Internet Sharing

This article was written in August 2006. Mac OS X Lion (10.7) and up comes with the pf firewall instead of the ipfw firewall This article is no longer updated, and may be outdated.

Internet Sharing on a Mac

I have a few problems with Internet Sharing on my Mac, so I now configure it manually.

The problem I have are:

  • I can't configure the NAT address range for the "internal" interface. By default this is range, and can't be changed to my liking.
  • For some reason, when I click "start", then go to the Firewall tab, back to the Internet tab, I find that Internet sharing turned itself Off for no apparent reason. I seriously lack feedback on the cause of this problem.

Simple_natd script

Save the following script as simple_natd. The script was taken from a Mac OS X hints thread Share internet connections on a 192.168.x.x network.

# simple_natd script, which does the same as Internet Sharing in the 
# MacOS preferences, but now you can choose your own IP range (not just
# 192.168.2/24). Original script:
if [ "$interface" = "" ] ; then
  echo "I need an interface to NAT on"
  exit 1
echo "you may need to run 'ipfw flush'"
natd=`ps awux |grep -v grep|grep -v $0|grep natd|awk '{print $2}'`
kill -9 $natd
sleep 1
sysctl -w net.inet.ip.forwarding=1
alias_ip=$(ifconfig $interface | grep inet | grep -v inet6 | \
 awk '{print $2}' | head -1)
/usr/sbin/natd -alias_address $alias_ip -interface $interface -use_sockets \
 -same_ports -unregistered_only -dynamic -clamp_mss
#ipfw -f flush
ipfw add divert natd ip from any to any via "$interface"

Set your internal IP address on en0 (built-in Ethernet) to whatever non-routable address you like -- i.e. 192.168.x.x or 172.16.x.x or 10.x.x.x.

Run the simple_natd script in terminal to enable NAT for computers on your built-in ethernet (en0) network from your network connection on the Airport card (en1):

sudo simple_natd en1