Home Forums Older Versions of Mac OS X and iOS Mac OS X Server 10.3 General Discussion NAT Details in 10.3 Server

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • November 8, 2003 at 6:58 am #356781
    l008com
    Participant

    NAT has GUI access in 10.3 Server. Thats great because BrickHouse has the most confusing and backwards gui of any mac app. But I need details, mainly, does 10.3’s NAT GUI include Port Forwarding? Can someone post some pictures of the GUI? I’ll be happy to get rid of BrickHouse and do thing “right”. Otherwise my server is relatively light load (web/mail/routing) and I don’t think I’ll upgrade. I’m already running postfix on 10.2S 😉

    November 10, 2003 at 4:03 pm #356799
    NoahD
    Participant

    No, the GUI does not allow for port forwarding. That’s ok, you might think, because you could always replace your natd.conf file with one that Brickhouse wrote, right? No. natd.conf gets overwritten every time nat starts. A process (serveradmin?) reads a plist file and takes the plist entries and writes them into a natd.conf file for NAT to read.

    It does look like the plist entries (visible in the serveradmin man page) allow for port forwarding, though there’s some weirdness (destination AND source address are both REQUIRED, which could make things tricky on a DHCP system). It looks like a nice GUI could be written (any volunteers?) for configuring the port forwarding rules through the serveradmin program (passing it command line arguments) or through the appropriate plist. It’s really too bad Apple left this one out.

    February 5, 2004 at 7:45 pm #357358
    Anonymous
    Participant

    Actually, NAT needs to be done in separate steps and quite manually.

    You need to turn on NAT first of all.

    You need to create firewall rules to allow for those addresses:ports to be forwarded from one address to another.

    The biggest part is the /etc/nat/natd.conf.apple file:

    interface en0
    dynamic no
    log no
    log_denied no
    deny_incoming no
    use_sockets no
    same_ports no
    unregistered_only no
    reverse no
    proxy_only no
    clamp_mss no
    redirect_port tcp xxx.xxx.xxx.xxx:3389 3389

    The “redirect_port” attribute has to be manually added to this file(as the plist screwes this up and isn’t working properly), and then you need to change the immutable flag on the file: chflgs uchg /etc/nat/natd.conf.apple.

  • Author
    Posts
Viewing 3 posts - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.

Comments are closed

Copyright © 2025 AFP548. All Rights Reserved.