Skip to content

Instantly share code, notes, and snippets.

Show Gist options
  • Save shawnbutts/59991232d11d0cf1df2c80d5228b747e to your computer and use it in GitHub Desktop.
Save shawnbutts/59991232d11d0cf1df2c80d5228b747e to your computer and use it in GitHub Desktop.
Vagrant port 80 443 forwarding to HOST machine OSX El Capitan

El Capitan OSX Vagrant port forwarding rules to use privileged ports 80 and 443

Due to the OSX limitations in ports below 1024, in order to use them without running as root the virtualbox headless you can do the following workaround, (remember the command ipfw is deprecated on El Capitan)

In the Vagrant file use ports over 1024, for instance change 80 and 443 to 8080 and 8043.

  # Apache
  config.vm.network "forwarded_port", guest: 80, host: 8080
  # Apache SSL
  config.vm.network "forwarded_port", guest: 443, host: 8043
  1. Then we will redirect this ports to the host machine 80 and 443 like this:

Add the following to /etc/pf.anchors/vagrant:

rdr pass inet proto tcp from any to any port 80 -> 127.0.0.1 port 8080
rdr pass inet proto tcp from any to any port 443 -> 127.0.0.1 port 8043

Add the following to /etc/pf-vagrant.conf:

rdr-anchor "forwarding"
load anchor "forwarding" from "/etc/pf.anchors/vagrant"

Add the following to /Library/LaunchDaemons/com.apple.pfctl-vagrant.plist:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
     <key>Label</key>
     <string>com.apple.pfctl-vagrant</string>
     <key>Program</key>
     <string>/sbin/pfctl</string>
     <key>ProgramArguments</key>
     <array>
          <string>pfctl</string>
          <string>-e</string>
          <string>-f</string>
          <string>/etc/pf-vagrant.conf</string>
     </array>
     <key>RunAtLoad</key>
     <true/>
     <key>KeepAlive</key>
     <false/>
</dict>
</plist>

Run the following command to have it start at boot:

sudo launchctl load -w /Library/LaunchDaemons/com.apple.pfctl-vagrant.plist

Run the following command to remove it from boot (if it's no longer required):

sudo launchctl unload -w /Library/LaunchDaemons/com.apple.pfctl-vagrant.plist

Or simply remove the files and log out / log in.

Thanks to f1sherman: https://gist.github.com/f1sherman/843f85ea8e2cbcdb40af

  1. A second option may be use command line each time:
echo "
rdr pass inet proto tcp from any to any port 80 -> 127.0.0.1 port 8080
rdr pass inet proto tcp from any to any port 443 -> 127.0.0.1 port 8443
" | sudo pfctl -ef -

To disable the forwarding:

sudo pfctl -F all -f /etc/pf.conf

To display current forwarding rules:

sudo pfctl -s nat

Sometimes the forwarding on 127.0.0.1 fails, so you can use 127.0.0.2 on El Capitán.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment