[Anonymous]

[quote:f12273d422=”i3bargon”]I made your suggested changes still not seeing any type of connection on the befvp41. I do receive this error on the macs /var/log/system.log

Feb 29 23:00:38 ip68-1-154-33 racoon: ERROR: isakmp.c:1520:isakmp_setup_socket(): failed to bind (Address already in use).
Feb 29 23:00:38 ip68-1-154-33 racoon: ERROR: isakmp.c:1604:isakmp_open(): no address could be bound.
Any more suggestions?[/quote:f12273d422]

I have to use a Nortel/Netlock client to connect to work. This client grabs the port at startup and racoon can’t. I have to kill the Netlock client first (sudo /Library/StartupItems/Nleac/Nleac stop). I suspect a Cisco or other client will behave in a similar fashion. Are you running some other client software?

[Anonymous]

After much thinking and experimenting, the problem as I had figured was in
the firewall. The fix in my case, was to add a rule of the type:

allow 192.168.0.0/16 to any in

Without this rule, the firewall blocked the nat’d ip addresses even though the
traffic originated on the inside of the firewall.

I also set up an A record in DNS to go from my internal port to my ISP dns server.

Hope this helps someone else with their server.

[Anonymous]

The firewall is providing an IP address to the client via PPTP.
There is a router address which is the IP address of the router at work.
There is no subnet mask.
The DNS addresses are manually inputted which makes no difference.

Unsure what a routing table is?

Wouldn’t no if the DNS is valid or not. The numbers ive inputted are correct for internet access when im inside and outside the LAN.

Hope this help, regards, leo.

[Anonymous]

I finally got around to testing this out

You are asked the first time if you want to continue to use a network home directory on this mac or to create a mobile account which is really just a special local account.

Once you create the mobile account you can never go back to the network home directory account. Unless of course you go to another Mac where the above repeats itself.

The major problem I had was the user I tested out was an admin user. The mobile account did not carry this over. I could enable it in the Accounts preference pane.

Joel has the right idea with Rsync and a login/logout hook. That would work great and be transparent. I’m just testing this out and using Folder Synchronizer. It’s working great except it’s not keeping the Finder or Dock .plist file. The Dock is not big deal since I use DockFun!. The Finder I don’t care about since I use Path Finder, Everything else works great.

I’m using the mobile account on my PowerBook. I sync with Folder Synchronizer on my network home folder. That way I can login on any other machine in the building and have a fairly up to date version of my home folder.

[Anonymous]

Radmind
http://www.radmind.org

I swear by it

[Anonymous]

I’ve OSX servers with the same problem, but I’ve only got AppleTalk enabled on one interface.

Any ideas why it would stop working?

[Anonymous]

I developed a CGI to change passwords using HTML.
I suggest this!! To use a Shell CGI using niutil commands.

[Anonymous]

It turned out that I needed to upgrade the driver on the card.
The driver was out in september and since everything was working when I upgraded to OSX server 10.3.2.

It was just when I upgraded the iMac with Client OSX 10.3.2 that it was not working. Well it was working slowly. For small files that wasn’t making any difference but for bigger thing it was slow as hell.

Any way the problem is solved. I will check the drivers more closely from now on.

[Anonymous]

I think you could accomplish that by following these instructions.
You don’t need a router to share an DSL connection and NAT is automatic, somewhat, in OSX client 10.2 and 10.3.

Treat the computer your doing this as your “Server” and all the other computer on your network as “Client”

I assume you are seeing your two Card in the Netwok System Preference. Your outside card should be First and your Inside Card should be second in the “Network Port Configuration” if not drag them around.

Next set up the Outside cart with the IP address your ISP gave you
set the mask 255.255.255.0 and the Router to whatever your ISP gave you, it might be the same as your IP or different, sometimes it differ only by 1 ,and then set the DNS server to what your ISP gave you..

