How can I setup my mac (OS X Yosemite) as an internet gateway

network firewall osx-server server.app

Solution 1:

OS X Yosemite doesn’t have support for natd binary or ipfw anymore. Instead pfctl is used.

I assume the following IP-adresses/netmasks:

Router: 192.168.0.1/24
Mac mini gateway: en0: 192.168.0.2/24 gateway 192.168.0.1 en1: 192.168.1.2/24
Internal network: 192.168.1.0/24

  1. First you have to enable forwarding on your Mac computer with following commands:

    sudo sysctl -w net.inet.ip.forwarding=1

  2. In order to do NAT you have to create a pfctl rule. Create a file called "nat-rules" with the following content:

    nat on en0 from en1 to any -> (en0)

  3. Save the file and now start pfctl using the rule from the file we have created earlier:

    sudo pfctl -d #disables pfctl
sudo pfctl -F all #flushes all pfctl rules
sudo pfctl -f /Path/to/file/nat-rules -e #starts pfctl and loads the rules from the nat-rules file

  4. Now configure a static route on your router:

    192.168.1.0/24 (the internal network) -> 192.168.0.2 (Mac mini IP-address of the external interface connected to the router)

  5. Enable the DHCP-service on your Mac mini gateway:

    • Name: choose a name
    • Network Interface: en1
    • Starting IP address: 192.168.1.10
    • Ending IP address: 192.168.1.100
    • Subnet Netmask: 255.255.255.0
    • Router: 192.168.1.2
    • DNS: some DNS-server (e.g. 8.8.8.8)

  6. Now use pfctl to add rules or get a pfctl-GUI like IceFloor or Murus to configure your firewall. Both apps should also allow you to enable NAT (step 2/3)

Solution 2:

Have you tried System Preferences > Sharing and enabling Internet Sharing (select the USB connection to the router as the Internet interface you're sharing)?

Solution 3:

As an expansion of samh's answer, and to answer the question in the comment from Frozen Flame, here is how you can use Internet Sharing, and also control which IP address range is used:

Change default DHCP IP Range for macOS Internet Sharing

macOS Defaults to using 192.168.0.xxx as the DHCP range when you use the Internet Sharing feature to share (for example) an ethernet connection over WiFi.

This can be problematic if you are trying to log in to another network over VPN that uses the same IP Address range, or you have some other conflict.

To change the range that macOS uses, first turn off internet sharing, and quit System Preferences, then enter the following commands into the terminal:

(you can replace the first two IP Ranges as needed)

sudo defaults write /Library/Preferences/SystemConfiguration/com.apple.nat NAT -dict-add SharingNetworkNumberStart 192.168.22.1
sudo defaults write /Library/Preferences/SystemConfiguration/com.apple.nat NAT -dict-add SharingNetworkNumberEnd 192.168.22.254
sudo defaults write /Library/Preferences/SystemConfiguration/com.apple.nat NAT -dict-add SharingNetworkMask 255.255.255.0

Then re-open System Preferences and re-enable Internet Sharing, and you should be good to go.

To read out the current config use the following command:

sudo defaults read /Library/Preferences/SystemConfiguration/com.apple.nat

And that's pretty much it!

I originally found the commands for setting the NAT ranges here: http://hints.macworld.com/article.php?story=20090510120814850

Related

Run Script on Logout Without Use of Logout Hook
How can I disable kext signing in Mac OS X 10.10 Yosemite?
Is there a faster way to copy time machine files from one disk to another?
FileVault Stuck on Pause
Are there any free alternatives to finder? [closed]
What is the 'Mac OS X Base System' disk image on my 2011 MacBook AIr?
How can I set the display settings using command line
Run program if connected to specific wifi?
What are next steps when fsck reports "could not be repaired after 3 attempts"?
Xcode 7 develop for iOS without developer account
How do I take a screenshot on my Mac?
Can Mac App Store installs & upgrades be automated?