You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: frankwil
frankwil Author
User level: Level 1
7 points

Help With NAT Firewall Settings

Was wondering about what to set the default host as. Would it be my computer or the Airport Extreme itself? The AEXt is connected to Motorola surfboard cable modem then broadcasts wirelessly to my iMac.

Thanks in advance.

iMac Core Duo, Mac OS X (10.6.4)

Posted on Oct 12, 2010 2:02 AM

Reply
6 replies
User profile for user: Tesserax
Tesserax
User level: Level 10
152,260 points

Oct 12, 2010 9:59 AM in response to frankwil

"Default Host" is Apple's term for a DMZ. As you are already aware, you would use this feature if you needed to bypass the router's firewall for a host device on the local network.

For the 802.11n AirPort Extreme Base Station (AEBSn), you would enter the IP address of the device that you want in the DMZ in the "Enable default host at" entry on the NAT tab with the AirPort Utility.
Reply
User profile for user: Tesserax
Tesserax
User level: Level 10
152,260 points

Oct 12, 2010 10:02 AM in response to frankwil

I guess my real question is how to set up the NAT firewall. Is that automatically done when you select "Share a public address" under DHCP or do you have to configure something under the NAT tab in airport utility?


In its default configuration, the AEBSn's NAT firewall is enabled. Think of the Connection Sharing option as a software switch, with the following settings affecting both the NAT & DHCP services provided by the router:

o Share a public IP address: Both NAT & DHCP are enabled
o Distribute a range of IP addresses: NAT is disabled; DHCP is enabled
o Off (Bridge Mode): Both NAT & DHCP are disabled.
Reply
User profile for user: frankwil
frankwil Author
User level: Level 1
7 points

Oct 12, 2010 11:56 AM in response to Tesserax

Thanks for your response. What I need to know is if I can set the default host to the IP of the Airport Extreme itself, and would this open all ports to the router? Another question is that when I set up port forwarding to a device on the network, does the IP address for that device need to be outside the DHCP range set up for my network?
Reply
User profile for user: Tesserax
Tesserax
User level: Level 10
152,260 points

Oct 12, 2010 1:57 PM in response to frankwil

What I need to know is if I can set the default host to the IP of the Airport Extreme itself, and would this open all ports to the router?


To open all the Extreme's ports, you would need to configure it as a bridge. This would disable its NAT firewall. Again, if you only want a single device on your network to be exposed to the Internet, that is when you would use the Default Host option.

Entering the WAN-side IP address in the Default Host field would not work for what you are trying to do.

Another question is that when I set up port forwarding to a device on the network, does the IP address for that device need to be outside the DHCP range set up for my network?


Ideally, yes. It should be on the same subnet but outside the DHCP range to prevent any IP address conflicts. Even better, you could take advantage of the DHCP Reservation feature within the AirPort Utility to "permanently" assign an IP address from the DHCP pool to a particular device. This would "remove" this address from the pool distributed to other network clients ... and basically have the same effect.
Reply

Help With NAT Firewall Settings

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up