Previous 1 2 Next 15 Replies Latest reply: Jul 24, 2014 3:50 AM by John Lockwood
HopeCollege Level 1 Level 1

Hello!

 

I help manage a network of ~4000 clients for a small liberal arts college in Michigan. I'm looking into the possibility of implimenting Apple Caching Server for our network.

 

We have one 400mbit pipe out to the internet, and all of our clients are given public-facing IPs to the internet. A caching server would be great, especially on update days. All wireless clients are on the same subnet, which is where I'd like the server to be serving the cached copies.

 

I have installed Mavericks on a fresh machine, downloaded OS X Server 3.0.3, and attempted to start the caching service. This is what I get.

 

Screen Shot 2014-02-04 at 3.14.55 PM.png

 

Unable to start service.

Caching cannot be run on a public network. Consult documentation.

 

How can I get this up and running?


iMac, OS X Server
Reply by Antonio Rocco on Feb 5, 2014 12:00 PM Helpful

Assuming I've understood you could try CIDR notation? For example 172.16.16.0/24 and so on.

 

Not that this will help but have you seen this?

 

http://support.apple.com/kb/HT5590

 

The information regarding the ListenRanges key appears to exclude what you're trying to do? Which in one way answers your question about NAT being a requirement and incidently what the error message was telling you the first time you tried to start the service.

 

I think you may have to get imaginative with your network that may not be worth your while? On the other hand if you ever manage to get this to work let us know.

Reply by Antonio Rocco on Feb 6, 2014 3:06 PM Helpful

One final idea you could try that might work assuming you understand the concept of IP aliasing?

 

http://apple.stackexchange.com/questions/30342/how-can-i-add-external-interface- to-my-os-x-with-a-valid-ip

 

For your situation think of it in reverse. Launch terminal and have a look at ipconfig's manual. It's been a while since I last used it but I don't think anything has changed?

 

Just an opinion but Apple will cheerfully confirm they are a consumer company commited to making consumer products. Yes they'll happily make their consumer products play nicely with Microsoft's Enterprise software but that's as far as it goes. Their own server offering - do you honestly think they use it themselves? - reflects this stance and IMO has been specifically engineered (dumb downed) since 10.7 for the SOHO market that is more than happy to buy their consumer products.

 

Don't get me wrong it's a decent enough server considering its cost although there are a score of free Linux Servers you could use that offer more scope. But that's were those of us who want to get enterprise with it start to become disappointed. Ultimately you can only work with the little Apple provide and for anything else beyond? You're on your own.

All replies

  • HopeCollege Level 1 Level 1

    Apologies, this is OS X Server 3.0.2, on Mavericks 10.9.1

  • HopeCollege Level 1 Level 1

    The only information I can find talks about the server being behind a NAT. Is that a requirement?

  • HopeCollege Level 1 Level 1

    Just found this thread. Looks like it's not possible

     

    https://discussions.apple.com/message/21233477#21233477

  • HopeCollege Level 1 Level 1

    Is there any way to specify a whole range of IPs in the Server Mananger, instead of just one?

  • Antonio Rocco Level 6 Level 6
    expertise.serversenterprise
    Servers Enterprise

    Assuming I've understood you could try CIDR notation? For example 172.16.16.0/24 and so on.

     

    Not that this will help but have you seen this?

     

    http://support.apple.com/kb/HT5590

     

    The information regarding the ListenRanges key appears to exclude what you're trying to do? Which in one way answers your question about NAT being a requirement and incidently what the error message was telling you the first time you tried to start the service.

     

    I think you may have to get imaginative with your network that may not be worth your while? On the other hand if you ever manage to get this to work let us know.

  • HopeCollege Level 1 Level 1

    I'll give it a shot!

  • HopeCollege Level 1 Level 1

    No such luck! I added:

     

    <key>ListenRanges</key>

       <array>

         <dict>

           <key>type</key>

           <string>IPv4</string>

           <key>first</key>

           <string>XXX.XXX.XXX.XXX</string>

           <key>last</key>

           <string>XXX.XXX.XXX.XXX</string>

         </dict>

       </array>

       <key>ListenRangesOnly</key>

       <true/>

     

    with our whole IP Min and Max. No dice, same "can't be run on public network" message. It's not a public network, Apple!

  • Antonio Rocco Level 6 Level 6
    expertise.serversenterprise
    Servers Enterprise

    I may be stating the obvious here but for you it's not a Public Network but for Apple it is. It's not their fault if at some time in the past your institution decided to use a public IP address range for their private network.

     

    Apple (and others) have developed and continue to develop technologies that require certain security mechanisms that most would agree make routable addresses 'dangerous'. IMO I think Apple think their networkable devices/products should be protected with what they percieve as 'safe' which does not involve routable addresses.

     

    Not sure where you can go from here?

  • HopeCollege Level 1 Level 1

    I'm not sure either. I feel like it's not insane to expect a Server program to work on more than one IP. Apple designed the technology to be helpful for a portion of users and unflexible for everyone else.

     

    I guess I'm out of luck until Apple decides to give some better support for more network types.

     

    Thanks for the ideas though!

  • Antonio Rocco Level 6 Level 6
    expertise.serversenterprise
    Servers Enterprise

    One final idea you could try that might work assuming you understand the concept of IP aliasing?

     

    http://apple.stackexchange.com/questions/30342/how-can-i-add-external-interface- to-my-os-x-with-a-valid-ip

     

    For your situation think of it in reverse. Launch terminal and have a look at ipconfig's manual. It's been a while since I last used it but I don't think anything has changed?

     

    Just an opinion but Apple will cheerfully confirm they are a consumer company commited to making consumer products. Yes they'll happily make their consumer products play nicely with Microsoft's Enterprise software but that's as far as it goes. Their own server offering - do you honestly think they use it themselves? - reflects this stance and IMO has been specifically engineered (dumb downed) since 10.7 for the SOHO market that is more than happy to buy their consumer products.

     

    Don't get me wrong it's a decent enough server considering its cost although there are a score of free Linux Servers you could use that offer more scope. But that's were those of us who want to get enterprise with it start to become disappointed. Ultimately you can only work with the little Apple provide and for anything else beyond? You're on your own.

  • HopeCollege Level 1 Level 1

    I wish there was a Linux caching package that worked seamlessly with Apple's iOS and Mac OS update mechanism!

     

    Where can I best provide feedback to the people who make Apple's Server program? I've got a suggestion for 'em...

  • marchyman Level 1 Level 1

    The feedback question I can answer -- Server app menu, just below the "About Server" entry.

  • John Lockwood Level 6 Level 6
    expertise.desktops
    Desktops

    The way the Caching server works is that the server will be accessing the Internet and when doing so traffic will be coming from it via a particular public IP address. Usually this will not be the address of the server itelf but your router as for most networks NAT is used. In this by far more common scenario the client Macs (and likely iOS devices) will be going through the same router and hence show up via the same public IP address.

     

    If the client request is the same as the address registered via the Caching server then Apple redirect the request via the Caching server.

     

    The setup would look something like this -

     

               Internet

                    |

                Router (with NAT)

                    |

      (LAN)     +------Caching Server-----Client devices

     

    With this setup because everything is using the same public IP address Apple can reasonably assume everything is on the same network and trigger a redirection to your Caching server.

     

     

    If you try a setup like the following with the Caching server having its own public IP it will not work because the Caching server and client devices will have different public IP addresses

     

               Internet

                   |

               Router (no NAT)-------------------+

                   |                                      |

                Firewall (with NAT)       Caching Server

                   |                                      |

                   |                                      |

    (LAN)     +-----Client devices-----------+-----------

     

     

    Your configuration as described is more like the following

     

               Internet

                   |

               Router (no NAT)

                   |

    (LAN)     +------Caching Server-----Client devices

     

    With yours not having NAT each device has its own public IP address including the Caching server and Apple cannot redirect traffic as it thinks they are on different networks.

  • sguox Level 1 Level 1

    What if we do like this.

     

    Internet

    |

    Router R1

    |

    |--- RouterR2 ----Cache Server (Local ip, NATed at R1)

    |

    Router R3 ----- LAN

    |

    Router R4 ----- LAN

    |

    and so on

     

    With condition that we know what is Apple's servers addresses and only NAT connection going to apple server at R1 (connection going to other address are NATed at R3 R4).

     

    OS X: Server addresses used by Software Update

Previous 1 2 Next