NAT options

[scott]

Here's my problem, please help of you can.

I have 10.1.3 Server with two ethernet cards.

1 card for internet services (142.x.x.x)
1 card for internal network (192.x.x.x)

I want to use DHCP services to provide internet access to clients on the internal card (192.x.x.x).

Now, DHCP works fine, and will assign addresses (192.x.x.x) but will not provide internet services.

If I run gNAT (or it's successor) this works fine, but I shouldn't need to.

So what do I do?
If I use only 10.1.3 Server (no gNAT) i need to know how to set up my second card so that internet services are passed along:
- Do I use my internet access card (142.x.x.x) as router in setup of local card (192.x.x.x)?

If I am destined to use gNAT, i need to know which ports to open up - as gNAT only works until I enable IP Filters.

Thanks for any help.

 

[netmammoth]

Maybe this will help, and somebody correct me if I am wrong. The internal address's that you are assigning internally are all within the 192.*.*.* network correct? If so, these are private address that will not route on the internet. They are reserved for internal use only, such in a situation as using NAT. That is why gNAT works because it is a Network Address Translation service. You are going to have to use gNAT in order to route machines with address's within that range. As far as ports are concerned just set up filters for whatever service ports that you are going to use for the external address. If I am wrong in my deduction then somebody please correct me. Hope this helps otherwise.

 

[scruffy]

You could download IPNetShare for OS X (from sustainable softworks), which is free since it is basically just a GUI for setting up the builtin natd in OS X, doesn't even do dhcpd for you.

It puts a startup item script at /Library/StartupItems/IPNetShare I believe - once it makes the script for you, you would have a (hopefully) working example to extend and customize, even if you would rather custom build your own script rather than use the GUI.

 

[scott]

Originally posted by scruffy
You could download IPNetShare for OS X (from sustainable softworks),

That's what I mean by gNat or it's successor (IPNetShare). I believe that this service is built in to OSX Server, I just can;t make it work. I have it working fine with gNAT or IPNetShare.

Thanks for your help, though.

 

[scruffy]

Gotcha. Perhaps that will help though - if you tell gNAT/IPNetShare to run on startup, you can examine the startup item it installs, and see how they do it. This could be your starting point for a more customized setup.

 

[scott]

I think if you narrow it down to the simplest for, I want to use my server without the added impedance of a router.

I realize that this seems to be imposible (but really really close), so recommend me a good router.?.?.?

p.s. no consumer level routers - my problem stems fron trying to avoid the server lag created by them...


Thanks

 

[rinse]

depending on your needs, you could always give Brickhouse a try. It has IP forwarding built in. The app lacks documentation, but you can't beat the price.

 

[member]

You only have to view two lines of code, the ### Lines tell you what to do.
And this also works if you only have one NIC, my G3 266 with one 10TP is just fine for routing my entire LAN.

If someone will like it I put an "official" HOWTO online


This is all it does !


This is what it initialy does

/Library/StartupItems/IPNetShareX/IPNetShareX

---- SCRIPT ---

#!/bin/sh
#
# IPNetShareX service startup item - enables internet connection sharing on startup
# Created by IPNetShareX (c) 2001 Sustainable Softworks
#

. /etc/rc.common

ConsoleMessage "Starting IPNetShareX Services"
ConsoleMessage "Configuring IPNetShareX Parameters"
/usr/sbin/sysctl -w net.inet.ip.forwarding=1
### EDIT THIS internal IP so set it right !!!!
/sbin/ifconfig en0 192.168.0.254 netmask 255.255.255.0
/usr/sbin/natd -f /etc/natd.conf
/sbin/ipfw -f flush
/sbin/ipfw add 95 divert natd all from any to any via ppp0
/sbin/ipfw add 65530 pass all from any to any

#
# End NAT startup item

---- END ---
this is what your /etc/natd.conf should look like


# Config file used by natd startup script in /Library/StartupItems/IPNetShareX
# Created by IPNetShareX (c) Sustainable Softworks 2001
#
same_ports yes
use_sockets yes
log yes
deny_incoming yes
dynamic yes
### ppp0 is normaly what you will use for PPPoE but choose
interface ppp0
#
# End natd config file

 

[aishafenton]

If someone could write a good howto on NAT scripts for OS X that would be great!

gNAT seems to work fine, but since it's all built into the OS it would be nice to use a script and full have control over it.