Macinosh DSL Question

Factual Questions
1

OK - Here’s what I got:
[ul]
[li]A new Mac G4[/li][li]A PMac7100/80 AV[/li][li]A Stylewriter II[/li][li]A Color Stylewriter[/li][li]A LaserWriter 4/600PS[/li][li]A LocalTalk Bride[/li][li]Appropriate PhoneNet Cables and adapters[/li][/ul]

I was all set to get going when I heard news that means I am probably green-lighted for DSL from Southwestern Bell.

I set up an order from them and am currently waiting for their engineers to check my lines.

So, here’s the thing: They want to sell me a single IP and not have anything to do with setting up my network. I understand that PhoneNet is not worth the trouble if I want DSL speeds, but I have some questions about setting up my EtherNet.

Anyone out there done this before?

Is there a solution that does not involve me leaving a computer (“server”) on all the time?

2

I’m not sure I follow…

No matter what kind of DSL you get you can turn your computer on and off.

You either have:

  1. Static IP address – Every time you turn on your Mac you get this address.

  2. DHCP IP Address – Every time you turn on your Mac you get assigned an IP address from an available pool managed by your ISP.

You should be good to go either way.

3

you don’t need a server. you’ll need the router or dsl modem that the isp should either sell you, or inform you of what type you need. they usually supply you with all the info you need as well as far as ip addresses for your tcp/ip and the such. you don’t need to assign your printers or anything else addresses, unless you’re configuring for a network of your own. all you’ll need is the ip address, domain, gateway, and enter those with your subnet and make sure you have the protocols set. I believe on a mac its simple, just open the conrol panels-tcp/ip and set the numbers there, then open the ppp and set the numbers they give you there, make sure your ethernet card is set up and installed drivers, restart, and set up your browser to go.
no worries.

4

I’m sorry - my OP wasn’t too clear.

I want to share that DSL line between the two machines.

Now do my issues make more sense?

5

If you use DSL, you can share with with network computers but the phone comp won’t show you how to do that.

6

Will you?

That’s what I’m asking! :slight_smile:

7

your router should have enough ports on it for several computer. both comps will need an ethernet card of course. just give each computer a seperate host id in the ip address. Your ISP should let you know what range you have.

or

set up one mac as a server, and the other as a client.

8

If you get just the one IP address, then you must share it by doing something like Network Address Translation. I’m more familiar with Windows, but I’m sure something like this exists for the Mac.

The basic idea is that you’d have one mac connected directly to the DSL modem, and you’d have a second network card in the mac to which you would connect a hub, and you can connect anything you want to the hub.

You set the one network card connected to the DSL modem to have the IP address and gateway info and stuff the phone company gives you, you set the other to a private IP - there are ranges of IP addresses that are not valid on the internet, but are valid on a lan. One such range is 192.168.0.xxx through 192.168.255.xxx
So, set up the second network card to use 192.168.1.1, then all other devices should be in the same subnet (192.168.1.xxx) and use 192.168.1.1 as their gateway.

Finally, you need software on the mac with two cards to allow it to do this. That’s the bit I don’t know about.

For a linux box it’s easy and you can find info on it at linuxdoc.org, but I don’t know if you want to get a linux box. That’s what I did, built up a cheap PC with two cards and used it as my firewall - if you did that, then all your macs would have 192.168.xxxxxx addresses and would all talk through the firewall. It might also be a bit more secure…

9

More secure than a Mac?!?!

Everyone is being helpful, but we’re still a bit over my head.

If I buy an Ethernet Hub and connect it to the DSL hardware, then plug my two Macs into the Hub, I will get internet at DSL speeds on both Macs, no?

:confused:

10

Connecting the two Macs to the Enet hub will give both DSL speed, though they will share (each half-ish) the speed if both are sending or receiving at the same time.

I remember from my installation manual that it’s important to have the right cables–the Enet crossover cable that they provided you will go from the hub to the modem, and you’ll have to get two STRAIGHT line (not crossover) cables to go from the hub to the Macs.

