• To startup your firewall/router, just plug it in and hit the power button on the rear of the Mac. It will boot up and configure the network interfaces automatically.
  
  
• Default settings for the firewall are as follows:

• A 'root' account has been created with a blank password. A 'user' account has been created with a password 'pass' to allow you to login using telnet. Change the passwords using the "passwd username" command as soon as possible, especially if your Mac is connected to the internet.
  
  
• The ae0 interface is configured by default and assigned an IP address of 192.168.1.2.
  
  
• The DHCP server is running on the ae0 interface, the internal interface that will eventually become your new internet gateway. It will automatically assign addresses between 192.168.1.3 and 192.168.1.15 to any machine which connects to that interface. You can edit /etc/dhcpd.conf to add more assignable IPs.
  
  
• The ae1 interface is assigned an IP address of 192.0.0.2. This will be your external interface to the outside world. Edit /etc/ifconfig.ae1 to assign it the IP address given to you by your ISP. If it is dynamically assigned, read on.
  
  
• IP filter is running on the ae1 interface with this ruleset. All internet traffic is blocked by default unless you open it. Change the filter settings to suit your needs by editing /etc/ipf.conf. No inbound traffic is allowed through the ae1 interface by default. Use ipfrestart to make the new rules take effect. Be careful editing ipf.conf, as you could lock yourself out of your own machine!!!
  
  
• IP NAT is operational on ae1 and maps 192.168.1.0/24 on ae0 to 0.0.0.0/32 on ae1 and vice versa. This is adequate for any IP address assigned to ae1, so you should not have to change it.
  
  
• Only telnetd, httpd(Apache 1.3.12) and sshd services are running, everything else is disabled. You can edit inetd.conf for other basic services or rc.local for sshd. Use rc.local to add daemons run at the user level, like rrlogind.
  
  
• Support for Road Runner cable modems is provided by rrlogind. Run rrconf to setup your configuration and then edit /etc/rc.local to run rrlogind at startup.
  
  
• Support for PPPoE is included for some DSL users, but is still experimental. Run adsl-setup to configure ae1 for PPPoE.
  

• Login to the machine as root using an ssh client like NiftyTelnet to make configuration changes. No password is required until you change it using "passwd root". Optionally, you can use a Telnet application with the user account and use "su root" to make any changes.
  
  
• Reboot your machine by typing "reboot" once your are done configuring the interfaces. To shutdown the machine use "shutdown -p now" as root. This will poweroff your Mac.
  
  
• This instruction sheet is available online through the Apache Web Server running on your firewall. It is only accessable through the internal ae0 interface. Just type 192,168.1.2 into your web browser.

Using Your Firewall:

• To get a quick UNIX overview, take a look at my quickguide. This will explain some basic commands and give some idea of how to use your firewall/router in a home network setting.
  
  
• To firewall/route your traffic using a high speed connection such as a cable modem or DSL line you need to set the external interface for your particular situation. In all cases this will probably require you to plug your cable modem or dsl modem into the external interface, ae1, and to edit the IP address in /etc/ifconfig.ae1.
  
  Typical settings are:
  • Add the nameserver IP addresses given to you by your internet provider to /etc/resolv.conf in the format shown in the file.
    
    
  • Static IP from DSL or cable provider - requires editing of IP address in /etc/ifconfig.ae1 and a reboot of the firewall.
    
    
  • Dynamic IP from DSL or cable provider - requires removal of the /etc/ifconfig.ae1 file and enabling of the dhcp client in /etc/rc.conf as shown below where ae1 is your external interface name:
    
    

  dhclient=YES # behave as a DHCP client
  dhclient_flags="ae1" # blank: config all interfaces

  • If your DSL provider uses PPPoE, use adsl-setup to configure your connection. Then you can use adsl-start and adsl-stop to bring your connection up and down. To automate the process at boot time, add adsl-start to /etc/rc.local.
    
    
  • If you are using the Road Runner cable modem service you will need to run rrconf to set your username, password, and Road Runner server name. Then, edit /etc/rc.local to start the rrlogind at boot time. Reboot your firewall by typing "reboot".
    
    
• Once you have the external interface operational, test it by trying to access a known website using the lynx text based web browser (i.e. lynx http://www.apple.com). If this fails, check the file /etc/resolv.conf to insure that you have a nameserver IP address entered. If this fails, email me at ewinkler@erols.com. If successful, move to the next step.
  
  
• Connect the internal interface of your firewall to a network hub. Connect any computers, Mac or PC, to this hub. On each machine you want to share the connection, enable DHCP, with 192.168.1.2 as the host, to obtain an IP address between 192.168.1.3 and 192.168.1.15 from your firewall. Each machine will be assigned an IP automatically by your firewall. The DHCP server will automatically assign 192.168.1.2 as your new gateway. You're Done. Start sharing your secured bandwidth!!!

Questions or Problems: Please Send Me An Email