Skip navigation
This discussion is archived

Setting up NAT

2955 Views 9 Replies Latest reply: Dec 11, 2009 5:07 AM by UKenGB RSS
UKenGB Level 2 Level 2 (270 points)
Currently Being Moderated
Dec 4, 2009 5:29 AM
Finally attempting to set up an XServe with Snow Leopard Server as the gateway, but noticed a small problem that may just be me missing something.

I want to set up NAT and Firewall service and THEN connect that ethernet port (en0) to the broadband line to my ISP. IOW, I want to get it set up and functioning BEFORE opening up the network to the Internet. Almost the only setting in the NAT service in Server Admin is to pick the External network interface, but it only lists Ethernet 2 (i.e. en1). This is presumably because en0 is disconnected, but this precludes any possibility of setting up firewall etc unless already connected (and vulnerable) which seems totally daft to me.

I'm thinking of just connecting to a simple ethernet switch just so en0 can be enabled and NAT configured, but since it all seems so elementarily stupid I'm wondering if I'm missing something here. IS there a way to get the desired port listed in NAT configuration without having to go to these lengths?
MacPro, MacBook Pro, XServe, iPhone 3G, Mac OS X (10.6), 30" HD display
  • Paul Kleeberg Level 1 Level 1 (40 points)
    Currently Being Moderated
    Dec 4, 2009 6:02 AM (in response to UKenGB)
    It is my understanding that only a handful of ports are allowed until you configure the firewall. I read somewhere that only port 22 and a few other critical ports for Server Admin are default open. So that means you would be safe to have your server connected as you set it up as a router.

    I set mine up as a router and discovered blocked ports before I configured the firewall. That is how I discovered this. I will also say I did not have it connected to my LAN at the time.

    Paul
    OSX Server (10.5.8 migrating to 10.6.2)), Mac OS X (10.6.2), MacBook 2.2Ghz, 24"Intel iMac  20"G5 iMac ... SE30
  • Leif Carlsson Level 5 Level 5 (4,950 points)
    Currently Being Moderated
    Dec 6, 2009 3:49 AM (in response to UKenGB)
    If you don't have a static public IP you will have trouble with your setup.

    Even worse if your ISP connection is via PPPoE (but NAT interface settings are easily "hackable").

    If "above" is true you would be better off using a broadband NAT router/firewall in between server and Internet.

    You can force an interface up temporarily : sudo ifconfig en0 <IP> up

    Don't know if it will show up correctly though.
  • Marshall Merritt Level 1 Level 1 (75 points)
    Currently Being Moderated
    Dec 9, 2009 7:39 AM (in response to Leif Carlsson)
    Can you suggest a good broadband NAT router/firewall? You have helped me before and I don't mean to hijack this thread but since it has the same information I need I figured I would add on to it. I have FTTH and have to use a PPPoE to get my static IP. Obviously my airport extreme won't work as a pass through for my PPPoE connection to my mac mini server with snow leopard. This is the first time I've ever had to experience PPPoE as I normally have straight fiber without a login. So any help would be appreciated. The MMS is going to be running mail services, dns, websites, digital content, etc so what is the ideal setup? I have an ethernet port to the house that uses a PPPoE and I need a passthrough of the "login handshake" to my dns server can use my static IP so it can be used. Hope that makes sense. This is the only reason I would use the MMS as a NAT instead of the Airport Extreme since it can't be used as a passthrough rather it assigns a internal IP to my MMS which then screws up my DNS settings for my static IP to my house.

    Right now I have my PPPoE going to my MMS, NAT setup on my MMS, my Airport Extreme is in bridge mode, then I manually changed the natd.plist config file to use ppp0 instead of en0 as the interface and it works great, however whenever I try to access my MMS via it's domain name it's painfully slow for all internal network computers but not for anyone else. Any & all help is appreciated.

    Message was edited by: Marshall Merritt
    Too Many to Count...
  • Marshall Merritt Level 1 Level 1 (75 points)
    Currently Being Moderated
    Dec 9, 2009 10:25 AM (in response to UKenGB)
    It screws up the DNS running on my MMS. I have it behind my Airport Extreme right now and the website and DNS it is hosting is not accessible. As soon as I put it outside the router, setup the NAT and manually change the natd.plist file to use ppp0 interface instead of en0 it works. Meaning the website is now accessible to the outside world, the DNS server works, the internal network has access to the outside world, everything is great except for 2 things. The first is the domain that is being hosted is painfully slow but only for the internal network not anyone else. The second is that because I had to manually configure the natd.plist file that any future updates may break this "hack" and therefore is not a good implementation for clients. I am trying this setup out before deploying it for my clients and so far it's not looking like it's a solid option.

    I have a USB Ethernet adapter for the MMS so it has 2 ports. The thing about PPPoE on server is this, once you set it up you can actually disable the built in ethernet (en0) and it will work fine because you are no longer using en0 rather ppp0 and my USB Ethernet (en1) will serve the DHCP & Nat just fine. Does that make sense?

    Message was edited by: Marshall Merritt
    Too Many to Count...
  • Marshall Merritt Level 1 Level 1 (75 points)
    Currently Being Moderated
    Dec 10, 2009 5:13 AM (in response to UKenGB)
    I am running the DNS for that domain as well. I run a small website/webhosting company now that uses XServe's & XServe RAIDs but this is my pet project to host my iPhone App's at my house and another personal domain. I could for now just have my domain registar host my DNS and then use the NAT passthrough to my server but I was looking at this for clients that I have that will want to run a similar setup and it was the PPPoE that was throwing me off. I have never had to use PPPoE before now and I'm quite shocked you have to use it with FTTH & a static IP address.
    Too Many to Count...

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.