Lion Server Gateway Issues

Question

Lion Server Gateway Issues

Hello,

I have a perplexing issue with both my own server and a client's server. In both cases I am trying to configure a Lion server as a gateway (Firewall, DNS, DHCP, NAT) and I am unable to get the services working consistently. If I am able to get my server(s) functioning as gateways I lose DHCP any time the service restarts.

I have been able to reproduce this issue on two separate networks in two different locations on two separate static IPs with both a Mac Pro and a Mac Mini.

1. I setup reverse DNS with both ISPs.

2. I began with a fresh 10.7.0 server installation from the recovery partition, the I configured my static IP address and FQDN during the Setup Assistant, rDNS checked out fine, and after the assistant was done I immediately ran updates.

3. After restarting I configured my DNS. I setup a machine address for the server and linked my FCDN to my static IP address.

4. I downloaded Server Admin Tools 10.7.2 from http://support.apple.com/kb/DL1457 and installed them. I ran Software Update again to make sure the system was completely up to date.

5. Using Server Admin I enabled NAT and ran the Gateway Setup Assistant.

6. After running Gateway Setup Assistant the LAN was unable to obtain IP addresses via DHCP. Devices connected to the LAN had self-assigned IP addresses.

7. I opened the Firewall for both "any" and "192.168.1.1-net" by allowing both IP address groups to allow all traffic.

Still no luck. A little Googling and I found http://support.apple.com/kb/TS3887 - "Unable to connect to the Internet after running NAT Gateway Setup Assistant".

8. I follwed the instructions in TS3887 and my LAN was still unable to obtain an IP address via DHCP.

After 3 days of trial and error I have found that my DHCP settings are being reset whenever I start/stop/start DHCP services. Whenever I restart the DHCP service I get one of the following error message sequences in /var/system.log:

Jan 25 16:19:43 server servermgrd[71]: servermgr_dhcp:bootp config:Error:Unable to read configuration file - error 2 (No such file or directory)

Jan 25 16:19:43 server servermgrd[71]: servermgr_dhcp:bootp config:Notice:Created default configuration file

Jan 25 16:19:43 server servermgrd[71]: servermgr_dhcp:bootp config:Notice:Created 2 default subnet records

or

Jan 25 16:15:50 server serveradmin[4843]: servermgr_dhcp:bootp config:Error:Unable to read configuration file - error 2 (No such file or directory)

Jan 25 16:15:50 server serveradmin[4843]: servermgr_dhcp:bootp config:Notice:Created default configuration file

Jan 25 16:15:50 server serveradmin[4843]: servermgr_dhcp:bootp config:Notice:Created 1 default subnet records

As it turns out, something is overwriting /etc/bootpd.plist:

sh-3.2# ls -al /etc/bootpd.plist

-rw-r--r-- 1 root wheel 1536 Jan 25 16:20 /etc/bootpd.plist

sh-3.2# serveradmin stop dhcp

dhcp:state = "STOPPED"

sh-3.2# ls -al /etc/bootpd.plist

-rw-r--r-- 1 root wheel 1132 Jan 25 16:47 /etc/bootpd.plist

I have no idea why Server Manager believes that /etc/bootpd.plist does not exist but I began to notice some strang behavior while working on the problem.

- While DHCP was turned off in Server Admin devices on my LAN were often able to obtain IP addresses through BootP.

1. I could use Server Admin to start DHCP but it would fail and create two new subnets, one for my WAN and one for my LAN. Although no subnets were enabled decices on my LAN would obtain IP addresses through BootP. I could then start DHCP with none of the subnets enabled.

2. If I enabled the LAN subnet and restarted DHCP Server Admin would fail to start DHCP. I could try again and DHCP would start with no subnets enabled.

3. If I stopped DHCP the system would again reset my /etc/bootpd.plist and I woudl be left with one subnet for my LAN. This subnet was enabled by default.

4. If I stopped DHCP the system woudl once again reset my /etc/bootpd.plist and I would have one subnet for my WAN. This subnet was disabled by default.

