Is it possible to share internet connection without DHCP?
 

Let me explain what I want to do first. I have a Power Mac G5 that's connected to the internet through a cable modem. What I want to be able to do is share that connection with an iBook (also running 10.3) by connecting it, the G5, and the cable modem to the hub. Since running the usual internet sharing with the DHCP server will broadcast across the whole cable modem network, I'd like to be able to do internet sharing with manual IP addresses.

BrickHouse appears to be able to do this, but I can't get it to work. When I try it, internet sharing seems to be running, but the iBook doesn't see the internet.

Is it possible to do this at all? If a lot of Terminal work is required, can someone give me an outline of what has to be done?

Buy yourself a router. Many less headaches. It'll come with a firewall as a fire, good line of defense, and it'll do all your IP distribution via DHCP or static, your choice. Plus, if you have a WiFi card, you can go wireless with the iBook. NetGear and LinkSys make some pretty good ones for relatively cheap.

or buy another Enthernet Card
Cable-(DHCP)->_en0_G5_en1-(DHCP)->iBook ...

Wait a minute. Your cable modem should already have a router in it, and a DHCP server. So anything you do on your side of the cable modem should stay on your side of the cable modem. You won't be broadcasting anything over the WAN side.

Chris

It's been my experience that most cable modems do not contain built-in routers. This is more common in ADSP modems. The local Cox system assigns IP addresses to multiple computers, but the system immediately drops the connection speed when more than one computer is sensed on the modem. A router isolates the LAN from the modem, maintaining the high speed connection.

Yeah, I already know it can be done with a hardware router, or a second ethernet card, or an airport card. I just want to know if it can be done on the same ethernet card without DHCP. I remember doing this on Classic through IPNetRouter. BrickHouse appears to be able to do it too, but I haven't been able to get it to work yet.

The cable modem doesn't seem to have a router. I use DHCP with it, but I get the same address every time. (well, I haven't experimented that much with it, but the IP has remained the same through several reboots of the computer and modem) It is capable of supporting more then one computer by itself, but you have to buy extra IP addresses from the cable company.

IPNetRouter or something like it is still needed if you don't have a physical router. Software somewhere has to masquerade the second connection to a single IP address. In order to do what you have in mind, you need two IP addresses.

Typically, a second IP address is not nearly as expensive as the first. On the DHCP issue, my IP address hasn't changed in the last four years, but I still have to use DHCP. Cable companies do this for two reasons: first, they don't guarantee that you'll keep that IP address, and second, they use MAC (hardware address) checking to prevent you from using more than one machine if you only pay for one.

I already have two IP addresses. System Preferences in OS X can set this up by itself. There's a DHCP-determineed one for the internet connection, and a manual one set to 192.168.x.1. The iBook also has a 192.168.x.x address. I can use these addresses to communicate between the computers with personal file sharing or SSH. I just haven't been able to get it to share the internet to this address.

While fooling around some in Terminal, I found out that natd did not seem to be getting the traffic as the iBook tried to load a webpage. However, it was catching some broadcast packets from the iBook and aliasing them properly. It seems like I must be missing something about how IP aliasing is handled. Does anyone know anything about this?

natd will only accept private addresses: 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16. Are you setting your private address on to somewhere in the last range - it corresponds to a mask of 255.255.0.0 and your choices are 192.168.0.1 to 192.168.0.254.

Currently, the G5 is both a normal internet IP address given by the cable modem, and 192.168.43.1 manually. The iBook is 192.168.43.2, and is set with .43.1 as it's router.

So, I activate natd with

and then set up ipfw with

After doing this, I watch what natd is doing. It aliases the traffic from the G5 to the internet and back fine. It sees some broadcast traffic from the iBook, but attempts to load a webpage on the iBook don't show anything. It looks like the internet traffic from the iBook isn't going to the G5 for some reason, but I'm not sure why or where it's going.

Have you checked the firewalls for both machines?

Have you tried 192.168.0.1 and 2 as the private addresses?

Tried both. The iBook firewall is off, and checking with ipfw list shows only the one rule that allows everything. The G5 firewall has only the rule/s I installed that divert incoming traffic to natd. Using 192.168.0.x doesn't seem to help either.

I tried it again only diverting icmp to natd so I could watch the traffic more easily. Pings back and forth between the two machines work fine, and are shown in the natd verbose monitor fine. But pings from the iBook to any other address don't show up at all. The iBook has it's router address set to the G5, but the packets don't seem to be going there. When I look in the iBook's System Profiler, the network pane doesn't show a router address at all. I don't get it - is there some kind of server or process that has to be running for the iBook to accept it as a router?

I know this may be obvious but have you tried the internet sharing tab?
On the G5 if you go to netinfo config, dhcp, subnets, it shows the Ip range and the net address and net-mask. If you manually assign a number to the ibook in this range you should be able to connect. The Network internet sharing tab also does the ipfw divert 8668 for you.

Like I described in the starting post and the thread title, what I'm trying to do is to get internet sharing to work without DHCP. The internet sharing tab starts a DHCP server to give out addresses to the client computers, but on a cable modem network, the DHCP server will broadcast over the whole cable modem network, interfering with the cable company's server and all the other users. Therefore, I want to share over a manually-defined network without using DHCP.

No. Isolate your network with a router (that would handle distribution) or a second NIC card.

I disagree with the last part "interfering....". When I turn on a machine in my masqueraded LAN, I can see the send/receive lights on my cable modem twitter as the new machine gets its DHCP address from my gateway. That address is provided by the gateway machine and ignored by my Cable company.

No confusion results - my masqueraded LAN machine gets the address it's been assigned, and my gateway machine asks for an address on a different interface card and gets it's regular address from my ISP. Your easiest solution, if you don't have one, is to get a second interface card for the gateway machine. Even then, however, the DHCP request will "pass through".

Have you actually tried leaving DHCP turned on, or is it that you are concerned that your ISP will detect two machines?

why not add a firewall rule to prevent udp port 53 packets escaping

See post #6.

BTW, port 53 is DNS.

Okay, after a lot of fiddling around, I have discovered something useful. In the dhcp directory in NetInfo, you can add an "allow" statement with a MAC address, and then the DHCP server will only reply to requests from those MAC addresses. This means that the DHCP server can be run on the same interface as the internet connection without interfering with it.

Also, I remember some requests on here for MAC address filtering when sharing an internet connection over wireless. While ipfw won't do it, this should.

Unfortunately, while the iBook can get it's IP over DHCP, the connection sharing still doesn't work. I'll have to work on that some more...

Duhhhhhhh...

All I had to do was open the firewall to the local network. Works fine now. :)

Been there, done that, don't feel bad. Someday some genius will develop a single GUI that shows you everything you need to know about your connections.
Until then, it's always one more thing.