Gateway set up trials and tribulation

Question

Level 1

0 points

Gateway set up trials and tribulation

Has anyone managed to successfully, reliably and compatibly set up a Lion Server as an internet gateway?

AFAICT, there is no feature/assistant in the current Server.app to do this. Accordingly, I have downloaded the Server Administration tools and used the Gateway Assistant there (on the NAT service) as well as all the fiddling around that the Apple TechNote tells you to do in order to use 192.168.2.* on the LAN side, which is apparently the only working configuration (and despite the assistant telling you it is configuring 192.168.1.*!).

I can get this to work as well as it ever seemed to in Snow Leopard, but whatever configuration is produced is disrupted whenever Server.app is run. Unfortunately, you pretty much have to run Server.app with Lion Server, as so many of the settings previously available via the more advanced Server Admin Tools have now disappeared (web, user mail configuration to name but two). Of course some things like virtual hosting have gone altogether, but that's another story.

If I do run Server.app for some reason, by browser will stop loading pages on the server machine, and no internet traffic will be passed over the gateway from LAN clients. I have found that this can be fixed easily enough:

1. Reboot the server (make sure no Server.app is running at this point though!)

2. Run Safari's Network Diagnostics and follow the workflow up to/including the resetting of the WAN device (cable modem in my case)

The Diagnostics assistant will then 'green-light' your ISP, Internet and Server items (previously red) and you'll be back in business. LAN clients will eventually start working again - though I think maybe their DHCP addresses need refreshing first.

With the gateway stuff configured I have also noticed that Server.app always fails to add users to a fresh OD database (two errors: non-unique full name, or failed to complete transation, if my memory serves). The users do appear to get created, but perhaps not properly. I still have to experiment with this to find out if this really has anything to do with the gateway configuration, or something completely independent. My installaton of Lion Server is 'clean' btw, not a migration from Snow Leopard (though I have other issues with that workflow too).

PowerMac, Mac OS X (10.7)

Posted on Jul 27, 2011 6:20 PM

Reply

Answer 1

Jul 27, 2011 7:52 PM in response to Flashwalker

I finally got it working by just accepting the 192.168.2.* network and manually reconfigured DHCP and the Firewall to use that. The assistant kindly uses 192.168.2.* for half the settings and 192.168.1.* for the other half *sigh*.

Oh, and here's a support article where apple says basically the same thing:

http://support.apple.com/kb/TS3887

Good luck!

Edit: they say "System Preferences will show the IP address as 192.168.1.1." but you can change it to 192.168.2.1 and it should be okay. You might want to do that first, before changing it elsewhere.

Message was edited by: superstantial

Reply

Answer 2

Jul 30, 2011 8:23 AM in response to Flashwalker

I've been experiencing the same problem(s). I've tried for three days to get my server setup as an Internet gateway without success. I had 10.6.8 running fine as an Internet gateway on my Mac mini Server. Yeah, yeah, I know -- if it ain't broke, don't fix it, and all that... but I'm one of those that really enjoys new technology, even if there are some hiccups. This, however, isn't like a hiccup, it's like some kind of technological dry heaving. I have been able to get it running, and then suddenly the Internet connection to internal clients would drop. Thanks to your post, I now know what's causing it and how to fix it. Is the fix you describe (running Network Diagnostics) persistent, or does opening Server.app cause the problem again?

I too have mine setup based on Apple's recommended settings for the Gateway server (mostly based on that support article [TS3887]). Another problem I noticed, however, is that this recommended setup seems to have a problem with the firewall set an anything other than exactly 192.168.2.0/24 for the 192.168.2-net internal network (mine is set wide open on this internal network). I wanted to broaden it to include 192.168.1.x addresses, so I changed it to 192.168.0.0/16. Even though this configuration (also set wide open) is supposed to open all traffic between 192.168.0.0 to 192.168.255.255, it somehow does not. It blocks traffic on the internal network when the server is setup as a gateway. If I scale it back to 192.168.2.0 through 192.168.2.255, it works fine. That is until everything suddenly stops -- as you described.

This is simply too frustrating to deal with without a patch. Thus far, I'm very displeased with Lion Server. I know that much of my displeasure is simply the whole "resistant to change" concept, but I'm having a hard time understanding why Apple seems to have restricted things so much. The whole "Server for Everyone" idea would be fine if perhaps they had two different versions of the server, one for "Everyone" -- a sort of "one size fits all" add-on version, and another for more advanced needs. As a side note: I don't fully understand CUPS, as it relates to printers and printer sharing and I was very disappointed to see the Print Server from Snow Leopard disappear in Lion.

Anyway, if anyone hears any news about any updates for Lion that will address these gateway issues could you please update this post? Hoping for a 10.7.1 or 10.7.2 (already out to developers, I've heard) soon. Thanks.

Reply

Answer 3

Flashwalker Author

Level 1

0 points

Aug 1, 2011 12:48 AM in response to LogMeCode3

Is the fix you describe (running Network Diagnostics) persistent, or does opening Server.app cause the problem again?

It consistently fixes the problem for me whenever the gateway drops out.

Thankfully this doesn't happen often, but clearly there are ways to promote it, including the simple expedient of running Server.app. BTW, whenever I run Server.app with the System Preferences -> Network settings panel open I can see something flash through the list of interfaces - presumably as something in Server.app probes the interfaces or otherwise messes with the settings. I'm guessing something like this visible action causes the gateway to drop out, and of course the Network Diagnostics does enough to reset settings or services to get it all back again.

Thus far, I'm very displeased with Lion Server.

I think it's fair to say that I've never had a 'dot zero' release of Mac OS X Server work as smoothly as I'd like.

Many of these initial relases of the server OS have behaved a bit like a house of cards, but they have generally settled down by the third or fourth incremental release.

However, I think I'd also say that Lion Server has so far manifest this pattern to the greatest extent. I suppose historically it's probably one of the larger changes that they've made to the way that configuration and administration is done. They clearly have had a grand design to make running a server simpler and cheaper. Probably, we're just having to ride out the classic pattern of software that has yet to have enough of an airing to fully stabilize. Though it's a shame we're having to do the beta testing in this way, we'll just have to suck it up or go back to Snow Leopard Server.

Having managed to get this round's "house of cards" up now (with the recalcitrant Open Directory and the relunctant IP gateway), I'm finding that if I manage everything via the downloadable Lion Server Admin tools now, the wobbly structure seems to be staying up for the most part. I've only had one occasion when the gateway stopped working when I hadn't run Server.app, and thankfully I had already figured out the Network Diagnostics thing (...which only cost about half a day of banging my head against the wall to find!).

Reply