Skip to content

Instantly share code, notes, and snippets.

@hdgarrood

hdgarrood/vagrant-packet-filtering.md

Last active August 29, 2015 14:05
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save hdgarrood/a9bffb1477e1d111812b to your computer and use it in GitHub Desktop.
Save hdgarrood/a9bffb1477e1d111812b to your computer and use it in GitHub Desktop.
Download ZIP
packet filtering + vagrant
Raw
vagrant-packet-filtering.md

I wanted to rewrite ports on incoming tcp packets (on OSX) on my host machine, so that a web server on a guest vm appears to be running on the host.

Incoming packets on port 80 should get rewritten to 8080, and incoming packets on port 443 should get rewritten to port 8443.

I asked about this on hipchat a few days ago and nobody seemed to know the answer - I recently found it, and so decided to share in case this is useful to anybody.

1: write the rules

Put these rules into a file called vagrant-web-packet-filtering.conf:

loopback = "lo0"
vm_web_http_port = "8080"
vm_web_https_port = "8443"

rdr inet proto tcp \
    from any to any \
    port http -> $loopback port $vm_web_http_port

rdr inet proto tcp \
    from any to any \
    port https -> $loopback port $vm_web_https_port

2: activate them

# enable packet filtering
$ sudo pfctl -e                                   

# load the rules
$ sudo pfctl -f vagrant-web-packet-filtering.conf

3: forward the ports in your Vagrantfile

    ...
    config.vm.network :forwarded_port, guest: 80, host: 8080
    config.vm.network :forwarded_port, guest: 443, host: 8443
    ...

when you're done, disable these rules with:

$ sudo pfctl -F all
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment