Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /home/newdedyk/domains/bkmanuals.com/public_html/includes/pages/manual_inc.php on line 26
Apple 034-2351_Cvr manuale d’uso - BKManuals

Apple 034-2351_Cvr manuale d’uso

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97

Vai alla pagina of

Un buon manuale d’uso

Le regole impongono al rivenditore l'obbligo di fornire all'acquirente, insieme alle merci, il manuale d’uso Apple 034-2351_Cvr. La mancanza del manuale d’uso o le informazioni errate fornite al consumatore sono la base di una denuncia in caso di inosservanza del dispositivo con il contratto. Secondo la legge, l’inclusione del manuale d’uso in una forma diversa da quella cartacea è permessa, che viene spesso utilizzato recentemente, includendo una forma grafica o elettronica Apple 034-2351_Cvr o video didattici per gli utenti. La condizione è il suo carattere leggibile e comprensibile.

Che cosa è il manuale d’uso?

La parola deriva dal latino "instructio", cioè organizzare. Così, il manuale d’uso Apple 034-2351_Cvr descrive le fasi del procedimento. Lo scopo del manuale d’uso è istruire, facilitare lo avviamento, l'uso di attrezzature o l’esecuzione di determinate azioni. Il manuale è una raccolta di informazioni sull'oggetto/servizio, un suggerimento.

Purtroppo, pochi utenti prendono il tempo di leggere il manuale d’uso, e un buono manuale non solo permette di conoscere una serie di funzionalità aggiuntive del dispositivo acquistato, ma anche evitare la maggioranza dei guasti.

Quindi cosa dovrebbe contenere il manuale perfetto?

Innanzitutto, il manuale d’uso Apple 034-2351_Cvr dovrebbe contenere:
- informazioni sui dati tecnici del dispositivo Apple 034-2351_Cvr
- nome del fabbricante e anno di fabbricazione Apple 034-2351_Cvr
- istruzioni per l'uso, la regolazione e la manutenzione delle attrezzature Apple 034-2351_Cvr
- segnaletica di sicurezza e certificati che confermano la conformità con le norme pertinenti

Perché non leggiamo i manuali d’uso?

Generalmente questo è dovuto alla mancanza di tempo e certezza per quanto riguarda la funzionalità specifica delle attrezzature acquistate. Purtroppo, la connessione e l’avvio Apple 034-2351_Cvr non sono sufficienti. Questo manuale contiene una serie di linee guida per funzionalità specifiche, la sicurezza, metodi di manutenzione (anche i mezzi che dovrebbero essere usati), eventuali difetti Apple 034-2351_Cvr e modi per risolvere i problemi più comuni durante l'uso. Infine, il manuale contiene le coordinate del servizio Apple in assenza dell'efficacia delle soluzioni proposte. Attualmente, i manuali d’uso sotto forma di animazioni interessanti e video didattici che sono migliori che la brochure suscitano un interesse considerevole. Questo tipo di manuale permette all'utente di visualizzare tutto il video didattico senza saltare le specifiche e complicate descrizioni tecniche Apple 034-2351_Cvr, come nel caso della versione cartacea.

Perché leggere il manuale d’uso?

Prima di tutto, contiene la risposta sulla struttura, le possibilità del dispositivo Apple 034-2351_Cvr, l'uso di vari accessori ed una serie di informazioni per sfruttare totalmente tutte le caratteristiche e servizi.

Dopo l'acquisto di successo di attrezzature/dispositivo, prendere un momento per familiarizzare con tutte le parti del manuale d'uso Apple 034-2351_Cvr. Attualmente, sono preparati con cura e tradotti per essere comprensibili non solo per gli utenti, ma per svolgere la loro funzione di base di informazioni e di aiuto.

Sommario del manuale d’uso

  • Pagina 1

    Mac OS X Ser v er Network Ser vic e s Administr ation For Version 10.3 or Later 034-2351_Cvr 9/12/03 10:26 AM Page 1[...]

  • Pagina 2

     Apple Computer , Inc. © 2003 Apple C omputer , Inc. All rights reser ved. The owner or authoriz ed user of a valid copy of Mac OS X Server software may reproduce this publication for the purpose of learning to use such software. No par t of this publication may be reproduc ed or transmitted for commercial purposes , such as selling copies of t[...]

  • Pagina 3

    3 1 C on ten ts Prefac e 5 How to U se This Guide 5 What’ s Included in T his Guide 5 Using This Guide 6 Setting Up Mac OS X Ser ver for the First Time 6 Getting Help for Everyday Management T asks 6 Getting Additional Information Chapter 1 7 DHCP Service 7 Before Y ou Set Up DHCP Ser vice 9 Setting Up DHCP Ser vice for the First Time 10 Managing[...]

