NAT Details in 10.3 Server

[l008com]

NAT has GUI access in 10.3 Server. Thats great because BrickHouse has the most confusing and backwards gui of any mac app. But I need details, mainly, does 10.3’s NAT GUI include Port Forwarding? Can someone post some pictures of the GUI? I’ll be happy to get rid of BrickHouse and do thing “right”. Otherwise my server is relatively light load (web/mail/routing) and I don’t think I’ll upgrade. I’m already running postfix on 10.2S 😉

[NoahD]

No, the GUI does not allow for port forwarding. That’s ok, you might think, because you could always replace your natd.conf file with one that Brickhouse wrote, right? No. natd.conf gets overwritten every time nat starts. A process (serveradmin?) reads a plist file and takes the plist entries and writes them into a natd.conf file for NAT to read.

It does look like the plist entries (visible in the serveradmin man page) allow for port forwarding, though there’s some weirdness (destination AND source address are both REQUIRED, which could make things tricky on a DHCP system). It looks like a nice GUI could be written (any volunteers?) for configuring the port forwarding rules through the serveradmin program (passing it command line arguments) or through the appropriate plist. It’s really too bad Apple left this one out.

[Anonymous]

Actually, NAT needs to be done in separate steps and quite manually.

You need to turn on NAT first of all.

You need to create firewall rules to allow for those addresses:ports to be forwarded from one address to another.

The biggest part is the /etc/nat/natd.conf.apple file:

interface en0
dynamic no
log no
log_denied no
deny_incoming no
use_sockets no
same_ports no
unregistered_only no
reverse no
proxy_only no
clamp_mss no
redirect_port tcp xxx.xxx.xxx.xxx:3389 3389

The “redirect_port” attribute has to be manually added to this file(as the plist screwes this up and isn’t working properly), and then you need to change the immutable flag on the file: chflgs uchg /etc/nat/natd.conf.apple.

[Author]

Posts