• First, thanks for putting this together.

    Just a quick FYI, the script "as is" doesn't work for me. It just deletes the existing entries in the network table -- but I found a way to make it work, even if it's not "automagically" - see below:

    The error:

    What I mean, before running the script, as per the instructions in https://communities.vmware.com/t5/VMware-Fusion-Discussions/Share-host-VPN-with-guest/td-p/2301323/highlight/true I get:

     % sudo pfctl -a com.apple.internet-sharing/shared_v4 -s nat 2>/dev/null
    Password:
    nat on en0 inet from 172.16.220.0/24 to any -> (en0:0) extfilter ei
    nat on en8 inet from 172.16.220.0/24 to any -> (en8:0) extfilter ei
    no nat on bridge100 inet from 172.16.220.1 to 172.16.220.0/24

    Then I run ./update-nat.py and then the same command returns empty:

    % ./update-nat.py
    NAT rules updated!
    % sudo pfctl -a com.apple.internet-sharing/shared_v4 -s nat 2>/dev/null
    %

    So it appears to be doings something wrong at the moment of updating.

    The workaround:

    Exploring the options of the command, I found a way to leverage the script using `./update-nat.py -o, thanks!

    1. Make a backup of the rules (in case we mess it up!):

      % sudo pfctl -a com.apple.internet-sharing/shared_v4 -N -f newrules.conf 2>/dev/null

    2. Use the script to generate the rules that it would create automatically:

      ./update-nat.py -o > newrules.conf.upd

    3. Import the new rules, replacing the "old" ones:

      % sudo pfctl -a com.apple.internet-sharing/shared_v4 -N -f newrules.conf.upd

    The resulting set of rules allows the VM to access the systems on the VPN!!

    (I also believe that the newrules.conf.upd rule set generated instep 2, will probably the valid even after machine reboots - I mean, the rules look generic enough that would cover any VMs being booted up.. but I have't tried it, TBH)

    So thanks a million for putting this together!!

Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment