Corresponding ipfw rules in MacOS for this Iptables rules

macos vmware ipfw

I need to give Internet access to a VM under Vmware fusion 7 in Host-Only mode. I know how to do it in Linux, with the following IPtables rules:

sysctl -w net.ipv4.ip_forward=1

iptables -A FORWARD -o eth0 -i vboxnet0 -s 192.168.56.0/24 -m conntrack --ctstate NEW -j ACCEPT
iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A POSTROUTING -t nat -j MASQUERADE

But I can not find out how to do it in MacOS Sierra. Any help?

Thanks in advance!


To enable NAT for a host-only network in VMware Fusion do the following:

  1. Enable forwarding by adding a file /etc/sysctl.conf with the content:

    net.inet.ip.forwarding=1

    and reboot

  2. Connect the Mac to the host-only network and make a note of the network/netmask of the host.only network:

    enter image description here

  3. Enter ifconfig to get the vmnet IP of the Mac 

    ...
vmnet3: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        ether 00:50:56:c0:00:03 
        inet 192.168.9.1 netmask 0xffffff00 broadcast 192.168.9.255

  4. In the IP setting of the guest VM enter an IP/netmask according to the host-only network settings (with the example above that's in the range 192.168.9.2-254/255.255.255.0), a gateway (the vmnet3 IP of the hosting Mac from step 3 - here: 192.168.9.1) and a DNS server.

  5. Open the pf.conf file with:

    sudo nano /etc/pf.conf

    and add the lines:

    nat on {en0, en1} proto {tcp, udp, icmp} from 192.168.9.0/24 to any -> {en0, en1}
pass from {lo0, 192.168.9.0/24} to any keep state

    after the line rdr-anchor "com.apple/*".

    Depending on your Mac and your network configuration only one interface is sufficient (either en0 or en1). Also use the proper network/netmask (your vmnet config instead of 192.168.9.0/24)!.

    Save the file and exit nano.

  6. Check your pf.conf with:

    sudo pfctl -vnf /etc/pf.conf

  7. If no error occurs enable pf with:

    sudo pfctl -ef /etc/pf.conf

After a reboot you have to relaunch pf because it's not started automatically while booting. To launch pf while booting check step 4 in this answer: What is the modern way to do port-forwarding on El Capitan? (forward port 80 to 8080)

Related

I want to capture screen of my iPhone (video call)
What does nsurlsessiond transfer?
How to define an array with a single `defaults` command?
Multiple users developing for iOS simultaneously on a Mac using RealVNC
macOS Sierra 2.1 to 5.1 upmixer?
How to usb tether a wifi network using iphone
which graphics cards does MacBook Pro (Retina, 15-inch, Mid 2014) have?
Can Find My iPhone be linked to multiple devices?
Merging keyboard shortcuts
How to block an app's access to a specific website using the hosts file?
iOS 10: Control Center for Music- Music Won't Play
Open multiple instances of an app (spark e-mail app)