How to use mac as a full router with DHCP, DNS, Port Fowarding etc.?

I know I can use internet sharing in macOS to share the internet connection provided to one network interface over one or more other network interfaces on my Mac. However, the feature set is VERY limited. No choice of DHCP range. No DHCP reservations. No port forwarding. etc.

MacOS Server has a DHCP server and other services, but none of them actually share the mac's internet connection in any way, nor can they be used to control or add those features to the native macOS's internet sharing feature mentioned above.

Are there any software tools, Apple or third party, that can do what internet sharing does (share my mac's internet connection out over one or more other network interfaces), but with the kind of additional features listed above?

Thanks!


Update: Thanks to the two answers so far that have pointed me to the two pf based solutions. Admittedly, I'd prefer a solution that doesn't require a virtual machine, and a solution that doesn't require command line stuff but further research has pointed me to IceFloor and Murus and a couple of other GUIs for pfctl. However, pfctl seems to be a firewall not a router, and what I want is routing. Still, I'm limited in my understanding of all this and it's possible this is what I want still because...

With some more research and I find this:

https://developcents.com/2013/08/12/routers-switches-firewalls-differences/

Under the Firewalls section it says "Unlike routers and switches, firewalls are network security appliances" and "... most perimeter firewalls also have routing capabilities (although that is not a requirement)."

So... I'm guessing you guys are pointing me to the pfctl firewall utility because it's one of those firewalls that has routing capabilities, meaning if I want to use it purely as a router and not use any of the firewall functionality, I will be able to do that. Is that correct? And does it have included in its routing capabilities the functionality I'm looking for as described in the original question above (specifically, choice of DHCP range, DHCP reservations, and port forwarding)?

I realize it's possible I could answer this myself with enough study of the documentation and of networking in general, but the original reason for the question is because I'm used to setting up Apple Airport base station with the Airport utility and the original question is seeking something with that kind of clarity but for setting up a Mac instead of an Airport base station to do it.

Any of that make sense and can anyone help me, given all that extra info?


Simple...yeah right....

Note: Someone please edit this to include only default commands

Covered in this answer

  • DHCP (Range, reservations, mask, router, lease time)
  • DNS
  • Port Forwarding
  • Setup
  • Text Book

DHCP

Range

Option 1: com.apple.nat.plist[1]

  1. sudo cp /Library/Preferences/SystemConfiguration/com.apple.nat.plist /Library/Preferences/SystemConfiguration/com.apple.nat.plist.orig // Backup just incase

  2. sudo defaults write /Library/Preferences/SystemConfiguration/com.apple.nat NAT -dict-add SharingNetworkNumberStart [START IP ADDRESS]

  3. sudo defaults write /Library/Preferences/SystemConfiguration/com.apple.nat NAT -dict-add SharingNetworkNumberStart [END IP ADDRESS]

Option 2: /etc/bootpd.plist

  1. Turn on Internet Sharing

  2. sudo nano /private/etc/bootpd.plist

3.

<key>net_range</key>
        <array>
             <string>[START IP ADDRESS]</string>
             <string>[END IP ADDRESS]</string>
        </array>

Lease Time

  1. Turn on Internet Sharing

  2. sudo nano /private/etc/bootpd.plist// No need for backup it will recreate incase any issues

3.

 <key>lease_max</key>
      <integer>[MAX TIME]</integer>
 <key>lease_min</key>
      <integer>[MIN TIME]</integer>

Subnet Mask

Option 1: com.apple.nat.plist

  1. sudo cp /Library/Preferences/SystemConfiguration/com.apple.nat.plist /Library/Preferences/SystemConfiguration/com.apple.nat.plist.orig // Backup just incase

  2. sudo defaults write /Library/Preferences/SystemConfiguration/com.apple.nat NAT -dict-add SharingNetworkMask [SUBNET MASK]

Option 2: /etc/bootpd.plist

  1. Turn on Internet Sharing

  2. sudo nano /private/etc/bootpd.plist

3.

<key>net_mask</key>
     <string>[SUBNET MASK]</string>

Router IP 1. Turn on Internet Sharing

  1. sudo nano /private/etc/bootpd.plist

3.

<key>dhcp_router</key>
                    <string>[ROUTER IP ADDRESS]</string>

DNS

Change Server

  1. Turn on Internet Sharing

  2. sudo nano /private/etc/bootpd.plist

3.

<key>dhcp_domain_name_server</key>
     <array>
         <string>[DNS SERVER IP]</string>
     </array>

Alter Settings

Option 1: macOS Server

  • Use macOS Server | DNS Service
  • Once you turn it on and alter all setting it will say "Set your network DNS settings to [DNS SERVER IP] to use this server"

    • Change the Server (how to is above) to this IP address

Option 2: /etc/hosts 4

  1. sudo nano /private/etc/hosts

  2. IP [TAB] DOMAIN


Port Forwarding 5


Setup/Turn on Internet Sharing 6

  1. Open System Preferences

  2. Go to Sharing

  3. Select the pull-down next to "Share your connection from:" and choose an interface

  4. Check off the interfaces you would like to "Share your connection from"

  5. Click WiFI Options and alter settings there

  6. Once finished, Click "OK" then Check "Internet Sharing" on the left


TextBook/Glossary (Not alphabetical)

Router

DHCP: Dynamic Host Configuration Protocol

DNS: Domain Name System

Port

Firewall: macOS Sierra: Firewall pane of Security & Privacy System Preferences

IP Range

Subnet

DHCP Reservations

IP Range: Check if Port is open

Modem: Modulator-demodulator (Who named this???)

Feel Free to edit and add Text Book Terms


Absolutely, you can download pfSense and install it in a virtual machine using your choice of VM host app, VirtualBox is a free example.