Enabling pf for transparent proxy on Mac OS X Mountain Lion
Did you try net.inet.ip.scopedroute=0
? From http://lucumr.pocoo.org/2013/1/6/osx-wifi-proxy/:
Now currently if you finish that above setup you will notice that nothing actually works. The cause for this is a Bug in the OS X kernel that requires flipping the net.inet.ip.scopedroute flag to 0. I am not entirely sure what it does, but the internet reports that it breaks network sharing through the user preferences. In any case it fixes ipfw based forwarding so you can flip it with sysctl:
$ sudo sysctl -w net.inet.ip.scopedroute=0
Unfortunately in OS X Lion this flag can actually not be flipped from userspace so you need to set it as boot parameter and then restart your computer. You can do this by editing the /Library/Preferences/SystemConfiguration/com.apple.Boot.plist file (continued...)
Related videos on Youtube
crthompson
Dammit Jim, I'm a doctor not...wait...well I'm a scientist and a doctor, but not the kind that heals people. I lead a team of data scientists and software engineers in building a machine learning platform to Change Banking for Good. Twitter: @pridkett
Updated on September 18, 2022Comments
-
crthompson over 1 year
I'm doing some usability testing of a web application and am attempting to debug and record some SSL sessions using
mitmproxy
as a transparent proxy and for some reasonpf
under Mac OS X Mountain Lion isn't setting up the transparent redirects.First, I enable forwarding:
sudo sysctl -w net.inet.ip.forwarding=1
Next, I create a simple
pf.conf
file with a single line on it:rdr on {en1, en0} inet proto tcp to any port {80, 443} -> 192.168.1.40 port 3128
Where the 192.168.1.40 is the remote host that is currently running
mitmproxy
anden1
anden2
are the main outgoing interfaces on the Mac.Finally, I start up
pf
with the following commands:sudo pfctl -vf pf.conf sudo pfctl -e
However, nothing happens. When I list the currently running rules for
pf
withpfctl -sr
it doesn't show anything.I've confirmed that
pf
can work on the machine by giving it a dummy rule which blocks all outbound access to port 80 and that works.Any hints about what else I need to do to enable
pf
to redirect web traffic to a transparent proxy on Mac OS X Mountain Lion?