05 Apr 2023

If you have more than one computer, you will want to set up a little network. Buy a router, a box that connects downstream of your cable or DSL modem, and that lets you connect several computers to it. For example, the Linksys BEFSR41, about $40, or a wireless/wired router (Some cable suppliers like Xfinity will rent you a combination modem and router, or you can buy your own.) A router allows you to share the Internet Service Provider (ISP) connection with multiple computers, and also allows computers on your home network to communicate and share files with each other.

This diagram shows a network with several types of computer. The local computers are connected to the routher by Ethernet cables or wireless (Wi-Fi). Wired connections are faster, less subject to interference, and less vulnerable to security attack. I use both at home.

(Apple used to make the AirPort Extreme ($100-180) Wi-Fi router. Apple's Time Capsule did the same thing and also had a hard drive in it for file backup.... Apple doesn't sell these devices any more, as of Nov 2016.)

For advanced information on home networking, you can read Glenn Fleishman's "Take Control of Wi-Fi Networking and Security".

Configuring Your Router

Your router should be configured as a DHCP Server. That is, it makes up local Internet Protocol addresses for each device on your local network, and sends all devices' outgoing packets out over the your external Internet Protocol address. When a response packet comes back, the router matches up the packet sender with that of a previous request, and forwards the response to the IP address of the local machine that is expecting it. Unsolicited messages are dropped, protecting your local computers from a lot of attacks.

(By the way, do not configure your Wi-Fi router to hide the network name (SSID). This actually decreases security. Make up a random string for the name.)

A network route cannot transmit data faster than the speed provided by its slowest component. If you upgrade your cable susbscription to 800 GB/s, but your router can only handle 200MB/s, you won't get full speed. Similarly, if you try to do gigbit Ethernet communication through a hub or cable that can only handle 10MB Ethernet, you won't get full speed. (Hint: your cables should be marked "CAT 5e" or "CAT 6".)

You can purchase a Network Attached Storage box containing disk drives and attach it to your network, and store files there. This can be very handy for doing backup.

Security

There have been recent reports of security problems with home routers. Some routers have "back doors" built into them; others can be hijacked if you visit a malicious web page.

• Set a good password on your wireless network.
• Be sure you have a strong administrator password on your router; don't use the factory default.
• Set the DNS servers on your Mac, for both Ethernet and Wi-Fi, to a public DNS (like OpenDNS) instead of using the default supplied by your ISP.
  • OpenDNS: 208.67.222, 208.67.220
  • Google public DNS: 8.8.8.8, 8.8.4.4
• Search the Web for information on your router: update its firmware to be safe.

If you are really interested in securing your network, read https://lifehacker.com/how-to-tap-your-network-and-see-everything-that-happens-1649292940

Apple AirPort and Time Capsule Configuration

(Apple doesn't sell these devices any more.. but I still use mine every day.) Your AirPort or Time Capsule has an administrator name and a password that lets you configure it. Pick a long password.. you won't be giving it often. Uncheck "allow setup over WAN." I didn't enable "Back To My Mac," back when Apple supported it. The "Internet" tab specifies how your router connects to the rest of the world. This depends on your Internet connection. I set mine to "DHCP." The "wireless" tab specifies how your router supports Wi-Fi. Choose "WPA2 Personal" for encryption, and pick a random network name and a strong password. You can also create a "guest network" for visitors to your premises: they won't be able to see your computers or printers. The "Network" tab says what kind of network your router provides to Wi-Fi devices. Mine is set to "DHCP and NAT."

IPV6

Your router may have an option to enable IPV6. (This is a more advanced network address format, that will become widespread in the future.) My Time Capsule has three possible settings: Link-local, Node, and Tunnel. If you select Link-local, then your computers inside your home can talk to each other using IPV6, but nobody from outside can use IPV6 to access them. This is good: it is how mine is set up. You will be able to access sites on the Internet, no matter what kind of address they use. If you select Node or Tunnel, and don't block incoming IPV6 elsewhere, then your computers can be seen and attacked from distant machines.

