Update: it didn’t seem to work as expected so with a little help of this article I changed to code a bit.
So recently I updated my system to OSX Yosemite. As you might know, I work with Vagrant, and one major aspect for local development is forwarding port 80 of my host machine to port 8080 of my guest machine. But after updating to OSX Yosemite this didn’t work anymore. Here’s why, and how to fix it:
ipfw = gone
The main problem was that I forwarded my ports with the ipfw -command, and since OSX Yosemite, this command is gone. So after some research I came across this article, which explained my how to setup port forwarding on OSX.
The first thing to do is create the file /etc/pf.anchors/com.vagrant and put the following code in it:
|
1 2 |
rdr pass on lo0 inet proto tcp from any to 127.0.0.1 port 80 -> 127.0.0.1 port 8080 rdr pass on lo0 inet proto tcp from any to 127.0.0.1 port 443 -> 127.0.0.1 port 8443 |
Don’t forget the extra end-line character. To execute this forwarding rule execute the following command in the shell:
|
1 |
pfctl -ef /etc/pf.anchors/com.vagrant |
To have it loaded automatically on system boot, edit /etc/pf.conf and add the following rule to the end of this file:
|
1 |
load anchor "com.vagrant" from "/etc/pf.anchors/com.vagrant" |
Also edit /System/Library/LaunchDaemons/com.apple.pfctl.plist and add the -e flag to the arguments array (in the ProgramArguments -key) to enable pfctl on startup:
|
1 2 3 4 5 6 |
<key>ProgramArguments</key> <array> <string>pfctl</string> <string>-ef</string> <string>/etc/pf.conf</string> </array> |
That’s it! Your ports are now forwarded correctly. Special thanks go out to Nicholas Graham and Salvatore Garbesi for their input.
Visitors give this article an average rating of 3.5 out of 5.
How would you rate this article?
★ ★ ★ ★ ★
Thank you for sharing!
You should use “sudo” before executing the port forwarding rule:
sudo pfctl -f /etc/pf.anchors/com.vagrant
Ignore this warning: “pfctl: Use of -f option, could result in flushing of rules”.
Yes, thanks for sharing, it was quite useful to me !
Nice to hear that it helped you!
there was no -e in ProgramArguments, and -f was already there…
You’re absolutely right, that’s a small typo. You need to add the
-eflag. I’ve updated the article.Brilliant walk-thru. I love posts like this 🙂
The only issue I have is that the ports aren’t forwarded after a reboot, despite following your steps to the letter. After a reboot, all the files are still there and correct.
If I do this again after the boot, it works:
sudo pfctl -ef /etc/pf.anchors/com.vagrant
I have to sudo tho. Could that be it? Could there be anything else preventing it coming back?
Thanks Giel.
Yeah I noticed that too! I hope to be able to post a solution to that problem soon.
To have the ports forwarded after a boot or reboot, install this:
vagrant plugin install vagrant-triggers
Then add the following to your vagrant file:
config.trigger.after [:provision, :up, :reload] do
system(‘echo ”
rdr pass on lo0 inet proto tcp from any to 127.0.0.1 port 80 -> 127.0.0.1 port 8080
rdr pass on lo0 inet proto tcp from any to 127.0.0.1 port 443 -> 127.0.0.1 port 4443
” | sudo pfctl -ef – > /dev/null 2>&1; echo “==> Fowarding Ports: 80 -> 8080, 443 -> 4443 & Enabling pf”‘)
end
config.trigger.after [:halt, :destroy] do
system(“sudo pfctl -df /etc/pf.conf > /dev/null 2>&1; echo ‘==> Removing Port Forwarding & Disabling pf'”)
end