Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
2-06-2005 21:01
This answer didn't work for me. I bought the Apple Base Station specifically to be both a Wireless Access
Point (WAP) as well as a NAT. Other, cheaper WAP/NAT boxes allow several configuration options that
the most current Apple Base Station Admin Utility Software does not. The two missing configuration items
requiring me to 'work different' were:
ABS Software Missing Item #1: locking a specific DHCP'd IP address to a specific MAC
address (the address of your network card), so that while a machine is still leasing an IP address, it
gets the same IP address each time. This would be sooooo nice for things like TiVo and ethernet
printers!!!
and
ABS Software Missing Item #2: range-based port mapping assignments (instead of single port
to port mapping).
To get things up and running most effectively, you need to solve both problems.
Workaround for Issue #1: Semi-permanent DHCP'd IP address
http://www.prairienet.org/~mcc/AirportFTPSetup.html
Pagina 1 di 5
2-06-2005 21:01
This can most easily be accomplished by setting the DHCP lease time to 9999, as seen highlighted in red
below:
Fig 1: Airport Admin Utility - Setting ABS as a NAT/DHCP server with extended lease time
Note that should you need to reassign your DHCP'd addresses in the future (in the next 27 years, anyway)
you'll need to flip your System Preferences:Network:TCP/IP settings to manual, apply/save, and then flip
them back to DHCP. There's probably a one-line command available from the terminal (as there is in
Windows 98/2000/NT/XP) but this works for me.
You could manually assign each of your computers a TCP/IP address, say 10.0.1.201, but I like to keep
things all in one place, and it's easier to keep all of my TCP/IP configuration for all the machines on my
network in one spot, and serve them out via DHCP. It also means that if the ISP updates their DNS servers,
then DHCP will also update the individual computer's DNS settings. You could also set OS X up to use a
manual IP address with DHCP'd everything else.
That was the easy part.
Workaround for Issue #2: The port mapping by range problem
To understand this problem you must first understand some of the nuances of how FTP works, specifically,
the differences between active and passive FTP. In a nutshell, most system administrators prefer to firewall
all but the well-known ports on their network. With FTP, it forces the insecure portion of the connection to
occur on the serving machine (i.e., my mac at home). After the initial connection is made, the FTP server
will shift the data transfer portion of the connection to a random, open, high-numbered port. Well, the Apple
Base Station also firewall's, and it prefers that the insecure portion of the connection occurs on the other end.
So... we have two very secure networks, and the end result is you're not getting any work done. So let's
make things on my end a lot more insecure. The obvious thing to do is to port map all the 'ephemeral' ports
-- all the high numbered ports that aren't assigned to a well-known protocol -- to our FTP server. The typical
way to do this is to put a line in your NAT server like this:
http://www.prairienet.org/~mcc/AirportFTPSetup.html
Pagina 2 di 5
2-06-2005 21:01
But you CAN'T! The best you can do is add an individual entry for each single solitary port like this:
http://www.prairienet.org/~mcc/AirportFTPSetup.html
Pagina 3 di 5
2-06-2005 21:01
Fig 5: PureFTPd Manager - accessing Server preference pane to set passive ports
And last, set your passive port settings using the range you entered into the Airport Admin Utility:
http://www.prairienet.org/~mcc/AirportFTPSetup.html
Pagina 4 di 5
2-06-2005 21:01
>
Has this page been of service to you? If so, I'd be honored if you would consider supporting it with
a small donation by PayPal:
http://www.prairienet.org/~mcc/AirportFTPSetup.html
Pagina 5 di 5