How to set up NAT w/ dial-up connection?

[kommakazi]

Does anyone know how to set up NAT so that it will work with my dial-up connection? I have a setup right now that should work but doesn't. In my /Library/StartupItems I have a folder called 'NAT'. Inside that are two files, 'NAT', and 'StartupParameters.plist'. Here's how my NAT file is set up:

#!/bin/sh

##
# NAT enables internet connection to be shared.
##

. /etc/rc.common

ConsoleMessage "Starting NAT"

ConsoleMessage "Setting NAT parameters"

#ifconfig

natd -dynamic -interface ppp0

/sbin/ipfw -f flush
/sbin/ipfw add divert natd all from any to any via en0
/sbin/ipfw add pass all from any to any

And my StartupParameters.plist file reads:

{
Description = "Network address translation";
Provides = ("NAT");
Requires = ("Network");
OrderPreference = "Late";
Messages =
{
start = "Starting network address translation services";
stop = "Stopping network address translation services";
};
}

ipforwarding is set to 'yes' in my hostconfig file... I don't know what I'm doing wrong! If anyone could help I would be greatly appreciative! Thanks!

 

[kommakazi]

I scratched the method I attempted using above and instead followed the instructions in the natd man page itself, still to no avail. All my other computers still are unable to access the internet...when I attempt to they don't even seem to be trying to look on my LAN... Doesn't anyone here know *anything* about setting up natd? Please I'm getting really desperate...

 

[baur]

The easy way: There used to be a program called GNAT (now called IPNetShareX) that I used about a year ago - worked great. I never looked into what was going on at as low a level as you're talking about.

 

[Eckhart]

1.
As you said: "All my other computers still are unable to access the internet...when I attempt to they don't even seem to be trying to look on my LAN..." I remembered having a similar problem once, when I had properly configured ipfw/natd yet forgotten to adjust the clients' default routes. So packages come in and they cannot respond, likewise not a single connection is established.

2.
Secondly, in my eyes, two lines in your configuration are incorrect:

Explanation: The firewall gets the hands on the packets at first and checks every single packet if it is suitable for one of his rules, in your case, any packet automatically suits the first rule so it is send to the divert socket of natd. Put, as ipfw receives those packets form the internet, the correct interface would be ppp0. So, try this:

> /sbin/ipfw add divert natd all from any to any via ppp0

Now, all packets from ppp0 are delivered to natd, which then diverts them over the interface en0. So, try this:

> natd -dynamic -interface en0

Here we go, all should work now. I hope I could help you. It is getting late here in Europe. Bye

 

[Eckhart]

Please excuse my inaccurate English in my previous post. But I feel the need to be exact on this. So, in my explanation, I meant to say:

The firewall checks each packet, wether or not it fits for the first of his rules, then the second and so forth. And you wanted to have all packets from ppp0 to be worked off by natd, but you gave your rule the incorrect interface. That was my point, sorry for the second post. As I said, it's late here

 

[kommakazi]

Already tried that, baur, the latest version didn't work, not to mention that they actually want me to pay for it! Why pay for something I can do for free?

Eckhart, thank you for the reply, I changed my settings as you specified...but it still does not work. This is getting really frustrating !!!
All my hosts are configured to look to my iBook for internet services, it's IP is set as the router address on all of them.

Would it help if I let someone ssh into my computer and take a firsthand look at my configuration? I could set up a read only account for you, just shout out if you think you can help! Thanks!

--edit--
OK, I set up a basic account for someone to ssh in with, let me know if you would like to try it and I'll give you the details on it.