How to set up DNS on OEL ?
Hello buddy:
How can I set up DNS on OEL ? Just for install 11g R2 RAC
You can use "system-config-network" command to configure your DNS configuration.
Similar Messages
-
How to set up DNS behind a NAT router...
I am trying to configure DNS in Panther Server as the SOA for my domains and as a LAN name server. I've read several explainations about setting up DNS including technical document 106853 "How to set up DNS in a NAT environment" which says:
Note: For Mac OS X Server 10.3 or later, you should use the Server Admin
application to configure DNS and NAT. Please see the Network Services
Administration Guide for additional information.
Seeing how picky BIND is, this sounds like a good idea, except I can't configure views like that.
Questions:
1) What happens if I create an A record in my main domain for newmac.mydomain.com-->10.0.1.2? People outside the LAN can't get to it, right?
2) Can I create really simple names for the LAN like newmac-->10.0.1.2?
Thanks!You can use "system-config-network" command to configure your DNS configuration.
-
How to set two DNS domain in one Remote VPN group policy
Hello experts
I am using ASA 8.2 to provide IPsec remote VPN for our staff. And in the group policy I set default domain name which is needed for our DNS server to resolve internal URLs. But the problem is now we have two domain names on our DNS server, and host names in two domains are differents. So if I setup one domain name in the group policy, URLs in the other domain cannot be resolved when using VPN. But ADSM seems doesn't allow me to setup two domain names for the attribute 'Default Domain'. What can I do?
Thanks a lot.Come on Experts, please help. Any way to achieve that, or it's a mission impossible.
-
Howdy!
Is it possible to insert a DNS suffix somewhere in OSX 10.4.8? I've been googling forever, but all that comes up about DNS suffixes is Windows related.
Any ideas?What do you mean by 'DNS suffix'?
If you mean a domain name that's automatically appended to hostnames when resolving, add the domains you want to the 'Search Domains' in Network preferences. -
Two Xserves running 10.5 Server and setting up DNS...
Hello.
I have two Xserves (a G5 and a new Intel), both with fresh installs of 10.5 Server on them.
Xserve #1 not going to be hosting any external services (FTP, web, email) and only housing internal, mission critical & confidential data (the server is set up with a mirror RAID on the OS drive as well as mirror RAID on the storage drives + nightly tape backups for offsite storage). Right now there are no plans for enabling iCal on this server as we're trying to keep the server as basic as possible (as we can afford zero downtime on this server), but if the initial setup of 10.5 requires configuration at first run to allow this type of thing, I'd like to deal with it now so as to keep my options open (as I know iCal on 10.5 requires Open Directory enabled).
Xserve #2 is going to host FTP (for external clients) and internal file sharing for the design/production department (basically, for transferring files back and fourth between departments, so no data via this share will be "critical" as it's only temporarily on the server and will always exist in other locations). Even though this server will not host "critical" data, it will share the same backup/RAID scheme as Xserve #1.
So, I'm curious as to how I set up DNS in this situation (so we can associate a domain name to our static IP address). We already have our main domain setup via 3rd-party hosting service (for web & email as we do not want to bring these services in-house), but we're purchasing a second domain that will be associated with company (via a static IP, so we can give a domain name instead of IP address for people needing to connect to the FTP server, make it easier for employees to remember the address for remote connections, etc.).
Because Xserve #2 is going to be hosting FTP, would it make sense to setup DNS on this server and not set it up on Xserve #1? Also, and this could just be me being paranoid, but because Xserve #1 will be housing "critical & confidential" data I want to eliminate as much contact with the outside world as possible with this server, so this is another reason I feel Xserve #2 should have DNS running instead.
Oh, and not sure if this makes any difference, but between the WAN and the LAN is a SonicWALL firewall and currently it deal with port forwarding, etc. depending on what services are being requested from the WAN (ie. remote machine connections, FileMaker remote connections, etc.).
Any advice would be appreciated!
Regards,
Kristin.There's a couple of things in your post I don't understand:
the server is set up with a mirror RAID on the OS drive as well as mirror RAID on the storage drives
How are you doing this? Both XServes support only three internal drives and two mirrors require 4 drives. Where does the fourth drive come into play?
I'm curious as to how I set up DNS in this situation
There are numerous ways of doing this, but with a single static IP address your best bet is to leave DNS where it is - managed by your hosting provider. Just add a record in the domain zone (e.g. ftp.yourdomain.com) that has the IP address of the public interface your SonicWall firewall. You don't need a separate domain for this. You also don't need to setup internal DNS for this (although you may need internal DNS if you're running Open Directory.
Because Xserve #2 is going to be hosting FTP, would it make sense to setup DNS on this server and not set it up on Xserve #1?
Assuming you're referring to setting up a DNS server - use them BOTH. Make one of the servers the primary server (I'd pick the internal-only server for this) and set the other server to be a slave (so it copies all the zone data from the primary server). That way you have a replica of the data to provide additional resilience. -
Setting iOS DNS for All WiFi Networks
This article describes how to set the DNS for WiFi connections on iOS:
http://techinch.com/blog/change-your-dns-settings-on-iphone-ipod-touch-and-ipad
The problem is that it specifies DNS for an individual network
connection, not for all connections.
Does anyone know a way to change iOS DNS for all WiFi networks in one
fell swoop?I have my ios devices DNS set via DHCP
You'd have to move to an MDM solution if you want over the air, push profile configuration setting to the devices
such as osx server Profie Manager. You may be able to do it with custom settings, I haven't tried it myself
The basic wifi setting in OSX server PM only allow settings for wifi SSID password etc
no DNS settings ip address etc. alternative MDM solutions may give you more options -
How to set up a mail server with a private DNS and relay over a public mail
How to set up the mail server that we can send and pick up emails inside and outside?
