Sustainable Sustworks - Tools for Internet Travel
Inspired Tools for the Mac


IPNetRouterX is a flexible router, firewall, and network utility including NAT with inbound port mapping, a built-in DHCP Server, DNS Server, Ethernet bridging, transparent proxying, load balancing, automatic failover, and bandwidth accounting.

Using IPNetRouterX you can share a network connection among multiple users, provide DHCP service, define names for hosts on your LAN, audit network usage, and secure your LAN against undesirable traffic or network abuse.

IPNetRouterX includes the complete IP filtering engine from IPNetSentryX, extending its flexibility to the entire LAN.

System Requirements: Mac OS X 10.4 - 10.8, Snow Leopard compatible, End-of-Life.

Pricing: Single User $100
Upgrade from IPNetRouter classic $50


Summary of Key Benefits

Compared to UNIX natd and ipfw, the standard Internet sharing and firewall included with Mac OS X, IPNetRouterX offers several advantages:

  • Excellent performance using in kernel single address space AVL search trees.

  • Excellent compatibility. As a shared resource, UNIX ipfw is often configured by multiple programs with conflicting models. IPNetRouterX does not use or depend on ipfw leaving it available for other UNIX software. IPNetRouterX's second generation NAT design includes many refinements not always available in other implementations.

  • Flexible configuration, logging, and notification options.

IPNetRouterX supplements and is fully compatible with Apple's own firewall in OSX while providing additional capability to solve network problems users may encounter.

More Inside Scoop

How is IPNetRouterX different from Apple's built-in Internet sharing which uses UNIX natd, ipfw and IP forwarding?

IPNetRouterX works with the built-in network stack and uses IP forwarding as well, so the primary implementation difference is that IPNetRouterX provides its own NKE (Network Kernel Extension) to provide NAT and IP filtering instead of relying on UNIX natd and ipfw. By providing its own implementation, IPNetRouterX can be faster and more flexible. I'll elaborate a little on each of these below.

How can IPNetRouterX be faster?

UNIX natd is actually a client process which uses an ipfw divert socket to get packets out of the network kernel, translate them, and then re-inject them back into the kernel. This means it must shuffle every packet between different address spaces and wait for the corresponding process to be scheduled. In contrast, IPNetRouterX uses a Network Kernel Extension to perform translation within the network stack itself thus avoiding a huge amount of overhead. If you have a reason to care about network throughput such as serving a large number of users or doing remote backups, this can be significant.

How can IPNetRouterX be more flexible?

With UNIX natd you can't modify port mappings on the fly without restarting natd and thus losing every connection, plus there's no GUI to do this. As a shared resource, UNIX ipfw is often configured by multiple programs with conflicting models. IPNetRouterX does not use or depend on ipfw leaving it available for other UNIX software. Users are sometimes surprised to discover they can't use a firewall and AirPort software base station at the same time, or that the software base station doesn't remain configured after restarting, or they can't choose address ranges for DHCP or specific LAN segments. IPNetRouterX doesn't have these limitations.

IPNetRouterX includes Traffic Discovery to let you see how your network is being used.

IPNetRouterX includes Ethernet Bridging for setting up transparent firewalls.

IPNetRouterX includes Load Balancing and Automatic Failover to use multiple ISP connections.

IPNetRouterX is being actively developed and maintained for Macintosh users and is intended to solve problems other low cost solutions don't address. UNIX natd and ipfw were developed long before the Macintosh graphical User Interface came to the Internet. While Apple has done a good job of creating a simple GUI for configuring Internet sharing, it is designed for the most common 80% case of surfing the web from multiple hosts behind a single public IP address. If your needs are more complicated, Apple expects you to configure it yourself or use a 3rd party solution. IPNetRouterX provides a cost effective alternative.

Index of Key Features






Click here for the Classic-only version of IPNetRouter.

Built for performance on any Mac