Tutorials 

by Dr. John Timmer, Contributing Editor

It's come to my attention that the last set of instructions I had written for routing a PPPoE/ADSL connection are seriously out of date. PPPoE support has been a bit of a moving target; in between the public beta and the first release, Apple included PPPoE capabilities as part of the default install. Somewhere between then and the current release, 10.1.3, they rolled it into the PPP implementation that supports dialup connections. Although this means the interface it uses to connect (and you'd use for routing) now disappears when you disconnect, the routing instructions are now identical to those used for dialup. Read on for detailed instructions.


Assigning IP address:

To begin with, you need to assign your OS-X computer an IP address appropriate for a private network. Open up the System Preferences, select "Network" and then select the TCP/IP tab. Choose the interface you're going to have the other computers on (genererally ethernet or AirPort), then select "Configure: Manually" to enter an IP address. My understanding is that the following series of addresses is appropriate: 10.0.0.0-8, 172.16.0.0-12, and 192.168.0.0-16 (but i could certainly be wrong). Set the subnet mask to 255.255.255.0. The router settings don't matter. Assign the DNS setting that were given to you by your ISP.

All other computers that will be using the connection should be assigned another IP address in the same series (ie - if you used 10.0.0.0, assign another computer 10.0.0.1), the same subnet mask, the IP number you used in the previous paragraph as the router, and the same DNS addresses as you used in the previous paragraphs.

Setting up PPPoE:

Next, you have to set up PPPoE and get it connected. If you used Airport for your private network, simply select ethernet and proceed with the normal PPPoE configuration. If your local network is on ethernet, you have to make a second configuration for the ethernet port. To do that, select "Show: Active Network Ports". Once there, select your ethernet port and press "Duplicate" and rename it something memorable like "PPPoE ethernet". Now, select "Show: PPPoE ethernet" and enter the appropriate configuration information.

As part of the current PPPoE implementation, OS-X creates an ethernet interface called "ppp0" whenever you're connected via PPPoE. Since we're going to be routing via this device, we need to make sure it exists before entering all the appropriate commands. To do this, simply connect. From here on out, things should be identical to those for a dialup PPP connection.


Routing local traffic: 

All of the following must be done as an administrative user, since you're going to be using the sudo command to execute things as root.


First, you have to tell the kernel to enable IP forwarding on the machine by typing:

sudo sysctl -w net.inet.ip.forwarding=1

(sysctl sets a kernel's property state. The -w flag tells the command to write the new state. The dotted list is a path through a hierarchy of properties to IP forwarding. Setting this state to 1 enables it.)

Next, you have to activate natd, the network address translation daemon (natd) and provide it the with the item to route traffic to. Back in the terminal, type:

sudo natd -interface ppp0

(this starts natd and tells it that your interface to the outside world is ppp0.)

The next (and last) step is to make sure that your computer knows that all traffic coming through it should go through natd. You do this by tweaking ipfw, the IP firewall rules, from your terminal:

sudo ipfw add divert natd ip from any to any via ppp0

(i don't fully understand this one myself. Sorry.)

For those of you who don't want to understand what's going on, here's the short version:

open a terminal

type:

sudo sysctl -w net.inet.ip.forwarding=1

sudo natd -interface ppp0

sudo ipfw add divert natd ip from any to any via ppp0

Caution:

I've since bought a router, so i haven't tested this in any detail. I'll try to test this in the near future, but will have to redo my home network in order to try it, so it may take time.

You'll have to do this all over again every time you disconnect.

Best of Luck!

If you have any questions or comments about this article, feel free to e-mail me at john_timmer@osxfaq.com