-
Notifications
You must be signed in to change notification settings - Fork 258
Yosemite Support #452
Comments
Thanks for this! Helped get Pow mostly working for me. Seems that there's still issues if you're using a custom TLD with pow (something other than .dev or .test) |
thanks for this! But how can this support visit by other ip, eg: http://192.168.37.222 |
+1 this works like a charm, thanks so much. |
@LittleLuRen shoot! You can update the rule like so:
That should bring the rule up to parity with the current ipfw rule. |
@LittleLuRen I verified that the updated rule works. I also updated the issue description to recommend the new rule. |
👍 Thanks @mhodgson and for the update @LittleLuRen |
Very cool, thx. Worked for me just fine. |
Thanks a ton guys for solving this. Removal of ipfw from Yosemite was kind of unexpected. The steps outlined work like a charm. :) |
Wow works like a charm! Many thanks 👍 ! |
Nice! Props @mhodgson. |
Thanks @mhodgson. It works. |
This is great, thanks! |
|
Altering system configuration from a script (the installer) could be dangerous, so when we'd like to integrate this in the installer, it would be nice to know if it's possible to load multiple configs into PF. For example rdr-anchor "pow"
load anchor "pow" from "/etc/pf.anchors/cx.pow"
rdr pass on lo0 inet proto tcp from any to any port 80 -> 127.0.0.1 port 20559
And an extra launchagent, <?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Disabled</key>
<false/>
<key>Label</key>
<string>cx.pow.pfctl</string>
<key>WorkingDirectory</key>
<string>/var/run</string>
<key>Program</key>
<string>/sbin/pfctl</string>
<key>ProgramArguments</key>
<array>
<string>pfctl</string>
<string>-f</string>
<string>/etc/pow.pf.conf</string>
</array>
<key>RunAtLoad</key>
<true/>
</dict>
</plist> |
@koenpunt To answer you previous question, ipfw has been deprecated in favor of pf since 10.7 (Lion). I'm not sure what pow attempts to support, but we may be able to just completely switch to pf. You're solution looks ok, interested to know if it works. Looks like Apple is using pf for a lot of system services so I'm worried it will introduce bugs in other areas, but who knows... |
Anybody having issues when restarting mac /etc/pf.conf won't give loaded so I need to do "sudo pfctl -f /etc/pf.conf" and "sudo pfctl -e" again? Should we manually add a launch agent? |
@adooylabs yep, same thing happens here. sudo pfctl -e seems to be needed after each reboot. It seems you don't need the pfctl -f part each time, though. |
@eploko @adooylabs from the default pf.conf file:
So it appears that when/if this is incorporated into POW, we will need to make sure to enable pf when POW boots up. |
So maybe |
@koenpunt I think that is exactly what needs to happen. It also looks like it should make sure to disable it (-X) when the daemon exists. |
Hm ok, I tried to dynamically add the rule to an anchor but couldn't get it to work. For example, adding it to the existing echo "rdr pass on lo0 inet proto tcp from any to any port http -> 127.0.0.1 port 20559" | sudo pfctl -a 'com.apple/*' -f - -E Got any suggestions for this? |
Oh never mind, got it fixed in #453 by adding the rule to |
Sidenote, calling |
Thanks for this @mhodgson! 👍 |
thanks @mhodgson ! |
DNS reset did not work for me. also played around with oh-my-zsh update issues... still |
Tested in El Capitan and seems to work. Here is a little copy and paste guide which should work. It does the following:
sudo tee /etc/pf.anchors/com.pow > /dev/null <<'EOF'
rdr pass on lo0 inet proto tcp from any to any port 80 -> 127.0.0.1 port 8888
rdr pass on lo0 inet proto tcp from any to any port 443 -> 127.0.0.1 port 4444
EOF Then: sudo tee /etc/pf.conf > /dev/null <<'EOF'
#
# com.apple anchor point
#
scrub-anchor "com.apple/*"
nat-anchor "com.apple/*"
rdr-anchor "com.apple/*"
rdr-anchor "pow"
dummynet-anchor "com.apple/*"
