Lesson 2: Set up local infrastructure

After you have the public-facing network in order, you need to configure your internal network and provide a way for external connections to reach your server.

Step 1: Configure your local network

This lesson assumes that you have a router (or cable modem) from your ISP that provides the following services to your internal network:

  • DHCP: The router distributes private network IP addresses to the computers and devices on your network.

  • NAT: The router keeps track of which internal network made a connection outside the network, and returns responses to the originator.

  • Port forwarding: The router can send certain address ports (usually representing kinds of network services) to a specific internal address.

  • Firewall: In most consumer routers, the NAT and port forwarding functions serve as the network firewall, and configuring those two features constitutes firewall configuration.

The most common setup

Your server is connected to a cable modem or DSL modem. The modem is typically provided by your ISP. The modem serves as the router for your local network, providing the services explained above.

ISP router bridges to Internet

If your router is an AirPort Extreme Base Station

If your router is an AirPort Extreme Base Station, OS X Server can control and administer it directly, allowing for easy, seamless configuration. Because the Server app knows what services you have enabled, and what its private, internal address is, it can automatically configure port forwarding for you:

AirPort Extreme bridges to Internet

If you can’t use only an AirPort Extreme

If you can’t use only an AirPort Extreme, you can put your ISP’s router in “Bridge mode,” then put the AirPort Extreme between the ISP’s router and the rest of your network:

Airport and ISP router bridge to the Internet

The following configuration steps make setting up your network services easier.

  1. Reserve an IP address for your server in the DHCP service.

    This lets your server keep the same internal IP address after restarting the server or router.

  2. Set up port forwarding to the server’s reserved IP address.

    Forward all well-known ports for the Internet services you’re planning to use. See Well known TCP and UDP ports used by Apple software products.

  3. If you know that you want to limit certain services to certain network addresses, create those address groups in the Server app.

    For more information, see Server Help.

Step 2: Provide directory service

If you have more than one user in your small business, you’ll want a centralized place to keep track of user accounts for the services on your network.

A local network directory is a good place to keep track of user accounts. OS X Server provides an LDAP-compatible directory service called Open Directory that’s easy to use and provides user and group management for its services.

When starting Open Directory, you need to have the following information:

  • Organization name: This name helps users recognize your Open Directory server.

  • Admin Email Address: This provides users with an email address for support and authenticity of your Open Directory server.

You also need to create a password for the Directory Administrator:

  1. Select Open Directory in the Server app sidebar.

  2. Turn on Open Directory, then follow the instructions in the setup assistant.

    When asked, choose to create a new Open Directory domain.

Step 3: Provide service access

Now that your network is in good shape and the directory is up and running, it’s time to turn on a test service and make sure everything is working smoothly.

  • Web service is a good test of your server’s reachability.

    Go ahead and try the Host a website tutorial. It includes a configuration to make sure your SSL certificate is working correctly.

  • Once you have a service configured, use the built-in reachability feature to make sure the service is available over the Internet.

    For more information, see View Internet reachability details in Server Help.

Go to Lesson 3: Set up users and devices.