Mac OS X Server 10.2 or earlier: How to Set Up NAT

Mac OS X has a preference pane that allows you to set up Internet Sharing, generally referred to as NAT (Network Address Translation), while Mac OS X Server does not. This document describes how to set up NAT using Mac OS X Server version 10.2 or earlier. When using Mac OS X Server 10.3 or later, use the options available in Server Admin to set this up.
This document discusses advanced configuration of Mac OS X Server, and expects some basic familiarity with the BSD UNIX fundamentals of Mac OS X Server.

The easiest way to set up NAT is to create and run a simple shell script like the one listed in the script section of this document. If you are not familiar with creating and running shell scripts, you may wish to consider looking into third-party tools to configure NAT.

In addition to enabling NAT, you should enable DHCP on the interface you are sharing. You can use Server Settings/Server Admin to set up DHCP. Refer to Ch. 11 of the Admin Guide for more information on setting up DHCP.

DISCLAIMER

THIS EXAMPLE IS PROVIDED "AS IS" AND WITHOUT WARRANTY, EXPRESS OR IMPLIED. APPLE SPECIFICALLY DISCLAIMS ANY IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT WILL APPLE BE LIABLE FOR ANY DAMAGES, INCLUDING BUT NOT LIMITED TO ANY LOST PROFITS, LOST SAVINGS OR ANY INCIDENTAL OR CONSEQUENTIAL DAMAGES, WHETHER RESULTING FROM IMPAIRED OR LOST DATA, SOFTWARE OR COMPUTER FAILURE OR ANY OTHER CAUSE, EVEN IF APPLE IS ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, OR FOR ANY OTHER CLAIM BY CUSTOMER OR FOR ANY THIRD-PARTY CLAIM.

Shell Script

#!/bin/sh

/usr/sbin/natd -interface en0

/sbin/ipfw -f flush

/sbin/ipfw add divert natd all from any to any via en0

/sbin/ipfw add pass all from any to any

This script assumes the built-in Ethernet port (en0) is connected to the Internet, and the additional port (en1) is connected to the private networks. If you are using more ports, or are not sure which port has which identifier, type this command in the Terminal window:

ifconfig -a

The ifconfig command provides information on which ports are connected to which networks.

For more information on what the flags for natd in the script do, see the man page for natd. Using additional flags you can enable port forwarding and create other more advanced configurations.

Important: Since ipfw is used in the shell script, you should not use Server Setting's IP Firewall. Since the IP Firewall also uses ipfw, it will conflict with the shell script, and either disable NAT, or be ignored.

Hostconfig File

The file /etc/hostconfig needs to be changed to enable NAT. You should edit this file and change the following:

IPFORWARDING=-NO-

to

IPFORWARDING=-YES-

Creating a Startup Item

A NAT shell script is something that you may want to have run each time the Mac OS X Server starts up. For additional information on creating a startup item in Mac OS X Server, see the Apple developer Web site:

(http://developer.apple.com/documentation/MacOSX/Conceptual/BPSystemStartup/index.html)

Important: AppleCare does not offer any type of free technical support on setting up NAT on the command line or creating Startup Items. Contract based support for setting up NAT, creating Startup Items, and creating shell scripts is only included with Mac OS X Server Software Support (http://www.apple.com/support/products/).

 Related Documents

30821 TCP/IP: Setting Up A Private Network
58514 AirPort: What is Network Address Translation?

Published Date: Oct 10, 2016