Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Set up an auto-start internet sharing service Network
After lots of trial and error I've managed to have osx actually BE a network server that starts automagically. Indeed, as many of us have discovered, in order to share one's internet connexion with a LAN, one has to click the "start" internet sharing after each restart. Bummer... but no longer !

This tip may be a bit complicated, and it requires a couple of scripts, but I believe that it's still quite straightforward. Be prepared to part from the InternetSharing prefs pane, though (RIP).

In the following instructions, I'm assuming that you have a dynamic connection to your ISP (ie through DHCP) that uses an Ethernet modem. I believe this hint should work as well with a static IP, but I haven't tested it this way.

[Editor's note: This is a long and fairly complex hint, and I have not tested it myself. Please make sure you have good backups prior to doing anything such as the following on your machine ... it's just common sense!]

We're going to create a new IP address for our LAN. This address must exist as early as possible, or named won't be able to bind to it (cf supra). Open the Network prefs pane, and select "Network Port Configurations" from the "Show:" menu. Click New... and call it whatever you want, but select "Built-in Ethernet" (if your primary net access is throught ethernet, or course). Now select your new configuration from the "Show" popup menu. Select configure "Manually". Set the values as follows:
  • IP address: (you could use or others...)
  • Subnet mask:
  • DNS server: (that's if you're going to use named)
  • Search domains: localhost
Now click "Apply Now". What we've done is we created an alias on the en0 (built-in Ethernet) interface.

Now, let's get NAT working. Here's a script that you have to install inside /Library/StartupItems/ (you must have root privileges, so you can either sudo each command or use 'su'). Go into /Library/StartupItems/ and type:
 % mkdir NAT
% chmod 755 NAT
% chown root:wheel NAT
% cd NAT
And now for the script itself; use your favorite editor (vi, emacs etc) and call it NAT and enter the following text:

. /etc/rc.common

ConsoleMessage "Starting NAT"

wrongorder=$(/sbin/ifconfig en0 | sed -n '/inet/p' | head -n 1
| sed -n '/192/p' | awk '{print $2}'| wc -l)
# Enter the above as ONE LINE! #

if [ "${wrongorder}" -gt 0 ]; then
ConsoleMessage "swapping DHCP and unregistered alias"
ifconfig en0 -alias
ifconfig en0 alias

/usr/sbin/natd -f /etc/natd.conf

/sbin/ipfw add 20000 divert natd all from any to any via en0
/sbin/ipfw add 20050 divert natd all from any to any via en1
Save the file, exit your editor and type chmod 4754 NAT.

Let's explain what the script does. The wrongorder part is actually a kludge. What is advertised in the Network prefs pane, is that the order in which you see your network interfaces is the order in which they're supposed to be created. But if your primary interface uses DHCP, it will most of the time be created AFTER your local interface ( And this is bad, because NAT will bind to the latter and therefore won't work. So what we're simply doing is swapping the order of the aliased IP address. (You can check for this with the command "ifconfig en0").

The two lines at the end ask your firewall to divert packets that go through your interfaces to natd so that masquerading can take place. If you don't want to route traffic from airport, simply remove the line that says:
/sbin/ipfw add 20050 divert natd all from any to any via en1
Because of the way startup scripts are loaded by SystemStarter, we need to create a StartupParameters.plist file that informs of the dependencies of this script. While still in the /Library/StartupItems/NAT/ folder, create a file called StartupParameters.plist and enter the following text:
Description = "NAT";
Provides = ("NAT");
Requires = ("Network",
OrderPreference = "Late";
Messages =
start = "Starting NAT";
stop = "Stopping NAT";
Save and exit, and, just to make sure, do (as root):
 % chown root:admin StartupParameters.plist
% chmod 644 StartupParameters.plist
STEP FOUR:Alright, now let's make sure that everything is fine in the hostconfig file (which carries global values for things like ip forwarding etc). Open /etc/hostconfig as root in a text editor, and make sure that you have the following saying "-YES-":
The last line is if you want a local DNS/named server)

Now let's edit a couple of config files, namely for natd and for named. Edit as root /etc/named.conf. In the "options" section, you should see a line that looks like:
 // query-source address * port 53;
After it is a line that starts with "listen-on". Make sure that the listen-on line is not commented (doesn't have any // at the beginning), and replace it with the following:
 listen-on {; };
Save and exit. What we've just done is we asked named to only reply to internal DNS querries. Unless you want to have a public DNS server (in which case you probably would know how to set it up by yourself ^_^), you'll want to keep your DNS private.

Edit as root /etc/natd.conf, and replace the content with the following:
 interface en0
dynamic yes
same_ports yes
log_denied no
use_sockets yes
unregistered_only yes
Save and exit.

There is no step seven! ;-) Oh yes, restart your Mac, cross your fingers, do a voodoo dance around your desk, etc. Remember, don't start internet sharing from the system's preference panes, since we bypassed everything manually. If you put the line about diverting en1 (AirPort), then your machine should route AirPort as soon as it is turned on (even if you switch it on later on). Piece o' cake, wasn't it ? ^_^
  • Currently 4.00 / 5
  You rated: 5 / 5 (3 votes cast)

Set up an auto-start internet sharing service | 10 comments | Create New Account
Click here to return to the 'Set up an auto-start internet sharing service' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Excellent overview, thanks
Authored by: babbage on Oct 14, '02 11:20:35AM
One thought: rather than forcing a reboot, you should be able to manually run the script you created in step one by running a

sudo /Library/StartupItems/NAT/NAT

I've followed the instructions and done this on my machine, and it seems like everything works -- I am now using my Mac as a gateway to my DSL service while typing this from my laptop using the Mac as the network router.

Rockin' -- I've been meaning to figure out how to do this for months now :-)

[ Reply to This | # ]

Excellent overview, thanks
Authored by: hagbard on Oct 14, '02 01:09:22PM

welcome ;-)

yeah launching NAT should be enough, if most of the other settings are already as they should be. Restarting makes sure everything's clean. That's all.

[ Reply to This | # ]
Authored by: mervTormel on Oct 14, '02 05:05:04PM

yeah, just starting NAT would be the unit test, and rebooting would be the integration test, if you're into that sort of thing.

kudos and thanks to you for the workout.

[ Reply to This | # ]
AirPort software base station?
Authored by: Jaharmi on Oct 26, '02 07:28:59AM

I've got the same thing started, based on the work I did customizing the StartupItem for IPNetShareX under 10.1.x.

However, the new Internet Sharing service in Jaguar is of particular interest to me, because it seems to simulate a hardware wireless access point. In other words, it seems to start up the software base station in "infrastructure mode" rather than "ad hoc mode."

This makes all the difference to me, because infrastructure mode works with my PowerBook, and ad hoc mode does not. I've got a Cisco Aironet 350 card, and while its drivers support computer to computer wireless connections, they never seem to find my tower G4 in that mode.

Does anyone know how to completely start up the Internet Sharing feature of Jaguar? There is an InternetSharing executable, but I'm not sure if I'm supposed to use it:


Every time I turn on Internet Sharing from System Prefs, it overwrites a bunch of my firewall rules ...

[ Reply to This | # ]

Great ! thanks!!
Authored by: rastabob on Oct 20, '02 07:09:59AM

Wow, i've been looking this since Jaguar came out.

With many others i've been following threads on this topic on But no working solutions there yet.

I would really like to try this solution, and post it to others, but it requires a bit more Terminal experience than i have.
So.... could you do us a massive favour and post STEP2 - STEP6 again, for Terminal dummies. Your explanations are very clear, but i would like to know exactly what lines to type in.... :)

thanks in advance

[ Reply to This | # ]
Authored by: saint.duo on Oct 20, '02 07:43:46PM

How much would need to be changed about these instructions if I use a dialup/modem connection and want to share it to other machines via ethernet?
Do I only have to change the connection type on the server in the network prefs pane from ethernet to modem, and make sure it is set correctly?

[ Reply to This | # ]
Authored by: carson on Nov 24, '02 10:31:20AM

For a modem connection, you'll need to replace eth0 with ppp0 in most

ipfw add divert natd all from <?? any ??> to any via ppp0

Note that I've put some question marks in there. Redirecting ALL packets
isn't very safe. I'd change that to your LAN's ip address and subnet mask. For example:

ipfw add divert natd all from to any via ppp0

You could replace with a specific computer on the LAN and repeat for each computer you want to allow access. That would be even better security although slightly slower performance wise (negligible). Hope that helps.

Everything should run as expected.


[ Reply to This | # ]
One little change now required
Authored by: macgyver929 on Jun 24, '03 09:53:01PM

The wrongorder part of the NAT script mentioned fails now with the addition of an 'inet6' line in 'ifconfig' introduced with one of the more recent OS X updates.

change the line : ... | sed -n '/inet/p' | ...
to look like this : ... | sed -n '/inet /p' | ...
( the addition of a space after 'inet' )

It all works great again, and as a note in case anyone is curious, it works fine on OS X Server as well.

thanks hagbard...

[ Reply to This | # ]
Anyone using this with airport?
Authored by: Memphisartguy on Jun 27, '03 01:24:06PM

I've tryed the above scripts, but the problem i seem to encounter is that after rebboting the mac, the mac does not hold its airport network and goes off wondering.

I am trying to set the mac to feed my windows xp laptop using a Dell Truemobile card. It works great once I creat a network and then click internet sharing start.

But after reboot the imac lose the network and I have to set it up again.

Anyone know a fix?

! insert floppy to boot !

[ Reply to This | # ]
Permissions Fix
Authored by: macgyver929 on Sep 24, '03 01:19:10PM

Occasionally ( and especially after security or OS updates ) my NAT goes down ( the process is running but? ). I messed around so much I'm not sure what actually fixed it most times, but I think it was resetting the permissions. So I've added this to the NAT script just after the first console message:

#fix permissions
chown root:wheel /Library/StartupItems/NAT/
chown root:wheel /Library/StartupItems/NAT/NAT
chmod 4754 /Library/StartupItems/NAT/NAT
chown root:admin /Library/StartupItems/NAT/StartupParameters.plist
chmod 644 /Library/StartupItems/NAT/StartupParameters.plist

It hasn't gone down since, so if you're having the same issue give this a try.

This may be an OS X 10.2 Server server thing as that's what I'm running.


[ Reply to This | # ]