1 Reply Latest reply: Jul 10, 2014 7:38 PM by BobHarris
BluSky Level 1 (40 points)

Something happened when I lost my DSL connection and it came back up. I could not use my Apple/Mac mail app. on my computer, iPad or iPhone. When I took them to any other WIFI they connected but at home they didn't. I called Verizon to help and they told me that for Apple/Mac mail to work the firewall in their mode/router had to be turned off. I thought I was sure that it had been on before and I never had a problem. Does this make any sense? Does it leave my system open to hackers or others?

  • BobHarris Level 6 (17,709 points)

    As long as the NAT server is still running in the Verizon router, then nothing is getting in, unless you let it.  If you check your Mac's IP address as assigned by the Verizion router, and it is of the form 192.168.x.x, then the NAT server is still running.  System Preferences -> Network -> Advanced -> TCP/IP will tell you what IP address you are using within your home, and when I had a Verizon modem, they used 192.168.x.x IP addresses for devices in the home.


    For all intents and purposes a NAT router is an in-bound firewall.  This is because a NAT server shares a single Internet addressable IP address with all the devices in your home.  The 192.168.x.x IP address are cannot be routed across the internet.  Any system out on the internet can only address your router's IP address, but since this IP address is shared with multiple devices, there is no way the router knowns which of the devices it should send an unsolicited connection request to, so it drops any such request.


    So when a NAT server is running in the home router (and just about every home router has a NAT server), the only way for an outside system to make a connection to your Mac, is for your Mac to start the connection, or to tell the router that it is expecting a connection on port nnnnn.  And by default Mac OS X does NOT start any services that would tell the router to listen for a connection.


    And when Mac OS X does ask the router to listen, Mac OS X tends to require the connection have the correct connection credentials.  For example Back-to-My-Mac iCloud service.


    With respect to Mail, Mail makes the connection request to the server.  The Mail server does not connect to the Mac.


    So, feel free to disable the firewall in the Verizon router, and then check to make sure you have a non-routing IP address and you are good.


    Non-routine IP addresses are <http://en.wikipedia.org/wiki/Private_network>:



    172.16.x.x, 172.17.x.x, 172.18.x.x   ...   172.31.x.x


    If your Mac has any of these, then a NAT server is between you and the internet.