Getting Pow to work in OS X Yosemite

pf.md

Getting Pow to work in OS X Yosemite

Some parts taken from: https://gist.github.com/kujohn/7209628

ipfw is officially deprecated and removed in OS X Yosemite. Pow requires another program pf to handle the port forwarding.

1. Anchor file

Create file /etc/pf.anchors/pow

rdr pass on lo0 inet proto tcp from any to 127.0.0.1 port = 80 -> 127.0.0.1 port 20559

Note: Trailing line break is important.

2. Reference anchor in pf.conf

Insert rdr-anchor "pow" and load anchor "pow" from "/etc/pf.anchors/pow" at correct places in /etc/pf.conf, so that it looks like this:

scrub-anchor "com.apple/*"
nat-anchor "com.apple/*"
rdr-anchor "com.apple/*"
rdr-anchor "pow"  # Pow port forwarding
dummynet-anchor "com.apple/*"
anchor "com.apple/*"
load anchor "com.apple" from "/etc/pf.anchors/com.apple"
load anchor "pow" from "/etc/pf.anchors/pow"  # Pow port forwarding

3. Enabling pf

Note: In newer versions of Yosemite Developer Preview, it seems that pf is enabled automatically on boot.

You can enable pf manually via sudo pfctl -ef /etc/pf.conf

However, to enable pf automatically after every boot, save the following as /System/Library/LaunchDaemons/com.apple.pfctl.plist:

<key>ProgramArguments</key>
<array>
<string>pfctl</string>
<string>-e</string>
<string>-f</string>
<string>/etc/pf.conf</string>
</array>

Damn, this still isn't working for me. Still getting an error when trying to install pow:
*** Installing Pow 0.4.3...
*** Installing local configuration files...
*** Starting the Pow server...
*** Performing self-test...
*** Reloading system network configuration...
!!! Couldn't resolve configured domains (dev)

Alright, a reinstall seems to have fixed the issue.
Glad we're getting this out of the way now, we'd have to muck around with this at some point.

Getting a syntax error:

➜ etc sudo pfctl -ef /etc/pf.conf
pfctl: Use of -f option, could result in flushing of rules
present in the main ruleset added by the system at startup.
See /etc/pf.conf for further details.

No ALTQ support in kernel
ALTQ related functions disabled
/etc/pf.conf:29: syntax error
pfctl: Syntax error in config file: pf rules not loaded

Thanks for this — works well aside from failing the self-check, but that's already mentioned here: basecamp/pow#453

@liquid and others getting the syntax error:

both /etc/pf.anchors/pow and /etc/pf.conf must have a trailing line break.

Is there a way to make Apache work with Pow as well? https://github.com/basecamp/pow/wiki/Running-Pow-with-Apache

Works!
Thanks!

Thanks all.

Ahhh why am I not surprised to see your name attached to this gist @zhoutong

I'm getting the same error as @liquid. The thing is, it used to work just a couple of weeks ago.

That's why I'm positive it is not a trailing line break issue (… at least for me). I set the fix up starting from scratch just to be sure, but sudo pfctl -ef /etc/pf.conf still gives the ALTQ warning.

Besides that I also get the infamous self-test fail message:

*** Performing self-test...
!!! Couldn't find a running Pow server on port 20559

And of course the devastating X when trying to launch my app:

Any help is appreciated. It would be cool to have pow working again.

@pattulus I'm having the same problem, did you manage to fix it?

@chrise86 Yes. I just got it… despite of posting a panic question at this issue thread (Yosemite Support #452).

First I added the correct network adapters names:

rdr pass on lo0 inet proto tcp from any to 127.0.0.1 port = 80 -> 127.0.0.1 port 20559
rdr pass on en0 inet proto tcp from any to any port 80 -> 127.0.0.1 port 20559
rdr pass on en1 inet proto tcp from any to any port 80 -> 127.0.0.1 port 20559
rdr pass on en2 inet proto tcp from any to any port 80 -> 127.0.0.1 port 20559

… then still nothing worked until I found out that I had a messed up "Hosts" SymLink in ~/Library/Application Support/Pow. It's now running again. So if you tinker a lot in your files, definitely check if that folder is symlinked to ~/.pow.

@pattulus revert the changes you've already done and replace the ipfw add fwd 127.0.0.1.... in /Library/LaunchDaemons/cx.pow.firewall.plist with the following:

echo "rdr pass on lo0 inet proto tcp from any to any port 80 -> 127.0.0.1 port 20559" | pfctl -a 'com.apple/250.PowFirewall' -f - -E

After an reboot you'll be up and running.

Or the complete file contents:

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>Label</key>
        <string>cx.pow.firewall</string>
        <key>Program</key>
        <string>/bin/sh</string>
        <key>ProgramArguments</key>
        <array>
                <string>sh</string>
                <string>-c</string>
                <string>echo "rdr pass on lo0 inet proto tcp from any to any port 80 -> 127.0.0.1 port 20559" | pfctl -a "com.apple/250.PowFirewall" -f - -E</string>
        </array>
        <key>RunAtLoad</key>
        <true/>
        <key>UserName</key>
        <string>root</string>
</dict>
</plist>

Pow 0.5.0 has it fixed

Perfect, thanks!

By the way, if you are using the app SelfControl it can cause similar symptoms. If you need to fix it instantly, comment out the lines:

anchor "org.eyebeam"
load anchor "org.eyebeam" from "/etc/pf.anchors/org.eyebeam"

then restart pf.

Works. Thank you!

This worked for me. Thank you!

@jmaddi - brilliant! forgot all about that app. i can wait the remaining 1hr 47 min. :)