Mac mini Server as a gateway/router

Similar Messages

• Mac Mini (2012) as Wireless Gateway

  I want to turn my mac mini into a wireless gateway. I  have "pf" I need to know how to turn on wireless ap mode on? What command line tools are available? OpenBSD has "hostapd" for this.
  I plan to have my mini serve as my gateway router as well as media and file server.
  Thanks!

  what you have done is allowed resource sharing so that another computer can share the broadband connection via an ad hoc peer to peer connection.
  however, this mini is not acting as a router, nor is it designed to, as it does not posses the server software. OS X Server does not currently run on Intel processors. if it did, then the Mini would be able to act as a router plus all of the other network security features that are available in OS X Server. Mac is likely to migrate all servers to the Intel platform, however when they do, it remains to be seen which intel platform that will be and if it will be compatible with Core (1) Duo / Solo processors.
  wireless routers can be had for under $50 with the features that you seek.

• Setup VPN on Mac Mini Server running OSX through a BT Hub Router

  Hello everyone,
  I know this question has been posted several times and I have looked at the suggested solutions, trying each of them. I think this is really down to my lack of knowledge hence hoping someone out there could point me to the right direction for more resources / information, please.
  I am trying to setup a Mac Mini Server with VPN access. My server sits behind a BT Hub router. These are the steps that I have been through:
  1. I am using the server app and after registering a free account with no-ip, I got myself a host name <myname>.ddns.net.
  2. Then I setup the server using a domain name
  3. I configured the DNS by first setting up a primary zone - zone: ddns.net. Then added machine record host name: <myname> pointing to my server which I have configured my router to assign a static ip address to it at 192.168.x.x
  4. Then, I configured the VPN setting up for L2TP and PPTP, setup the shared secret, change the ip address range to match that of the DHCP range on my router. My router by default has a DHCP range between 64 - 253.
  5. Then, I also configured my router to port forward 500, 1701, 1723, and 4500 to my server at 192.168.x.x (I selected both TCP and UDP).
  6. Finally, setup a user account with account name test and password abcd12345
  7. Gone on my "client" machine which is basically my Samsung S4 handphone, selected VPN -> PPTP -> server address: <myname>.ddns.net -> entered account name test and password abcd12345.
  This didn't work.
  Then, I read some post about manually configure DHCP on the server app. Went on the server app, turned on DHCP and setup a network named TestDHCP. Assigned ip address range between that of the default DHCP range on my BT Hub router.
  This does not work either.
  Could someone please kindly help me with it? I am completely lost.
  Thank you in advance.

  To run a public VPN server behind an NAT gateway, you need to do the following:
  1. Give the gateway either a static external address or a dynamic DNS name. The latter must be a DNS record on a public DNS registrar, not on the server itself. Also in the latter case, you must run a background process to keep the DNS record up to date when your IP address changes.
  2. Give the VPN server a static address on the local network, and a hostname that is not in the top-level domain "local" (which is reserved for Bonjour.)
  3. Forward external UDP ports 500, 1701, and 4500 (for L2TP) and TCP port 1723 (for PPTP) to the corresponding ports on the VPN server.
  If your router is an Apple device, select the Network tab in AirPort Utility and click Network Options. In the sheet that opens, check the box marked
            Allow incoming IPSec authentication
  if it's not already checked, and save the change.
  With a third-party router, there may be a similar setting.
  4. Configure any firewall in use to pass this traffic.
  5. Each client must have an address on a netblock that doesn't overlap the one assigned by the VPN endpoint. For example, if the endpoint assigns addresses in the 10.0.0.0/24 range, and the client has an address on a local network in the 10.0.1.0/24 range, that's OK, but if the local network is 10.0.1.0/16, there will be a conflict. To lessen the chance of such conflicts, it's best to assign addresses in a random sub-block of 10.0.0.0./0 with a 24-bit netmask.
  6. "Back to My Mac" is incompatible with the VPN service. It must be disabled both on the server and on an AirPort router, if applicable.
  If the server is directly connected to the Internet, see this blog post.

• Mac mini server refuses to get DHCP address from router

  Everything was going along fine. But after a power outage the server goes to a 169. address when the router puts out 198. addresses. If I put a static 198. address in it sees the network but won't connect to the internet. I've flashed the router (everything else sees the router fine, 3 computers and a time capsule). I've had the hardware checked at the Apple store - it picked up an address right away. After narrowing everything down the problem has to be in the operating system. I even did a full time machine restore to the day before the storm. No luck. Anyone heard of this problem.

