macrabbit

First remark

My work to turn a Mac mini into a wireless router is still an ongoing project. It's not finished yet. My findings below might interest you anyhow. My Mac mini (Core Solo) runs Mac OS X 10.4.7, build 8J2135.

Intro

I bought my AirPort Base Station (Graphite) back in 2000. This piece of Apple HW ran for about 6 years now without any issue. It connected seemlessly several generations of Apple portable computers (Macintosh PowerBook 3400c with WiFi PC card, PowerBook G4, MacBook Pro 15") to the internet. Of course Windows based notebooks could connect to my base station as well, all WEP enabled! BUT still 802.11b.

Now it's time for the faster 802.11g. I could have bought the AirPort Extreme Base Station or another 802.11g device on the market. But I was looking for an open platform able to function as router, wireless base station, file server, captive portal, web server and generally open for future enhancements - all together on ONE platform, packed in a small form factor and of course nicely designed. Seemed like mission impossible. I investigated the option to build something like that on my own (based on the nanoITX). I added up all components I needed (nanoITX, picoPSU, DDR SODIMM RAM, SATA HDD, miniPCI wireless, case) and found that the Mac mini is less expensive!

Connection to the Internet

In my network today, the DSL device (Alcatel SpeedTouch Pro with Firewall) runs as router/NAT/DHCP/DNS and the AirPort as bridge. With the Mac mini, the planned network layout is as follows: The DSL device is configured as bridge and the Mac mini is the router/NAT/DHCP/DNS.

Before enabling all the NAT/DHCP/DNS stuff, The Mac mini needs an Internet connection. First, I reconfigured my DSL box from router- to bridge-mode; you may skip this step in your environment. On the Mac mini in System Preferences -> Network -> PPPoE I enabled Connect using PPPoE and entered my ISP's Account Name and Password. Mac mini was connected to the Internet. Looking for SW updates would be good idea now.

Mac mini as wireless router

The main functionality of this project is that the Mac mini is connected to the internet via built-in Ethernet and shares that internet connection wirelessly. To share your internet connection, open System Preferences -> Sharing -> Internet. Select Share your connection from: Built-in Ethernet and under To computers using: tick the option AirPort.

Click on AirPort Options.... Under Network Name: enter a name (SSID) you want your wireless network to have (e.g. MacMiniNet), set Channel: to Automatic. [side remark: If you want to choose a channel manually please only use the channels 1, 6 or 11 (in the US) or 1, 5, 9 or 13 (in Europe). When all people would follow this rule, the overall throughput of the open 2 GHz band is maximized]. Leave WEP encryption DISABLED for a minute. We'll cover WEP in a separat paragraph. Click OK. Back in the Sharing panel click the Start button.

The Mac mini transforms into a base station; the AirPort icon in the menu bar is greyed and an arrow pointing up is drawn on top. You should now be able to see that new wireless network "MacMiniNet" on a wireless-enabled computer nearby. When I connect to the wireless network "MacMiniNet", my laptop automatically gets an IP address and I could browse the network.

Under the hood: Mac starts a DHCP server (/usr/libexec/bootpd), a domain name server (/usr/sbin/named with config file /etc/com.apple.named.conf.proxy, /etc/named.conf is not used) and a NAT (/usr/sbin/natd)

WEP key

To activate WEP encryption - compatible with Macs AND PCs - took me some time :-( Follow these steps:

  1. On the Mac mini, open the AirPort Options panel (System Preferences -> Sharing -> Internet. Deactivate the Sharing and click on AirPort Options...)
  2. tick Enable encryption (using WEP)
  3. In the Password field you can enter three different formats:
    • an arbitrary string, e.g. please let me in
    • double-quotes + 5 or 13 characters + double-quotes, e.g. "apple"
    • dollar-sign + 10 or 26 hex digits, e.g. $5544332211
    Only the last two formats can be used for compatibility with non-Apple computers. For this description, I will use the password "apple" (including the double-quotes).
  4. Reenter the same 7 characters in the field Confirm password:
  5. Click OK
  6. Start Internet Sharing
  7. Choose Restart... in the Apple menu! (this step seems to be important)

After these steps, WEP encryption is enabled on the Mac mini. Now to the client side.

On a MacOS based computer, select the AirPort network "MacMiniNet" (or whatever name you gave to your network). Select WEP 40/128-bit ASCII and enter the chosen five letter password without double-quotes. Your computer will connect to the Mac mini.

On a Windows XP (SP2) based computer, right-click on the wireless connection in the system tray. Choose View Available Wireless Networks. The panel Wireless Network Connection similar to the following image will appear (I've got a german version of XP!):

As you can see, currently the computer is connected to the wireless network "StraubeNet (chan 4)", and our network "MacMiniNet" shows up. The little yellow lock indicates "its WEP enabled". Click on Change advanced settings on the left. The Wireless Network Connection Properties windows pops up:

Click on the Wireless Networks tab.

If in the list Preferred networks: the SSID (MacMiniNet) appears - as in my case - select it and click the Properties button. If it's not in the list click the Add... button. Either action activate the panel Wireless network properties:

On this panel

  • under Network name (SSID): fill in the SSID if not already filled in
  • Set Network Authentication: to shared (instead of open)
  • as Data encryption choose WEP
  • disable the option in the bottom The key is provided for me automatically
  • in the field Network key: enter the five letter WEP password you choose on your Mac mini but without double-quotes. Re-enter it in Confirm network key:.
  • Leave the Key index (advanced): set to 1

In the Authentication tab untick the option IEEE 802.1X. After OKing all open panels and windows, your computer will connect to the Mac mini with WEP enabled. Here the picture as proof :-)

Firewall

Next we have to activate a firewall, as the Mac mini should not be exposed to the Internet without a shield. Open System Preferences -> Sharing -> Firewall and click on Start. To still allow the connected computers to surf on the internet Personal Web Sharing must be activated. Open System Preferences -> Sharing -> Services and activate the service Personal Web Sharing. [tech info: Apple's ipfw rules don't distinguish Intranet and Internet. I have to fix that. Instructions tba!!]

VNC

All the previous steps, I configured locally at the Mac mini via an USB keyboard and mouse and a monitor connected via DVI. As I intend to run the Mac mini as a standalone router, I need some kind of remote management possibilities; I would then be able to unplug the keyboard, the mouse and monitor and control the Mac mini wirelessly via connected laptops. Fortunately all you need to do that comes bundle in Mac OS X 10.4.7. The feature you have to enable is called "Apple Remote Desktop". In System Preferences -> Sharing -> Services and start the service Apple Remote Desktop. The panel Access Privileges... opens. The only option you have to turn on in this panel is VNC viewers may control screen with password: and enter a password. Click OK. Under the hood, Mac OS starts - among other things - a VNC server (AppleVNCServer in /System/Library/CoreServices/RemoteManage ment/AppleVNCServer.bundle). If you are not happy with it, feel free to install OSXvnc

There are mainly two different "flavours" of firewalls in 10.4.7: The firewall rule defined by Apple for Apple Remote Desktop does include the VNC port 5900 or it doesn't :-(Go to System Preferences -> Sharing -> Firewall, double-click the rule Apple Remote Desktop. If the displayed text mentions the port 5900 you're done. If only port 3238 is mentioned, you have to open the VNC port manually: Click New..., in the drop-down menu select VNC and click OK. That's it.

To connect to that VNC server, you need a VNC client. On a MacOS machine, I use Chicken of VNC and on Windows based machine, I use RealVNC (VNC Free Edition Viewer for Windows).

tba: mention chosen options if defaults don't work

Bluetooth mouse and keyboard

By default, the Mac mini is configured to automatically search for and attach to bluetooth input devices if you start it without having an USB mouse and keyboard plugged in. Generally, a clever idea. As I want to run my Mac mini as a standalone device, I disabled that function by opening System Preferences -> Bluetooth and unticked the field Open Bluetooth Setup Assistant at startup when no input device is present. By the way, I turned off Bluetooth at all.