User Guide

Contents

• Multi-NIC Gateways and Related Advanced Configuration Techniques
• IPNetRouter Guide to AirPort
• DHCP and Mac OS
• Internet Sharing Using A Cable/xDSL Modem and Only One Ethernet
• Connecting to the Internet Using a Cable/DSL/ADSL Modem and Dual Ethernet
• Internet Sharing Using Remote Access (OT/PPP) and Ethernet
• Building Your Own Low Cost Ethernet
• Building a Firewall Using IP Filtering
• Using LocalTalk (MacIP over AppleTalk)
• Connecting to the Internet Using a One Way Cable Modem
• Inbound Port Mapping
• PPPoE Internet Sharing with IPNetRouter
• Port Mapping for QuickTime 4 Streaming Video
• Using an Unnumbered Interface
• Using the IPNetRouter DHCP Server

Multi-NIC Gateways and Related Advanced Configuration Techniques

Introduction

Unfortunately, many people more familiar with other platforms, such as Unix or Windows, are either skeptical that Apple's Open Transport networking software can handle true IP multihoming using multiple NICs and/or are unaware of the networking capabilities a Mac using IPNetRouter has. Further, some users familiar with both Mac's and IPNetRouter are not aware of exactly how to use some of IPNetRouter's more advanced capabilities. I dedicate this chapter to both groups. This chapter presents an example of mult-NIC Powerbook Firewire 2000 for IP routing and NAT Mac using a combination of 3rd party drivers and NICs. Some of the nuances of both Open Transport's IP multihoming capabilities and advanced use of some of IPNetRouter's interfaces is explained but this is by no means exhaustive. In general, its to encourage those users who did not know or did not know how IPNetRouter could be used to solve networking solutions of a more complex nature.

Tutorials for configuration of simpler Internet sharing LANs with IPNetRouter are elsewhere located in the IPNetRouter guide. This chapter is not recommended for users just becoming familiar with Internet sharing, the Internet protocol, and networks. If you are interested in exploring what IPNetRouter and Open Transport are capable of, read on forwarned that this chapter covers advanced concepts in IPNetRouter and Open Transport, as well as IP routing and other related topics. It is written in a "shotgun" style; that is, a complex routed NAT WAN configuration is presented first and then explored in detail.

Demonstration of a Complex Gateway

Apple's Open Transport is capable of having more then one logical IP interface (aka virtual IP interface) on a physical networking port (a "NIC") and routing between them. IPNetRouter, through its NAT module, can perform IP Masquerading on up to four NICs. In addition, many logical interfaces can be added to each NIC. We start off with Figure aaa, an IPNetRouter's Interface window for a Powerbook using five NICs, two of the interfaces are used to demonstrate IP Masquerading and two of the NICs also have additional logical IP addresses added. In further sections of this chapter some of the implications of Figure 1 are covered in more detail, especially with regard to routing and port mapping.

Figure aaa. IPNetRouter Interface Window for a Powerbook with Five NICs. The Powerbook is configured to route between 7 networks and the PPP and AirPort interfaces have IP Masquerading enabled on them. Note the logical IP interfaces on the built-in Ethernet and AirPort NICs.

In Figure aaa, all the LAN client IP devices on the various physical network segments (Skyline wireless, Firewire, Ethernet) to which the Powerbook is connected successfully access the Internet through the installed AirPort card and/or modem (PPP) masqueraded IP addresses. (Yep!) In addition, the gateway Mac is able to access and route networks simultaneously through one or more of its nine IP address interfaces. The MacIP dlp uses Appletalk over whatever NIC is picked in the Appletalk control panel. The demonstrated use of the IPNetRouter Interface window and its Config Box can be applied in configuring any Mac gateway with other types of NICs that have IP multihoming compatible drivers and firmware. The performance on all networks is limited generally by the bandwidth of each LAN segment and NIC except in the older types of hardware which may be limited by the MacOS and the version of Open Transport and associated drivers that can be run. In this case, the 400mhz Powerbook is running MacOS 9.0.4 and OT 2.6.3 and is therefore not overly burdened for purposes of packet routing.

TIP! To add logical IP interfaces to NICs, use the little up and down arrows in the "Configure Interfaces" box of the Interfaces window.

As one can see, there are two different IP networks sharing the builtin Ethernet NIC. Both are logical IP interfaces on that NIC, the one without a ":[n]" is the primary IP interface for the builtin Ethernet port. Both of these networks can exist on the same Ethernet segment and Open Transport can route to and from both the 10.10.10.0 and 192.168.10.0 subnets. More on routing is covered later in this chapter.

Discussion of the topology and NIC configuration for the example

Figure bbb. Diagram of Example Topology

I picked the NICs used to demonstrate some general principals associated with Mac networking, Open Transports capabilities, and 3rd party solutions available for the Mac's.

Most astute readers will have noticed that I setup an IP interface to run over the Powerbook's Firewire port. Apple does not ship software that permits this. Fortunately, Unibrain's Firewire IP driver support IP over Firewire! Each device on the Firewire network must be Firewire capable and have a similar driver installed on it. In my case, I used an iMac DV running 9.0.4 with the Unibrain driver as an IP client--Unibrain also has drivers for Windows, and possibly other Firewire capable hardware, etc. Check with Unibrain to find out exactly what their IP dll supports.

Similarly, the Farallon Skyline PC card, an 802.11b wireless NIC, uses its own drivers and software to communicate to its wireless LAN segment--in my example, I used a 3400 with a 2mb PC card and an AirPort card enabled iMac on channel 3. The AirPort wireless segment used channel 8 and was completely seperate from the Farallon NIC's LAN segment. The Skyline card will work on any portable that supports their driver--they claim its compatible with MacOS 7.1 and later; I've only tested it with 9.0.4 and 8.6 myself.

There are four or five interesting thing about the AirPort wireless segment. First, the example shows that IPNetRouter is capable of sharing an IP Masqeraded interface on a wireless NIC. Apple's AirPort software, although it incorporates some of IPNetRouter's NAT technology is not configurable in this way. Second, the primary AirPort interface is a dynamically assigned IP address. More on that later. Finally, there are three logical IP interfaces that the gateway has. This was setup in this way to demonstrate some advanced port mapping concepts, also covered later in this chapter.

Also of note is the upstream wireless access point for this network. I used an Apple hardware basestation in Transparent Bridging mode connected to my ISP's cablemodem network. Other wireless routers may also support a similar configuration--you'll have to check with a particular devices manufacturer to see if it supports true transparent bridging mode if you want to use a different device. See also the AirPort chapter of this guide for more info on AirPort and its capabilities.

The PPP and Ethernet interfaces follow the setup as covered in the Ethernet and PPP chapter of the guide with the exception of the additional logical, 10.10.10.1, interface. There is more discussion of the PPP interface later on in this chapter.

MacIP, as covered elsewhere in the manual, is limited to whatever NIC the Appletalk control panel is set to use. In this case, it would work over any of the present LAN segments.

Advanced Port Mapping With IPNetRouter

Mapping multiple public IPs to LAN clients

A simple mapping of all IP ports and protocols supported by IPNetRouter's NAT module is easily possible using its Port Mapping window interface. As shown in Figure 1 above there are three IP interfaces on the masqueraded AirPort NIC. This means that each IP interface on that NIC can be subjected to NAT. Let's map the two non-IP Masqueraded IP addresses on that Interface to two LAN clients on seperate private LAN segments attached to the gateway.

In effect this simply translates all incoming packes

Setting up multiple mapping tables

Discussion of port mapping and how to add this type of mapping. How to add mappings to multiple Masqueraded interfaces. Exclusion of NAT from an Interface.

Figure ???. The port mapping window with several mappings.

Advanced Routing Concepts

Discussion of routing in IPNetRouter and OT. Discussion of limitations with regard to bandwidth teaming.

Figure ???. The Routes window for the example.

Limitations in Open Transport

Discussion of limitations with dynamic IP address NICs and other limitations to the IP Masquerading interface. Discussion of driver and NIC firmware compatibility.

Table ???. List of OT and Mentat equivalent implementations (and Solaris?).

Security Implications

Discussion of more advanced security implications of IPNetRouter in various configurations.

Additional Notes

For more on how particular buttons and other parts of IPNetRouter's interfaces work, access the help help text via the "?" (help) button in each IPNetRouter application's windows and see other sections of this guide.