Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Setup transparent proxy with VMware Fusion

Setup transparent proxy with VMware Fusion

  1. Add network (vmnet3) to VMware Fusion
    1. sudo vi /Library/Preferences/VMware\ Fusion/networking
       answer VNET_1_HOSTONLY_SUBNET 172.16.92.0
       answer VNET_1_VIRTUAL_ADAPTER yes
       answer VNET_1_VIRTUAL_ADAPTER_ADDR 172.16.92.1
      +answer VNET_3_DHCP yes
      +answer VNET_3_DHCP_PARAM_DNS_ADDR 172.16.12.1
      +answer VNET_3_DHCP_PARAM_ROUTERS 172.16.12.1
      +answer VNET_3_HOSTONLY_NETMASK 255.255.255.0
      +answer VNET_3_HOSTONLY_SUBNET 172.16.12.0
      +answer VNET_3_NAT yes
      +answer VNET_3_VIRTUAL_ADAPTER yes
      +answer VNET_3_VIRTUAL_ADAPTER_ADDR 172.16.12.1
       answer VNET_8_DHCP yes
       answer VNET_8_DHCP_CFG_HASH 233D9DA58316AF2F99389DF3E1C86B1A08F9D28A
       answer VNET_8_HOSTONLY_NETMASK 255.255.255.0
    2. sudo /Applications/VMware\ Fusion.app/Contents/Library/vmnet-cli --configure
    3. sudo /Applications/VMware\ Fusion.app/Contents/Library/vmnet-cli --start
  2. Setup dnsmasq as DNS server on vmnet3
    1. brew install dnsmasq
    2. mkdir -p /usr/local/var/dnsmasq
    3. In /usr/local/etc/dnsmasq.conf add:
      # Interface
      interface=vmnet3
      except-interface=lo0
      listen-address=172.16.12.1
      
      # DNS server
      # Never forward plain names (without a dot or domain part)
      domain-needed
      # Never forward addresses in the non-routed address spaces.
      bogus-priv
      # Never poll /etc/resolv.conf for changes
      no-poll
      
    4. sudo brew services start dnsmasq
  3. Enable ip forwarding and NAT
    1. In /etc/sysctl.config add:
      net.inet.ip.forwarding=1
      
    2. sudo sysctl net.inet.ip.forwarding=1
    3. In/etc/pf.conf under rdr-anchor “com.apple/*” add:
      nat on en1 proto {tcp, udp} from 172.16.12.0/24 to any -> (en1)
      rdr on vmnet3 inet proto tcp from any to any port 80 -> 127.0.0.1 port 8888
      rdr on vmnet3 inet proto tcp from any to any port 443 -> 127.0.0.1 port 8888
      pass from {lo0, 172.16.12.0/24} to any keep state
      
    4. sudo pfctl -ef /etc/pf.conf
@jzinedine

This comment has been minimized.

Copy link

@jzinedine jzinedine commented Feb 17, 2020

Hey @norio-nomura,
Thanks for your effort writing this gist, I get this error when I change my VM network to vmnet3.

Secure Connection Failed
An error occurred during a connection to whatismyipaddress.com. PR_END_OF_FILE_ERROR

The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.

Appreciate any thoughts on how to resolve it.

@norio-nomura

This comment has been minimized.

Copy link
Owner Author

@norio-nomura norio-nomura commented Feb 18, 2020

This setting implicitly expects some Proxy Server to be listening on 127.0.0.1:8888.
When I wrote this, I would have used Charles Proxy.
Checking the Proxy server logs may reveal the cause.

@jzinedine

This comment has been minimized.

Copy link

@jzinedine jzinedine commented Feb 18, 2020

Thanks @norio-nomura, I have a proxy server listening to the port I specified.
I'll check proxy logs.
BTW sudo /Applications/VMware\ Fusion.app/Contents/Library/vmnet-cli --start works when VM is turned on.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment