Mac OS X,  Mac Security

Mac OS X Server 10.5: Using NATd to turn the Server into a Router

There are certain aspects of Mac OS X Server that it just isn’t that great at.  One of them is acting as a router.  It’s just a fact that an appliance by SonicWALL, Cisco, Watchguard and sometimes LinkSys will run circles around the speed and feature set of Mac OS X Server.  So with that in mind, let’s look at how you would go about configuring a basic port forward on OS X Server if you decided not to listen to me on this point…  😉

You can use the /etc/net/natd.plist.  The key you’ll want to edit is the redirect_port, one per port or a range of all in one key…  Basically the array would look something like this assuming you were trying to forward afp traffic to 192.168.0.2 from a WAN IP of 4.2.2.2:

<key>redirect_port</key>

<array>

    <dict>

    <key>proto</key>

        <string>TCP</string>

    <key>targetIP</key>

        <string>192.168.0.2</string>

    <key>TargetPortRange</key>

        <string>548</string>

    <key>aliasIP</key>

        <string>4.2.2.2</string>

    <key>aliasPortRange</key>

        <string>548</string>

    </dict>

</array>

 

You could also use the route command or ipfw depending on exactly what you’re trying to do with this thing.  Route is going to be useful if you’re trying to respond to network traffic over a different interface than the default interface.