Filter
Top Products
Chapter 2 Inside Mac OS X Server 41
Mac OS X Server provides administration tools for service configuration management
and zone control as well as for monitoring, providing a graphical way to:
• Enable zone transfers and recursion
• Specify interfaces on which to listen for DNS requests
• Maintain blocked host lists
• Work with log files
• Manage zones and their records
Firewall
Firewall service protects your server and the content you store on it from intruders. It
provides a software firewall, scanning incoming IP packets and accepting or rejecting
them based on filters you define.
You can set up server-wide restrictions for packets from specific IP addresses. You can
also restrict access to individual services—such as web, mail, and FTP—by defining
filters for the ports used by the services. IP firewall can be used to block access to
specific service ports or to allow access only to certain ports.
IP firewall also provides a sophisticated mechanism—stateful packet inspection—for
determining whether an incoming packet is a legitimate response to an outgoing
request or part of an ongoing session, allowing packets that would otherwise be
denied.
NAT
Network Address Translation (NAT) is a method of connecting multiple computers
to the Internet (or any other IP network) using one IP address. NAT converts the IP
addresses you assign to computers on your private, internal network into one
legitimate IP address for Internet communications. For example, the AirPort Base
Station uses NAT. By default, a base station assigns IP addresses using DHCP to
computers on an Ethernet network, and then uses NAT to convert those addresses
when any of the computers needs to access the Internet.
NAT is becoming increasingly popular because it preserves IP addresses. It also
increases the security of Internet access, because it supports only connections that
originate on an internal network.
Mac OS X Server’s Server Admin application helps you administer NAT. You can also use
the command-line tool ipfw or the Firewall service to configure the NAT translations
specific to your network.
LL2343.Book Page 41 Thursday, August 14, 2003 5:12 PM