Enabling pf for transparent proxy on Mac OS X Mountain Lion

mac-osx proxy pf
6,350

Did you try net.inet.ip.scopedroute=0? From http://lucumr.pocoo.org/2013/1/6/osx-wifi-proxy/:

Now currently if you finish that above setup you will notice that nothing actually works. The cause for this is a Bug in the OS X kernel that requires flipping the net.inet.ip.scopedroute flag to 0. I am not entirely sure what it does, but the internet reports that it breaks network sharing through the user preferences. In any case it fixes ipfw based forwarding so you can flip it with sysctl:

$ sudo sysctl -w net.inet.ip.scopedroute=0

Unfortunately in OS X Lion this flag can actually not be flipped from userspace so you need to set it as boot parameter and then restart your computer. You can do this by editing the /Library/Preferences/SystemConfiguration/com.apple.Boot.plist file (continued...)

Share:
6,350

Related videos on Youtube

crthompson
Author by

crthompson

Dammit Jim, I'm a doctor not...wait...well I'm a scientist and a doctor, but not the kind that heals people. I lead a team of data scientists and software engineers in building a machine learning platform to Change Banking for Good. Twitter: @pridkett

Updated on September 18, 2022

Comments

  • crthompson
    crthompson over 1 year

    I'm doing some usability testing of a web application and am attempting to debug and record some SSL sessions using mitmproxy as a transparent proxy and for some reason pf under Mac OS X Mountain Lion isn't setting up the transparent redirects.

    First, I enable forwarding:

    sudo sysctl -w net.inet.ip.forwarding=1

    Next, I create a simple pf.conf file with a single line on it:

    rdr on {en1, en0} inet proto tcp to any port {80, 443} -> 192.168.1.40 port 3128

    Where the 192.168.1.40 is the remote host that is currently running mitmproxy and en1 and en2 are the main outgoing interfaces on the Mac.

    Finally, I start up pf with the following commands:

    sudo pfctl -vf pf.conf
sudo pfctl -e

    However, nothing happens. When I list the currently running rules for pf with pfctl -sr it doesn't show anything.

    I've confirmed that pf can work on the machine by giving it a dummy rule which blocks all outbound access to port 80 and that works.

    Any hints about what else I need to do to enable pf to redirect web traffic to a transparent proxy on Mac OS X Mountain Lion?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

traffic shaping on OSX 10.10 with pfctl and dnctl
How can I block websites in Mac OS X Server 10.6?
NFS mount "hanging" when accessing from a server on a different subnet
pf (Mac OS X) rule to redirect all traffic to a specific ip/port
How do I use MacPorts (rsync) through a SOCKS5 proxy?
SSH through a SOCKS Proxy? (client = OpenSSH OS X)
Inspect WebSocket packages with Charles proxy in Flutter app
Pulling dependencies from an internal repository via pubspec.yaml
How to fix the proxy setup issue with flutter?
Flutter app behind corporate firewall throws TLS error during packages get