Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
packet filtering + vagrant

I wanted to rewrite ports on incoming tcp packets (on OSX) on my host machine, so that a web server on a guest vm appears to be running on the host.

Incoming packets on port 80 should get rewritten to 8080, and incoming packets on port 443 should get rewritten to port 8443.

I asked about this on hipchat a few days ago and nobody seemed to know the answer - I recently found it, and so decided to share in case this is useful to anybody.

1: write the rules

Put these rules into a file called vagrant-web-packet-filtering.conf:

loopback = "lo0"
vm_web_http_port = "8080"
vm_web_https_port = "8443"

rdr inet proto tcp \
    from any to any \
    port http -> $loopback port $vm_web_http_port

rdr inet proto tcp \
    from any to any \
    port https -> $loopback port $vm_web_https_port

2: activate them

# enable packet filtering
$ sudo pfctl -e                                   

# load the rules
$ sudo pfctl -f vagrant-web-packet-filtering.conf

3: forward the ports in your Vagrantfile

    ... :forwarded_port, guest: 80, host: 8080 :forwarded_port, guest: 443, host: 8443

when you're done, disable these rules with:

$ sudo pfctl -F all
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment