As mentioned earlier in this chapter, one of the least useful services in Lion Server is the Network Address Translation (NAT) service. Most Internet service providers (ISPs) supply you with one IP address. This address can then be used to put potentially thousands of computers on the same network using NAT, which then allows you to configure incoming connections to point at the server. These options are available in the Sharing System Preference pane on Lion computers until Lion Server is installed.
Once Server has been installed, use the Server Admin tool (available in /Applications/Server) to enable the service. To get started, open Server Admin and click on the name of the server in the SERVERS sidebar. Click on the Services tab and then check the box for NAT, clicking Save to show the NAT service under the server’s name in the Server Admin sidebar.
Click on the NAT service and then click on Settings in the NAT toolbar. Here, you will see options to configure the NAT service. These include:
- IP Forwarding only
Creates a gateway without NAT (where the server is used to route traffic and all servers use public IP addresses); this is very rare and in the event that you are using this option, think very carefully about whether you should be
- IP Forwarding and Network Address Translation
Creates a gateway with NAT enabled; this option creates the traditional NAT connection used in practically every consumer-class router by default
- External network interface
Defines the network interface that will be the WAN (or Wide Area Network) connection; all other interfaces can then be used whereas their local network IP address is used on client computers to establish Internet connections (aka route network traffic outside of your Local Area Network (LAN)
If you’re not really sure what to do, click on the Overview button and then click on the Gateway Setup Assistant. This will bring up a wizard that prompts you to select the WAN and LAN interfaces and then configure the service for you.
The most troublesome aspect of configuring NAT (other than the lack of features readily available on even a $40 LinkSys router) are the getting your WAN settings. In many cases, this can require considerable time spent on the phone with your ISP. In most cases, if you are using the NAT service, try to get what is referred to as a static IP address. One reason to do so is that (as we’ve mentioned several times throughout this book) Mac OS X Servers do not like to have their IP addresses change.