4 Replies Latest reply: Mar 4, 2010 7:30 PM by Cabal
Per Magnusson Level 1 Level 1 (0 points)
Hi,

I would be thankful for any links to instructions or advice on the "best practices" for setting up a home or small business network (DNS, firewall, etc). My primary objective is to learn how all this works, my second objective is to host my own web-site on the mini.

My equipment:
- Mac mini Server (OS X Server 10.6.2)
- iMac (OS X 10.6.2)
- MacBook Pro (OS X 10.6.2)
- TimeCapsule
- A few Windows Vista machines

At the moment I have the TimeCapsule connected via Ethernet cable to the cable modem and acting as the wireless router. If I setup DNS on the mini, should I connect it directly to the cable modem via Ethernet cable instead? Since the TimeCapsule does not have a firewall (or?) I guess the mini fits best as the end-point to the Internet. Will the TimeCapsule continue to act as a Wireless router for all other devices on my soon-to-be private network?

Many thanks in advance.

Thanks,
Per

iMac, MacBook Pro, Mac mini Server, Mac OS X (10.6.2)
  • StephenM Level 1 Level 1 (110 points)
    I'm pretty new at this myself, but here is some of my advice and I'll also pass on some of what I have learned.

    If you haven't purchased hardware yet, get the Mac Mini Server. It is a slightly modified Mac Mini that has 10.6 server. It looks like you have this, a good first step. Get Applecare. Apple Care will get you three years of Enterprise level support. The answer to any GUI based server queries are only a phone call away. Applecare for the Mini can be had for $120-150. Enterprise level support is $149 per call. You'll make back your money on the first call. I made my first call the other day and talked to someone for over a an hour. He helped me solve my problem but also gave me good advice. I foresee using my Mini similar to how you will be using yours, so I'll pass on his advice.

    Here is a connection diagram as best as I can do in a text world

    Internet <--> Cable Router (CR) <-->Time Capsule( TC) <--> Internal Network

    The Internal Network would be your Server, other Macs & PC's. The server would have a local static IP address. The other machines would be configured to use DHCP.

    TC would be set up to share a public IP address. Its DNS would point to the DNS Server you would set up on your local server.

    The Mac server can be setup to handle the DNS information from your local network and then reroute information to your existing DNS chain for information it doesn't know. If you want to resolve the server externally and internally, which is a definite if you want to access the web, server from the outside world, you'll have to do a little more work. Each of these steps can be a project unto themselves.


    1/2) Get a static IP. You could do some of these other steps without a static IP, but some of the server setup requires a static IP, especially reverse DNS lookup.
    1) Get a Domain name.
    2) Get the public DNS configured so the reserve lookup (Public IP Address points to Domain Name) and forward lookup (Domain Name points to public IP address) refer to each other.
    3) Set up a "Split DNS". This step was trivial...once I figured out how to do it. You'll have 2 IP Addresses in your Server Zone record, one pointing to the local IP address for the server and the other pointing to the public IP address.

    A couple of advantages to this set-up:
    1) TC works as a Hardware Firewall. This helps to relieve some of the load on the server, because it doesn't have to waste CPU cycles on Firewall activities.
    2) SL Server recognizes the fact that you are using a TC and will be able to configure the TC to open up the ports that it needs open to let in stuff from the outside, like port 80 for web services. For this to work well, you will have to disable the firewall on your CR , but do not fear, the TC will be your Firewall. If you don't/can't disable the Firewall on your CR, you will have to open ports as needed on the CR for outside information to get in.

    Hope this helps,

    Stephen Magladry
  • Per Magnusson Level 1 Level 1 (0 points)
    Hi Stephen,

    thank you very much for your advice. This was very helpful!

    By pure chance and trial-and-error, I had set up my Mac mini Server, TimeCapsule and Mac "workstations" exactly how you described it. DNS, DHCP, etc. all working perfect. Very good to get the setup confirmed by your post! I am also using the Google DNS (at 8.8.8.8) rather then my ISP DNS which seem to have speed up external web-sites considerably.

    I have registered a domain name and the only thing missing is a static IP which I am speaking to my ISP about. Then my web-site should be up running

    Many thanks again and best regards,

    Per
  • StephenM Level 1 Level 1 (110 points)
    A couple of other bits of information:

    The Mac OS X Getting Started Manual which came with your Mini Server has a wealth of information. To explore services more in depth, refer to http://www.apple.com/server/macosx/resources/documentation.html . There you will find in depth PDF documentation on many of the different aspects of Mac OS X Server. I downloaded them all to have a local reference library. The Getting Started Manual is part of this set. One of the nice things about downloading the PDF files, is how easy it is to search the docs when questions arise, like split DNS, though I found the info to be a little incomplete in the Apple docs.
  • Cabal Level 1 Level 1 (10 points)
    Is there any reason to setup DNS internally rather than just allow the TC to manage DNS internal and external via the ISP?

    What advantages do you get from having the server manage DNS? I'm in the middle of a similar design and didn't think it was worth dealing with the DNS as long as my domain registrar could forward the right aliases to my IP address.