User profile for user: jnfuller
jnfuller Author
User level: Level 1
0 points

Can't connect to cvs, rsync or ssl over wifi shared from iMac to MBP

I've got an iMac physically connected to my ISP and sharing ethernet over WiFi to my MacBook Pro using a 128-bit key. Whenever I try to use rsync, cvs or ssl over the WiFi conection the MBP is always unable to connect. I can surf the web and SSH to remote clients outside the network no problem. What I am trying to actually do is selfupdate fink and also use Mail.app to check my gmail account. Should I be doing some sort of port forwarding on the iMac to allow the secure connections to the outside world? How would I go about doing this? When I physically connect my MBP to the ISP using a hub rsync, cvs and ssl work just fine. It's only when I try to use the WiFi to connect that I have an issue. I also can't use Google Chat using Adium over the wireless and I think this must all be related. Any ideas?

20in intel iMac and 15 in intel MacBook Pro, Mac OS X (10.4.8)

Posted on Jan 29, 2007 10:51 PM

Reply
4 replies
User profile for user: Pentax Vanguard
Pentax Vanguard
User level: Level 2
220 points

Jan 30, 2007 11:11 AM in response to jnfuller

I'm not too sure about how exactly to fix this, but if you go into the Network System Preferences for both the MBP (to confiugre how its firewall is set up) and the iMac (to configure how exactly it is sharing its internet connection) you should be able to fix this. You sound better versed in knowing what to change, it just appears you can't find it to change it. But even so, please be careful in how you change those configurations so that you don't end up leaving either of your computers open to attack.

Please come back and let us know how it goes or if you have any further questions.
Reply
User profile for user: jnfuller
jnfuller Author
User level: Level 1
0 points

Jan 30, 2007 2:45 PM in response to Pentax Vanguard

I'm not too sure about how exactly to fix this, but
if you go into the Network System Preferences for
both the MBP (to confiugre how its firewall is set
up) and the iMac (to configure how exactly it is
sharing its internet connection) you should be able
to fix this. You sound better versed in knowing what
to change, it just appears you can't find it to
change it. But even so, please be careful in how you
change those configurations so that you don't end up
leaving either of your computers open to attack.


My firewalls are actually set correctly, even to the point of ensuring that the proper ports are opened on each box in ipfw. Since the iMac serves nat addresses to the MBP I'm thinking the NAT is the problem as I see rsync go off into oblivion in wireshark on the MBP and never see it passed to the iMac when I sniff.

Sustainable Softworks(
http://www.sustworks.com/site/prodgnatoverview.html) seems to have a product that may fit my needs without needing to futz around with natd and ipfw. I will try it out as soon as I have a chance and report back here.
Reply
User profile for user: Joeski
Joeski
User level: Level 3
647 points

Jan 30, 2007 3:28 PM in response to jnfuller

It does look like it's related to the way NAT is being served from the iMac. What version of X are you running on the iMac?

I would be interested to see how your MBP responds if you take wireless out of the equation.... do you have a wired port to connect your MBP while still getting your shared internet connect from the iMac?

Try sharing internet connect through MBP and testing adium, google mail on the NAT'ed iMac.

Probably not the solution, but have you tried shutting off the firewall on both macs?
Reply
User profile for user: jnfuller
jnfuller Author
User level: Level 1
0 points

Feb 3, 2007 12:39 PM in response to Joeski

10.4.8 on both machines. I hooked up a hub the other day and set up a wired network. When the MBP is connected directly to the network there is no problem at all.

Shared WiFi? No. Direct networking? Yes. That meant it wasn't a local firewaill issue, but a remote. This got me to thinking about what the problem actually might be. I'd sooner die than turn off the firewall completely on either mac but I'd be perfectly happy opening distinct ports one at a time to the outside world to test the connections.

So, I fired up terminal on the iMac and looked at the ipfw rules again with a pad and paper drawing out the holes in the wall. Just nonforwarded domains and ports opened to the outside world for a few services. Inbound? Not so much. Locked down like a safe. Looks like I'm too secure for my own good. I've blocked myself from accessing myself from the outside world and that world includes my MBP.

When you share an internet connection over a mac you have to poke holes in the firewall for the systems that are being clients in the network to be able to use certain services. Fixing this problem was as simple as opening up the firewall on the "server" to accept cvs and rsync ports as incoming connections.

No nat, no port forwarding, no futzing around. It just works. I was trying to make things too unix-ified in my solution. All I needed to do was change a setting in the GUI. The fix for the SSL issue with Gmail should be the same.

To make the solution more secure, I'll probably use ipfw to only open the connections on the client facing side of the network. Right now, those ports are wide open to the internet on the "server" but there are no services running so it's not a big issue.

So, thanks Joeski... You kicked my thinking off in the right direction wih your firewall sugesion.
Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Can't connect to cvs, rsync or ssl over wifi shared from iMac to MBP

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up