Apple 034-2351_Cvr инструкция обслуживания

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97

Идти на страницу of

Хорошее руководство по эксплуатации

Законодательство обязывает продавца передать покупателю, вместе с товаром, руководство по эксплуатации Apple 034-2351_Cvr. Отсутствие инструкции либо неправильная информация, переданная потребителю, составляют основание для рекламации в связи с несоответствием устройства с договором. В законодательстве допускается предоставлении руководства в другой, чем бумажная форме, что, в последнее время, часто используется, предоставляя графическую или электронную форму инструкции Apple 034-2351_Cvr или обучающее видео для пользователей. Условием остается четкая и понятная форма.

Что такое руководство?

Слово происходит от латинского "instructio", тоесть привести в порядок. Следовательно в инструкции Apple 034-2351_Cvr можно найти описание этапов поведения. Цель инструкции заключается в облегчении запуска, использования оборудования либо выполнения определенной деятельности. Инструкция является набором информации о предмете/услуге, подсказкой.

К сожалению немного пользователей находит время для чтения инструкций Apple 034-2351_Cvr, и хорошая инструкция позволяет не только узнать ряд дополнительных функций приобретенного устройства, но и позволяет избежать возникновения большинства поломок.

Из чего должно состоять идеальное руководство по эксплуатации?

Прежде всего в инструкции Apple 034-2351_Cvr должна находится:
- информация относительно технических данных устройства Apple 034-2351_Cvr
- название производителя и год производства оборудования Apple 034-2351_Cvr
- правила обслуживания, настройки и ухода за оборудованием Apple 034-2351_Cvr
- знаки безопасности и сертификаты, подтверждающие соответствие стандартам

Почему мы не читаем инструкций?

Как правило из-за нехватки времени и уверенности в отдельных функциональностях приобретенных устройств. К сожалению само подсоединение и запуск Apple 034-2351_Cvr это слишком мало. Инструкция заключает ряд отдельных указаний, касающихся функциональности, принципов безопасности, способов ухода (даже то, какие средства стоит использовать), возможных поломок Apple 034-2351_Cvr и способов решения проблем, возникающих во время использования. И наконец то, в инструкции можно найти адресные данные сайта Apple, в случае отсутствия эффективности предлагаемых решений. Сейчас очень большой популярностью пользуются инструкции в форме интересных анимаций или видео материалов, которое лучше, чем брошюра воспринимаются пользователем. Такой вид инструкции позволяет пользователю просмотреть весь фильм, не пропуская спецификацию и сложные технические описания Apple 034-2351_Cvr, как это часто бывает в случае бумажной версии.

Почему стоит читать инструкции?

Прежде всего здесь мы найдем ответы касательно конструкции, возможностей устройства Apple 034-2351_Cvr, использования отдельных аксессуаров и ряд информации, позволяющей вполне использовать все функции и упрощения.

После удачной покупки оборудования/устройства стоит посвятить несколько минут для ознакомления с каждой частью инструкции Apple 034-2351_Cvr. Сейчас их старательно готовят или переводят, чтобы они были не только понятными для пользователя, но и чтобы выполняли свою основную информационно-поддерживающую функцию.

Содержание руководства

  • Страница 1

    Mac OS X Ser v er Network Ser vic e s Administr ation For Version 10.3 or Later 034-2351_Cvr 9/12/03 10:26 AM Page 1[...]

  • Страница 2

     Apple Computer , Inc. © 2003 Apple C omputer , Inc. All rights reser ved. The owner or authoriz ed user of a valid copy of Mac OS X Server software may reproduce this publication for the purpose of learning to use such software. No par t of this publication may be reproduc ed or transmitted for commercial purposes , such as selling copies of t[...]

  • Страница 3

    3 1 C on ten ts Prefac e 5 How to U se This Guide 5 What’ s Included in T his Guide 5 Using This Guide 6 Setting Up Mac OS X Ser ver for the First Time 6 Getting Help for Everyday Management T asks 6 Getting Additional Information Chapter 1 7 DHCP Service 7 Before Y ou Set Up DHCP Ser vice 9 Setting Up DHCP Ser vice for the First Time 10 Managing[...]

  • Страница 4

    4 Contents 63 P ort Reference 66 Where to F ind More Inf ormation Chapter 4 6 7 NA T Ser vice 67 Star ting and Stopping NA T S er vice 68 Configuring NA T Ser vice 68 Monitoring NA T S er vice 69 Where to F ind More Inf ormation Chapter 5 7 1 VPN Service 72 VPN and Security 73 Before Y ou Set Up VPN Ser vice 73 Managing VPN Ser vice 76 Monitoring V[...]

