Mac OS X: Set Port Forwarding Nat Router (Internet Sharing)

I‘d like to set my Macbook as a router for my other desktop computer. How do I set NAT and port forwarding under MAC OS X? How do I forward ports using OS X for BitTorrent clients?

Network address translation (NAT) is the process of modifying network address information in IP packet headers while in transit across a traffic routing device for the purpose of remapping a given address space into another. Almost all modern Operating system provides NAT support. In other words, if your Mac book connected to the Internet, you can share its Internet connection with other computers on your LAN.

Advertisement

In this example, your Macbook is connected to the Internet via Airport and you are sharing the Internet via Ethernet which is connected to your desktop. Airport gets a public IP address via ISP connection and Ethernet has the following manual IP settings:

Mac OS X Ethernet Network Settings

Mac OS X Ethernet Network Settings

WARNING! These examples may stop networking and the Internet on your laptop and desktop computer if not executed with care. You must have basic understanding of TCP/IP networking.

Turn On Internet Sharing

Open System Preferences by visiting Apple menu > System Preferences:

Mac OS X System Preferences

Fig.01: Mac OS X System Preferences

Click Sharing:

Mac OS X Sharing the Internet Connection And Remote Management Services

Fig.02: Mac OS X Sharing the Internet Connection

Select Internet Sharing:

Mac OS X Sharing Airport Internet Connection With Ethernet Connected Computers

Fig.03: Mac OS X Sharing Airport Internet Connection With Ethernet Connected Computers

You need to select your Internet connection using Airport. Also use select “Ethernet”. Change these settings as per your requirement.

How Do I Use Shared Internet Connection On Other Computers?

You need to input the following networking settings for desktop computer called desktop1:

  • IP address 192.168.2.2
  • IP netmask 255.255.255.0
  • IP gateway 192.168.2.1
  • IP DNS server 192.168.2.1

For example, if you are using Ubuntu Linux on desktop update networking configuration as follows in /etc/network/interfaces:

auto eth0
iface eth0 inet static
address 192.168.2.2
netmask 255.255.255.0
network 192.168.2.0
broadcast 192.168.2.255
gateway 192.168.2.1

How Do I Setup Port Forwarding OS X Router?

Macbook OS X has no direct GUI option to configure port forwarding. However, you can create a shell script as follows (open terminal and create a script called osx_fw.sh):

#!/bin/bash
# bit-torrent port forwarding with mac os x
killall -9 natd
sleep 5
# The following will forward 6881 to 6999 port to desktop computer located at 192.168.2.2
# 192.168.1.100 => airport IP
# 192.168.2.2 => Desktop client ip
#  natd provides a Network Address Translation facility for use with divert(4) sockets under FreeBSD.
# -------------------------------------------------------------------------------------------------
/usr/sbin/natd -alias_address 192.168.1.100 -interface en1 -use_sockets -same_ports -unregistered_only -dynamic -clamp_mss -enable_natportmap -natportmap_interface en0 -redirect_port tcp 192.168.2.2:6881-6999 6881-6999 -l

Simply run this script whenever you need to forward ports:

chmod +x osx_fw.sh
sudo ./osx_fw.sh

Sample ipfw rules

Type the following command to list current rules (these are set by above Internet sharing procedure):

sudo ipfw list

Sample outputs:

00010 divert 8668 ip from any to any via en1
33300 deny log icmp from any to me in icmptypes 8
65535 allow ip from any to any

See ipfw man page to secure your network via firewall. My Ubuntu desktop connected to transmission BT client:

Transmission Ubuntu BT Client

Fig.04: Transmission Ubuntu BT Client Connected To The Internet Via OS X Router

References:

🥺 Was this helpful? Please add a comment to show your appreciation or feedback.

nixCrat Tux Pixel Penguin
Hi! 🤠
I'm Vivek Gite, and I write about Linux, macOS, Unix, IT, programming, infosec, and open source. Subscribe to my RSS feed or email newsletter for updates.

17 comments… add one
  • Sanjay Jan 31, 2012 @ 13:09

    Please could you show how to NAT a L2TP VPN connection with natd and pf. I have never got this to work with ipfw.

  • Andy Feb 2, 2012 @ 7:38

    My problem is fixed. I use a UMTS connection. All incoming traffic to specific ports is blocked from the provider. So it is impossible to reach the internal web server from outside.

  • gowtham May 18, 2014 @ 21:22

    no luck. I want to share mac’s internet connection with BeagleBoneBlack(BBB). I’ve enabled internet sharing. I set BBB’s default gw to 192.168.7.1. I tried to ping 8.8.8.8. It didn’t ping. subnet of mac n BBB is 192.168.7.0/24. subnet of mac n lan is 192.168.2.0/24. what could be the reason. I think we got to setup NAT. Help me out please.

    • gowtham May 18, 2014 @ 21:29

      $ sudo ipfw list
      Password:
      65535 allow ip from any to any

      above is the result whether I turn internet sharing off or on!

  • John Oct 1, 2016 @ 6:48

    sudo ./osx_fw.sh
    Password:
    Binding to NATPM port failed!

    I get that when i run the script.

    The script w/ changes:
    /usr/sbin/natd -alias_address 192.168.1.13 -interface en1 -use_sockets -same_ports -unregistered_only -dynamic -clamp_mss -enable_natportmap -natportmap_interface en0 -redirect_port tcp 192.168.3.3:21 21 -l
    ___________________________________
    I have my mac connected to a ppp vpn on centos, I’m sharing that connection with a ethernet to my pc. The pc has ftp setup, i can connect to it on the mac by using the internal ip address of the pc. I’m not for sure if the vpn would cause that binding to NATPM port failed. Can anyone help?

Leave a Reply

Your email address will not be published. Required fields are marked *

Use HTML <pre>...</pre> for code samples. Your comment will appear only after approval by the site admin.