Comments on: Mac OS X 10.5 Leopard built-in firewall http://www.felipe-alfaro.org/blog/2007/11/10/mac-os-x-105-leopard-built-in-firewall/ A little bit of technology, security and networking with Linux, FreeBSD and Mac OS X, plus some personal opinions. Tue, 14 Oct 2008 11:09:11 +0000 http://wordpress.org/?v=2.6.2 By: Jorge Huerga http://www.felipe-alfaro.org/blog/2007/11/10/mac-os-x-105-leopard-built-in-firewall/#comment-36569 Jorge Huerga Mon, 17 Mar 2008 10:58:36 +0000 http://felipe-alfaro.org/blog/2007/11/10/mac-os-x-105-leopard-built-in-firewall/#comment-36569 Felipe, Muchas gracias por tu ayuda, me ha servido para montar al fin el servidor, otra web que me ha ayudado ha sido esta: http://sergio.folgar.es/2007/04/30/compartiendo-carpetas/ Un saludo Felipe,

Muchas gracias por tu ayuda, me ha servido para montar al fin el servidor, otra web que me ha ayudado ha sido esta: http://sergio.folgar.es/2007/04/30/compartiendo-carpetas/

Un saludo

]]> By: Felipe Alfaro Solana http://www.felipe-alfaro.org/blog/2007/11/10/mac-os-x-105-leopard-built-in-firewall/#comment-36557 Felipe Alfaro Solana Tue, 04 Mar 2008 08:45:04 +0000 http://felipe-alfaro.org/blog/2007/11/10/mac-os-x-105-leopard-built-in-firewall/#comment-36557 Jorge, Si lo que quieres es montar un directorio de otra máquina a través de NFS, puedes utilizar el Finder para montar dicho directorio o, desde la línea de comandos: sudo mount server:/Users/user /mnt Jorge,

Si lo que quieres es montar un directorio de otra máquina a través de NFS, puedes utilizar el Finder para montar dicho directorio o, desde la línea de comandos:

sudo mount server:/Users/user /mnt

]]> By: Felipe Alfaro Solana http://www.felipe-alfaro.org/blog/2007/11/10/mac-os-x-105-leopard-built-in-firewall/#comment-36556 Felipe Alfaro Solana Tue, 04 Mar 2008 08:43:30 +0000 http://felipe-alfaro.org/blog/2007/11/10/mac-os-x-105-leopard-built-in-firewall/#comment-36556 Jorge, Lo único que necesitas es configurar correctamente el fichero /etc/exports. Este fichero no existe por defecto, así que tendrás que crearlo. Por ejemplo: /Users/user -maproot=nobody:nobody -alldirs -network 131.104.48 -mask 255.255.255.0 Esto exportaría el directorio /Users/user a cualquier máquina de la red 131.104.48.*, y mapeando al usuario root desde una máquina remota al usuario nobody. Después, ejecuta "nfsd update". A partir de este momento, tus clientes deberían ser capaces de montar /Users/user desde tu máquina. Creo que onvia decir que tendrás que configurar el firewall correctamente para permitir el acceso a través de NFS. Espero que te sirva de ayuda. Jorge,

Lo único que necesitas es configurar correctamente el fichero /etc/exports. Este fichero no existe por defecto, así que tendrás que crearlo. Por ejemplo:

/Users/user -maproot=nobody:nobody -alldirs -network 131.104.48 -mask 255.255.255.0

Esto exportaría el directorio /Users/user a cualquier máquina de la red 131.104.48.*, y mapeando al usuario root desde una máquina remota al usuario nobody.

Después, ejecuta “nfsd update”. A partir de este momento, tus clientes deberían ser capaces de montar /Users/user desde tu máquina. Creo que onvia decir que tendrás que configurar el firewall correctamente para permitir el acceso a través de NFS.

Espero que te sirva de ayuda.

]]> By: Jorge Huerga http://www.felipe-alfaro.org/blog/2007/11/10/mac-os-x-105-leopard-built-in-firewall/#comment-36551 Jorge Huerga Sun, 02 Mar 2008 22:54:48 +0000 http://felipe-alfaro.org/blog/2007/11/10/mac-os-x-105-leopard-built-in-firewall/#comment-36551 Hola Felipe; Quisiera saber como puedo montar un directorio nfs, pues me esta diciendo todo el rato que: "mount_nfs: /Users/user/tmp: Operation not permitted" gracias y un saludo Hola Felipe;

Quisiera saber como puedo montar un directorio nfs, pues me esta diciendo todo el rato que:
“mount_nfs: /Users/user/tmp: Operation not permitted”

gracias y un saludo

]]> By: Science http://www.felipe-alfaro.org/blog/2007/11/10/mac-os-x-105-leopard-built-in-firewall/#comment-36450 Science Thu, 13 Dec 2007 01:49:47 +0000 http://felipe-alfaro.org/blog/2007/11/10/mac-os-x-105-leopard-built-in-firewall/#comment-36450 my firwall.sh #!/bin/sh ipfw -f flush sysctl -w net.inet.ip.fw.verbose=2 ipfw -f add 100 allow ip from any to any via lo0 ipfw -f add 110 deny log ip from 127.0.0.0/8 to any in ipfw -f add 120 deny log ip from any to 127.0.0.0/8 in ipfw -f add 20000 check-state ipfw -f add allow tcp from me to any established ipfw -f add allow tcp from me to any out keep-state ipfw -f add allow udp from me to any out keep-state ipfw -f add allow icmp from me to any out ipfw -f add deny ip from any to any my firwall.sh
#!/bin/sh
ipfw -f flush
sysctl -w net.inet.ip.fw.verbose=2
ipfw -f add 100 allow ip from any to any via lo0
ipfw -f add 110 deny log ip from 127.0.0.0/8 to any in
ipfw -f add 120 deny log ip from any to 127.0.0.0/8 in
ipfw -f add 20000 check-state
ipfw -f add allow tcp from me to any established
ipfw -f add allow tcp from me to any out keep-state
ipfw -f add allow udp from me to any out keep-state
ipfw -f add allow icmp from me to any out
ipfw -f add deny ip from any to any

]]> By: Pj http://www.felipe-alfaro.org/blog/2007/11/10/mac-os-x-105-leopard-built-in-firewall/#comment-36426 Pj Mon, 03 Dec 2007 15:00:27 +0000 http://felipe-alfaro.org/blog/2007/11/10/mac-os-x-105-leopard-built-in-firewall/#comment-36426 Wow... The only problem I was having was that it wouldn't remember that I told it that Psi was allowed to accept incomming connections. ...or, well, it remembers it, but it still prompts to ask every time I run Psi anyway, which is rather annoying. My MacBook is the first Mac I've ever used, and so far the only thing I really don't like about it is that it generally assumes that I'm dumb or something and that too many configuration options will confuse me. Everywhere I go I find the bare minimum of configurability which is annoying to say the least, and the firewall options are just one more example of that. There's no more configurability there than necessary to be able to say that there is a configurable firewall, and like everthing else, it leaves me wanting more options. I think one simple example of what I'm talking about is the system file open dialoge: Using KDE in Linux, when I open a file, the file open dialoge is basically a complete file manager. In the process of choosing a file I can navigate to any folder, create or delete folders, rename or delete files, or anything. In Mac OS X I get a little window that does nothing more than let me choose the name of the file and one of just a few directories that Mac OS X thinks I should be allowed to save to. The entire GUI is oversimplified like that. ...but that's not to say that I think Linux is better or anything. I hate Linux, which is why I bought a Mac. However, the KDE people definately know how to provide configuration options. If Linux weren't such a terrible OS, Linux combined with KDE would be a wonderful thing. Anyway, there's nothing wrong with your writing. Daniel is just a spammer. Look at the link to his web site, it's just an ad. The reason he didn't go into any detail is because he didn't actually read the article, he just left a vague message that mentioned the name of the article, but he didn't actually read the article which is why he didn't say anything specific. Wow… The only problem I was having was that it wouldn’t remember that I told it that Psi was allowed to accept incomming connections. …or, well, it remembers it, but it still prompts to ask every time I run Psi anyway, which is rather annoying.

My MacBook is the first Mac I’ve ever used, and so far the only thing I really don’t like about it is that it generally assumes that I’m dumb or something and that too many configuration options will confuse me. Everywhere I go I find the bare minimum of configurability which is annoying to say the least, and the firewall options are just one more example of that. There’s no more configurability there than necessary to be able to say that there is a configurable firewall, and like everthing else, it leaves me wanting more options.

I think one simple example of what I’m talking about is the system file open dialoge: Using KDE in Linux, when I open a file, the file open dialoge is basically a complete file manager. In the process of choosing a file I can navigate to any folder, create or delete folders, rename or delete files, or anything. In Mac OS X I get a little window that does nothing more than let me choose the name of the file and one of just a few directories that Mac OS X thinks I should be allowed to save to. The entire GUI is oversimplified like that.

…but that’s not to say that I think Linux is better or anything. I hate Linux, which is why I bought a Mac. However, the KDE people definately know how to provide configuration options. If Linux weren’t such a terrible OS, Linux combined with KDE would be a wonderful thing.

Anyway, there’s nothing wrong with your writing. Daniel is just a spammer. Look at the link to his web site, it’s just an ad. The reason he didn’t go into any detail is because he didn’t actually read the article, he just left a vague message that mentioned the name of the article, but he didn’t actually read the article which is why he didn’t say anything specific.

]]> By: Felipe Alfaro Solana http://www.felipe-alfaro.org/blog/2007/11/10/mac-os-x-105-leopard-built-in-firewall/#comment-36401 Felipe Alfaro Solana Tue, 27 Nov 2007 01:02:16 +0000 http://felipe-alfaro.org/blog/2007/11/10/mac-os-x-105-leopard-built-in-firewall/#comment-36401 Hi Daniel. What is it that you don't understand? Is it because of the way that I write? Since I'm no English native speaker, I might have made some spelling or grammatical errors. Can you provide more details so that I can fix what is wrong or confusing? Thanks! Hi Daniel.

What is it that you don’t understand? Is it because of the way that I write? Since I’m no English native speaker, I might have made some spelling or grammatical errors. Can you provide more details so that I can fix what is wrong or confusing?

Thanks!

]]> By: Daniel http://www.felipe-alfaro.org/blog/2007/11/10/mac-os-x-105-leopard-built-in-firewall/#comment-36399 Daniel Mon, 26 Nov 2007 21:59:50 +0000 http://felipe-alfaro.org/blog/2007/11/10/mac-os-x-105-leopard-built-in-firewall/#comment-36399 I couldn't understand some parts of this article Mac OS X 10.5 Leopard built-in firewall, but I guess I just need to check some more resources regarding this, because it sounds interesting. I couldn’t understand some parts of this article Mac OS X 10.5 Leopard built-in firewall, but I guess I just need to check some more resources regarding this, because it sounds interesting.

]]> By: meneame.net http://www.felipe-alfaro.org/blog/2007/11/10/mac-os-x-105-leopard-built-in-firewall/#comment-36351 meneame.net Fri, 09 Nov 2007 23:26:00 +0000 http://felipe-alfaro.org/blog/2007/11/10/mac-os-x-105-leopard-built-in-firewall/#comment-36351 <strong>Mac OS X 10.5 Leopard built-in firewall...</strong> Pequeña revisión del nuevo cortafuegos de Mac OS X 10.5 Leopard, sus probemas, sus nuevas funcionalidades.... Mac OS X 10.5 Leopard built-in firewall…

Pequeña revisión del nuevo cortafuegos de Mac OS X 10.5 Leopard, sus probemas, sus nuevas funcionalidades….

]]>