Can you tell us more about your configuration. I'm assuming it's a DHCP server? And do you have local or public DNS? Also, are you using any port forwarding? Public, Private or Dyn. IP address?
I also have DNS. This one is a bit tricky and I am not 100% certain of my set-up.
I have 2 ethernet port, one sharing internet (en0 / 10.0.0.10) and the other (the fastest en1 / 192.168.2.1) sharing the intranet. In my zone the server IP Address came by default as 10.0.0.10 which for some reason appears wrong to me but if I change this to 192.168.2.1 my DNS does not work anymore.
I also have the firewall started with the minimum ports open on the external port.
AFP/Open Directory/Print/Software Update & VPN are also enabled.
the error message happens every 3 minutes an the every 2 minutes. Looks like this
Apr 19 08:01:02 athena natd[284]: failed to write packet back (No route to host)
Apr 19 08:03:32 athena natd[284]: failed to write packet back (No route to host)
Apr 19 08:06:02 athena natd[284]: failed to write packet back (No route to host)
Apr 19 08:08:32 athena natd[284]: failed to write packet back (No route to host)
Apr 19 08:11:02 athena natd[284]: failed to write packet back (No route to host)
Here is one thing that is prime with the NAT service.
The Firewall service MUST be running for NAT to work. Most of the NAT problems I have seen are based around this one issue, but obviously are not the only possibility.
From the Apple documentation:
Enabling NAT also automatically creates a divert rule to the Firewall configuration. The Server Admin application in Mac OS X Server allows the NAT service and the Firewall service to be enabled and disabled independently. But for the NAT service to operate, both the NAT and the Firewall service need to be enabled. This is because an essential part of NAT is the packet divert rule. That rule is added to the Firewall when NAT service is enabled, but the Firewall service must be turned on for the packet divert rule, or any Firewall rule, to have any effect.
Warning: IP Firewall must be enabled for NAT to function.
en0 is on top of the interfacelist in Network config?
Router IP (your Internet router LAN IP, 10.0.0.1 ?) is only filled in in en0 config (I know the assistant fills in both interfaces but leave en1 router field empty) ?
In your Internet router (if NAT is OFF in OS X server) you need a static route back to 192.168.1.0/24 network (or whatever 192.168.xxx.xxx net it was you used) with 10.0.0.10 as gw.
Why do you need this routing anyway?
You already have a NAT router between your server and Internet.