The NATural - Documentation
Documentation
1.) Overview
2.) System Requirements
3.) Installation
4.) Getting Started
5.) Known Bugs/Limitations
6.) Notes
7.) Security
8.) Troubleshooting
9.) Removal
10.) Coming Soon
11.) Legal
The NATural is a GUI tool to manage the NAT settings of Mac OS X Server. The NATural allows you to configure many of the settings that Server Admin will pass to natd.
Apple's Server Admin software provides only a limited interface to control NAT routing functions. The underlying process, natd, can accept many more arguments. Although Server Admin does not provide an interface to these functions, it does respect all settings that natd supports. The NATural does not modify or replace any Apple software, it simply provides an interface to these settings. Control of the NAT process is handled by the "serveradmin" command line tool.
This software is, and will always be free! Donations, however, are always encouraged if you find The NATural useful.
The NATural will run on Mac OS X in demo mode. This will allow you to view the features prior to installing The NATural on your server. You will not be able to apply settings or control NAT and you will not be required to authenticate.
- Mac OS X Server 10.4 Tiger or later
- (will run in demo mode on Mac OS X 10.4 or later)
- (will run in demo mode on Mac OS X 10.4 or later)
To install, drag The NATural from the mounted disk image into a folder of your choosing. I suggest "/Applications", I do not recommend using "/Applications/Server" since Apple reserves the right to modify or delete the contents of this folder. The software will run without problems from the disk image but this is strongly discouraged.
When The NATural is first launched, it will read your current NAT configuration. If the NAT service has never been started, there will not be a current configuration file. The NATural will generate settings based on Apple's defaults. A new file will be written when these settings are applied.
For help with specific options, please refer to the help panel. There you will find my notes about many settings. You can also view the natd man page from the help panel which provides a detailed description of all settings.
If you have manually configured "/etc/nat/natd.plist" and set values for "proxy_rule" or "redirect_proto", these will be ignored by The NATural. A backup is created on launch so you will not lose the settings, however, they will not be written to new files generated by The NATural. These additional keys will be supported in a future release.
There is currently no automated deletion of backup files. Since an automatic backup is created when a new configuration is applied, these files will continue to accumulate. You may delete them from the Backup Browser or manually from "/Library/Application Support/The NATural/Backup". The file "natd.plist.default.bak" will be regenerated, if deleted, on next launch.
The file "~/Library/Logs/thenatural.log" is never rotated. You may manually rename or delete this file if you like, a new file will be created on next launch.
Viewing log files from within The NATural is not possible on screens with a resolution of 800x600 or less.
There are several switches supported by natd that Apple's Server Admin seems to ignore. I have made attempts to contact Apple about this issue and hopefully it can be resolved in a future release. The following keys are disabled in The NATural until they are respected:
- -punch_fw
- -port
- -in_port
- -out_port
If you believe you have encountered a new bug, please submit a bug report by choosing "Submit Bug Report..." from the help menu.
It should be noted that The NATural modifies only a single system file ("/etc/nat/natd.plist"). Keys are added to this file to support features of The NATural, such as rule ordering, rule descriptions, and saving disabled rules. When the Server Admin reads the file, these keys will be ignored. This causes no ill effects and allows The NATural to provide features that the Server Admin and natd do not. For those of you who like to edit plist files directly, the keys are: "order", "description", and "enabled".
The NATural is a Universal Binary.
Authentication in The NATural is performed using the Security framework and a helper tool. This is Apple's recommended method of making changes to privileged files. The code is largely based on Apple's own security examples.
You must provide an administrative password to run The NATural. Once this password is provided, you will be allowed to perform privileged operations until the Security Server times out (usually 5 minutes). If the timeout occurs, you will be prompted to enter your password again when performing a privileged operation.
Although you are asked for an administrative password on launch the entire app is NOT run as root. Your password is handled only by the Security Server and is never known by The NATural or handled in clear text. Only a small helper tool is run to perform privileged operations when necessary. Privileged operations include: starting, stopping, refreshing, and restarting NAT, and applying settings.
If you are running in demo mode, you will not be required to authenticate and you will not be able to perform privileged operations.
If NAT does not seem to be functioning at all, ensure that you have started the firewall service. Refer to Apple's server documentation about NAT and related services. Starting NAT alone will not make a gateway, you may wish to use Apple's Gateway Setup Assistant to setup your gateway and then The NATural to fine-tune your NAT settings.
If you receive a file read or write error, ensure that you have access to read or write to the location you have chosen. If the error occurs with a file that The NATural is handling, try repairing permissions on your system volume.
The NATural should be able to handle all but the most severely malformed plist files. If you receive an unrecoverable error while reading a plist, please send me the file you were trying to open in a bug report. If you receive an unrecoverable error on launch, it is likely that "/etc/nat/natd.plist" is corrupted beyond repair. You can safely delete this file, it will be regenerated from "/etc/nat/natd.plist.default"
If you receive an error because "/etc/nat/natd.plist.default" is missing, this may be a more serious problem. The NATural will continue using a basic default configuration, however, the lack of this file usually indicates an incomplete system installation or other problem with your system. If you believe you received this error incorrectly, please submit a bug report, otherwise, refer to Apple support materials.
To remove The NATural, drag the icon to the trash. To completely remove all traces, you must also delete "/Library/Application Support/The NATural", and "~/Library/Application Support/The NATural".
- Unified toolbar and icons
- Printing
- Proxy settings
- Port forwarding by protocol
I accept no liability for any damage, deleted files, or system corruption caused by The NATural. That said, it should not be possible for The NATural to cause such damage.
This is pre-release, beta quality software. There may be bugs that could cause unexpected behavior.
Jamie Griffin
© 2007 GDog Software