the C omputers & Services list. 2 Click Settings. 3 Select the G eneral tab . 4 Select the Any address group . 5 Enable “SMTP Mail” in the right pane. 6 Click the Add button to cr eate an address range . 7 Name the address group . 8 Enter 1 7 . 1 28. 1 00[...]
-
Page 59
Chapter 3 IP Firewall Service 59 Common Netw ork Administration T asks That Use F irewall Ser vice Y our firewall is the first line of defense against una uthorized network in truders, malicious users, and network virus attacks. There are many ways that such attacks can harm your data or use your network resources. This section lists a few of the c[...]
-
Page 60
60 Chapter 3 IP Firewall Service Con trolling or Enabling Netw ork Game U sage Sometimes network administrators need t o control the use of network game s. The games might use network bandwidth and re sources inappropriately or disproportionately . Y ou can cut off network gaming by blocking all traffic incoming and outgoing on the port number used[...]
-
Page 61
Chapter 3 IP Firewall Service 61 If you want to put your own rules in the ipfw .conf file, you can use a template that is installed at /etc/ipfilter/ipfw .conf.default. Duplicate the file, rename it, and edit it as indicated in the template ’ s comments. Preca utions By using the Advanced panel or creating your own rules, you can put the ser ver [...]
-
Page 62
62 Chapter 3 IP Firewall Service Reviewing IP F ilter Rules T o review the rules currently defined f or your server , use the T erminal application to submit the ipfw show command. The show command display s four columns of information: When you t ype: ipfw show Y ou will see information similar to this: 0010 260 32688 allow log ip from any to any [...]
-
Page 63
Chapter 3 IP Firewall Service 63 Deleting IP Filter Rule s T o delete a rule, use the ipfw delete command. This example deletes rule 2 00: ipfw delete 200 F or more information, consult the man pages for ipfw . P or t Reference The follo wing tables show the TCP and UDP port numbers commonly used by Mac OS X computers and M ac OS X Ser vers. The se[...]
-
Page 64
64 Chapter 3 IP Firewall Service 31 1 AppleShare IP remote Web administration, Server Monitor , Ser ver Admin (servermgrd), W orkgroup Manager (DirectoryS er vice) 389 LDAP (director y) Sherlock 2 LDAP search RFC 225 1 427 SLP (service location) 443 SSL (HTTPS) 514 shell 515 LPR (printing) RFC 1 1 79 532 netnews 548 AFP (AppleShare) 55 4 Real-Time [...]
-
Page 65
Chapter 3 IP Firewall Service 65 8000–8999 W eb service 1 6080 W eb service with per formance cache UDP port U sed for Reference 7 echo 53 DNS 67 DHCP server (BootP) 68 DHCP client 69 T rivial File T ransfer P rotocol ( TFTP) 111 Remote Procedur e Call (RPC) 12 3 Network Time P rotocol RFC 1 305 13 7 Windows Name Ser vice ( WINS) 13 8 Windows Dat[...]
-
Page 66
66 Chapter 3 IP Firewall Service Where to F ind More Information F or more information about ipfw: Y ou can find more information about ipfw , the process which con trols IP firewall ser vice, by accessing its man page. It explains how to access its f eatures and implement them. T o access the man page use the T erminal application to enter: man ip[...]
-
Page 67
4 67 4 NA T Ser vice Network Addr ess Tr anslation (NA T ) is sometimes referr ed to as IP masquerading , or IP aliasing. NA T is used to allow multiple computers acce ss to the Internet with only one assigned IP address. NA T allows you to create a private network which accesses the Internet through a NA T router or gateway . The NA T router takes[...]
-
Page 68
68 Chapter 4 NAT Service Configuring NA T Ser vice Y ou use Ser ver Admin to indicat e which network interface is connected to the Internet or other external network. T o configure NA T ser vice: 1 In Ser ver Admin, selec t NA T from the C omputers & Ser vices pane. 2 Click Settings. 3 Choose the network inter face from the “Share your connec[...]
-
Page 69
Chapter 4 NAT Service 69 T o view the NA T diver t log: 1 In the T erminal application enter: ipfw add 10 divert natd all from any to any via <interface> Where <interface> is the network interface selec ted in the NA T section of Ser ver Admin. 2 In Ser ver Admin, choose Firewall from the C omputers & Services list. 3 Click Settings[...]
-
Page 70
LL2351.Book Page 70 Monday, September 8, 2003 2:47 PM[...]
