IP-forward not working, how do i debug it?

Discussion in 'Mac OS X Server, Xserve, and Networking' started by Sindrers, Jan 20, 2010.

  1. macrumors newbie

    Joined:
    Mar 13, 2009
    #1
    My NAT portforward service to run a MAMP webserver:

    Network setup:

    I have setup a local static ipadress for my machine which is running a MAMP webserver. Which means i always get the following IP-adress 192.168.1.50.
    MAMP works on http://192.168.1.50:8888/ but not on the portforward ipadress
    http://77.XXX.XXX.220:8888/

    ISP ( provides us with 5 static ips. )
    77.XXX.XXX.218
    77.XXX.XXX.219
    77.XXX.XXX.220
    77.XXX.XXX.221
    77.XXX.XXX.222

    The ISP is running a bridge mode from theire router too our Xserve.
    Our xserve(mac os x server 10.6.2) then runs a DHCP service giving users a local IP adress aswell as internet connection.
    Then we have the firewall which is basicly set to allow all traffic.
    I have also tried to set advanced rules to specify it completly without any luck.

    This is the plist file i have generated:
    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
    <plist version="1.0">
    <dict>
    <key>redirect_port</key>
    <array>
    <dict>
    <key>proto</key>
    <string>tcp</string>
    <key>targetIP</key>
    <string>192.168.1.50</string>
    <key>targetPortRange</key>
    <string>80</string>
    <key>aliasIP</key>
    <string>77.XXX.XXX.220</string>
    <key>aliasPortRange</key>
    <string>8888</string>
    </dict>
    </array>
    </dict>
    </plist>

    I have tried to looking in different logs without any luck at all. Can anyone please push me in the right direction on how to debug this?
    My /var/log/alias.log says the following over and over with different udp, tcp, sock and tot.

    icmp=0, udp=48, tcp=61 pptp=0, proto=0, frag_id=0 / tot=106 (sock1)

    I have also checked "sudo ipfw list" and both port 8888 and 80 is openend from any to any.
     
  2. macrumors 601

    Joined:
    Aug 15, 2005
    #2
    I know nothing about setting this up in OS X Server. Looking at the above, I assume the target* lines are the real IPs on the inside and the alias* lines are for the NATed address on the outside.

    If the inside server can be browsed on 8888, then the targetPortRange should be 8888, not 80 (since targetIP is the internal address).

    Then if you want to browse http://77.XXX.XXX.220, then change the aliasPortRange to 80. If you want to browse http://77.XXX.XXX.220:8888, then leave aliasPortRange as 8888.
     

Share This Page