Apple OSX Server Firewall

My Apple OSX server (Mountain Lion) at home is the centre of my network and entertainment system. It provides provides the following services:

Since several (soft-, and hardware) upgrades and redesigns of my internal network (from a single VLAN to a multi-VLAN with firewall services and traffic inspection) several services failed under certain circumstances. E.g. Air-Video would work internally where the client was in the same network as the OSX server network interface. But trying to connect through the SSL VPN stopped working for some reason. Also, the VNC Viewer did work in the old days, but stopped working over time. Same for several static NAT entries; worked before, and stopped working without 'no reason'. Other services like ssh did work in the old and new network design....

Posted on September 3, 2014 and filed under Annoying, Apple, Security.

Apple OSX DHCP Server Challenges

The last week, I've been experimenting with the Juniper Mobility System Software (MSS) in conjunction with two Juniper/Trapeze Access Points (type WLA522E). The MSS software is a Wireless LAN Controller (WLC) with manages the Access Points, and like so many Juniper Product; it can run in a virtual machine.

For the AP's to boot / connect to the network they need some basic information about where to find the WLC from which they receive their wireless settings. This can be done through DNS, or through DHCP. The first uses specific DNS records, and the latter uses DHCP Options (option 43 to be precise). I wanted to use the latter (which is a bit more challenging).

Posted on August 25, 2014 and filed under Annoying, Apple, Tips'n Tricks.

Juniper Unified Access Control With Junos Pulse

This blog post hold the key ingredients for successfully authenticating on layer 2 (802.1x or dot1x) and layer 3 with:

General Information

The setup consists of four networks (VLAN's) and Internet access. Inter-VLAN communication is handled by a Juniper SRX210. The four VLAN's are:

  • Untrust (VLAN 20)
    The Internet
  • Trust (VLAN 10 - 192.168.1.0/24)
    This VLAN hosts the UAC, Active Directory, DNS and DHCP services
  • Production (VLAN 100 - 192.168.100.0/24)
    Network where the normal workstations are placed
  • Quarantine (VLAN 200 - 192.168.200.0/24)
    This is where the naughty people/PC's are dropped

When a PC is placed in Quarantine, it looses all access to the Internet, but can still resolve domain names, access minimal internal services like the DHCP server and the UAC.

The components on the network are:

  • Domain Controller + DNS Server - 192.168.1.10
  • DHCP Server - 192.168.1.1
  • UAC - 192.168.1.11
  • Gateway(s) - .254
Posted on August 5, 2014 and filed under Security, Tips'n Tricks.