Help please

[Dave Horsfall]

On Sun, 18 Nov 2018, James Linder wrote:

> My motivation in continuing this thread is that unless macports users 
> are rare in Aussie (how sad that would be) then other macport users are 
> certain to have the magic big T$ modem. (T$ is joke reference to 
> Telstra) I do not use the modem wifi, apple do not play nice with furren 
> AC modems (my tests are 5Mb / sec close to a tp link and 35Mb to an 
> airport using my macbook)

I'm afraid that I can't help further then; the router (it's not a modem, 
although that's a popular term for it) port-forwards SMTP etc to the 
FreeBSD server, everything else is blocked by the router's firewall, and 
"it just works" with the firewall set at "Medium".

> Dave I do not understand your
>> And yes, you *do* need the firewall enabled

if you are running any sort of services on the Mac without some sort of a 
firewall in place to restrict access then you are wide open (and quite 
likely compromised by now).  I use the router's firewall to protect my 
network (and a secondary firewall on the FreeBSD server to protect itself 
further, as it's the only box exposed to the evil Internet).

> Any out going packet will be NAT’d and allowed back
> Any intruding packet will not be NAT’d and dumped by the router.
> There is no pathway from the internet to any of mymachine unless the packet is ESTABLISHED, RELATED

And if you have no firewall whatsoever (which you said you don't) then all 
your ports are visible; you might want to bone up on basic firewall theory 
(and this is the wrong place to discuss it)..

> The best answer that I can find is that if you have and infected machine 
> the firewall prevents it calling other machines.

Only if you restrict outbound connections (which I don't); I'm gaining the 
impression that you don't really understand firewalls....

> Well my network is linux and mac machines only, so I guess that is of 
> little concern

And this is *really* off-topic now; I'm surprised that Ryan & Co haven't 
clamped down...

-- Dave