And then this loop would continue in slightly different variations indefinately. Here is what my log looks like while this is happening:

Jan 25 17:09:04 server servermgrd[71]: servermgr_dhcp:bootp config:Error:Unable to read configuration file - error 2 (No such file or directory)

Jan 25 17:09:04 server servermgrd[71]: servermgr_dhcp:bootp config:Notice:Created default configuration file

Jan 25 17:09:04 server servermgrd[71]: servermgr_dhcp:bootp config:Notice:Created 1 default subnet records

Jan 25 17:09:13 server servermgrd[71]: servermgr_dhcp:bootp config:Error:Unable to read configuration file - error 2 (No such file or directory)

Jan 25 17:09:13 server servermgrd[71]: servermgr_dhcp:bootp config:Notice:Created default configuration file

Jan 25 17:09:13 server servermgrd[71]: servermgr_dhcp:bootp config:Notice:Created 2 default subnet records

Jan 25 17:09:25 server bootpd[5726]: server name server.perfecteden.com

Jan 25 17:09:25 server bootpd[5726]: interface en0: ip 192.168.2.1 mask 255.255.255.0

Jan 25 17:09:25 server bootpd[5726]: interface en2: ip 173.160.121.37 mask 255.255.255.252

Jan 25 17:09:25 server bootpd[5726]: DHCP REQUEST [en0]: 1,d0:23:db:a6:77:d <iPhone>

Jan 25 17:09:25 server bootpd[5726]: ACK sent iPhone 192.168.2.9 pktsize 300

Jan 25 17:09:25 server bootpd[5726]: service time 0.001889 seconds

Jan 25 17:09:25 server bootpd[5726]: DHCP REQUEST [en0]: 1,d0:23:db:a6:77:d <iPhone>

Jan 25 17:09:25 server bootpd[5726]: ACK sent iPhone 192.168.2.9 pktsize 300

Jan 25 17:09:25 server bootpd[5726]: service time 0.000943 seconds

Jan 25 17:09:27 server servermgrd[71]: servermgr_dhcp:bootp config:Error:Unable to read configuration file - error 2 (No such file or directory)

Jan 25 17:09:27 server servermgrd[71]: servermgr_dhcp:bootp config:Notice:Created default configuration file

Jan 25 17:09:27 server servermgrd[71]: servermgr_dhcp:bootp config:Notice:Created 2 default subnet records

Jan 25 17:09:37 server servermgrd[71]: servermgr_dhcp:bootp config:Error:Unable to read configuration file - error 2 (No such file or directory)

Jan 25 17:09:37 server servermgrd[71]: servermgr_dhcp:bootp config:Notice:Created default configuration file

Jan 25 17:09:37 server servermgrd[71]: servermgr_dhcp:bootp config:Notice:Created 2 default subnet records

The only times it seems that DHCP is working is when it is off... which does not make any sense.

Here are some screenshots:

Mac mini, Mac OS X (10.7.2), Mac Mini Server (Mid 2011) (11C74)

Posted on Jan 25, 2012 3:23 PM

Reply

Answer 1

Jan 30, 2012 9:23 AM in response to Robbie Kasowan

If it's any help at all, this is EXACTLY the same problem as I have. It seems something is fundamentally broken here.

Reply

Answer 2

Camelot

Level 9

54,339 points

Jan 30, 2012 9:42 AM in response to Robbie Kasowan

I don't know if it's directly related, but your setup is wrong. That could be why the config is resetting.

On your 'internal' interface you're manually setting the IP address to 192.168.2.1/255.255.255.0, and that's fine, but this interface should have NO router address specified. In your case you've set the router address to the server itself, which is never going to be accurate.

Secondly, the DHCP settings don't have a router address set. This means that your DHCP server will hand out addresses to clients, but won't tell them how to get to the outside world. Hardly seems appropriate to me.

In your DHCP settings you should set the router address to the address of your NAT server (in this case 192.168.2.1).

Try those fixes and see if it makes any difference.

Reply

Answer 3

Jan 30, 2012 1:11 PM in response to Camelot

Thanks Camelot!

The router address on the LAN side is what fixed this for me. Once I took that out and rebooted everything, all works fine. I had some static mappings set up, and I hadn't realised that spaces etc were not allowed in the name given to them in the DHCP config. I thought they were just labels. Once I took those out, they worked fine too.

Just need to figure out how to do port forwarding, and I'll be happy!

Reply

Answer 4

Jan 31, 2012 8:02 AM in response to Camelot

The internal router config was also the solution to my problem. I had a router set in my DHCP settings, the screenshots were just examples of what the setup looked like when it lost configs and went to defaults.

Its funny. Knowledgebase article http://support.apple.com/kb/TS3887 doesn't say anything about the internal interface's router information and I assumed it had to be filled in with something. Seems to be working for now. Now to test if this is also the reason why I can't get VPN working from an outside network.

Reply

Answer 5

Feb 7, 2012 3:33 PM in response to Robbie Kasowan

I thought this was a working solution but I was still having issues with DHCP settings and I could not get my VPN online. When I had NAT turned on my DHCP would go nuts and when I had NAT turned off my local network could not access the internet throught my server/gateway.

Thankfully after updating to 10.7.3 the issues all appear to be resolved. Now my DHCP is stable, NAT is turned off and my LAN has access to the internet, and my VPN works.

Reply