How to Configure DHCP/NAT in Time Capsule

Question

How to Configure DHCP/NAT in Time Capsule

Assuming I can get my Comcast Cable model to act as a bridge, I see advice for setting up my Time Capsule as a DHCP/NAT.

On the Comcast Cable modem:

WAN IP address = 174.13.188.121. <- fake IP

WAN IP gateway = 174.13.188.122.

WAN subnet mask = 174.13.188.122.

LAN IP address = 10.1.10.1.

LAN subnet mask = 255.255.255.0.

I'd like to use 10.1.10.11 for Time Capsule, 10.1.10.13 for Mac Mini Server, 10.1.10.17 for iMac#1 and 10.1.10.19 for iMac#2.

But nooooooo. The AirPort Utility offers only the following DHCP Ranges:

10.0.1.3 - 10.0.1.200, or

176.16.1.3 - 176.16.1.200, or

192.168.1.3 - 192.168.1.200

There's a checkbox for "Enable NAT Port Mapping Protocol," but the documentation on it is poor. There's also a checkbox for "Enable default host at: 10.0.1.253, or 176.16.1.253 or 192.168.1.253," but its documentation is equally poor. Apparently Apple didn't see the need to explain how these things work.

If I use a LAN IP of 10.0.0.1 for the Comcast Cable Modem, then use AirPort Utility to set a DHCP Range of 10.0.0.3 to 10.0.0.200 I receive a warning message that "The DHCP range you have entered conflicts with the WAN IP address of your base station."

I don't see the conflict -- what is wrong? Better yet, how do use AirPort Utility to set up Time Capsule?

Mac mini, OS X Mountain Lion (10.8.3), Mac Mini Server (late 2012)

Posted on Jul 21, 2013 6:25 PM

Reply

Answer 1

Top-ranking reply

LaPastenague

Level 9

67,244 points

Jul 21, 2013 6:37 PM in response to Francis Drouillard

If you setup the Comcast modem as bridge it will pass the public IP to the TC and you won't have any issues.. this is the best way.

Apparently your comcast modem is also a router.. check the instructions for bridging it or order a pure modem.. much easier to work with.

Of course if you get wireless and phone and TV via the cable well you cannot bridge it and you should bridge the TC. Otherwise you will have double NAT problems.

I'd like to use 10.1.10.11 for Time Capsule, 10.1.10.13 for Mac Mini Server,10.1.10.17 for iMac#1 and 10.1.10.19 for iMac#2.

You cannot use those IP addresses if the wan address of the TC is 10.1.10.13.. only if it is bridged will they work. And you set this up on the comcast modem router not the TC.

You cannot use any 10.x.x.x address

If I use a LAN IP of 10.0.0.1 for the Comcast Cable Modem, then use AirPort Utility to set a DHCP Range of 10.0.0.3 to 10.0.0.200 I receive a warning message that "The DHCP range you have entered conflicts with the WAN IP address of your base station."

As per your experience.. you cannot have the same IP range on WAN and LAN ports.

And all 10.x.x addresses assume class A subnet. even though you define it with Class C.. ie 255.255.255.0 the routers always revert to 255.0.0.0. so it will not work.

Better yet, how do use AirPort Utility to set up Time Capsule?

Setup the TC in bridge.. or bridge the cable modem. Otherwise you need to use a completely different ip range.. ie 192.168.x.x and suffer the double NAT.

Reply

Answer 2

Jul 21, 2013 8:15 PM in response to LaPastenague

Thank you for your response, but I remain completely overwhelmed by this mess. What should be something simple has become an enormous task.

Internet

^

Cable Modem WAN IP: 174.13.188.121 (fake IP address)

Subnet Mask WAN: 255.255.255.252

Cable Modem LAN IP: 192.168.0.1

Subnet Mask LAN: 255.255.255.0

I'd like all requests to my public static IP 174.13.188.121 to be served up from my Mac Mini Server with private static IP 192.168.0.19.

Time Capsule IP: 192.168.0.11

Mac Mini Server IP: 192.168.0.19 running Server.app

iMac #1 Client IP: 192.168.0.17

iMac #2 Client IP: 192.168.0.13

I want the Server.app to serve the public. The above is what I have configured now. Some behavior is odd. For example, I can access the internet from the iMac clients but not the Mac Mini Server. I don't know why.

In other words, how do I string together my Comcast Cable Modem, Time Capsule, Mac Mini Server, iMac#1 and iMac#2 into a useful LAN that can browse the Internet and provide FTP and Web service?

I would think this is a common setup with several sample setups available on the web. No such luck.

Reply

Answer 3

Jul 22, 2013 2:51 AM in response to Francis Drouillard

The cable modem is doing the whole job.. it is a NAT router.. the TC should be bridged and play no part.

If you want to the mini running 192.168.0.19, then either set that IP statically on the unit.. or if there is dhcp reservation in the comcast modem set it there.

The values should be as follows.

IP 192.168.0.19

Subnet mask 255.255.255.0

Router 192.168.0.1

DNS 192.168.0.1

Set that statically in the Mini and it should work fine.

The TC in bridge can be totally ignored by the system.. it will merely provide wireless access. And hard disk available for TM backups.

All port forwarding will happen in the Comcast modem router.

Reply

Answer 4

Jul 22, 2013 7:36 PM in response to LaPastenague

That helped a great deal, thank you.

Time Capsule, the Mac Mini and the two iMacs were manually configured.

The LAN DHCP on the Comcast NAT router is disabled.

Server.app is not yet installed.

The Mac Mini and iMacs are connected to the Internet. After going into the Comcast cable modem and mapping public IP 174.13.188.121 to private IP 192.168.0.19 (the Mac Mini), the Mac Mini can no longer access the Internet. Disabling NAT restored access.

Server.app was installed. DNS and File Sharing services were turned on during installation. I deleted the primary zone "www.dogfunplaces.com." A new primary zone "dogfunplaces.com" was added as well as the nameserver "www.dogfunplaces.com" and the hostname "www" with the IP address 192.168.0.1.

FTP, Wiki and Websites services were turned on. Open Directory services were turned on and configured. Users and groups with access to FTP and Wiki services were added. The Mac Mini and iMacs are still connected to the Internet.

Back in the Comcast router, NAT was enabled and configured. FTP and Wiki can be accessed from the private network using the private IP address, but not from the private network usint the public IP address.

Is it necessary to configure Port Forwarding for NAT to work?

Reply

Answer 5

Jul 22, 2013 9:54 PM in response to Francis Drouillard

I do not know what this means.

Back in the Comcast router, NAT was enabled and configured. FTP and Wiki can be accessed from the private network using the private IP address, but not from the private network usint the public IP address.

The access should be fully open from LAN side.. always is.. you never port forward on LAN connection.. public or private IP is irrelevant.

But I am not sure what you mean by private network using public IP.. public IP is WAN address. .the only place you access WAN is remotely.. if you come in on the public IP you must port forward every single port you require to the correct IP in lan. And even then.. some apple firmware will block access.. ftp is apparently blocked in 7.6.3 and perhaps 7.7 firmware.

You cannot access more than one location.. and the ISP may block access. All of these things are standard issues of running NATted IPv4 addressing on the internet.

Reply