Newsroom Update
Beginning in May, a special Today at Apple series titled “Made for Business” will offer small business owners and entrepreneurs free opportunities to learn how Apple products and services can support their growth and success. Learn more >
Beginning in May, a special Today at Apple series titled “Made for Business” will offer small business owners and entrepreneurs free opportunities to learn how Apple products and services can support their growth and success. Learn more >
This worked fine for me until I finally caved and left Software Update install 10.7.4.
The pf.anchors/com.apple file changed during the update, so I made the corresponding edits again. (There's a new scrub-anchor rule as well.)
However, NAT's not working.
pf logging looks like it might offer a clue, but I haven't wrapped my head around pf enough to get it enabled. Any recipe for getting that going?
Any other debug tips?
Mac OS X (10.7.4)
Turns out that loading seems broken. In the KB article, if you take the rules you're adding to exampleNATRules and place them up in /etc/pf.conf in the proper spot (after the nat-anchor and rdr-anchor rules), then it'll work again.
Turns out that loading seems broken. In the KB article, if you take the rules you're adding to exampleNATRules and place them up in /etc/pf.conf in the proper spot (after the nat-anchor and rdr-anchor rules), then it'll work again.
I found that this was not necessary on my machine. In fact, putting
nat on en3 from 192.168.2.1/24 to any -> (en3)
pass from {lo0, 192.168.2.1/24} to any keep state
at the end of /etc/pf.conf resulted in it not working and the following error showing up in Console.app:
7/22/12 1:28:00.036 PM com.apple.pfctl: /etc/pf.conf:25: Rules must be in order: options, normalization, queueing, translation, filtering
They have to be placed in the proper spot in pf.conf. Put them right after the existing rdr-anchor rule and before the anchor and load-anchor rules.
You can use "sudo pfctl -v -n -f /etc/pf.conf" to verify the syntax.
Ahhh. I put them at the end after the existing load anchor rule.
Regardless, they seem to be loading just fine as per the original KB article for me.
Broke in 10.7.4?
