费了半天劲，算是搞定了。

废话不多说，直接看命令吧！（好吧，其实这个是系统启动项目脚本（在/Library/StartupItems里面））

#!/bin/sh

. /etc/rc.common

function enipfw() #添加防火墙规则
{
    ipfw -f flush
    ipfw add allow all from any to me ssh
    ipfw allow all from any to me http
    ipfw allow all from any to me https
    ipfw add allow all from any to me openvpn
    ipfw add allow all from any to me ftp
    ipfw add 90 allow all from any to me 5900
    ipfw add divert natd all from any to any via en0
    ipfw add pass all from any to any
}

ConsoleMessage "NATD SYSTEM START ITEM."

  case $1 in
    start)
      ConsoleMessage "Starting NATD"
      sysctl -w net.inet.ip.forwarding=1 #设置网关
      natd -s -m -d -n en0 -dynamic #启动Nat
      enipfw
      sysctl -w net.inet.ip.fw.enable=1 #开启防火墙
      ;;
    stop)
      ConsoleMessage "Stopping NATD"
      sysctl -w net.inet.ip.forwarding=0
      killall natd
      ipfw -f flush
      sysctl -w net.inet.ip.fw.enable=0
      ;;
    restart)
      ConsoleMessage "Restarting NATD"
      killall natd
      sleep 10
      sysctl -w net.inet.ip.forwarding=1
      enipfw
      sysctl -w net.inet.ip.fw.enable=1
      ;;
  esac

如果你想让它随机启动，那么可以这么办

在/Library/StartupItems目录下建立目录NATD

在NATD目录下新建NATD文件，内容为以上内容。

在NATD目录先新建配置文件(StartupParameters.plist),内容如下：

{
  Description     = "NATD";
  Provides        = ("NATD");
  Requires        = ("Network");
  OrderPreference = "none";
  Messages        =
    {
      start       = "Starting NATD";
      stop        = "Stopping NATD";
      restart     = "Restarting NATD";
    };
}

OK, 完成以上工作可以修复文件夹权限并启动NATD服务了。

sudo chown -R 0:0 /Library/StartupItems/NATD #修复所有者
sudo chmod -R 755 /Library/StartupItems/NATD #修复权限
sudo SystemStarter -vd start NATD #启动服务