I have a dynamically assigned IP from a DHCP server for my modem. I have a G3 Mac, and my DSL service and ISP are both GTE.

I’d be interested in hearing how the static IP works for two Macs on a hub. I’m guessing that the hub will have the static IP, and it (the hub) will assign two slightly different IPs for the Macs, or handle the issue somesuch way.

I had a hell of a time getting the DSL to work. I KNEW that I set up everything okay, and that my line was okay, but it still took over a week for it to work. The people on the tech support could tell that my line was okay, but they kept having me check my settings (the settings are incredibly simple on a Mac). They could see that there was data from them to my modem, and from my modem to them, but there was no data from the ISP. Figuring out that the tech support people had nothing to do with the ISP took a few days–the tech support people only know about how to plug the modem in, for crying out loud. And, apparently, there were only two people in all of GTE who have ever touched a Mac, let alone dealt with networking one. I was on the phone with them every night for several hours, doing the same stupid checks of my settings, and continually restarting the Mac.
I also spent a lot of time trying to contact the people who were supposed to be sending the data (the ISP, I guess), but they have no listed phone number. Finally, one tech person was able to find the number, and I called them. I was immediately transferred back to the tech support, without knowing it.

One day, it just worked. I called the tech guy I had been working with, and he had no idea how it happened.

Seriously, if they’re going to market DSL as this great new broadband solution, they need to know how to do it right.

11

No.

Let’s say that your ISP assigns you the IP address 126.145.132.19.

When your DSL hardware receives a packet for 126.145.132.19, which of the two computers gets that packet?

There is no way to tell with a hub connecting the two computers, because a hub isn’t smart enough.

To connect more than one computer to your DSL through a network, you need to run TCP/IP on your network (it’s traditional to use 192.168.xxx.xxx for the IP addresses on your private network) and have some software running somewhere that keeps track of packets coming from your computers, translating IP addresses as necessary, and parceling out incoming packets to the appropriate computers.

The easiest way to get this is to have that software running in a router (which is a very small and specialized computer running the appropriate software). Then all packets from or to your IP address pass through the router, and it sorts them out. Routers used to be too expensive for home use, but they’re coming down. I’ve heard several good reports on the LinkSys BEFSR14. It’s a router plus a switch, includes a DHCP server to dynamically assign IP addresses on your network, and as long as four ports are enough you don’t need any other hubs or anything. It goes for around $160 (e.g. at Buycomp. A friend of mine is using it for a network with one Mac and one NT/Linux box at home, and reports that the Mac occasionally has problems but overall it’s great. Also see this review.

Another way to do this, mentioned before, is to put two network cards in one computer and run appropriate software on that computer. That computer need not be left on all the time, but the other computer will not be able to access the network unless the computer with two network cards is on. I do this with Wingate on my home network, but Wingate doesn’t run on a Mac.

Finally, some DSL “modems” have more than one port (actually, I think all DSL modems are really routers, but I don’t know that for sure). If your ISP gives you a DSL modem with two ports (which some do) into which you can plug computers, then you can plug the two computers directly into those ports. However, you won’t have a network; you won’t be able to share files and printers and whatever between the two computers.

In any of these cases your computers will be extremely vulnerable to attacks over the Internet, and I strongly suggest that you look into firewall software for the Mac.

12

JonF:
Thanks for your help - I’m beginning to understand my options.

It was my understanding that Macs were, by their very nature, much less vulnerable than PC’s.

Is this not so?

13

Well, I’m no Mac expert, but I can give you my thoughts. Vulnerabilites in general include the ability of outsiders to access your computer through TCP/IP, the possibility of exposing your computer’s contents to outsiders by exposing them to other internal computers, and the ability of outsiders to exploit bugs and vulnerabilities in the software running on your computers (including the OS).

Regarding the ability of outsiders to access your computer through TCP/IP, I’m virtually certain that the Mac has no security advantage over the PC. If you are running TCP/IP on any computer, be it over DSL or a dial-up connection or whatever, outsiders can get at your computer and interact with it unless you use a firewall. It will be somewhat easier and more likely if you have DSL and a dynamic IP address assigned for a range that your ISP uses, and it will be significantly easier and more likeley if you have DSL and a fixed IP address. However, the likelihood of them doing anything you don’t want them to do depends on the other two vulnerabilities.

