Skip to content

Instantly share code, notes, and snippets.

@radabass
Last active September 23, 2023 08:38
Show Gist options
  • Save radabass/8cc8a8554d9b4ccb85b545d1d84929f0 to your computer and use it in GitHub Desktop.
Save radabass/8cc8a8554d9b4ccb85b545d1d84929f0 to your computer and use it in GitHub Desktop.
Vagrant port 80 443 forwarding to HOST machine OSX El Capitan

El Capitan OSX Vagrant port forwarding rules to use privileged ports 80 and 443

Due to the OSX limitations in ports below 1024, in order to use them without running as root the virtualbox headless you can do the following workaround, (remember the command ipfw is deprecated on El Capitan)

In the Vagrant file use ports over 1024, for instance change 80 and 443 to 8080 and 8043.

  # Apache
  config.vm.network "forwarded_port", guest: 80, host: 8080
  # Apache SSL
  config.vm.network "forwarded_port", guest: 443, host: 8043
  1. Then we will redirect this ports to the host machine 80 and 443 like this:

Add the following to /etc/pf.anchors/vagrant:

rdr pass inet proto tcp from any to any port 80 -> 127.0.0.1 port 8080
rdr pass inet proto tcp from any to any port 443 -> 127.0.0.1 port 8043

Add the following to /etc/pf-vagrant.conf:

rdr-anchor "forwarding"
load anchor "forwarding" from "/etc/pf.anchors/vagrant"

Add the following to /Library/LaunchDaemons/com.apple.pfctl-vagrant.plist:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
     <key>Label</key>
     <string>com.apple.pfctl-vagrant</string>
     <key>Program</key>
     <string>/sbin/pfctl</string>
     <key>ProgramArguments</key>
     <array>
          <string>pfctl</string>
          <string>-e</string>
          <string>-f</string>
          <string>/etc/pf-vagrant.conf</string>
     </array>
     <key>RunAtLoad</key>
     <true/>
     <key>KeepAlive</key>
     <false/>
</dict>
</plist>

Run the following command to have it start at boot:

sudo launchctl load -w /Library/LaunchDaemons/com.apple.pfctl-vagrant.plist

Run the following command to remove it from boot (if it's no longer required):

sudo launchctl unload -w /Library/LaunchDaemons/com.apple.pfctl-vagrant.plist

Or simply remove the files and log out / log in.

Thanks to f1sherman: https://gist.github.com/f1sherman/843f85ea8e2cbcdb40af

  1. A second option may be use command line each time:
echo "
rdr pass inet proto tcp from any to any port 80 -> 127.0.0.1 port 8080
rdr pass inet proto tcp from any to any port 443 -> 127.0.0.1 port 8443
" | sudo pfctl -ef -

To disable the forwarding:

sudo pfctl -F all -f /etc/pf.conf

To display current forwarding rules:

sudo pfctl -s nat

Sometimes the forwarding on 127.0.0.1 fails, so you can use 127.0.0.2 on El Capitán.

@radabass
Copy link
Author

radabass commented Jun 5, 2016

If you want to do it with vagrant up and vagrant halt modify vagrantfile to add:

USING: https://github.com/emyl/vagrant-triggers

$ vagrant plugin install vagrant-triggers
  # Redirections on OSX Host machine - requires vagrant plugin trigger
  config.trigger.after :up do
    run "./portredirect.sh"
  end

  config.trigger.after :halt do
    run "./portredirect_disable.sh"
  end

and two files:
portredirect.sh

echo "
rdr pass inet proto tcp from any to any port 80 -> 127.0.0.1 port 8080
rdr pass inet proto tcp from any to any port 443 -> 127.0.0.1 port 8043
" | sudo pfctl -ef -

exit 0

portredirect_disable.sh

echo "Eliminando redireccionado de puertos 80 y 443"
sudo pfctl -F all -f /etc/pf.conf

exit 0

@agusti-t
Copy link

agusti-t commented Oct 21, 2017

Thanks @radabass for this gist. It has been very helpful.

The first option of the original gist didn't work for me when trying to make the changes permanent in High Sierra. However, your comment describing how to do it with vagrant triggers helped me find a solutions that suited my needs.

I only need to do the redirection when creating a specific machine, i.e. not all boxes that I start up should redirect the ports or stop the redirection. Also, I can't include the triggers in the original Vagrantfile since it is shared among multiple users, some of them running Windows or Linux.

I went around this using the Load Order and Merging properties of the Vagrantfile. I created a Vagrantfile under ~/.vagrant.d/Vagrantfile with the following contents:

Vagrant.configure(2) do |config|

    if "wf-#{Socket.gethostname}".casecmp(VAGRANT_HOSTNAME) == 0
        # Redirections on OSX Host machine - requires vagrant plugin trigger
        config.trigger.after :up, :append_to_path => ENV["HOME"] + "/.vagrant.d/port-redirect" do
            run "portredirect.sh"
        end

        config.trigger.after :halt, :append_to_path => ENV["HOME"] + "/.vagrant.d/port-redirect" do
            run "portredirect_disable.sh"
        end
        
        config.trigger.after :destroy, :append_to_path => ENV["HOME"] + "/.vagrant.d/port-redirect" do
            run "portredirect_disable.sh"
        end
    end
    
end

where VAGRANT_HOSTNAME is defined in the Vagrantfile of the box I am trying to apply the port redirection to.

This effectively redirects the ports only in the desired machine. Hope it helps!

@yego87
Copy link

yego87 commented Nov 22, 2017

Hi, can you tell me one thing, when i create Vagrantfile with this contents its not work after reboot system, how i can correct this thing?

@radabass
Copy link
Author

Sorry, I wasn't notified on your comment. It happen to me all the time so I ended using Docker

@hellt
Copy link

hellt commented May 22, 2019

But how does Vagrant do the default 2222->22 port redirection in the first place? (on a mac)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment