When enabling port 80 and 443 on the Mac where the PaperCut App Server is running, it is necessary to use ipfw (IP Firewall) / pf (Packet Filter) to allow port forwarding.
This will allow users to navigate to e.g. http://[servername]/user to access the User Web Page, without having to specify a port.
Note that this is an OS-level function, so there are many ways to get this configured. If you are happy configuring this using another method, and it’s working successfully then please feel free to continue to use that method, and also if you’d like to leave a note in the comments with your method, that’d be great!
macOS 10.10 and above: With macOS Yosemite, ipfw has been removed from the macOS build completely, so running the above command will result in a ‘command not found’ error message. The new method using pf is a little more involved:
Create an anchor file:
For example /etc/pf.anchors/com.papercut
In the com.papercut anchor file, enter
rdr pass on lo0 inet proto tcp from any to self port 80 -> 127.0.0.1 port 9191
rdr pass on en0 inet proto tcp from any to any port 80 -> 127.0.0.1 port 9191
rdr pass on en1 inet proto tcp from any to any port 80 -> 127.0.0.1 port 9191
make sure you hit ‘enter’ to create a new blank line after these 3 lines have been entered - if you don’t do this, you’ll get error messages about the format of the file
Test the anchor file:
sudo pfctl -vnf /etc/pf.anchors/com.papercut
Add the anchor file to the pf.conf file:
sudo vi /etc/pf.conf
Add in the following lines under each corresponding section - e.g. the rdr-anchor line under the current rdr-anchor line, and the load anchor under the current load-anchor statement:
rdr-anchor "port80"
load anchor "port80" from "/etc/pf.anchors/com.papercut"
Load the pf.conf file automatically:
This can be done either manually (see below) or create a dedicated Launch Daemon to load and enable the config on boot, or edit the current daemon for pf to enable the new config automatically at startup:
sudo vi /System/Library/LaunchDaemons/com.apple.pfctl.plist
Then within the section detailing the program arguments:
<key>ProgramArguments</key>
Add in an extra string with -e, which will enable the config, as per:
<string>pfctl</string> <string>-e</string> <string>-f</string> <string>/etc/pf.conf</string> Then save the file, exit and restart the server to test.
Other notes: To test this method manually (no restart required) you can use sudo pfctl -ef /etc/pf.conf which will load and enable the pf.conf file, which will then call the com.papercut anchor file.
Additionally, if you want to try this out without making any changes to config files, you can test this temporarily (it will not retain the settings after a restart) by running:
echo "
rdr pass on lo0 inet proto tcp from any to self port 80 -> 127.0.0.1 port 9191
rdr pass on en0 inet proto tcp from any to any port 80 -> 127.0.0.1 port 9191
rdr pass on en1 inet proto tcp from any to any port 80 -> 127.0.0.1 port 9191
" | sudo pfctl -ef -
OS X 10.9 and earlier: With earlier versions of Mac OS, ipfw was the primary way to handle firewall changes and port forwarding. With 10.7, the preference was to use PF but the ipfw utility was still included with Mac OS.
As detailed on the original link at the top of this page, with 10.9 and earlier, you can run this command to configure ipfw to forward port 80 to port 9191:
sudo /sbin/ipfw add 102 fwd 127.0.0.1,9191 tcp from any to any 80 in
Comments
0 comments
Please sign in to leave a comment.