[reprobate]

Thanks for the clarification, cina. That was my impression also. BTW which version of Airport Utility are you using? My 10/100 Extreme N is working on v 5.2.2. If your Extreme works on the same version I'd suggest there is no difference as far as the user interface between the two models.

[cina]

My Airport Utility is also V 5.2.2 (522.3) on Mac and V 5.2.1 on Windows.

[marcin2105]

Being new to the Mac platform and Leopard at that, I found this article helpful in the way that now I know when to lock down my firewall/mac during times when I am outside my own home network. I hope more articles will be published in regards to the "hidden features" of Leopard.

Thanks again!

[ex2bot]

All NAT routers are, by definition, "incomming" firewalls. That's what NAT does. It ignores any incoming packets that haven't been requested. All of Apple's Airports are NAT routers. Always have been. So that means all Airports are firewalls. So are Linksys routers, Cisco, Buffalo, etc. An "outgoing" firewall is implemented in sofware. For Windows, ZoneAlarm or Norton's firewall are examples. They are both incoming and outgoing firewalls. For OS X, Little Snitch is a highly rated outgoing firewall. Outgoing firewalls can prevent rogue programs from communicating without your knowledge, if used correctly. Unfortunately, malware can circumvent software firewalls by turning them off.

Bot

[reprobate]

Thank you for the explanation, ex2bot. May I follow up with a question? I have my Leopard firewall set to stealth, yet when I go to www.grc.com to have a port scan done I get the following message:

Ports found to be STEALTH were: 135, 139, 445

Other than what is listed above, all ports are CLOSED.

TruStealth: FAILED - NOT all tested ports were STEALTH,
- NO unsolicited packets were received,
- A PING REPLY (ICMP Echo) WAS RECEIVED.

}I guess I just don't understand all there is to know about accessing ports. I thought that the NAT translation in the Airport Extreme N would mean that the iMac would appear not to exist as far as the outside would is concerned, but it seems the port scan shows the ports were closed but they did answer the ping. If there's any info you have that would clear my confusion I would appreciate it.

[bigdogone]

I am glad some really good stuff is on this post. Thanks ex2bot. It has definitely cleared some things up for me. I also ran the shields up test and was confused. Got the same results. I hope to better understand that as well. As for the little snitch, so far it has been great for me. I do not find it intrusive as I have always used Zone Alarm in the past and it is about the same. I just want my machine safe and in my control. Thanks to those who take time to help the rest of us as we learn.

[n781lc]

APPRECIATE !! Now I have checked my log files and find hundreds of entries, 15 so far today. Example< Macintosh Firewall 39 Stealth Mode connection attempt to UDP or TCP 192...:5123 from 6...:>

What are these and what do they mean?

Thanks,

ed

[ronwired]

Since upgrading to Leopard Ia??m unable to print wireless to a networked printer. (HP4000N) (Netgear 54 Mbps Wireless Router WGR614 v6) The printer can be seen and information about the printer is given but output is suppressed. (Printer not responding)

[schles99]

I'm not sure which programs it makes sense to allow to have incoming connections. We use iChat so that seems to make sense, but I see why Safari would need access (or perhaps I'm wrong).
Any advice about which other "typical" programs it makes sense to allow incoming connections for.

[rocketmouse]

bigdogone, your question intrigued me, so I went to grc.com and ran the ShieldsUp! probe (ostensibly for Windows) and it seems to have worked just fine in Leopard with the firewall turned on and stealthed. It really did test all my ports, and then congratulated me on being properly stealthed. I'm hoping my answer will spur someone else on to giving you a better answer, though.

[dfs]

I agree with what is implied by a couple of the above postings: an otherwise good article is weakened by the fact that it doesn't discuss the situation of a Mac connected to the internet via Airport Extreme (or, for that matter, any other router that has a built-in firewall capacity). How much, for example, can such firewalls be trusted? And how does the firewall in a router interact with that of a router? (In my own case, since i do have a third-party router, I keep my Mac's one switched off on the theory that the two might conflict, maybe this is completely wrong, but I haven't experienced any problems). Since there's no e-mail link to the author, I hope some MacWorld staffer reads this and will consider including a follow-up article in a future issue dealing with this topic.

[dfs]

I meant, of coure, "how does the firewall in a router interact with that of a Mac?" sorry

[ex2bot]

A router creates a private home network. There are a couple different IP address ranges that are used for the private network. You can recognize private network IP addresses. For example, IP addresses in the range of 192.168.x.x (such as 192.168.1.1) are used as private ip addresses. So, the router sets up this private "sandbox" so to speak that shields your machines from the wild and wooly Internet.

So, let's say you want to access Google. Your machine sends a request to Google, and Google responds. Of course your router is the one that will receive that reply first. It knows that your machine requested a reply from Google and thus decides to route it to your machine. It "translates" the data's destination IP to that of your computer (for ex. 192.168.1.1 or whatever). This is NAT translation. But if a computer out in the world somewhere sends a message to your router, the router DOESN'T respond. (By the way, your router has a both a PUBLIC IP and a private IP address. It is your "public face" on the Internet, so to speak. But it has a private IP address so that it can communicate with computers in your private network.

By dropping "unsolicited requests" from the Internet, that is, requests you don't specifically ask for the router acts as a security gatekeeper, an incoming firewall. Nothing gets through unless your machine requests it. The only way bad stuff can come in is if you ask for it!! Or something on your computer. Such as spyware or viruses/worms. That you might have without even knowing it.

That's where good security practices and perhaps a software firewall will offer more protection. The software firewall works to control outgoing information, such as spyware "phoning home".

Don't open attachments in emails.

Don't click links in emails, especially those involving money, banking, eBay, Paypal, etc. The emails may be fake. *Don't give away your username that may be protecting your credit card.

I hope this makes sense.

Bot

[dfs]

Thnaks, Bot, everything you say makes sense. But it leaves my basic question unanswered: how do my router's firewall protection and my Mac's interact? As long as I follow the other security measures you so sensibly recommend, should I keep my Mac's firewall software turned off and trust my router to do the job? Or should I turn it on? If so, what settings should I apply? Is there any chance of creating conflicts with the router firewall and crippling my ability to interact with the internet in the ways that I do want? That's why I hope MacWorld will publish an article spelling out exactty what those of us who operate our Macs behind routers should and should not do.