  • Pagina 4

    4 Contents 63 P ort Reference 66 Where to F ind More Inf ormation Chapter 4 6 7 NA T Ser vice 67 Star ting and Stopping NA T S er vice 68 Configuring NA T Ser vice 68 Monitoring NA T S er vice 69 Where to F ind More Inf ormation Chapter 5 7 1 VPN Service 72 VPN and Security 73 Before Y ou Set Up VPN Ser vice 73 Managing VPN Ser vice 76 Monitoring V[...]

  • Pagina 5

    5 Prefac e How t o U se This Guide What ’ s Included in This Guide This guide consists primarily of chapters that tell y ou how to administer v arious Mac OS X Ser ver network services: • DHCP • DNS • IP Fir ewall • NA T • VPN • NTP • IPv6 Support Using This Guide Each chapter covers a s pecific network service. Read any chapter tha[...]

  • Pagina 6

    6 Preface How to Use This Guide Setting Up Mac OS X Server for the F irst Time If you haven ’t installed and set up M ac OS X Ser ver, do so now . • Refer to Mac OS X Ser ver Getting Started for V ersion 1 0.3 or Later, the document that came with your sof tware, for instructions on ser ver installation and setup. For many environmen ts, this d[...]

  • Pagina 7

    1 7 1 DHCP Ser vice D ynamic Host Configuration P rotocol (DHCP) service lets you administer and distribute IP addresses to client computers from your ser ver . When you configure the DHCP ser ver , you assign a block of IP addresses that can be made available to clients. Each time a client computer configured t o use DHCP star ts up , it looks for[...]

  • Pagina 8

    8 Chapter 1 DHCP Service Creating Subnets Subnets are groupings of computers on the same netw ork that simplify administration. Y ou can organize subnets an y way that is useful to y ou. For example , you can create subnets for different groups within your organization or for different floors of a building. Once you have grouped client computers in[...]

  • Pagina 9

    Chapter 1 DHCP Service 9 Inter acting With Other DHCP S er vers Y ou may already ha ve other DHCP servers on your network, such as AirPort Base Stations. Mac OS X S er ver can coexist with other DHCP servers as long as each DHCP ser ver uses a unique pool of IP addresses. However , you may want your DHCP ser ver to provide an LDAP server address fo[...]

  • Pagina 10

    10 Chapter 1 DHCP Service Step 2: Set up logs for DHCP ser vice Y ou can log DHCP activit y and errors to help you monitor r equests and identify problems with your ser ver . DHCP ser vice records diagnostic messages in the system log file. T o keep this file from growing too large , you can suppress most messages by changing your log settings in t[...]

  • Pagina 11

    Chapter 1 DHCP Service 11 7 Enter a starting and ending IP address for this subnet range. Addresse s must be contiguous , and they can ’t overlap with other subnets’ ranges. 8 Enter the subnet mask f or the network address range . 9 Choose the Network Interface from the pop-up menu. 10 Enter the IP addre ss of the router for this subnet. If the[...]

  • Pagina 12

    12 Chapter 1 DHCP Service Deleting Subnets Fr om DHCP Ser vice Y ou can delete subnets and subnet IP address ranges when they will no longer be distributed to clients . T o delete subnets or address r anges: 1 In Ser ver Admin, choose DHCP from the Computers & Services list. 2 Click Settings. 3 Select a subnet. 4 Click Delete. 5 Click Save t o [...]

  • Pagina 13

    Chapter 1 DHCP Service 13 Setting LDAP Options for a Subnet Y ou can use DHCP to provide your clients with LDAP ser ver information rather than manually configuring each client’ s LDAP information. The order in which the LDAP ser vers appear in the list determine s their search order in the automatic Open Directory search polic y . If you have ar[...]

  • Pagina 14

    14 Chapter 1 DHCP Service T o set WINS options for a subnet: 1 In Ser ver Admin, choose DHCP from the Computers & Services list. 2 Click Settings. 3 Select the Subnets tab. 4 Select a subnet and click Edit. 5 Click the WINS tab . 6 Enter the domain name or IP addre ss of the WINS/NBNS primar y and secondar y ser vers for this subnet. 7 Enter th[...]

  • Pagina 15

    Chapter 1 DHCP Service 15 Setting the Log Detail Lev el for DHCP Service Y ou can choose the level of detail you want to log for DHCP ser vice. • “Low (err ors only)” will indicate conditions for which you need to take immediate action (for example, if the DHCP ser ver can ’t start up). This level corresponds to bootpd reporting in “ quie[...]

  • Pagina 16

    16 Chapter 1 DHCP Service Where to F ind More Information Request for C omments (RFC) documents pr ovide an overview of a protocol or service and details about how the protocol should behave. I f you’ re a novice ser ver administrator , you ’ll probably find some of the background information in an RFC helpful. If you’ re an experienced ser v[...]

  • Pagina 17

    2 17 2 DNS Ser vice When your clients want to connec t to a network resource such as a web or file ser ver , they typically request it by its domain name (such as www .example .com) rather than by its IP address (such as 1 92. 1 68. 1 2. 1 2). The Domain Name System (DNS) is a distributed database that maps IP addresses to domain names so your clie[...]

  • Pagina 18

    18 Chapter 2 DNS Service Befor e Y ou Set Up DNS Ser vice This section contains information you should consider before setting up DNS on your network. T he issues in volved with DNS administration are complex and numer ous. Y ou should only set up DNS ser vice on your network if you’ re an experienced DNS administrator . Y ou should consider crea[...]

  • Pagina 19

    Chapter 2 DNS Service 19 Once you register a domain name, you can create subdomains within it as long as you set up a DNS ser ver on your network to k eep track of the subdomain names and IP addresses . F or example, if you register the domain name “ example.com,” you could create subdomains such as “host1 .example.com,” “mail.example.com[...]

  • Pagina 20

    20 Chapter 2 DNS Service The configuration file is located in this file: /etc/named.conf The zone file name is based on the name of the zone . For example , the zone file “ example.com ” is located in this file: /var/named/example.com.z one See “Configuring BIND Using the Command Line ” on page 37 f or more information. Step 3: Configure ba[...]

  • Pagina 21

    Chapter 2 DNS Service 21 Managing DNS Ser vice Mac OS X Ser ver provides a simple int er face for starting and stopping DNS ser vice as well as viewing logs and status. Basic DNS settings can be configured with Ser ver Admin. More advanced feature s require configuring BIND from the command-line , and are not cover ed here. Star ting and Stopping D[...]

  • Pagina 22

    22 Chapter 2 DNS Service T o enable or disable recursion: 1 In Ser ver Admin, choose DNS in the Computer & Ser vices list. 2 Click Settings. 3 Select the G eneral tab . 4 Select or deselect Allow Recursion as needed. If you choose to enable recursion, consider disabling it for external IP addresses, but enabling it for LAN IP addresse s, by edi[...]

  • Pagina 23

    Chapter 2 DNS Service 23 T o add a master zone: 1 In Ser ver Admin, choose DNS in the Computer & Ser vices list. 2 Click Settings. 3 Select the Zones tab . 4 Click Add beneath the Z ones list. 5 Enter a zone name . The zone name must ha ve a trailing period: “ example.com.” 6 Choose Master from the Zone T ype pop-up menu. 7 Enter the hostna[...]

  • Pagina 24

    24 Chapter 2 DNS Service Adding a F or ward Z one A forward zone directs all lookup requests to other DNS servers. T o add a forward zone: 1 In Ser ver Admin, choose DNS in the Computer & Ser vices list. 2 Click Settings. 3 Select the Zones tab . 4 Click Add beneath the Z ones list. 5 Enter a zone name . The Zone name must ha ve a trailing peri[...]

  • Pagina 25

    Chapter 2 DNS Service 25 Modifying a Zone This section describes modifying a zone ’ s t ype and settings but not modifying the records within a zone . Y ou may need to change a zone ’ s administrator addre ss, t ype, or domain name. T o modify a zone: 1 In Ser ver Admin, choose DNS in the Computer & Ser vices list. 2 Click Settings. 3 Selec[...]

  • Pagina 26

    26 Chapter 2 DNS Service • Name Ser ver (NS): Store s the authoritative name server for a given z one. • P ointer (PTR): Store s the domain name of a given IP addre ss (reverse lookup). • T ext ( T XT ): Stor es a text string as a response to a DNS quer y . If you need access to other k inds of records, you’ll need to edit BIND’ s configu[...]

  • Pagina 27

    Chapter 2 DNS Service 27 Modifying a Record in a Z one If you make frequent changes to the namespace for the domain, you ’ll need to update the DNS records as often as that namespace change s. Upgrading hardware or adding to a domain name might require updating the DNS recor ds as well. T o modify a record: 1 In Ser ver Admin, choose DNS in the C[...]

  • Pagina 28

    28 Chapter 2 DNS Service Monitoring DNS Y ou may want to monit or DNS status to troubleshoot name r esolution problems , check how often the DNS service is used, or even check f or unauthoriz ed or malicious DNS ser vice use. This section discusses common monitoring tasks for DNS service. Viewing DNS Ser vice Status Y ou can check the DNS Status wi[...]

  • Pagina 29

    Chapter 2 DNS Service 29 T o change the log detail level: 1 In Ser ver Admin, choose DNS in the Computer & Ser vices list. 2 Click Settings. 3 Select the Logging tab . 4 Choose the detail level from the L og Lev el pop-up menu. The possible log levels are: • Critical (less detailed) • Error • W arning • Notice • Information • Debug [...]

