Software is Crap

Mac OS X and networking


I have a shiny new 15″ MacBook Pro, my first Mac. It’s a great laptop and I only have one major complaint, hardware wise: Only a single button for the trackpad?!! Oh well, I’m going to be plugging in a proper mouse soon anyway. The real issues I’ve been having are with the OS software.

I have a small network connected via a combined ADSL modem/4-port router. I run the router in a mode called “half-bridge” which essentially means that the router forwards all traffic coming up the ADSL link onto the LAN directly, without modification other than de-encapsulating the packets from the PPP link. My NAT server (running linux) therefore listens for incoming traffic on the WAN address as well as its own LAN address. The router must also pick up packets destined for the WAN and forwards them on down the ADSL (PPP) link. Naturally the NAT machine is the only machine that sends packets destined for the WAN: all the other machines on the LAN use the NAT box as a gateway; this allows NATting and traffic regulation etc.

If you already know what the problem is that I’m about to describe, I think you’re doing pretty well.

I plugged my MacBook into the network and started to configure it. I was immediately told that a certain IP address was in use by a certain ethernet address; The IP address was a LAN address (which definitely was not in use) and I gathered that the Mac had obtained it from the NAT box (which also has a dhcp server running). Changing to a statically assigned IP did not help however.

At this point, a little more about half-bridge mode works. On an ethernet network with IP traffic, a machine wishing to send packets must know not only the destination IP address but also the corresponding MAC address (48-bit ethernet address). To do this it uses a protocol called ARP (Address Resolution Protocol) – it broadcasts an “ARP request” and receives a reply from the machine which thinks it owns the requested IP address; this reply can be cached for a while so further ARP requests are not needed.

In half-bridge mode, as I said before, packets sent out on the LAN which are destined for the WAN are forwarded down the ADSL link by the router. The problem is that any client machine on the LAN which needs to send such packets (i.e. the NAT box) must obtain a destination MAC address using ARP beforehand; the router, therefore, needs to provide a fabricated MAC address in ARP replies to ARP requests for which the IP is not on the LAN.

First problem: The router actually crafts a MAC address for ANY IP address not presently in use on the LAN, not just addresses which aren’t actually within the LAN subnet(s) as it should do. You might be forgiven for thinking this wouldn’t cause any problems, however.

Second problem: The Mac uses ARP before configuring its network interface with an IP address to determine whether the IP address is already in use. Again even this might be considered reasonable seeing as that is almost what ARP is for. Certainly on a standard network you wouldn’t expect to get an ARP reply from a host which didn’t actually exist.

The real issue is not so much either of the two problems outlined above, but rather that the Mac then refuses to configure its network interface. Arguably it shouldn’t even be doing the ARP check, particularly if the IP assignment is static but also if it’s assigned by a DHCP server (I mean, preventing IP clashes is why you have a DHCP server in the first place). And it definitely shouldn’t be actively refusing to use the IP address if the ARP test fails (a warning or confirmation dialog would be better, with the option to skip the check in the future).

To solve the problem, I put the router into full bridge mode, which prevents it from fabricating ARP responses (the NAT box now has to handle the PPP encapsulation/de-encapsulation, but that’s not such a big deal, just a hassle to set up).

Next problem: Connecting to the NAT box via SMB fails from the Mac Finder. I can see it in the “Network” thingy (which for some reason has a functionless eject button next to its icon in the Finder) , inside a folder called “house” (which is the workgroup name), but when I double click I just get a dialog with a message about the alias being broken and three options (delete the alias, fix the alias, or “ok”). “Fix alias” is the obvious choice perhaps, but it just prompts me to navigate and select a file.

The cause: I haven’t yet set up any shares on the NAT box. Would it be too much to ask to have the dialog message mention this, rather than some really obscure diatribe about an alias?