felixfromkingstone

Q: port-based redirect ceased to work after upgrading Capitan to 10.11.3

I have a web-service running on a virtual machine (virtualbox VM), which I can access on my mac via 192.168.99.100:8000. The mac itself is listening at 192.168.1.2. For port 8000 I have setup a redirect on the websites server (OSX server version 5.0.15) pointing to 192.168.99.100:8000. This works, as long as called from the mac (even when called from another VM on that mac).

The redirect fails though when trying to access from other machines within the 192.168.x.y space, or when called from the internet.

iMac, OS X El Capitan (10.11.3), OSX Server Ver. 5.0.15, Xcode 7.2.1

Posted on Feb 13, 2016 6:03 AM

Close

Q: port-based redirect ceased to work after upgrading Capitan to 10.11.3

  • All replies
  • Helpful answers

  • by felixfromkingstone,

    felixfromkingstone felixfromkingstone Feb 13, 2016 11:39 PM in response to felixfromkingstone
    Level 1 (0 points)
    Feb 13, 2016 11:39 PM in response to felixfromkingstone

    ...I add a few comments on what has been checked so far:

     

    - port 8000 is open at router level

    - OSX El Capitan (10.11.3) application firewall is turned off in the system preferences

    - OSX server adaptive firewall is turned off (using sudo /Applications/Server.app/Contents/ServerRoot/usr/libexec/afctl -X)

    - when checking port 8000 from canyouseeme.org it is recognised as open

     

    ...still, the request never makes it to the machine...

  • by chattphotos,

    chattphotos chattphotos Feb 14, 2016 2:41 PM in response to felixfromkingstone
    Level 4 (2,434 points)
    Desktops
    Feb 14, 2016 2:41 PM in response to felixfromkingstone

    Lets start with why are you doing the port redirection?
    It sounds like you have a complicated setup.

     

    Is your router properly set up to do port forwarding?

  • by felixfromkingstone,

    felixfromkingstone felixfromkingstone Feb 16, 2016 11:10 AM in response to chattphotos
    Level 1 (0 points)
    Feb 16, 2016 11:10 AM in response to chattphotos

    The virtual machine offering some web content exposes port 8000 under its own IP, a port redirect at OSX Server level seemed to me to be the easiest way to access that VM content (happy to take any advice of course...)


    ...and well, the router is configured to forward calls on ports 80, 443 and 8000 to the mac. On ports 80 and 443 the server is responding as expected (delivering its own web content), on 8000 it looks like the OSX-redirect is just returning the redirect target address rather than really redirecting to the VM and yielding the content.

     

    Thanks for looking into this.

  • by chattphotos,

    chattphotos chattphotos Feb 16, 2016 11:54 AM in response to felixfromkingstone
    Level 4 (2,434 points)
    Desktops
    Feb 16, 2016 11:54 AM in response to felixfromkingstone

    Have you set your VM network adapter to Bridged/Transparent mode?

    When the VM is in bridged, imagine it is another computer on your network rather than tucked away inside your Mac.

     

    The bridged has an advantage in that you don't need to hop ports/redirect anything fancy.

  • by felixfromkingstone,

    felixfromkingstone felixfromkingstone Feb 16, 2016 1:40 PM in response to chattphotos
    Level 1 (0 points)
    Feb 16, 2016 1:40 PM in response to chattphotos

    ...well it is configured on NAT on the primary adapter and bridge/host-only on a second. If I disable the NAT, the VM sits waiting for an IP and does not launch... this is linked to the use-case for which it has been designed, just launching a tiny boot2docker linux as base-VM for docker applications (https://docs.docker.com/engine/installation/mac/), which seems to rely on its own internal IP realm in some instances.

  • by felixfromkingstone,Solvedanswer

    felixfromkingstone felixfromkingstone Feb 16, 2016 2:01 PM in response to felixfromkingstone
    Level 1 (0 points)
    Feb 16, 2016 2:01 PM in response to felixfromkingstone

    wow... I just played around a bit more, and here is what now worked:

     

    I simply removed the redirect in the OSX server! And now the mac is simply listening on 8000 and retrieving the VM content... !!

    I never tried this before, because it was my first approach on El Capitan 10.11.2, where it never worked, and the redirect did. Now on 10.11.3 it is working without the redirect (totally preferred!!)

     

    Thanks for the sparring round!