Network Address Translation


Mac OS X Server can perform Network Address Translation (NAT), which takes requests (for example, a request for a Web page) from machines connected to one network interface and submits them as if the server had made the request. Enabling NAT doesn't require two network interfaces, but it's suggested. Any Macintosh that supports Mac OS X Server can perform NAT. This function is also found in inexpensive wireless routers, such as Apple's AirPort Base Station.

There are a few reasons to use NAT:

  • Shortage of IP addresses

  • Security

  • Control

Perhaps your organization doesn't need to have every computer use a public IP address. Using public IP addresses for each computer can, of course, lead to security issues, because every computer can be seen by the outside world. You still need all your computers to access the Internet and send and receive email, but you don't want to take the security risk of having those public IPs. NAT is for you.

Or, maybe you want to watch all requests to Web sites so you can monitor them for unauthorized use. NAT is for you.

Perhaps you purchased an Xserve and have no need to purchase many public IP addresses, which can be very expensive. NAT is for you.

Enabling NAT is simple.

To configure NAT:

1.

Ensure that your primary network interface is set up properly and that you can connect to the network properly (Figure 6.57).

Figure 6.57. Recheck your primary network settings.


2.

Set up your secondary network interface with the appropriate IP information for your internal network (Figure 6.58).

Figure 6.58. Set up your secondary network interface.


You must have both network interfaces active to make NAT function.

3.

Launch the Server Admin tool from /Applications/Server, and authenticate as the administrator (Figure 6.59).

Figure 6.59. Launch the Server Admin tool, and authenticate.


4.

Choose the NAT service from the Computers & Services list (Figure 6.60).

Figure 6.60. Choose the NAT service from the service list.


5.

Select the Settings tab, choose the primary interface to share, and click the Save button (Figure 6.61).

Figure 6.61. Choose the primary network interface before starting NAT.


The interface you select is the interface that connects to the public network. In most cases, this is the network interface that connects to the Internet.

6.

Start the NAT service by clicking the Start Service button .

7.

Choose the Firewall service from the Computers & Services list.

Start the Firewall service using the Start Service button (Figure 6.62). The firewall must be running, but it doesn't need to be fully configured for NAT to function.

Figure 6.62. Select the Firewall service from the service list, and click Start Service.


Client machines can now connect to the Internet, but no device on the Internet can contact your client machines, because they don't really exist on the Internet. As far as other devices on the Internet are concerned, all requests for information are coming from your Mac OS X Server.



    Mac OS X 10. 3 Server Panther. Visual QuickPro Guide
    Mac OS X Server 10.3 Panther: Visual QuickPro Guide
    ISBN: 0321242521
    EAN: 2147483647
    Year: 2004
    Pages: 105

    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net