Deprecated “natd” and “ipfw” in Yosemite – Can someone help with the workaround pleas

Discussion in 'OS X Yosemite (10.10)' started by ada-lovelace, Dec 3, 2014.

  1. ada-lovelace macrumors newbie

    Joined:
    Nov 6, 2013
    #1
    Hi guys,

    Tunnelblick/OpenVpn doesn’t play nice with internet connection sharing in mac osx. There was a suggestion on a workaround on how to route all traffic over VPN as per this post:

    http://rodrigo.sharpcube.com/2010/06/20/using-and-sharing-a-vpn-connection-on-your-mac/

    The script is:

    #!/bin/sh

    natd -interface tun0
    ipfw -f flush
    ipfw add divert natd ip from any to any via tun0
    ipfw add pass all from any to any
    sysctl -w net.inet.ip.forwarding=1

    I am not a linux expert – So I am just wondering if anyone can help me with the alternative for the above deprecated commands please?


    Many thanks in advance.
     
  2. ada-lovelace thread starter macrumors newbie

    Joined:
    Nov 6, 2013
    #2
    [MOD]

    I think I've posted in a wrong forum - maybe move this to Mac Programming?
     
  3. dyn macrumors 68030

    Joined:
    Aug 8, 2009
    Location:
    .nl
    #3
    The replacement for ipfw would be pf. From what I know, pf has its own NAT support (previously on FreeBSD you had to install natd separately, with pf you don't). I think the sysctl line still applies, the other lines are ipfw lines that need to be converted to pf. This might be helpful: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-pf.html Also, take a look at "The book of pf" by Peter Hansteen.
     
  4. ada-lovelace thread starter macrumors newbie

    Joined:
    Nov 6, 2013
    #4

    Thanks for the guidance. That's helpful. Appears to be an almost straightforward substitution for ipfw-pf.

    The natd however, I'm still trying to make sense of it :-/
     
  5. dyn macrumors 68030

    Joined:
    Aug 8, 2009
    Location:
    .nl
    #5
    IPFW didn't do NAT at all, for that you needed something else: natd. PF, on the other hand, does NAT all by itself. The only thing you need is the following:

    Code:
    nat on $ext_if from $localnet to any -> ($ext_if)
    
    In this case $ext_if is the variable that contains your external interface (internet), $localnet is the variable that contains the internal interface (lan). The name of these variables is something you can choose freely. See chapter 30.3.3.1 from the FreeBSD handbook. You'll also come across it when you search for howto's.
     
  6. ada-lovelace thread starter macrumors newbie

    Joined:
    Nov 6, 2013
    #6
    ok, i think i've given up for now. I did a bit of reading and researching. This pf thing, is beyond me. The use of anchor etc, seems complicated.

    But thanks again guys.
     
  7. nello macrumors newbie

    nello

    Joined:
    Apr 4, 2001
    Location:
    Chicago
    #7
    Did you ever get this working?

    If so, please publish the revised scripts.

    Thank you.
     

Share This Page