How to connect a Mac OS X and a Windows XP machine, in order to have a PHP+MysqL application running on Windows but with browser and usage from Mac OS X?
January 5, 2013 3:59 AM
I want to connect from a Mac OS X machine to a Windows XP running XAMPP (Apache, MySQL, PHP), in order to use an application running on the Windows machine.
At the same time, I want to have the Mac OS X allowing Internet browsing, while Windows should be isolated from the Internet.
Can it be done in some way, or can you suggest a possible setup close to that purpose?
I do not have access to a Mac OS X machine, so I need instructions about what to do when I'll have to try this kind of setup:
There will be:
- a Mac OS X machine;
- a Windows XP machine;
- XAMPP installed on Windows XP, with Apache and MySQL running;
- a PHP/MySQL application installed on the Windows machine, normally working from a web browser on Windows, from address http://localhost/whatever
What I want to achieve:
- the PHP/MySQL application still running on the Windows machine, but using it from Safari on the Mac OS X machine;
- Internet normally working on the Mac OS X environment;
- Windows environment isolated (or protected enough) from the Internet.
Is there a way to build this setup?
Your answers may include hardware and/or software required to buy (e.g. router, cables, etc.).
Thank you very much.
I do not have access to a Mac OS X machine, so I need instructions about what to do when I'll have to try this kind of setup:
There will be:
- a Mac OS X machine;
- a Windows XP machine;
- XAMPP installed on Windows XP, with Apache and MySQL running;
- a PHP/MySQL application installed on the Windows machine, normally working from a web browser on Windows, from address http://localhost/whatever
What I want to achieve:
- the PHP/MySQL application still running on the Windows machine, but using it from Safari on the Mac OS X machine;
- Internet normally working on the Mac OS X environment;
- Windows environment isolated (or protected enough) from the Internet.
Is there a way to build this setup?
Your answers may include hardware and/or software required to buy (e.g. router, cables, etc.).
Thank you very much.
"Your answers may include" makes it sound like a homework question or something. You need - well, what Doofus says, to be honest.
But to get silly for a moment:
1) Turn the Windows machine into a VM, and run the Windows VM on the Mac, with no routing to the outside world.
This has the same problem as Doofus' solution - if an attacker compromises the Mac, they can use it as a stepping stone to attack the Windows box.
2) So what we really need to do is protect the Windows machine from the outside world and a compromised machine on the local network.
So we do everything Doofus said, but we also shut down the Windows machine so it only listens on port 80 (software or hardware firewall between it and the rest of the network), and we tell Apache to only Listen to the IP of the Mac. If XAMPP doesn't come with suhosin, throw that on as well, because, what the hell.
But by taking the Windows machine off the network, you've made it hard to install security patches for your WAMP stack. You're going to need to figure out a way to make sure they get applied. Also, what's the lead time between a security patch being released for Apache, and it being available in XAMPP? If it's more than a few days, you might want to dump XAMPP and go for bare installs of Apache etc.
Another approach would be a VPN...
Client-side certificates on the Mac in addition to locking down Apache to a single IP...
HTTPS on the Windows machine in case someone compromises the router...
posted by Leon at 5:02 AM on January 5, 2013
But to get silly for a moment:
1) Turn the Windows machine into a VM, and run the Windows VM on the Mac, with no routing to the outside world.
This has the same problem as Doofus' solution - if an attacker compromises the Mac, they can use it as a stepping stone to attack the Windows box.
2) So what we really need to do is protect the Windows machine from the outside world and a compromised machine on the local network.
So we do everything Doofus said, but we also shut down the Windows machine so it only listens on port 80 (software or hardware firewall between it and the rest of the network), and we tell Apache to only Listen to the IP of the Mac. If XAMPP doesn't come with suhosin, throw that on as well, because, what the hell.
But by taking the Windows machine off the network, you've made it hard to install security patches for your WAMP stack. You're going to need to figure out a way to make sure they get applied. Also, what's the lead time between a security patch being released for Apache, and it being available in XAMPP? If it's more than a few days, you might want to dump XAMPP and go for bare installs of Apache etc.
Another approach would be a VPN...
Client-side certificates on the Mac in addition to locking down Apache to a single IP...
HTTPS on the Windows machine in case someone compromises the router...
posted by Leon at 5:02 AM on January 5, 2013
If it's just the Mac connecting to the Windows XP machine, by far the simplest solution is to just get an additional ethernet interface for the Mac (USB dongle) and connect the computers directly to one another. That way the Mac has access to whatever router you have connected to the Internet, and the Windows XP machine is off on a disparate network that the Mac also has a connection to.
posted by RonButNotStupid at 6:55 AM on January 5, 2013
posted by RonButNotStupid at 6:55 AM on January 5, 2013
If I understand the question correctly the easiest way would be to have the two computers be on the same network (using the same switch or wireless router), then set the default gateway on the Windows machine to something else than the internet router. Since communication between the Mac and the Windows machine won't go through the gateway they can still talk, but the windows machine will just time-out every time it tries to access the internet.
You might have to set the TCP/IP settings manually for at least the Windows machine, but this should be quite straight forward.
(You can also install a web proxy on the mac, then configure a web browser on the Windows machine to use the proxy, that way you can still access the internet through that browser, but no other application will have access.)
posted by Baron Humbert von Gikkingen at 7:03 AM on January 5, 2013
You might have to set the TCP/IP settings manually for at least the Windows machine, but this should be quite straight forward.
(You can also install a web proxy on the mac, then configure a web browser on the Windows machine to use the proxy, that way you can still access the internet through that browser, but no other application will have access.)
posted by Baron Humbert von Gikkingen at 7:03 AM on January 5, 2013
Thanks for all the answers, they all seem good and it's hard to choose which one to mark as best.
Leon: it's not a homework question, I was really asking for help on this real situation - so thanks for your nice suggestions.
If it's correct, at the moment I like very much the one from Baron Humbert von Gikkingen, because it seems easy/quick, while effective. And no, accessing the internet is not required on the Windows machine, but thanks for the bonus suggestion too.
posted by lion at 7:38 AM on January 5, 2013
Leon: it's not a homework question, I was really asking for help on this real situation - so thanks for your nice suggestions.
If it's correct, at the moment I like very much the one from Baron Humbert von Gikkingen, because it seems easy/quick, while effective. And no, accessing the internet is not required on the Windows machine, but thanks for the bonus suggestion too.
posted by lion at 7:38 AM on January 5, 2013
What's your motivation for wanting Windows isolated from the Internet? Are you (a) trying to protect the Windows box from attacks originating outside, or (b) trying to stop anything running on the Windows box from connecting to anything outside, or (c) both?
Because if all you actually want is (a), and the Windows box is not accessible to teenage sysadmins inside your house so you can be sure that there's nothing running on it that's going to use uPnP to open any IP-facing ports on your router, then an ordinary NAT router between your LAN and the Internet is all you need. No special configuration is required, and you probably don't even need to buy a new router as most modems include one.
posted by flabdablet at 8:43 PM on January 5, 2013
Because if all you actually want is (a), and the Windows box is not accessible to teenage sysadmins inside your house so you can be sure that there's nothing running on it that's going to use uPnP to open any IP-facing ports on your router, then an ordinary NAT router between your LAN and the Internet is all you need. No special configuration is required, and you probably don't even need to buy a new router as most modems include one.
posted by flabdablet at 8:43 PM on January 5, 2013
« Older Physical requirements of various occupations | Found a family of cats at a service station next... Newer »
This thread is closed to new comments.
posted by Doofus Magoo at 4:26 AM on January 5, 2013