Hubs and Cables

If you need to connect more computers or devices to your network than there are ports on your router, use an Ethernet hub. Modern Macintoshes can send data very fast, at Gigabit Ethernet speeds, if both ends of the channel can handle this speed. If you buy a router or hub, make sure it supports Gigabit, or 1000base-T, speed. When you are buying Ethernet cables, choose "cat 5e", "cat 6", or "cat 6A" cables to make sure you get full speed.

Printers

Printers can be connected

1. To your home network, by an ethernet cable, if your printer is "network enabled."
2. To your home wireless network, by Wi-Fi, if the printer is "Wi-Fi enabled."
3. To a single computer, by a USB cable. (Your computer could then use Print Sharing to let other network computers use it. I haven't tried this.)
4. To your Wi-Fi router, by a USB cable (I haven't tried this).

To use a printer on your home network and print to it from all your local computers (1 or 2 above), it needs a print server. I have a Brother HL-4150CDN printer, and the "N" means it has a built-in print server and can be connected to a network.

Wireless Networking

To connect your computer to the Internet using Wi-Fi,

• Your computer needs Wi-Fi hardware and software
• Your computer connects to an account at a router, or "access point."

If you check into a hotel, they give you the network name of their router and instructions on logging in. Some cities provide "municipal wifi" to residents. Some phone and cable companies have routers in their area shared among their customers. These shared routers are great for occasional use, but can slow down if a lot of people try to use them.

Many people buy or rent a Wi-Fi router for their own household, and connect their computers wirelessly to accounts on their router. Be aware of the security implications: configure your router to require a name and password, and use WPA2 or WPA3 encryption.

Understand that Wi-Fi speeds are routinely overstated. Wi-Fi is also subject to interference from other radio devices.

Wi-Fi Standards and Speed

Wi-Fi works because it uses little radios in the base station and the endpoint device. These radios have to be on the same frequency and use the same communications and security protocols. So an older Mac might support "802.11 a/b/g/n" where 802.11 is the Wi-Fi protocol and the letters identify different frequency and communications protocol suites. (If an older device talks to a newer one, they will use the fastest suite they have in common. So replacing an old router with a new one may not make communication with an older computer any faster.) Here is my understanding of Wi-Fi protocols and maximum speeds:

2000

Name	Protocol	MB/s	bands	notes
Wifi 4	802.11 a	54	5 GHz	1999
Wifi 4	802.11 b	11	2.4/5 GHz
Wifi 4	802.11 g	54	2.4/5 GHz	2003
Wifi 4	802.11 n	300	2.4/5 GHz	2007 AirPort Express
Wifi 5	802.11 ac	1200	5 GHz	2013+ Macs, iPhones
Wifi 6	802.11 ax	9600	2.4/5 GHz	2020+ Macs
Wifi 6E	802.11 ax	9600	6 GHz	no Macs yet

Connecting Your Mac to a Wi-Fi Network

Once your router is set up, you can connect multiple computers, phones, and tablets to the network. To connect a Mac, do this:

1. If Wi-Fi is off, click the Wi-Fi icon in the menubar and click the slider to ON.
   
2. If a known network you have used before is available, the Wi-Fi software will connect to it. Otherwise, click on the name of the network you want to connect to.
   
3. If you are reconecting to a previous netowork, you won't have to give a password. Otherwise select the security method (should be WPA2 or WPA3 Personal), enter the password, and click "Join."

Configuring Sharing on Your Mac

Other users on your network can use files on your Mac if you enable file sharing. To set the network name for your computer, update  ► System Settings... ► General ► About ► Name.