  • Pagina 30

    30 Chapter 2 DNS Service T o see DNS usage statistics: 1 In Ser ver Admin, choose DNS in the Computer & Ser vices list. 2 Click Activity to view operations currently in progress and usage statistics . Securing the DNS Ser ver DNS ser vers are target ed by malicious computer users (commonly called “hack ers”) in addition to other legitimate [...]

  • Pagina 31

    Chapter 2 DNS Service 31 With a copy of your master zone , the hacker can see what kinds of ser vices a domain offers , and the IP addre ss of the ser vers that offer them. He or she can then tr y specific attacks based on those ser vices. This is reconnaissance bef ore another attack. T o defend against this attack, you need to specify which IP ad[...]

  • Pagina 32

    32 Chapter 2 DNS Service It is difficult to prevent this type of attack before it begins. Constant monitoring of the DNS ser vice and ser ver load allows an administrator t o catch the attack early and mitigate its damaging effect. The easiest way t o guard against this attack is to block the off ending IP address with your firewall. See “Creatin[...]

  • Pagina 33

    Chapter 2 DNS Service 33 Common Netw ork Administration T asks That Use DNS Ser vice The following sections illustrate some common netw ork administration tasks that require DNS service. Setting Up MX Records If you plan to provide mail ser vice on your network, you must set up DNS so that incoming mail is sent to the appropriate mail host on your [...]

  • Pagina 34

    34 Chapter 2 DNS Service Configuring DNS f or Mail Ser vice Configuring DNS f or mail service is enabling Mail Exchange (MX) records with y our own DNS ser ver . If you have an Internet Service Provider (ISP) that provides you with DNS ser vice, you’ll need to contact the ISP so that they can enable your MX records. Only follow these steps if you[...]

  • Pagina 35

    Chapter 2 DNS Service 35 Step 2: Create records and priorities f or the auxiliary mail servers These instruction assume you have edited the original MX record. I f not, please do so before proceeding . These instructions also assume you have already set up and configured one or more auxiliary mail ser vers. T o enable backup or redundan t mail serv[...]

  • Pagina 36

    36 Chapter 2 DNS Service Mac OS X’ s Rendezvous feature allows you to use hostnames on your local subnet that end with the “.local” suffix without having to enable DNS. Any ser vice or device that supports Rendezvous allows the use of user-defined namespace on your local subnet without setting up and configuring DNS. Network L oad Distributio[...]

  • Pagina 37

    Chapter 2 DNS Service 37 If you set up a private T CP/IP network, you can also provide DNS ser vice. By setting up T CP/IP and DNS on your local area network, your users will be able to easily access file, web , mail, and other ser vices on your network. Hosting Several In ternet Ser vices With a Single IP Address Y ou must ha ve one server supplyi[...]

  • Pagina 38

    38 Chapter 2 DNS Service BIND is configured by editing text files containing inf ormation about how you wan t BIND to behave and information about the ser vers on your network. If you wish to learn more about DNS and BIND , re sources are listed at the end of this chapt er . BIND on Mac OS X Ser ver Mac OS X Ser ver uses BIND version 9 .2.2. Y ou c[...]

  • Pagina 39

    Chapter 2 DNS Service 39 Setting Up Sample Configuration F iles The sample files can be f ound in /usr/share/named/examples. The sample files assume a domain name of example.com behind the NA T . This may be changed, but must be changed in all modified configuration files. T his includes renaming /var/named/example .com.zone to the giv en domain na[...]

  • Pagina 40

    40 Chapter 2 DNS Service If you are using Mac OS X Server as your DHCP Server: 1 In Ser ver Settings, click the Network tab, click DHCP/NetBoot, and choose Configure DHCP/NetBoot. 2 On the Subnet tab , selec t the subnet on the built-in Ethernet port and click Edit. 3 In the General tab , ent er the following inf ormation: Start: 1 0.0. 1 .3 End: 1[...]

  • Pagina 41

    Chapter 2 DNS Service 41 F or instance, if “Bob” walks into work in the morning and starts up his computer , and the DHCP ser ver assigns his computer a dynamic IP addre ss, a DNS entr y “bob .example.com ” can be associated with that IP address. Even though Bob ’ s IP address may change ev ery time he star ts up his computer , his DNS na[...]

  • Pagina 42

    LL2351.Book Page 42 Monday, September 8, 2003 2:47 PM[...]

  • Pagina 43

    3 43 3 IP F irewall S er vice Fir ewall ser vice is software that protects the network applications running on your Mac OS X Ser ver. T urning on firewall service is similar to erecting a wall to limit access. Fir ewall ser vice scans incoming IP packets and rejects or accepts these packets based on the set of filters you create. Y ou can restrict [...]

  • Pagina 44

    44 Chapter 3 IP Firewall Service Ser vices such as W eb and FTP are identified on your ser ver by a T ransmission Contr ol Prot ocol ( T CP) or User Datagram Pr otocol (UDP) port number . When a computer tries to connect to a ser vice, firewall ser vice scans the filter list for a matching port number . • If the por t number is in the filter list[...]

  • Pagina 45

    Chapter 3 IP Firewall Service 45 Understanding F irewall F ilters When you star t firewall ser vice, the default configuration denies access to all incoming packets from remote computers ex cept ports for remote configuration. T his provides a high level of security . Y ou can then add new IP filters to allow ser ver access to those clients who req[...]

  • Pagina 46

    46 Chapter 3 IP Firewall Service Addresse s with subnet masks in CIDR notation corres pond to address notation subnet masks. CIDR Corre sponds to Netmask Number of addresses in the range /1 1 28.0.0.0 4.29x1 0 9 /2 1 92.0.0.0 2. 1 4x1 0 9 /3 22 4.0.0.0 1 .07x1 0 9 /4 240.0.0.0 5 .36x1 0 8 /5 248.0.0.0 1 .34x1 0 8 /6 25 2.0.0.0 6.7 1x1 0 7 /7 254.0.[...]

  • Pagina 47

    Chapter 3 IP Firewall Service 47 Using A ddress Ranges When you create filters using Ser ver Admin, you enter an IP address and the CIDR format subnet mask. Ser ver Admin shows you the resulting address range, and you can change the range by modifying the subnet mask. When y ou indicate a range of possible values f or any segment of an addr ess , t[...]

  • Pagina 48

    48 Chapter 3 IP Firewall Service Setting Up F irewall Ser vice for the F irst Time Once you’v e decided which filters you need to create, follow these overview steps to set up firewall ser vice. If you need more help to per form any of these steps, see “Managing Firewall Service” on page 49 and the other topics referred to in the steps . Step[...]

  • Pagina 49

    Chapter 3 IP Firewall Service 49 Step 5: S av e firewall service changes Once you have configured your filters and determined which ser vices to allow , sa ve your changes so the new settings take effect. Managing F irewall Service This section gives step-by-st ep instructions for starting, stopping , and configuring firewall address groups and fil[...]

  • Pagina 50

    50 Chapter 3 IP Firewall Service • DNS/Rendezvous • ICMP Echo Reply (incoming pings) • IGMP (Internet Gateway Multicast P rot ocol) • PPTP VPN • L2TP VPN • QT SS media streaming • iT unes Music Sharing T o open the firewall for standard services: 1 In Ser ver Admin, choose Firewall from the C omputers & Services list. 2 Click Sett[...]

  • Pagina 51

    Chapter 3 IP Firewall Service 51 Editing or Deleting an Addr ess Group Y ou can edit your address groups to change the range of IP addresses effected. The default address group is for all addresses. Y ou can remove address groups from your firewall filter list. The filters associated with those addr esses are also deleted . Addresse s can be listed[...]

  • Pagina 52

    52 Chapter 3 IP Firewall Service T o create an IP filt er for TCP ports: 1 In Ser ver Admin, choose Firewall from the C omputers & Services list. 2 Click Settings. 3 Select the Advanced tab . 4 Click the New button. Alternatively , you can selec t a rule similar to the one you want to create, and click Duplicate then Edit. 5 Select whether this[...]

  • Pagina 53

    Chapter 3 IP Firewall Service 53 • Remote Desktop • NFS • NetInfo UDP ports above 1 02 3 are allocated dynamically by certain ser vices, so their exact por t numbers may not be determined in adv ance. Addresse s can be listed as individual addresse s (1 9 2. 1 68.2.2) or IP address and CIDR netmask (1 92 . 1 68.2.0/24). T o easily configure U[...]

  • Pagina 54

    54 Chapter 3 IP Firewall Service Editing Adv anced IP F ilters If you edit a filter after turning on firewall ser vice, your changes affect connections already established with the server . F or example, if an y computers are connected to your W eb server , and you change the filter to deny all access to the ser ver , connected computers will be di[...]

  • Pagina 55

    Chapter 3 IP Firewall Service 55 Monitoring F irewall Ser vice Fir ewalls are a networks first line of def ense against malicious computer users (commonly called “hackers”). T o maintain the securit y of your computers and users , you need to monitor firewall activity and deter potential threats. This sections explains how to log and monitor yo[...]

  • Pagina 56

    56 Chapter 3 IP Firewall Service Log Example 1 Dec 12 13:08:16 ballch5 mach_kernel: ipfw: 65000 Unreach TCP 10.221.41.33:2190 192.168.12.12:80 in via en0 This entry shows that firewall service used rule 65000 to deny (unreach) the remote client at 1 0.22 1 .4 1 .33:2 1 90 from accessing server 1 92. 1 68. 1 2. 1 2 on W eb port 80 via Ethernet port [...]

  • Pagina 57

    Chapter 3 IP Firewall Service 57 Pr actical Examples The IP filters you create work together to provide securit y for your network. The examples that follow sho w how to use filters t o achieve some specific goals . Block Acce ss to In ternet Users This section shows you, as an example, how to allow users on your subnet access to your ser ver’ s [...]

  • Pagina 58

    58 Chapter 3 IP Firewall Service T o do this: 1 In Ser ver Admin, choose Firewall from the C omputers & Services list. 2 Click Settings. 3 Select the G eneral tab . 4 Select the Any address group . 5 Enable “SMTP Mail” in the right pane. 6 Click the Add button to cr eate an address range . 7 Name the address group . 8 Enter 1 7 . 1 28. 1 00[...]

  • Pagina 59

    Chapter 3 IP Firewall Service 59 Common Netw ork Administration T asks That Use F irewall Ser vice Y our firewall is the first line of defense against una uthorized network in truders, malicious users, and network virus attacks. There are many ways that such attacks can harm your data or use your network resources. This section lists a few of the c[...]

  • Pagina 60

    60 Chapter 3 IP Firewall Service Con trolling or Enabling Netw ork Game U sage Sometimes network administrators need t o control the use of network game s. The games might use network bandwidth and re sources inappropriately or disproportionately . Y ou can cut off network gaming by blocking all traffic incoming and outgoing on the port number used[...]

  • Pagina 61

    Chapter 3 IP Firewall Service 61 If you want to put your own rules in the ipfw .conf file, you can use a template that is installed at /etc/ipfilter/ipfw .conf.default. Duplicate the file, rename it, and edit it as indicated in the template ’ s comments. Preca utions By using the Advanced panel or creating your own rules, you can put the ser ver [...]

  • Pagina 62

    62 Chapter 3 IP Firewall Service Reviewing IP F ilter Rules T o review the rules currently defined f or your server , use the T erminal application to submit the ipfw show command. The show command display s four columns of information: When you t ype: ipfw show Y ou will see information similar to this: 0010 260 32688 allow log ip from any to any [...]

  • Pagina 63

    Chapter 3 IP Firewall Service 63 Deleting IP Filter Rule s T o delete a rule, use the ipfw delete command. This example deletes rule 2 00: ipfw delete 200 F or more information, consult the man pages for ipfw . P or t Reference The follo wing tables show the TCP and UDP port numbers commonly used by Mac OS X computers and M ac OS X Ser vers. The se[...]

  • Pagina 64

    64 Chapter 3 IP Firewall Service 31 1 AppleShare IP remote Web administration, Server Monitor , Ser ver Admin (servermgrd), W orkgroup Manager (DirectoryS er vice) 389 LDAP (director y) Sherlock 2 LDAP search RFC 225 1 427 SLP (service location) 443 SSL (HTTPS) 514 shell 515 LPR (printing) RFC 1 1 79 532 netnews 548 AFP (AppleShare) 55 4 Real-Time [...]

  • Pagina 65

    Chapter 3 IP Firewall Service 65 8000–8999 W eb service 1 6080 W eb service with per formance cache UDP port U sed for Reference 7 echo 53 DNS 67 DHCP server (BootP) 68 DHCP client 69 T rivial File T ransfer P rotocol ( TFTP) 111 Remote Procedur e Call (RPC) 12 3 Network Time P rotocol RFC 1 305 13 7 Windows Name Ser vice ( WINS) 13 8 Windows Dat[...]

  • Pagina 66

    66 Chapter 3 IP Firewall Service Where to F ind More Information F or more information about ipfw: Y ou can find more information about ipfw , the process which con trols IP firewall ser vice, by accessing its man page. It explains how to access its f eatures and implement them. T o access the man page use the T erminal application to enter: man ip[...]

  • Pagina 67

    4 67 4 NA T Ser vice Network Addr ess Tr anslation (NA T ) is sometimes referr ed to as IP masquerading , or IP aliasing. NA T is used to allow multiple computers acce ss to the Internet with only one assigned IP address. NA T allows you to create a private network which accesses the Internet through a NA T router or gateway . The NA T router takes[...]

  • Pagina 68

    68 Chapter 4 NAT Service Configuring NA T Ser vice Y ou use Ser ver Admin to indicat e which network interface is connected to the Internet or other external network. T o configure NA T ser vice: 1 In Ser ver Admin, selec t NA T from the C omputers & Ser vices pane. 2 Click Settings. 3 Choose the network inter face from the “Share your connec[...]

  • Pagina 69

    Chapter 4 NAT Service 69 T o view the NA T diver t log: 1 In the T erminal application enter: ipfw add 10 divert natd all from any to any via <interface> Where <interface> is the network interface selec ted in the NA T section of Ser ver Admin. 2 In Ser ver Admin, choose Firewall from the C omputers & Services list. 3 Click Settings[...]

  • Pagina 70

    LL2351.Book Page 70 Monday, September 8, 2003 2:47 PM[...]

  • Pagina 71

    5 71 5 VPN Ser vice Vir tual Priv ate Network ( VPN) is two or more computers or networks (node s) connected by a privat e link of encr ypted data. T his link simulates a local connection, as if the remote computer w ere attached to the local area netw ork (LAN). VPNs allow users at home or otherwise away from the LAN to securely connect to it usin[...]

  • Pagina 72

    72 Chapter 5 VPN Service VPN and Security VPNs stress security by strong authen tication of identity , and encrypted data transport between the nodes , for data privacy and inalterabilit y . The following section contains information about each supported transport and authentication method. Authen tication Method Mac OS X Ser ver VPN uses Microsoft[...]

  • Pagina 73

    Chapter 5 VPN Service 73 Befor e Y ou Set Up VPN Ser vice Before setting up Vir tual Private Network ( VPN) ser vice, you need to determine which transport protocol you’ re going to use. The table below shows which protocols are supported by different platf orms. If you’ re using L2TP , you need to have a Security Certificate from a Certificate[...]

  • Pagina 74

    74 Chapter 5 VPN Service T o enable L2TP: 1 In Ser ver Admin, choose the VPN Service from the Computers & Services list. 2 Click Settings. 3 Select the G eneral tab . 4 Select L2TP . 5 Enter the shared secr et. 6 Set the beginning IP address of the allocation range. 7 Set the ending IP address of the allocation range. 8 Enter the group that has[...]

  • Pagina 75

    Chapter 5 VPN Service 75 Configuring A dditional Netw ork Settings for VPN Clients When a user connects in to your ser ver through VPN, that user is given an IP address from your allocated range. If this range is not ser ved by a DHCP ser ver , you ’ll need to configure additional network settings. The se setting include the network mask, DNS add[...]

  • Pagina 76

    76 Chapter 5 VPN Service Monitoring VPN Ser vice This section describes tasks associated with monitoring a functioning VPN ser vice. It includes accessing status reports, setting logging options, viewing logs, and monitoring connections. Viewing a VPN Status Overview The VPN Over view gives you a quick status repor t on your enabled VPN ser vices. [...]

  • Pagina 77

    Chapter 5 VPN Service 77 Viewing the VPN Log Y ou’ll need to monitor VPN logs to ensure smooth operation of your Virtual Priv ate Network. The VPN logs can help you troubleshoot problems. T o view the log: 1 In Ser ver Admin, choose VPN Service from the Computers & Services list. 2 Click Logs. Viewing VPN Client C onnections Y ou can monitor [...]

  • Pagina 78

    LL2351.Book Page 78 Monday, September 8, 2003 2:47 PM[...]

  • Pagina 79

    6 79 6 NTP Ser vice Network Time Protocol (NTP) is a network pr otocol used to synchroniz e the clocks of computers on your network to a time reference clock. NTP is used to ensure that all the computers on a network are r eporting the same time. If an isolated network, or even a single computer , is running on wrong time, ser vices that use time a[...]

  • Pagina 80

    80 Chapter 6 NTP Service Using NTP on Y our Network Mac OS X Ser ver can act not only as an NTP client, receiving a uthoritative time from an Internet time server , but also as an a uthoritative time server for a network. Y our local clients can query your ser ver to set their clocks . It’ s advised that if you set your server to answer time quer[...]

  • Pagina 81

    Chapter 6 NTP Service 81 Configuring NTP on Clien ts If you have set up a local time ser ver , you can configure your clients to quer y your time ser ver for getting the netw ork date and time. By default, clients can quer y Apple’ s time ser ver . The se instructions allow you to set your clients to quer y your time ser ver . T o configure NTP o[...]

  • Pagina 82

    LL2351.Book Page 82 Monday, September 8, 2003 2:47 PM[...]

  • Pagina 83

    7 83 7 IPv6 Suppor t IPv6 is shor t for “Internet P rot ocol V ersion 6."IPv6 is the Int ernet’ s nex t-generation protocol designed to r eplace the current In ternet Pr otocol, IP V ersion 4 (IPv4, or just IP). The current In ternet P rotocol is beginning to ha ve problems coping with the gro wth and popularity of the Internet. IPv4’ s [...]

  • Pagina 84

    84 Chapter 7 IPv6 Support IPv6 Enabled Ser vices The following services in Mac OS X Ser ver support IPv6 in addressing: • DNS (BIND) • IP Fir ewall • Mail (POP/IMAP/SMTP) • SMB • W eb (Apache 2) Additionally , there are a number of command-line tools installed with M ac OS X Ser ver that suppor t IPv6 (for example , ping6, and tracerout e[...]

