-
-
Save pylebecq/c9500a4dfd8c890ace16 to your computer and use it in GitHub Desktop.
Revisions
-
kujohn revised this gist
Oct 30, 2013 . 1 changed file with 4 additions and 3 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -8,7 +8,6 @@ Since Mavericks stopped using the deprecated `ipfw` (as of Mountain Lion), we'll ####1. anchor file Create an anchor file under `/etc/pf.anchors/<anchor file>` with your redirection rule like: ``` rdr pass on lo0 inet proto tcp from any to 127.0.0.2 port 80 -> 127.0.0.1 port 40070 ``` @@ -20,12 +19,14 @@ sudo pfctl -vnf <anchor file> ####3. Reference the anchor in pf.conf `/etc/pf.conf` is the main configuration file that `pf` loads at boot. We'll need to load the anchor file we previously created: ``` rdr-anchor "forwarding" load anchor "forwarding" from "/etc/pf.anchors/<anchor file>" ``` Make sure to add these entries to the appropriate spot. ####4. Load and enabling pf `pf` is not enabled by default in Mavericks, few ways to enable this: -
Oct 29, 2013 . 1 changed file with 0 additions and 0 deletions.There are no files selected for viewing
File renamed without changes. -
Oct 29, 2013 . 1 changed file with 0 additions and 0 deletions.There are no files selected for viewing
File renamed without changes. -
Oct 29, 2013 . 1 changed file with 19 additions and 15 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -2,10 +2,11 @@ ---- Since Mavericks stopped using the deprecated `ipfw` (as of Mountain Lion), we'll be using `pf` to allow port forwarding. ####1. anchor file Create an anchor file under `/etc/pf.anchors/<anchor file>` with your redirection rule like: ``` rdr-anchor "forwarding" rdr pass on lo0 inet proto tcp from any to 127.0.0.2 port 80 -> 127.0.0.1 port 40070 @@ -14,34 +15,34 @@ rdr pass on lo0 inet proto tcp from any to 127.0.0.2 port 80 -> 127.0.0.1 port 4 ####2. Test the anchor file Parse and test your anchor file to make sure there are no errors: ``` sudo pfctl -vnf <anchor file> ``` ####3. Reference the anchor in pf.conf `/etc/pf.conf` is the main configuration file that `pf` loads at boot. We'll need to tell it to load the anchor we previously created: ``` anchor "forwarding" load anchor "forwarding" from "/etc/pf.anchors/<anchor file>" ``` ####4. Load and enabling pf `pf` is not enabled by default in Mavericks, few ways to enable this: * Manually load and enable from a pf.conf file via `sudo pfctl -ef <pf.conf file>` * Auto enable by creating a launch daemon via [this doc](https://developer.apple.com/library/mac/documentation/macosx/conceptual/bpsystemstartup/Chapters/CreatingLaunchdJobs.html) to run `pfctl -ef <pf.conf file>` on boot. * Auto enable by adding an `-e`(enable) to the `pfctl` ProgramArgument in `/System/Library/LaunchDaemons/com.apple.pfctl.plist` like this: ``` <key>ProgramArguments</key> <array> <string>pfctl</string> <string>-e</string> <string>-f</string> <string>/etc/pf.conf</string> </array> ``` ####5. Forwarding across interfaces By default, `pf` does not forward between interfaces. Here's a snippet from man for `pfctl` with help from [2sidedfigure](https://github.com/2sidedfigure): @@ -54,3 +55,6 @@ We'll need to enable this by adding to `/etc/sysctl.conf`: net.inet.ip.forwarding=1 net.inet6.ip6.forwarding=1 ``` #### Caution There is the possibility that `pf.conf` will be overriden with updates to the OS. It might be best to create your own pf config file and load them in additon to the main `pf.conf` to prevent this. -
Oct 29, 2013 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,56 @@ ### Port Forwarding in Mavericks ---- Since Mavericks deprecated `ipfw`, we'll be using `pf` to allow port forwarding. ####1. anchor file Create an anchor file under `/etc/pf.anchors/<file>` with the following redirection rule: ``` rdr-anchor "forwarding" rdr pass on lo0 inet proto tcp from any to 127.0.0.2 port 80 -> 127.0.0.1 port 40070 ``` ####2. Test the anchor file Parse and test your anchor file to make sure there are no errors: ``` sudo pfctl -vnf <file> ``` ####3. Reference the anchor in pf.conf `/etc/pf.conf` is the main configuration file that `pf` loads at boot. We'll need to tell it to load the anchor we previously created: ``` anchor "forwarding" load anchor "forwarding" from "/etc/pf.anchors/<file>" ``` ####4. Load and enabling pf `pf` is not enabled by default in Mavericks, few ways to enable this: * Manually load and enable from a pf.conf file via `sudo pfctl -ef <file>` * Auto enable by creating a launch daemon via [this doc](https://developer.apple.com/library/mac/documentation/macosx/conceptual/bpsystemstartup/Chapters/CreatingLaunchdJobs.html) to run `pfctl -ef <file>` on boot. * Auto enable by adding an `-e`(enable) to the `pfctl` ProgramArgument in `/System/Library/LaunchDaemons/com.apple.pfctl.plist` like this: ``` <key>ProgramArguments</key> <array> <string>pfctl</string> <string>-e</string> <string>-f</string> <string>/etc/pf.conf</string> </array> ``` ####5. Forwarding across interfaces By default, `pf` does not forward between interfaces. Here's a snippet from man for `pfctl` with help from [2sidedfigure](https://github.com/2sidedfigure): ``` The packet filter does not itself forward packets between interfaces. Forwarding can be enabled by setting the sysctl(8) variables net.inet.ip.forwarding and/or net.inet6.ip6.forwarding to 1. Set them permanently in sysctl.conf(5). ``` We'll need to enable this by adding to `/etc/sysctl.conf`: ``` net.inet.ip.forwarding=1 net.inet6.ip6.forwarding=1 ```