Newsroom Update
Beginning in May, a special Today at Apple series titled “Made for Business” will offer small business owners and entrepreneurs free opportunities to learn how Apple products and services can support their growth and success. Learn more >
Beginning in May, a special Today at Apple series titled “Made for Business” will offer small business owners and entrepreneurs free opportunities to learn how Apple products and services can support their growth and success. Learn more >
I just installed Lion over Snow Leopard and after two days of debugging have discovered that the NAT process is now trying to relabel all of my VLANs.
I don't know what changed but in Snow Leopard I was able to have 3 VLANs (Internet, LAN, and Guest) and properly route my traffic. Now NAT tries to assign different IP addresses to all of my VLANs, which is not going to work.
Has anyone managed to get NAT to work with VLANs in Lion?
I didn't get NAT to work using en0 and ppp0....saw SYN packets out, but that was it. Good luck...NAT seems hosed with 10.7 Server
I called Apple Tech Support and went through 3 people before they escalated me to engineering. They send me their data collection script to run. It uploaded about 366megs of data to Apple, so I'm hoping they will be able to tell me why it's doing what it's doing.
For more background, I have 4 VLANs. One for internet (xxx.xxx.xxx.xxx), one for LAN (10.0.1.x), one for Guest (10.0.2.x), and one for configuring the switch (192.168.x.x). Everything worked in SL. In Lion, when I turn on the NAT service, it wants reassign the IP addresses of all of my interfaces. So they all end up with IP addresses in the 192.168.x.x range. Obviously this hoses up all the configs. It's like it's deciding to run the gateway assistant for you.
So that's my problem. Hopefully Apple gets it sorted w/o having to wait for 7.1. For now I've had to rip up my network config and use an airport extreme with the wireless turned off as a makeshift router. Unfortunately the airport doesn't support VLANs so half of my network is in the dark.
Have you enabled internet sharing in system preferences. If Not Try. Nat will be magically enabled.
NAT comes on. It just does not work.
Read my post again and you will see what it's doing.
Internet connection sharing is great if you just want to flip a switch and have everythign done for you, but for granular control of your netblock as well as a mryiad of other things, it's not a good solution.
It took a couple of weeks but Apple has confirmed that this is a bug. They rewrote NAT in Lion and in the process the only available subnets for use are the 192.168.x.x range. So if you try to use VLANs with different IPs, they will be reassigned by NAT.
LOL....that's flipping awesome! 😁 I have a Mac Mini dual booting Snow Leopard Server and Lion Server....EXACT same hardware setup...SLS works, Lion doesn't...now we know why. That's pretty pathetic. My buddy has been waiting for this to get fixed before going to Lion Server, but seeing as how Lion Server is SOO bad...I think he's gonna stay with SLS. As for me, I'll just keep staring at my 20" iMac happily doing everything I need......running Ubuntu 😉. Get ready all....Apple's Server product is on it's way out....
Agreed.
Support did say they are compiling impact data, so if you are affected by this issue, please respond in this thread and if possible contact apple support directly.
I've been working with Apple since Snow Leopard Server trying to make NAT more workable...to include being able to configure interfaces that are neither up nor have an IP assigned (I should be able to choose it as long as it exists yes?), and to be able to include virtual type interfaces (ppp0 anyone?) in the allowable list in NAT.....so far none of these changes have been made.....I still have to take down everything just in order to put the backup Mac Mini in place and configure NAT...and I still have to manually edit /etc/nat/natd.plist to get to use ppp0. Eh....I don't think they're listening 😟
Well, here's my +1 for the impact of this; trying to replace my gateway black-box PC with a Mac mini server.
Also, 'server' in the product title and only one ethernet port? that's not even trying... at least the USB ethernet adaptor works - the 'en3' interface that creates btw *does* show up in the sharing settings.
> Support did say they are compiling impact data, so if you are affected by this issue, please respond in this thread and if possible contact apple support directly.
I use Server to host Oracle based applications using VirtualBox. The firewall appears to protect the VMs too so using the NAT too provides a very elegant solution.
Pity it is not working on Lion.
Hi,
how do you manage to have LAN clients ue the ppp0 on the MacMini?
I tried everything but it looks like packets are not "diverted" to ppp0 but remains on en3-en0 gateway. With tcpdump I seeno activity.
Of course it all works locally fromthe macmini, routes seem to be ok,
Thanks for helping, as of now 10.7.2 is completely unusable....
Check this link:
https://discussions.apple.com/thread/3399811?answerId=16428049022#16428049022
A gent posted how to do it....I made the files, but haven't had the interest to test it out....I'm just not going to run the OS, so eh...not going to sink anymore time into Lion. As a side note, natd.plist is no longer used in Lion.
James
P.S. Completely agree with the unusable statement😟
As of either 10.7.1 or 10.7.2 they started parsing the natd.plist again.
I know because I had the alternate subnet key set and after the update all my networks were suddenly hosed.
It still splits your networks across subnets. So the trick is to just redo all your vlans with the subnets NATd issues. It's a pita, but if you do that it will work. So for me everything is now some sort of 192.168.x network.
Thanks James for the cavceat, it worked well! (BTW, I've seen that ServerAdmin NAT services runs natpmpd instead of natd).
I have now disabled NAT from ServerAdmin interface and use the natd on ppp0 + diver rules, as explained.
It would be interesting now to have some traffic coming from LAN going to ppp0 and some other traffic going to en0, probably I could run 2 instances of natd on 2 different ports with 2 different diverts.....
Thansk again,
Regards
Can't get NAT to work with VLANs in Lion Server