  • Страница 5

    5 Prefac e How t o U se This Guide What ’ s Included in This Guide This guide consists primarily of chapters that tell y ou how to administer v arious Mac OS X Ser ver network services: • DHCP • DNS • IP Fir ewall • NA T • VPN • NTP • IPv6 Support Using This Guide Each chapter covers a s pecific network service. Read any chapter tha[...]

  • Страница 6

    6 Preface How to Use This Guide Setting Up Mac OS X Server for the F irst Time If you haven ’t installed and set up M ac OS X Ser ver, do so now . • Refer to Mac OS X Ser ver Getting Started for V ersion 1 0.3 or Later, the document that came with your sof tware, for instructions on ser ver installation and setup. For many environmen ts, this d[...]

  • Страница 7

    1 7 1 DHCP Ser vice D ynamic Host Configuration P rotocol (DHCP) service lets you administer and distribute IP addresses to client computers from your ser ver . When you configure the DHCP ser ver , you assign a block of IP addresses that can be made available to clients. Each time a client computer configured t o use DHCP star ts up , it looks for[...]

  • Страница 8

    8 Chapter 1 DHCP Service Creating Subnets Subnets are groupings of computers on the same netw ork that simplify administration. Y ou can organize subnets an y way that is useful to y ou. For example , you can create subnets for different groups within your organization or for different floors of a building. Once you have grouped client computers in[...]

  • Страница 9

    Chapter 1 DHCP Service 9 Inter acting With Other DHCP S er vers Y ou may already ha ve other DHCP servers on your network, such as AirPort Base Stations. Mac OS X S er ver can coexist with other DHCP servers as long as each DHCP ser ver uses a unique pool of IP addresses. However , you may want your DHCP ser ver to provide an LDAP server address fo[...]

  • Страница 10

    10 Chapter 1 DHCP Service Step 2: Set up logs for DHCP ser vice Y ou can log DHCP activit y and errors to help you monitor r equests and identify problems with your ser ver . DHCP ser vice records diagnostic messages in the system log file. T o keep this file from growing too large , you can suppress most messages by changing your log settings in t[...]

  • Страница 11

    Chapter 1 DHCP Service 11 7 Enter a starting and ending IP address for this subnet range. Addresse s must be contiguous , and they can ’t overlap with other subnets’ ranges. 8 Enter the subnet mask f or the network address range . 9 Choose the Network Interface from the pop-up menu. 10 Enter the IP addre ss of the router for this subnet. If the[...]

  • Страница 12

    12 Chapter 1 DHCP Service Deleting Subnets Fr om DHCP Ser vice Y ou can delete subnets and subnet IP address ranges when they will no longer be distributed to clients . T o delete subnets or address r anges: 1 In Ser ver Admin, choose DHCP from the Computers & Services list. 2 Click Settings. 3 Select a subnet. 4 Click Delete. 5 Click Save t o [...]

  • Страница 13

    Chapter 1 DHCP Service 13 Setting LDAP Options for a Subnet Y ou can use DHCP to provide your clients with LDAP ser ver information rather than manually configuring each client’ s LDAP information. The order in which the LDAP ser vers appear in the list determine s their search order in the automatic Open Directory search polic y . If you have ar[...]

  • Страница 14

    14 Chapter 1 DHCP Service T o set WINS options for a subnet: 1 In Ser ver Admin, choose DHCP from the Computers & Services list. 2 Click Settings. 3 Select the Subnets tab. 4 Select a subnet and click Edit. 5 Click the WINS tab . 6 Enter the domain name or IP addre ss of the WINS/NBNS primar y and secondar y ser vers for this subnet. 7 Enter th[...]

  • Страница 15

    Chapter 1 DHCP Service 15 Setting the Log Detail Lev el for DHCP Service Y ou can choose the level of detail you want to log for DHCP ser vice. • “Low (err ors only)” will indicate conditions for which you need to take immediate action (for example, if the DHCP ser ver can ’t start up). This level corresponds to bootpd reporting in “ quie[...]

  • Страница 16

    16 Chapter 1 DHCP Service Where to F ind More Information Request for C omments (RFC) documents pr ovide an overview of a protocol or service and details about how the protocol should behave. I f you’ re a novice ser ver administrator , you ’ll probably find some of the background information in an RFC helpful. If you’ re an experienced ser v[...]

  • Страница 17

    2 17 2 DNS Ser vice When your clients want to connec t to a network resource such as a web or file ser ver , they typically request it by its domain name (such as www .example .com) rather than by its IP address (such as 1 92. 1 68. 1 2. 1 2). The Domain Name System (DNS) is a distributed database that maps IP addresses to domain names so your clie[...]

