I have put together a Firewall and NAT startup item for Mac OS X 10.2 Server. The server doesn't have a GUI for NAT, and BrickHouse doesn't support a second NIC card. I would appreciate some feedback, especially on the ipfw rules. I'm sure there are room for improvements. Please have a look at the Firewall script.
I use this startup item on a Mac OS X 10.2 server (with one extra NIC card) that acts as a Firewall and NAT server for an internal network. The server is connected to the Internet via ADSL with a static IP address. All the computers on the internal network get a private IP address via DHCP and can surf the Internet, look at home pages and check e-mail etc. I have made some pointers on how to configure it if you have a dynamic IP address from your ISP, but it's *not* tested.
By default, the script will set up ipfw to block ports 0-1023 in and allow ports 1024-65535 in. Everything outgoing is allowed. DNS, DHSP etc is also set up to work. Open up the services you use by uncommenting their rules in the script.
[Editor's note: I have not tested the following script myself, primarily due to a lack of OS X Server software (and a nice XServe to test on, of course!)]
These instructions are a bit terse; you need to be able to use the Terminal and know some basic Unix commands. I use the private network range 192.168.0.0/24 (192.168.0.1-254), but you can use whatever you like (i.e. 10.0.0.0/8, 172.16.0.0/12 or 192.168.0.0/16). I choose to set the start adress for DHCP to *.11 so I can use *.2-10 as fixed addresses.
INSTRUCTIONS:
% sudo pico /etc/hostconfig
% cd [path]/Firewall_and_NAT_StartupItem_Mac_OS_X_10.2_Server
% sudo cp -R ./Firewall /Library/StartupItems/
% cd /Library/StartupItems/Firewall
% ls -l
-rwxr-xr-x 1 root admin 13586 Jan 1 12:00 Firewall
drwxr-xr-x 4 root admin 136 Jan 1 12:00 Resources
-rw-r--r-- 1 root admin 595 Jan 1 12:00 StartupParameters.plist
% cd /Library/StartupItems/Firewall
% sudo chmod 755 Firewall
% cd [path]/Firewall_and_NAT_StartupItem_Mac_OS_X_10.2_Server% sudo cp ./rc.natd /usr/local/etc/
% sudo SystemStarter start Firewall
Mac OS X Hints
http://hints.macworld.com/article.php?story=20021206055445944