Win10论坛

Win10正式版系统下载主题平板

重定义Modern UI,打造完美Windows全新体验

Windows10下载|安装|新手宝典|必备软件

搜索
查看: 1489|回复: 2

[求助] 关于MAC OS X系统中pf的跨接口端口转发问题,请高手解决 [复制链接]

Rank: 7Rank: 7Rank: 7

UID
1088770
帖子
1731
PB币
4762
贡献
0
技术
47
活跃
600

7周年庆典勋章

发表于 2014-3-19 20:39:36 |显示全部楼层
本帖最后由 wind315 于 2014-4-3 21:10 编辑

搜索了能搜到的中文论坛,没找到如何解决我的问题,特来询问,望高人解决下,谢谢!我目前运行的mountation lion 10.8.5,因为看到苹果不推荐使用老版的ipfw了,所以改用pf进行端口转发。我想实现在网卡en0到端口80的连接,全部转发到127.0.0.1的8080端口,我的步骤如下:
1. 已经设置/etc/sysctl.conf文件内容:
    net.inet.ip.forwarding=1
    net.inet6.ip6.forwarding=1
用 sysctl -a |grep ip.fo 看到,确实已经设置为可以转发包了。

2. /etc/pf.conf 文件中配置了转发规则:
    rdr pass on en0 proto tcp from any to any port 80 -> 127.0.0.1 port 8080

3. 随便访问一个网站,用命令:pfctl -s state
查不到任何端口转发的信息。

如果在第2步中,改为:rdr pass on lo0 proto tcp from any to 127.0.0.2 port 80 ->  127.0.0.1 port 8080
则用第三步的命令能查到端口已经被转发到了127.0.0.1的8080端口。

请教为什么我不能踦接口转发端口?谢谢!

附上一段E文文章。我e文不行,也不能去国外论坛问,如若解决不了我这个问题,谁能翻译下我的需求,然后帖上来,我去请教老外也行,一并感谢!

https://gist.github.com/kujohn/7209628Port Forwarding in Mavericks

Since Mavericks stopped using the deprecated ipfw (as of Mountain [color=rgb(68, 68, 68) !important]Lion), we'll be using pf to allow port forwarding.

1. anchor file

Create an anchor file under /etc/pf.anchors/<anchor file> with your redirection rule like:

rdr pass on lo0 inet proto tcp from any to 127.0.0.2 port 80 -> 127.0.0.1 port 400702. Test the anchor file

Parse and test your anchor file to make sure there are no errors:

sudo pfctl -vnf <anchor file>

3. Reference the anchor in pf.conf

/etc/pf.conf is the main configuration file that pf loads at boot. We'll need to load the anchor file we previously created:

rdr-anchor "forwarding"

load anchor "forwarding" from "/etc/pf.anchors/<anchor file>"

Make sure to add these entries to the appropriate spot.

4. Load and enabling pf

pf is not enabled by default in Mavericks, few ways to enable this:

  • Manually load and enable from a pf.conf file via sudo pfctl -ef <pf.conf file>

  • Auto enable by creating a launch daemon via this doc to run pfctl -ef <pf.conf file> on boot.

  • Auto enable by adding an -e(enable) to the pfctl ProgramArgument in /System/Library/LaunchDaemons/com.apple.pfctl.plist like this:


<key>ProgramArguments</key>

<array>
<string>pfctl</string>
<string>-e</string>
<string>-f</string>
<string>/etc/pf.conf</string>
</array>


5. Forwarding across interfaces

By default, pf does not forward between interfaces. Here's a snippet from man for pfctl with help from2sidedfigure:

The packet filter does not itself forward packets between interfaces. Forwarding can be enabled by setting the sysctl(8) variables net.inet.ip.forwarding and/or net.inet6.ip6.forwarding to 1.  Set them permanently in sysctl.conf(5).

We'll need to enable this by adding to /etc/sysctl.conf:

net.inet.ip.forwarding=1net.inet6.ip6.forwarding=1Caution

There is the possibility that pf.conf will be overriden with updates to the OS. It might be best to create your own pf config file and load them in additon to the main pf.conf to prevent this.




Rank: 7Rank: 7Rank: 7

UID
1088770
帖子
1731
PB币
4762
贡献
0
技术
47
活跃
600

7周年庆典勋章

发表于 2014-3-19 23:18:05 |显示全部楼层
自己顶一下

Rank: 7Rank: 7Rank: 7

UID
1088770
帖子
1731
PB币
4762
贡献
0
技术
47
活跃
600

7周年庆典勋章

发表于 2014-4-3 10:15:43 |显示全部楼层
自己顶,还没解决,有人解决么?
回顶部
Copyright (C) 2005-2021 pcbeta.com, All rights reserved
Powered by Discuz!  苏ICP备17027154号
请勿发布违反中华人民共和国法律法规的言论,会员观点不代表远景论坛官方立场。
远景在线 | 远景论坛 | 苹果论坛 | Win11论坛 | Win10论坛 | Win8论坛 | Win7论坛 | WP论坛 | Office论坛