  Mauricette has a point.
  A server function is not designed to accept a floating or dynamic IP address.  If that is the case, how do you create firewall rules that prevent those unnnecessary ports being left opened from being attacked by rogue machines in Romania and China on a hourly basis when you announce to the world that your server is available if the server IP address keep changing due to the DHCP lease change?  Yes, they do have bots that do this VERY EFFICIENTLY!
  By changing the very nature of your firewall rules by working with DHCP, you are opening ports you do not know to accommodate DHCP dynamic addressing, which was the reason why your Mac Mini Server stopped working in the first place.  It's ok for a client, since a client isn't serving any files to any one right.
  By using client based firewall rules, you are exposing your server to attacks and when they get through your Mini server, which they can if they are persistent, they get into your home network and then whatever file server services you have opened and unprotected at the time WILL BE copied by these people easily. 
  I have a client once who did just that.  She was attacked, the hacker went through her network like a rampaging bull.  They were from China.  My Synology RAID server gets this attack all the time, but I have a well establish IDS system and the Synology RAID has logs that tracks attacks.
  For a server setup.  Use static IP and then build a strong firewall around it and protect it and never compromise.
  Recently, I just noticed someone somehow hacked and broke my WPA-PSK AES passkey for one of my Wireless N network router.  It was not set up with a strong password though, but thankgod I had a firewall around that so my internal networks were safe. So this teaches you that if someone wants in bad, they will get in. 
  Hope this helps.

• Cannot see Mac Mini Server from Internet: DynDNS alias gets thru cable modem to wireless router, not to the Mac Mini. How to configure?

  I want to make my Mac Mini Server (Lion) visible to the Internet from my home LAN. I have followed the Lion server install wizards and also set up a dynamic DNS at DynDNS.com.
  When I enter the Internet address with the proper alias from a web browser, I get dumped into the admin screen of the Linksys wireless router WRT300N. Hint: the WRT300N provides DHCP for the LAN, not the cable modem providing DHCP. The WRT300N has DDNS service set up. NAT and RIP are disabled. The Mac Mini DHCP is reserved.
  Suggestions? I could use the Motorola Surfboard SB6121 to provide DHCP but have hesitations.
  Point me to the right discussion/article and get me back on track, please.

  This sounds like a simple port forwarding issue, but I don't understand your LAN setup.
  The WRT300N has DDNS service set up. NAT and RIP are disabled.
  The chances are, you're running NAT somewhere in your network. If not the WRT then what? If it's your cable modem then you must have port forwarding configured on the cable modem, and that's where you need to focus - change the port forwarding to point to your Mac Mini's address rather than the WRT.
  HOWEVER, it is far more common to have the wireless router perform NAT and DHCP, which is why I question your setup.
  Not directly related, but:
  The Mac Mini DHCP is reserved
  Nix this. Your server should be configured manually, with a static IP address, not DHCP, even with a reservation in the DHCP server. The only advantage of DHCP is for dynamic hosts (hence the 'D' in 'DHCP') or if you expect to change your entire local subnet on any kind of frequent basis. The reality is that you can't just change the IP address of Mac OS X Server like this - there are too many dependencies, so it's better to set it manually, knowing that there's a cost (and pain) to change the server's address.

• Mac Mini OSX 10.6.5 config w/ cable/modem-AEBS-mac mini server

  I'm new to OSX server, and have recently had to change locations of a OSX 10.6.5 Mac Mini. I am setting it up now as a home server and need to access from outside the home. I have had a wonderfully operating AEBS for many years, but once I started trying to set-up the mac mini server, I started having problems configuring the server to play nicely with the AEBS.
  Back to basics, because for what I need the AEBS is sufficient (and technically capable) of acting in concert with my mini server (from all I've read, anyway). I just cannot configure them correctly without causing problems.
  Equipment:
  AEBS w/ version 7.4.1
  Mac Mini OSX 10.6.5
  iMac OSX 10.6.5
  (2) MacBook Pros 10.6.5
  (2) iPhones IOS 4.2
  I have a static (known) IP from my ISP. I have no problem with configuring the AEBS to work with everything, until I plug in the mac mini. I realize the older configuration for the prior server set-up is incorrect, but making minor adjustments for moving to a AEBS from the Cisco UC500 set-up has been greater than my technological experience.
  I am versed in networking, but cannot seem to get the correct configuration, and the only thing the Apple manuals have is a 'possibility' this can be done, but no specifics I can find for controlling the AEBS settings from the mac mini when connected on the LAN port of the AEBS (that's when the problems start).
  Here's where I've tried and cannot access the Serv Admin program when I connect the mac mini to the AEBS LAN port:
  (1) changed AEBS Connection sharing to Share a public ip address
  (which I understand makes "advanced" "port mapping" possible)
  (2) set AEBS Internet connection to connect to router on 192.168 network
  (3) set AEBS to offer DHCP in 10.0.1 range
  (4) set AEBS capsule own address to be 10.0.1.1
  PLUG in ethernet cable to Mac Mini and Time Capsule
  Activate Ethernet and deactivate Airport
  (5) set Mac Mini Server Manual ip address to 10.0.1.2
  (6) set Mac Mini Server DNS addresses to 127.0.0.1, 10.0.1.1
  (7) set Mac Mini Server / Server Admin / DNS / Zones / Machine name / IP Address = 10.0.1.2
  Any advice on where to start trouble-shooting?

  The AEBS gets your public static IP address, and otherwise performs NAT.
  (The AEBS is a good home box, but not a server-grade firewall. I do run AEBS and Time Capsule boxes, but these are generally operated as WiFi Access Points (what Apple calls "bridging"), and not as WiFi routers, and definitely not as server gateways.)
  The AEBS DHCP server configuration for DNS services is set with the IP address of your new server; that's your DNS server now. Caution: +There are no references to ISP DNS nor other DNS servers.+ You're running DNS (well, you will be soon), so your local network will be configured differently than a client network.
  Your Mac Mini Server is configured in a /24 subnet in one of the private blocks (eg: 10.0.0.0/8) somewhere. This for future VPNs, as everything on the planet is crammed in a few 192.168.0.0/16 subnets.
  The AEBS DHCP server can be used to pass out a pool of addresses in that private /24, but the server must have a static IP address.
  [Get your DNS services going for your LAN now.|http://labs.hoffmanlabs.com/node/1436] Don't skip this step. DNS is essential to servers, and you'll be serving DNS on your LAN. I'd suggest a real and registered domain here or a subdomain of a real and registered domain, as changing domain names on a network is an increasing pain in the rump as the network scales up.
  For DNS services, your Mac Mini (and only your Mac Mini) will refer only to itself via the 127.0.01 on its network controller. (This is an odd case; the box is referring to itself, so it's the IP loopback address and not your LAN static IP address.) Everything else on your LAN will refer to the static IP address of your Mac Mini DNS server either via static configuration, or via the AEBS DHCP server's DNS setting referencing your Mac Mini server that are received from the DHCP server with a dynamic address.
  Work your way up to configuring Open Directory (LDAP), and Kerberos, then configure the rest of the accouterments.

• Mac mini server networking and DNS setup help

  Thanks in advance to anyone who can help me with this. I'm working at a small business where I'm the only guy with any IT experience at all, but I'm new to Macs and OS X (<1 year) and being a server admin so please bear with me.
  We just bought a Mac mini server as we are expanding from a bunch of workstations and Google Docs. I've just gone through the installation process, but nothing else is on the server, no user data at all, so if the answer is to reinstall from scratch, I can do it.
  We'd like the mini to be a file server, print server as well as the gateway for the internet. I realize we could stick to our router and have the server as another node in the network, but we also got a Time Capsule for backing up the server and will locate it in another room to be another wireless access point there.
  When going through Server Assistant, I didn't really know what to name the machine so I used corp-Server.local for the Current Hostname and corpserver.private for the DNS Hostname (though i actually use a 3-letter company acronym instead of "corp").
  However, i realized after setup we'd want to access the server externally by name, so I changed the DNS hostname to server.companyname.com in the Zones tab of the DNS section of Server Admin (edited primary zone name, changed Nameservers entry for both primary and reverse zone).
  I don't know what else I need to do though because there are loads of instances where corpserver.private still shows up, like in the Open Directory section of Server Admin (which btw always hangs when I open it) and the Contact Info of users (eg. user email is [email protected]). I also had trouble earlier using Server Preferences and Server Admin either not connecting or not recognizing my login, but that seems to have abated.
  I guess my problem is, where else do I change the DNS hostname? Or do I have to change the DNS hostname back to corpserver.private (in Server Admin)? That way, I think at least everything will be consistent, but would I be able to still configure it somehow so that externally, we could access the server by the server.companyname.com URL?
  Also, can the mini be a wireless router for the office? As mentioned before, we want to cut the existing wireless router out and use the mini instead (and use the Time Capsule as a wireless bridge).

