Scenario
I have a server listening on port 3000 on localhost. I want incoming traffic to localhost:8080 to be forwarded to that server.
My set up:
- Server listens on port
3000; nothing listens on port8080 - pfctl:
rdr pass log on lo0 proto tcp from any to any port 8080 -> 127.0.0.1 port 3000 - watch all incoming connections to port
8080onlo0interface:sudo tcpdump -nn -i lo0 dst port 8080 -v
Test
curl localhost:8080
Expected
- server on port
3000gets request from curl - tcpdump returns smth like: 127.0.0.1.57330 > 127.0.0.1.3000 < more-info >
Reality
- curl gets
curl: (7) Failed to connect to localhost
port 8080: Connection refuse - tcpdump returns 127.0.0.1.57330 > 127.0.0.1.8080 < more-info >
=> tcpdump output means that the rule was not applied since the destination port is still 8080 and not 3000.
Question
Where did my configuration went wrong and how to make it right?
Best Answer
First of all, it's not
pfctl(who forwards), but rather PF instead.pfctlis just a controlling utility (hence "ctl").Now to debugging. You gave none of that info so that all is based on my own expertise and assumptions, read "guesses".
pfctl -sishould show you if PF is actually enabled. Yes, rules can be loaded into it, but being disabled it won't process traffic.pfctl -vsnshould show if your NAT rules are getting any hits or they aren't.And if you have some other PF rules applied you'd better be sure there's no
set skip on lo0.