1

I'm trying to configure a Mac OS X box with two NICs as a router complete with DHCP and NAT which in theory shouldn't be too much of a challenge but at the moment I'm learning theory and reality are rather different.

I have en0 connected to the internet and en1 connected to LAN. Using the server utility I have only DHCP and NAT enabled. I have configured a subnet complete with DNS, search domains, etc. The NAT tab has ethernet 1 (en0) set for IP forwarding and NAT.

Clients are able to connect to the network via an access point and are being served DHCP addresses complete with DNS and search domains via the machine however any clients are unable to access the internet on port 80 or ping anything outside but we are able to ping devices within the lan just fine.

I'm sure there's more details that I'm missing so you can also find a complete plist dump from server utility here.

Edit: Forgot to mention that this is Mac OS 10.5

jak119
  • 33
  • 2
  • 7

2 Answers2

0

Do you have the default route for internal traffic set to the external interface? If not, you want to do that.

Edit: Here is a link for how to set persistent routes in OS X. It should work for Leopard. http://blog.irrashai.com/blog/2009/03/how-to-add-static-route-in-mac-os-x/

You can test if this is your problem with the route command - though it is not persistent.

route -n add 0.0.0.0/0 x.x.x.x where x.x.x.x is the gateway for the external interface.

MDMarra
  • 100,734
  • 32
  • 197
  • 329
  • This should be a comment, not an answer. – Ex Umbris Aug 25 '11 at 03:38
  • @MarkM Thank you and this is where my inexperience with Mac OS Server comes into play. Can someone point me towards the direction on how to do so? I can't seem to come up with any documentation... – jak119 Aug 25 '11 at 03:54
  • 3
    @Ex - it most certainly is an answer. It's a best-guess given the current amount of info that we have. If you disagree, flag my post. – MDMarra Aug 25 '11 at 11:28
  • @Ex, how is that not an answer? Jak asks how to configure routes in MacOS...Mark gives a link and an example on how to do exactly that... – Alex Aug 25 '11 at 15:26
  • It looks like something took care of this for me, but thank you for what most certainly was an "answer" and not a comment – jak119 Aug 26 '11 at 00:54
0

You need the Firewall "service" set up and running in order to divert packets to natd for address rewriting. IIRC the divert rule is automatically added to the ruleset, but you'll need to manually add a rule to allow outbound traffic from the private network, plus inbound traffic to server ports you intend to provide service on. If you don't really want to deal with the firewall, you can just allow all ports for the all addresses group (I forget the exact names, and I don't have the relevant version server handy to check).

Gordon Davisson
  • 11,216
  • 4
  • 28
  • 33