On Sep 4, 2008, at 9:00 AM, Andrew Le wrote:
> > Hi, > > I have a similar situation. > > Say I have Verizon DSL modem/router. > > And I have say two Macs connected to it with internal IPs (192.*.*.*). > > The modem itself has an external IP, but don't I need to configure > the modem > itself so that my two Macs have separate external IPs known to the > world so > I can access (say SSH into them) from the outside world? > > I've not been able to figure this out yet. You can't. You only have one external IP address, what you do is this: Go into your router's NAT setup and forward the SSH port (port 22) to one of the intenral IP addresses. To accomplish this, you'll also have to assign static internal addresses to the Macs as well, Most of these routers support a chunk of their address space as static, see the documentation for your router. Once NAT forwarding is set to one of the Macs, you can ssh to it from the outside world. THEN you ssh from that mac to the other one. Some suggested ssh hacks enabled by editing /etc/sshd_config change the line Protocol 1,2 to: Protocol 2 This prevents ssh from connecting with an old, vulnerable protocol. "Protocol 2" is now the default. And somewhere in there add the line: AllowUsers <usernames of users allowed to log in> If you look in your security log, (viewable in Consol under Var/ log>secure.log) you will likely see scads of failed login attempts. (these are pretty much all skriptkiddies spamming for vulnerable machines, attempting logins under common vulnerable usernames) AllowUsers is a belt&suspenders approach to blocking potential attackers. If you want a little more security, change the standard port from 22 to something else. This discourages the automated attacks. A determined attacker can always scan a system to determine what port sshd is answering on, so it's only a mild precaution, but in general ssh is pretty tight. By default on a stock install of OS X you're battened down quite tightly. The vulnerabilities arise when people start installing their own network services and things like PHP on their own, forgetting to change default passwords and such like. If you look in secure.log (filter on the string ' error: PAM: Authentication failure') you'll see scads of failed logins. I get hundreds a day from skriptkiddie attacks. -- Bruce Johnson University of Arizona College of Pharmacy Information Technology Group Institutions do not have opinions, merely customs --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to Low End Mac's iMac List, a group for those using G3, G4, G5, and Intel Core iMacs as well as Apple eMacs. The list FAQ is at http://lowendmac.com/imac/list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/imaclist?hl=en Low End Mac RSS feed at feed://lowendmac.com/feed.xml -~----------~----~----~----~------~----~------~--~---
