by

Port Forwarding in Mac OS Yosemite

When upgrading to Yosemite (Mac OSX 10.10), be aware that port forwarding using ipfw is no longer supported.
But we can overcome this issue using pf

For example when using Eclipse Tomcat as development server, you may want to forward all the port from 80 to 8080 and 443 to 8443, here's the step:

1. Create Forwarding Rule

sudo vim /etc/pf.anchors/eclipse.tomcat.forwarding
rdr pass on lo0 inet proto tcp from any to 127.0.0.1 port 80 -> 127.0.0.1 port 8080
rdr pass on lo0 inet proto tcp from any to 127.0.0.1 port 443 -> 127.0.0.1 port 8443

The code above forward all incoming tcp request to 127.0.0.1 port 80 to 127.0.0.1 port 8080, and all incoming tcp request to 127.0.0.1 port 443 to 127.0.0.1 port 8443.

2. Reference the rule in Port Forwarding config

The original for this reference is /etc/pf.conf
But i suggest you to create new file because mac updates usually overwrite this file by default.

Create /etc/pf-tomcat.conf

sudo vim /etc/pf-tomcat.conf

Put this line:

rdr-anchor "forwarding"
load anchor "forwarding" from "/etc/pf.anchors/eclipse.tomcat.forwarding"
 

Note: put empty newline in the bottom of the file, or it won't work

3. Apply the Rule

sudo pfctl -ef /etc/pf-tomcat.conf

Done!


Special Case for Tomcat

In some case, after the port forwarding rule is started, tomcat cannot be started on port 8080 and 8443. Or another case is, tomcat is already started but always showing status as "starting". My assumption is it was caused by port conflicts between tomcat and pfctl.

Just apply this rule:

sudo vim /etc/pf.anchors/eclipse.tomcat.forwarding
rdr pass on lo0 inet proto tcp from any to 127.0.0.1 port 443 -> 127.0.0.1 port 8443 
rdr pass on lo0 inet proto tcp from any to 127.0.0.1 port 8443 -> 127.0.0.1 port 8443 
rdr pass on lo0 inet proto tcp from any to 127.0.0.1 port 80 -> 127.0.0.1 port 8080 
rdr pass on lo0 inet proto tcp from any to 127.0.0.1 port 8080 -> 127.0.0.1 port 8080 

or just change the rule as...

rdr pass on lo0 inet proto tcp from any to 127.0.0.1 port { 443 8443 } -> 127.0.0.1 port 8443 
rdr pass on lo0 inet proto tcp from any to 127.0.0.1 port { 80 8080 } -> 127.0.0.1 port 8080

reference: http://www.myeclipseide.com/PNphpBB2-printview-t-30466-start-15.html


4. Stop the port forwarding rules

If you can start, you should be able to stop too.
Here's how to stop the port forwarding rules we have defined above.

sudo pfctl -d

To flush all NAT, filter, state, and table rules and reload the default /etc/pf.conf.

pfctl -F all -f /etc/pf.conf

Enjoy

MacOS