Want to highlight a helpful answer? Upvote!

Did someone help you, or did an answer or User Tip resolve your issue? Upvote by selecting the upvote arrow. Your feedback helps others! Learn more about when to upvote >

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: ElvisVelea
ElvisVelea Author
User level: Level 1
4 points

mac mini as gateway, mountain lion and osx server 2.1.1

Hi,


I have a weird setup, hope that will attract more people to help me troubleshoot this problem 😝


I want to use my mac mini server as a gateway for a secondary network that would be behind a VPN.


The setup is like this:


1. Cable modem offers me a public IP address

2. Time machine is connected to the cable modem and creates a wired+wireless network (W-1) -> gives out private IP addresses from 10.0.1.0/24

3. Mac mini server connects over wireless (5Ghz) to the time machine and receives 10.0.1.14

- the mac mini server also connects to a PPTP VPN which gives me a public IP address

- in order to preserve some kind of privacy, I've named the IP address of the VPN server (Server address) as VPN_SERVER and the public IP I receive from the VPN server as VPN_IP

- to the PPTP endpoint a /27 subnet (SUBNET) is routed

- the mac mini server runs DHCP and DNS services (for now) ; the DHCP server offers IP addresses from SUBNET to the airport express below

4. Airport express connects to the mac mini over ethernet and bridges that connection creating a second wired + wireless network W-2

clients behind W-2 get IPs from SUBNET


the problem that I have is that I can not get the mac mini server to forward the packets it receives from ethernet to the VPN server or the other way around


here is my ifconfig -a:


(en0 is ethernet, en1 is wifi)


server:~ root# ifconfig -a

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384

options=3<RXCSUM,TXCSUM>

inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1

inet 127.0.0.1 netmask 0xff000000

inet6 ::1 prefixlen 128

gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280

stf0: flags=0<> mtu 1280

en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500

options=2b<RXCSUM,TXCSUM,VLAN_HWTAGGING,TSO4>

ether c8:2a:14:20:c6:5f

inet SUBNET.225 netmask 0xffffffe0 broadcast SUBNET.255

media: autoselect (1000baseT <full-duplex,flow-control>)

status: active

en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500

ether 10:9a:dd:c2:51:1c

inet6 fe80::129a:ddff:fec2:511c%en1 prefixlen 64 scopeid 0x5

inet 10.0.1.14 netmask 0xffffff00 broadcast 10.0.1.255

media: autoselect

status: active

fw0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 4078

lladdr 70:cd:60:ff:fe:6c:fc:d8

media: autoselect <full-duplex>

status: inactive

p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304

ether 02:9a:dd:c2:51:1c

media: autoselect

status: inactive

ppp0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1444

inet VPN_IP --> VPN_SERVER netmask 0xff000000


here is also netstat -arn


server:~ root# netstat -arn

Routing tables



Internet:

Destination Gateway Flags Refs Use Netif Expire

default VPN_SERVER UGSc 40 0 ppp0

default link#4 UCSI 0 0 en0

default 10.0.1.1 UGScI 3 0 en1

8.8.8.8 VPN_SERVER UGHWIi 1 100 ppp0

10.0.1/24 link#5 UCS 5 0 en1

10.0.1.1 70:56:81:c7:37:77 UHLWIir 5 293 en1 1184

10.0.1.255 ff:ff:ff:ff:ff:ff UHLWbI 0 31 en1

17.72.255.12 VPN_SERVER UGHWIi 1 6 ppp0

23.14.211.205 VPN_SERVER UGHW3Ii 0 121 ppp0 3175

SUBNET/27 link#4 UCS 3 0 en0

1ST-IP_SUBNET 127.0.0.1 UHS 0 0 lo0

SUBNET.255 ff:ff:ff:ff:ff:ff UHLWbI 0 25 en0

[...]

127 127.0.0.1 UCS 0 0 lo0

127.0.0.1 127.0.0.1 UH 2 4104 lo0




Internet6:

Destination Gateway Flags Netif Expire

::1 link#1 UHL lo0

fe80::%lo0/64 fe80::1%lo0 UcI lo0

fe80::1%lo0 link#1 UHLI lo0

fe80::%en1/64 link#5 UCI en1

fe80::129a:ddff:fec2:511c%en1 10:9a:dd:c2:51:1c UHLI lo0

ff01::%lo0/32 fe80::1%lo0 UmCI lo0

ff01::%en1/32 link#5 UmCI en1

ff02::%lo0/32 fe80::1%lo0 UmCI lo0

ff02::%en1/32 link#5 UmCI en1

ff02::fb%en1 link#5 UHmW3I en1 3406


I've tried changing the MTU of the interfaces on the mac mini and also changing the MTU of the tunnel, having all three with the same MTU did not solve the problem.


I've also tried the internet sharing option between the VPN and the ethernet and also between the wifi and ethernet, the result is the same.


I also tried to changed the order of the interfaces by setting the service order, none of the combinations worked (VPN,ethernet,WiFi/ VPN,WiFi,ethernet/ ethernet/VPN/WiFi, etc)


IPFORWARDING is YES in /etc/hostconfig


$ sysctl -a |grep forw

net.inet.ip.forwarding: 1


does anyone have a clue what I am doing wrong?


thanks,

elvis

Mac mini, OS X Server

Posted on Nov 16, 2012 5:26 PM

Reply

There are no replies.

mac mini as gateway, mountain lion and osx server 2.1.1

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up