photo credit: Daquella manera via photopin cc

Fixing Vagrant port forwarding on OSX Yosemite

Tags: , ,

Update: it didn’t seem to work as expected so with a little help of this article I changed to code a bit.
So recently I updated my system to OSX Yosemite. As you might know, I work with Vagrant, and one major aspect for local development is forwarding port 80 of my host machine to port 8080 of my guest machine. But after updating to OSX Yosemite this didn’t work anymore. Here’s why, and how to fix it:

ipfw = gone

The main problem was that I forwarded my ports with the ipfw -command, and since OSX Yosemite, this command is gone. So after some research I came across this article, which explained my how to setup port forwarding on OSX.
The first thing to do is create the file /etc/pf.anchors/com.vagrant  and put the following code in it:

Don’t forget the extra end-line character. To execute this forwarding rule execute the following command in the shell:

To have it loaded automatically on system boot, edit /etc/pf.conf  and add the following rule to the end of this file:

Also edit /System/Library/LaunchDaemons/com.apple.pfctl.plist  and add the -e  flag to the arguments array (in the ProgramArguments -key) to enable pfctl on startup:

That’s it! Your ports are now forwarded correctly. Special thanks go out to Nicholas Graham and Salvatore Garbesi for their input.

Visitors give this article an average rating of 3.5 out of 5.

How would you rate this article?

8 thoughts on “Fixing Vagrant port forwarding on OSX Yosemite”

  1. marcobax22 says:

    Thank you for sharing!

    You should use “sudo” before executing the port forwarding rule:
    sudo pfctl -f /etc/pf.anchors/com.vagrant
    Ignore this warning: “pfctl: Use of -f option, could result in flushing of rules”.

  2. Julien says:

    Yes, thanks for sharing, it was quite useful to me !

    1. Giel Berkers says:

      Nice to hear that it helped you!

  3. Drew says:

    there was no -e in ProgramArguments, and -f was already there…

    1. Giel Berkers says:

      You’re absolutely right, that’s a small typo. You need to add the -e flag. I’ve updated the article.

  4. Will says:

    Brilliant walk-thru. I love posts like this 🙂
    The only issue I have is that the ports aren’t forwarded after a reboot, despite following your steps to the letter. After a reboot, all the files are still there and correct.
    If I do this again after the boot, it works:
    sudo pfctl -ef /etc/pf.anchors/com.vagrant
    I have to sudo tho. Could that be it? Could there be anything else preventing it coming back?
    Thanks Giel.

    1. Giel Berkers says:

      Yeah I noticed that too! I hope to be able to post a solution to that problem soon.

    2. marcobax22 says:

      To have the ports forwarded after a boot or reboot, install this:

      vagrant plugin install vagrant-triggers

      Then add the following to your vagrant file:

      config.trigger.after [:provision, :up, :reload] do
      system(‘echo ”
      rdr pass on lo0 inet proto tcp from any to port 80 -> port 8080
      rdr pass on lo0 inet proto tcp from any to port 443 -> port 4443
      ” | sudo pfctl -ef – > /dev/null 2>&1; echo “==> Fowarding Ports: 80 -> 8080, 443 -> 4443 & Enabling pf”‘)

      config.trigger.after [:halt, :destroy] do
      system(“sudo pfctl -df /etc/pf.conf > /dev/null 2>&1; echo ‘==> Removing Port Forwarding & Disabling pf'”)

Leave a Reply to Will Cancel reply