I have a very peculiar network setup at my home.
I have my router plugged into my cable modem downstairs in my basement, where it is hooked up to my PC. Our notebooks and my Mac Mini connect to the network using WiFi. I use Internet Network Sharing on my Mac Mini to forward my WiFi network to its ethernet interface which is then routed to a switch to which my devices in the living room connect (e.g. my Xbox).
The problem is that for Xbox and similar devices to work flawlessly they need to be able to accept connections from the internet (my particular problem was with Xbox Live). A simple resolution to this problem is NAT. However, Mac OS X Network and Security configuration doesn’t allow us to configure any NAT options at all. So you have to go low level with Terminal and tweak the BSD guts of Mac.
To solve this problem we’ll use natd to configure our port forwarding. I will use my Xbox example here. Xbox Live service requires ports 88 and 3074 on UDP and 3074 on TCP to be open. I first configured my router to forward these ports to my Mac. On my Mac Mini’s Terminal, I then killed any running instances of natd (Network Sharing does instantiate an instance for its purposes).
$ sudo killall natd
I then issued a command to setup port forwarding:
$ sudo natd -interface en1 \
-redirect_port tcp 192.168.2.2:3074 3074 \
-redirect_port udp 192.168.2.2:88 88 \
-redirect_port udp 192.168.2.2:3074 3074
Here en1 is the WiFi interface on the Mac Mini. 192.168.2.2 is my Xbox’s IP address.
Once you issue this command, go to your Xbox system settings and test your Xbox Live connection. You should not get any warnings about your NAT configuration.
HTH
/
by Sean
04 Mar 2009 at 22:11
You sir, are a legend! Worked like a charm :)
by Dave
11 Mar 2009 at 01:04
Hi there, I think this may be the long-awaited answer to my problem! I’m not too technical tho – does that terminal command alter anything else internet/connection wise on the mac? ie – will i still be able to use my mac as normal to connect to the internet etc?
Cheers!
by verma
11 Mar 2009 at 01:28
Hi Dave,
I don’t think it should have any effect. This is essentially just affecting the traffic being routed off your mac. I am not a networking expert though, so your best bet would be to try it out and see how things go.
Take care.
by Dave
11 Mar 2009 at 22:01
hey again…
What did you set as the primary DNS server in your Xbox settings?
i can’t get it working – using my laptop.
by Dave
11 Mar 2009 at 22:04
I’ve just found this bit of software – looks like it’ll make life a bit easier – http://codelaide.com/blog/products/lighthouse
by Loren
16 Mar 2009 at 21:08
Thank you SO much, I’ve been looking for this ever since I got my Xbox and realized I could share my MacBook connection.. I have exactly the same scenario as you except that my console is just next to my macbook and connected to my monitor!
by Joe
17 Mar 2009 at 17:43
Hi Verma,
How would I set back to the original setting if i decide not to go to this route in the future since you had a command line to kill all natd?
thanks.
by verma
17 Mar 2009 at 18:44
Hi Joe,
Well, you could either just restart the computer, or kill your own natd and restart network sharing in Preferences.
by Joe
17 Mar 2009 at 18:54
Verma,
sorry i should have stated clearly. what I meant was that how do i enble back all natd in the future since we input the command line “$ sudo killall natd”?
if i dont misunderstand of what you’ve just said, do i need to type those command line everytime i restart the laptop in order to get the port forwarding working?
thanks.
by verma
17 Mar 2009 at 19:23
Well, yes, unfortunately mac os x will reset natd rules once it starts network sharing which will happen every time you restart your notebook. To avoid doing this you may want to take a look at the tool Dave mentioned above. Or you could auto-execute the script on startup using automation or something.
To restore original natd settings you need to restart network sharing.
Hope this answers your question.
by Joe
17 Mar 2009 at 19:54
Hi Verma,
Thank you for you lightning responses.
have you ever used the software, LightHhouse that Dave mentioned?
thanks.
by verma
17 Mar 2009 at 20:29
No, not really, the script works pretty well for me :)
by Joe
17 Mar 2009 at 21:35
Sorry for all the questions Verma.
you mentioned about using automation to auto-execute the script at startup, could you elaborate on this? what software does it require?
thanks.
by verma
17 Mar 2009 at 21:43
No problem :)
There is this tool that comes with Mac OS X called Automator. You can read more about it here: http://www.apple.com/applescript/
I am not really an applescript expert so I cannot really help you with that, but this link should be a good starting point for you to start with what you’re trying to achieve.
Also, there is a discussion here: http://discussions.apple.com/thread.jspa?threadID=1107492 which is similar to what you’re trying to do.
HTH
by Joe
17 Mar 2009 at 22:02
ahhh looks like it’s too complicated that it deals with all those applescript and shell script. i guess i will try out the program Lighthouse, worse case i will have to manually input the script every time after the laptop restarts.
hopefully i can get rid of the NAT problem that i’m having with my xbox.
thanks
by S
28 May 2009 at 16:41
Nice solution! But I have a bit different setup. Don’t know how to fix it.
I use these lines to share my vpn connection via wifi:
sysctl -w net.inet.ip.forwarding=1
natd -s -m -d -n ppp0 -dynamic
ipfw add divert natd ip from any to any via ppp0
how do I alter these lines to start port forwarding to the certain IP?
by 21bower
21 Mar 2010 at 16:20
OH SWEET LORD thank you so much, you have no idea how long ive been trying to do this for, ahhhh, i was about to smash my router and now you have shown me the light,, thnk you so much
by Tom
12 Jun 2010 at 18:59
I have the same setup you have sounds like, except I’m using a slingbox instead of an Xbox.
What I was thinking is that, since the slingbox can reach *out* to the internet, but you can’t route *in* to it, isn’t this a problem that can be solved with routing, not nat’ing? For example, can the Mac Mini be configured to route the inbound traffic, as it does the outbound? I wouldn’t have thought NAT would be required for this. I may be missing something though (aside from the fact that I don’t personally know how to do this, which is obvious :) ).
by verma
17 Jun 2010 at 06:03
Hi Tom,
In my case the two networks are different, sharing the wifi connection over Ethernet causes the Ethernet connection to be on a different network. Since the network is different, some sort of address translation is needed.
by verma
17 Jun 2010 at 06:06
Hi David,
I am afraid I am not sure. I haven’t really every played with upnp.
by David
17 Jun 2010 at 07:18
Well, I have a few more questions now:
I typed in the first script and it asked for my password which I typed in and moved on to the second.
I typed the second part in substituting (what I believe to be) my IP Address of my XBOX. After entering that script, I did NOT ask to type my password. Should it prompt me that second time or not?
Sorry if this paragraph sounds like I’m completely unable to read to guide, but I just wanted to make sure. I say what I believe to be my XBOX’s IP above because I’m not sure if I’m entering the right thing. On my XBOX Conf. page, it says IP Address, Gateway and the two DNS servers. I used the one labeled IP Address. Is that the correct one? Thanks!
by Erik Stone
08 Jul 2010 at 10:07
Fricken awesome stuff! Thanks Verma.
by verma
18 Jul 2010 at 17:22
@David
It probably won’t ask you for a password if you ran the commands in reasonably quick succession. If you wait for a while before you run the second command, the system will ask you for a password. That’s how sudo usually works.
The IP address that you see on your xbox con page would be the right one to substitute on the command line. I think you are doing it right.
Either way, the best way to test if the things are going right is to test for connectivity from within xbox. HTH