You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Routing localhost traffic to external IP address

I have a host with Mac OS and another machine (192.168.100.50) in the same LAN. I would like to configure Mac OS in that way if I access localhost:443 it will redirect to 192.168.100.50:443.

I'm able to redirect ports inside Mac OS, so if I access localhost:444 it redirects to localhost:443 this way:

sudo sysctl net.inet.ip.forwarding=1

2. /etc/pf.anchors/dev:

rdr pass on lo0 inet proto tcp from any to 127.0.0.1 port 443 -> 127.0.0.1 port 444

3. /etc/pf.conf:

scrub-anchor "com.apple/*"
nat-anchor "com.apple/*"
rdr-anchor "com.apple/*"
rdr-anchor "dev"
dummynet-anchor "com.apple/*"
anchor "com.apple/*"
load anchor "com.apple" from "/etc/pf.anchors/com.apple"
load anchor "dev" from "/etc/pf.anchors/dev"

4. sudo pfctl -ef /etc/pf.conf

But if I change from any to 127.0.0.1 port 443 -> 127.0.0.1 port 444 to from any to 127.0.0.1 port 443 -> 192.168.100.50 port 443 it doesn't work.

I guess I should set up NAT somehow, but I'm not sure how to do that with PF to achieve that. So any help will be very appreciated.

MacBook Pro 15", macOS 10.14

Posted on May 1, 2019 6:45 AM

Top-ranking reply

BobHarris

Level 9

55,055 points

Posted on May 1, 2019 8:59 PM

If you just want to route a single port, then establish an ssh tunnel

ssh -N -n -L 443:localhost:443 192.168.100.50

You can setup ssh-keygen keys so you do not need to use a password.

Now you can use localhost:443 as long as the ssh tunnel is established.

ssh tunnels are secure. ssh tunnels can even tunnel across the internet as long as you can address the remote system. I actually use an ssh tunnel to VNC with my Mom's iMac 300 miles away. I tunnel port 5900 (the VNC port).

You also do not need to do 443 to 443, you can do any local port you like and have it sent to port 443 on the remote

ssh -N -n -L 12345:localhost:443 192.168.100.50

So localhost:12345 will be delivered to port 443 on host 192.168.100.50

View in context

Similar questions

25 replies

May 1, 2019 8:17 AM in response to BobTheFisherman

If I put "192.168.50.100 localhost" it resolved normally, but Chrome is not able to open the page.

May 1, 2019 11:15 AM in response to sergeyzwezdin

Do you have a web server serving pages at that address and port? If so, the browser should open the page at that location.

BDAqua

Level 10

245,189 points

May 1, 2019 8:38 PM in response to sergeyzwezdin

Ask Bob, but I wonder if editing the hosts file allows ports?

192.168.100.50:443 simplename

May 2, 2019 10:39 AM in response to BobTheFisherman

hosts is about name resolving, how port is related here?

BDAqua

Level 10

245,189 points

May 2, 2019 12:03 PM in response to sergeyzwezdin

Right you are, does curl or IPv6 help in your problem?

curl --resolve foo.example.com:443:localhost https://foo.example.com:443/

May 2, 2019 8:11 PM in response to MrHoffman

Is it possible to use Parallels networking without running virtual machines?

May 2, 2019 8:14 PM in response to BDAqua

Right you are, does curl or IPv6 help in your problem?

curl --resolve foo.example.com:443:localhost https://foo.example.com:443/

Not sure how it could help. Could you explain more detailed?

BDAqua

Level 10

245,189 points

May 3, 2019 12:55 PM in response to BobHarris

No, can't clarify much, just thought it may or may not lead to other clues. :)

May 3, 2019 7:49 PM in response to sergeyzwezdin

I assume you’re aware that .NET Core and Visual Studio Code are available for macOS, as well as Mono....? Yes, not a drop-in for .NET Framework, but may be serviceable here.

May 5, 2019 6:37 PM in response to MrHoffman

Yes, but this is not my case for the moment.

Routing localhost traffic to external IP address