Port Forwarding on macOS Sierra
Solution 1:
My answer to the question: What is the modern way to do port-forwarding on El Capitan? (forward port 80 to 8080) is still valid.
You have several frictions/misconfigurations in your setup though:
- There is no need to establish an additional network address (i.e. 10.0.0.1) for lo0 if you don't have a second http/https host.
-
A redirection:
rdr pass on lo0 inet proto tcp from any to 10.0.0.1 port = 80 -> 127.0.0.1 port 3000will only redirect a request for 10.0.0.1:80 to 127.0.0.1:3000.
A request for localhost:80 (which translates to 127.0.0.1:80 and not to 10.0.0.1:80) won't be redirected because there is no appropriate
rdr ...line and you will get a connection error. - Even adding the line
10.0.0.1 localhostto /etc/hosts will not salvage your problem because localhost seems to be hard coded to 127.0.0.1.
To get your redirection working unload pf.conf with sudo pfctl -d. Then check your anchor and pf.conf:
rdr pass log (all) on lo0 inet proto tcp from any to any port 80 -> 127.0.0.1 port 3000
rdr pass log (all) on lo0 inet proto tcp from any to any port 443 -> 127.0.0.1 port 7000
and
...
scrub-anchor "com.apple/*"
nat-anchor "com.apple/*"
rdr-anchor "com.apple/*"
rdr-anchor "myorganization"
dummynet-anchor "com.apple/*"
anchor "com.apple/*"
load anchor "com.apple" from "/etc/pf.anchors/com.apple"
load anchor "myorganization" from "/etc/pf.anchors/myorganization"
Then parse/check myorganization with sudo pfctl -vnf /etc/pf.anchors/myorganization and load pf.conf with sudo pfctl -evf /etc/pf.conf.
In some rare cases you may have to add an additional line:
::1 127.0.0.1
to your /etc/hosts file. This doesn't seem logical though and may apply to older Sierra versions only. I haven't been able to confirm this.