Regarding the possibility of exposing your computer’s contents to outsiders through the Mac equivalent of “file and printer sharing”, I just don’t know. On a Windows box, if you set up file and printer sharing in the easiest manner, you wind up being wide open. If your Mac can be and is set up to use the TCP/IP protocol for its file and printer sharing, then you’re probably wide open. If your Mac does not use TCP/IP for file and printer sharing, but the protocol that does implement file and printer sharing is going through the same network adapter that the TCP/IP connection is and you have no firewall, then you may well be wide open. This is an argument for going the two-adapters-in-one-computer route; you can bind TCP/IP only to the adapter that connects to the DSL modem, and bind TCP/IP and your other protocol(s) to the adapter that connects only to your internal network.

Regarding the vulnerabilities in the software running on your computer, really the only question is whether people are likely to bother. There are many more Unix and Linux and Windows boxes available for them to beat on, and there are lots of known places to beat on in those systems. But, the number of Macs available to beat on is not small, and I’ll bet there are places to beat on. My guess is that the fact that you are using a Mac makes it noticably less likely that someone’s going to hit you, but that there is still a significant probability of someone trying to hit you on the order of one to ten times per day.

There are sites that will scan your computer for vulnerability. Secure Me is a good one that works with Macs, and there’s also a pretty good one at Gibson Research that may not work with a Mac.

I came up with a few links that may interest you, regarding the software version of the router:

Soft Router; $99 for up to 5 users, firewall, NAT, DHCP, … looks pretty sexy to me.

IPNetRouter; $89 for unlimited users, no firewall, NAT, DHCP.

Connecting your Office to the Internet

14

That is not so. Most desktop OS’s are not designed to be thrown headlong into the hurly-burly of the internet. They are designed with the idea that anyone who has physical access to the computer has the right to do anything they want to the computer, and quite often they by default are open to access from the internet.

There are tales of people finding printouts from their neighbors computers on their printers. These are usually associated with cable modems and not DSL, but there are people who as a hobby routinely scan blocks of IP addresses known to be DSL based and look for a chink in the armor. A desktop OS such as Windows 98 or Macintosh are not by default safe from such attacks.

As mentioned above, Windows can run software to screen out ‘bad’ stuff, and I’m sure something similar exists for the mac. This acts like a firewall, but if you don’t do everything right on those machines you can still be vulnerable. In my opinion it is still safer if all your machines that contain data you care about are behind a firewall that is well configured, but I’m sure wingate and other software on a desktop machine with a direct connection are secure enough for most people.

Basically, you have to ask yourself how much you care. When I first got DSL, I hooked my Windows NT pc up to the line directly, and just turned it off when not in use. Not the best security, but it was OK. When I got the chance to get an old crappy PC for $5, I installed linux on it and made it my always-on firewall. My wife with her mac and I with my PC now are happily sharing the network connection without security fears.

Here is an interesting article on someone whose system was cracked because of lax security. It was a PC, but the mac is also vulnerable.
http://www.salon.com/tech/feature/1999/12/22/hacked/index.html

15

The links to the software router products JonF pointed out are definitely where you want to look. One correction is that IPNetRouter does claim to have a firewall feature. Having been involved with Mac-related networking products for the last 12 years (though less extensively the last 18 months or so), I’m familiar with both products and know of many people using one or the other. I’ve met the guys from Vicom at trade shows, Apple developer conferences, etc., and like them personally, but that’s no reason for you to flock to them.

Regarding the question of whether Macs are more secure than Wintel boxes when connected to the internet continuously, the answer is yes they are . . . and no they aren’t. Many of the favorite tricks of malicious network intruders depend on finding a UNIX or (these days) a Wintel box at your end. Even assuming that they’re able to find an open port for what they’re trying to do, if it involves installing and then executing any program code, it won’t work (since the Mac can’t directly run applications written and compiled for another platform). Many common invasion strategies also depend on the known behavior of UNIX apps (or ported versions of them in other environments). So in that sense, you’re less vulnerable. You’re also somewhat less likely to have left the most common types of access “doors” open than a Windows user, but not dramatically so. If you disable File Sharing and Web Sharing, don’t run any other web server or FTP server software on the machines, and turn off AppleTalk, there’s a very small amount anyone from the outside can do. Since you have more than one machine, however, it’s nice for them to be able to talk to each other, which means at least a few things need to be on.

The basic rules of the game are to:

[ul]
[li]shut off any level of external access to your machines that isn’t necessary for what you do with them (i.e., File Sharing, Web Sharing, AppleTalk)[/li][li]if you do have File Sharing enabled, make sure guest access is off (or at least extremely tightly restricted)[/li][li]if file sharing is on, make sure that the owner account name is different from the machine name, is not your real name, and has a password that follows good password practices (i.e., the longer the better, the more random the better, is not easily guessed by someone who has your wallet in their hand or knows your family history, contains both letters and numbers, etc.); the reason this is important is that the owner account always has access to the entire system, including all local drives, whenever it’s successfully logged on[/li][li]if file sharing is on, make sure that only folders that need to be accessed from another machine are shared, and that those folders contain nothing you will be compromised by having publicly accessible and nothing that you do not have backed up someplace else[/li][li]if you have Web Sharing enabled, review the Actions tab in the Web Sharing preferences to make sure you understand the security implication of any actions that are allowed[/li][li]if Web Sharing is enabled, make sure that the minimum required set of folders is shared this way[/li][li]review the documentation for any product you install that has any type of network functions (especially if it runs all the time as a server or background process) to be sure you understand what types of access it may allow to your machine and what steps you need to take to protect your machines while still doing what you need to do.[/li][li]if there’s no reason for someone outside your home to access your machines, you can do worse than turning them off when you aren’t using them. I’m not ordinarily a fan of lots of startup/shutdown cycles, but in this case, there’s a reason for doing it.[/li][/ul]

I’m sure others can add more, but that’s what comes to mind immediately. The more access you want to allow, the more possibilities for malicious access you enable.

In your case, since you’ve been using LocalTalk happily for sharing files and printers up to this point (judging from your list of hardware and software), you can probably accomplish a lot by simply continuing to run AppleTalk over the LocalTalk connection, so that only TCP/IP is running on Ethernet. File sharing between the two machines will be somewhat slower than if they shared via Ethernet, but your machines and printers remain accessible to each other without being made available outside your home to someone else running AppleTalk via Ethernet on another Mac somewhere upstream (I have heard anecdotes of Mac users, particularly cable modem users, being able to see a surprising number of other machines through their Internet connection). In fact, either of the software router products JonF mentions would allow you to connect only the G4 to Ethernet and leave the 7100 on LocalTalk and still have it connected to the Internet, albeit at a maximum theoretical bandwidth of 230.4Kbps (and probably about 100Kbps in practice, given that the IP packets have to broken up and encapsulated, then reconstituted when they’re received).

As long as you don’t run any web server, FTP server, or mail server software on either machine, there should be little or nothing for the typical hacker to get to on your machine, and you can confirm that with one of the tools that checks which TCP/IP ports are active on your machine.

Let me know if you have any specific questions or if I’ve muddied the waters along the way.

16

The Linksys EtherFast Cable/DSL router (Model no. BEFSR41) can be had for under $200, and is easy to set up for a situation like yours. I have a similar setup using this box for my PC’s. There is no client-side software needed, so it should work just fine for your Macs. It has a built-in 10/100 switch (4 ports), so no additional hardware is needed. Check Buy.com and other web retailers for pricing.

Be advised, however, that it’s probably a violation of your Terms Of Service to do this, unless you spring for the more expensive Business DSL services. A coworker got reprimanded by his ISP (GTE) for running an FTP server at home. If you don’t run servers on your network, though, your ISP should never know that you share the IP address.