I have a very peculiar network setup at my home.
I have my router plugged into my cable modem downstairs in my basement, where it is hooked up to my PC. Our notebooks and my Mac Mini connect to the network using WiFi. I use Internet Network Sharing on my Mac Mini to forward my WiFi network to its ethernet interface which is then routed to a switch to which my devices in the living room connect (e.g. my Xbox).
The problem is that for Xbox and similar devices to work flawlessly they need to be able to accept connections from the internet (my particular problem was with Xbox Live). A simple resolution to this problem is NAT. However, Mac OS X Network and Security configuration doesn’t allow us to configure any NAT options at all. So you have to go low level with Terminal and tweak the BSD guts of Mac.
To solve this problem we’ll use natd to configure our port forwarding. I will use my Xbox example here. Xbox Live service requires ports 88 and 3074 on UDP and 3074 on TCP to be open. I first configured my router to forward these ports to my Mac. On my Mac Mini’s Terminal, I then killed any running instances of natd (Network Sharing does instantiate an instance for its purposes).
$ sudo killall natd
I then issued a command to setup port forwarding:
$ sudo natd -interface en1 \
-redirect_port tcp 192.168.2.2:3074 3074 \
-redirect_port udp 192.168.2.2:88 88 \
-redirect_port udp 192.168.2.2:3074 3074
Here en1 is the WiFi interface on the Mac Mini. 192.168.2.2 is my Xbox’s IP address.
Once you issue this command, go to your Xbox system settings and test your Xbox Live connection. You should not get any warnings about your NAT configuration.
HTH
/
by Sean
04 Mar 2009 at 22:11
You sir, are a legend! Worked like a charm :)
by Dave
11 Mar 2009 at 01:04
Hi there, I think this may be the long-awaited answer to my problem! I’m not too technical tho – does that terminal command alter anything else internet/connection wise on the mac? ie – will i still be able to use my mac as normal to connect to the internet etc?
Cheers!
by verma
11 Mar 2009 at 01:28
Hi Dave,
I don’t think it should have any effect. This is essentially just affecting the traffic being routed off your mac. I am not a networking expert though, so your best bet would be to try it out and see how things go.
Take care.
by Dave
11 Mar 2009 at 22:01
hey again…
What did you set as the primary DNS server in your Xbox settings?
i can’t get it working – using my laptop.
by Dave
11 Mar 2009 at 22:04
I’ve just found this bit of software – looks like it’ll make life a bit easier – http://codelaide.com/blog/products/lighthouse
by Loren
16 Mar 2009 at 21:08
Thank you SO much, I’ve been looking for this ever since I got my Xbox and realized I could share my MacBook connection.. I have exactly the same scenario as you except that my console is just next to my macbook and connected to my monitor!
by Joe
17 Mar 2009 at 17:43
Hi Verma,
How would I set back to the original setting if i decide not to go to this route in the future since you had a command line to kill all natd?
thanks.
by verma
17 Mar 2009 at 18:44
Hi Joe,
Well, you could either just restart the computer, or kill your own natd and restart network sharing in Preferences.
by Joe
17 Mar 2009 at 18:54
Verma,
sorry i should have stated clearly. what I meant was that how do i enble back all natd in the future since we input the command line “$ sudo killall natd”?
if i dont misunderstand of what you’ve just said, do i need to type those command line everytime i restart the laptop in order to get the port forwarding working?
thanks.
by verma
17 Mar 2009 at 19:23
Well, yes, unfortunately mac os x will reset natd rules once it starts network sharing which will happen every time you restart your notebook. To avoid doing this you may want to take a look at the tool Dave mentioned above. Or you could auto-execute the script on startup using automation or something.
To restore original natd settings you need to restart network sharing.
Hope this answers your question.
by Joe
17 Mar 2009 at 19:54
Hi Verma,
Thank you for you lightning responses.
have you ever used the software, LightHhouse that Dave mentioned?
thanks.
by verma
17 Mar 2009 at 20:29
No, not really, the script works pretty well for me :)
by Joe
17 Mar 2009 at 21:35
Sorry for all the questions Verma.
you mentioned about using automation to auto-execute the script at startup, could you elaborate on this? what software does it require?
thanks.
by verma
17 Mar 2009 at 21:43
No problem :)
There is this tool that comes with Mac OS X called Automator. You can read more about it here: http://www.apple.com/applescript/
I am not really an applescript expert so I cannot really help you with that, but this link should be a good starting point for you to start with what you’re trying to achieve.
Also, there is a discussion here: http://discussions.apple.com/thread.jspa?threadID=1107492 which is similar to what you’re trying to do.
HTH
by Joe
17 Mar 2009 at 22:02
ahhh looks like it’s too complicated that it deals with all those applescript and shell script. i guess i will try out the program Lighthouse, worse case i will have to manually input the script every time after the laptop restarts.
hopefully i can get rid of the NAT problem that i’m having with my xbox.
thanks
by S
28 May 2009 at 16:41
Nice solution! But I have a bit different setup. Don’t know how to fix it.
I use these lines to share my vpn connection via wifi:
sysctl -w net.inet.ip.forwarding=1
natd -s -m -d -n ppp0 -dynamic
ipfw add divert natd ip from any to any via ppp0
how do I alter these lines to start port forwarding to the certain IP?
by 21bower
21 Mar 2010 at 16:20
OH SWEET LORD thank you so much, you have no idea how long ive been trying to do this for, ahhhh, i was about to smash my router and now you have shown me the light,, thnk you so much
by Tom
12 Jun 2010 at 18:59
I have the same setup you have sounds like, except I’m using a slingbox instead of an Xbox.
What I was thinking is that, since the slingbox can reach *out* to the internet, but you can’t route *in* to it, isn’t this a problem that can be solved with routing, not nat’ing? For example, can the Mac Mini be configured to route the inbound traffic, as it does the outbound? I wouldn’t have thought NAT would be required for this. I may be missing something though (aside from the fact that I don’t personally know how to do this, which is obvious :) ).
by David
17 Jun 2010 at 05:59
Verma,
I was wondering, using this method would I still need to enable uPnP through my router? Or, would I have to do anything with my router?
by verma
17 Jun 2010 at 06:03
Hi Tom,
In my case the two networks are different, sharing the wifi connection over Ethernet causes the Ethernet connection to be on a different network. Since the network is different, some sort of address translation is needed.
by verma
17 Jun 2010 at 06:06
Hi David,
I am afraid I am not sure. I haven’t really every played with upnp.
by David
17 Jun 2010 at 07:18
Well, I have a few more questions now:
I typed in the first script and it asked for my password which I typed in and moved on to the second.
I typed the second part in substituting (what I believe to be) my IP Address of my XBOX. After entering that script, I did NOT ask to type my password. Should it prompt me that second time or not?
Sorry if this paragraph sounds like I’m completely unable to read to guide, but I just wanted to make sure. I say what I believe to be my XBOX’s IP above because I’m not sure if I’m entering the right thing. On my XBOX Conf. page, it says IP Address, Gateway and the two DNS servers. I used the one labeled IP Address. Is that the correct one? Thanks!
by Erik Stone
08 Jul 2010 at 10:07
Fricken awesome stuff! Thanks Verma.
by verma
18 Jul 2010 at 17:22
@David
It probably won’t ask you for a password if you ran the commands in reasonably quick succession. If you wait for a while before you run the second command, the system will ask you for a password. That’s how sudo usually works.
The IP address that you see on your xbox con page would be the right one to substitute on the command line. I think you are doing it right.
Either way, the best way to test if the things are going right is to test for connectivity from within xbox. HTH
by Erik Stone
05 Sep 2010 at 16:55
You are a genius my friend. This is the only website that I have been able to find that actually explained how to do this. Other so called, experts, have even said there is no way to do this. Shows how stupid most of the experts really are, since this seems like pretty basic Unix if you know Unix. Thanks a bunch!
Pingback
by Use your Mac to Connect to Xbox Live and Set Up Port Forwarding | SuperProfundo
08 Oct 2010 at 17:05
[...] Soundc – Mac OS X Port Forwarding with Internet Connection Sharing Mac OS X Reference LIbrary: do shell script in AppleScript ← Keeping Children Safe From [...]
by Jan
21 Oct 2010 at 21:15
Thanks a lot man! I have a Windows-PC that should use eMule Filesharing and doesn’t have a WLan-Device. The PC is connected to a Macbook via cable! It works now!
by Wes
02 Feb 2011 at 01:29
Hello Verma, still getting a moderate NAT, just wondering if i have this correct. on my router i have the the required ports forwarded to my mac minis IP and then using your script the mac forwards them to my xbox IP? this is how i have it set at the moment but still recieving NAT errors any ideas?
by James
04 Jun 2011 at 01:44
Hi. I am having a bit of trouble with this. My ethernet port is set to the ip 10.0.0.1 and my xbox 10.0.0.2. Which ip do I use with -redirect_port? Thanks.
by Halomaster
07 Jul 2011 at 18:54
Your amazing dude, but how come after i put my mac to sleep and awake or restart my mac it goes back to moderate and i have to redo this process?
by Si
20 Sep 2011 at 00:25
thanks for your suggestion for this problem!
however I get this message:
natd: Unable to bind divert socket.: Address already in use
I wasn’t sure so I tried it will internet sharing on and off, and did killall natd (No matching processes belonging to you were found each time)
by Si
20 Sep 2011 at 00:27
also, I saw someone suggest
sudo ipfw add allow UDP from 3074 to 3074
sudo ipfw add allow TCP from 3074 to 3074
sudo ipfw add allow UDP from 88 to 88
thoughts on that idea?
by S
23 Sep 2011 at 12:31
So I posted earlier about having a problem. Looks like when you do sudo killall natd it can sometimes take a minute for it to actually shut off. If I was a little more patient, I would see that when I do ps -ax the natd process eventually shuts off, at which point you can enter the command.
Now my problem is my stupid Belkin router says it’s forwarding the ports to my computer, but when I check the ports they are closed. So I can’t say for sure that it worked, just that it didn’t fail yet.
Thanks!
by Si
29 Oct 2011 at 13:18
ps -ax | grep natd
sudo killall natd
sleep 10
sudo natd -interface en1 -redirect_port tcp 192.168.2.2:3074 3074 -redirect_port udp 192.168.2.2:88 88 -redirect_port udp 192.168.2.2:3074 3074 -redirect_port tcp 192.168.2.2:80 80
ps -ax | grep natd
^^^ I found I needed to wait 10 seconds before running natd because it takes a second to kill.