1

I will build 2 Wi-Fi networks on a server ( a projected Mac mini to buy ) with the following key functions:

  • server directly connected to the Internet ( through the 1 Gbit/s ethernet ),
  • with advanced firewalling based on PF and scripts to sustain ~20 stealth attacks a day ( this is my work ),
  • hosting an MX ( postfix ), a squid, and a file server ( toward the 1st internal net ),
  • one 1st internal Wi-Fi ( 802.11ac ) dedicated to other Macs and iPhones with static IPs allocated through NAT & DHCP,
  • a 2nd internal Wi-Fi ( 802.11b ) dedicated to IP connected home devices with static IPs allocated through NAT & DHCP.

I would like to check if a Mac mini would be able to build this Y shaped network architecture. And that I could extend it with next internal Wi-Fi network.

I would be interested by real experience return on running an USB Wi-Fi key on a Mac mini. More precisely:

  • which USB Wi-Fi key is compatible with MacOS on last Mac mini?
  • is MacOS able to start Internet sharing on 2 ≠ Wi-Fi interfaces, with a different NAT + DHCP config?

Apple wasn't able to answer to this 2 network questions ( I tested ≠ geniuses with failure ).

dan
  • 12,177
  • 8
  • 58
  • 136
  • 1
    What exactly is your goal here? The short answer is “yes,” you can do all of this, but why does the server need to host the WiFi networks? There are Access Points that have the ability to broadcast multiple SSIDs and bind them to VLANS that that your Mac can work with. Turning your Mac into a dedicated multi-homed router is far from an ideal setup. – Allan Dec 29 '22 at 17:18
  • ALso make the dedicated one an ethernet link – mmmmmm Dec 29 '22 at 17:24
  • 1
    See this answer for details. Some Ubiquiti APs have DHCP built in. You just need a router with VLAN capability. You can build an enterprise grade firewall with pfSense (same firewall on macOS, BTW) and a cheap throwaway PC. It will handle your DHCP, DNS, routing and more for you for next to nothing. – Allan Dec 29 '22 at 18:45
  • @Allan I appreciate your well informed return. Is it possible with pfSense to build scripts ( shell ) to block DDOS or stealth attacks? On my actual Mac I compute IP addresses tables and inject them within a PF table every hour. I think I achieved a kind of war grade firewall. I sustained a DDOS better than a Palo Alto for many days without crash. – dan Jan 01 '23 at 13:51
  • 1
    Yes, it’s a FreeBSD system after all. pfSense has plugins for doing the same thing. – Allan Jan 01 '23 at 14:22
  • Of the more than 20 OSes I worked on, FreeBSD is the one I trust the most. MacOS is a FreeBSD with too thick a golden jail. I will have a look at your suggested path. – dan Jan 01 '23 at 14:41

0 Answers0