I would like advice on how to setup/fix a Mac Snow Leopard (10.6.8) server running on an Xserve. The server is only used to to host network accounts / act as a remote drive for a Mac-based laboratory. It is not a mail server, web server, etc. The goal is to enable (i.e., force) students to keep all of their documents on the server while accessing them easily from any computer, ideally from any point in the world.
The current setup is:
Linksys router (192.168.1.1) connects WAN (address WWW.WW.WWW.WWW) to LAN with both DMZ and local DNS pointing to server address (192.168.1.55)
Snow leopard server at 192.168.1.55
Client macs and pcs with various local addresses 192.168.1.XXX
From the LAN side, this setup works well in that all of the client Macs (from PowerPCs running 10.5 to brand new machines running 10.8.4) have no problem accessing their network accounts. They can also access the outside world seamlessly. The server can be administered using Screen Sharing from client machines running recent versions of Mac OS (e.g., 10.8.4)
From WAN side, some things work but others don't:
– Macs can access the server using AFP://WWW.WW.WWW.WWW, although VPN
needs to be running if we are off-campus
– Macs CANNOT login to the Network Account Server when outside the LAN
If I go to "Users & Groups", "Login Options" and enter the server address
WWW.WW.WWW.WWW, I get unable to add server with a "Connection
failed to the directory server (2100) error message
– I can no longer login to the server using Screen Sharing. (This worked a few months ago,
so I am not sure why this is failing.)
– I worry that opening a DMZ to the server is unnecessary from a security standpoint, and
I would be better with port forwarding specific ports (but which ones?)
I am open to new configurations if necessary, but I suspect this is something straightforward. I am also happy to RTFM for either the server or the router, but I'd like some guidance as to what is feasible/preferred. Specifically, I would particularly like students to be able to login to the Network Account Server from outside the LAN.
The server does not do anything else (e.g., mail, web hosting).
Although we do have an IT support group in-house, their opinion seems to be that computers are security risks that should not fall into the hands of users. The mere mention of Apple products sets off a rant.
Thank you for your advice and suggestions.