Vagrant Port Forwarding (8080 -> 80, 8443 -> 443) with
pf on OSX Mavericks/Yosemite
This guide is a fork from this gist.
Since Mavericks stopped using the deprecated
ipfw (as of Mountain Lion), we'll be using
pf to allow port forwarding.
1. Create the anchor file
Create an anchor file under
/etc/pf.anchors/com.vagrant with your redirection rule like:
rdr pass on lo0 inet proto tcp from any to any port 80 -> 127.0.0.1 port 8080 rdr pass on lo0 inet proto tcp from any to any port 443 -> 127.0.0.1 port 8443 rdr pass on en0 inet proto tcp from any to any port 80 -> 127.0.0.1 port 8080 rdr pass on en0 inet proto tcp from any to any port 443 -> 127.0.0.1 port 8443
note the trailing whitespace is important
lo0 entries are for local requests, and the
en0 entries are for external requests (like if you're testing from another computer or mobile device on the network).
2. Test the anchor file
Parse and test your anchor file to make sure there are no errors:
sudo pfctl -vnf /etc/pf.anchors/com.vagrant
3. Reference the anchor in pf.conf
/etc/pf.conf is the main configuration file that
pf loads at boot.
We'll need to load the anchor file we previously created:
rdr-anchor "com.vagrant" load anchor "com.vagrant" from "/etc/pf.anchors/com.vagrant"
Make sure to add these entries to the appropriate spot, like:
scrub-anchor "com.apple/*" nat-anchor "com.apple/*" rdr-anchor "com.apple/*" rdr-anchor "com.vagrant" # Port forwarding for Vagrant dummynet-anchor "com.apple/*" anchor "com.apple/*" load anchor "com.apple" from "/etc/pf.anchors/com.apple" load anchor "com.vagrant" from "/etc/pf.anchors/com.vagrant" # Port forwarding for Vagrant
4. Load and enabling pf
pf is enabled by default in Yosemite, so if the above doesn't work, reload pf by running the following:
sudo pfctl -ef /etc/pf.conf
There is the possibility that
pf.conf will be overriden with updates to the OS. It might be best to create your own pf config file and load them in additon to the main
pf.conf to prevent this.