Network Address Translation


Mac OS X Server can perform NAT, taking requests from machines connected to one network interface and submitting them as if the server had made the request. Enabling NAT doesn't require two network interfaces, but it's suggested.

Any Macintosh that supports Mac OS X Server can perform NAT. This function is also found in inexpensive wireless routers, such as Apple's AirPort Base Station.

There are a few reasons to use NAT:

  • Shortage of IP addresses

  • Security

  • Control

Perhaps your organization doesn't need to have every computer use a public IP address. Using public IP addresses for each computer can, of course, lead to security issues, because every computer can be seen by the outside world. You still need all your computers to access the Internet and send and receive email, but you don't want to take the security risk of having those public IPs. Or, maybe you want to watch all requests to Web sites so you can monitor them for unauthorized use. Perhaps you purchased an Xserve and have no need to purchase many public IP addresses, which can be very expensive. In all these cases, NAT is for you.

Before you begin the next task, be sure your primary network interface is set up correctly and that you can connect to the network properly (Figure 6.23). Then set up your secondary network interface with the appropriate IP information for your internal network (Figure 6.24). You must have both network interfaces active to make NAT function.

Figure 6.23. Viewing the network information on the built-in Ethernet interface.


Figure 6.24. Entering network information on the secondary network interface.


To configure NAT

1.

Launch Server Admin, select the NAT service for your server in the Computers & Services list, and then click Settings (Figure 6.25).

Figure 6.25. Choosing and configuring the limited NAT options from the NAT service in the service list of Server Admin.


2.

Choose the primary interface to share, click the IP Forwarding and Network Address Translation (NAT) option, and click and when you've finished making changes, click Save.

The interface you select is the interface that connects to the public network. In most cases, this is the network interface that connects to the Internet. The "IP Forwarding only" option is discussed in the next section.

3.

Start the NAT service by clicking Start Service.

4.

Choose the Firewall service from the Computers & Services list.

5.

Click Start Service again to start the Firewall service.

The firewall must be running, but it doesn't need to be fully configured for NAT to function.

6.

If necessary, start a DHCP server on the network to provide IP addresses to the client machines.

Client machines can now connect to the Internet, but no device on the Internet can contact your client machines, because they don't really exist on the Internet. As far as other devices on the Internet are concerned, all requests for information are coming from your Mac OS X Server.




Mac OS X Server 10. 4 Tiger. Visual QuickPro Guide
Mac OS X Server 10.4 Tiger: Visual QuickPro Guide
ISBN: 0321362446
EAN: 2147483647
Year: 2006
Pages: 139
Authors: Schoun Regan

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net