Exploring the Mac OS X Firewall
Subject:   Firewalls and Internet Sharing
Date:   2005-03-17 12:03:14
From:   makalumatt
It seems that if you enable "Internet Sharing" on a Mac, then that particula Mac can't have its firewall enabled, otherwise the other Macs on the network (those sharing the internet access) won't properly be able to access network services. Has anyone else experienced that?
Full Threads Oldest First

Showing messages 1 through 1 of 1.

  • Firewalls and Internet Sharing
    2005-03-18 05:23:46  peterhickman [View]

    The problem is that when you do internet sharing OS X does not create any special rules for the computers who are accessing the internet through the master computer. The rules for inbound packets are the same for access to your computer from the outside as they are for the sharees. I have found that as I only expose http and ssh then computers that are accessing the internet via my computer can only access http and ssh. What I do is add an extra rule to allow https access to my computer from the airport card so that my wife can access the shopping sites.

    allow tcp from any to any https in via en1

    Depending on how you feel about the people connecting to your computer you would need to set up a rule for each protocol that they are allowed to use or add a generic rule like

    allow tcp from any to any in via en1

    but this way you are putting a lot of trust in the users of your system that they will not use your machine as a gateway to spam from.