Our private network has the DNS name dnsname1.private.
We have our privat DNS Server and he can forward requests to outside over our router.
Our public emails are hosted by an internet provider. This dns name is dnsname2.com and dnsname2.org.
How we have to set up our mail server that we can pick up our emails from our public dnsname2.com?
And when we write an email how we have to set up it that the dnsname is dansname2.com and not dnsname1.private?If you want to move your mailservice to your own (internal) server, start by making sure you can recieve traffic on port TCP 25 (SMTP). Some ISPs blocks this port, especially on "non business" connections.
Can you send mail from your LAN directly to where your mail is hosted using port 25 TCP or do you have to relay via your ISP?
You have a static public IP? -
How can I use dns-sd to set up a priner to work with AirPrint?
How can I use dns-sd to set up a priner to work with AirPrint?
The priner is an HP LaserJet 1200 connected to the network with an HP JetDirect.Some of the third-party apps like "handyPrint" are able to configre the HP JetDirect to work with AirPrint.
I am trying to work up my own solution.
SyBB -
How To Set Up Mountain Lion Server/Point DNS to Mac Mini Server
Hello, First of all I have no experience with setting up servers whatsoever. Below is what I have
- Mac Mini with Mountain Lion Server
- Time Capsule as my router
- Comcast as my service provider
My goal is to set up my MacMini as a sharepoint for files and other data with my other partners.
- I have purchased a domaine name from NetworkSolutions. Does this mean that they are my DNS hosting as well? Not really sure. My biggest question is how to point my DNS to my mac mini server correctly.
1. How do you point the DNS to my mac mini server.
2. I've read somewhere to use the IP address from my mac mini server. The only IP address I see is from my Time Capsule (router). I know what my public IP adress is but I am not sure if that's the one to use. I think once I figure this DNS thing I can figure out the rest.
Thanks - Need lots of help.Here's a detailed write-up on setting up internal (private) DNS on OS X Server, and no, you're probably not going to be setting up external DNS on your servers. Your public DNS service will be hosted on and served from the Network Solutions DNS servers.
-
How to set up with cacheing DNS for local network?
Our new Lion Server has a static IP Address pointed to over the internet by our registrar's zone file. Planning the Lion Server installation process with the intent of hosting Web, Mail and Open Directory services to a small number of users who are nearly all located off-site. I do also want Lion Server to be a caching DNS Server and DHCP authority on the local network to replace what dnsmasq does on our current Linux server.
I am looking forward to offloading some of the lower level Linux administration tasks and putting myself in the hands of the Lion Server Setup Assistant and Server App :-) but at the same time don't understand some of its assumptions and fear having to spend a lot of time experimenting and re-installing.
So, specifically, I want the Server App to know that my Lion Server has a "Host Name for the Internet" but that the DNS it sets up will not be the DNS for my zone - I will be managing that through my registrar's interfaces.
Second problem is my fnot understanding what name space devices on the local network will / should use. e.g. The Linux server will be available for backups etc on the local intranet (and optionally have a static ip address on the Internet) but MacBooks, PCs, iPads and iPhones will be served ip addresses by the Lion Server's DHCP. So will / should these dynamic devices have their machine names fully qualified by our domain name with RFC 1918 style ip addresses or something like .local? How do I tell this to Lion's Server App / Setup Assistant? How easy is it to update these initial settings later?You do indeed need to have a master zone on lion server. There's no way to get around that since Open Directory depends on Kerberos and Kerberos depends on the DNS. LS scripts may see that the rDNS record exists, but I highly doubt that it'll auto configure everything for you... and given the number of possible variables, I bet that even if it worked something would need additional tweaking.
Sounds like an interesting lab excersize. You should try it on a test server!
Again... you just need to folow the set up procedure that Lion Server presents you with.
It won't be smart enough to see your external records and use them to configure a key distribution center for your OD.
As far as your caching needs... Could you set up your DHCP server to set the DNS server setting to show your internal server as the first hit, and your external as the second? That way when the client requests a resolution it'll not get a hit on your local server but will from the external?
The question then is how long will it wait for a response from the first server? Or will the first server respond with "I don't know" sending the client immediately to the second.
The server set up that I have works similarly. I have an internal master DNS that is replicated to a secondary. The first DNS has an A record (community.server.com) that points to the INTERNAL ip address of the secondary server that's also running the web service. The first server is running DHCP. It tells the clients to use the first and second servers as it's DNS lookup.
Now... Externally, my registrar hosts an A record for community.server.com that points to the external IP address of my router which then forwards the request to the proper port on the internal network.
This way, the local clients internally look up and get a response locally when they go for community.server.com. Externally, clients that look up community.server.com get the external connection to the router in my school.
Yikes... I fear that this is as clear as mud!
-Graham -
How we set up multiple websites on OSX Server
BACKGROUND
After fiddling and futzing around for weeks (actually since last year) I've finally figured out how to set up multiple websites (virtual sites) using one port and one IP address. While there seems to be lots of discussion on this topic, it seems that the basic assumption is that one knows everything about websites, DNS and all that stuff, which I do not.
When our network was originally established the engineer set up a wiki and also configured webmail, so we had two sites, one secured for mail and the other open for Calendar and the wiki. We were not hosting any websites locally because our school website is hosted by a company in New England.
This year I wanted to set up websites for teachers and students. As great as the wiki is, there are some things it just can't do as well as a website. So I figured if I set up the sites teachers could link back and forth from one to the other. In addition kids could now start to use a real website instead of the cobbled together file mess I had when we ran a Windows network. Also iWeb is a much more accessible tool than FrontPage.
SERVER SIDE:
Snow Leopard Server - 10.6.4
There are two - actually three pieces if you want your iWeb clients to connect to the server: Server Side Web Services, DNS and, in my case, FTP.
================================================ SERVER SIDE - WEB SERVICES
If you haven't turned on Web services, you'll need to open Server Admin and do that. If you don't know how to set up web services - just reply and I'll step you through that as well.
Once web services are set up and turned on, you'll see it listed under your server’s name in the Server Admin sidebar. Click on "Web" and then click on the "Sites" tab at the top of page. This is where you list all your sites.
Click the plus button and enter the fully qualified name of your site, for example: "students.myschool.org". Don't use the defaults here (no name) - that's what got me in trouble before. BE SPECIFIC!
You'll be looking at the "General" tab (the other tabs, "Options", "Realms", etc. we'll deal with in a second).
On the "General Tab", the default IP address ("any") and port (80) is just fine. We'll run everything over port 80. (Apache figures all the virtual site stuff out - you don't need your rocket science degree for that.)
"Web Folder:" is important because this is how you'll "segment" your websites. While I would NEVER do this again, we have a solid state hard drive for the OS and a RAID array for our data files. IF you have that, make sure you do NOT use the default "Web Folder" because it will store all your files on your solid state drive. There may not be enough room, over time, on that drive. I've not experienced it yet, but it's my understanding that if the drive fills up, the server shuts down.
I store my web sites on a folder on the RAID array.
Everything else on that tab can be left as the default. (Just make sure that you have an "index.html" or "index.php" file in your web folder root, but iWeb will take care of that for you.)
I would put in your email address in the "Administrator Email:" field.
Under "Options" you really don't have to put anything. I've tested making websites with iWeb and it doesn't appear that anything needs to be checked.
Nothing needs to be entered in "Realms" as well from what I see working w/ iWeb.
The defaults in "Logging" are fine.
You can leave "Security" alone, but we do have a (self-issued) certificate listed for our webmail site.
"Aliases" is important. Under "Web Server Aliases" you enter how you want the site to respond to when users type in a URL in their web browsers.
When our web server was initially set up the engineer set up "wiki.myschool.org" on port 80 and "mail.myschool.org" on port 443. In the aliases section was nothing but a "*" (the wildcard character). That means, from what I can figure out, that the webserver will respond to these sites regardless of what is typed in the URL. (Well, something like that - point is, if you create OTHER websites, you'll NEVER get to them because the wildcard character in the "Aliases" section, in effect, grabs those web requests and redirects them to the sites that are already there.
In my case I deleted both of those wild card characters. For my "wiki.myschool.org" site, I entered "mail.myschool.org". That means if you type EITHER "wiki." or "mail.", go to the site that’s stored in the “Web Folder” we set up when those sites were created.
For "mail.myschool.org" I just DELETED the wildcard character. I wanted that site (since it was secured) only to respond to "mail." - nothing else. (You're not going to that secured site for any other reason than to get your mail.)
"Proxy" can be left blank. Have no idea what that does. As time permits I'll do some research and figure out what it's used for.
"Web Services" is if you want to provide any MORE services to this particular site. Most likely you'll want to uncheck all the boxes. For our "wiki." site, we have checked "Wikis", "Blogs", and "Calendar". For our "mail." site we have those checked PLUS "Mail".
I would create a separate "Web Folder" for each of your sites. I don't know if that's a requirement but for housekeeping purposes, I would keep the sites separated. And I SUSPECT that it's "best practice" to separate your wiki from your other websites.
SERVER SIDE - DNS
OK...now you have to make your site reachable and the only way to do that is to set up DNS so that folks don't need to type in the IP address of your web server. You need to set up DNS inside your network and, if you want folks in the outside world to reach your website, you'll need to set up an external DNS as well. I'm going to cover INTERNAL DNS - if you don't know how to set up EXTERNAL DNS - reply or email me and I'll post those instructions.
Most likely you have already created Zones for you network...all you really need to do is create "Aliases" so that when you type "students.myschool.org" your web browser will know that site resides on IP address XXX.XXX.XXX.XXX.
If you've set up Zones then you already have a "Machine" setting that translates your server’s name to an IP address and vice versa.
All you need to do is create an "Alias" (CNAME) record for, in this case, "students". You’ll see the choices for types of records when you click the "Add Record" button.
There are only two fields to configure for a record: "Alias Name" - in this case "students" and "Destination" - in this case "servername.myschool.org". (You've already entered a machine record that says "servername" = 192.168.1.x.)
That's it for Internal DNS.
SERVER SIDE - FTP
Now you have to get iWeb to communicate with the webserver.
There are only three ways iWeb will communicate with webservers: MobileMe, Local Folder and FTP Server.
Local Folder is really only practical if you want to host a website on a laptop (I was blown away initially when I found out that all Macs had a built-in web server - how neat is that?). I think there are some very cool things teachers could do with configuration, and, of course, you wouldn't need to set up any web services on the web server, but that's for another discussion. You need to set up FTP services on the web server.
Turn on and enable FTP on your webserver.
You can leave the defaults for "General", "Messages" and "Logging". "Advanced" is the only thing you want to set. I set "Authenticated Users See:" to "Home Folder Only". I set the "FTP Root" to the same root folder in which I plan to store my web sites (/VOLUMES/RAID Array/WebServer/Documents). This setting sets that folder only to be accessible via FTP.
