Os X Lion Server, NAT and DHCP.

Gonna check the next week, but my bet is "no" with good degree of certainlty.

"Seriously, if it works, who care?" (c) Apple

I can confirm it's not !

I wonder if they really tale care of this.

Hi Yggdrasill

Can you be more verbose about your solution.

I tried to copy /usr/libexec/nat_start and nat_stop from à brand new 10.6.8 server to m'y Lion Server, but Internet Sharing still launches when I start NAT with Server Admin or the serveradmin cli.

Did yu copy the InternetSharong binary too ?

I think that everybody following this thread would be glad of your shares.

I personnaly spent à lot of time on this subject, since thé first beta of Lion Server.

Thx

Olivier

What is the exact issue here ?

Do you just want to enable routing between the two networks ?

Or do you want to share internet etc... ?

If just routing then you might want to "just enable" ipforwarding... correct?

If you have setup the both nics correctly in the multihomed Mac then

you might try to issue: sysctl -w net.inet.ip.forwarding=1

test if that's what you want...

If so, make it more permanent by issuing :

net.inet.ip.forwarding=1 to /etc/sysctl.conf

Then it still works after a reboot.

Martin

Thanks for your answer. I've already done this and it works, but it was not the pupose.

The thread is about NAT and my question was about Yggdrasill's post saying : "replace the binaries".

I finaly got it working with a little hack to prevent Server Admin starting Internet Sharing.

Olivier

@Martyin, once you enable NAT service, it automatically enables DHCP server somewhere inside OS, that can not be configured nor seen anywhere in server tools.

Any attempt to enable separate DHCP service (bootpd) will result in abrupt disfunction of ServerAdmin, until you take the DHCP service down and never start it again.

I'm unsure about your suggestion to "just enable forwarding", as I need address translation as well.

You can prevent launching Internet Sharing with Server Admin by changing riights to the piste file :

cd /Library/Preferences/SystemConfiguration/

chmod 400 com.apple.nat.plist

chflags uchg com.apple.nat.plist

It's à hack, but ... It works.

To launch natd, you can create à simple LaunchDaemon item :

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

<key>Label</key>

<string>fr.easymac.natd</string>

<key>RunAtLoad</key>

<true/>

<key>ProgramArguments</key>

<array>

<string>/usr/sbin/natd</string>

<string>-f</string>

<string>/etc/nat/natd.conf.apple</string>

</array>

</dict>

</plist>

And, as said in à few posts before, /etc/nat/natd.conf.apple is thé same file as in 10.6 server

cat /etc/nat/natd.conf.apple

# This file is reserved for configuration automatically generated by the Server Admin app.

# Generated: 2012-02-10 09:44:22 +0100.

#

interface en0

natportmap_interface en0

enable_natportmap yes

dynamic yes

log yes

log_denied no

deny_incoming no

use_sockets yes

same_ports yes

unregistered_only yes

reverse no

proxy_only no

clamp_mss yes

hmm... were there additional steps needed?

once done the machine stopped booting entirely.

so booted off the 10.6.8 drive... and i noticed the settings to 'com.apple.nat.plist' didn't really stop anything as the OS simply created (and presumably wanted to use) another file called 'com.apple.nat.plist-new' that was not locked.

I read somewhere else that in System Preferences->Network you should leave the Router field empty for the LAN ethernet port. I removed the entry I had there (192.168.2.1-same as the IP address) and all seems to be working fine for me now. Unfortunately, I did this right after the 10.7.3 update so I'm not sure which I can attribute it to.

What do you have entered for the LAN router? Can someone else try making that empty and see if it fixes the situation?

You must have default route empty on LAN interface. Unless you want a ton of headache for yourself, and anyone who would need to work with your network after you, that is.

i've always had that empty for the DHCP/NAT interface in System Preferences->Network... even in 10.6.8.

just IP address and subnet mask. everything else blank.

my main issue is everything in 10.6 (and before) was made in 172.16.x.x and that no longer works in 10.7. i'm trying to get out of having to scrap all the settings and redo all the DNS / DHCP assignments / etc etc from scratch to put it in the 192.168.2.x address space.

sorta hoping that this is corrected before Mountain Lion Server as i really need Lion Server in order to use Software Update for the 10.7 machines in the office.

so right now it is : continue to run in 10.6 but no local Software Update server (waste of bandwidth and time) or redo the DHCP/DNS/NAT entirely to run in 192.168.2.x ...

a decision that really shouldn't have to exist as i don't see any reason Lion had to be limited to 192.168.2.x address space. removing the option of using the previously-available address spaces in 10.7 is a feature removal with no benefit i can see.

You can host Lion updates in your Snow Leopard server. You don't need Lion Server to do so. Instructions here: http://support.apple.com/kb/HT4771

@arcusak

I looked at my server : I have the -new file too. The two files rights changed to 644 too, but the uchg flags stayer on the orignal com.apple.nat.plist file.

It's probably not necessary make the chmod.

ah good deal. i'll give that a shot later today.

that'll let me hold off on Lion Server a little bit longer at least. would still like to move to it someday though. and without having to basically redo the entire internal network from scratch.

I just found this that was posted 5 days ago: http://support.apple.com/kb/HT5215?viewlocale=en_US&locale=en_US

I haven't worked through it yet on our servers, but I'll post again after I've taken a stab at it.

Miles