3 Networks + MoCA + TiVos

barts diagram on taking control from verizon routerBack in August of 2013, Bart helped me figure out how to wrest control from the Verizon Actiontec FiOS router and let my Airport Extreme control my network. It was non-obvious, so he drew a diagram that I turned into a full tutorial per his instructions. The basic idea is to disable WiFi on the Verizon router, and have it simply pass out IP addresses using DHCP and send traffic straight through to the Airport Extreme. We also set the DMZ on the Verizon router to a static IP and passed that right to the Airport. The purpose of that step was to eliminate the requirement to do port forwarding on both routers if I ever needed to access something inside the network.

All of this worked great, I was able to pretty much ignore the Verizon router for the last three years.

Continue reading “3 Networks + MoCA + TiVos”

How to Turn Off NAT-PMP on Airport Routers from iOS

Credit to Allister Jenks for the Instructions for iOS

Airport routers from Apple have a service turned on by default called NAT-PMP (Network Address Translation Port Mapping Protocol).  This service allows applications and/or devices inside your network to automatically open ports in your router to make them accessible from the Internet.  While this feature does make it easier to set up Internet of Things devices (doorbells, webcams, light bulbs), it makes your network more vulnerable to attack.  

The recent (October 2016) Denial of Service attacks on the Domain Name System that pretty much broke the internet for a half a day were due to devices inside peoples’ networks being commandeered to act on behalf of the bad actors.  In other words, having NAT-PMP enabled on an Airport router (or UPnP on other manufacturer’s routers) allowed these Internet of Things devices to be recruited into a botnet.

If you want to learn more, please see this Wikipedia article: https://en.wikipedia.org/wiki/NAT_Port_Mapping_Protocol

These instructions show you how to turn NAT-PMP off in an Airport Router using the Airport Utility on iOS.  If you want to do it from your Mac, please see this tutorial:

http://www.podfeet.com/blog/tutorials-5/how-to-turn-off-nat-pmp-on-airport-routers/

If you have a Netgear Nighthawk Router, please see this tutorial: http://www.podfeet.com/blog/how-to-turn-off-upnp-on-netgear-nighthawk-routers/

Continue reading “How to Turn Off NAT-PMP on Airport Routers from iOS”

How to Turn Off UPnP on Netgear NIghthawk Routers

Routers from Netgear (and other companies) have a service turned on by default called UPnP (Unplug and Play).  This service allows applications and/or devices inside your network to automatically open ports in your router to make them accessible from the Internet.  While this feature does make it easier to set up Internet of Things devices (doorbells, webcams, light bulbs), it makes your network more vulnerable to attack.  

The recent (October 2016) Denial of Service attacks on the Domain Name System that pretty much broke the internet for a half a day were due to devices inside peoples’ networks being commandeered to act on behalf of the bad actors.  In other words, having NAT-PMP enabled on an Airport router (or UPnP on other manufacturer’s routers) allowed these Internet of Things devices to be recruited into a botnet.

If you want to learn more, please see this Wikipedia article: https://en.wikipedia.org/wiki/NAT_Port_Mapping_Protocol

These instructions show you how to turn off UPnP on Netgear Nighthawk Routers.  If you have an Airport Router, please see this tutorial: http://www.podfeet.com/blog/how-to-turn-off-nat-pmp-on-airport-routers/

Continue reading “How to Turn Off UPnP on Netgear NIghthawk Routers”

How to Turn Off NAT-PMP on Airport Routers from macOS

Airport routers from Apple have a service turned on by default called NAT-PMP (Network Address Translation Port Mapping Protocol).  This service allows applications and/or devices inside your network to automatically open ports in your router to make them accessible from the Internet.  While this feature does make it easier to set up Internet of Things devices (doorbells, webcams, light bulbs), it makes your network more vulnerable to attack.  

The recent (October 2016) Denial of Service attacks on the Domain Name System that pretty much broke the internet for a half a day were due to devices inside peoples’ networks being commandeered to act on behalf of the bad actors.  In other words, having NAT-PMP enabled on an Airport router (or UPnP on other manufacturer’s routers) allowed these Internet of Things devices to be recruited into a botnet.

If you want to learn more, please see this Wikipedia article: https://en.wikipedia.org/wiki/NAT_Port_Mapping_Protocol

These instructions show you how to turn NAT-PMP off in an Airport Router using the Airport Utility which is inside your Applications/Utilities folder.  If you have a Netgear Nighthawk Router, please see this tutorial: http://www.podfeet.com/blog/how-to-turn-off-upnp-on-netgear-nighthawk-routers/

Continue reading “How to Turn Off NAT-PMP on Airport Routers from macOS”

How to Upgrade Apple Airport Firmware

If you see an amber light blinking on your Airport Extreme, it may be an indication that there is a firmware update required.  These quick instructions show you how to find out if there is an update, and how to do the update.

I suspect the process is essentially the same on an Apple Time Capsule router but I don’t have one with which to verify these instructions.

The screens below show the upgrade from Firmware version 7.7.3 to 7.7.7 released in mid-2016. If you’re reading these instructions at a much later date (or are running a different version of the operating system) you may see different Firmware versions, but the instructions should be the same.

Continue reading “How to Upgrade Apple Airport Firmware”

How to Separate (or Combine) 2.4GHz and 5GHz Bands with AirPort Utility

Many modern routers support two frequencies for wireless access, 2.4GHz and 5GHz.  The 5GHz band is much less congested, so if you have devices that support 5GHz you want them on that band. At the same time you probably have older devices that can only do 2.4GHz.  

The Airport Extreme from Apple allows you to choose two ways to configure the bands:

  • With a single name for both bands allowing the devices to find the highest band on which they can work
  • With two distinct names so you can actively choose the band on which you want each device to function

This tutorial walks through how to use AirPort Utility to change these settings. I start with the two bands set to have the same name and show you how to give them unique names.

Continue reading “How to Separate (or Combine) 2.4GHz and 5GHz Bands with AirPort Utility”

Checklist to Limit Data Use on Travel (Updated)

Problem to be solved:

I have a shared data plan between my Mifi and my iPad. Under normal use at home I never go over my 4GB plan (not even close) but about 2 days into a vacation I get a 75% usage warning. I had Katie Floyd of the Mac Power Users Podcast on the NosillaCast Episode #448 to help me figure out the root causes and how to control my usage on travel.  These instructions are the checklist she helped me create to best manage my data. Your mileage my vary but I’m betting at least some of these ideas will help you too.

I updated this checklist in August 2015 to include new items that run automatically that could be the cause of significant data usage. In this post I recommend a tool called TripMode from tripmode.ch to monitor and limit network access by application: Can TripMode Demystify My Massive Network Data Usage?

Continue reading “Checklist to Limit Data Use on Travel (Updated)”

How to Set Up a Mac for Remote Login

What Problem are We Trying to Solve?

If you have a machine that’s got a bad monitor or locked up in some way that you can’t directly control it, you might have some success if you could connect in via the Terminal. In these few quick steps we’ll show you how to set up the target Mac so that you can connect to it over the network using just the Terminal.

Set Up the Target Machine You Want to Control

Set Up the Target Machine You Want to Control

Open System Preferences and click on Sharing.

Click the Lock to Make Changes

Click the Lock to Make Changes

Password

Password

Enter your administrator credentials in the pop up window.

Remote Login

Remote Login

Check the box for remote login. If you want to restrict remote login to a subset of the users of the machine, click on the radio button for Only these users, and then click the Plus button below that window.

Add Users to the Access List

Add Users to the Access List

In this example I’ll add allison and then click Select.

Click the Lock to Prevent Further Changes

Click the Lock to Prevent Further Changes
  1. Click the lock to prevent changes
  2. Note at the top it says the name at which your computer can be accessed – write this down! In my case, the name is Core-i7-4.local and be sure to note that this name is case sensitive

On Another Mac Connect to the First Mac

Open a Terminal and type in ssh followed by the name you recorded for the target Mac.
You will be prompted for your password. In this case I only authorized the account allison, so there’s only one option here.

On Another Mac Connect to the First Mac

You're In!

Note that the prompt has changed to Core-i7-4 so we know I’m logged into the target Mac.

From here you can list files, copy files, move files, whatever you can do in the Terminal if you’d been sitting at the target Mac.

Enjoy!

How to Configure Verizon FiOS Router to Give Network Control to Airport Extreme

Introduction

Bart Busschots of http://bartb.ie helped me figure out this configuration that so many people are requesting. Bart’s diagram shows the end condition. The screenshots in the tutorial are from an Actiontec router supplied by Verizon running firmware version 40.20.7 in 2013.

In this tutorial we’re going to:

  • Turn off Wireless on the Verizon router
  • Change the IP range that the Verizon router serves out to start at 192.168.1.10
  • Enable the DMZ on the Verizon router and set it to 192.168.1.2
  • Set the Airport Extreme to static IP and assign it to 192.168.1.2

This combination of steps will allow the Airport Extreme to control your home network serving out IP addresses, and to execute port forwarding (without having to also do that on the Verizon router).

Introduction

Log into Verizon Router at 192.168.1.1

User Name and password are taped to the side of the router

Log into Verizon Router at 192.168.1.1

Select Wireless Settings

Select Wireless Settings

Under Basic Security Settings Turn Off Wireless on the Verizon Router

Under Basic Security Settings Turn Off Wireless on the Verizon Router

Select Advanced

Select Advanced

Proceed

Proceed

Select IP Address Distribution

Select IP Address Distribution

Select Action next to the Dynamic IP Range

Select Action next to the Dynamic IP Range

Change the Starting IP Address to 192.168.1.10

Change the Starting IP Address to 192.168.1.10

Click on Firewall Settings

Click on Firewall Settings

Proceed

Proceed

Enable DMZ Host IP Address

  1. Click the checkbox
  2. Set DMZ Host IP Address to 192.168.1.2
  3. Click Apply
Enable DMZ Host IP Address

Open AirPort Utility

Click on the image of the router or the name to reveal the Edit button

Open AirPort Utility

Click Edit

Click Edit

Select the Internet Tab

Select the Internet Tab

Set the APE to a Static IP

  1. Select Static for Connect Using
  2. Change the IP address to 192.168.1.2 (as we set up in the DMZ on the Verizon router

don’t click Update just yet

Set the APE to a Static IP

Select Network Tab

And change router Mode to DHCP and NAT and click Update

Select Network Tab

Ignore Double NAT

You will get a warning (a red circle with a number in it) that if clicked will say Double NAT. This can be ignored by clicking on the router, hovering over Double NAT, Clicking and selecting Ignore. You are now free to play about the Internet.

