1

I want to execute the following shell script

system('echo "
    rdr pass on lo0 inet proto tcp from any to 192.168.99.1 port 80 -> 192.168.99.1 port 8080
    rdr pass on lo0 inet proto tcp from any to 192.168.99.1 port 443 -> 192.168.99.1 port 4443
    " | sudo pfctl -ef - > /dev/null 2>&1; echo "==> Fowarding Ports: 80 -> 8080, 443 -> 4443 & Enabling pf"'
)

This works fine, i now want to pass the IP address loaded from a YAML file, i tried the following

config.yaml

configs:
    use: 'home'
    office:
        public_ip: '192.168.99.2'
    home:
        public_ip: '192.168.99.1'

Vagrantfile

require 'yaml'

current_dir    = File.dirname(File.expand_path(__FILE__))
configs        = YAML.load_file("#{current_dir}/config.yaml")
vagrant_config = configs['configs'][configs['configs']['use']]

system('echo "
    rdr pass on lo0 inet proto tcp from any to '+vagrant_config['public_ip']+' port 80 -> '+vagrant_config['public_ip']+' port 8080
    rdr pass on lo0 inet proto tcp from any to '+vagrant_config['public_ip']+' port 443 -> '+vagrant_config['public_ip']+' port 4443
    " | sudo pfctl -ef - > /dev/null 2>&1; echo "==> Fowarding Ports: 80 -> 8080, 443 -> 4443 & Enabling pf"'
)

The second method does not work, nor it shows any error, can someone point me to the right direction, what i want is to read public_ip dynamically from config file or variable

Thanks

UPDATE 1

I get the following output

pfctl: Use of -f option, could result in flushing of rules
present in the main ruleset added by the system at startup.
See /etc/pf.conf for further details.

No ALTQ support in kernel
ALTQ related functions disabled
pfctl: pf already enabled

What can be possibly wrong?

Improve this question
3
  • What is the result from vagrant_config['public_ip']? Commented Apr 7, 2016 at 17:03
  • Run pfctl with the '-v' option to get more verbose output. You may also want to try writing the rdr commands to a file and referencing that file as the '-f' option is to read from a file (piping may not work). Commented Apr 7, 2016 at 17:05
  • @SilverPhoenix I get 192.168.99.1, strangely it started working when i restarted Commented Apr 7, 2016 at 17:11

1 Answer 1

Reset to default
1

For troubleshooting purposes, it would be wise to output the command you're going to run prior to sending it out to system.

cmd = 'echo "
rdr pass on lo0 inet proto tcp from any to '+vagrant_config['public_ip']+' port 80 -> '+vagrant_config['public_ip']+' port 8080
rdr pass on lo0 inet proto tcp from any to '+vagrant_config['public_ip']+' port 443 -> '+vagrant_config['public_ip']+' port 4443
" | sudo pfctl -ef - > /dev/null 2>&1; echo "==> Fowarding Ports: 80 -> 8080, 443 -> 4443 & Enabling pf"'

puts "Command to run:\n\n#{cmd}"
system( cmd )

Then, it would be wise to make the output from the system command visible. To make sure you get this feedback, I suggest you replace

sudo pfctl -ef - > /dev/null 2>&1

with (adding '-v' for more verbose output - pfctl man page)

sudo pfctl -efv -

and then look for the output and/or error messages.

Then, once the bugs are sorted out, you can put it back into stealthy, quiet mode :D

Also, since you are running with sudo you'll need to make sure the shell you're running within has sudo privileges and also make sure you're not being prompted for a password unknowingly.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

It does show me password prompt, when i enter it, it works, do you see anything wrong with the syntax?
Updated my question with the output
Strangely it started working when i restarted, thanks anyway for the help

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.