• Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint
Share this Page URL
Help

Lesson 4. Setting Up Gateway Services > Gateway Setup Assistant

Gateway Setup Assistant

The Gateway Setup Assistant is a basic configuration tool that you can use to set up the firewall, NAT, and VPN services that provide gateway functionality. You enter the pertinent data in the assistant screens, and the assistant configures and enables the services for you in a highly integrated way. The Gateway Setup Assistant also configures services such as Dynamic Host Configuration Protocol (DHCP) and DNS. These are required for the firewall, NAT, and VPN services to function properly.

The Gateway Setup Assistant is designed to help you create a basic configuration of these services; you'll need to use Server Admin, however, to customize your configuration or implement advanced services. The Gateway Setup Assistant should not be used on top of already configured server settings.

NOTE

Gateway Setup Assistant will overwrite existing DHCP, DNS, NAT, firewall, and VPN settings. It will also change TCP/IP port data, which other services such as directory service may rely upon. Use Gateway Setup Assistant before configuring these other services.


When you are finished with the Gateway Setup Assistant, you can either print the configuration information or save it to a file so that you can refer to it later.

Gateway Setup Assistant will do the following:

1.
Assign the “internal” interfaces on the server an address that falls in the 192.168.x.1 range.

2.
Set aside addresses in the 192.168.x.x range for DHCP (and optionally VPN).

The 192.168.x.x range is hard-coded in the tool. Gateway Setup Assistant writes over the port information each time it executes.

3.
Enable DHCP Server and configure it to provide the addresses set aside to computers on the internal network.

4.
Optionally start the VPN server and set aside a range of addresses for VPN clients.

5.
Enable NAT to allow machines on the internal network to share the server's Internet connection.

6.
Enable firewall and block all traffic coming from the Internet (except information required for connections and responses to queries from the server) while allowing all traffic from internal clients to go out.

7.
Enable the DNS server, which is configured by default as a caching server, to improve performance of named services for internal clients.

Configuring Gateway Setup Assistant

In this lesson, you'll work with both of your computers to create two separate networks and configure your server to act as a gateway that connects them. You will connect your Mac OS X computer to your server via a FireWire cable, simulating a second network.

NOTE

Do not run the Gateway Setup Assistant on a network that is connected to the Internet or any other computers, other than your Mac OS X computer that has been used for previous lessons. The Gateway Setup Assistant automatically modifies and edits network settings that could have a negative impact on your network.


1.
Save the DHCP and DNS settings on the Mac OS X server.

Setting up the gateway server will change the DHCP settings on the server. After you complete this exercise, you'll need to reestablish the DHCP settings you created in Lesson 3, “Using Network Services.” Save the DHCP settings so you can use them later.

2.
Open Server Admin on your server, click DHCP in the Computers & Services list, and then click Settings.

3.
Drag the Tear Off icon in the lower-right corner to the desktop.

Notice that a file is created called DHCP Config.plist.

4.
Repeat this process with the DNS service, firewall service, NAT service, and VPN service.

5.
Quit Server Admin.

6.
Create a folder on your desktop called Service Backup Configurations and drag all five files into that folder for later use.

7.
While still working on the server, open System Preferences and click on the Network pane. Choose “Network Port Configurations” from the Show pop-up menu and check the Built-in FireWire checkbox. Click Apply Now.

8.
On your Mac OS X computer, create and choose a new location and call it NAT. Enable only the FireWire interface.

9.
On your Mac OS X computer, disconnect the Ethernet cable from the switch and connect the FireWire cable between both computers.

10.
Open Gateway Setup Assistant, located in /Applications/Server on your server, and authenticate as the server administrator.

11.
Click Continue at the introduction window and select the wide area network (WAN) interface in the WAN window (in this case, your built-in Ethernet interface). Click Continue.

12.
Select the built-in FireWire interface for the local area network (LAN; in this case, the interface that provides the connection to the WAN) and click Continue.

13.
Place a checkmark in the “Enable VPN for this server” checkbox, enter a shared secret of your choosing, and click Continue.

A shared secret (eight or more alphanumeric characters with punctuation is a good idea) is another passphrase, in addition to your regular password, that you must enter before using this type of VPN connection.

14.
Click Save As to save your settings to a text file or Print to print them so you'll have them for later use. Then click Apply.

Your server is now configured for DHCP, DNS (if not already configured), firewall, NAT, and VPN.

Verifying Gateway Setup and Resetting Server Services

Although you have a very small network, you can still check to ensure that the Gateway Setup Assistant configured settings correctly.

1.
Verify that the services have started by opening Server Admin on your server and checking each service.

In the last procedure, you changed settings on four (or possibly five, if DNS is not already configured) services simultaneously.

2.
Verify that your Mac OS X computer has an IP address over FireWire by opening the Network preferences pane.

Because of the limited setup of this small network, you cannot test all the possible gateway settings further.

3.
Reset your network location back to XSE Book Static on your Mac OS X computer and unplug the FireWire cable from both computers. Reconnect the Ethernet cable.

4.
On your server, open the Network preferences pane and deselect Built-in FireWire. Apply the change.

5.
Launch Server Admin on your server and turn off the following services:

  • DHCP

  • Firewall

  • NAT

  • VPN

Click Stop Now in any alerts that appear.

6.
Open the Service Backup Configurations folder on your desktop, drag the appropriate PLIST files into their respective settings windows, and save the changes.

This returns all the services to their preconfigured states.

  • Creative Edge
  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint