I’ve got one of my Mac mini’s running for almost a month now and I’m very happy with how it’s been behaving. It does everything I want and it even allows me to use it as a router of some sort by using the “share internet” option in the Sharing panel in the System Preferences. In this manner I can use my second Mac mini as a desktop computer and surf the internet and maintain my server by using the both Airport Extreme cards to setup a wireless network. The server mini is connect to my ADSL modem using via a cable. I’ve used the Sharing panel to configure the Firewall as well , but I’m not yet very happy with it.
The standard firewall is blocking all interfaces with the same configuration. I would like that to be different, blocking most traffic from the internet and allowing everything from the internal network. I’m not a FreeBSD, Unix or Terminal guru and manually configuring ipfw and natd is a bit daunting. I’ve read many web-pages that tell you how to do it like this one from Frederik. While I end up with a perfect working firewall which blocks everything I require and allows the internal network. I’m unable to get that and Internet sharing (with natd and such) working together. I’m getting desperate and think about ending it all by buying an Airport Extreme base station and let that do all the firewalling and port forwarding.
The standard firewall and internet sharing do their work as they are supposed to but one thing still lacking for me was port forwarding for my bit-torrent downloads. I like to download the publicly available torrents (not copyrighted stuff), like software and tv-shows. I really like to watch NerdTV from Robert X. Cringely. It’s much nicer to download stuff via bit-torrent, it’s much easier to the one providing the files and not hog is bandwidth.
But today I found a solution that allows me to forward the bit-torrent ports from my mini server to my mini desktop. Internet sharing uses natd with some default configuration which I don’t know how to change. But I can kill the running natd process and replace it with my own.
What I do is find out if it is running by using ps -x | grep natd and copy the command-line that appears to the clipboard. Then kill the natd process by issuing a sudo kill <process id>. I then start it up again with the command-line I copied to the clipboard and add the following options behind it:
-redirect_port tcp 10.0.2.2:6881-6999 6881-6999 -redirect_port udp 10.0.2.2:6881-6999 6881-6999
This will redirect all incoming bit-torrent traffic coming in on my mini server and forward it directly to my desktop. The desktop has the ip-address of 10.0.2.2 and you need to change that to your situation. This will increase the speed at which the torrents are downloading significantly.
Still I will keep looking and try to find a proper setup as described above. If someone has some pointers please let me know.
- No related posts
January 5th, 2007 at 2:49 am
How to automatically restart natd process with the ‘port forwarding’ option after each reboot:
** This example forwards the port 4662 (aMule) **
** These operations must be done by root **
i) Create a folder named ‘natd’ in /Library/StartupItems/
ii) Create two files, ‘StartupParameters.plist’ and ‘natd’, inside ‘natd’ folder
=== Begin of StartupParameters.plist ===
{
Description = “Network Address Translation”;
Provides = (“NAT”);
Requires = (“Network”, “NetworkExtensions”);
OrderPreference = “Last”;
}
=== End of StartupParameters.plist ===
========== Begin of natd ==========
#!/bin/sh
. /etc/rc.common
killall -KILL natd
sleep 5
natd -alias_address 192.168.1.2 -interface en0 -use_sockets -same_ports -unregistered_only -dynamic -clamp_mss -redirect_port tcp 10.0.0.2:4662 4662
========== End of natd ==========
iii) ‘natd’ is a script, so we should set it to be executable
# chmod 755 natd
iv) Reboot your computer.