  So the ISP<->router connection can have a dynamic IP address, but the router<->server one should be static? I guess that means I have to set the IP address in the router. I hope I can get access to it. I don't suppose it matters which one I set first?
  An IP router does not assign addresses.
  A DHCP server does assign IP addresses upon receipt of a DHCP request from a client.
  Some routers (and many firewall routers) do include a DHCP server.
  A box with a static IP address does not need to send a DHCP request; it has a static address.
  You'll need to ensure that the IP address pool within the DHCP server does not overlap the addresses that are manually assigned to your local hosts; the static IP addresses on your LAN.
  [Here is an overview of the pieces involved here, and some of the typical terminology|http://labs.hoffmanlabs.com/node/275].
  I hate to belabour the point, but I just want to clarify: in my setup where ISP<->router<->server<->clients, where the server is the only machine connected to the router, which one should be the local DNS server? The server, right? So if the DNS server is turned on in the router, I should turn it off? Or do I need both (ie. router for its LAN (to server), and server for its LAN (to clients))?
  So to confirm, the configuration includes (probably) a modem, a router (firewall) and a router (Mac), and then the rest of the (local) show? That is not the simplest configuration, and it's Particularly given that Mac boxes make expensive and slow routers.
  The usual configuration is ISP>firewall>LAN and the LAN is usually built from WiFi, wired connections and switches. Within one subnet (which is typical) any host inside your firewall is connected on the LAN, and can communicate (directly) with any other LAN client. The firewall is configured as the gateway; that's the default route for outbound connections.
  One more thing that's bugging me: I still don't understand why I couldn't connect to the internet when I plugged in the Ethernet cable from server to router. Even if I was using DHCP to get a dynamically allocated IP, shouldn't it still have worked? I'm worried that I'm going to set up everything as it should be but the connection still won't work.
  That's likely because you're trying to use the Mac as a router, and that takes specific configuration steps. It's easier to have ISP>firewall>LAN, and have the Mac OS X Server box and the rest of the stuff as peers on your LAN. If you really want to use the Mac as an IP router, look around for setting up static routes on Mac; there are postings around for that.
  If your data is more valuable and your security preferences and requirements are higher, then you may want a firewall with a DMZ, and put your web-facing boxes over in the DMZ. If you're serving stuff to the web or a mail server or such, it's possible to get breached, and a breach means folks can potentially get further into your LAN. With a DMZ, they're somewhat more isolated from your LAN.

• Mac Mini Server setup with airport express

  I have had issues trying to setting up mac mini server on my network. I wonder if my current hardware is the problem? At present I have a Thomson Router plugged into an airport express which broadcasts wifi for my house. I have been connecting to my wifi with my mac mini server. Despite running server assistant and setting up a DNS server in Mac Mini server no clients are able to connect to the DNS server (i.e. dig command works on server but not on clients). I found reference somewhere on the internet to the fact that the mac mini server must be plugged into the router via ethernet for it to be setup properly.
  Could this be the cause of my problems? Is it true?

  Just to clarify this is an airport express and not airport extreme therefore I am reliant on a wireless connection between my mac mini server and the airport express.
  The model of the Airport device here is largely irrelevant.
  Currently my Thomson router serves out an address of 192.168.1.67 to airport express router.
  Do you have any control over the gateway router?
  The airport express is configured to share out a single IP address
  Double NAT (which is what you have here) will cause you problems. Get rid of one layer of NAT.
  The airport express gives out addresses in range of 10.0.1.2-10.0.1.202 with 10.0.1.1 being the address for the airport express and 10.0,1.201 being assigned via DHCP to the mac mini server (using its MAC address to reserve the address)
  Within the private blocks, the IP addressing organization is your decision.
  The DNS server is set on the airport express to 10.0.1.201 (i.e. my server).
  OK. (I usually pick smaller numbers for more important boxes, because I tend to type addresses for those boxes more than the addresses of the boxes over in DHCP-land. But again, this is your call.)
  I guess I wondered if something funky was going on with server assistant during the setup. A post I read somewhere (I've lost the link) was someone in an identical situation who had issues and said that apple had stated that he need to be directly connected to the router by ethernet cable to get things working. I wondered if this is the issue. An airport express does not have a spare ethernet port to plug into so I wonder if I need to buy a wireless router with built-in ports i.e. airport extreme (expense+) or something similar.
  I'd probably switch the box to access point, but that presumes you can get (more) control over the gateway router.
  I can access by Thomson router but I able unable to change the DNS servers that it provides (set by my ISP) from the GUI. I'm sure you could probably do it from the commandline but I think this is beyond me. I did wonder if that is what is causing problems
  Talk with the ISP. You'd prefer to have the device switched to a bridge, if that's feasible. If not, then you're going to have to work within the confines of the particular model.

• New Mac Mini Server Network Issue

  I recently purchased the new Mac Mini Server with 10.6 to use as a Content Filter/Web Server for a small private school. While trying to set it up, using the on board ethernet and a USB to Ethernet adapter, I have lost all ability to acquire an IP. IT does not matter if I use the on board ethernet, the USB adapter, or the Airport. All three return a self-assigned IP. I know this is related to the machine since I can still access the cable modem setup by typing in 192.168.100.1. And I brought it home to work on it a little more and the bonjour services are detecting the other macs on the network.
  I tried trashing my network preference plist, but no change.
  I am considering doing a fresh install since I think the initial setup was borked. But I thought I'd hit up the board and see if anyone else had a thought before I begin that process.
  thoughts?