  • Страница 18

    18 Chapter 2 DNS Service Befor e Y ou Set Up DNS Ser vice This section contains information you should consider before setting up DNS on your network. T he issues in volved with DNS administration are complex and numer ous. Y ou should only set up DNS ser vice on your network if you’ re an experienced DNS administrator . Y ou should consider crea[...]

  • Страница 19

    Chapter 2 DNS Service 19 Once you register a domain name, you can create subdomains within it as long as you set up a DNS ser ver on your network to k eep track of the subdomain names and IP addresses . F or example, if you register the domain name “ example.com,” you could create subdomains such as “host1 .example.com,” “mail.example.com[...]

  • Страница 20

    20 Chapter 2 DNS Service The configuration file is located in this file: /etc/named.conf The zone file name is based on the name of the zone . For example , the zone file “ example.com ” is located in this file: /var/named/example.com.z one See “Configuring BIND Using the Command Line ” on page 37 f or more information. Step 3: Configure ba[...]

  • Страница 21

    Chapter 2 DNS Service 21 Managing DNS Ser vice Mac OS X Ser ver provides a simple int er face for starting and stopping DNS ser vice as well as viewing logs and status. Basic DNS settings can be configured with Ser ver Admin. More advanced feature s require configuring BIND from the command-line , and are not cover ed here. Star ting and Stopping D[...]

  • Страница 22

    22 Chapter 2 DNS Service T o enable or disable recursion: 1 In Ser ver Admin, choose DNS in the Computer & Ser vices list. 2 Click Settings. 3 Select the G eneral tab . 4 Select or deselect Allow Recursion as needed. If you choose to enable recursion, consider disabling it for external IP addresses, but enabling it for LAN IP addresse s, by edi[...]

  • Страница 23

    Chapter 2 DNS Service 23 T o add a master zone: 1 In Ser ver Admin, choose DNS in the Computer & Ser vices list. 2 Click Settings. 3 Select the Zones tab . 4 Click Add beneath the Z ones list. 5 Enter a zone name . The zone name must ha ve a trailing period: “ example.com.” 6 Choose Master from the Zone T ype pop-up menu. 7 Enter the hostna[...]

  • Страница 24

    24 Chapter 2 DNS Service Adding a F or ward Z one A forward zone directs all lookup requests to other DNS servers. T o add a forward zone: 1 In Ser ver Admin, choose DNS in the Computer & Ser vices list. 2 Click Settings. 3 Select the Zones tab . 4 Click Add beneath the Z ones list. 5 Enter a zone name . The Zone name must ha ve a trailing peri[...]

  • Страница 25

    Chapter 2 DNS Service 25 Modifying a Zone This section describes modifying a zone ’ s t ype and settings but not modifying the records within a zone . Y ou may need to change a zone ’ s administrator addre ss, t ype, or domain name. T o modify a zone: 1 In Ser ver Admin, choose DNS in the Computer & Ser vices list. 2 Click Settings. 3 Selec[...]

  • Страница 26

    26 Chapter 2 DNS Service • Name Ser ver (NS): Store s the authoritative name server for a given z one. • P ointer (PTR): Store s the domain name of a given IP addre ss (reverse lookup). • T ext ( T XT ): Stor es a text string as a response to a DNS quer y . If you need access to other k inds of records, you’ll need to edit BIND’ s configu[...]

  • Страница 27

    Chapter 2 DNS Service 27 Modifying a Record in a Z one If you make frequent changes to the namespace for the domain, you ’ll need to update the DNS records as often as that namespace change s. Upgrading hardware or adding to a domain name might require updating the DNS recor ds as well. T o modify a record: 1 In Ser ver Admin, choose DNS in the C[...]

  • Страница 28

    28 Chapter 2 DNS Service Monitoring DNS Y ou may want to monit or DNS status to troubleshoot name r esolution problems , check how often the DNS service is used, or even check f or unauthoriz ed or malicious DNS ser vice use. This section discusses common monitoring tasks for DNS service. Viewing DNS Ser vice Status Y ou can check the DNS Status wi[...]

  • Страница 29

    Chapter 2 DNS Service 29 T o change the log detail level: 1 In Ser ver Admin, choose DNS in the Computer & Ser vices list. 2 Click Settings. 3 Select the Logging tab . 4 Choose the detail level from the L og Lev el pop-up menu. The possible log levels are: • Critical (less detailed) • Error • W arning • Notice • Information • Debug [...]

  • Страница 30

    30 Chapter 2 DNS Service T o see DNS usage statistics: 1 In Ser ver Admin, choose DNS in the Computer & Ser vices list. 2 Click Activity to view operations currently in progress and usage statistics . Securing the DNS Ser ver DNS ser vers are target ed by malicious computer users (commonly called “hack ers”) in addition to other legitimate [...]

  • Страница 31

    Chapter 2 DNS Service 31 With a copy of your master zone , the hacker can see what kinds of ser vices a domain offers , and the IP addre ss of the ser vers that offer them. He or she can then tr y specific attacks based on those ser vices. This is reconnaissance bef ore another attack. T o defend against this attack, you need to specify which IP ad[...]

  • Страница 32

    32 Chapter 2 DNS Service It is difficult to prevent this type of attack before it begins. Constant monitoring of the DNS ser vice and ser ver load allows an administrator t o catch the attack early and mitigate its damaging effect. The easiest way t o guard against this attack is to block the off ending IP address with your firewall. See “Creatin[...]

  • Страница 33

    Chapter 2 DNS Service 33 Common Netw ork Administration T asks That Use DNS Ser vice The following sections illustrate some common netw ork administration tasks that require DNS service. Setting Up MX Records If you plan to provide mail ser vice on your network, you must set up DNS so that incoming mail is sent to the appropriate mail host on your [...]

  • Страница 34

    34 Chapter 2 DNS Service Configuring DNS f or Mail Ser vice Configuring DNS f or mail service is enabling Mail Exchange (MX) records with y our own DNS ser ver . If you have an Internet Service Provider (ISP) that provides you with DNS ser vice, you’ll need to contact the ISP so that they can enable your MX records. Only follow these steps if you[...]

  • Страница 35

    Chapter 2 DNS Service 35 Step 2: Create records and priorities f or the auxiliary mail servers These instruction assume you have edited the original MX record. I f not, please do so before proceeding . These instructions also assume you have already set up and configured one or more auxiliary mail ser vers. T o enable backup or redundan t mail serv[...]

  • Страница 36

    36 Chapter 2 DNS Service Mac OS X’ s Rendezvous feature allows you to use hostnames on your local subnet that end with the “.local” suffix without having to enable DNS. Any ser vice or device that supports Rendezvous allows the use of user-defined namespace on your local subnet without setting up and configuring DNS. Network L oad Distributio[...]

  • Страница 37

    Chapter 2 DNS Service 37 If you set up a private T CP/IP network, you can also provide DNS ser vice. By setting up T CP/IP and DNS on your local area network, your users will be able to easily access file, web , mail, and other ser vices on your network. Hosting Several In ternet Ser vices With a Single IP Address Y ou must ha ve one server supplyi[...]

  • Страница 38

    38 Chapter 2 DNS Service BIND is configured by editing text files containing inf ormation about how you wan t BIND to behave and information about the ser vers on your network. If you wish to learn more about DNS and BIND , re sources are listed at the end of this chapt er . BIND on Mac OS X Ser ver Mac OS X Ser ver uses BIND version 9 .2.2. Y ou c[...]

  • Страница 39

    Chapter 2 DNS Service 39 Setting Up Sample Configuration F iles The sample files can be f ound in /usr/share/named/examples. The sample files assume a domain name of example.com behind the NA T . This may be changed, but must be changed in all modified configuration files. T his includes renaming /var/named/example .com.zone to the giv en domain na[...]

  • Страница 40

    40 Chapter 2 DNS Service If you are using Mac OS X Server as your DHCP Server: 1 In Ser ver Settings, click the Network tab, click DHCP/NetBoot, and choose Configure DHCP/NetBoot. 2 On the Subnet tab , selec t the subnet on the built-in Ethernet port and click Edit. 3 In the General tab , ent er the following inf ormation: Start: 1 0.0. 1 .3 End: 1[...]

  • Страница 41

    Chapter 2 DNS Service 41 F or instance, if “Bob” walks into work in the morning and starts up his computer , and the DHCP ser ver assigns his computer a dynamic IP addre ss, a DNS entr y “bob .example.com ” can be associated with that IP address. Even though Bob ’ s IP address may change ev ery time he star ts up his computer , his DNS na[...]

  • Страница 42

    LL2351.Book Page 42 Monday, September 8, 2003 2:47 PM[...]

  • Страница 43

    3 43 3 IP F irewall S er vice Fir ewall ser vice is software that protects the network applications running on your Mac OS X Ser ver. T urning on firewall service is similar to erecting a wall to limit access. Fir ewall ser vice scans incoming IP packets and rejects or accepts these packets based on the set of filters you create. Y ou can restrict [...]

  • Страница 44

    44 Chapter 3 IP Firewall Service Ser vices such as W eb and FTP are identified on your ser ver by a T ransmission Contr ol Prot ocol ( T CP) or User Datagram Pr otocol (UDP) port number . When a computer tries to connect to a ser vice, firewall ser vice scans the filter list for a matching port number . • If the por t number is in the filter list[...]

  • Страница 45

    Chapter 3 IP Firewall Service 45 Understanding F irewall F ilters When you star t firewall ser vice, the default configuration denies access to all incoming packets from remote computers ex cept ports for remote configuration. T his provides a high level of security . Y ou can then add new IP filters to allow ser ver access to those clients who req[...]

  • Страница 46

    46 Chapter 3 IP Firewall Service Addresse s with subnet masks in CIDR notation corres pond to address notation subnet masks. CIDR Corre sponds to Netmask Number of addresses in the range /1 1 28.0.0.0 4.29x1 0 9 /2 1 92.0.0.0 2. 1 4x1 0 9 /3 22 4.0.0.0 1 .07x1 0 9 /4 240.0.0.0 5 .36x1 0 8 /5 248.0.0.0 1 .34x1 0 8 /6 25 2.0.0.0 6.7 1x1 0 7 /7 254.0.[...]

  • Страница 47

    Chapter 3 IP Firewall Service 47 Using A ddress Ranges When you create filters using Ser ver Admin, you enter an IP address and the CIDR format subnet mask. Ser ver Admin shows you the resulting address range, and you can change the range by modifying the subnet mask. When y ou indicate a range of possible values f or any segment of an addr ess , t[...]

  • Страница 48

    48 Chapter 3 IP Firewall Service Setting Up F irewall Ser vice for the F irst Time Once you’v e decided which filters you need to create, follow these overview steps to set up firewall ser vice. If you need more help to per form any of these steps, see “Managing Firewall Service” on page 49 and the other topics referred to in the steps . Step[...]

  • Страница 49

    Chapter 3 IP Firewall Service 49 Step 5: S av e firewall service changes Once you have configured your filters and determined which ser vices to allow , sa ve your changes so the new settings take effect. Managing F irewall Service This section gives step-by-st ep instructions for starting, stopping , and configuring firewall address groups and fil[...]

  • Страница 50

    50 Chapter 3 IP Firewall Service • DNS/Rendezvous • ICMP Echo Reply (incoming pings) • IGMP (Internet Gateway Multicast P rot ocol) • PPTP VPN • L2TP VPN • QT SS media streaming • iT unes Music Sharing T o open the firewall for standard services: 1 In Ser ver Admin, choose Firewall from the C omputers & Services list. 2 Click Sett[...]

  • Страница 51

    Chapter 3 IP Firewall Service 51 Editing or Deleting an Addr ess Group Y ou can edit your address groups to change the range of IP addresses effected. The default address group is for all addresses. Y ou can remove address groups from your firewall filter list. The filters associated with those addr esses are also deleted . Addresse s can be listed[...]

  • Страница 52

    52 Chapter 3 IP Firewall Service T o create an IP filt er for TCP ports: 1 In Ser ver Admin, choose Firewall from the C omputers & Services list. 2 Click Settings. 3 Select the Advanced tab . 4 Click the New button. Alternatively , you can selec t a rule similar to the one you want to create, and click Duplicate then Edit. 5 Select whether this[...]

  • Страница 53

    Chapter 3 IP Firewall Service 53 • Remote Desktop • NFS • NetInfo UDP ports above 1 02 3 are allocated dynamically by certain ser vices, so their exact por t numbers may not be determined in adv ance. Addresse s can be listed as individual addresse s (1 9 2. 1 68.2.2) or IP address and CIDR netmask (1 92 . 1 68.2.0/24). T o easily configure U[...]

  • Страница 54

    54 Chapter 3 IP Firewall Service Editing Adv anced IP F ilters If you edit a filter after turning on firewall ser vice, your changes affect connections already established with the server . F or example, if an y computers are connected to your W eb server , and you change the filter to deny all access to the ser ver , connected computers will be di[...]

  • Страница 55

    Chapter 3 IP Firewall Service 55 Monitoring F irewall Ser vice Fir ewalls are a networks first line of def ense against malicious computer users (commonly called “hackers”). T o maintain the securit y of your computers and users , you need to monitor firewall activity and deter potential threats. This sections explains how to log and monitor yo[...]

  • Страница 56

    56 Chapter 3 IP Firewall Service Log Example 1 Dec 12 13:08:16 ballch5 mach_kernel: ipfw: 65000 Unreach TCP 10.221.41.33:2190 192.168.12.12:80 in via en0 This entry shows that firewall service used rule 65000 to deny (unreach) the remote client at 1 0.22 1 .4 1 .33:2 1 90 from accessing server 1 92. 1 68. 1 2. 1 2 on W eb port 80 via Ethernet port [...]

  • Страница 57

    Chapter 3 IP Firewall Service 57 Pr actical Examples The IP filters you create work together to provide securit y for your network. The examples that follow sho w how to use filters t o achieve some specific goals . Block Acce ss to In ternet Users This section shows you, as an example, how to allow users on your subnet access to your ser ver’ s [...]

  • Страница 58

    58 Chapter 3 IP Firewall Service T o do this: 1 In Ser ver Admin, choose Firewall from the C omputers & Services list. 2 Click Settings. 3 Select the G eneral tab . 4 Select the Any address group . 5 Enable “SMTP Mail” in the right pane. 6 Click the Add button to cr eate an address range . 7 Name the address group . 8 Enter 1 7 . 1 28. 1 00[...]

  • Страница 59

    Chapter 3 IP Firewall Service 59 Common Netw ork Administration T asks That Use F irewall Ser vice Y our firewall is the first line of defense against una uthorized network in truders, malicious users, and network virus attacks. There are many ways that such attacks can harm your data or use your network resources. This section lists a few of the c[...]

  • Страница 60

    60 Chapter 3 IP Firewall Service Con trolling or Enabling Netw ork Game U sage Sometimes network administrators need t o control the use of network game s. The games might use network bandwidth and re sources inappropriately or disproportionately . Y ou can cut off network gaming by blocking all traffic incoming and outgoing on the port number used[...]

  • Страница 61

    Chapter 3 IP Firewall Service 61 If you want to put your own rules in the ipfw .conf file, you can use a template that is installed at /etc/ipfilter/ipfw .conf.default. Duplicate the file, rename it, and edit it as indicated in the template ’ s comments. Preca utions By using the Advanced panel or creating your own rules, you can put the ser ver [...]

  • Страница 62

    62 Chapter 3 IP Firewall Service Reviewing IP F ilter Rules T o review the rules currently defined f or your server , use the T erminal application to submit the ipfw show command. The show command display s four columns of information: When you t ype: ipfw show Y ou will see information similar to this: 0010 260 32688 allow log ip from any to any [...]

  • Страница 63

    Chapter 3 IP Firewall Service 63 Deleting IP Filter Rule s T o delete a rule, use the ipfw delete command. This example deletes rule 2 00: ipfw delete 200 F or more information, consult the man pages for ipfw . P or t Reference The follo wing tables show the TCP and UDP port numbers commonly used by Mac OS X computers and M ac OS X Ser vers. The se[...]

  • Страница 64

    64 Chapter 3 IP Firewall Service 31 1 AppleShare IP remote Web administration, Server Monitor , Ser ver Admin (servermgrd), W orkgroup Manager (DirectoryS er vice) 389 LDAP (director y) Sherlock 2 LDAP search RFC 225 1 427 SLP (service location) 443 SSL (HTTPS) 514 shell 515 LPR (printing) RFC 1 1 79 532 netnews 548 AFP (AppleShare) 55 4 Real-Time [...]

  • Страница 65

    Chapter 3 IP Firewall Service 65 8000–8999 W eb service 1 6080 W eb service with per formance cache UDP port U sed for Reference 7 echo 53 DNS 67 DHCP server (BootP) 68 DHCP client 69 T rivial File T ransfer P rotocol ( TFTP) 111 Remote Procedur e Call (RPC) 12 3 Network Time P rotocol RFC 1 305 13 7 Windows Name Ser vice ( WINS) 13 8 Windows Dat[...]

  • Страница 66

    66 Chapter 3 IP Firewall Service Where to F ind More Information F or more information about ipfw: Y ou can find more information about ipfw , the process which con trols IP firewall ser vice, by accessing its man page. It explains how to access its f eatures and implement them. T o access the man page use the T erminal application to enter: man ip[...]

  • Страница 67

    4 67 4 NA T Ser vice Network Addr ess Tr anslation (NA T ) is sometimes referr ed to as IP masquerading , or IP aliasing. NA T is used to allow multiple computers acce ss to the Internet with only one assigned IP address. NA T allows you to create a private network which accesses the Internet through a NA T router or gateway . The NA T router takes[...]

  • Страница 68

    68 Chapter 4 NAT Service Configuring NA T Ser vice Y ou use Ser ver Admin to indicat e which network interface is connected to the Internet or other external network. T o configure NA T ser vice: 1 In Ser ver Admin, selec t NA T from the C omputers & Ser vices pane. 2 Click Settings. 3 Choose the network inter face from the “Share your connec[...]

  • Страница 69

    Chapter 4 NAT Service 69 T o view the NA T diver t log: 1 In the T erminal application enter: ipfw add 10 divert natd all from any to any via <interface> Where <interface> is the network interface selec ted in the NA T section of Ser ver Admin. 2 In Ser ver Admin, choose Firewall from the C omputers & Services list. 3 Click Settings[...]

  • Страница 70

    LL2351.Book Page 70 Monday, September 8, 2003 2:47 PM[...]

  • Страница 71

    5 71 5 VPN Ser vice Vir tual Priv ate Network ( VPN) is two or more computers or networks (node s) connected by a privat e link of encr ypted data. T his link simulates a local connection, as if the remote computer w ere attached to the local area netw ork (LAN). VPNs allow users at home or otherwise away from the LAN to securely connect to it usin[...]

  • Страница 72

    72 Chapter 5 VPN Service VPN and Security VPNs stress security by strong authen tication of identity , and encrypted data transport between the nodes , for data privacy and inalterabilit y . The following section contains information about each supported transport and authentication method. Authen tication Method Mac OS X Ser ver VPN uses Microsoft[...]

  • Страница 73

    Chapter 5 VPN Service 73 Befor e Y ou Set Up VPN Ser vice Before setting up Vir tual Private Network ( VPN) ser vice, you need to determine which transport protocol you’ re going to use. The table below shows which protocols are supported by different platf orms. If you’ re using L2TP , you need to have a Security Certificate from a Certificate[...]

  • Страница 74

    74 Chapter 5 VPN Service T o enable L2TP: 1 In Ser ver Admin, choose the VPN Service from the Computers & Services list. 2 Click Settings. 3 Select the G eneral tab . 4 Select L2TP . 5 Enter the shared secr et. 6 Set the beginning IP address of the allocation range. 7 Set the ending IP address of the allocation range. 8 Enter the group that has[...]

  • Страница 75

    Chapter 5 VPN Service 75 Configuring A dditional Netw ork Settings for VPN Clients When a user connects in to your ser ver through VPN, that user is given an IP address from your allocated range. If this range is not ser ved by a DHCP ser ver , you ’ll need to configure additional network settings. The se setting include the network mask, DNS add[...]

  • Страница 76

    76 Chapter 5 VPN Service Monitoring VPN Ser vice This section describes tasks associated with monitoring a functioning VPN ser vice. It includes accessing status reports, setting logging options, viewing logs, and monitoring connections. Viewing a VPN Status Overview The VPN Over view gives you a quick status repor t on your enabled VPN ser vices. [...]

  • Страница 77

    Chapter 5 VPN Service 77 Viewing the VPN Log Y ou’ll need to monitor VPN logs to ensure smooth operation of your Virtual Priv ate Network. The VPN logs can help you troubleshoot problems. T o view the log: 1 In Ser ver Admin, choose VPN Service from the Computers & Services list. 2 Click Logs. Viewing VPN Client C onnections Y ou can monitor [...]

  • Страница 78

    LL2351.Book Page 78 Monday, September 8, 2003 2:47 PM[...]

  • Страница 79

    6 79 6 NTP Ser vice Network Time Protocol (NTP) is a network pr otocol used to synchroniz e the clocks of computers on your network to a time reference clock. NTP is used to ensure that all the computers on a network are r eporting the same time. If an isolated network, or even a single computer , is running on wrong time, ser vices that use time a[...]

  • Страница 80

    80 Chapter 6 NTP Service Using NTP on Y our Network Mac OS X Ser ver can act not only as an NTP client, receiving a uthoritative time from an Internet time server , but also as an a uthoritative time server for a network. Y our local clients can query your ser ver to set their clocks . It’ s advised that if you set your server to answer time quer[...]

  • Страница 81

    Chapter 6 NTP Service 81 Configuring NTP on Clien ts If you have set up a local time ser ver , you can configure your clients to quer y your time ser ver for getting the netw ork date and time. By default, clients can quer y Apple’ s time ser ver . The se instructions allow you to set your clients to quer y your time ser ver . T o configure NTP o[...]

  • Страница 82

    LL2351.Book Page 82 Monday, September 8, 2003 2:47 PM[...]

  • Страница 83

    7 83 7 IPv6 Suppor t IPv6 is shor t for “Internet P rot ocol V ersion 6."IPv6 is the Int ernet’ s nex t-generation protocol designed to r eplace the current In ternet Pr otocol, IP V ersion 4 (IPv4, or just IP). The current In ternet P rotocol is beginning to ha ve problems coping with the gro wth and popularity of the Internet. IPv4’ s [...]

  • Страница 84

    84 Chapter 7 IPv6 Support IPv6 Enabled Ser vices The following services in Mac OS X Ser ver support IPv6 in addressing: • DNS (BIND) • IP Fir ewall • Mail (POP/IMAP/SMTP) • SMB • W eb (Apache 2) Additionally , there are a number of command-line tools installed with M ac OS X Ser ver that suppor t IPv6 (for example , ping6, and tracerout e[...]

