Questions about how Internet Sharing works

macos network firewall internet-sharing

Solution 1:

As @bmike said, Internet Sharing hides a lot of complexity behind a very simple interface, and some of your questions can't be answered authoritatively without interviewing some of the Apple engineers behind it. But that won't stop me from taking a stab at it...

1) AirPort is different from the other interface types because in order to share over AirPort, your Mac has to actually create the wireless network (as opposed to just providing service over an existing ethernet, FireWire, etc connection). This means that InternetSharing needs to have a bunch of info about how to create the wireless network: network name (SSID), channel, security, etc.

2) Resharing over the same ethernet interface is useful under some circumstances. For example, on my home network my ISP provides limited number of static IP addresses for my use. I run a Mac doing the equivalent of Internet Sharing (actually, I set up the daemons manually as @Spiff recommended) to reshare over the same ethernet. Result: if I put a computer on my home ethernet and config it via DHCP, I get a private (behind-the-firewall) IP address from my virtually unlimited internal pool. If I manually config the computer with one of the public IPs, I get full unfitered internet access, but use up one of my limited public IP pool. Because they're both on the same network, "moving" a computer behind or in front of the firewall is just a simple configuration switch.

On the other hand, if you did this same trick on an ethernet network that already had a DHCP server, computers attaching to the network would randomly get configuration from one server or the other, leading to unpredictability, confusion, and hair-pulling. It's definitely a use-only-if-you-know-what-you're-doing feature. Fortunately, Internet Sharing is smart: if it detects another DHCP server on "its" private network, it shuts itself off to avoid trouble.

3) I don't know of a way to change the private IP range on an IS-created wireless network. On the other hand, it shouldn't really matter, since the network is being created by Internet Sharing, and therefore it doesn't have to worry about conflicts with any existing network numbering.

4) You can add interfaces with Apple's USB Ethernet Adapter. Get some USB hubs, and pile them on!

Solution 2:

I think you oversimplify the sharing process. It's much more complicated than your initial paragraph. Firewall, nat/dhcp and networking concepts will kill you if you don't have some good foundation on basic conventions and rules as well as how networks were designed to work.

1) Why? I don't know - the snarky answer is to ask the engineers at Apple to share their thinking. Rather than speculate - feel free to ask a more concrete question that can be answered.

2) I don't know about hate - but I get a "you may disrupt the network" since many networks assume each client is an end point - not a gateway to more traffic that it has to handle differently. You can break your mac's connection as well as break the other people on the network. Your ISP won't care unless you call them to fix a problem you created :-)

3) Decide if you want to map out your network using DHCP or manually. Decide if you want one network or two. Once you read up on what a subnetwork is - you'll see you likely need a software router to bridge addresses not on the current router's subnet. The implementation depends on which way you decide to go.

4) It's called interface aliasing. Study up on the layers that make up the IP model and you will have a better feel for how you can add multiple second layer data on top of one physical link level network connection.

Don't give up, I can see how much work you put into your question - keep asking and you'll find a lot of really knowledgeable people here will chip in as their time allows to help you out. Entice them by asking really well researched and specific questions.

Solution 3:

The Internet Sharing feature has always seemed to be a simple-to-set-up service via the Sharing panel in System Preferences. I'm surprised they even documented the InternetSharing daemon with a man page.

If the settings you can easily access from the GUI are insufficient for your needs, I recommend you jump right into configuring and invoking the other underlying daemons yourself, rather than messing with InternetSharing and nat.plist.

ipfw, natd, bootpd, and named are powerful and worth learning to use directly.

Related

I want to change clock from 12h to 24h mode via terminal
Run Command Line Script from Finder's contextual menu
How to add a Google calendar shared with me, to my iCloud calendars
Fresh macOS install: Console.app displays errors/faults. Is that to be expected?
How can I log all notifications? [duplicate]
Can I speed up the auto-dismissal of Notification Center banners?
Can I increase the minimum font size of text when reading html messages in Mail.app (in Mavericks and later)?
Is using a Mac mini as an iPhoto server for 2 client laptops a good idea?
Does activating auto-login compromise secure password storage?
Sierra sudden shutdown and WiFi crashlogs
How to list content of all .zip files in a folder and grep for a specific file?
How do I connect to an SMB share requiring a user name and password?