Hi guys, Tunnelblick/OpenVpn doesnt play nice with internet connection sharing in mac osx. There was a suggestion on a workaround on how to route all traffic over VPN as per this post: http://rodrigo.sharpcube.com/2010/06/20/using-and-sharing-a-vpn-connection-on-your-mac/ The script is: #!/bin/sh natd -interface tun0 ipfw -f flush ipfw add divert natd ip from any to any via tun0 ipfw add pass all from any to any sysctl -w net.inet.ip.forwarding=1 I am not a linux expert So I am just wondering if anyone can help me with the alternative for the above deprecated commands please? Many thanks in advance.
The replacement for ipfw would be pf. From what I know, pf has its own NAT support (previously on FreeBSD you had to install natd separately, with pf you don't). I think the sysctl line still applies, the other lines are ipfw lines that need to be converted to pf. This might be helpful: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-pf.html Also, take a look at "The book of pf" by Peter Hansteen.
Thanks for the guidance. That's helpful. Appears to be an almost straightforward substitution for ipfw-pf. The natd however, I'm still trying to make sense of it :-/
IPFW didn't do NAT at all, for that you needed something else: natd. PF, on the other hand, does NAT all by itself. The only thing you need is the following: Code: nat on $ext_if from $localnet to any -> ($ext_if) In this case $ext_if is the variable that contains your external interface (internet), $localnet is the variable that contains the internal interface (lan). The name of these variables is something you can choose freely. See chapter 30.3.3.1 from the FreeBSD handbook. You'll also come across it when you search for howto's.
ok, i think i've given up for now. I did a bit of reading and researching. This pf thing, is beyond me. The use of anchor etc, seems complicated. But thanks again guys.