Troubleshooting NAT Internet Sharing

Murus
gbinek
Posts: 3
Joined: Wed Nov 30, 2016 7:26 pm

Re: Troubleshooting NAT Internet Sharing

Post by gbinek » Wed Nov 30, 2016 7:44 pm

I have a Xserve 2009 with 10.11.6, Murus 1.4.5 and two Ethernet links. First one (actually it's port 2, but I changed the order in System preferences) connects to a fibrechannel modem with static IP, second one is on the LAN. Basic NAT is working, everyone on the LAN is able to surf the Internet.

The server app used to provide DHCP services to the LAN, but not any longer after the installation of Murus.

Second question regards VPN: I want to provide VPN services to the LAN but I don't get it to work. Murus Log Visualizer tells me that the VPN packet (port 500) successfully passed, but nothing more. The server log doesn't even mention that a connection was attempted to establish, while the client logs show some agree of success, but the connection doesn't work. Any suggestion?

Thanks in advance

Guido

chrs
Posts: 16
Joined: Tue Apr 12, 2016 7:37 pm

Re: Troubleshooting NAT Internet Sharing

Post by chrs » Thu Dec 01, 2016 9:29 pm

The server app used to provide DHCP services to the LAN, but not any longer after the installation of Murus.
DHCP Server is a bit tricky with Murus. You must allow port 68/69 incoming and outgoing on your LAN interface. Since the clients requesting an IP don't have a valid IP you cannot filter by IP.

I do this by allowing inbound DHCP from group everyone and block groups which contain the external interfaces from the server. Outbound I allow everyone on LAN interface.

I don't know if this is the perfect solution but it works.
Second question regards VPN:
I don't fully understand the situation. Where is the source and target of the VPN located in your setup. Which VPN type are you using?

Greetings, chris

gbinek
Posts: 3
Joined: Wed Nov 30, 2016 7:26 pm

Re: Troubleshooting NAT Internet Sharing

Post by gbinek » Fri Dec 02, 2016 5:15 pm

Thanks Chris for Your support,

DHCP I will try tomorrow.

Regarding VPN I want to use L2TP provided by the Apple Server app. Its the first time I try to do this so please be kind ;-)

The VPN server must be on the LAN side, right? I saw the checkbox for sharing VPN in the NAT dialog but the manual doesn't explain anything so I tried sharing both sides but nothing happens, but I didn't specified 68/69 in- and outcoming, I used the basic services which says to include VPN an DHCP

Thanks again,

Guido

chrs
Posts: 16
Joined: Tue Apr 12, 2016 7:37 pm

Re: Troubleshooting NAT Internet Sharing

Post by chrs » Fri Dec 02, 2016 8:28 pm

First, there is typo in my post it's port 67/68 for DHCP; sorry, but Murus should have this correct in the services library.

Regarding VPN, I still cannot follow you. I think it would be useful if you describe what you want to do with the VPN connection. What problem are you trying to solve with VPN?

Greetings, chris

gbinek
Posts: 3
Joined: Wed Nov 30, 2016 7:26 pm

Re: Troubleshooting NAT Internet Sharing

Post by gbinek » Fri Dec 02, 2016 8:52 pm

Hi Chris,

on the Xserve Filemaker Server is running with custom applications. The goal is to connect via VPN from various business sites to use Filemaker online.

Thanks again

jmhoms
Posts: 1
Joined: Mon Dec 04, 2017 7:30 pm

Re: Troubleshooting NAT Internet Sharing

Post by jmhoms » Mon Dec 04, 2017 7:39 pm

I'm receiving the following error in /etc/murus/murus.nat line1 when I press the test policy button,

nat on en1 from en0:network to any -> (en1)

I followed all the instructions in this post but problem persists after reboot, I tried to fix settings also with no luck, please advise.

Thanks.

Post Reply