yarshure yarshure - 3 months ago 36
iOS Question

how to config NAT-pmp on os x to support utun device?

I use SimepleTunnel project , iPhone app PacketTunel extion work with tunnel_server , but tunnel_server writev packet to kerel , how config pf to NAT traffic and the packets can route to Internet?

Mac OS X system Internetshare use /usr/libexec/natpmpd , this app only support ethernet device, can't support ip tunnel device


vpn_net = ""
ext_if = "en0"
nat on en0 from $vpn_net to any -> (en0)

check pf state

rMBP:etc root# pfctl -sa
No ALTQ support in kernel
ALTQ related functions disabled
nat on en0 inet from to any -> (en0) round-robin

I use tcpdump check write status

tcpdump -i utun0 and found to my dnsserver, but no dnserver replay to

14:02:46.467038 IP > 38998+ A? guzzoni.apple.com. (35)
14:02:46.467877 IP > 59621+ A? www.apple.com. (31)
14:02:53.068894 IP > 52069+ A? apple.com. (27)
14:02:53.069427 IP > 38998+ A? guzzoni.apple.com. (35)
14:02:53.070072 IP > 59621+ A? www.apple.com. (31)
14:03:05.456122 IP > 52069+ A? apple.com. (27)
14:03:05.456653 IP > 38998+ A? guzzoni.apple.com. (35)
14:03:05.457140 IP > 59621+ A? www.apple.com. (31)

how to configuring pf let utun packet to NAT traffic ?

nat-anchor "simpleTunnel" 
load anchor "simpleTunnel" from "/etc/pf.anchors/simpleTunnel"
add upper lines to /etc/pf.conf

edit pf.anchors/simpleTunnel ,add

nat on en0 from to any -> en0 


sudo sysctl net.inet.ip.forwarding=1  
sudo sysctl net.inet.ip.fw.enable=1  
sudo pfctl -evf /etc/pf.conf  

refer develop forum