Since Mavericks deprecated ipfw, we'll be using pf to allow port forwarding.
####1. anchor file
Create an anchor file under /etc/pf.anchors/<file> with the following redirection rule:
rdr-anchor "forwarding"
rdr pass on lo0 inet proto tcp from any to 127.0.0.2 port 80 -> 127.0.0.1 port 40070
####2. Test the anchor file Parse and test your anchor file to make sure there are no errors:
sudo pfctl -vnf <file>
####3. Reference the anchor in pf.conf
/etc/pf.conf is the main configuration file that pf loads at boot.
We'll need to tell it to load the anchor we previously created:
anchor "forwarding"
load anchor "forwarding" from "/etc/pf.anchors/<file>"
####4. Load and enabling pf
pf is not enabled by default in Mavericks, few ways to enable this:
-
Manually load and enable from a pf.conf file via
sudo pfctl -ef <file> -
Auto enable by creating a launch daemon via this doc to run
pfctl -ef <file>on boot. -
Auto enable by adding an
-e(enable) to thepfctlProgramArgument in/System/Library/LaunchDaemons/com.apple.pfctl.plistlike this:<key>ProgramArguments</key> <array> <string>pfctl</string> <string>-e</string> <string>-f</string> <string>/etc/pf.conf</string> </array>
####5. Forwarding across interfaces
By default, pf does not forward between interfaces. Here's a snippet from man for pfctl with help from 2sidedfigure:
The packet filter does not itself forward packets between interfaces. Forwarding can be enabled by setting the sysctl(8) variables net.inet.ip.forwarding and/or net.inet6.ip6.forwarding to 1. Set them permanently in sysctl.conf(5).
We'll need to enable this by adding to /etc/sysctl.conf:
net.inet.ip.forwarding=1
net.inet6.ip6.forwarding=1