Apple Event: May 7th at 7 am PT

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Level 1

0 points

Os X Lion Server, NAT and DHCP.

Hi *,

for month now, I'm using a Mac Pro with Mac Os X Server Snow Leopard as the default gateway for my "Apple" subnet.

With the Lion release, I upgrade my Mac.

First of all, I was really disappointed to see the migration totally screwed up my configuration. During the install, the Installer told me migration failed or was skipped.

Indeed, after the first boot, all my servers settings where gone. Hum.

So I made a reinstall, and configured everything from scratch.

I followed the Apple documentation for Lion Server but with this Mac Os release, I'm unable to configure DHCP or NAT with my network settings.

All the time I start Internet Sharing, NAT or simply IP forwarding, the server change his ip settings for the internal interface and use 192.168.2.x/24 address.

My whole subnet is in 172.16.84.0/27. How can I fix it and force Os X Server to use _my_ ip settings and not default one?

Is this a way to get "advanced" configuration instead of "3click-and-make-it-run" ?

I can see in the Preferences Panel that all my IP settings are fine, but an ifconfig in cli only returns me an IP in the wrong range and there is no connectivity with my real network.

The problem is the same for DHCP.

If I configure the DHCP service with my subnets, I declare my ranges,... exactly as I did in Snow Leopard (and which was working perfectly).
But, from times to times, the configuration is erased (even if I don't use the Gateway Setup Assistant).
I often see a new range added in the 192.168.2.0/24 subnet, which keep coming even if I remove it.

Even with all references removed to this range, service restarted, the server continues granting leases in the 192.168.2.0/24. And nothing for the subnets I declared.

This server is also the DHCP server for Time Capsule client. Indeed, my TC is bridged on the network and there is no DHCP running except on the Server.

I also tried to let the Gateway Setup Assistant do his work and after, edit settings by hands via Server Admin, same problem.

The Server doesn't care about my settings and NAT/DNS/DHCP doesn't work.

A little quick draw to make things more obvious :

--- Internet ---- Firewall ---- DMZ ---- Mac Pro ---- Apple_Lan --- TimeCapsule

Mac Pro en0 : 172.16.83.1/29

Mac Pro en1 : 172.16.84.30/27

Does anybody has anything in mind to help me ? any tracks ? feedback ?

Cheers,

Yggdrasill.

Mac Pro, Mac OS X (10.7), Mac Os X 10.7 Server

Posted on Jul 25, 2011 2:05 AM

33 replies

Mar 27, 2012 3:56 PM in response to Miles Muri

OK, just a couple of notes:

I found it was more effective turning off Internet Sharing in System Prefs as opposed to NAT in Server Admin. I wnet through this about 10 times though, so I may be mistaken.

When creating pf.anchor rules (this is the example from the KB doc):

nat on en0 from 10.0.0.0/24 to any -> (en0)

pass from {lo0, 10.0.0.0/24} to any keep state

Make sure you change both en0 entries (if required - my mini needed to be en3 for the 100Mb USB, leaving en0 1Gb for the LAN). In both lines, enter your network as required:

nat on en3 from 192.168.120.0/23 to any -> (en3)

pass from {lo0, 192.168.120.0/23} to any keep state

I found that sysctl.conf only existed as sysctl.conf.default, so I made my changes and renamed the file.

For me, it didn't work at first because of a bad entry in the DNS forwarders. I'm not sure if I put that there (I don't think so) or if it was something that got munged by Internet Sharing when I turned on NAT.

In Server Admin, do not start NAT, it will mess up all the settings again, including:

- DHCP - adds ranged for all available interfaces, deletes the good range that you have diligently set up and replaces it with a 192.168.2.2-200 range.

- Ethernet static IP settings - strangely, these don't show in System Prefs, but an "ifconfig -a" shows that my IP was gone and 192.168.2.1 was there.

- DNS - ymmv. The service itself is OK, but the DNS entries on the interfaces may have been changed.

When you reboot, it should be OK.

HTH,

Miles

Mar 28, 2012 3:17 AM in response to Miles Muri

It works fine following this guide..

Hope Apple will change Server Admin.app and Gateway Assistant to configure this way.

I filled a bug report for this.

Mar 28, 2012 7:26 AM in response to Miles Muri

Thank you very much for pointing this article out.

Sad they didn't made it more natural (for Mac OS, I mean. For *NIX world in general, editing config files is pretty natural).

Os X Lion Server, NAT and DHCP.