  • Pagina 85

    Chapter 7 IPv6 Support 85 The final notation type includes IPv4 addresses. Because many IPv6 addr esses are extensions of IPv4 addresses , the right-most four b ytes of an IPv6 addre ss (the right- most two byte pairs) can be r ewritten in the IPv4 notation. T his mixed notation (from the above example) could be expre ssed as: E3C5:4AC8:1 92. 1 68.[...]

  • Pagina 86

    86 Chapter 7 IPv6 Support Where to F ind More Information The working group for the In ternet Pr otocol Version 6 websit e is www .ipv6.org . A group of IPv6 enthusiasts maintains a list of applications that support IPv6 at the website www .ipv6forum.com/navbar/links/v6apps.htm. Request F or Commen t Documents Request for C omments (RFC) documents [...]

  • Pagina 87

    87 Glossary Glossar y This glossary defines terms and spells out abbreviations you ma y encounter while working with online help or the Mac OS X Ser ver Network Ser vices Administration for V ersion 1 0.3 or Later manual. Refer ences to terms defined elsewher e in the glossary appear in italics. bit A single piece of information, with a value of ei[...]

  • Pagina 88

    88 Glossary firewall Software that protects the network applications running on your ser ver . IP firewall service, which is part of Mac OS X S er ver software, scans incoming IP packets and rejects or accepts these pack ets based on a set of filters you create. FTP (File T ransfer Protocol) A pr otocol that allows computers t o transfer files o ve[...]

  • Pagina 89

    Glossary 89 ISP (Internet service provider) A busine ss that sells Internet access and often pro vides web hosting for ecommer ce applications as well as mail services. L2TP (Layer T wo T unnelling Protocol) A network trans por t protocol used for VPN connections. It is essentially a combination of Cisco ’ s L2F and PPTP . L2TP itself is not an e[...]

  • Pagina 90

    90 Glossary multicast An efficient, one-to-many form of streaming . Users can join or lea ve a multicast but cannot other wise interact with it. multihoming The ability to suppor t multiple network connections. When more than one connection is available , Mac OS X selects the best connection according to the order specified in Netw ork preference s[...]

  • Pagina 91

    Glossary 91 port A sor t of vir tual mail slot. A server uses port numbers to determine which application should receive data pack et s. Fir ewalls use port numbers to determine whether or not data packets are allowed to tra verse a local network. “P ort ” usually refers to either a TCP or UDP por t. protocol A set of rule s that determines how[...]

  • Pagina 92

    92 Glossary SLP (Ser vice Location P rotoc ol) DA (Directory Agent) A protocol that registers ser vices av ailable on a network and give s users easy access to them. W hen a ser vice is added to the network, the ser vice uses SLP to register itself on the network. SLP/DA uses a centralized r epository for registered network services. SMTP (Simple M[...]

  • Pagina 93

    Glossary 93 UDP (User Datagram P rotoc ol) A communications method that uses the Internet Prot ocol (IP) to send a data unit (called a datagram) from one computer t o another in a network. Network applications that have very small data units to exchange ma y use UDP rather than T CP . unicast The one-to-one f orm of streaming. If RTSP is provided ,[...]

  • Pagina 94

    LL2351.Book Page 94 Monday, September 8, 2003 2:47 PM[...]

  • Pagina 95

    95 Index Index A AirPort Base Stations DHCP service and 9 B BIND 17, 18, 19, 37–40 about 37 configuration File 38 configuring 37–40 defined 37 example 38–40 load distribution 36 zone data files 38 C CIDR netmask notation 45, 47 D DHCP servers 8, 40 interactions 9 network location 8 DHCP service 7–16 AirPort Base Stations 9 changing subnets [...]

  • Pagina 96

    96 Index I IANA registration 18 In 6 Internet Gateway Multicast Protocol See IGMP Internet Protocol Version 6 See IPv6 IP addresses assigning 9 DHCP and 7 DHCP lease times, changing 12 dynamic 8 dynamic allocation 8 IPv6 notation 84 leasing with DHCP 7 multiple 47 precedence in filters 47 ranges 47 reserved 9 static 8 IP Filter module 61–63 IP fi[...]

  • Pagina 97

    97 Index P ports Mac OS X computers 63–65 TCP ports 63–64 UDP ports 65 R round robin 36 rules, IP filter 61–63 S Server 10, 15, 57, 58, 69 servers DHCP servers 40 name servers 18 static IP addresses 8 Stratum time servers 79 subnet masks 45 subnets 8 creating 8, 10 T TCP/IP private networks 36–37 TCP ports 63–65 Terminal application 62 ti[...]