Lion Server: Unable to connect to the Internet after running NAT Gateway Setup Assistant

Your private network may be unable to connect to the Internet after running the NAT Gateway Setup Assistant in Lion Server v10.7.2 or earlier.
This article has been archived and is no longer updated by Apple.

Update to Lion Server v10.7.3 or later.

Learn more

If you ran the Gateway Setup Assistant in Lion Server v10.7.2 or earlier, follow these instructions:

  1. In System Preferences, set the IP address of the secondary interface to You will only be able to share the one network System Preferences will show the IP address as
  2. Remove all created DHCP subnets except for the one network, if it exists.
  3. If network 192.168.2 does not exist in Server Admin > DHCP > Subnets, please create a new subnet called 192.168.2 with the following values. If it does exist please edit the DHCP setting to the following values:
    1. Subnet Name: 192.168.2
    2. Starting IP Address:
    3. Ending IP Address:
    4. Subnet Mask:
    5. DNS Server:
    6. Search Domain: Your networks parent domain like
    7. If you do not know your Search Domain you can use for testing
  4. Allow the DHCP server to restart.
  5. Start the DNS service if it has not already started.
  6. Make sure that "Forwarder IP Address:" in Server Admin > DNS > Settings contains the IP addresses that are located in System Preferences > Network > Ethernet 1 (or primary Interface) > "DNS Server:".
  7. Removed all Firewall IP Address Groups created by the Gateway Setup Assistant. For example: 192.168.1-net, 192.168.2-net, and so forth.
  8. Add "IP Address Group" with the following values:
    1. Group Name: 192.168.2-mynet
    2. Addresses in group:
  9. For testing, make sure you allow all traffic for the address group 192.168.2 in Server Admin > Firewall > Settings > Services.
  10. Start and Stop the NAT service.
Published Date: