Manualshelf

Setup guide

ManualsBrandsApple ManualsNetwork CardMac OS X Server
60616263646566676869
4. Select the Protocols tab.
5. In the pop-up menu in the window pane, select NFS Export Settings.
Given that the item is to be exported via NFS, “Export this item and its
contents” should be checked.
6. Make sure that the Computer list is as restrictive as possible. Exporting
only a particular list of clients is recommended. To do this, select “Client”
from the pop-up menu and then click “Add” to add each IP addresses. If
every machine on a particular subnet requires access, then “Subnet” can
be selected from the pop-up menu. Selecting “World” is not
recommended.
7. Place a check in the “Map Root user to nobody” box. Verify that the
selections for “Map All users to nobody” and “Read-only” meet
requirements.
4.11 Set up IP Filtering
Mac OS X’s built-in IP filtering service (also called the Firewall service) can prevent
other hosts from communicating with services running on the system such as the
web server, file sharing services, and remote login. ApplesMac OS X Server
Network Services Administration” (http://www.apple.com/support/server
), the ipfw
man page, and comments provided in Apple’s configuration files in
/etc/ipfilter provide detailed guidance on the capabilities of the feature. The
following recommendations apply to a server offering network services; the
recommendations help ensure that the server will offer only the services intended.
These instructions do not cover advanced features such as using the IP filtering
service to perform network address translation or routing.
The Firewall service can disrupt network
communications and its configuration
can be tricky to implement. Do not
implement recommendations without
understanding their intentions or impact.
The default firewall configuration on Mac OS X Server denies access to all but a few
TCP services, and allows access to all UDP services. The goal of configuring the
firewall is to identify and permit only those hosts and services you would like to
allow, and then deny all others. The recommended settings deny all TCP and UDP
services except those explicitly allowed.
Performing any server configuration
remotely is not recommended, but
configuring the firewall service remotely
is especially not recommended because
of the risk of disabling communications
to the remote host.
55
UNCLASSIFIED