Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Share wifi but keep Firewall on

P

PapaPiccolino

macrumors member
Original poster
Jan 14, 2015
78
3
Hi everyone.

I have a Mac pro 3.1 which I have upgraded over many years from Leopard, Snow Leopard and now up to Mavericks.

During all this time, I have always set the firewall in the OS Security panel to ON. Recently, for the first time, I decided to use this computer as the main internet point for all devices in the house. This means I need to share the computer's ethernet connection via wifi. I'm not sure if I'm doing something wrong, but the various devices will only connect to the network if I turn the Mac OS firewall off, which I'm reluctant to do.

So my question is : can I share my computer's internet connection via wifi, but keep the firewall on ? And if so, how ?

Any help would be much appreciated.

Thank you.
 
M

Mikael H

macrumors 6502a
Sep 3, 2014
864
539
I'm on an 802.1x connection right now, so I can't try it immediately, but I suspect that if you "Automatically allow built-in software to receive incoming connections" in the firewall settings before enabling Internet sharing, it might work without further configuration.
That said, a powerful standalone router can be had so cheaply today that I frankly wouldn't even bother doing this through macOS if I was concerned about data security for the machine you're currently using as one.
 
P

PapaPiccolino

macrumors member
Original poster
Jan 14, 2015
78
3
Mikael H said:
I'm on an 802.1x connection right now, so I can't try it immediately, but I suspect that if you "Automatically allow built-in software to receive incoming connections" in the firewall settings before enabling Internet sharing, it might work without further configuration.
That said, a powerful standalone router can be had so cheaply today that I frankly wouldn't even bother doing this through macOS if I was concerned about data security for the machine you're currently using as one.
Click to expand...

Hi Mikael H. Thanks for that post. When you say a standalone router, do you mean something like an Airport Extreme ?

Thanks
 
M

Mikael H

macrumors 6502a
Sep 3, 2014
864
539
PapaPiccolino said:
Hi Mikael H. Thanks for that post. When you say a standalone router, do you mean something like an Airport Extreme ?

Thanks
Click to expand...
A router is pretty much anything that can make devices on one network talk to devices on another network. An Airport Extreme (or other wireless router) can do this for you with the benefit that you don't have to understand a lot at all about network routing (or address translation) and firewall rules to create a relatively secure wireless network without risking compromising the security of your workstation. The drawback, of course, is that a separate device costs money.

It may be the case that turning on network sharing with the Firewall put in "automatically allow.." mode starts a process that sets everything up securely while allowing other devices to connect to the shared Internet connection, but I'm simply not sure off the top of my head.
If not, you would probably need to learn about pf (Packet Filter), the firewall software that is included in OS X/macOS from Mavericks and onwards, and hand-write a set of firewall/NAT rules that do what you want them to. As far as I can recall, the pf rules are parsed before those of the application-based firewall that you can control from the graphical environment in macOS. While a cool exercise, this is likely to be a frustrating experience at first, and if your time is worth money to you, you will likely spend more getting this to work properly than you would've done if you'd just gone out and bought a separate box to solve this problem for you in the first place. :)
 
P

PapaPiccolino

macrumors member
Original poster
Jan 14, 2015
78
3
Mikael H said:
A router is pretty much anything that can make devices on one network talk to devices on another network. An Airport Extreme (or other wireless router) can do this for you with the benefit that you don't have to understand a lot at all about network routing (or address translation) and firewall rules to create a relatively secure wireless network without risking compromising the security of your workstation. The drawback, of course, is that a separate device costs money.

It may be the case that turning on network sharing with the Firewall put in "automatically allow.." mode starts a process that sets everything up securely while allowing other devices to connect to the shared Internet connection, but I'm simply not sure off the top of my head.
If not, you would probably need to learn about pf (Packet Filter), the firewall software that is included in OS X/macOS from Mavericks and onwards, and hand-write a set of firewall/NAT rules that do what you want them to. As far as I can recall, the pf rules are parsed before those of the application-based firewall that you can control from the graphical environment in macOS. While a cool exercise, this is likely to be a frustrating experience at first, and if your time is worth money to you, you will likely spend more getting this to work properly than you would've done if you'd just gone out and bought a separate box to solve this problem for you in the first place. :)
Click to expand...

Hi Mikael. Thanks for that reply. Lots of useful information in your post. I think trying to learn how to hand write pf rules is probably not something I could tolerate at this point in my life, although as a younger man I'm sure I would have relished the challenge.

A dedicated wifi router might be the better option.

Thanks again.
 
  • Like
Reactions: Mikael H
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom