Mac OS X Server 10.5: Using NATd to turn the Server into a Router

There are certain aspects of Mac OS X Server that it just isn’t that great at.  One of them is acting as a router.  It’s just a fact that an appliance by SonicWALL, Cisco, Watchguard and sometimes LinkSys will run circles around the speed and feature set of Mac OS X Server.  So with that in mind, let’s look at how you would go about configuring a basic port forward on OS X Server if you decided not to listen to me on this point…  😉 You can use the /etc/net/natd.plist.  The key you’ll want to edit is the redirect_port, one per port or a range of all in one key…  Basically the array would look something like this assuming you were trying to forward afp traffic to from a WAN IP of <key>redirect_port</key> <array>     <dict>     <key>proto</key>         <string>TCP</string>     <key>targetIP</key>         <string></string>     <key>TargetPortRange</key>         <string>548</string>     <key>aliasIP</key>         <string></string>     <key>aliasPortRange</key>         <string>548</string>     </dict> </array>   You could also use the route command or ipfw depending on exactly what you’re trying to do with this thing.  Route is going to be useful if you’re trying to respond to network traffic over a different interface than the default interface.


You can use the command line tool opfw to set open firmware passwords.  It is available for download over at  You can also use opfw to mass deploy open firmware passwords, which is basically what NetRestore does when you use their setting for this.

Mac OS X: Require Password at Single User Mode

By default, Mac OS X will simply give you a shell when you perform a Single User Mode startup.  However, you can force OS X to ask for a password in order to gain shell access.  To do so, vi the /etc/ttys and change secure to insecure.  Once you have done so, create a password in /etc/master.passwd for root.