NAT - Network Address Translation...
As you may or may not be aware, the Internet is one big network...on any network every computer/device needs to have it's own unique IP address.
If more than one computer has the same IP address then one of them will be unreachable/will not work !
Imagine if you was able to 'set' your your web server (www.mac-help.com) to the same IP address as another web server...then 'disrupt' the original server(www.apple.com)...now all the traffic that was due to go to www.apple.com would now come to www.mac-help.com...
Anyway, there are only x million unique IP addresses, so instead of every computer/device having their own unique 'public' IP address you can use NAT. Your OS X Server can be used to perform NAT, most Router's are able to provide NAT functions, my Airport Extreme Base Station can be configured to perform NAT services. NAT can also be helpful if you want to monitor what goes on, on your network. If NAT is enabled then you as an admin can monitor what websites your users are viewing !!
NAT is normally used because of the lack of public IP Addresses, but NAT also offers some security for your network...if every computer/device has a public IP address then they are accessible via the Internet, these machines would then need to be firewalled and secured ! Using NAT will help secure computers that don't need to be visible from the Internet
Imagine a 'Design Studio' - 10 users each with their own Mac, one Xserve (running a Web Server and a Mail Server, and File Services), one 20 port Gigabit Hub (really should be called a switch if it is a switch: not a Hub, if you know what I mean !), and a ADSL ethernet modem/router !
If every computer wanted to connect to the Internet that would require 13 possibly 14 unique IP Addresses (depending on how many ports on Xserve).
By using NAT, we can drop this down to 1, if we wanted to. Most ISP's give you 1 'Public IP Address' and then you have to pay for more !
To simplify things this will presume that the Xserve has two ethernet ports: You can use NAT with just one Ethernet card, but two is better !
Setup A
ADSL Modem/Router-->connects to Internet via your ISP
|
|
|
|
This is given a dynamic/static IP Address 17.254.0.91 (example IP address, this is not your IP Address! and can change depending on your ISP)
|
|
|
|
This is then connected to your primary interface card via ethernet (ours is en0) (this card would be setup with our bought/given public IP address)
|
|
|
|
Then the secondary interface card is connected via ethernet to our Gigabit Switch (Hub)
|
|
|
|
Each of the 10 other Macs are then connected to the Gigabit Switch
That's the physical connections done, now to configure the Xserve. ( I am presuming that the modem does not have NAT or DHCP running, as this will confuse things)
Make sure that you have set up both network cards for your network...
In this example we are using:
en0
IP Address: 17.254.0.95 this is our 'public IP Address' from the ISP !
Subnet Mask: 255.255.255.0 this may change depending on your own IP Address!
Router: 17.254.0.91 This is our Modem/Routers IP Address !
DNS Servers: 201.23.45.25 and 201.23.45.26 This would be the DNS servers IP Addresses from your ISP, (unless your running your own DNS!)
Search Domains : leave blank for the moment !
now set up en1 (your second Ethernet Card)
IP Address: 192.168.1.1 this is our 'private IP Address' you may be using a different scheme 10.x.x.x or 168.x.x.x. they all do the same !
( all your other computers in the network would be using this numbering technique)
Subnet Mask: 255.255.255.0 this may change depending on your own IP Address!
Router: 192.168.1.1 This is the same as the IP address as en1
DNS Servers: 201.23.45.25 and 201.23.45.26 This would be the DNS servers IP Addresses from your ISP, (unless your running your own DNS!)
Search Domains : leave blank for the moment !
Once you have set up your cards:
Now on to Server Admin Software, click on NAT on the list on the left.
Click the settings tab at the bottom, select the primary ethernet connection (the one that you are going to share !)
then press save !
Then press Start Service !
NAT is now running and is sharing your Internet connection with all your users...
Now you 'must' make sure that somewhere you have a Firewall running...
...as it is your network may be unprotected.
OS X Server has a powerful Firewall built in and can be used. You may have a hardware Firewall built into your modem, this could also be used !
Back to the Server Admin and click on the 'Firewall Service' button in the list on the left !
Then press 'Start Service'. Your OS X Server is now Firewalled !
