Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: roguepacket
roguepacket Author
User level: Level 1
0 points

IP Forwarding with PF

Hello Everyone,


I am looking for a way to forward my web traffic to a proxy server elsewhere on my network, transparently. With previous versions of Mac OS, this was fairly easy to do with IPFW - the command below would do the trick.


fwd <proxy server ip>,<proxy port> ip from <my ip> to any dst-port 80


Unfortunately, this has changed now that PF is the primary firewall. While other functions - such as redirecting incoming traffic from port 80 to 8080 - still works with IPFW, I simply cannot IP forwarding in any sense. It's like the rules are completely skipped.

Has anyone in the community been able to do this? I have enabled IP Forwarding via Sysctl, and have built an anchor with rules to successfully redirect incoming traffic, but again have not been able to change the destination of outbound traffic.

Posted on Sep 9, 2012 8:01 PM

Reply
2 replies
User profile for user: dan325
dan325
User level: Level 1
13 points

Nov 19, 2012 3:49 PM in response to Linc Davis

I believe that's wrong, actually. pf, for the uninitiated, comes from the OpenBSD project. I run all of my company's firewalls with OpenBSD and pf handles my nat. Now, I admittedly haven't tested out pf on my Mac, but according to the pf.conf man page on Apple's web site, their pf implementation does support nat. I guess maybe natd is redundant...? Don't know.


pf takes a little getting used to, but it's the best firewall I've ever used. It really is pretty awesome. Hopefully in the future, Apple's pf will get a little closer to the version in OpenBSD. Currently, Apple's is several years behind.

Reply

IP Forwarding with PF

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up