2 Replies Latest reply: Nov 19, 2012 3:49 PM by dan325
roguepacket Level 1 (0 points)

Hello Everyone,


I am looking for a way to forward my web traffic to a proxy server elsewhere on my network, transparently. With previous versions of Mac OS, this was fairly easy to do with IPFW - the command below would do the trick.


fwd <proxy server ip>,<proxy port> ip from <my ip> to any dst-port 80


Unfortunately, this has changed now that PF is the primary firewall. While other functions - such as redirecting incoming traffic from port 80 to 8080 - still works with IPFW, I simply cannot IP forwarding in any sense. It's like the rules are completely skipped.

Has anyone in the community been able to do this? I have enabled IP Forwarding via Sysctl, and have built an anchor with rules to successfully redirect incoming traffic, but again have not been able to change the destination of outbound traffic.

  • Linc Davis Level 10 (184,555 points)

    The pf firewall doesn't forward packets. You would have to do it by means of natd. Please don't ask me for instructions -- I don't know. See the pfctl and natd man pages to get started.

  • dan325 Level 1 (5 points)

    I believe that's wrong, actually.  pf, for the uninitiated, comes from the OpenBSD project.  I run all of my company's firewalls with OpenBSD and pf handles my nat.  Now, I admittedly haven't tested out pf on my Mac, but according to the pf.conf man page on Apple's web site, their pf implementation does support nat.  I guess maybe natd is redundant...?  Don't know.


    pf takes a little getting used to, but it's the best firewall I've ever used.  It really is pretty awesome.  Hopefully in the future, Apple's pf will get a little closer to the version in OpenBSD.  Currently, Apple's is several years behind.