Port Forwarding on a Mac

KB Home   |   Port Forwarding on a Mac

Main.MacPortForwarding History

Hide minor edits - Show changes to output

June 08, 2015, at 09:00 PM by Vanessa White - cleared an extra ]
Changed line 32 from:
@@[=rdr pass on en0 inet proto tcp from any to any port 80 -> 127.0.0.1 port 9191=]@@]\\
to:
@@[=rdr pass on en0 inet proto tcp from any to any port 80 -> 127.0.0.1 port 9191=]@@\\
January 07, 2015, at 10:04 PM by TimG - Formatting of link
Changed lines 5-6 from:
This will allow users to navigate to e.g. http://[servername]/user to access the User Web Page, without having to specify a port.
to:
This will allow users to navigate to e.g. [=http://[servername]/user=] to access the User Web Page, without having to specify a port.
January 05, 2015, at 11:53 PM by TimG - Stopped quotes auto-correcting to smart quotes...
Changed lines 48-50 from:
@@rdr-anchor "port80"@@\\
@@load anchor "port80" from "/etc/pf.anchors/com.papercut"@@\\
to:
@@[=rdr-anchor "port80"=]@@\\
@@[=load anchor "port80" from "/etc/pf.anchors/com.papercut"=]@@\\
January 05, 2015, at 11:44 PM by TimG - Added note about OS level functionality
Added lines 6-8:

'''''Note that this is an OS-level function, so there are many ways to get this configured. If you are happy configuring this using another method, and it's working successfully then please feel free to continue to use that method, and also if you'd like to leave a note in the comments with your method, that'd be great!'''''

Changed lines 10-11 from:
\\
to:
January 05, 2015, at 11:28 PM by TimG - Added keywords
Deleted lines 87-88:
TODO link your page here: https://www.papercut.com/kb/Main/Miscellaneous
Changed line 89 from:
''Categories:'' [[Category.TODOFirstCategory|+]], [[Category.TODOSecondCategoryIfNeeded|+]]
to:
''Categories:'' [[Category.Implementation|+]], [[Category.Mac|+]]
Changed line 91 from:
[-Keywords: TODO keywords here if needed-]
to:
[-Keywords: mac, yosemite, port forwarding, 80, 443, ipfw, command not found -]
Changed line 81 from:
@@echo "@@\\
to:
@@[=echo "=]@@\\
Changed lines 85-87 from:
@@" | sudo pfctl -ef -@@\\

to:
@@[=" | sudo pfctl -ef -=]@@\\

January 05, 2015, at 11:22 PM by TimG - Created new page to document port forwarding options with Yosemite
Added lines 1-93:
(:title Port Forwarding on a Mac:)

When [[https://www.papercut.com/products/ng/manual/ch-customization-enable-additional-ports.html|enabling port 80 and 443]] on the Mac where the PaperCut App Server is running, it is necessary to use ipfw (IP Firewall) / pf (Packet Filter) to allow port forwarding.

This will allow users to navigate to e.g. http://[servername]/user to access the User Web Page, without having to specify a port.
\\
\\

!!!OS X 10.9 and earlier:

With earlier versions of Mac OS, ipfw was the primary way to handle firewall changes and port forwarding. With 10.7, the preference was to use [[http://www.openbsd.org/faq/pf/|PF]] but the ipfw utility was still included with Mac OS.

As detailed on the original link at the top of this page, with 10.9 and earlier, you can run this command to configure ipfw to forward port 80 to port 9191:

@@sudo /sbin/ipfw add 102 fwd 127.0.0.1,9191 tcp from any to any 80 in@@
\\
\\

!!!OS X 10.10 and above:

With Yosemite, ipfw has been removed from the Mac OS X build completely, so running the above command will result in a 'command not found' error message. The new method using pf is a little more involved:

'''1. Create an anchor file'''

For example @@/etc/pf.anchors/com.papercut@@

'''2. In the com.papercut anchor file, enter:'''

@@[=rdr pass on lo0 inet proto tcp from any to self port 80 -> 127.0.0.1 port 9191=]@@\\
@@[=rdr pass on en0 inet proto tcp from any to any port 80 -> 127.0.0.1 port 9191=]@@]\\
@@[=rdr pass on en1 inet proto tcp from any to any port 80 -> 127.0.0.1 port 9191=]@@\\
\\

''make sure you hit 'enter' to create a new blank line after these 3 lines have been entered - if you don't do this, you'll get error messages about the format of the file''

'''3. Test the anchor file:'''

@@sudo pfctl -vnf /etc/pf.anchors/com.papercut@@

'''4. Add the anchor file to the pf.conf file:'''

@@sudo vi /etc/pf.conf@@\\
\\

Then add in the following lines under each corresponding section - e.g. the rdr-anchor line under the current rdr-anchor line, and the load anchor under the current load-anchor statement:\\
@@rdr-anchor "port80"@@\\
@@load anchor "port80" from "/etc/pf.anchors/com.papercut"@@\\

\\
'''5. Load the pf.conf file automatically:'''

This can be done either manually (see below) or create a dedicated Launch Daemon to load and enable the config on boot, or edit the current daemon for pf to enable the new config automatically at startup:\\
@@[=sudo vi /System/Library/LaunchDaemons/com.apple.pfctl.plist=]@@\\
\\

Then within the section detailing the program arguments:\\
@@[=<key>ProgramArguments</key>=]@@\\
\\

Add in an extra string with -e, which will enable the config, as per:\\
\\

<string>pfctl</string>\\
'''<string>-e</string>'''\\
<string>-f</string>\\
<string>/etc/pf.conf</string>\\
\\

Then save the file, exit and restart the server to test.
\\
\\

!!!Other notes:

''To test this method manually (no restart required) you can use @@sudo pfctl -ef /etc/pf.conf@@ which will load and enable the pf.conf file, which will then call the com.papercut anchor file.''
\\
\\

''Additionally, if you want to try this out without making any changes to config files, you can test this temporarily (it will not retain the settings after a restart) by running:''\\
\\
@@echo "@@\\
@@[=rdr pass on lo0 inet proto tcp from any to self port 80 -> 127.0.0.1 port 9191=]@@\\
@@[=rdr pass on en0 inet proto tcp from any to any port 80 -> 127.0.0.1 port 9191=]@@\\
@@[=rdr pass on en1 inet proto tcp from any to any port 80 -> 127.0.0.1 port 9191=]@@\\
@@" | sudo pfctl -ef -@@\\


TODO link your page here: https://www.papercut.com/kb/Main/Miscellaneous

----
''Categories:'' [[Category.TODOFirstCategory|+]], [[Category.TODOSecondCategoryIfNeeded|+]]
----
[-Keywords: TODO keywords here if needed-]

Comments

Share your findings and experience with other PaperCut users. Feel free to add comments and suggestions about this Knowledge Base article. Please don't use this for support requests.

Article last modified on June 08, 2015, at 09:00 PM
Printable View   |   Article History   |   Edit Article