Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

How can I use Apple Caching Service on a Network with Multiple Public IPs?

Hello!


I help manage a network of ~4000 clients for a small liberal arts college in Michigan. I'm looking into the possibility of implimenting Apple Caching Server for our network.


We have one 400mbit pipe out to the internet, and all of our clients are given public-facing IPs to the internet. A caching server would be great, especially on update days. All wireless clients are on the same subnet, which is where I'd like the server to be serving the cached copies.


I have installed Mavericks on a fresh machine, downloaded OS X Server 3.0.3, and attempted to start the caching service. This is what I get.


User uploaded file


Unable to start service.

Caching cannot be run on a public network. Consult documentation.


How can I get this up and running?

iMac, OS X Server

Posted on Feb 4, 2014 12:45 PM

Reply
16 replies

Feb 5, 2014 12:00 PM in response to HopeCollege

Assuming I've understood you could try CIDR notation? For example 172.16.16.0/24 and so on.


Not that this will help but have you seen this?


http://support.apple.com/kb/HT5590


The information regarding the ListenRanges key appears to exclude what you're trying to do? Which in one way answers your question about NAT being a requirement and incidently what the error message was telling you the first time you tried to start the service.


I think you may have to get imaginative with your network that may not be worth your while? On the other hand if you ever manage to get this to work let us know.

Feb 6, 2014 10:19 AM in response to Antonio Rocco

No such luck! I added:


<key>ListenRanges</key>

<array>

<dict>

<key>type</key>

<string>IPv4</string>

<key>first</key>

<string>XXX.XXX.XXX.XXX</string>

<key>last</key>

<string>XXX.XXX.XXX.XXX</string>

</dict>

</array>

<key>ListenRangesOnly</key>

<true/>


with our whole IP Min and Max. No dice, same "can't be run on public network" message. It's not a public network, Apple!

Feb 6, 2014 11:20 AM in response to HopeCollege

I may be stating the obvious here but for you it's not a Public Network but for Apple it is. It's not their fault if at some time in the past your institution decided to use a public IP address range for their private network.


Apple (and others) have developed and continue to develop technologies that require certain security mechanisms that most would agree make routable addresses 'dangerous'. IMO I think Apple think their networkable devices/products should be protected with what they percieve as 'safe' which does not involve routable addresses.


Not sure where you can go from here?

Feb 6, 2014 3:06 PM in response to HopeCollege

One final idea you could try that might work assuming you understand the concept of IP aliasing?


http://apple.stackexchange.com/questions/30342/how-can-i-add-external-interface- to-my-os-x-with-a-valid-ip


For your situation think of it in reverse. Launch terminal and have a look at ipconfig's manual. It's been a while since I last used it but I don't think anything has changed?


Just an opinion but Apple will cheerfully confirm they are a consumer company commited to making consumer products. Yes they'll happily make their consumer products play nicely with Microsoft's Enterprise software but that's as far as it goes. Their own server offering - do you honestly think they use it themselves? - reflects this stance and IMO has been specifically engineered (dumb downed) since 10.7 for the SOHO market that is more than happy to buy their consumer products.


Don't get me wrong it's a decent enough server considering its cost although there are a score of free Linux Servers you could use that offer more scope. But that's were those of us who want to get enterprise with it start to become disappointed. Ultimately you can only work with the little Apple provide and for anything else beyond? You're on your own.

Mar 25, 2014 12:56 PM in response to HopeCollege

The way the Caching server works is that the server will be accessing the Internet and when doing so traffic will be coming from it via a particular public IP address. Usually this will not be the address of the server itelf but your router as for most networks NAT is used. In this by far more common scenario the client Macs (and likely iOS devices) will be going through the same router and hence show up via the same public IP address.


If the client request is the same as the address registered via the Caching server then Apple redirect the request via the Caching server.


The setup would look something like this -


Internet

|

Router (with NAT)

|

(LAN) +------Caching Server-----Client devices


With this setup because everything is using the same public IP address Apple can reasonably assume everything is on the same network and trigger a redirection to your Caching server.



If you try a setup like the following with the Caching server having its own public IP it will not work because the Caching server and client devices will have different public IP addresses


Internet

|

Router (no NAT)-------------------+

| |

Firewall (with NAT) Caching Server

| |

| |

(LAN) +-----Client devices-----------+-----------



Your configuration as described is more like the following


Internet

|

Router (no NAT)

|

(LAN) +------Caching Server-----Client devices


With yours not having NAT each device has its own public IP address including the Caching server and Apple cannot redirect traffic as it thinks they are on different networks.

Jul 24, 2014 3:29 AM in response to John Lockwood

What if we do like this.


Internet

|

Router R1

|

|--- RouterR2 ----Cache Server (Local ip, NATed at R1)

|

Router R3 ----- LAN

|

Router R4 ----- LAN

|

and so on


With condition that we know what is Apple's servers addresses and only NAT connection going to apple server at R1 (connection going to other address are NATed at R3 R4).


OS X: Server addresses used by Software Update

Jul 24, 2014 3:50 AM in response to sguox

As long as all the networks and the caching server are all using the same Internet link, even if they are on different networks you will be fine. If the clients use a different Internet link to the caching server then they will not match.


To test they are using the same Internet link you need to check they all use the same single public IP address i.e. the Internet router address. To do this go to the following webpage on various clients and the caching server. If they are reporting the same IP address it should work.


http://www.whatsmyip.org


With regards to Apple's IP address, they have multiple servers in groups and therefore there is no single IP address, Apple have the entire 17.x.x.x block and any firewall rules have to allow access to that entire block if you want to be able to reach Apple servers. A single host name used by Apple might and usually does point to an entire group of Apple servers and therefore lots of different IP addresses all in the 17.x.x.x block. The subnet mask for that block would be 255.0.0.0

How can I use Apple Caching Service on a Network with Multiple Public IPs?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.