  I have setup this configuration several times with both a MacPro and the smaller mini setup. The gateway setup we are describing is about as simple as it gets (static IP, gateway running all services so 1 IP address, gateway set as 192.168.1.1 on the local net. Simple DHCP and DNS "server.local", and "server.xxx.com" external).
  I would be overjoyed to find that I can configure this by setting up some simple overrides in the routing. I would point out in defense that _everything else_ works perfectly basically by default.
  1) dns on server: local and external, forward and reverse from itself and the local network - check
  2) services on server (all of them): from itself and the local and external networks - check
  3) network access (ie NAT & Firewall) for local machines - check (web, streaming, even bittorrent)
  The only issue I see is that remote clients cannot access the gateway itself properly though VPN. UPD return packets seem to be mis-routed through the physical interface rather than the virtual one.
  ALL other operations (Mail, iCal, iChat, Push, Web Services, Wiki, Web Mail and iCal, NAT) work perfectly for the server, local network, and external hosts. The above problem only happens for vpn clients, and then only for connections from them to the gateway itself, and only for UDP packets.
  I would really love to know how to fix it, especially if this can be explained by a needed custom rule (But I'm guessing not given the otherwise full functioning system). Are you saying that to make VPN work you need to add custom routing info that is not described in the Server docs? If so what?
  Thanks,
  Hunter

• How to set up my mac mini server to use two drives seamlessly?

  I have a mid 2010 mac mini server, with OSX Lion installed. It has dual 500gb hard drives.
  I've been moving all my important files to it, and I've always assumed that once I filled one disc, it would seamlessly transfer over to the other and continue backing up. This does not seem to be the case.
  I'm at roughly 495gb of data, and when I try to move a 10gb file onto my server, it tells me that I don't have enough disc space to continue the operation.
  What can I do to make use of both drives?
  -Thanks

  It sounds like what you're asking for is to have the two drives in a RAID 0, where the two 500 Gb drives look like a single 1 Tb drive. I'm not sure the exact procedure for installing RAID 0 on a mini's internal drives, but the process would involve backing up, reconfiguring for RAID (which destroys all data,) restoring data from the backup, and more risk than I would personally find acceptable. I'd expect to lose a full day with the backup and restore steps. I can guarantee, there will be pain.
  Instead, I'd suggest looking at what's consuming the 500Gb, and seeing if there are particular folders that can be moved. For example, a shared folder is pretty easy. Copy it over. In file sharing setup, edit the share to point to the new location. Make sure remote users disconnect, and reconnect to the "new" share. When you're happy there is no data loss, delete the old location.
  User's home directories can also move, but the process has a few more steps, and depends on how the accounts are built (local vs. OD)
  If the majority of the data is in a single "your backup files" folder, shared or otherwise, then I would just set up a second folder on the second drive and write to it, leaving the first alone. If it is truly a backup, then you could make the first folder read-only at this point for extra protection. If you go the 2 folder route, keep in mind your boot drive is operating with 1% free space, I like my drives to have at least 15% free, and OS drives more like 25% (you'll find some range in recommended %-free, but most will agree 1% is too little) so move SOME stuff to the new folder, before closing the old.

• How To Set Up Mountain Lion Server/Point DNS to Mac Mini Server

  Hello, First of all I have no experience with setting up servers whatsoever. Below is what I have
  - Mac Mini with Mountain Lion Server
  - Time Capsule as my router
  - Comcast as my service provider
  My goal is to set up my MacMini as a sharepoint for files and other data with my other partners.
  - I have purchased a domaine name from NetworkSolutions. Does this mean that they are my DNS hosting as well? Not really sure. My biggest question is how to point my DNS to my mac mini server correctly.
  1. How do you point the DNS to my mac mini server.
  2. I've read somewhere to use the IP address from my mac mini server. The only IP address I see is from my Time Capsule (router). I know what my public IP adress is but I am not sure if that's the one to use. I think once I figure this DNS thing I can figure out the rest.
  Thanks - Need lots of help.

  Here's a detailed write-up on setting up internal (private) DNS on OS X Server, and no, you're probably not going to be setting up external DNS on your servers.  Your public DNS service will be hosted on and served from the Network Solutions DNS servers.

• Access Mac Mini Server (profile management) through reverse proxy

  Hi,
  Newbie in Mac's world and yet trying to make it more complicated as it is.
  As we recently (last month) decided to equip our sales force with iPads, they were configured through Apple Configurator tool running on a dedicated Mac Mini Mountain Lion.
  Now, I'd be keen in moving this configuration to the Profile Manager, part of the OSx Server plugin. So far so good.
  Problem is the following : another web server is already on the LAN using both 80 and 443 ports. So all incoming traffic on those ports was routed to this other server. As Mac Mini Server default http/s ports may not be altered, I installed a reverse proxy server (Oracle VM - Ubuntu 12.04LTS - pound), configured to deal differently traffic on those ports according to the domain name (host) of the web request (header). Each 'local' server has been allocated a domain name. Just to be clear, traffic is now routed by the WAN/LAN router, for those ports, towards the reverse proxy, configured to reroute the traffic to the correct destination.
  So far so good, it works like a charm, except... as soon as we enter https protocol on Mac Mini Server Profile Manager.
  Access from an iDevice to the Mac Mini Server Profile Manager login page is fine, but as soon as password is confirmed, safari is pending and finally a message 'An internal serer error occured. Please try later again' appears.
  Looking to both reverse proxy system log and Mac Mini profilemanager.log files to trace the problem, the following lines are produced at this particular moment :
  reverse proxy system.log
  Jan 15 14:44:03 reverseproxy pound: 91.... GET /devicemanagement/console/apple_theme_v2/en/da56af0a69e733b259dac3991419fa928b4 94a56/resources/images/sprites/me_controls.png HTTP/1.1 - HTTP/1.1 200 OK
  Jan 15 14:44:03 reverseproxy pound: 91.... GET /auth?redirect=http://osxsrv.fiks.net/devicemanagement/api/authentication/callback HTTP/1.1 - HTTP/1.1 302 Moved Temporarily
  Jan 15 14:44:04 reverseproxy pound: 91.... GET /devicemanagement/api/authentication/callback?auth_token=336952DE-BDDE-4390-82F 7-8475B79FB2D3 HTTP/1.1 - HTTP/1.1 302 Moved Temporarily
  Jan 15 14:44:04 reverseproxy pound: (b7680b40) e500 can't read header
  Jan 15 14:44:04 reverseproxy pound: (b7680b40) e500 response error read from 192.168....:443/GET /profilemanager/ HTTP/1.1: Success (0.007 secs)
  Jan 15 14:44:08 reverseproxy pound: 91.... POST /devicemanagement/api/magic/get_updated HTTP/1.1 - HTTP/1.1 200 OK
  OSx Server profilemanager.log
  Jan 15 14:44:05 osxsrv ProfileManager[1748] <Info>: Processing MagicController#do_magic (for 91.... at 2013-01-15 14:44:05) [POST]Jan 15 14:44:05 osxsrv ProfileManager[1749] <Info>: Processing MagicController#do_magic (for 91.... at 2013-01-15 14:44:05) [POST]
  Jan 15 14:44:06 osxsrv ProfileManager[1748] <Info>: Completed in 492ms (View: 0, DB: 6) | 200 OK [http://osxsrv.../magic/do_magic]
  Jan 15 14:44:06 osxsrv ProfileManager[1749] <Info>: Completed in 687ms (View: 0, DB: 5) | 200 OK [http://osxsrv..../magic/do_magic]
  Jan 15 14:44:07 osxsrv ProfileManager[1750] <Info>: auth_token doesn't exist
  Jan 15 14:44:07 osxsrv ProfileManager[1750] <Info>: Filter chain halted as [:verify_auth_token] rendered_or_redirected.
  Jan 15 14:44:07 osxsrv ProfileManager[1751] <Info>: Processing MagicController#do_magic (for 91.... at 2013-01-15 14:44:07) [POST]
  Jan 15 14:44:07 osxsrv ProfileManager[1751] <Info>: auth_token doesn't exist
  Jan 15 14:44:07 osxsrv ProfileManager[1751] <Info>: Filter chain halted as [:verify_auth_token] rendered_or_redirected.
  Jan 15 14:44:07 osxsrv ProfileManager[1751] <Info>: Completed in 4ms (View: 1, DB: 14) | 403 Forbidden [http://osxsrv..../magic/do_magic]
  Jan 15 14:44:07 osxsrv ProfileManager[1748] <Info>: Processing MagicController#do_magic (for 91.... at 2013-01-15 14:44:07) [POST]
  Jan 15 14:44:07 osxsrv ProfileManager[1748] <Info>: auth_token doesn't exist
  Jan 15 14:44:07 osxsrv ProfileManager[1748] <Info>: Filter chain halted as [:verify_auth_token] rendered_or_redirected.
  Jan 15 14:44:07 osxsrv ProfileManager[1748] <Info>: Completed in 45ms (View: 1, DB: 43) | 403 Forbidden [http://osxsrv..../magic/do_magic]
  Jan 15 14:44:07 osxsrv ProfileManager[1750] <Info>: Processing MagicController#do_magic (for 91.... at 2013-01-15 14:44:07) [POST]
  Jan 15 14:44:07 osxsrv ProfileManager[1750] <Info>: auth_token doesn't exist
  Jan 15 14:44:07 osxsrv ProfileManager[1750] <Info>: Filter chain halted as [:verify_auth_token] rendered_or_redirected.
  Jan 15 14:44:07 osxsrv ProfileManager[1750] <Info>: Completed in 55ms (View: 0, DB: 1) | 403 Forbidden [http://osxsrv..../magic/do_magic]
  Jan 15 14:44:08 osxsrv ProfileManager[1749] <Info>: Processing AuthenticationController#callback (for 91.... at 2013-01-15 14:44:08) [GET]
  Jan 15 14:44:08 osxsrv ProfileManager[1749] <Info>: Redirected to https://osxsrv..../profilemanager/
  Jan 15 14:44:08 osxsrv ProfileManager[1749] <Info>: Completed in 149ms (DB: 5) | 302 Found [http://osxsrv..../authentication/callback?auth_token=[FILTERED]]
  I guess the '302 Found' is causing or explaining the problem.
  I agree this might not be a Mac issue, so I still knock your doors hoping some of you could at least give a hint for what to search for !
  If the pound configuration file is of interest, just ask, but this is pretty trivial, saying basically listen these protocols (http/https) on these ports (80/443) and according to Header content (check destination host) and reroute packet to LAN device (with given LAN IP address).
  As the default port(s) of the Mac Mini Web Services may not be altered (so far I know), I guess I am stuck using 80 and 443 anyway.
  Maybe should I invest time in changing my other apache server ports to some more exotic 8080 or 88 or whatever so Mac Mini Server Profile Manager default ports 80 and 443 are maintained and can be easily and directly rerouted to my Mac server without any reverse proxy along the way.
  Thanks in advance for your help
  Alx

