在Mac OS 10.11(El Capitan)上使用pfctl转发端口 [英] Using pfctl on Mac OS 10.11 (El Capitan) to forward ports
问题描述
我目前正在测试我的开发环境是否可以在即将推出的新Mac OS 10.11上运行,以及是否可以在其发布后立即进行升级.在我的测试机上,我当前正在运行Beta Preview3.一切似乎都运行良好.
I am currently testing if my developing environment will run on the new upcoming Mac OS 10.11 and if I can upgrade as soon as it's released. On my test machine I am currently running the Beta Preview 3. Everything seems to be running fine.
我只能得到pfctl来转发我的端口.我使用Vagrant和Parallels Desktop为本地Web服务器运行Debian系统. Vagrant将主机上的端口8080转发到来宾上的80.因此127.0.0.1:8080可以正常工作.但是在某些项目中,我希望拥有与生产环境完全相同的本地域. (无:8080)我也更喜欢它. ;-)
I just can get pfctl to forward my ports. I use Vagrant and Parallels Desktop to run a Debian system for my local web server. Vagrant forwards port 8080 on the host to 80 on the guest. So 127.0.0.1:8080 works fine. But in some projects I want to have the exact same domain local as it will be in production. (without the :8080) Also I just like it more. ;-)
为此,我使用pfctl在主机上将80转发到8080.这是我的配置文件:
To do that I use pfctl to forward 80 to 8080 on the host. Here are my config files:
〜/port-forwarding/pf.conf
rdr-anchor "forwarding"
load anchor "forwarding" from "/Users/nick/port-forwarding/rules.conf"
〜/port-forwarding/rules.conf
rdr pass on lo0 inet proto tcp from any to any port 80 -> 127.0.0.1 port 8080
rdr pass on lo0 inet proto tcp from any to any port 443 -> 127.0.0.1 port 4433
要启用它,我运行:
sudo pfctl -vnf ~/port-forwarding/pf.conf
sudo pfctl -evf ~/port-forwarding/pf.conf
这给了我这个
pfctl: Use of -f option, could result in flushing of rules
present in the main ruleset added by the system at startup.
See /etc/pf.conf for further details.
rdr-anchor "forwarding" all
Loading anchor forwarding from /Users/nick/port-forwarding/rules.conf
rdr pass on lo0 inet proto tcp from any to any port = 80 -> 127.0.0.1 port 8080
rdr pass on lo0 inet proto tcp from any to any port = 443 -> 127.0.0.1 port 4433
pfctl: Use of -f option, could result in flushing of rules
present in the main ruleset added by the system at startup.
See /etc/pf.conf for further details.
No ALTQ support in kernel
ALTQ related functions disabled
rdr-anchor "forwarding" all
Loading anchor forwarding from /Users/nick/port-forwarding/rules.conf
rdr pass on lo0 inet proto tcp from any to any port = 80 -> 127.0.0.1 port 8080
rdr pass on lo0 inet proto tcp from any to any port = 443 -> 127.0.0.1 port 4433
pf enabled
logout
Saving session...completed.
sudo pfctl -s nat 说:
No ALTQ support in kernel
ALTQ related functions disabled
rdr-anchor "forwarding" all
到目前为止,我认为它看起来不错.但这是行不通的.
So far it looks good, I think. But it just does not work.
127.0.0.1:80-无连接
127.0.0.1:8080-有效
我在优胜美地上使用了相同的文件,在那儿工作正常.
I use the same files on Yosemite and it works fine there.
有人知道使用pfctl的方式是否发生变化,或者我做错了什么,或者是否存在可以报告的错误.
Does anyone know if there's been a change on how to use pfctl or if I am doing something wrong or if there's a bug which can be reported.
非常感谢
尼克
推荐答案
这仅适用于OSX 10.11-El Capitan-公开Beta 1
x-post from: https://superuser.com/questions/938999/osx-10-11-el-capitan-beta-pf-conf-behaviour-changed/943981#943981
x-post from: https://superuser.com/questions/938999/osx-10-11-el-capitan-beta-pf-conf-behaviour-changed/943981#943981
在最新的10.11测试版中,127.0.0.1被阻止.解决方案?使用127.0.0.2.为此:
In the latest 10.11 beta, 127.0.0.1 is blocked. The solution? Use 127.0.0.2. To do this:
首先将127.0.0.2添加到回送别名
sudo ifconfig lo0 alias 127.0.0.2 up
First add 127.0.0.2 to the loopback alias
sudo ifconfig lo0 alias 127.0.0.2 up
修改您的pf规则以使用新别名.
rdr pass proto tcp from any to any port 80 -> 127.0.0.2 port 8080
Modify your pf rule to use the the new alias.
rdr pass proto tcp from any to any port 80 -> 127.0.0.2 port 8080
在命令行中,不使用文件:
From the command line, without using a file:
echo "rdr pass proto tcp from any to any port {80,8080} -> 127.0.0.2 port 8080" | pfctl -Ef -<-务必添加最后一个刻度,因为您使用的是STDIN.
echo "rdr pass proto tcp from any to any port {80,8080} -> 127.0.0.2 port 8080" | pfctl -Ef - <-- Be sure to add this last tick, you're piping in STDIN)
这篇关于在Mac OS 10.11(El Capitan)上使用pfctl转发端口的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