Ignore Double NAT

VNC Tutorial Mac/PC

Remote Control Another Computer with Virtual Network Computing (VNC)

The idea of VNC is that you have one computer be the server (the one that will be controlled) and the other machine becomes the client. The good news is that there’s lots of options to choose from and most of them are freeware, no one solution is best for everyone. This tutorial will walk through the use of OSXvnc for the server, and VNCDimension for the client, which are both Mac OSX applications, but there are plenty of Windows solutions to choose from. Just head over to VersionTracker or downloads.com to find the client and server software for Windows. The basic idea of the settings are similar, but the window graphics will be different. I hope by reading this you’ll be able to figure out how to tailor your client to your needs. At the end of the Mac to Mac connection I’ll walk through the connection I was able to do to control a PC from a Mac (ah, the control we’ve always wanted!)

Server Software – OSXvnc – download at:
http://www.versiontracker.com/dyn/moreinfo/macosx/16699

After download, launch the OSXvnc1 .dmg file (disk image file). It will put a disk volume on your desktop. Open that disk volume and drag the application OSXvnc into your Applications folder.

Client Software – VNCDimension – download at:
http://www.versiontracker.com/dyn/moreinfo/macosx/9462

If the server is on a router, a port (or hole) must be opened in the firewall to allow VNC traffic to go through even if you’re working on your internal network. I don’t get why that is, but my client software crashes if I don’t have that port open. Go to the port forwarding menu (sometimes shown under games) and set port 5900 to be open to the internal IP address of the server (for example, if it’s a Linksys router, the internal IP would be 192.168.1.100 or something like that). Check the boxes (or pulldowns) for both UDP and TCP. Save changes.

The client will need to know the Internet IP address of the router (or the server machine itself if there’s no router). The easiest way to find out your IP address is to open a web browser and go to whatismyip.com and it will show you. Note this IP address.

Now on the machine that will be the server, launch OSXvnc. Note the display number (in the example below it’s set to 0, usually that’s the default), and the port number is usually set to 5900. This can be changed, but let’s not mess with the settings just yet. Enter a password that will be required by the client for security. The display name should be entered automatically. Click on “Start Server”.

VNC server setup window

Now for the client setup: Launch VNCDimension, and in the menu select Session–>New (or hit command-N).

VNC client setup window

You want to connect to the server you just finished setting up, right? So in the host name field, type in the IP address of the Server machine (that’s the internet address). Make sure the display number matches the one on the server (0 in our example). Click OK.

When VNCDimension makes a connection, it should prompt you for a password (this is the password you set on the server side).

Now the client should be able to see what’s going on on the server, AND is able to move the mouse around and make selections and type just as though you were on the other machine, albeit quite slowly!

IMPORTANT NOTE: Make sure when you’re done, you close up the port you opened on the firewall (port 5900 in our example) as this port is a vulnerability to your system. Keep it closed unless you need it!

Controlling a Windows XP machine from Mac OSX
I used RealVNC which is freeware for my needs, got it at http://www.realvnc.com/
After installation, I selected Start–>Programs–>RealVNC–>VNC Server 4 (User-Mode)–>Configure User-Mode Settings as shown below:

graphic of above instructions

This brings up the configuration program which allows you to do two important things – one is to set the password (under the authentication tab) and the other is to allow machines of a given IP address to access the machine. The authentication tab is shown below:

graphic showing where to click on password

Then to include the allowed IPs click on the Connections tab and click Add as shown below:

graphic showing where to click on Add and enter IP

Oddly this server did not request the display number, it must assume that it’s zero. Now you need to actually launch the server software (we’ve just configured it so far), go to Start–>Programs–>RealVNC–>VNC Server 4 (User-Mode)–>Run VNC Server. You won’t see a darn thing happen, but down in your system tray there should now be a teeny little icon that says VNC. I did it four times before I noticed and there were four nice little icons in there! I did learn how to kill it though, right click on the icon and select Stop Server.

You’re ready to launch the client viewer application now, in this case I used VNCDimension again on the Mac, but you can use a PC to do the same thing. When I launched the client software, I selected new connection, typed in the IP address of the PC, selected OK and it asked me for a password and shazam! there was XP on my Mac. I’m going to use this to test my website on Windows from now on.

Hope this tutorial helped you get a little more clarity on how this works, if you have any questions, please feel free to contact me at allison@podfeet.com.