How do I set a static IP for Mac Mini Server behind a router?

Question

How do I set a static IP for Mac Mini Server behind a router?

I have a static IP through Comcast Business. I have a Buffalo AG300H router set up. I forwarded the full range of ports (1-65355) for the IP router address (192.168.11.2) associated with my Mac Mini Server

The problem I'm having is that the server is still reading the router IP (192.168.11.2) instead of the static IP. Because of this I cannot connect to the server outside my network and my filemaker server will not connect either.

Is there a setting in the router that I'm missing. Do I need to manually set-up the IP on the server side? Is there a special MAC Filtering setting?

MAC MINI SERVER (LATE 2012), OS X Server

Posted on Nov 14, 2013 10:36 AM

Reply

Answer 1

cpragman

Level 2

465 points

Nov 14, 2013 6:36 PM in response to Stephan Krasner

Yikes!!

I forwarded the full range of ports (1-65355) for the IP router address (192.168.11.2) associated with my Mac Mini Server

Then there is the distinct possibility that your server is already "pwned". By forwarding every port at the firewall to your server's internal IP address, you've made your server a receiver of any attack whosoever that anyone on the internet wants to probe it with. Are you prepared to "nuke and pave" the server and try again with a fresh install?

Your server will have an INTERNAL IP address, which you set manually on the server (Network tab of system perferences). Since it's a server, you don't want it to use automatic DHCP and dynamically acquire whatever the next available IP address is from the router. You want the server to have a fixed IP address inside your network, so you can manually configure your router to forward specific traffic to it. In the Network preference, you have to change the IPv4 setting from "DHCP" to either "DHCP with manual address" or "Manually".

For example:

OUTSIDE your network, Comcast has assigned your router an EXTERNAL IP address. This is the address that your network can be accessed from when you are outside your private network. If you forward specific ports on your router to INTERNAL IP address of your server, then your router will grab those particular incoming packets from the great-big internet, and send them on to your server.

Reply

Answer 2

Nov 15, 2013 5:58 AM in response to cpragman

Yikes indeed. For anyone else reading this post cpragman is 100% right! Never open all of your ports! If a router is functioning proprly, just opeing the ports you need is all you need. To answer the second half, I did have the IP and DNS set manually to the correct settings.

The problem ended up being that my domain DNS was using the wrong static IP (Comcast gives you two one of which is a dummy). That alone prevented me from successfully connecting to anything on the server through the router. After that was fixed I also found that my router was not working properly. I got a new router and all was fixed on the local network.

After about 7 hours of trial and error, I tracked down the two culprates with the help of Apple CS. Here's how:

1. I started back at square one with ports 5003 and 548 open for Filemaker and AFP.

2. I went into terminal and pinged the dns server from both the server (connected via ethernet) and a client machine connected to the router wirelessly by typing the following: "host server.mydomain.com" and "host mystaticipaddress"

3. When I saw a comcast.net string coming back as a response instead of my domain DNS (server.mydomain.com) I got the culprit.

4. After changing my domain DNS, the server side was working, but the client side still would not connect. When I tested the client out on another network I could connect without issue. After another hour of messing with settings on the router I retired it and got a new one. As soon as I upgraded the router, the client machine connected without issue.

Many thanks for the good advice by Cpragman and Apple CS!

Reply