Select  ► System Settings... ► General ► Sharing to open the Sharing control panel. You can enable several aspects of sharing: File Sharing allows users from other other computers to access files on your machine. Screen Sharing allows users from other computers to see your screen and move your mouse. Click the ⓘ icon to get a contol panel that says who can do what. You only have to enable sharing once, and it will remain enabled till you turn it off, even if you restart the Mac. Do not enable features unless you understand their security implications.

File Sharing Between Macs On Your Network

This section has not been updated to macOS Ventura yet.

In order to access files on another Mac, call it Al, on your network, enable sharing on Fred as described above. Open a Finder window. Navigate it to the folder containing your local files, or where you want to put files you copy. Open a second Finder window with ⌘N: you will use it to view a folder on the remote computer. In the left sidebar you will see a heading SHARED, and under that the name of the remote computer, e.g. Al. Click on it.

On the first visit, the Finder will ask you for a password. Give the name and password of the computer's owner and check remember this in my keychain.

If you don't see the remote computer you want to share files with, type ⌘K in the finder, and enter afp://machinename.local/.

Now you should have a list of folders you can open on the remote computer.

Double click on the folder you want and navigate around as usual. When you drag file or folder icons between the two finder windows, they will be copied from one computer to the other.

When you are done sharing files between computers you can click the little eject button (⏏) next to the remote computer's name in the Finder side bar, to disconnect. If you don't do this, you will get a warning dialogue when the remote computer reboots, and files could be damaged.

Screen Sharing Between Macs

If you click Share Screen when you open up a remote Mac in the Finder, and if you have allowed screen sharing in its  ► System Settings... ► General ► Sharing, then the Screen Sharing application will launch on your computer, showing the screen of the remote computer. You can drive the cursor and send mouse clicks to the remote computer, and type into its applications. This can be very valuable for configuring remote computers, recovering from bad video settings, and assisting other Mac users.

Screen sharing like this can be done across Messages to view and control a remote Mac anywhere, which can be very useful for remote support of friends and relatives.

I tried screen sharing with a Fedora Linux computer, and it popped up a dialog box asking permission, but then nothing happened.. need to debug this someday.

Networking with Windows Computers

You can do some file sharing from your Mac's finder to Windows computers on your home network. Haven't tried this in a long time. A simpler alternative is to install Dropbox on both Mac and Windows.

Accessing Linux and Unix with ssh, scp, and rsync

(For advanced users.)

I often use Terminal shell commands scp, rsync, and ssh to access files on Linux and Unix computers on my network (and elsewhere on the Internet). These are commands that come with every Mac (install the free Xcode developer tools). These commands will also work for Mac to Mac (since Mac OS X is based on FreeBSD Unix).

See Programming for a description of how I set up macOS as a developer's tool.

The version of rsync shipped with macOS is usually not the latest. If you do lots of work between your Mac and Unix/Linux machines, you should install tools from Homebrew.

Setting up SSH keys

These commands will keep asking for the password of an account on the remote system, which gets tedious. You can arrange things so that you only have to give a password once.

• Use Terminal command ssh-keygen -t rsa to generate a key pair. It will ask where to store the key pair and a new passphrase to secure it.
• Use scp to copy the public part of the key to the remote computer. On the remote computer, concatenate the public key onto .ssh/authorized_keys (access on authorized_keys must be 600 and on .ssh, 700).
• On the local computer, use ssh-add to load each private key into ssh-agent so that you are only asked for passwords once per login. (OS X starts ssh-agent when needed.) Set up your .bash_profile to load a standard set of keys whenever a Terminal shell is opened.
• You can use scp on the local computer to copy files to or from the remote computer, without giving a password each time.
• You can use rsync on the local computer to copy whole subtrees to the remote computer, syncing directories on the two computers one-way or two-way.
• You can also set up git on the remote computer so it can be accessed over ssh.

For example, I do this command to sync my home directory from my laptop to another computer (all on one line):

rsync -avzu --blocking-io -e "ssh" --exclude .Trash --exclude Cache/ /Users/thvv $user@$host:/Users

where $user and $host are shell variables set by the export command.