-
Page 71
5 71 5 VPN Ser vice Vir tual Priv ate Network ( VPN) is two or more computers or networks (node s) connected by a privat e link of encr ypted data. T his link simulates a local connection, as if the remote computer w ere attached to the local area netw ork (LAN). VPNs allow users at home or otherwise away from the LAN to securely connect to it usin[...]
-
Page 72
72 Chapter 5 VPN Service VPN and Security VPNs stress security by strong authen tication of identity , and encrypted data transport between the nodes , for data privacy and inalterabilit y . The following section contains information about each supported transport and authentication method. Authen tication Method Mac OS X Ser ver VPN uses Microsoft[...]
-
Page 73
Chapter 5 VPN Service 73 Befor e Y ou Set Up VPN Ser vice Before setting up Vir tual Private Network ( VPN) ser vice, you need to determine which transport protocol you’ re going to use. The table below shows which protocols are supported by different platf orms. If you’ re using L2TP , you need to have a Security Certificate from a Certificate[...]
-
Page 74
74 Chapter 5 VPN Service T o enable L2TP: 1 In Ser ver Admin, choose the VPN Service from the Computers & Services list. 2 Click Settings. 3 Select the G eneral tab . 4 Select L2TP . 5 Enter the shared secr et. 6 Set the beginning IP address of the allocation range. 7 Set the ending IP address of the allocation range. 8 Enter the group that has[...]
-
Page 75
Chapter 5 VPN Service 75 Configuring A dditional Netw ork Settings for VPN Clients When a user connects in to your ser ver through VPN, that user is given an IP address from your allocated range. If this range is not ser ved by a DHCP ser ver , you ’ll need to configure additional network settings. The se setting include the network mask, DNS add[...]
-
Page 76
76 Chapter 5 VPN Service Monitoring VPN Ser vice This section describes tasks associated with monitoring a functioning VPN ser vice. It includes accessing status reports, setting logging options, viewing logs, and monitoring connections. Viewing a VPN Status Overview The VPN Over view gives you a quick status repor t on your enabled VPN ser vices. [...]
-
Page 77
Chapter 5 VPN Service 77 Viewing the VPN Log Y ou’ll need to monitor VPN logs to ensure smooth operation of your Virtual Priv ate Network. The VPN logs can help you troubleshoot problems. T o view the log: 1 In Ser ver Admin, choose VPN Service from the Computers & Services list. 2 Click Logs. Viewing VPN Client C onnections Y ou can monitor [...]
-
Page 78
LL2351.Book Page 78 Monday, September 8, 2003 2:47 PM[...]
-
Page 79
6 79 6 NTP Ser vice Network Time Protocol (NTP) is a network pr otocol used to synchroniz e the clocks of computers on your network to a time reference clock. NTP is used to ensure that all the computers on a network are r eporting the same time. If an isolated network, or even a single computer , is running on wrong time, ser vices that use time a[...]
-
Page 80
80 Chapter 6 NTP Service Using NTP on Y our Network Mac OS X Ser ver can act not only as an NTP client, receiving a uthoritative time from an Internet time server , but also as an a uthoritative time server for a network. Y our local clients can query your ser ver to set their clocks . It’ s advised that if you set your server to answer time quer[...]
-
Page 81
Chapter 6 NTP Service 81 Configuring NTP on Clien ts If you have set up a local time ser ver , you can configure your clients to quer y your time ser ver for getting the netw ork date and time. By default, clients can quer y Apple’ s time ser ver . The se instructions allow you to set your clients to quer y your time ser ver . T o configure NTP o[...]
-
Page 82
LL2351.Book Page 82 Monday, September 8, 2003 2:47 PM[...]
-
Page 83
7 83 7 IPv6 Suppor t IPv6 is shor t for “Internet P rot ocol V ersion 6."IPv6 is the Int ernet’ s nex t-generation protocol designed to r eplace the current In ternet Pr otocol, IP V ersion 4 (IPv4, or just IP). The current In ternet P rotocol is beginning to ha ve problems coping with the gro wth and popularity of the Internet. IPv4’ s [...]
-
Page 84
84 Chapter 7 IPv6 Support IPv6 Enabled Ser vices The following services in Mac OS X Ser ver support IPv6 in addressing: • DNS (BIND) • IP Fir ewall • Mail (POP/IMAP/SMTP) • SMB • W eb (Apache 2) Additionally , there are a number of command-line tools installed with M ac OS X Ser ver that suppor t IPv6 (for example , ping6, and tracerout e[...]
-
Page 85
Chapter 7 IPv6 Support 85 The final notation type includes IPv4 addresses. Because many IPv6 addr esses are extensions of IPv4 addresses , the right-most four b ytes of an IPv6 addre ss (the right- most two byte pairs) can be r ewritten in the IPv4 notation. T his mixed notation (from the above example) could be expre ssed as: E3C5:4AC8:1 92. 1 68.[...]
-
Page 86
86 Chapter 7 IPv6 Support Where to F ind More Information The working group for the In ternet Pr otocol Version 6 websit e is www .ipv6.org . A group of IPv6 enthusiasts maintains a list of applications that support IPv6 at the website www .ipv6forum.com/navbar/links/v6apps.htm. Request F or Commen t Documents Request for C omments (RFC) documents [...]
-
Page 87
87 Glossary Glossar y This glossary defines terms and spells out abbreviations you ma y encounter while working with online help or the Mac OS X Ser ver Network Ser vices Administration for V ersion 1 0.3 or Later manual. Refer ences to terms defined elsewher e in the glossary appear in italics. bit A single piece of information, with a value of ei[...]
-
Page 88
88 Glossary firewall Software that protects the network applications running on your ser ver . IP firewall service, which is part of Mac OS X S er ver software, scans incoming IP packets and rejects or accepts these pack ets based on a set of filters you create. FTP (File T ransfer Protocol) A pr otocol that allows computers t o transfer files o ve[...]
-
Page 89
Glossary 89 ISP (Internet service provider) A busine ss that sells Internet access and often pro vides web hosting for ecommer ce applications as well as mail services. L2TP (Layer T wo T unnelling Protocol) A network trans por t protocol used for VPN connections. It is essentially a combination of Cisco ’ s L2F and PPTP . L2TP itself is not an e[...]
-
Page 90
90 Glossary multicast An efficient, one-to-many form of streaming . Users can join or lea ve a multicast but cannot other wise interact with it. multihoming The ability to suppor t multiple network connections. When more than one connection is available , Mac OS X selects the best connection according to the order specified in Netw ork preference s[...]
-
Page 91
Glossary 91 port A sor t of vir tual mail slot. A server uses port numbers to determine which application should receive data pack et s. Fir ewalls use port numbers to determine whether or not data packets are allowed to tra verse a local network. “P ort ” usually refers to either a TCP or UDP por t. protocol A set of rule s that determines how[...]
-
Page 92
92 Glossary SLP (Ser vice Location P rotoc ol) DA (Directory Agent) A protocol that registers ser vices av ailable on a network and give s users easy access to them. W hen a ser vice is added to the network, the ser vice uses SLP to register itself on the network. SLP/DA uses a centralized r epository for registered network services. SMTP (Simple M[...]
-
Page 93
Glossary 93 UDP (User Datagram P rotoc ol) A communications method that uses the Internet Prot ocol (IP) to send a data unit (called a datagram) from one computer t o another in a network. Network applications that have very small data units to exchange ma y use UDP rather than T CP . unicast The one-to-one f orm of streaming. If RTSP is provided ,[...]
-
Page 94
LL2351.Book Page 94 Monday, September 8, 2003 2:47 PM[...]
-
Page 95
95 Index Index A AirPort Base Stations DHCP service and 9 B BIND 17, 18, 19, 37–40 about 37 configuration File 38 configuring 37–40 defined 37 example 38–40 load distribution 36 zone data files 38 C CIDR netmask notation 45, 47 D DHCP servers 8, 40 interactions 9 network location 8 DHCP service 7–16 AirPort Base Stations 9 changing subnets [...]
-
Page 96
96 Index I IANA registration 18 In 6 Internet Gateway Multicast Protocol See IGMP Internet Protocol Version 6 See IPv6 IP addresses assigning 9 DHCP and 7 DHCP lease times, changing 12 dynamic 8 dynamic allocation 8 IPv6 notation 84 leasing with DHCP 7 multiple 47 precedence in filters 47 ranges 47 reserved 9 static 8 IP Filter module 61–63 IP fi[...]
-
Page 97
97 Index P ports Mac OS X computers 63–65 TCP ports 63–64 UDP ports 65 R round robin 36 rules, IP filter 61–63 S Server 10, 15, 57, 58, 69 servers DHCP servers 40 name servers 18 static IP addresses 8 Stratum time servers 79 subnet masks 45 subnets 8 creating 8, 10 T TCP/IP private networks 36–37 TCP ports 63–65 Terminal application 62 ti[...]