  • Страница 85

    Chapter 7 IPv6 Support 85 The final notation type includes IPv4 addresses. Because many IPv6 addr esses are extensions of IPv4 addresses , the right-most four b ytes of an IPv6 addre ss (the right- most two byte pairs) can be r ewritten in the IPv4 notation. T his mixed notation (from the above example) could be expre ssed as: E3C5:4AC8:1 92. 1 68.[...]

  • Страница 86

    86 Chapter 7 IPv6 Support Where to F ind More Information The working group for the In ternet Pr otocol Version 6 websit e is www .ipv6.org . A group of IPv6 enthusiasts maintains a list of applications that support IPv6 at the website www .ipv6forum.com/navbar/links/v6apps.htm. Request F or Commen t Documents Request for C omments (RFC) documents [...]

  • Страница 87

    87 Glossary Glossar y This glossary defines terms and spells out abbreviations you ma y encounter while working with online help or the Mac OS X Ser ver Network Ser vices Administration for V ersion 1 0.3 or Later manual. Refer ences to terms defined elsewher e in the glossary appear in italics. bit A single piece of information, with a value of ei[...]

  • Страница 88

    88 Glossary firewall Software that protects the network applications running on your ser ver . IP firewall service, which is part of Mac OS X S er ver software, scans incoming IP packets and rejects or accepts these pack ets based on a set of filters you create. FTP (File T ransfer Protocol) A pr otocol that allows computers t o transfer files o ve[...]

  • Страница 89

    Glossary 89 ISP (Internet service provider) A busine ss that sells Internet access and often pro vides web hosting for ecommer ce applications as well as mail services. L2TP (Layer T wo T unnelling Protocol) A network trans por t protocol used for VPN connections. It is essentially a combination of Cisco ’ s L2F and PPTP . L2TP itself is not an e[...]

  • Страница 90

    90 Glossary multicast An efficient, one-to-many form of streaming . Users can join or lea ve a multicast but cannot other wise interact with it. multihoming The ability to suppor t multiple network connections. When more than one connection is available , Mac OS X selects the best connection according to the order specified in Netw ork preference s[...]

  • Страница 91

    Glossary 91 port A sor t of vir tual mail slot. A server uses port numbers to determine which application should receive data pack et s. Fir ewalls use port numbers to determine whether or not data packets are allowed to tra verse a local network. “P ort ” usually refers to either a TCP or UDP por t. protocol A set of rule s that determines how[...]

  • Страница 92

    92 Glossary SLP (Ser vice Location P rotoc ol) DA (Directory Agent) A protocol that registers ser vices av ailable on a network and give s users easy access to them. W hen a ser vice is added to the network, the ser vice uses SLP to register itself on the network. SLP/DA uses a centralized r epository for registered network services. SMTP (Simple M[...]

  • Страница 93

    Glossary 93 UDP (User Datagram P rotoc ol) A communications method that uses the Internet Prot ocol (IP) to send a data unit (called a datagram) from one computer t o another in a network. Network applications that have very small data units to exchange ma y use UDP rather than T CP . unicast The one-to-one f orm of streaming. If RTSP is provided ,[...]

  • Страница 94

    LL2351.Book Page 94 Monday, September 8, 2003 2:47 PM[...]

  • Страница 95

    95 Index Index A AirPort Base Stations DHCP service and 9 B BIND 17, 18, 19, 37–40 about 37 configuration File 38 configuring 37–40 defined 37 example 38–40 load distribution 36 zone data files 38 C CIDR netmask notation 45, 47 D DHCP servers 8, 40 interactions 9 network location 8 DHCP service 7–16 AirPort Base Stations 9 changing subnets [...]

  • Страница 96

    96 Index I IANA registration 18 In 6 Internet Gateway Multicast Protocol See IGMP Internet Protocol Version 6 See IPv6 IP addresses assigning 9 DHCP and 7 DHCP lease times, changing 12 dynamic 8 dynamic allocation 8 IPv6 notation 84 leasing with DHCP 7 multiple 47 precedence in filters 47 ranges 47 reserved 9 static 8 IP Filter module 61–63 IP fi[...]

  • Страница 97

    97 Index P ports Mac OS X computers 63–65 TCP ports 63–64 UDP ports 65 R round robin 36 rules, IP filter 61–63 S Server 10, 15, 57, 58, 69 servers DHCP servers 40 name servers 18 static IP addresses 8 Stratum time servers 79 subnet masks 45 subnets 8 creating 8, 10 T TCP/IP private networks 36–37 TCP ports 63–65 Terminal application 62 ti[...]