Have a good read of the Apple PDF's. I'll save the Firewall tutorial for a rainy day !!!
regards
Ric
As you may or may not be aware, the Internet is one big network...on any network every computer/device needs to have it's own unique IP address.
If more than one computer has the same IP address then one of them will be unreachable/will not work !
Imagine if you was able to 'set' your your web server (www.mac-help.com) to the same IP address as another web server...then 'disrupt' the original server(www.apple.com)...now all the traffic that was due to go to www.apple.com would now come to www.mac-help.com...
Anyway, there are only x million unique IP addresses, so instead of every computer/device having their own unique 'public' IP address you can use NAT. Your OS X Server can be used to perform NAT, most Router's are able to provide NAT functions, my Airport Extreme Base Station can be configured to perform NAT services. NAT can also be helpful if you want to monitor what goes on, on your network. If NAT is enabled then you as an admin can monitor what websites your users are viewing !!
NAT is normally used because of the lack of public IP Addresses, but NAT also offers some security for your network...if every computer/device has a public IP address then they are accessible via the Internet, these machines would then need to be firewalled and secured ! Using NAT will help secure computers that don't need to be visible from the Internet
Imagine a 'Design Studio' - 10 users each with their own Mac, one Xserve (running a Web Server and a Mail Server, and File Services), one 20 port Gigabit Hub (really should be called a switch if it is a switch: not a Hub, if you know what I mean !), and a ADSL ethernet modem/router !
If every computer wanted to connect to the Internet that would require 13 possibly 14 unique IP Addresses (depending on how many ports on Xserve).
By using NAT, we can drop this down to 1, if we wanted to. Most ISP's give you 1 'Public IP Address' and then you have to pay for more !
To simplify things this will presume that the Xserve has two ethernet ports: You can use NAT with just one Ethernet card, but two is better !
Setup A
ADSL Modem/Router-->connects to Internet via your ISP
|
|
|
|
This is given a dynamic/static IP Address 17.254.0.91 (example IP address, this is not your IP Address! and can change depending on your ISP)
|
|
|
|
This is then connected to your primary interface card via ethernet (ours is en0) (this card would be setup with our bought/given public IP address)
|
|
|
|
Then the secondary interface card is connected via ethernet to our Gigabit Switch (Hub)
|
|
|
|
Each of the 10 other Macs are then connected to the Gigabit Switch
That's the physical connections done, now to configure the Xserve. ( I am presuming that the modem does not have NAT or DHCP running, as this will confuse things)
Make sure that you have set up both network cards for your network...
In this example we are using:
en0
IP Address: 17.254.0.95 this is our 'public IP Address' from the ISP !
Subnet Mask: 255.255.255.0 this may change depending on your own IP Address!
Router: 17.254.0.91 This is our Modem/Routers IP Address !
DNS Servers: 201.23.45.25 and 201.23.45.26 This would be the DNS servers IP Addresses from your ISP, (unless your running your own DNS!)
Search Domains : leave blank for the moment !
now set up en1 (your second Ethernet Card)
IP Address: 192.168.1.1 this is our 'private IP Address' you may be using a different scheme 10.x.x.x or 168.x.x.x. they all do the same !
( all your other computers in the network would be using this numbering technique)
Subnet Mask: 255.255.255.0 this may change depending on your own IP Address!
Router: 192.168.1.1 This is the same as the IP address as en1
DNS Servers: 201.23.45.25 and 201.23.45.26 This would be the DNS servers IP Addresses from your ISP, (unless your running your own DNS!)
Search Domains : leave blank for the moment !
Once you have set up your cards:
Now on to Server Admin Software, click on NAT on the list on the left.
Click the settings tab at the bottom, select the primary ethernet connection (the one that you are going to share !)
then press save !
Then press Start Service !
NAT is now running and is sharing your Internet connection with all your users...
Now you 'must' make sure that somewhere you have a Firewall running...
...as it is your network may be unprotected.
OS X Server has a powerful Firewall built in and can be used. You may have a hardware Firewall built into your modem, this could also be used !
Back to the Server Admin and click on the 'Firewall Service' button in the list on the left !
Then press 'Start Service'. Your OS X Server is now Firewalled !
Have a good read of the Apple PDF's. I'll save the Firewall tutorial for a rainy day !!!
regards
Ric