在 Mac OS 10.11 (El Capitan) 上使用 pfctl 转发端口 [英] Using pfctl on Mac OS 10.11 (El Capitan) to forward ports
问题描述
我目前正在测试我的开发环境是否可以在即将推出的新 Mac OS 10.11 上运行,以及我是否可以在它发布后立即升级.在我的测试机器上,我目前正在运行 Beta Preview 3.一切似乎都运行良好.
I am currently testing if my developing environment will run on the new upcoming Mac OS 10.11 and if I can upgrade as soon as it's released. On my test machine I am currently running the Beta Preview 3. Everything seems to be running fine.
我只能让 pfctl 转发我的端口.我使用 Vagrant 和 Parallels Desktop 为我的本地 Web 服务器运行 Debian 系统.Vagrant 将主机上的 8080 端口转发到来宾上的 80.所以 127.0.0.1:8080 工作正常.但是在某些项目中,我希望拥有与生产中完全相同的本地域.(没有:8080)而且我更喜欢它.;-)
I just can get pfctl to forward my ports. I use Vagrant and Parallels Desktop to run a Debian system for my local web server. Vagrant forwards port 8080 on the host to 80 on the guest. So 127.0.0.1:8080 works fine. But in some projects I want to have the exact same domain local as it will be in production. (without the :8080) Also I just like it more. ;-)
为此,我使用 pfctl 在主机上将 80 转发到 8080.这是我的配置文件:
To do that I use pfctl to forward 80 to 8080 on the host. Here are my config files:
~/port-forwarding/pf.conf
rdr-anchor "forwarding"
load anchor "forwarding" from "/Users/nick/port-forwarding/rules.conf"
~/port-forwarding/rules.conf
rdr pass on lo0 inet proto tcp from any to any port 80 -> 127.0.0.1 port 8080
rdr pass on lo0 inet proto tcp from any to any port 443 -> 127.0.0.1 port 4433
要启用它,我运行:
sudo pfctl -vnf ~/port-forwarding/pf.conf
sudo pfctl -evf ~/port-forwarding/pf.conf
这给了我这个:
pfctl: Use of -f option, could result in flushing of rules
present in the main ruleset added by the system at startup.
See /etc/pf.conf for further details.
rdr-anchor "forwarding" all
Loading anchor forwarding from /Users/nick/port-forwarding/rules.conf
rdr pass on lo0 inet proto tcp from any to any port = 80 -> 127.0.0.1 port 8080
rdr pass on lo0 inet proto tcp from any to any port = 443 -> 127.0.0.1 port 4433
pfctl: Use of -f option, could result in flushing of rules
present in the main ruleset added by the system at startup.
See /etc/pf.conf for further details.
No ALTQ support in kernel
ALTQ related functions disabled
rdr-anchor "forwarding" all
Loading anchor forwarding from /Users/nick/port-forwarding/rules.conf
rdr pass on lo0 inet proto tcp from any to any port = 80 -> 127.0.0.1 port 8080
rdr pass on lo0 inet proto tcp from any to any port = 443 -> 127.0.0.1 port 4433
pf enabled
logout
Saving session...completed.
sudo pfctl -s nat 说:
No ALTQ support in kernel
ALTQ related functions disabled
rdr-anchor "forwarding" all
目前看来还不错,我觉得.但它不起作用.
So far it looks good, I think. But it just does not work.
127.0.0.1:80 - 无连接127.0.0.1:8080 - 有效
127.0.0.1:80 - no connection
127.0.0.1:8080 - works
我在 Yosemite 上使用相同的文件,并且在那里工作正常.
I use the same files on Yosemite and it works fine there.
有谁知道 pfctl 的使用方法是否发生了变化,或者我做错了什么,或者是否存在可以报告的错误.
Does anyone know if there's been a change on how to use pfctl or if I am doing something wrong or if there's a bug which can be reported.
非常感谢
尼克
推荐答案
这只适用于 OSX 10.11 - El Capitan - Public Beta 1
在最新的 10.11 测试版中,127.0.0.1 已被阻止.解决方案?使用 127.0.0.2.为此:
In the latest 10.11 beta, 127.0.0.1 is blocked. The solution? Use 127.0.0.2. To do this:
先将127.0.0.2加入loopback别名sudo ifconfig lo0 alias 127.0.0.2 up
First add 127.0.0.2 to the loopback alias
sudo ifconfig lo0 alias 127.0.0.2 up
修改您的 pf 规则以使用新别名.rdr 将 proto tcp 从任何端口传递到任何端口 80 ->127.0.0.2 8080端口
Modify your pf rule to use the the new alias.
rdr pass proto tcp from any to any port 80 -> 127.0.0.2 port 8080
从命令行,不使用文件:
From the command line, without using a file:
echo "rdr pass proto tcp from any port {80,8080} -> 127.0.0.2 port 8080" |pfctl -Ef - <-- 请务必添加最后一个勾号,您正在输入标准输入)
echo "rdr pass proto tcp from any to any port {80,8080} -> 127.0.0.2 port 8080" | pfctl -Ef - <-- Be sure to add this last tick, you're piping in STDIN)
这篇关于在 Mac OS 10.11 (El Capitan) 上使用 pfctl 转发端口的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