I would suggest returning to your DNS settings and adding one more "Alias". Set "ftp." to point to your webserver. Why? So folks can edit their sites from home (see below).
CAVEAT: If you are running FTP on other servers, make sure that the settings here do not conflict with the settings on the other servers. For example, I'm running FTP on my file server so that my scanners can communicate with it. However, I configure my FTP settings by machine name and NOT "ftp.myschool.org".
================================================
CLIENT SIDE - CONFIGURING iWEB
Now you have to configure iWeb so that it will communicate with your server.
Click on the "Site" icon so that "Site Publishing Settings" appears.
Publishing:
"Publish to:" = "FTP Server"
You can set the "Site name:" and "Contact email:" to whatever you want. But see below!
FTP Server Settings:
"Server address"=ftp.myschool.org (you could also enter in servername.myschool.org or the IP address. However, if you want folks to be able to work on the site from home, you will need to configure external DNS for that. If you use the IP address, you're out of luck for remote access to the site. (You can do it but it's beyond the scope of this discussion.)
"Username" & "Password" should be your user's network login credentials.
"Directory/Path" - this is important. Remember, you set your "FTP Root" to be "/VOLUMES/RAID Array/WebServer/Documents". If you leave this field blank then the website will be dumped into this folder. If you are only setting up one site, that may be OK. However I wanted to set up a "students" site folder, a "faculty" site folder and a separate site for our literary magazine.
THEREFORE: I have, in my ..../Documents folder (on the server), a "students" folder, a "faculty" folder, and a "litmag" folder.
SO...in my "Directory/Path:" field, I have "/faculty". That means the full path to this website is "ftp root/faculty" or "/VOLUMES/RAID Array/WebServer/Documents/faculty" (You don't need a trailing "/" character. iWeb will automatically append the folder for you user depending on what you entered in "Site Name:" in the "Publishing" area.
Website URL:
This is the root website depending on whether it is "students" or "faculty". Since iWeb will append the site name to this root website, I accomplished what I hoped to accomplish in this post (http://discussions.apple.com/message.jspa?messageID=12288561#12288561).
Faculty sites will be @ http://faculty.myschool.org/username. Students @ http://students.myschool.org/username. PERFECT!
iWeb is such a GREAT tool - NOW the kids can start using it!
I want to reiterate that this works for our school but it should work for you as well. There may be better ways to do this but it works for us.
Hope this has been helpful and you won't have to spend weeks trying to figure this all out by yourself!OK...here's how we did it.
To get access to the website you created from outside your network there are a couple of steps.
First, you have to have a STATIC IP address from your ISP. If you have a T1 circuit, no problem...you usually get a couple of static IPs you can use. However, if you have a cable modem circuit, most likely you have a dynamic IP address which changes when you connect to the internet. Usually a static IP will cost a bit more because the ISP has to go through a couple of steps to set it up for you. But once you have the address, you now have a way for folks outside your network to connect with you.
(I’m also assuming that you use a router of some sort through which traffic flows out to the internet and that you aren’t using connection sharing or something like that.)
The next thing you need to do is have your new static IP address associated with the server on which you are hosting your website. You've probably already done that if your website works inside your network. However, you've associated a private ip (192.168.x.x, etc.) to your web server. That doesn't mean anything to folks on the outside because private IP addresses are just that - private - folks can't access them. (I won't get into VPN because that's a whole other topic.)
The way you associate your new static IP address to your web server is through some sort of dns application from your ISP. For example, we use TierraNet to manage our external DNS information. They have a web interface control panel that is very similar to the DNS interface for XServer. You can create CNAME records (aliases - other ways that folks can access your servers).
Basically you create an "A" (CNAME) record with a fully qualified domain name (e.g. webserver.myschool.org) and point it to your public IP address (XXX.XXX.XXX.XXX) which you just got from your ISP. It's going to take a while (24-48 hours) for this change to take effect. BTW, you can create as many “A” records as you want. For example mail.myschool.com and wiki.myschool.com could point to the same place.
You want to make sure that the fully qualified domain name you enter in the external dns utility matches the name you used when you created your internal dns records on your XServer.
OK...so now folks can get to your domain - but, remember, you have a private network IP scheme between them and you. You now have to tell your router that when web traffic arrives, allow it inside the network and direct it to your web server.
Let's say your public IP address is 205.100.112.50 and your web server is 192.168.0.5.
You have to create, in your router’s "Security Zone" (router companies call them different things) a couple of rules. Usually the first rule is: "Let everything inside the network get out to the web." You've probably already done that if folks inside the network can reach the internet.
You then have to tell the router to allow web traffic (port 80) into your network AND redirect that traffic to 192.168.0.5.
We use AdTran routers and they have a web interface which allows you to write "rules" affecting public and private traffic. Public is folks outside the network, private is folks inside.
AdTran calls them "Security Zones" and you modify those zones with policies.
So my "Policy" would say, in the above example, redirect traffic from my public IP (205.100.112.50) -> to my web server -> (192.168.0.5).
THEN you have to modify this policy with what AdTran calls "Traffic Selectors". You've said, OK, you can get in, but WHAT can get in?
The "Traffic Selector" is written to say: "Permit" "TCP" traffic from 205.100.112.50 only through Port 80. (That's the port that web traffic goes over. If you wanted a secure website, you'd add another traffic selector that opens port 443, for example.)
I'll tell you I'm no genius when it comes to this. I called AdTran and had them configure my router for me. I told them what I wanted done, they remoted into the router and configured it. But then I could go to the web interface and see what they did and then added rules later on when I wanted, for example, to get access to the network via Apple Remote Desktop or VPN into the network on my iPad.
I'd bet that your router has a maintenance agreement that includes this service and if it doesn't it should have.
I did find that I still had issues when I tried to set this up originally and it had to do with the ORDER of the policies. I can’t remember exactly what the issue was, but, effectively one of the policies highjacked traffic before the policy that I wanted got triggered. Simply moving them around in the list fixed that issue. So if you have this set up but still can’t access the site, check the order of your rules.
I don’t know if that helps or not, but I try to think about this stuff conceptually and then get someone to help me with the details. I work with this stuff so infrequently that I forgot how I did something 6 months or a year ago. I’m in the process of creating a wiki for the school which documents all this stuff, but that’s a major undertaking.
Cheers,
John -
Once and for all: How to set up and use SSH
Yes, I know ssh has been discussed on and off, but never in its entirety; and yes, there are step by step instructions on the www, but at one point or another they skip a crucial instruction that would be necessary for unix-dummies (e.g. how to save and close the nano-editor in Terminal). So, please pardon my question:
There are several points I'd like to ask for ssh-connecting two macs on a local network:
1) In terminal-file-"connect to server" you can ask for an ssh connection to be set up. For this to work, do I need to create private and public keys first? If so, how? Please point me to a reliable and step-by-step instruction site.
There are some free ssh-utilities out there, but their documentation is just not helpful enough for a UNIX-dummy.
2) Apparently I managed to connect via ssh once (from the terminal, see point 1) to a local server (allowing remote connection set to ON at the server). But then, when I connected to that server from the client's finder and tried to get into my user account on that server it told me that no secure connection could be established. What's wrong here? Do I have to continue working from within the terminal to use this connection? That would be difficult for an average MacUser.
3) What is the security advantage of an SSH connection on a local wireless network (Airport Base Station) over WPA2, if at all?
4) And how to set up an ssh-connection over the internet cloud to safely build a remote control/desktop sharing connection, e.g., a friend's Mac when she has a problem?
Thanks for your consideration.First I'm not sure what your goals are.
1) In terminal-file-"connect to server" you can ask for an ssh connection to be set up. For this to work, do I need to create private and public keys first?
If you have ssh keys, you can do this without passwords. If you have not exchanged keys with the remote system, you will be asked for the password of the user you are attempting to login as.
If so, how? Please point me to a reliable and step-by-step instruction site. There are some free ssh-utilities out there, but their documentation is just not helpful enough for a UNIX-dummy.
Log into the remote system. This could be via ssh.
On the remote system, run the following command to generate an ssh key for that remote system:
ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/username/.ssh/id_rsa): <<take default>>
Created directory '/Users/username/.ssh'.
Enter passphrase (empty for no passphrase): <<enter nothing>>
Enter same passphrase again: <<enter nothing again>>
Your identification has been saved in /Users/username/.ssh/id_rsa.
Your public key has been saved in /Users/username/.ssh/id_rsa.pub.
The key fingerprint is:
aa:bb:cc:dd:ee:ff:gg:hh:ii:jj:kk:ll:mm:nn:oo:pp [email protected]
This will generate an ssh key for the remote system. This could be any system that support ssh, such as a Unix system, or another Mac.
Copy the id_rsa.pub file from the remote system to your Mac. When I say "your Mac" I mean the one that you want to make the ssh connection from. The id_rsa.pub is found in the remote system's ~username/.ssh/ directory.
Append the copied id_rsa.pub to your Mac's ~himbear/.ssh/authorized_keys2 file
cat id_rsa.pub >>~himbear/.ssh/authorized_keys2
Now when you ssh to that specific remote system, it will NOT ask for a password. The first time you ssh to any system, ssh will ask if the system is really the system you thing it is. But once you say "yes", it will not ask that question again.
Repeat for every remote system you wish to log into using an ssh key.
2) Apparently I managed to connect via ssh once (from the terminal, see point 1) to a local server (allowing remote connection set to ON at the server). But then, when I connected to that server from the client's finder and tried to get into my user account on that server it told me that no secure connection could be established. What's wrong here? Do I have to continue working from within the terminal to use this connection? That would be difficult for an average MacUser.
MacUser. A flash from the past, as in the MacUser magazine.
ssh is not used by default when you make connections. If you want an ssh connection, you have to establish it intentionally.
ssh can be used to pre-establish a tunnel (or tunnels) that other services can use. Once an ssh tunnel is establish, connections to local host's tunnel port will be connected to the specified remote port. For example:
ssh -L 5901:localhost:5900 [email protected]
will establish a tunnel that VNC can use. The VNC client would connect to localhost display 1 or port 5901.
ssh allows multiple -L tunnels to be specified on the ssh command line.
3) What is the security advantage of an SSH connection on a local wireless network (Airport Base Station) over WPA2, if at all?
Inside you home. Not much. Unless of course you do not trust the other members of your family. That is to say, others having your WPA2 password, and are thus on the inside, and can sniff you packets.
4) And how to set up an ssh-connection over the internet cloud to safely build a remote control/desktop sharing connection, e.g., a friend's Mac when she has a problem?
If you are using the Mac OS X Leopard built-in *Screen Sharing* and you are connecting to another Mac's built-in Leopard System Preferences -> Sharing -> Remote Management (Tiger's Apple Remote Desktop), then in the *Screen Sharing* preferences, is an "Encrypt all network data" option.
If you wish to set this option in advance, you can launch *Screen Sharing* by double clicking on System -> Library -> CoreServices -> Screen Sharing.app
You can *Screen Sharing* connections over the net using iChat. This is one of the easiest ways to take control of their system. Of course they need to cooperate. I use a Free AOL Instant Messager (AIM) account for my iChat connections. And as a side benefit you can text, audio chat and/or video chat with the person at the other end.
