2 May 2008, 18:08
Tags: , , , , ,
Comments Off

DHCP server in Parallels host-only network

While trying to create a Debian preseeding environment in Parallels, I came across the fact that when you enable Mac OS X connection sharing, it starts it’s own dhcp (or rather, bootp) service. If that service recognises another dhcp/bootp server in the network, it bails out and deactivates connection sharing. That last is terribly annoying, since I want to run my own dhcp server from the preseed-provisioning server.

The solution is to run the following script, which makes sure forwarding is enabled in the kernel and in ipfw (the MacOSX firewall). I found a good solution in in an older article on a blog called collectivity. The script is this (host-only network is 10.37.129.0/24 with .1 being my Mac OS X host machine):

#!/bin/sh

DEFROUTE_IF=`/usr/sbin/netstat -rn | /usr/bin/awk '/^default/ {print $6;}'`
NATD=/usr/sbin/natd
NATD_OPTIONS="-log -log_denied -use_sockets -same_ports -interface $DEFROUTE_IF"
IPFW=/sbin/ipfw

LOOPBACK="lo*"
PUBLIC_IF="$DEFROUTE_IF"
PARALLELS_IF=en2

PARALLELS_NET="10.37.129.0/24"

# start natd
$NATD $NATD_OPTIONS

# divert traffic before anything else
$IPFW add 01000 divert natd all from $PARALLELS_NET to any out via $PUBLIC_IF
$IPFW add 01010 divert natd all from any to any in via $PUBLIC_IF

# standard mac os x firewall stuff
$IPFW add 02000 allow ip from any to any via $LOOPBACK
$IPFW add 02010 deny ip from 127.0.0.0/8 to any in
$IPFW add 02020 deny ip from any to 127.0.0.0/8 in
$IPFW add 02030 deny ip from 224.0.0.0/3 to any in
$IPFW add 02040 deny tcp from any to 224.0.0.0/3 in
$IPFW add 02050 allow tcp from any to any out
$IPFW add 02060 allow tcp from any to any established
$IPFW add 02070 allow tcp from any to any dst-port 22 in
$IPFW add 02070 allow ip from any to any dst-port 53 in
$IPFW add 02080 allow tcp from any to any dst-port 80 in
$IPFW add 02090 allow tcp from any to any dst-port 427 in
$IPFW add 02100 allow tcp from any to any dst-port 443 in
$IPFW add 02110 allow tcp from any to any dst-port 5297 in
$IPFW add 02120 allow tcp from any to any dst-port 5298 in

#$IPFW add 03000 allow all from $PARALLELS_NET to any via $PARALLELS_IF in
#$IPFW add 03010 allow all from any to $PARALLELS_NET via $PARALLELS_IF out

$IPFW add 12190 deny tcp from any to any
$IPFW add 65535 allow all from any to any

sysctl -w net.inet.ip.forwarding=1

I run it manually when needed.

Tags: , , , , ,

 
  
 

  • Calender

    May 2008
    M T W T F S S
    « Apr   Jun »
     1234
    567891011
    12131415161718
    19202122232425
    262728293031  

  • Twitter

    Powered by Twitter Tools

  • RSS Delicious feed

  • Archives