3 Networks + MoCA + TiVos

barts diagram on taking control from verizon routerBack in August of 2013, Bart helped me figure out how to wrest control from the Verizon Actiontec FiOS router and let my Airport Extreme control my network. It was non-obvious, so he drew a diagram that I turned into a full tutorial per his instructions. The basic idea is to disable WiFi on the Verizon router, and have it simply pass out IP addresses using DHCP and send traffic straight through to the Airport Extreme. We also set the DMZ on the Verizon router to a static IP and passed that right to the Airport. The purpose of that step was to eliminate the requirement to do port forwarding on both routers if I ever needed to access something inside the network.

All of this worked great, I was able to pretty much ignore the Verizon router for the last three years.

Continue reading “3 Networks + MoCA + TiVos”

How to Turn Off NAT-PMP on Airport Routers from iOS

Credit to Allister Jenks for the Instructions for iOS

Airport routers from Apple have a service turned on by default called NAT-PMP (Network Address Translation Port Mapping Protocol).  This service allows applications and/or devices inside your network to automatically open ports in your router to make them accessible from the Internet.  While this feature does make it easier to set up Internet of Things devices (doorbells, webcams, light bulbs), it makes your network more vulnerable to attack.  

The recent (October 2016) Denial of Service attacks on the Domain Name System that pretty much broke the internet for a half a day were due to devices inside peoples’ networks being commandeered to act on behalf of the bad actors.  In other words, having NAT-PMP enabled on an Airport router (or UPnP on other manufacturer’s routers) allowed these Internet of Things devices to be recruited into a botnet.

If you want to learn more, please see this Wikipedia article: https://en.wikipedia.org/wiki/NAT_Port_Mapping_Protocol

These instructions show you how to turn NAT-PMP off in an Airport Router using the Airport Utility on iOS.  If you want to do it from your Mac, please see this tutorial:

https://www.podfeet.com/blog/tutorials-5/how-to-turn-off-nat-pmp-on-airport-routers/

If you have a Netgear Nighthawk Router, please see this tutorial: https://www.podfeet.com/blog/how-to-turn-off-upnp-on-netgear-nighthawk-routers/

Continue reading “How to Turn Off NAT-PMP on Airport Routers from iOS”

How to Turn Off UPnP on Netgear NIghthawk Routers

Routers from Netgear (and other companies) have a service turned on by default called UPnP (Unplug and Play).  This service allows applications and/or devices inside your network to automatically open ports in your router to make them accessible from the Internet.  While this feature does make it easier to set up Internet of Things devices (doorbells, webcams, light bulbs), it makes your network more vulnerable to attack.  

The recent (October 2016) Denial of Service attacks on the Domain Name System that pretty much broke the internet for a half a day were due to devices inside peoples’ networks being commandeered to act on behalf of the bad actors.  In other words, having NAT-PMP enabled on an Airport router (or UPnP on other manufacturer’s routers) allowed these Internet of Things devices to be recruited into a botnet.

If you want to learn more, please see this Wikipedia article: https://en.wikipedia.org/wiki/NAT_Port_Mapping_Protocol

These instructions show you how to turn off UPnP on Netgear Nighthawk Routers.  If you have an Airport Router, please see this tutorial: https://www.podfeet.com/blog/how-to-turn-off-nat-pmp-on-airport-routers/

Continue reading “How to Turn Off UPnP on Netgear NIghthawk Routers”

How to Turn Off NAT-PMP on Airport Routers from macOS

Airport routers from Apple have a service turned on by default called NAT-PMP (Network Address Translation Port Mapping Protocol).  This service allows applications and/or devices inside your network to automatically open ports in your router to make them accessible from the Internet.  While this feature does make it easier to set up Internet of Things devices (doorbells, webcams, light bulbs), it makes your network more vulnerable to attack.  

The recent (October 2016) Denial of Service attacks on the Domain Name System that pretty much broke the internet for a half a day were due to devices inside peoples’ networks being commandeered to act on behalf of the bad actors.  In other words, having NAT-PMP enabled on an Airport router (or UPnP on other manufacturer’s routers) allowed these Internet of Things devices to be recruited into a botnet.

If you want to learn more, please see this Wikipedia article: https://en.wikipedia.org/wiki/NAT_Port_Mapping_Protocol

These instructions show you how to turn NAT-PMP off in an Airport Router using the Airport Utility which is inside your Applications/Utilities folder.  If you have a Netgear Nighthawk Router, please see this tutorial: https://www.podfeet.com/blog/how-to-turn-off-upnp-on-netgear-nighthawk-routers/

Continue reading “How to Turn Off NAT-PMP on Airport Routers from macOS”

How to Upgrade Apple Airport Firmware

If you see an amber light blinking on your Airport Extreme, it may be an indication that there is a firmware update required.  These quick instructions show you how to find out if there is an update, and how to do the update.

I suspect the process is essentially the same on an Apple Time Capsule router but I don’t have one with which to verify these instructions.

The screens below show the upgrade from Firmware version 7.7.3 to 7.7.7 released in mid-2016. If you’re reading these instructions at a much later date (or are running a different version of the operating system) you may see different Firmware versions, but the instructions should be the same.

Continue reading “How to Upgrade Apple Airport Firmware”

How to Separate (or Combine) 2.4GHz and 5GHz Bands with AirPort Utility

Many modern routers support two frequencies for wireless access, 2.4GHz and 5GHz.  The 5GHz band is much less congested, so if you have devices that support 5GHz you want them on that band. At the same time you probably have older devices that can only do 2.4GHz.  

The Airport Extreme from Apple allows you to choose two ways to configure the bands:

  • With a single name for both bands allowing the devices to find the highest band on which they can work
  • With two distinct names so you can actively choose the band on which you want each device to function

This tutorial walks through how to use AirPort Utility to change these settings. I start with the two bands set to have the same name and show you how to give them unique names.

Continue reading “How to Separate (or Combine) 2.4GHz and 5GHz Bands with AirPort Utility”

Checklist to Limit Data Use on Travel (Updated)

Problem to be solved:

I have a shared data plan between my Mifi and my iPad. Under normal use at home I never go over my 4GB plan (not even close) but about 2 days into a vacation I get a 75% usage warning. I had Katie Floyd of the Mac Power Users Podcast on the NosillaCast Episode #448 to help me figure out the root causes and how to control my usage on travel.  These instructions are the checklist she helped me create to best manage my data. Your mileage my vary but I’m betting at least some of these ideas will help you too.

I updated this checklist in August 2015 to include new items that run automatically that could be the cause of significant data usage. In this post I recommend a tool called TripMode from tripmode.ch to monitor and limit network access by application: Can TripMode Demystify My Massive Network Data Usage?

Continue reading “Checklist to Limit Data Use on Travel (Updated)”

How to Set Up a Mac for Remote Login

What Problem are We Trying to Solve?

If you have a machine that’s got a bad monitor or locked up in some way that you can’t directly control it, you might have some success if you could connect in via the Terminal. In these few quick steps we’ll show you how to set up the target Mac so that you can connect to it over the network using just the Terminal.

Set Up the Target Machine You Want to Control

Set Up the Target Machine You Want to Control

Open System Preferences and click on Sharing.

Click the Lock to Make Changes

Click the Lock to Make Changes

Password

Password

Enter your administrator credentials in the pop up window.

Remote Login

Remote Login

Check the box for remote login. If you want to restrict remote login to a subset of the users of the machine, click on the radio button for Only these users, and then click the Plus button below that window.

Add Users to the Access List

Add Users to the Access List

In this example I’ll add allison and then click Select.

Click the Lock to Prevent Further Changes

Click the Lock to Prevent Further Changes
  1. Click the lock to prevent changes
  2. Note at the top it says the name at which your computer can be accessed – write this down! In my case, the name is Core-i7-4.local and be sure to note that this name is case sensitive

On Another Mac Connect to the First Mac

Open a Terminal and type in ssh followed by the name you recorded for the target Mac.
You will be prompted for your password. In this case I only authorized the account allison, so there’s only one option here.

On Another Mac Connect to the First Mac

You're In!

Note that the prompt has changed to Core-i7-4 so we know I’m logged into the target Mac.

From here you can list files, copy files, move files, whatever you can do in the Terminal if you’d been sitting at the target Mac.

Enjoy!

How to Configure Verizon FiOS Router to Give Network Control to Airport Extreme

Introduction

Bart Busschots of http://bartb.ie helped me figure out this configuration that so many people are requesting. Bart’s diagram shows the end condition. The screenshots in the tutorial are from an Actiontec router supplied by Verizon running firmware version 40.20.7 in 2013.

In this tutorial we’re going to:

  • Turn off Wireless on the Verizon router
  • Change the IP range that the Verizon router serves out to start at 192.168.1.10
  • Enable the DMZ on the Verizon router and set it to 192.168.1.2
  • Set the Airport Extreme to static IP and assign it to 192.168.1.2

This combination of steps will allow the Airport Extreme to control your home network serving out IP addresses, and to execute port forwarding (without having to also do that on the Verizon router).

Introduction

Log into Verizon Router at 192.168.1.1

User Name and password are taped to the side of the router

Log into Verizon Router at 192.168.1.1

Select Wireless Settings

Select Wireless Settings

Under Basic Security Settings Turn Off Wireless on the Verizon Router

Under Basic Security Settings Turn Off Wireless on the Verizon Router

Select Advanced

Select Advanced

Proceed

Proceed

Select IP Address Distribution

Select IP Address Distribution

Select Action next to the Dynamic IP Range

Select Action next to the Dynamic IP Range

Change the Starting IP Address to 192.168.1.10

Change the Starting IP Address to 192.168.1.10

Click on Firewall Settings

Click on Firewall Settings

Proceed

Proceed

Enable DMZ Host IP Address

  1. Click the checkbox
  2. Set DMZ Host IP Address to 192.168.1.2
  3. Click Apply
Enable DMZ Host IP Address

Open AirPort Utility

Click on the image of the router or the name to reveal the Edit button

Open AirPort Utility

Click Edit

Click Edit

Select the Internet Tab

Select the Internet Tab

Set the APE to a Static IP

  1. Select Static for Connect Using
  2. Change the IP address to 192.168.1.2 (as we set up in the DMZ on the Verizon router

don’t click Update just yet

Set the APE to a Static IP

Select Network Tab

And change router Mode to DHCP and NAT and click Update

Select Network Tab

Ignore Double NAT

You will get a warning (a red circle with a number in it) that if clicked will say Double NAT. This can be ignored by clicking on the router, hovering over Double NAT, Clicking and selecting Ignore. You are now free to play about the Internet.

Ignore Double NAT

Posts navigation

1 2
Scroll to top