Geek Foibles


A 2nd network interface for the mini
May 26, 2008, 3:24 pm
Filed under: Uncategorized | Tags: , ,

This post is part of a series documenting the creation of a home media hub.  It may be helpful to read through the other posts in the series in order to better understand this one.

One remaining issue is the mini’s lack of a 2nd Ethernet interface.  Obviously if I want to use it as a firewall, I’ll need a second Ethernet port.  I was originally going to pick up a USB Ethernet adapter like a Netgear FA120 and have the Parallels VM hosting pfSense take control of the adapter directly, but I discovered that traffic shaping probably won’t work in that situation.  Another strategy, however, would be to get one of those same adapters and pair it with Sustainable Softworks’ USB-to-Ethernet driver to get Mac OS X see it, then use Parallels’ “bridge” function to communicate through it.  I was all set to move down that path when Apple released the MacBook Air and, along with it, the Apple USB Ethernet Adapter.

Apple USB Ethernet Adapter

Their adapter works on any Mac running 10.5.2 or later, so I elected to use that instead of a 3rd party adapter driven by a different 3rd party’s driver.  While I do find using Apple products over other manufacturers’ just because they’re made by Apple distasteful, experience has show me it tends to be less problematic in the long run.

The mini’s built-in Ethernet is gigabit, so obviously I want to use that as the LAN interface.  Given that one of the mini’s tasks will be performing file server duties, LAN bandwidth is important.  So, the USB adapter will be handling WAN duties.  Since I only want the Parallels VM running pfSense to be communicating with this adapter, I need to configure OS X to ignore it.  This is simply a matter of going into the Network system preference and setting “Configure IPv4” under the TCP/IP settings to “Off”.

Apple USB Ethernet Adapter TCP/IP settings screenshot

This way OS X should ignore any data coming through that interface, making things more secure.  While I should obviously do the same for the “Configure IPv6” menu, a problem appears if I do.  If I set both to “Off”, the interface stops being available.  It appears in the Network system preferences, but it stops being available to Parallels for bridging.  After an hour of futile efforts, I determined that at least one protocol must be enabled, so I kept IPv4 off and IPv6 at automatic.  This shouldn’t be a serious security concern as I’m pretty sure my ISP doesn’t route IPv6 traffic to me, but I’m going to delve into the OS X firewall in the near future and set up some rules to drop any traffic coming in through that interface, be it via IPv4 of IPv6.  I’ll be sure to post about it once I tackle it.

So, our WAN interface is ready.  OS X is ignoring it, but Parallels is ready to see it.

Advertisements

Leave a Comment so far
Leave a comment



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s



%d bloggers like this: