Acting as a Router

Another useful feature of Mac OS X Server is that it can do IP forwarding, which allows requests from one network to be sent to another network. This is necessary when you have a Mac OS X Server with two network interfaces and you wish to have information passed from one network to the other. IP forwarding differs slightly from NAT in that your internal network is likely to have public IP addresses, whereas NAT makes all requests as if those requests were coming from the server (the clients have private IP addresses).

When you're deciding how and where a Mac OS X Server should go, one consideration is whether the server will be a link between two different networks. For example, you could have your Mac OS X Server's built-in Ethernet interface go from the server to a switch, and then have the switch connect 40 or so computers that have public IP addresses (they exist on the Internet as separate devices). These computers would use the Mac OS X Server's Built-in Ethernet IP address as their router address. All information sent out of those 40 Macs would flow through the Mac OS X Server's built-in Ethernet interface.

Now, perhaps this is an Xserve with a second built-in Ethernet card, or maybe another Macintosh with a second Ethernet card added. Regardless, the second Ethernet interface is probably connected to another network; possibly this interface is connected to the Internet. It has different IP information than the first built-in Ethernet interface. If this scenario is something you want your Mac OS X Server to do, then you'll be enabling IP forwarding.

You've probably already set up your network information to connect you to the Internet. It's important to note that when you wish to enable IP forwarding, your secondary network should be below your primary network in the network interface list in your Network Preference pane (Figure 6.63). Once that's accomplished, open the Terminal, and change the system control parameters to allow this to occur by typing sudo sysctl w net.inet.ip.forwarding=1.

Tips

• IP forwarding is only set for this instance. If you want it to be on in case of a server reboot, open the file hostconfig in the /etc directory, and change the word NO to YES next to IPFORWARDING. Recall that this file is only writable by root (Figure 6.64).

  Figure 6.64. Change the line IPFORWARDING=-NO- to IPFORWARDING=-YES- in the file hostconfig located in /etc.

  

  
  

• This chapter has looked at four services that are sometimes handled by routers or other servers. Mac OS X Server can handle and run these services; however, it's likely that not all the services Mac OS X Server can deploy will be handled by the same server.

• If you can, it's a common best practice to have one Mac OS X Server do NAT, DHCP, NetBoot, and possibly DNS for the secondary network. Another Mac OS X Server may handle IP forwarding, or this function is handled by a router. Other Mac OS X Servers are then placed in the network to handle home directories, Web and mail, and file sharing.