[turtle]

Got any tips for me?

Here's the scenario: Organization that was very small got a Windows server to make file sharing easier. Ended up setting up a domain and Exchange server. A few more servers and even a terminal server.

So here's the thing, everyone but finance wants to use Mac OS. Truth be told, so do they but they aren't going the change software and VMs aren't in their mindset yet. iPhones and iPads abound in this organization. There are generally 100+ staff members on the network at any one time.

The new server is going to start off as the Public network's DHCP server and iCal server. The are looking at moving mail to Mail Server as well. For now the beginning is small though. We will need to set up accounts on the server for the Mac users on the network to log in with too using the LDAP.

What are some things I need to think about and tip to help make this a smooth move form the Windows servers to the new Mac server. Specifically with iCal and DHCP since that's my start, though I'd love any pointers out there.

[turtle]

So this was not a fun day. 8 hours spent and all I successfully did was get a server out of the box an plugged in.

Why doesn't it handle DHCP like I would expect it to? You set it up as a gateway and assign the WAN to en0 and LAN to en1. Manually assign IP info for WAN and get online with Safari and System Updates. Set en1 to 172.16.1.1 with 255.255.0.0 and enable DHCP with the subnet being 1.51 - 255.254 with the mask being 255.255.0.0.

NAT is running with external set to en0. Why is it I can't get IP addresses from the AP connected to the LAN segment? Am I missing something? When I set it up for the original settings on that LAN (the RV082 the server is replacing) it still doesn't work. That is all the above but a subnet mask of 255.255.255.0 because of the RV082 limitations.

I never did get the iCal running because I couldn't get the basics done.

[turtle]

So no one has any helpful input on this?

[Brad]

Wish I could help, but Exchange and CalDAV are areas I have no experience setting up.

[Gargoyle]

If you are using the AP for DHCP, why did you enable it on the server?

OK, Regardless... Here is what I would do (regardless of hardware, as I have never setup OSX Server):-

Think about the design of your network.
You will probably want to come up with some naming standards for various bits of equipment. Like keeping the 1.1 - 9.253, range reserved for servers, and .254 addresses for routers, and .1's for printers.

As tempting as it might be to say "DHCP the lot", in reality I have never known this to work. There will always be some random printer that refuses to be found unless you know its IP! (However, it's been a good 8 years since I did any real hardcore networking)

You seem to be almost there, but it looks like you are setting up a DHCP pool of 65,000 addresses. I would change your lease range from 1.51 - 255.254 to something like 10.1 - 20.253, assuming 2,500 addresses are enough for the organisation. It's easier to increase the range later than it is to shrink it for some other future use!

Don't forget to set the "router" option for DHCP to be 172.16.1.1 (The server). If you have Windows machines you might want to look at old WINS/NETBIOS stuff you might need. IIRC, Windows machines need some hint as to the domain controller, but I would imagine OSX does this for you.

You have two options for setting up wireless base stations. Ether you can tell each base station to be a transparent bridge, and that all network info/DHCP leases should come from the server, or you can setup each base station to dish out its own addresses from a range outside the main pool.

For example:- AP1 could be setup to dish out 172.16.30.1 - 30.253, AP2 = 40.1 - 40.253, This will give the advantage of knowing which base station someone is using from their IP address.

[Gargoyle]

Oh, and as an addition, you might be having problems with NAT because of the size of the lease pool. Do you know how NAT works?

[Dave]

Quote:

Originally Posted by Gargoyle Oh, and as an addition, you might be having problems with NAT because of the size of the lease pool. Do you know how NAT works?

Off-topic (click to toggle):

I know how NAT works the same way Antonio Banderas knew how a sword works in the beginning of The Mask of Zorro -- "The pointy end goes in the other man."

[turtle]

Thanks for the input I do appreciate it. The pool of 2500 is actually a little small at this point. The network needing the DHCP server is running Public with an average of 2500 during events. 65000 is too much, but it's just to get the system up more so than anything. The APs are dumb devices that don't hand out DHCP but rather take from the server.

Thing is the server is the router/gateway. (Well right now the RV082 is the router again.) Because this is the public network there aren't going to be printers and such on it. It's going to just be systems with internet access.

I will make the pool smaller though. Maybe 10.1 - 30.254 instead. I can adjust that later if our need actually grows that much. As for NAT, I'm not sure what you're asking. I know what a NAT is and what it does but would like ot know what you're getting at?

[Gargoyle]

NAT uses port numbers to build the mapping table. So when host 1 from inside your network connects to google on port 80, the port number from the source (host 1) will get rewritten in the tcp/ip headers to say something like 30,000 by your firewall/router. And obviously the IP changed to the external one! This mapping will then be saved in the router.

Google will then send the replies back to your external IP on port 30,000, which your firewall/router will translate back to your local machine IP and the original port using the lookup table.

Now, the first 1024 ports are reserved on virtually all systems, so this leaves a little over 64,000 port numbers that are usable for mapping. So with an address pool of 65,000 things can potentially go bad. I assume the software knows this and might be refusing to enable NAT and hiding a message in a log file somewhere!

I am now guessing because I have not worked on such large networks, but I assume to support so many internal hosts, you'll need more than 1 external IP address.

Hope that sheds a little light on it. As I mentioned, it's been a long time since I did serious network stuff and even then 100 hosts on the internal network was the max I think! Which is why I asked first, don't want to be teaching granny how to suck eggs and all that!

[turtle]

This is a great explanation. I knew most of that but am glad to hear the bigger picture. No one mentioned the port mapping part of it just the connection of external IP to internal.

So it looks like this project has opened Pandora's Box for our organization. Total rework of the IT is what ended up happening. We are moving to VMs for the servers and looking to get a SAN/NAS setup etc..

So I'm just going to be assisting someone else now. Thanks for the inout though.