If you are NOT using the build-in Mac OS X *Screen Sharing* and/or you are NOT using the build-in remote Mac OS X remote management server, then this is a situation where an ssh tunnel would be a very good idea.
However, setting up an ssh tunnel between 2 systems across the internet gets complex.
In this case you might want to consider using something like LogMeIn.com which will deal with all those nasty home routers without needing to to do nasty router configurations, and it will be a secure connection. LogMeIn.com will not be as fast as a *Screen Sharing* connection or a VNC connection, but it will be secure and easy to establish. Again, this is only if you can not to Mac to Mac *Screen Sharing* using built-in Mac OS X remote desktop.
Now if you want to roll your own ssh tunnels for VNC, then I'm just going to outline the things you need to do.
If the remote system is behind a home router, you need to configure that remote home router to "Port Forward" port 22 on the Internet side to port 22 on the target Mac. Bonus points if the internet side using a high number port to discourge net bots from knocking on your door. Use the ssh -p 12345 option to connect to the high numbered port that is forwarded to port 22 of the destination Mac.
On the remote Mac you need to run a VNC server. If this is a Mac, then Leopard System Preferences -> Sharing -> Remote Management (Tiger's Apple Remote Desktop). If it is not a Mac, then for Windows, TightVNC, UltraVNC, RealVNC are possible options. Linux has a built-in vncserver, or you can install x11vnc which has the advantage of displaying the desktop screen.
Once you can access the remote system, you use an ssh command like the following:
ssh -p 12345 -L 5901:localhost:5900 remote.system.address
You can get the remote system's address by having the remote system surf over to http://whatismyip.com. Then they can tell you the IP address.
If you are going to be doing this a lot, you can get a free no-ip.com or dyndns.org dynamic DNS name for the remote system, and the remote system can run a dynamic DNS client (available from no-ip.com or dyndns.org) which will keep the dynamic DNS name updated as the remote person's ISP change's their IP address.
Finally, now that you have an ssh tunnel for VNC traffic, you have your VNC client connect to
Address: localhost
Port: 5901
Depending on your VNC client you may need to specify Display 1 instead of Port 5901. Or if you do not get a Display or Port option you specify localhost:5901 -
How to set up Airport Extreme with Charter ARRIS Modem TM902A for the first time for WIRELESS.
How to set up Airport Extreme with Charter ARRIS Modem TM902A for the first time for WIRELESS.
When Charter Tech goes to your site, have them connect the modem up, but do not connect the modem to your iMAC or MacBook Pro. What you want to do is connect the Airport Extreme to the iMac or MacBook Pro first with the Ethernet Cable. You have to do this to configure via Airport Utility to set up the Base Station Name & Base Station Password.
You will then create/configure a Wireless Network, create your Wireless Password that will be entered on each of your Devices, example, Apple Tv, your iPhone, etc., you want to allow access to your Wireless Network you are creating.
Wireless Security will be -> WPA/WPA2 personal or just WPA2
Enter the Wireless Password you want
Verify the Wireless Password (enter it again)
After it is created you will see it on the Airport Utility window with the name you created for it and to the left, will be a Dot (circle that will be yellow).
Next you then want to unplug the power to the Airport Extreme, and then take the end of the Ethernet cable you unplugged from the iMac or Lap top MacBook Pro and connect it to the back of the Modem.
Next unplug the power cord from the modem and wait about 5 minutes, then plug the power back into the Arris Modem and wait until all lights come back on the modem wait
about 5 minutes, then plug the power cord back to the Airport Extreme and you will see it the light blinking yellow. Wait about 5 to 10 minutes, during this time Restart you IMAC or MacBook Pro, and once it is back up click on the Airport Utility and you should see on the Airport Utility screen.
For INTERNET to the left the light should be green and you should see the Airport Extreme also appear and the light to the left on the screen should also be green. If they are, you then should be able to click on the Wireless Symbol on top of bar of the screen and click to select the Wireless Network Name you created.
If you Do Not See the light (Icon) next to INTERNET turn Green, or if you see the Internet Light Green, but the Light (Icon) next to the Airport Extreme is yellow, unplug the power again to the modem and unplug the power again to the Airport extreme and wait about 15 minutes or up to 30 minutes. Then plug the power cord back to the modem wait till all the lights light up then, plug the power cord back into the Airport Extreme and Restart your iMAC or MacBook Pro.
The Airport Extreme light should change from yellow to green. Open up the Airport Utility to see what the indicators are showing they should both be green. Again select Wireless network you created under the Wireless Icon on the top right of the screen. Open Safari and see if you are able to Route to a web page or the apple site should appear.
WHAT TO DO IF YOUR AIRPORT EXTREME WAS PREVIOUSLY SET UP FOR USE WITH ANOTHER CARRIERS ROUTER OR MODEM.
NOTE: If you already had your Airport Extreme connected for example, I previously had ATT Uverse and the Airport Extreme was connected to the Wireless Router Model 3801HGV, I disabled the Uverse Wireless and used the Airport Extreme for the Wireless signal in bridge mode, as the Airport extreme Signal is much stronger than the Uverse router, and I was able to obtain a Wireless signal with the Airport Extreme way much better with no signal loss which was very very frustrating with the Uverse router.
Anyhow if you had it hooked up like this, now that you will be using it with the Charter ARRIS Modem TM902A, you will need to reset the Airport Extreme to clear out the old data it has in memory, with the previous set up otherwise it will not work. Trust me I spent 6 hours trying to make it work reading all Apple Support Community questions and answers relating to this type issue/problem others have been having trying to get their set up working. I tried all the tips, and I finally decided just to see if by chance I would be able to connect with someone with Charter Tech support who might be familiar with Apple to be able to assist me and by luck I did. He told me why it was not working and was all due the previous configuration with the ATT Uverse router was still in memory with the Airport Extreme. Finally it was 10:30 PM when I decided to call Charter Tech Support and I had been working on this since 3:00 pm pacific. I did not call them earlier as all the post I read said they never received any good help from Charter. After calling them I finished up by 11:00 PM and was able to finally connect Apple Tv, iMac, iPhones and Macbook Pro. We love our Apple Product and Happy all is connected with the new
Internet Provider Charter. I must say the speed is way way much better than it ever was with AT&T Uverse.
THIS IS WHAT YOU WILL NEED TO DO:
First you will need to unplug the Airport Extreme, then by taking the tip of a pen or paper clip end you need to push the reset button on the back of the Airport Extreme and hold it
down and at the same time plug the power cord back into the Airport Extreme count to 5 or 10 then release the reset button. Then once he light in front of the Airport Extreme stops blinking you need to plug the Ethernet cable from the Airport Extreme to your iMAC or Macbook Pro, and restart which ever one you have, then open the Airport Utility once it is back up. If you see airport extreme pop up with the old network name or it shows and yellow triangle click on the Airport Extreme ICON it will not let you configure it but will ask if you want to get rid of it or remove and just do it. Then Again restart your iMAC or MacBook Pro, open up Airport Utility again, and on the top left you should see under “Other Airport Base Stations” the MAC ID for the Airport Extreme.
You will then create/configure a Wireless Network, create your Wireless Password that will be entered on each of your Devices, example, Apple TV, your iPhone, etc., you want to allow access to your Wireless Network you are creating.
Wireless Security will be -> WPA/WPA2 personal or just WPA2
Enter the Wireless Password you want
Verify the Wireless Password (enter it again)
After it is created you will see it on the Airport Utility window with the name you created for it and to the left, will be a Dot (circle that will be yellow).
Next you then want to unplug the power to the Airport Extreme, and then take the end of the Ethernet cable you unplugged from the iMac or Lap top MacBook Pro and connect it to the back of the Modem.
Next unplug the power cord from the modem and wait about 5 minutes, then plug the power back into the Arris Modem and wait until all lights come back on the modem wait
about 5 minutes, then plug the power cord back to the Airport Extreme and you will see it the light blinking yellow. Wait about 5 to 10 minutes, during this time Restart you IMAC or MacBook Pro, and once it is back up click on the Airport Utility and you should see on the Airport Utility screen.
For INTERNET to the left the light should be green and you should see the Airport Extreme also appear and the light to the left on the screen should also be green. If they are, you then should be able to click on the Wireless Symbol on top of bar of the screen and click to select the Wireless Network Name you created.
If you Do Not See the light (Icon) next to INTERNET turn Green, or if you see the Internet Light Green, but the Light (Icon) next to the Airport Extreme is yellow, unplug the power again to the modem and unplug the power again to the Airport extreme and wait about 15 minutes or up to 30 minutes. Then plug the power cord back to the modem wait till all the lights light up then, plug the power cord back into the Airport Extreme and Restart your iMAC or MacBook Pro.
The Airport Extreme light should change from yellow to green. Open up the Airport Utility to see what the indicators are showing they should both be green. Again select Wireless network you created under the Wireless Icon on the top right of the screen. Open Safari and see if you are able to Route to a web page or the apple site should appear.I just got a Charter Modem. Model TM822. While I was moving, my Airport Extreme was still at my old place.
I have a Linksys WRT320N I used for the initial Charter setup.
I can get my Airport to work here, but the Internet light on the Modem flashes Yellow.
Hasn't caused any issues so far but one thing I did notice.
On the Linksys there were 3 DNS servers listed.
The Airport Extreme only lists 2 and i don't see where I could add another, only change whats already there.
I tried everything above, but light on modem still flashes yellow.
I have the technicians cell phone. Told me "that shouldn't be" and gave the same advice listed above.
I'll break down and call Charter one day, see if it's on their end. NSA tracking may need a reset LMAO. -
How to set up different virtual LANs (using the E3200)?
Hi.
I would like to set up different virtual LANs (using the E3200) so that I can have two different networks that can't access each other.
The E3200 is connected to a modem for internet access.
I would like both networks to have access to the internet.
Does the E3200 alone support creating virtual LANs?
If not, is there another way I can meet the requirement using the E3200 alone (using something other than virtual LANs)?
I'm ultimately thinking that I would need at least one other router.
So for example,
Router A (E3200) is connected to the modem and setup for DHCP using a LAN IP range 192.168.1.1/24.
Router B is connected to Router A and setup for DHCP using a LAN IP range 192.168.2.1/24.
In this way devices connected to Router A should not have access to devices connected to Router B and visa-versa, correct? For example, Device X connected to Router A cannot ping or browse files on Device Y connected to Router B and visa-versa, correct?
Would I need to setup anything else on Router B? For example, do I need to setup DNS settings so that devices connected to Router B can connect to the internet without issue? Would I need to specify that these virtual LANs are not bridged, and on which router, or both?
I already know how to set up a static IP, DHCP, LAN IP ranges, and static DNS settings on a router, etc.
In regards to wireless devices, I am thinking they would follow the same pattern; so wireless devices connected to Router A (E3200) have access to other wired and wireless devices connected to Router A but not to wired or wireless devices connected to Router B and visa-versa. However, if wireless devices currently don't have access to wired devices also connected to Router A, then that is fine for now.
Thank you very much!
-Rami
Solved!
Go to Solution.The E3200 has no VLAN support according to the manual. There's no way to configure two separate networks with this router alone.
You will need to add network electronics.
Ex:
Managed Switch with VLAN
Another wireless router with VLAN
If your modem supplies multiple public or private IP addresses then you could put a switch after the modem and two wireless routers attached to the switch.
Please remember to Kudo those that help you.
Linksys
Communities Technical Support -
How to set up Airport Express to extend Buffalo WHR HP 54g wireless router
Contrary to what official Apple policy is, it is possible to use Airport Express as a remote repeater using a Buffalo router.
I sent hours setting up this network and wish to share what I learned
I only wanted to use the Airport Express as a repeater to distribute the internet to the far reaches of the house--no iTunes, no Printer, and I did not bother setting security. If you want to add any of those features please make sure that the basic setup is working as described below. I have no idea how to successfully set up these features. My advice is to search the internet for guidance.
Anyway: how to set up the Buffalo wireless access router to work with Airport Express
Setting up the Buffalo:
From the routers home page of 192.168.11.1, hit the "advanced" box at the top
1. Go the "Wireless config" "basic" item. Give name to your network (spaces are allowed), lets call it "WIRENAME" and select wireless channel 1 or 6 or 11. These channels have the least interference and will tend to work when the others do not.
2. Go the the "repeater" item under Wireless config. . " Enable" repeater/bridge (WDS). Next register the MAC address of the Airport Express. Record both the LAN and Wireless MAC addresses.
That is about it. Your Buffalo system Info page should look like this
Model
WHR-HP-G54 Ver.1.40 (1.0.37-1.08-1.04)
AirStation Name AP001D73DEB2D6 Operational Mode Router Mode WAN
DHCP
Connection Status
Communicating
Operation
IP Address
myinfo
Subnet Mask
255.255.255.248
Default Gateway
my info(Via DHCP)
DNS1(Primary)
my info (Via DHCP)
DNS2(Secondary)
my info (Via DHCP)
Host Name
my info (Manual Setup)
Domain Name
earthlink.net (Via DHCP)
MTU Size
1500
DHCP Server Address
10.108.48.1
Lease Acquired Time
2006/01/04 12:03:15
Lease Period
2006/01/05 12:03:15
Wired Link
100Base-TX (Full-duplex)
MAC Address
00:1D:73:xx:xx:xx
LAN
IP Address
192.168.11.1
Subnet Mask
255.255.255.0
DHCP Server
Enabled
MAC Address
your address recorded in the repeater tab
Wireless(802.11g)
Wireless Status
Enabled
SSID
WIRENAME
Encryption Mode
Not Configured
Wireless Channel
11Channel (Manual)
125* High Speed Mode
Disabled
MAC Address
your address recorded in the repeater tab
For the Airport express: here is a summary of what the settings are: Start Airport Express Utility and when it comes up
Select "Manual" setup
On the Base station tab: Give Airport Express a name, any name and any password. Do not select the box: Allow setup over the internet with Bonjour
On the wireless tab: Wireless mode: Participate in a WDS network
Network name: the name you gave in the Buffalo router: EG: WIRENAME
Radio mode: 802.11n(802.11b/g compatible)
Channel : the same as you set in the Buffalo
Wireless security: None
WDS tab: WDS mode: WDS remote
Check: allow wireless clients
WDS main: the MAC address of the wireless (not LAN) side of the Buffalo router
Access control tab: MAC address access control: Not enabled
At the top of the control box , click on the Internet icon
Internet connection: Connection sharing: Off (Bridge Mode)
TCP/IP: Configure iPV4 : Using DHCP
I put in the address of the DNS servers listed on the Buffalo System info page above.
At the top of the control box Music Icon: I did not enable AirTunes
Printer icon: did not set this up
Advanced icon: leave every thing alone
That is it. Just do everything as above and your Airport Express will act as a repeater. (And save yourself a couple of days struggle.)
PhilMany thanks for the info.
In case you were not aware,the following list of Apple WDS compatible devices has appeared on numerous sites and in numerous Internet links and articles regarding this subject:
3com OfficeConnect ADSL Wireless 11g Firewall Router model 3crwdr100a-72 but ONLY with NO encryption
Belkin F5D7230-4 and F5D7231
BT Voyager 2091 or 2100
Buffalo WGR-G54
Linksys WRT54G or WRT54GS (though v4)
Netgear WGR614 v6
Maybe you are looking for
-
Shell Commands not found error when running application
Hello, Im using MonoDevelop IDE in my Mac, before it used to work fine but after few days, now when I'm opening the application nothing happens., i checked the Console for the log and it says this May 9 21:29:39 Sri-Vishnu-Totakuras-MacBook-Pro [0x
-
I am having problems with my Imac (approx 1 yr old) every since I downloaded (from the App.Store) Mountain Lion. I am a working mom with 3 toddlers.....I have very little time to work on the computer which I primarily use for photograhpy needs. I a
-
How to post Adobe Bridge Gallery to iWeb???
Hi, I would like to know how to place an adobe bridge gallery into iweb. I want to place it on a blank page so that I can use it as the home page that I will further design around. I did find one other post, however I am not understanding the instruc
-
I wanted to upgrade from Firefox 3 to Firefox 4. But, after I completed the download and then tried to open the Firefox application, I received a pop-up message saying, "You cannot open the application "Firefox" because it is not supported on this ar
-
WAP54G and WRT54G Channel settings
I am using the WAP54G in repeater mode. WRT54g is channel 11, what is best channel for WAP54G in repeater mode.