  HI All,
  i'm also using reverse proxy technique to publish my server to the internet. The ip is used by twice domains. The problem is by using the profile manager
  after login it redirects the url to the Local Area network addresse instead to the domain.
  How to configure this on OS X Server and the Profile Manager Service?
  Kind Regards
  Oemer

• Mac mini server - Can't access Internet

  Hello. Using a Mac mini server as the media server for my house. Not really using any of the Snow Leopard Server services though. Wanted the larger hard drive and didn't need an optical drive so this was perfect for me. At any rate, recently noticed that the Mac mini can't access the Internet. It talks to the other Macs and Apple TVs in the house fine but it can't load a web page. I looked at the preferences and everything and can't see anything wrong. Plus, all my other computers get on the web fine. Any ideas? Is there a specific setting I should check? Thanks in advance.

  Can you describe your LAN and how it connects to the internet, as well as how the device that acts as your router is configured to interact with the computers on your LAN and how the individual computers are configured to connect to the routing device?
  Dah•veed

• Mac Mini Server freezing in install when choosing PPPoE

  I have a Mac Mini Server and when I go through the installation procedure and choose the connect PPPoE from the Network settings, the installation hangs every time.
  I have already tried several clean installs from the Mac Mini Server disc to no avail.
  Suggestions?
  Thank You.

  What part of the install process do you have trouble with? I'm assuming, and I think Tony did as well, you're talking about the server setup assistant that launches once the OS is installed. Naming your server/domain is a critical part of setup, as is DNS. If you put faulty configs in during setup, or try to setup services before DNS is working, you'll run into trouble - so please include whatever you're trying to do - if you're new to servers, most everybody around here will be helpful or at least understanding.
  In any event there's a great tutorial at
  http://www.wazmac.com/serversnetwork/fileservers/osxserversetup/index.htm
  While I agree with Tony that PPPoE isn't the best bet, you ought to be able to make it work - but you will need a static IP for your server. Best bet is probably to make it a static IP on your LAN using NAT and let your router/firewall have the live IP. But more info is always better - what are you trying to setup and what other equipment/network stuff is already going on? There are a lot of ways to setup a server and to setup a network, and there is certainly no one correct solution. Somebody smart (like Tony) may be able to give you a lot more options with more details. I'll try too, but I'm far from the most knowledgeable person around these parts.
  Another thought - if you're not using the advanced server, I believe you need DNS set up beforehand somewhere - if you just enter your ISP's DNS server info, it won;t have any records for your server. The Wazmac setup notes will walk you through setting up your own DNS for your LAN and using your ISP's DNS for everything on the WAN side.
  Message was edited by: Jeff Kelleher

• Mac Mini Server Hangs, Gets Sluggish

  New 2012 Mac Mini Server (2Gig i7 with 8GB memory). Server App is off, and I'm using it as a standalone unit. Running iTunes on an external Thunderbolt RAID. Running Safari with several tabs open. The iMac generally gets irratic within an hour or so: iTunes may be sluggish, Safari slows or stalls, then eventually the whole system hangs with the fan running at full speed. I have re-set the contoller by removing power for a while and then re-initializing. No help. Seems for a loaded iMac something is very wrong. Any guesses.

