First, thanks for putting this together.
Just a quick FYI, the script "as is" doesn't work for me. It just deletes the existing entries in the network table -- but I found a way to make it work, even if it's not "automagically" - see below:
What I mean, before running the script, as per the instructions in https://communities.vmware.com/t5/VMware-Fusion-Discussions/Share-host-VPN-with-guest/td-p/2301323/highlight/true I get:
% sudo pfctl -a com.apple.internet-sharing/shared_v4 -s nat 2>/dev/null Password: nat on en0 inet from 172.16.220.0/24 to any -> (en0:0) extfilter ei nat on en8 inet from 172.16.220.0/24 to any -> (en8:0) extfilter ei no nat on bridge100 inet from 172.16.220.1 to 172.16.220.0/24
Then I run
./update-nat.pyand then the same command returns empty:
% ./update-nat.py NAT rules updated! % sudo pfctl -a com.apple.internet-sharing/shared_v4 -s nat 2>/dev/null %
So it appears to be doings something wrong at the moment of updating.
Exploring the options of the command, I found a way to leverage the script using `./update-nat.py -o, thanks!
Make a backup of the rules (in case we mess it up!):
% sudo pfctl -a com.apple.internet-sharing/shared_v4 -N -f newrules.conf 2>/dev/null
Use the script to generate the rules that it would create automatically:
./update-nat.py -o > newrules.conf.upd
Import the new rules, replacing the "old" ones:
% sudo pfctl -a com.apple.internet-sharing/shared_v4 -N -f newrules.conf.upd
The resulting set of rules allows the VM to access the systems on the VPN!!
(I also believe that the
newrules.conf.updrule set generated instep 2, will probably the valid even after machine reboots - I mean, the rules look generic enough that would cover any VMs being booted up.. but I have't tried it, TBH)
So thanks a million for putting this together!!