Apple Event: May 7th at 7 am PT
I just installed Lion over Snow Leopard and after two days of debugging have discovered that the NAT process is now trying to relabel all of my VLANs.
I don't know what changed but in Snow Leopard I was able to have 3 VLANs (Internet, LAN, and Guest) and properly route my traffic. Now NAT tries to assign different IP addresses to all of my VLANs, which is not going to work.
Has anyone managed to get NAT to work with VLANs in Lion?
Ho Shawn,
can you explain more about this?
Thanks
What would you like to know?
My original issue and complaint was that turning on the NATd would basically rewrite all your IP addresses regardless of how you had them setup in system preferences. I went through the motions with Apple care and they pushed it all the way up to engineering. I was told they recognized it was a problem and would work on it.
In the mean time, I had two choices. Renumber all of my vlans to work with the scheme the NATd was providing or go back to SL. I chose to stay with Lion because redoing all my vlans was less work than trying to migrate my user db back to SL. So here's what I did. I ran NATd, let it change all the IP addresses, made note of those and went back and changed all my vlans in my router accordingly. Been working fine since. Before I had my vlans on various 10.0.x networks, but the NATd in 10.7.0 forced them all on to 192.168.x networks. So that's what I renumbered them to. So long as they were 192.168.x I seemed to be able to make them what ever order I wanted, as you would expect.
Is that enough detail? Or do you have a specific question?
Thanks a lot Shawn, that was extremely clear.
I already have my LAN with 192.168.x.x address so I was not impacted by that.
By the way, sorry for my bad opinion, but OS X Server is getting more and more consumer to an almost unacceptable manner, I would highly like to install Snow Leopard but my MacMini doesn't support it.
Have a good day.
If you have any further questions or think I can help further, dont hesistate to respond with a new question, and I will see what I can come up with.
I agree that Apple needs to allow VLANs to use any network in Lion. As it is, I leave my iMac at work running 24/7 because I have defined a VLAN interface on a 10.x.x.x network. Whenever I have to reboot, I have to replace the /Library/Preferences/SystemConfiguration/preferences.plist file with one that has no VLANs in it, reboot, and add the VLAN again.
It would be of high interested to know how to have NAT & PPP live together on the gateway.
That is, having some traffic from the LAN being routed to EN0 and other traffic, the one destined to the VPN subnet, being routed via PPP0.
NATD only reroutes all packets to EN0, no packets are diverted from LAN client to PPP0 even if route (netstat -rn) is correct.
If I run NATD on PPP0 it of course works but then everything is router through VPN.
Any ideas?
Thanks as always!
Switch to a different OS....server is going to meld with client and be more useless then ever I suspect. OS X Server is a sinking ship.
I, too, wanted more control over nat and my subnets and ended up getting it to work by using a bridge, divert, natd and a cloned route. This is now what my network looks like:
And here's how I did it:
# Create a bridge, add the Ethernet device
gwdev=en1
ifconfig bridge0 create
ifconfig bridge0 up
ifconfig bridge0 addm en0
# Give it an IP, route bridge0's traffic to bridge0
ifconfig bridge0 172.20.0.1
route add default -interface bridge0 -ifscope bridge0 -cloning
# Enable IP forwarding, add a firewall rule to send all natd traffic to the real gateway
# Start natd with a whole bunch of options
sysctl -w net.inet.ip.forwarding=1
/sbin/ipfw add 100 divert natd ip from any to any via $gwdev
/usr/sbin/natd -interface $gwdev -use_sockets -same_ports -unregistered_only -dynamic -clamp_mss -enable_natportmap -natportmap_interface en0
If you'd like more info, you can check out the blog post I wrote that details my setup. You may notice that I don't address DHCP or DNS.. I'm having servers on my guest network handle that.
I'm not a network admin so if you see any ways to improve this, please let me know so I can update the post.
Can't get NAT to work with VLANs in Lion Server