  1. This comment applies to malicious software ("malware") that's installed unwittingly by the victim of a network attack. It does not apply to software, such as keystroke loggers, that may be installed deliberately by an intruder who has hands-on access to the victim's computer. That threat is in a different category, and there's no easy way to defend against it. If you have reason to suspect that you're the target of such an attack, you need expert help.
  2. All versions of OS X since 10.6.7 have been able to detect known Mac malware in downloaded files. This feature is transparent to the user, but internally Apple calls it "XProtect." The recognition database is automatically updated once a day; however, you shouldn't rely on it, because the attackers are always at least a day ahead of the defenders.
  The following caveats apply to XProtect:
  It can be bypassed by some third-party networking software, such as BitTorrent clients and Java applets (see below.)
  It only applies to software downloaded from the network. Software installed from a CD or other media is not checked.
  3. Starting with OS X 10.7.5, there has been another layer of built-in malware protection, designated "Gatekeeper" by Apple. By default, applications and Installer packages downloaded from the network will only run if they're digitally signed by a developer with a certificate issued by Apple. Software certified in this way hasn't actually been tested by Apple (unless it comes from the Mac App Store), but you can be reasonably sure that it hasn't been modified by anyone other than the developer. His identity is known to Apple, so he could be held legally responsible if he distributed malware. For most practical purposes, applications recognized by Gatekeeper as signed can be considered safe.
  Gatekeeper has, however, the same limitations as XProtect, and in addition the following:
  It can easily be disabled or overridden by the user.
  A malware attacker could get control of a code-signing certificate under false pretenses, or could find some other way to evade Apple's controls.
  For more information about Gatekeeper, see this Apple Support article.
  4. Beyond XProtect and Gatekeeper, there’s no benefit, in most cases, from any other automated protection against malware. The first and best line of defense is always your own intelligence. All known malware circulating on the Internet that affects a fully-updated installation of OS X 10.6 or later takes the form of so-called "trojan horses," which can only have an effect if the victim is duped into running them. The threat therefore reduces to a battle of wits between you and the malware attacker. If you're smarter than he thinks you are, you'll win.
  That means, in practice, that you never use software that comes from an untrustworthy source. How do you know whether a source is trustworthy?
  Any website that prompts you to install a “codec,” “plug-in,” or “certificate” that comes from that same site, or an unknown one, is untrustworthy.
  A web operator who tells you that you have a “virus,” or that anything else is wrong with your computer, or that you have won a prize in a contest you never entered, is trying to commit a crime with you as the victim. (Some reputable websites did legitimately warn users who were infected with the "DNSChanger" malware. That exception to this rule no longer applies.)
  “Cracked” copies of commercial software downloaded from a bittorrent are likely to be infected.
  Software with a corporate brand, such as Adobe Flash Player, must be downloaded directly from the developer’s website. No intermediary is acceptable.
  5. Java on the network (not to be confused with JavaScript, to which it's not related) is a weak point in the security of any operating system. If a Java web plugin is not installed, don't install one unless you really need it. If it is installed, you should disable it (not JavaScript) in your web browsers. Few websites have Java content nowadays, so you won’t be missing much. This setting is mandatory in OS X 10.5.8 or earlier, because Java in those obsolete versions has known security flaws that make it unsafe to use on the Internet. The flaws will never be fixed. Regardless of version, experience has shown that Java can never be fully trusted, even if no vulnerabilities are publicly known at the moment.
  Follow these guidelines, and you’ll be as safe from malware as you can reasonably be.
  6. Never install any commercial "anti-virus" or "Internet security" products for the Mac, as they all do more harm than good. If you need to be able to detect Windows malware in your files, use the free software ClamXav — nothing else.
  Why shouldn't you use commercial "anti-virus" products?
  Their design is predicated on the nonexistent threat that malware may be injected at any time, anywhere in the file system. Malware is downloaded from the network; it doesn't materialize from nowhere.
  In order to meet that nonexistent threat, the software modifies or duplicates low-level functions of the operating system, which is a waste of resources and a common cause of instability, bugs, and poor performance.
  By modifying the operating system, the software itself may create weaknesses that could be exploited by malware attackers.
  7. ClamXav doesn't have these drawbacks. That doesn't mean it's entirely safe. It may report email messages that have "phishing" links in the body, or Windows malware in attachments, as infected files, and offer to delete or move them. Doing so can corrupt the Mail database. The messages should be deleted from within the Mail application.
  ClamXav is not needed, and should not be relied upon, for protection against OS X malware. It's useful only for detecting Windows malware. If you don't need to do that, avoid it. Windows malware can't harm you directly (unless, of course, you use Windows.) Just don't pass it on to anyone else.
  8. The greatest danger posed by anti-virus software, in my opinion, is its effect on human behavior. When people install such software, which does little or nothing to protect them from emerging threats, they get a false sense of security from it, and then they may do things that make them more vulnerable. Nothing can lessen the need for safe computing practices.
  9. It seems to be a common belief that the built-in Application Firewall acts as a barrier to infection, or prevents malware from functioning. It does neither. It blocks inbound connections to certain network services you're running, such as file sharing. It's disabled by default and you should leave it that way if you're behind a router on a private home or office network. Activate it only when you're on an untrusted network, for instance a public Wi-Fi hotspot, where you don't want to provide services. Disable any services you don't use.