DHCP server in Parallels host-only network

While trying to create a Debian preseeding environment in Parallels, I came across the fact that when you enable Mac OS X connection sharing, it starts it's own dhcp (or rather, bootp) service. If that service recognises another dhcp/bootp server in the network, it bails out and deactivates connection sharing. That last is terribly annoying, since I want to run my own dhcp server from the preseed-provisioning server.

The solution is to run the following script, which makes sure forwarding is enabled in the kernel and in ipfw (the MacOSX firewall). I found a good solution in in an older article on a blog called collectivity. The script is this (host-only network is 10.37.129.0/24 with .1 being my Mac OS X host machine):

!/bin/sh

DEFROUTE_IF=/usr/sbin/netstat -rn | /usr/bin/awk '/^default/ {print $6;}'

NATD=/usr/sbin/natd

NATD_OPTIONS="-log -log_denied -use_sockets -same_ports -interface $DEFROUTE_IF"

IPFW=/sbin/ipfw

LOOPBACK="lo*"

PUBLIC_IF="$DEFROUTE_IF"

PARALLELS_IF=en2

PARALLELS_NET="10.37.129.0/24"

start natd

$NATD $NATD_OPTIONS

divert traffic before anything else

$IPFW add 01000 divert natd all from $PARALLELS_NET to any out via $PUBLIC_IF

$IPFW add 01010 divert natd all from any to any in via $PUBLIC_IF

standard mac os x firewall stuff

$IPFW add 02000 allow ip from any to any via $LOOPBACK

$IPFW add 02010 deny ip from 127.0.0.0/8 to any in

$IPFW add 02020 deny ip from any to 127.0.0.0/8 in

$IPFW add 02030 deny ip from 224.0.0.0/3 to any in

$IPFW add 02040 deny tcp from any to 224.0.0.0/3 in

$IPFW add 02050 allow tcp from any to any out

$IPFW add 02060 allow tcp from any to any established

$IPFW add 02070 allow tcp from any to any dst-port 22 in

$IPFW add 02070 allow ip from any to any dst-port 53 in

$IPFW add 02080 allow tcp from any to any dst-port 80 in

$IPFW add 02090 allow tcp from any to any dst-port 427 in

$IPFW add 02100 allow tcp from any to any dst-port 443 in

$IPFW add 02110 allow tcp from any to any dst-port 5297 in

$IPFW add 02120 allow tcp from any to any dst-port 5298 in

$IPFW add 03000 allow all from $PARALLELS_NET to any via $PARALLELS_IF in

$IPFW add 03010 allow all from any to $PARALLELS_NET via $PARALLELS_IF out

$IPFW add 12190 deny tcp from any to any

$IPFW add 65535 allow all from any to any

sysctl -w net.inet.ip.forwarding=1

I run it manually when needed.

Comments

Comments powered by Disqus