Now with your Internal card. Set to Manually, IP 192,168.0.1,
subnet 255.255.255.0, Router 192.168.0.1 DNS same as the outside card. Click AppleTalk and select “Make AppleTalk Active”. Do that on only 1 card, I prefer to use the one representing the inside network, but it can be either as long as AppleTalk is set in only one location. Otherwise your AppleTalk will stop working in a couple of hours

Still in the System Preference Click the Sharing button. In the Services pane select whatever services you want and then click Start.

In the Firewall pane the services you just selected should already be selected you just have to click Start.

Finally Internet, Sharing, “Share your connection from” external card “To computer using”, select your Internal connection and click Start.

For your computer that run OSX 10.x.x
Now on each “Client” computer, go System Preference Network and select DHCP or if that doesn’t work DHCP with manual address. Choose between 192.168.0.2 and 192.168.0.255, I prefer this later one.

If you have any OS 9 computer then make sure AppleTalk is set to Ethernet and setup TCP/IP using manually, IP address 192.168.0.x, subnet mask 255.255.255.0, router 192.168.0.1 and DNS server whaterver your ISP give you. I use manually for sys 9 because the other options sometimes doesn’t work. But you may try “Using DHCP server” if it works it is less trouble. When

Now you should have Internet nicely available to all the other computer on your network.

If that doesn’t work [email protected]

[Anonymous]

It occurred to me that I hadn’t tried running natd in verbose mode. The following information might be of help. I ran natd with the following command:
[code:1:dce6a7e672]/usr/sbin/natd -alias_address 192.168.1.20 -interface en0 -use_sockets -same_ports -unregistered_only -dynamic -clamp_mss -punch_fw 901:100 -v[/code:1:dce6a7e672]

Here is some of the output:

[code:1:dce6a7e672]
In [TCP] [TCP] 192.168.1.22:49170 -> 192.168.1.15:21 aliased to
[TCP] 192.168.1.22:49170 -> 192.168.1.15:21
Out [TCP] [TCP] 192.168.1.22:49170 -> 192.168.1.15:21 aliased to
[TCP] 192.168.1.20:49170 -> 192.168.1.15:21
Out [ICMP] [ICMP] 192.168.1.20 -> 192.168.1.22 5(1) aliased to
[ICMP] 192.168.1.20 -> 192.168.1.22 5(1)
In [TCP] [TCP] 192.168.1.22:49170 -> 192.168.1.15:21 aliased to
[TCP] 192.168.1.22:49170 -> 192.168.1.15:21
Out [TCP] [TCP] 192.168.1.22:49170 -> 192.168.1.15:21 aliased to
[TCP] 192.168.1.20:49170 -> 192.168.1.15:21
Out [ICMP] [ICMP] 192.168.1.20 -> 192.168.1.22 5(1) aliased to
[ICMP] 192.168.1.20 -> 192.168.1.22 5(1)
In [TCP] [TCP] 192.168.1.15:20 -> 192.168.1.20:49169 aliased to
[TCP] 192.168.1.15:20 -> 192.168.1.22:49169
In [TCP] [TCP] 192.168.1.15:20 -> 192.168.1.20:49171 aliased to
[TCP] 192.168.1.15:20 -> 192.168.1.22:49171
In [TCP] [TCP] 192.168.1.22:49172 -> 192.168.1.15:21 aliased to
[TCP] 192.168.1.22:49172 -> 192.168.1.15:21
Out [TCP] [TCP] 192.168.1.22:49172 -> 192.168.1.15:21 aliased to
[TCP] 192.168.1.20:49172 -> 192.168.1.15:21
Out [ICMP] [ICMP] 192.168.1.20 -> 192.168.1.22 5(1) aliased to
[ICMP] 192.168.1.20 -> 192.168.1.22 5(1)
In [TCP] [TCP] 192.168.1.15:21 -> 192.168.1.20:49172 aliased to
[TCP] 192.168.1.15:21 -> 192.168.1.22:49172
Out [TCP] [TCP] 192.168.1.15:21 -> 192.168.1.22:49172 aliased to
[TCP] 192.168.1.15:21 -> 192.168.1.22:49172
Out [ICMP] [ICMP] 192.168.1.20 -> 192.168.1.15 5(1) aliased to
[ICMP] 192.168.1.20 -> 192.168.1.15 5(1)
[/code:1:dce6a7e672]

