Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Sharing a cable modem connection with Brickhouse Internet
I know that this should be easy in 10.2/Jaguar, but in the meantime ... I have a cable connection to the Internet and wanted to share my connection with another Mac on my network. I spent ages searching the net but couldn't find a clear description of how to get it going. I managed to figure it out with the help of the shareware program Brickhouse.

Read the rest of the article for the how-to...

This allows PCs or Macs to share an IP address with a Mac running OS X. After dcownloading and launching Brickhouse, click on the 'IP Sharing' tab and enable it.

On the Mac or PC that will share the connection, set up the networking thus:
  • IP address: 192.168.1.2 (3, 4, 5, 6 etc for however many share the conneciton)
  • Subnet mask : 255.255.255.0
  • Router: 192.168.1.1
  • Domain Name Servers: whatever your ISP specifies.
That's it! This works for me anyway. Saved me buying Vicom Gateway. The only hassle is that you do have to re-enable IP sharing in Brickhouse after rebooting.

[Editor's note: Yes, this is a relatively straightforward tip ... but some people may not know about Brickhouse or its capabilities. It's also possible to do this with the built-in OS X networking tools, but it won't be quite so easy without a GUI tool like Brickhouse. You can also, of course, add a hardware router to the network to accomplish the same result.]
    •    
  • Currently 3.00 / 5
  You rated: 3 / 5 (3 votes cast)
 
[8,698 views]  

Sharing a cable modem connection with Brickhouse | 17 comments | Create New Account
Click here to return to the 'Sharing a cable modem connection with Brickhouse' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
also,
Authored by: syko on Jul 08, '02 12:44:15PM

everytime you reboot, you'll have to go to brickhouse, 'apply' the firewall configuration, and then go to IP Gateway and start IP sharing.



[ Reply to This | # ]
also,
Authored by: derek23 on Jul 09, '02 10:44:55AM

uh apparently you didn't notice "the apply at startup" checkbox. I haven't been back into Brickhouse to enable anything since the first time i set it up. And i have rebooted a few times.

In fact, one of the last things to flash acorss the screen at the during OS X boot now is "Starting Firewall".



[ Reply to This | # ]
also,
Authored by: syko on Jul 09, '02 01:01:06PM

The 'Start IP Sharing', as noted in the documentation, does not work at startup. And I've seen the Firewall not startup on some occassions.



[ Reply to This | # ]
Other options
Authored by: eduo on Jul 08, '02 01:20:39PM

First of all, let me mention that some Cable Companies are heavily prosecuting people that share their cable connections. I do share mine but in my contract nowhere is written that I shouldn't, or that I should use only one machine. Only that I should use only one IP in the Cable network. Which I do.

Now, for the options:

I have used two options (am using, actually). I have four networks in two machines, and both need different types of sharing.

First I have a machine in a company network which I can connect to the telephone line for basic e-mail access. I share this connection with the ethernet network by using the command-line program ipfw (which I think Brickhouse uses internally). I have created a script called ip-up located in /etc/ppp that has the following (and runs when the ppp connection is activated):

/usr/sbin/natd -dynamic -interface ppp0
/sbin/ipfw -f flush
/sbin/ipfw add divert natd all from any to any via ppp0
/sbin/ipfw add pass all from any to any

This simply allows for address going to the ppp0 interface to be rerouted and their ip addresses translated. This also allows for the users in other machines in the network to use the route as well by adding "route" statements in their machines. This is a very rough and specific set-up.

Then in the house I have an airport network and a cable connection that I share with the Software Base Station (not from Apple) program available in versiontracker (and probably MacUpdate). This software enables the ipchains service as well (IP Forwarding) in the /etc/hostconfig file, gives out all the needed parameters for the server and clients and launches gNATd for the address re-routing and translation. It's a very simple set-up once set.

I will give Brickhouse a look and see how it works.

Of course, this all will be moot in three months, as Jaguar has this included in the OS..:)

Eduo



[ Reply to This | # ]
Other options
Authored by: Riken on Jul 09, '02 02:05:35PM

The first method is exactly what brickhouse does only it does it in a startup file at system launch.

Basically brickhouse is a nice gui for ipfw and natd.



[ Reply to This | # ]
Sharing internally versus externally
Authored by: redwoodtree on Jul 10, '02 05:29:09PM

No need to be an alarmist. If you pay for a cable connection you can share it inside your house as you wish. The main beef of the cable companies are people that are part of a city-wide wireless sharing network or free/network like warchalking or advertising on sites that have maps of free networks. So the cable companies aren't coming after people using a hub, a switch or a wireless LAN, they're coming after people that are giving away their service for free (or resale), which is spelled out in the TOS.

Hope this helps.



[ Reply to This | # ]
IPNetShareX & FireNet
Authored by: dperetti on Jul 08, '02 02:40:04PM
I use IPNetShareX to share my cable modem with my titanium via firewire (with FireNet). Works like a charm. Nothing to launch.. Really plug&play.

[ Reply to This | # ]
Dial-up also
Authored by: eddydasquige on Jul 09, '02 12:48:55AM

I use Brick house to share a dial-up connection with my PC, works easy and overall well. The only issues I have with it are that I have to manually turn it on if I reboot, and it sometimes lets the client machine "take over" my internet connection. I have found that I sometimes need to turn the internet sharing off, and then back on again in order to get the mac back up and running on the 'net. No need to reconnect to my ISP however.



[ Reply to This | # ]
Dial-up also
Authored by: Riken on Jul 09, '02 02:07:50PM
This problem is fixed in the following hint: http://www.macosxhints.com/article.php?story=20020212085541251

[ Reply to This | # ]
BrickHouse is pretty good
Authored by: 47ronin on Jul 09, '02 02:07:47PM
I've found that BrickHouse has made it easy to initially set up my firewall rules and IP sharing over two simultaneous interfaces (second ethernet card and Airport). Later on after studying how it works I figured out ipfw myself. You will need to learn this because BrickHouse, even with its great simplicity, doesn't totally allow you to customize firewall rules (that's why it has an Expert button), but any time you switch back to Quick it overwrites your configuration.
IP Sharing works great but it seems that ever since I applied the June Security Update I've had to manually toggle IP sharing off then on to get the NAT'd internal computers to see the Net after I reboot my router mac (G4). The new beta of BrickHouse has been in development for a while but I don't know when it will ever be released. Supposedly it lets you edit interfaces so you can add more than one for sharing.

[ Reply to This | # ]
Brickhouse and NAT problems
Authored by: Riken on Jul 09, '02 02:13:01PM
The problems people have been having with Sharing IP in brickhouse are to do with the natd command that Brickhouse uses to setup IP sharing. Here is a solution. http://www.macosxhints.com/article.php?story=20020212085541251

[ Reply to This | # ]
What I have done for a firewall and nat to share a dial-up connection
Authored by: drush on Jul 09, '02 08:10:30PM

I have generated 4 files (firewall, firewall.conf, natd.conf, ip-up) with help from Brickhouse, GNat, and others. This has allowed a totally reliable dial-up on-demand shared internet connection from multiple Macs. Each downstream Mac needs a manual IP (10.0.0.2, 10.0.0.3,...) and the host's ip (10.0.0.1) entered as the Router in TCP/IP settings, also be sure to enter any DNS servers from the ISP if required. The host Mac runs the firewall and the natd. On it I have set to connect automatically in the PPP options. The contents of the four files is:

**************************************************************************
below is the text for Firewall file, put it in /Library/StartupItems/Firewall
**************************************************************************

#!/bin/sh
# Firewall Boot Script
# Generated by me
#===========================================================
# Process Firewall Rules File
#===========================================================
/sbin/ipfw -q /etc/firewall.conf

#===========================================================
# natd service startup item - enables internet connection sharing on startup
#===========================================================

#. /etc/rc.common

ConsoleMessage "Starting natd Services"
/usr/sbin/sysctl -w net.inet.ip.forwarding=1
/sbin/ifconfig en0 10.0.0.1 netmask 255.255.255.0
/usr/sbin/natd -f /etc/natd.conf


**************************************************************************
below is the text for firewall.conf file, put it in /etc
**************************************************************************

# Firewall Boot Script
# Generated by DJR


#################################################
# Allow Loopback
#################################################
add 1000 allow ip from any to any via lo0

#################################################
# Allow natd packets
#################################################
add 1001 divert natd all from any to any via ppp0

#################################################
# Allow packets from existing connections
# below rules may be modified to further filter by port
# i.e. add 1002 allow tcp from any 80 to any established
#################################################
add 1002 allow tcp from any to any established
add 1003 allow all from any to any frag

#################################################
# Allow Essential ICMP Traffic
#################################################
add 1004 allow icmp from any to any icmptype 3,4,11,12

#################################################
## Rules for Home Net - allow ip over ethernet
#################################################
add 2000 allow all from any to any via en0

#################################################
## Rules for Home Net - stop AppleTalk over PPP
#################################################
add 2001 deny tcp from any 548 to any out via ppp0

#################################################
## Rules for the ppp0 interface
#################################################

#################################################
## Allow DHCP/BOOTP
#################################################
add 3000 allow udp from any 67-68 to any 67-68 via ppp0

#################################################
## Allow Broadcast (for DHCP, etc)
#################################################
add 3001 allow ip from any to 255.255.255.255 via ppp0

#################################################
## Deny Source Routed Packets
#################################################
add 3002 unreach host log ip from any to any ipopt ssrr,lsrr via ppp0

#################################################
## Allow Network Time (NTP)
#################################################
add 3003 allow udp from any 123 to any 1024-65535 via ppp0

#################################################
## Allow All ICMP Packets
#################################################
add 3004 allow icmp from any to any via ppp0

#################################################
## Allow FTP-Data port
#################################################
add 3005 allow tcp from any 20-21 to any 1024-65535 in via ppp0

#################################################
## Allow DNS
#################################################
add 3006 allow udp from any 1024-65535 to any 53 out via ppp0
add 3007 allow udp from any 53 to any 1024-65535 in via ppp0

#################################################
## Fire-AOL IM
#################################################
add 3010 allow tcp from any to any 9898 in via ppp0
add 3010 allow tcp from any 9898 to any out via ppp0

#################################################
## Fire-ICQ
#################################################
add 3011 allow tcp from any to any 5190 in via ppp0
add 3011 allow tcp from any 5190 to any out via ppp0

#################################################
## ICQ Chat (UDP)
#################################################
add 3012 allow udp from any to any 4000 in via ppp0
add 3012 allow udp from any 4000 to any out via ppp0

#################################################
## iVisit
#################################################
add 3013 allow udp from any to any 9943 in via ppp0
add 3013 allow udp from any 9943 to any out via ppp0

#################################################
## iVisit
#################################################
add 3014 allow udp from any to any 56768 out via ppp0
add 3014 allow udp from any 56768 to any in via ppp0


#################################################
## Allow All Outgoing Services
#################################################
add 53035 allow all from any to any out via ppp0

#################################################
## Deny All Incoming Services
#################################################
add 53036 deny log all from any to any in via ppp0


**************************************************************************
below is the text for natd.conf file, put it in /etc
**************************************************************************


# Config file used by natd startup script in /Library/StartupItems/Firewall/
Firewall#
same_ports yes
use_sockets yes
# remove comment from next line to not allow host computer to access the internet
#deny_incoming yes
dynamic yes
interface ppp0
#
# End natd config file


**************************************************************************
below is the text for ip-up file, put it in /etc/ppp
**************************************************************************


#!/bin/tcsh
#===========================================================
# Restart natd for each PPP session
#===========================================================
/bin/sleep 10
/bin/kill -HUP `ps -uxc -U root | grep ' natd$' | awk '{ print $2 }'`
#/sbin/ipfw delete 1001
/sbin/ipfw add 1001 divert natd all from any to any via ppp0

======================================================




[ Reply to This | # ]
Re: What I have done for a firewall and nat to share a dial-up connection
Authored by: iMMersE on Jul 10, '02 08:38:17AM

Put your hand up if you have taken that directly from Brickhouse? Well, OK, credit where credit's due, you changed Brickhouse to me on line 2!

Useful information though, people will soon learn they they don't have to pay for applications which are in affect only GUIs to a few text files if they are prepared to get their hands a little dirty, and learn something new at the same time.



[ Reply to This | # ]
Re: What I have done for a firewall and nat to share a dial-up connection
Authored by: iMMersE on Jul 10, '02 08:40:29AM

OK, you mentioned you'd used Brickhouse to generate the files, my bad. My second point is valid though. Anyway, I'll get my coat ...



[ Reply to This | # ]
free alternative - geeroute
Authored by: mclbruce on Jul 10, '02 04:21:57AM

I think geeroute will do this for free

http://geeroute.zero.com.hk/

Seems to be persistant as well, you don't have to set it up again after restart. This is from an earlier hint about lazy man's airport base station.



[ Reply to This | # ]
free alternative - geeroute
Authored by: eboelens on Jul 12, '02 05:17:43PM

This is right, it's free and simple but...
When the Imac wakes up from sleep there is no more connection to the ineternet !!!



[ Reply to This | # ]
OK, I got caught, but I forgot the .plist file
Authored by: drush on Jul 10, '02 07:34:14PM

True I did use Brickhouse, but I did improve on its inability to handel changes in IPs. Also the natd is from Gnat and the IP-UP is my own. Most important though is I forgot to talk about the StartupParameters.plist file so here is one that works (put it in /Library/StartupItems/Firewall):

{
Description = "firewall";
Provides = ("Firewall");
Requires = ("Resolver");
OrderPreference = "Last";
Messages =
{
start = "Starting firewall";
stop = "Stopping firewall";
};
}



[ Reply to This | # ]