Manuals / Apple / Kitchen Appliance / Frozen Dessert Maker

Apple 034-2351_Cvr manual IP Firewall Service

Models: 034-2351_Cvr

1 97

Download 97 pages 56.32 Kb

Page 44

Chapter 3 IP Firewall Service

44

Services such as Web and FTP are identified on your server by a Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) port number. When a computer tries to connect to a service, firewall service scans the filter list for a matching port number.

•If the port number is in the filter list, the filter applied is the one that contains the most specific address range.

•If the port number is not in the list, the Default filter that contains the most specific address range is used.

The port filters you create are applied to TCP packets and can also be applied to UDP packets. In addition, you can set up filters for restricting Internet Control Message Protocol (ICMP), Internet Group Management Protocol (IGMP), and NetInfo data.

Important: When you start firewall service the first time, most all incoming TCP packets are denied until you change the filters to allow access. By default, only the ports essential to remote administration are available. These include access by Remote Directory Access (625), Server Administration via Server Admin (687), and Secure Shell (22). For any other network service, you must create filters to allow access to your server. If you turn firewall service off, all addresses are allowed access to your server.

If you plan to share data over the Internet, and you don’t have a dedicated router or firewall to protect your data from unauthorized access, you should use firewall service. This service works well for small to medium businesses, schools, and small or home offices.

Large organizations with a firewall can use firewall service to exercise a finer degree of control over their servers. For example, individual workgroups within a large business, or schools within a school system, may want to use firewall service to control access to their own servers.

IP Firewall also provides stateful packet inspection which determines whether an incoming packet is a legitimate response to an outgoing request or part of an ongoing session, allowing packets that would otherwise be denied.

Mac OS X Server uses the application ipfw for firewall service.

Chapter 3 IP Firewall Service

Image 44

Apple 034-2351_Cvr manual IP Firewall Service

Contents

Mac OS X Server Network Services Administration For Version 10.3 or Later034-2351/9-20-03 Apple Computer, Inc2003 Apple Computer, Inc. All rights reserved Contents How to Use This GuideUsing This Guide Setting Up Mac OS X Server for the First TimeNAT Service Configuring NAT ServiceMonitoring NAT Service VPN ServiceHow to Use This Guide Using This GuideWhat’s Included in This Guide PrefaceGetting Additional Information Setting Up Mac OS X Server for the First TimeGetting Help for Everyday Management Tasks DHCP Service Before You Set Up DHCP ServiceUsing Static IP Addresses Creating SubnetsAssigning IP Addresses Dynamically Locating the DHCP ServerSetting Up DHCP Service for the First Time Using Multiple DHCP Servers on a NetworkInteracting With Other DHCP Servers Assigning Reserved IP AddressesManaging DHCP Service Starting and Stopping DHCP ServiceCreating Subnets in DHCP Service Step 2 Set up logs for DHCP serviceChanging Subnet Settings in DHCP Service To change subnet settingsDeleting Subnets From DHCP Service Setting the DNS Server for a DHCP SubnetChanging IP Address Lease Times for a Subnet To delete subnets or address rangesTo set LDAP options for a subnet Setting LDAP Options for a SubnetSetting WINS Options for a Subnet Monitoring DHCP Service To disable a subnetDisabling Subnets Temporarily Viewing the DHCP Status OverviewSetting the Log Detail Level for DHCP Service To set up the log detail levelViewing DHCP Log Entries Viewing the DHCP Client ListWhere to Find More Information DNS Service Before You Set Up DNS Service Setting Up DNS Service for the First TimeSetting Up Multiple Name Servers DNS and BINDStep 2 Learn and plan Step 3 Configure basic DNS settings Step 6 Set up a mail exchange MX record optionalStep 8 Start DNS service Step 4 Create a DNS ZoneManaging DNS Service Starting and Stopping DNS ServiceTo start or stop DNS service To enable or disable zone transferTo enable or disable recursion Managing ZonesAdding a Master Zone MasterTo add a slave zone Adding a Slave ZoneTo add a master zone Adding a Forward Zone Duplicating a ZoneTo add a forward zone To duplicate a zoneManaging Records Modifying a ZoneDeleting a Zone To modify a zoneAdding a Record to a Zone To add a recordModifying a Record in a Zone Deleting a Record From a ZoneTo modify a record To delete a recordViewing DNS Service Status Viewing DNS Service ActivityTo view DNS service status To view DNS service activityChanging DNS Log File Location Viewing DNS Usage StatisticsTo change the log detail level To change the log detail levelSecuring the DNS Server DNS SpoofingServer Mining To see DNS usage statisticsDNS Service Profiling Denial-of-ServiceDoSTo specify zone transfer IP addresses To alter BIND’s version responseallow-recursion 127.0.0.0/8 Service Piggybackingoptions Setting Up MX Records Enabling Redundant Mail Servers Configuring DNS for Mail ServiceTo enable MX records Setting Up Namespace Behind a NAT Router To enable backup or redundant mail serversSetting Up a Private TCP/IP Network Network Load Distribution aka Round RobinConfiguring BIND Using the Command Line What Is BIND?BIND Configuration File BIND on Mac OS X ServerPractical Example Zone Data FilesConfiguring Clients Setting Up Sample Configuration FilesTo set up the sample files Using DNS With Dynamically Assigned IP Addresses Check Your ConfigurationRequest For Comment Documents Where to Find More InformationPage IP Firewall Service Chapter 3 IP Firewall Service What is a Filter? Understanding Firewall FiltersIP Address Subnet MaskChapter 3 IP Firewall Service Number of addressesCIDR Corresponds to NetmaskUsing Address Ranges Rule Mechanism and PrecedenceMultiple IP Addresses SampleSetting Up Firewall Service for the First Time Step 2 Start firewall serviceStep 1 Learn and plan Step 4 Add filters to the IP filter listManaging Firewall Service Starting and Stopping Firewall ServiceOpening the Firewall for Standard Services Step 5 Save firewall service changesTo create an address group To open the firewall for standard servicesCreating an Address Group Editing or Deleting an Address Group Duplicating an Address GroupCreating an Advanced IP Filter for TCP ports To edit or delete an address groupCreating an Advanced IP Filter for UDP Ports To create an IP filter for TCP portsTo create an IP filter for UDP ports Changing the Default Filter To change the Default settingEditing Advanced IP Filters To edit advanced IP filtersMonitoring Firewall Service Setting Up Logs for Firewall ServiceTo set up logs To view the log for firewall serviceViewing Denied Packets Viewing Packets Logged by Filter RulesLog Example To view denied packetsBlock Access to Internet Users Practical ExamplesBlock Junk Mail To do thisTo do this Allow a Customer to Access the Apple File ServerTo do this Controlling or Enabling Peer-to-PeerNetwork Usage Preventing Denial-of-ServiceDoS AttacksTo prevent ping denial-of-serviceattacks Background Advanced ConfigurationControlling or Enabling Network Game Usage Precautions Creating IP Filter Rules Using ipfwReviewing IP Filter Rules Creating IP Filter RulesChapter 3 IP Firewall Service Rule numberPort Reference Deleting IP Filter RulesChapter 3 IP Firewall Service TCP portUsed for ReferenceChapter 3 IP Firewall Service TCP portUsed for ReferenceFor more information about ipfw Where to Find More InformationRequest For Comment Documents man ipfwTo start NAT service NAT ServiceStarting and Stopping NAT Service Configuring NAT Service Monitoring NAT ServiceTo configure NAT service Viewing the NAT Status OverviewTo view the NAT divert log For more information about natdWhere to Find More Information Request For Comment DocumentsPage VPN Service Authentication Method VPN and SecurityTransport Protocols Point to Point Tunneling Protocol PPTPBefore You Set Up VPN Service Managing VPN ServiceStarting or Stopping VPN Service Enabling and Configuring L2TP Transport ProtocolTo enable PPTP Enabling and Configuring PPTP Transport ProtocolTo enable L2TP To set routing definitions Configuring VPN Network Routing DefinitionsTo configure addition network settings Monitoring VPN Service Setting the Log Detail Level for VPN ServiceSetting the VPN Log Archive Interval To set up the log archive intervalViewing the VPN Log Viewing VPN Client ConnectionsTo view the log To view client connectionsPage NTP Service How NTP WorksTo set up NTP service Using NTP on Your NetworkSetting Up NTP Service Configuring NTP on Clients To configure NTP on clientsWhere to Find More Information Request For Comment DocumentsPage IPv6 Support IPv6 Enabled Services IPv6 Addresses in the Server AdminIPv6 Addresses NotationIPv6 Address Types IPv6 Reserved AddressesIPv6 Addressing Model Where to Find More Information Request For Comment DocumentsGlossary GlossaryGlossary LDAP Lightweight Directory Access Protocol A standard client-serverprotocol for accessing a directory domain name server See DNS Domain Name System search path See search policy UCE unsolicited commercial email See spam Page Page Index IndexIndex Index