Welcome to the MacNN Forums.

vasu · Oct 17, 2003, 11:41 PM

Ok here's my setup. I have a beige g3 that has 2 ethernet interfaces. en0 (built in ethernet) is connected to my cable modem and en1 (pci card) is connected to a network switch for my local network.

I'm using IPNetShareX as a basic front end for NATd for routing, but it's functionality is starting to get a bit too limiting.

I want to do a port map, and map some ports coming in on en0 to a specific machine (10.0.0.30) on en1. So basically I want data going to a port from the internet to be mapped to a specific machine on my local network.

I think I kinda sorta know how to structure the command for NATd to do this, but then normal routing doesn't work because I don't have all the same parameters in my command that IPNetShareX is issuing. If that makes any sense... when i tried to do a port forward, it said it couldn't divert a socket, so I had to kill the currently running natd process and startup natd with a new command for port forwarding, but then whatever IPNetShareX was telling it to do, isn't going through since the original natd process has to be killed.

So basically, I need help setting up NATd to do exactly what IPNetShareX is telling it to do, and ontop of that i need it to port map about 10 ports from en0 to a specific machine on en1.

Can someone please help me do this?

-vasu

Gavin · 06:00 AM

IPNetShareX really just writes a config file for natd and a startup script for ipfw.

Ultimately GUIs can't handle all the possibilities in setting up a config file or start up script. For instance BrickHouse can do port forwarding but it can't handle 2 NICs. So if you are doing something a little out of the ordinary you'll have to get your hands dirty.

Luckily this isn't rocket science! ;-)

Basically you just need to a line to your startup script (the one created by IPNetShareX) that adds a rule to your firewall, which is what handles packet routing.

something like this:

/sbin/ipfw add 101 fwd 127.0.0.1,80 tcp from any to 10.0.0.30 80 in

it says to ipfw (the firewall) add rule number 101, forward port 80 at the loopback address (hopefully en0) coming from any outside ip to this ipaddress and port for incoming packets.

you can enter a command like this into the terminal and it will take effect right away.

sudo /sbin/ipfw add 101 fwd 127.0.0.1,80 tcp from any to 10.0.0.30 80 in

So you can test it to see if it works.
if not, delete the rule you just added:
sudo /sbin/ipfw delete 101

this will show you all your current rules
sudo ipfw list

when you get it right just past it into your startup script

for more info, in the terminal type
man ipfw

look this over before you start playing with it but don't let it scare you..

I hope this helps - and doesn't come off as either too technical or condescending

I had a linux box doing the exact same thing, minus the port forwarding. Then I got my wireless router, which is really what I'd recommend if you have a spare $180 lying around.

some links
http://xdeb.org/fredrik/comp/firewall.html

http://www.macosxhints.com/article.p...ort+forwarding

http://frontier-osx.userland.com/discuss/msgReader$752?mode=day