As long as you’re not doing NAT you should be able to switch the connections, otherwise the outside interface needs to the first interface listed on the Network Prefs pane in order for NAT to function properly. Unfortunately, if you are using NAT, then I don’t believe that this is where your problem lies.
In order for Kerberos to work properly on a machine set up with an external and internal interface, you need to have DNS functioning properly on both the internal and external sides of your network. Internally, it shouldn’t be an issue, since you can set up your own DNS server in Mac OS X. Externally, the problem lies with your ISP and any outside DNS servers. First of all, you need to have a static IP if you’re going to assign that address a domain name. Second, you need to have access to your own DNS server or subscribe to a service where you can edit dns records. Once these two things are done, you must make sure that your server has the same exact domain name on both sides of the network. For example, if your internal domain name is xserver.myhome.com, then the external dns needs to point to a WAN IP address that is also assigned to xserver.myhome.com Additionally, the reverse lookup for the external domain name needs to point back at your external IP address, otherwise Kerberos will refuse to bind.
Of course, this is how I got an OD master working with both an external and internal interface, but I could be completely off base.
.
.
Comments are closed