Home Forums OS X Server and Client Discussion Questions and Answers natd & port mapping

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • August 21, 2004 at 6:03 am #358862
    l008com
    Participant

    So I set up internet sharing using natd, dhcp and the most simple, unintrusive set of firewall rules. So now I need port mapping. I wrote up a bunch of rules and stuck them in /etc/natd.conf . The only problem is, after restarting natd, it doesn’t seem to have ‘picked up’ these rules. Is this the right place to put my rules? Or do I need to stick them someplace else?

    August 23, 2004 at 12:26 am #358868
    honestpuck
    Participant

    [QUOTE BY= l008com] So I set up internet sharing using natd, dhcp and the most simple, unintrusive set of firewall rules. So now I need port mapping. I wrote up a bunch of rules and stuck them in /etc/natd.conf . The only problem is, after restarting natd, it doesn’t seem to have ‘picked up’ these rules. Is this the right place to put my rules? Or do I need to stick them someplace else?[/QUOTE]

    I think you’ll find that natd.conf.apple or even better /etc/nat/natd.plist are the best place to put your rules – /etc/nat/natd.plist says that it is used to create nat.conf.apple and that natd is called using the -f option to get it read that file.

    Tony Williams

    August 23, 2004 at 3:43 am #358870
    l008com
    Participant

    Hmmmm that file is a plist in xml format. I’m not sure how I’m supposed to add my rules to it? My rules are in the normal format you use when making a standard .conf file, 

    redirect_port tcp 192.168.0.2:6881-6999 6881-6999

    Also, this is there an order to the way the rules are applied? For instance, I want to add a group of rules to be processed first. Then I want a rule thats applied last, kind of like a catch all, that would essentially create a DMZ host. So if the rules are applied from top to bottom, then I’d want the last rule to be something like:

    redirect_port tcp 192.168.0.3:1-65535 1-65535

    August 27, 2004 at 9:30 am #358930
    Anonymous
    Guest

    /etc/nat/natd.conf.apple is used to generate the natd.plist file.

    However, natd.conf.apple will be overwritten with default settings from time to time (every time natd restarts, perhaps). One can’t live this way… readding the same stinkin’ redirects all the time.

    The solution is quite simple. Lock the silly little file so Apple can’t hurt it.

    sudo chflags uchg natd.conf.apple.

    Before you can make changes, simply reverse it:

    sudo chflags nouchg natd.conf.apple.

    Now, why Apple has a nice little gui for the firewall setup but won’t make it easy to do port forwarding Rolling Eyes , i’ll never know. Almost everything Apple makes is oh so very cool but they leave out some basic basic sensible thing. Ah well.

    Cheers
    jeff

  • Author
    Posts
Viewing 4 posts - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.

Comments are closed

Copyright © 2025 AFP548. All Rights Reserved.