 |
 |
How can I restrict outside access to local network?
|
|
|
|
|
Fresh-Faced Recruit
Join Date: May 2004
Status:
Offline
|
|
Working for a small business, I've more or less become the pseudo-IT guy. We have an XServe sharing files via AFP and SMB, so essentially, for both Macs and Windows. That's all it does: share files so that anyone in the building can access them. It has a static IP on the local network, which is handled by a simple Linksys router on a cable modem connection.
However, we have several people who occasionally work from home. Rather than copy files to Zips or CD-Rs and trying to guess in advance what files they'll need at home, one asked if there were a way they could access the XServe from home.
Well, yes: set the Linksys router to open the AFP ports and point them to the XServe's local address, then use or cable-company-assigned IP in the Connect To Server window. Works like a charm (until the cable company gives us a new IP every few days). But, this doesn't seem very safe. Our company files don't really need to be accessed from China, for example. All that's blocking entry is a simple AppleShare username and password (and guest access is turned off).
Since the work-from-home only applies to two people, is there a way I can somehow restrict which IP addresses can access those ports, or access the XServe? Or, is it unlikely that anyone would be haxz0ring our AFP ports anyway? Or, should we just go back to the guess-n-copy-to-Zip method?
Much thanks for any help.
(BTW, the XServe is runing OS 10.2.8, not sure the exact model number of the Linksys, but I didn't see any way in the web-based setup to restrict outside access to certain IPs, i.e. if I wanted to set it so that only my home DSL connection's IP would have access to the AFP ports.)
|
|
|
| |
|
|
|
|
|
|
|
Moderator Emeritus  Join Date: Dec 2000
Location: College Park, MD
Status:
Offline
|
|
EEEEEEEEEK. DO NOT DO. NO NO NO NO NO NO NO NO NO.
Look into VPNs. I assume OSX Server has some sort of VPN Server ability, and you can probably pass VPN requests thru to it. If not, get a firewall that can.
|
|
|
| |
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: May 2004
Status:
Offline
|
|
Originally posted by Scotttheking:
EEEEEEEEEK. DO NOT DO. NO NO NO NO NO NO NO NO NO.
Look into VPNs. I assume OSX Server has some sort of VPN Server ability, and you can probably pass VPN requests thru to it. If not, get a firewall that can.
Yeah, a friend mentioned something about VPN, but wasn't sure exactly how it worked with OS X Server. I'll look into that and see what I can find. For now I'll just close the ports back up.
|
|
|
| |
|
|
|
|
|
|
|
Professional Poster
Join Date: Apr 2001
Location: Long Beach, CA
Status:
Offline
|
|
Originally posted by flask:
Yeah, a friend mentioned something about VPN, but wasn't sure exactly how it worked with OS X Server. I'll look into that and see what I can find. For now I'll just close the ports back up.
Also, depending on the skills of the users, you can open up port 22 for ssh and use sftp to get the files.
|
ACSA 10.4/10.3, ACTC 10.3, ACHDS 10.3
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
 
|
|
|
Forum Rules
|
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|
|
Top
