Previous 1 2 3 Next 33 Replies Latest reply: Mar 28, 2012 7:26 AM by AnrDaemon Go to original post
  • J Cobb Level 1 (5 points)

    Does anyone know if this is fixed in 10.7.3?

  • AnrDaemon Level 1 (0 points)

    Gonna check the next week, but my bet is "no" with good degree of certainlty.

    "Seriously, if it works, who care?" (c) Apple

  • Olivier Ducrot - ACTC Level 1 (35 points)

    I can confirm it's not !

    I wonder if they really tale care of this.

  • Olivier Ducrot - ACTC Level 1 (35 points)

    Hi Yggdrasill


    Can you be more verbose about your solution.

    I tried to copy /usr/libexec/nat_start and nat_stop from à brand new 10.6.8 server to m'y Lion Server, but Internet Sharing still launches when I start NAT with Server Admin or the serveradmin cli.


    Did yu copy the InternetSharong binary too ?


    I think that everybody following this thread would be glad of your shares.

    I personnaly spent à lot of time on this subject, since thé first beta of Lion Server.





  • Martyin Level 1 (15 points)

    What is the exact issue here ?

    Do you just want to enable routing between the two networks ?

    Or do you want to share internet etc... ?


    If just routing then you might want to "just enable" ipforwarding... correct?

    If you have setup the both nics correctly in the multihomed Mac then

    you might try to issue: sysctl -w net.inet.ip.forwarding=1

    test if that's what you want...

    If so, make it more permanent by issuing :

    net.inet.ip.forwarding=1 to /etc/sysctl.conf

    Then it still works after a reboot.



  • Olivier Ducrot - ACTC Level 1 (35 points)

    Thanks for your answer. I've already done this and it works, but it was not the pupose.

    The thread is about NAT and my question was about Yggdrasill's post saying : "replace the binaries".


    I finaly got it working with a little hack to prevent Server Admin starting Internet Sharing.



  • AnrDaemon Level 1 (0 points)

    @Martyin, once you enable NAT service, it automatically enables DHCP server somewhere inside OS, that can not be configured nor seen anywhere in server tools.

    Any attempt to enable separate DHCP service (bootpd) will result in abrupt disfunction of ServerAdmin, until you take the DHCP service down and never start it again.

    I'm unsure about your suggestion to "just enable forwarding", as I need address translation as well.

  • Olivier Ducrot - ACTC Level 1 (35 points)

    You can prevent launching Internet Sharing with Server Admin by changing riights to the piste file :


    cd /Library/Preferences/SystemConfiguration/


    chmod 400

    chflags uchg


    It's à hack, but ... It works.


    To launch natd, you can create à simple LaunchDaemon item :



    <?xml version="1.0" encoding="UTF-8"?>

    <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "">

    <plist version="1.0">















    And, as said in à few posts before, /etc/nat/ is thé same file as in 10.6 server



    cat /etc/nat/

    # This file is reserved for configuration automatically generated by the Server Admin app.

    # Generated: 2012-02-10 09:44:22 +0100.


    interface en0

    natportmap_interface en0

    enable_natportmap yes

    dynamic yes

    log yes

    log_denied no

    deny_incoming no

    use_sockets yes

    same_ports yes

    unregistered_only yes

    reverse no

    proxy_only no

    clamp_mss yes

  • arcusak Level 1 (5 points)

    hmm... were there additional steps needed?


    once done the machine stopped booting entirely.


    so booted off the 10.6.8 drive... and i noticed the settings to '' didn't really stop anything as the OS simply created (and presumably wanted to use) another file called '' that was not locked.

  • J Cobb Level 1 (5 points)

    I read somewhere else that in System Preferences->Network you should leave the Router field empty for the LAN ethernet port. I removed the entry I had there ( as the IP address) and all seems to be working fine for me now. Unfortunately, I did this right after the 10.7.3 update so I'm not sure which I can attribute it to.


    What do you have entered for the LAN router? Can someone else try making that empty and see if it fixes the situation?

  • AnrDaemon Level 1 (0 points)

    You must have default route empty on LAN interface. Unless you want a ton of headache for yourself, and anyone who would need to work with your network after you, that is.

  • arcusak Level 1 (5 points)

    i've always had that empty for the DHCP/NAT interface in System Preferences->Network... even in 10.6.8.


    just IP address and subnet mask. everything else blank.


    my main issue is everything in 10.6 (and before) was made in 172.16.x.x and that no longer works in 10.7. i'm trying to get out of having to scrap all the settings and redo all the DNS / DHCP assignments / etc etc from scratch to put it in the 192.168.2.x address space.


    sorta hoping that this is corrected before Mountain Lion Server as i really need Lion Server in order to use Software Update for the 10.7 machines in the office.


    so right now it is : continue to run in 10.6 but no local Software Update server (waste of bandwidth and time) or redo the DHCP/DNS/NAT entirely to run in 192.168.2.x ...


    a decision that really shouldn't have to exist as i don't see any reason Lion had to be limited to 192.168.2.x address space. removing the option of using the previously-available address spaces in 10.7 is a feature removal with no benefit i can see.

  • studio212 Level 1 (0 points)

    You can host Lion updates in your Snow Leopard server. You don't need Lion Server to do so. Instructions here:

  • Olivier Ducrot - ACTC Level 1 (35 points)



    I looked at my server : I have the -new file too. The two files rights changed to 644 too, but the uchg flags stayer on the orignal file.


    It's probably not necessary make the chmod.

  • arcusak Level 1 (5 points)

    ah good deal. i'll give that a shot later today.


    that'll let me hold off on Lion Server a little bit longer at least. would still like to move to it someday though. and without having to basically redo the entire internal network from scratch.