About a minute later I ran the following command:
[code:1:dce6a7e672]sudo perl -e ‘while(1){system "ipfw list";sleep 1}'[/code:1:dce6a7e672]
Then I tried connecting through FTP and the following line appeared in the list of dynamic rules:
[code:1:dce6a7e672]00900 0 0 (T 20, # 23) ty 0 tcp, 192.168.1.22 49179 <-> 192.168.1.15 21
[/code:1:dce6a7e672]
This rule persisted until the timeout (T 20) reached zero, whereupon it disappeared. In the mean time, Adobe GoLive had “Getting file list…” in the status bar of the FTP browser. (And by the way, passive mode is turned off.)

The firewall rules I have on the test router are as follows:
[code:1:dce6a7e672]00300 divert 8668 ip from any to any via en0
00400 allow tcp from any to any established
00500 allow tcp from any to 192.168.1.20 22,80,427,548 setup
00700 check-state
00800 allow ip from 192.168.1.20 to any keep-state out xmit en0
00900 allow ip from 192.168.1.16/29 to any keep-state via en0
65435 deny log ip from any to any
65535 allow ip from any to any
[/code:1:dce6a7e672]
Is something in the firewall responsible for the problem? I don’t know much about “keep-state,” “setup,” etc.

[Anonymous]

Thank you for your help.

I’m afraid I was not clear enough to begin with. We have a DSL with a fixed IP address assigned to us. We have a computer with two NICs connected to the DSL through which we connect to the Internet from our LAN. It is on [i:b84a0e0b3b]this[/i:b84a0e0b3b] computer that we are using natd. For security reasons, I am unable to test things on this computer, which is why I am using three computers [i:b84a0e0b3b]within[/i:b84a0e0b3b] the LAN for experimentation.

The only thing I do not know how to accomplish is to have FTP access (in active mode, not passive) to any Internet server from any client withing the LAN, without compromising security in the least.

The following information might also be of help. The computer I am using as the test FTP server has an IP address and a subnet mask of 192.168.1.15/24. The computer I am using as a test router is 192.168.1.20/24. The Mac OS 9 client is 192.168.1.22/29. I know that setting the latter subnet mask works because I can connect to the “FTP server” through AFP without any trouble.

I am sorry about the misunderstanding.

[Anonymous]

I have some aditional questions I would ask you.

Why are you using a router.
Is sharing your DSL connection your unique goal.

[Anonymous]

Your correct is asuming that you need a second PCI card. I use an AsantÈ FAST 590 but I think that that one is no longer available.
Look for the 690 I think.

You should not use NAT on a machine that doesn’t have a second card as your machine might try to serve DHCP address on your DSL line. Usually the ISP provider don’t like that.

To share your DSL connection you need to go in System Preferences and then ‘Sharing’ then ‘Internet’ and hit the “Start” button. In the Client version you don’t have to set the NAT and its all done automatically. You set the firewall with the services you want to use.

I am preparing an article on how to share an Internet connection. It should be ready in about a week.

[Anonymous]

I am really interested on this too. I tried to search thru the net if anybody has done autoreply on the OS X Panther and have found nothing much on the subject. I used and followed your articles here on spam and anti-virus controls and have emensely benefited from them.

Thank you guys for a very helpful site!

[Anonymous]

I am using the client version (not the Server) of Mac OS X 10.3.2 (I wrote 10.2.3 by mistake!) on both the FTP server and the NAT router.

I am using ftpd and natd, both of which come with OS X. I am using Adobe GoLive 6 (Mac OS 9) for the client.

Our Internet connection is DSL, but I am trying to test the -punch_fw feature of natd on our Ethernet LAN.

[Author]

Posts