[Casper] imaging behind NAT

Brenner, John john.brenner at merrillcorp.com
Thu Jul 3 08:15:28 PDT 2008 

OK we have done the exact same thing.  I won't go into a rant regarding
this, simply put it was and is horrible.
1) DNS resolution: if you are nating behind a segment that has its own
external DNS then it will never see your Casper server by name.  The fix is
to manually add a DNS entry to your IP config and it will see the server.
You should be able to do this @ the fire wall (assuming you are using a DHCP
server in the firewall).  If not add the entry to your DHCP server for the
DNS server in the nated segment.
2) Ports that need to be opened: 8443 & 9006 .  You'll need to forward all
traffic from the nated segment on 8443 and 9006 to the JSS server.
3) 548 is only needed if you will be updating the Casper share that resides
behind the Nat or if you are pulling packages from the Master.  In either
case a many to one 548 mapping will work.

On 7/3/08 9:49 AM, "Thomas Larkin" <tlarki at kckps.org> wrote:

> So
> 
> For our summer imaging project I am running into a few snags.  We have pulled
> a server out of our server room that was extra and are making a mobile imaging
> cart to take out to all of our laptops.  Well, since every building is on
> different VLANs we thought it would be a good idea to toss the server behind a
> router and then not have to deal with all the managed switches and VLANs.  Our
> infrastructure is not fully in place and eventually (since we are education
> and work off a budget) will have extra servers in each building for
> netbooting.  However, since that is not the case we are going with mobile
> carts for this year.
> 
> I can netboot just fine and it will autorun the data just fine behind a
> router.  The snags I am running into is that I first noticed it will not
> resolve the JSS by domain name, only by IP address.  Not a huge deal, but I am
> not sure why that is.  Second it seems to want to not use the default server I
> set in the JSS, it wants to use the master file server.  I did a mass edit of
> auto run data and pointed it all to the mobile image server which has a
> 192.168.x.x address.  The router is controlling all DHCP so all clients will
> have a class C address.  The router also gives the server the same IP every
> time, it is reserved for that server.
> 
> Then the casper client will run but error out half way through.  I can only
> assume this is because I am behind NAT?  I have never tried this before.  I
> have AFP forwarded from the router to the server and anything that comes over
> port 548 will hit that server instead.
> 
> Anyone ever try this?  I know this is most likely one small thing I am over
> looking on my end, but I think technically this should work no issues.  Of
> course after my 6 new xserves come in sometime this fall I won't ever have
> this issue again, because I will have servers in the buildings that can do
> this.
> 
> Thanks
> 
> Thomas Larkin
> TIS Department
> KCKPS USD500
> tlarki at kckps.org
> cell:  913-449-7589
> office:  913-627-0351
> _______________________________________________
> Casper mailing list
> Casper at list.jamfsoftware.com
> http://list.jamfsoftware.com/mailman/listinfo/casper


John Brenner    |   Merrill Corporation     |   IOG IT   |  651-632-4072

More information about the Casper mailing list