O'Reilly logo

Mac® Security Bible by Joe Kissell

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

15.3. Using Port Forwarding

Suppose you want to use one of the Macs on your local network as a web server. No problem: Just turn on Web Sharing. But if your Mac is behind a router that uses NAT (as is the case for most home and small-business networks), you might have a problem. Other Macs on your network can see your web server, but Macs on the outside can't! That's fine for an intranet server but not what you want if you were hoping to share your site with the world. This problem is a consequence of the way NAT hides all the computers on your local network and prevents incoming requests from reaching them. A computer outside your network can contact only your router — that's the only IP address exposed to the public. Although someone might try to contact that IP address and request a web page, the router isn't the device running the server, so it wouldn't be able to reply.

If your ISP offers static IP addresses, you can assign such an address to one of your Macs, thus removing the Mac from the NAT-based private network. However, this isn't always feasible or desirable. Perhaps you don't want the expense of a static IP address or perhaps you enjoy the security that NAT provides — and yet, you still want one of your Macs to be reachable, at least in a limited way, from the outside. A better solution is port forwarding. Port forwarding means that your router takes all incoming requests on a certain port (such as port 80, used by the web) and redirects those requests to the port ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required