Internet Sharing in OS 10.2
Internet Sharing is Apple's implementation of Network Address Translation (NAT). NAT is a method for connecting multiple computers to the Internet (or any other IP network) using one IP address. This allows home users and small businesses to connect multiple computers to the Internet cheaply and efficiently.
Unfortunately, Stanford cannot be classified as a home or small business and NAT on the network can be quite a nuisance primarily because interactions involving various Kerberos components and NAT can lead to security problems.
Essentially a NAT server is a DHCP server that is providing dynamic addressing in a specific private address space. These are usually in the address range of 10.1.0.X or 192.168.X.X. The presence of a DHCP server of this type will be in conflict with the Stanford DHCP system currently in operation. That conflict can be as simple as reducing or eliminating the NAT addressee's ability to access services (email, web, etc.) to as serious as compromising the NAT provider's login credentials resulting in access by unauthorized users to those services. In other words, anyone getting a NAT IP address from your system may have access to your email.
Mac OSX.2 provides this feature for users not on networks that already provide DHCP services. But their implementation can be confusing. The term Internet Sharing causes many to assume this means file sharing. It does not. File sharing is accessed elsewhere in System Preferences.
To identify the Internet Sharing setup utility, open System Preferences. Once System Preferences is open, click on the Sharing icon.
Click on the Internet tab.
If you are looking for File Sharing you will find it under the Services tab
By default, Internet Sharing is not active on OSX.2 systems out of the box. Someone with administrator privileges must manually enable Internet Sharing.
Locate the checkbox towards the bottom of the window and read the text.
It is very easy to confuse this text with file sharing, but it has nothing to do with that.
If you click the radio button you will see the warning dialogue window appear.
In this case, Stanford is your ISP and you will be disconnected.
If you click the OK button, you will return to the Sharing window with the Share checkbox enabled.
Notice that Internet Sharing has not yet been activated. The Start button has been enabled. The text next to the Start button gives a much better description of exactly what you are about to do. In this case, "primary connection" means your IP address.
Clicking the Start button will initiate the NAT server on your system and begin a chain reaction of events that will result in the computing gods raining fire and brimstone down on your head from the heavens.
We encourage you not to take advantage of this feature. It is not designed for Stanford's computing environment and at the very least is disruptive and potentially a serious security problem.
The language in this document has been intentionally strong in order to convey the seriousness with which this problem is viewed. If you are unsure of what you are doing then stop and seek competent help.
For additional information or help this issue, contact your departmental computer support person or contact the IT Services Helpdesk by calling 5-HELP or submitting a service request at: http://helpsu.stanford.edu.
