Packet forwarding on OS X Mavericks

airportfirewallinternet-sharingNetworkwifi

I need my MacBook Air (Mavericks 10.9.2) to share the Internet connection (wi-fi;en0) with BeagleBone Black (BBB) which is in the 192.168.7.0 subnet (en6).

ifconfig:

$ ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
    options=3<RXCSUM,TXCSUM>
    inet6 ::1 prefixlen 128 
    inet 127.0.0.1 netmask 0xff000000 
    inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1 
    nd6 options=1<PERFORMNUD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
    ether 7c:d1:c3:ee:f3:dd 
    inet6 fe80::7ed1:c3ff:feee:f3dd%en0 prefixlen 64 scopeid 0x4 
    inet 192.168.2.35 netmask 0xffffff00 broadcast 192.168.2.255
    nd6 options=1<PERFORMNUD>
    media: autoselect
    status: active
en5: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
    options=60<TSO4,TSO6>
    ether 32:00:18:d5:b1:40 
    media: autoselect <full-duplex>
    status: inactive
en6: flags=863<UP,BROADCAST,SMART,RUNNING,SIMPLEX> mtu 1486
    ether 90:59:af:58:5e:96 
    inet 192.168.7.1 netmask 0xfffffffc broadcast 192.168.7.3
    media: autoselect
    status: active
bridge0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
    options=63<RXCSUM,TXCSUM,TSO4,TSO6>
    ether 7e:d1:c3:ee:e2:00 
    Configuration:
        id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0
        maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200
        root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0
        ipfilter disabled flags 0x2
    member: en5 flags=3<LEARNING,DISCOVER>
            ifmaxaddr 0 port 5 priority 0 path cost 0
    nd6 options=1<PERFORMNUD>
    media: <unknown type>
    status: inactive
p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304
    ether 0e:d1:c3:ee:f3:dd 
    media: autoselect
    status: inactive

Here are my Internet Sharing settings

Internet Sharing settings

I'm unable to ping 8.8.8.8 from BBB though I shared wi-fi with BeagleBoneBlack. Whether I share internet connection or not ipfw gives same result

$ sudo ipfw list
65535 allow ip from any to any

I tried disabling firewall in vain.
I could share my internet connection from Ubuntu machine through iptables. Here I need to masquerade packets through gateway interface.

Should I have configured anything like a NAT on the bridge between en0 (internet access) and en6?

Best Answer

The Internet Sharing service will handle all the translation requirements by itself. For some reason, though, it's necessary to use the Network Preferences pane to manually confirm the information the bridging interface has already come up with on its own. (Since the BBB has its own DHCP server, perhaps the Mac is willing to accept the BBB's DHCP offer in the 192.168.7.x subnet as a suggestion, but then reinforces the fact that as the DNS it holds the keys to the external world, thereby imposing its configuration on the communication process. I don't know. I do digress, however.)

After turning on Internet Sharing for the BBB in the Sharing pane, switch to the Network pane of System Preferences. Select the en6 service in the lefthand window, click "Advanced" at the lower right, and select the "TCP/IP" pane. If it's not already filled in, Under "Configure IPv4," select "Manually" from the drop-down menu, enter 192.168.7.1 for both the IPv4 and router addresses and 255.255.255.252 as the subnet mask. This leaves 192.168.7.2 for the BBB and 192.168.7.3 as the broadcast address. You can ignore the IPv6 configuration section. Next, select the "DNS" pane from the top row of tabs. Click on the '+' mark just below the window and add 192.168.7.1. In the right hand window, add "local" (without the quote marks) to the search domains.

FYI, I'm sure you'll want to know that ipfw has been deprecated and replaced by pfctl in OS 10.9.

Related Solutions

MacOS – Internet Sharing from WiFi to Ethernet doesn’t work in Mountain Lion

This is indeed quite broken in Mountain Lion. Once you've fixed up the default route as you describe in the question, you're still left with the problem that Mountain Lion is giving its bridge interface address to clients as both the router address (which is correct) and as the DNS server address (which isn't).

Verify that this is the problem by entering an HTTP server IP address into the address bar on a client web browser when connected through your Mac after you fix default routes, and it should load up fine.

My solution to this problem is to fix up the route as you describe -- which could be automated, of course -- and to keep BIND (aka /usr/sbin/named) running in the background on my Mac in a forward-only configuration, forwarding all queries to Google's public DNS servers. This doesn't fix the underlying brokenness in Mountain Lion, but it makes things start working for the clients.

A couple useful resources:

http://www.macshadows.com/kb/index.php?title=How_To:_Enable_BIND_-_Mac_OS_X%27s_Built-in_DNS_Server (how to fire up BIND on OS X)

http://gleamynode.net/articles/2267/ (how to configure BIND for forward-only operation -- of course you will not want to make BIND only listen on 127.0.0.1)

It would be far preferable for Apple to make this feature of their OS work as advertised, but in the meantime I've found this is a viable workaround.

Port Forwarding From a Shared Connection

valid until 10.7, natd is deprecated in 10.8 and above but should still work

A solution found here:

First use "ifconfig" to see how the wireless and ethernet interfaces are called. Probably the wireless interface is "en1" and the (shared) ethernet interface is "bridge0".

IP-settings of the "other device":

IP address: 192.168.1.x (x ≠ 0,1,2,other used last octets in the 192.168.1- network),255)
IP netmask: 255.255.255.0
IP gateway: 192.168.1.2
IP DNS server: 192.168.1.2

Mac OS X has no direct GUI option to configure port forwarding. However, you can create a shell script as follows (open terminal and create a script called osx_fw.sh):

#!/bin/bash
# http port forwarding with mac os x
killall -9 natd
sleep 5
# The following will forward 80 port to desktop computer located at 192.168.1.x
# 192.168.0.2 => airport IP
# 192.168.1.x => Desktop client ip
#  natd provides a Network Address Translation facility for use with divert(4) sockets under FreeBSD.
# -------------------------------------------------------------------------------------------------
/usr/sbin/natd -alias_address 192.168.0.2 -interface en1 -use_sockets -same_ports -unregistered_only -dynamic -clamp_mss -enable_natportmap -natportmap_interface bridge0 -redirect_port tcp 192.168.1.x:80 80 -l

Make the script executable:

chmod +x osx_fw.sh

Simply run this script whenever you need to forward ports:

sudo ./osx_fw.sh

Depending on your system you probably have to setup or modify some firewall rules.

since 10.8

check this answer

Best Answer

Related Solutions

MacOS – Internet Sharing from WiFi to Ethernet doesn’t work in Mountain Lion

Port Forwarding From a Shared Connection

Related Question