Airport Extreme works THIS WAY. EAT IT.

So, I'm getting increasingly annoyed at Apple's railroading of people's use cases (no, this has nothing to do with the iPad).

It's only after I started using a Nexus One with android that I realised how shite the iPhone was in a lot of ways. Case in point: The one thing that I wanted my phone to do wasn't implemented yet, so I did it. The concept of doing that on iPhone without jumping through a ridiculous number of hoops is alien to me.

Another case in point happened this evening, or at least a symptom of it.

I'd recently gotten a Soekris net5501 to act as a home dhcp/dns/etc. server, having gotten tired/bored of just letting the Airport extreme do everything. I wanted to use DynDNS properly, and I wanted something I could leave on when I go on business trips (So I can leave power usage monitoring on, etc).

Sounds like a plan, right? So after fiddling with getting the Soekris installed, I plugged everything in, set up ISC dhcpd and Bind, and then went to Airport Utility to turn off DHCP on the Airport Extreme.

Except, you can't.

You can't actually turn off DHCP, without putting the device into bridge mode. You literally cannot run a NAT network using an Airport Extreme where it's not the DHCP server for your LAN.

Rather than ditching my Airport on some unsuspecting fanboy and doing research to find a good 802.11n router, I just set a DHCP pool size of 1 and got on with my life.

However, this basically reinforced my increasingly negative opinion of what Apple is up to these days. Apple products are increasingly not for people who know what they want.

As a disclaimer, I own an ipod and use a macbook pro as my only computer for day-to-day use. They work fine, and are great products. Which makes it a shame that a lot of their other stuff falls down so hard.

Aside: here's how to get ISC dhcpd to ignore a certain MAC address if you have a stupid device you want to talk to another dhcp server:

host stupidhost {
hardware ethernet MA:CA:DD:RE:SS;
deny booting;


  1. you probably want a dummy MAC address in there on the hardware ethernet line to show where it goes ...

    And at least the Airport supports IPv6 natively, and sanely, which is more than can be said for the other simultaneous dual-band routers on the market right now (although the Linksys has added some support, I understand). Unfortunately, the open firmware projects don't seem to be tackling the simultaneous dual-band models, so it was back to Apple for me.

  2. Ugh, I had put in something that was interpreted as an illegal html tag, fixed.

    As for ipv6, I'm interested in things useful to me today.

  3. *shrug* Different people find different things useful. I like using Kerberos authentication, for SSO, while still being able to use service-based naming, such as "imap.example.org". Doing this requires matching forward and reverse DNS and you can't reliably have multiple names for one IP. So it's one IP per service. To have those publicly routed, in this day and age, means using IPv6. Thus http://svn.spodhuis.org/ksvn/.... and so on. Works great for me.

    Also, native IPv6 is decent when you have an OS you trust and want to be able to accept inbound connections without worrying about NAT or other MitM attacks.

    With the pressures building on IPv4 address availability, there is a risk of market closure to new entrants. The more people have IPv6 connectivity, the more open the market remains, for xSPs of various forms.


  4. That's all fine in theory. I really hope ipv6 takes off, but it's going to take the market to drive it at this point.

    Another of my bugbears with ipv6 is address allocation seems fucked -- I don't need a giant power of 2 number of IPs for my home network, and we're going to run into fun shortages with ipv6 in the very long term anyway, if we're just multiplying all the numbers by the same factor.