anchor "com.apple/*"
load anchor "com.apple" from "/etc/pf.anchors/com.apple"
load anchor "pow" from "/etc/pf.anchors/com.pow"
EOF Finally: sudo pfctl -f /etc/pf.conf
sudo pfctl -e |
@nodesocket The default setup should work fine on El Capitan. Also, you refer to non-standard ports in your "copy and paste guide". |
thank you this worked for me :-) |
this is super cool! easiest copy paste I've ever done! Thanks!!! |
Thank you so much... |
ykhddeiMac:etc ykhd$ sudo pfctl -f /etc/pf.conf No ALTQ support in kernel |
rdr pass on lo0 inet proto tcp from any to any port 10080 -> 192.168.99.100 port 10080 |
ykhddeiMac:etc ykhd$ sudo pfctl -f /etc/pf.conf No ALTQ support in kernel this is why? OSX 10.11.3 |
scrub-anchor "com.apple/" |
You shouldnt mess with |
@koenpunt What do you mean? |
add two lines to /etc/pf.conf to load your new rule ,Above wrote |
rdr pass on lo0 inet proto tcp from any to any port 10080 -> 192.168.99.100 port 10080 scrub-anchor "com.apple/" ykhddeiMac:etc ykhd$ sudo pfctl -f /etc/pf.conf No ALTQ support in kernel this is why? OS X 10.11.3 Is there a problem? |
I mean that it's not necessary, just append to the main rule:
See also #521 |
See also #524 if you're having the same symptoms on 10.11.x and are running an openVPN client. |
No ALTQ support in kernel |
The Basically, ALTQ is "Alternate Queueing", which is used for Quality of Service (QoS). This just enables one to configure queues within PF to prefer certain types of network traffic to have priority over others (e.g. VoIP over Torrents). No one here should be needing this with regards to Pow. FreeBSD's GENERIC kernel ships without ALTQ support, as does MacOS' XNU Kernel. ALTQ is an optional, but preferred feature when using OpenBSD's PF Firewall. In order to enable ALTQ, one has to recompile the FreeBSD kernel with said support. Since we don't need this optional feature, and because recompiling the XNU kernel and including ALTQ is way beyond the scope of this issue with Pow, we can safely ignore this message. https://www.freebsd.org/doc/handbook/firewalls-pf.html#idp76909288 |
Is this a closed issue? I still have to do the following after each restart:
|
@koenpunt puma-dev works with unicorn? |
@bjensen no, with Puma. But would that be a problem, to use a different server in development? Also; is there a specific reason you're using unicorn? |
Puma-dev can forward ports. I’ve used it with webpack. It can do unicorn
B mobile phone
… On Apr 7, 2018, at 3:39 PM, Koen Punt ***@***.***> wrote:
@bjensen no, with Puma. But would that be a problem, to use a different server in development? Also; is there a specific reason you're using unicorn?
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.
|
@bf4 true, but that requires you to manually start the server |
Unfortunately, Yosemite breaks pow because ipfw has been completely removed from the OS. I was able to get pow working again using PF, which is the new recommended way to do port forwarding in OS X. Here's what I did to get it working:
First, add an anchor file to contain the pow port forwarding rule. Place the following code in /etc/pf.anchors/com.pow:
NOTE: The trailing line break is required. Otherwise pf will say you have a syntax error.
Next, add two lines to /etc/pf.conf to load your new rule. It is important where these lines go. Add this line right after
rdr-anchor "com.apple/*"
:Add this line directly after
load anchor "com.apple" from "/etc/pf.anchors/com.apple"
:Again, make sure to maintain the final line break.
Next, reload the rules into pf by running
sudo pfctl -f /etc/pf.conf
Finally, enable pf by running
sudo pfctl -e
Interested to hear how other people fare with this. I would provide a pull request but I'm not familiar with the internals of pow or the way this should be implemented.
The text was updated successfully, but these errors were encountered: