MacOS – Port forwarding on all ports except ssh on macOS Sierra (redsocks)

firewallmacos

I am trying to forward all ports except port 22 on OSX Sierra using pfctl but it doesn't seem to work.

file: /pf.conf

ext_if = "inet"
rdr pass $ext_if proto tcp from any to any -> 127.0.0.1 port 12345
rdr pass $ext_if proto udp from any to any -> 127.0.0.1 port 10053
pass out proto tcp from any to any port ssh

I enabled it with

sudo sysctl -w net.inet.ip.forwarding=1
sudo pfctl -f pf.conf
sudo pfctl -e

The traffic seems to be redirecting fine to port 12345, but I can't get port 22 to passthrough.

Best Answer

The ssh line should be above the ‘rdr’ lines, so that the ssh line is matched first.

Related Solutions

Settings for Firewall and AirPort Extreme Router to Open a Port

Something's wrong. If you've only got the Apple device between yourself and the internet - you've verified your external IP, you've lowered your machine's firewall, and you've DMZ'd your internal IP (which you've verified is correct...) - then the only way a connection can be halted is through another piece of software running on your machine.

If you go through all of those steps, you should be completely open to the internet.

MacOS – Redirect traffic using PF along with Internet Sharing

I found the answer.

I loaded my rules as part of the anchor com.apple/100.InternetSharing/natpmp which is the one used for Internet Sharing.

The file mitm.pf.conf contains the rules:

rdr on bridge0 proto tcp from any to any port 80 -> 127.0.0.1 port 8080
rdr on bridge0 proto tcp from any to any port 443 -> 127.0.0.1 port 8080`

Load it using the Internet Sharing anchor:

sudo pfctl -a com.apple/100.InternetSharing/natpmp -f mitm.pf.conf

Best Answer

Related Solutions

Settings for Firewall and AirPort Extreme Router to Open a Port

MacOS – Redirect traffic using PF along with Internet Sharing

Related Question