5 Replies Latest reply: May 9, 2014 7:33 AM by John Lockwood
hazyarc Level 1 Level 1 (0 points)

Hi All -

 

We currently have a Mac Mini and utilize its caching server functionality on our "normal" subnet.  We also have a "guest" subnet which is abstracted from our normal subnet (used for guest wireless devices/BYOT).  Would it be possible to use the Thunderbolt to Gigabit ethernet adapter on our Mac Mini and have the caching server serve updates on both interfaces/subnets so we do not have to buy a separate Mini to serve the guest subnet?


iPhone 4S, iOS 6
  • jepping Level 2 Level 2 (250 points)

    Hi,

     

    As long as the exit point towards the internet is the same WAN address that will work. Otherwise the macmini will not be recognized by Apple Servers for that WAN IP address and any client won't be able to use the Caching Server option. So do you have the same WAN IP for both subnets?

    More discussion and some tips/solutions here

    https://discussions.apple.com/thread/4804580?tstart=0

    And a tech support document here:

    http://support.apple.com/kb/HT5590?viewlocale=en_US

    Goodluck!

     

    Jeffrey

  • MrHoffman Level 6 Level 6 (12,980 points)

    I'd expect it's possible so long as both networks are behind the same NAT gateway-router-firewall box as jepping mentions, but there's also the discussion of allowing guests the additional access to your server that this would entail.  

     

    Bridging that network connection means ensuring that server is must always locked against guest incursions.

     

    Some considerations from the perspective of the guests, too: Apple's Caching Server scheme is hopefully robust against this, but I'm usually somewhat skeptical around performing software updates while on another and potentially untrusted network.   Not always entirely certain where those updates are coming from, after all.

  • John Lockwood Level 5 Level 5 (6,000 points)

    Both networks and the server will have to have the same single WAN IP address. The following diagram shows a possible configuration that would work.

     

     

    Subnet A -------------+

        |                            |

    Server                     +---------- Firewall/NAT ------ Internet

       |                            |

    Subnet B -------------+

     

    The following should also work

     

    Subnet A ---------- Server ---------- Subnet B --------- Firewall/NAT --- Internet

     

    The above however requires the Server to act as a router to forward traffic

     

    The following would not work

     

    Subnet A -------------+

                                    |

                                   +---------- Firewall/NAT ------ Internet

                                     |                                             |

                                    |                                             |

    Subnet B -------------+---------------------------------- Server

     

    With the above the Server has its own public IP address and is also directly connected to one of the internal networks. As the server has its own public IP address this will be different to the shared (NATed) public IP address that everything else is using. As the public IP addresses are different the clients will not be able to use the Caching server.

  • hazyarc Level 1 Level 1 (0 points)

    Thank you for the information. 

     

    Unfortunately, each subnet has a separate external NATed IP address.  Our current setup is below:

     

       Server

            |

    Main Subnet -------------+                              NAT IP For Main Subnet     

                                    |                                          |

                                   +---------- Firewall/NAT ------ Internet

                                   |                                           |

    Guest Subnet ----------+                                NAT IP for Guest Subnet

     

     

    That being said, if we provide an interface on the guest subnet in addition to the current one on the main subnet, our server would have the same NAT IP as the guest subnet on that interface, thus serving caching updates to that subnet.  Would this not work?

     

     

      

    Main Subnet -------------+                              NAT IP For Main Subnet     

           |                        |                                          |

        Server                  +---------- Firewall/NAT ------ Internet

           |                        |                                           |

    Guest Subnet ----------+                                NAT IP for Guest Subnet

  • John Lockwood Level 5 Level 5 (6,000 points)

    If the Caching server and the clients have different public IP addresses then they will not connect to each other.

     

    I recommend you check what the clients and caching server show as their public IP address by going to the following webpage on each

     

    http://www.whatsmyip.org

     

    The way this system works is that the caching server finds its own public IP address (which can be NATed) it then reports that to Apple's servers. The clients when they ask for a download from the App Store initially contact Apple's servers and also report their public IP address, if the clients public IP address is the same as the caching server then Apple tell the client what the internal IP address is for their local caching server and the client is therefore redirected to your caching server. If they do not match this does not happen.