Enable Internet Sharing via Terminal

[P2iM-0]

I've been searching on and off for a solution to enable Internet Sharing via Terminal for some time. I think the main reason I haven't found anything is because I'm having a hard time finding anyone else with the need to enable services without using OS X's GUI.

 

So here's the deal:

I've got a work-issued 4th Gen Macbook Pro that's been slightly locked down by our Helpdesk to prevent idiotic users from turning on (and leaving on) services that could create security holes. So the entire "Sharing" preference pane has been locked out. Although the preference pane is disabled it still seems that some services are able to be activated manually. I'm able to enable Apache and SSHd by using launching their daemons, but I'm curious if anyone knows the Terminal equivalent of how to enable Internet Sharing?

 

I don't need any lectures about "the Sharing preference pane is disabled for a reason", etc. I'm only planning on using this in my apartment as a wireless bridge for various purposes, I realize the security risks, and it'll be disabled before my machine even goes near our corporate network. I'm very familiar with Linux, but not too sure what kind of launcher Apple uses to get all the necessary processes (DNS, DHCP, etc) started and working together to get Internet Sharing to work; I'm sure all could be launched and configured manually...but that defeats the whole feel to a nice simple OS X'ish solution.

 

Thanks in advance,

P2

 

p.s. -- also curious if it's possible to enable "Bluetooth Sharing" via Terminal so I can Bluetooth files from my Cell to my MBP.

[aprodigy]

cannot verify what i'm going to write now, since my system here at work lacks a second iface but oh well, in theory it shouldn't be much more than this.

however, it's just not a simple service that enables internet sharing... it's more a combination of different things and YOU HAVE TO BE ROOT TO DO THIS. anyway, here you go:

 

/usr/sbin/sysctl -w net.inet.ip.forwarding=1

- turns on the ip_forwarding kernel capability

 

/usr/sbin/natd -same_ports -use_sockets -log -deny_incoming -interface en0

- starts the natd service with the aliasing-iface 'en0'

 

/sbin/ipfw add divert natd ip from any to any via en0

- divert packets that match this rule here

 

of course, you'll have to use a different interface (exchange 'en0' (lan) with the interface you want to share, e.g. 'en1' for your airport et cetera).

 

just for your information: linux doesn't make much use of a natd. instead turning on ip_forwarding and setting up a simple iptables-masquerading rule like this is completely enough: /sbin/iptables -a postrouting -t nat -o eth0 -j masquerade

 

regarding bluetooth, dunno though but i expect it to be the same but changing the interface names around