Sudo and echo with ofSystem() SOLVED port forwarding from inside app high sierra and mojave compatible


#1

I want to turn on and off port forwarding when I open and close my application.

I can do this with terminal with the following commands, I need it to be autonomous and not need user input.

echo "
rdr pass inet proto tcp from any to any port 80 -> 127.0.0.1 port 8080
rdr pass inet proto tcp from any to any port 443 -> 127.0.0.1 port 8443
" | sudo pfctl -ef -

I am trying to build this command to work with ofSystem and have got this far

ofSystem(echo -ne ”rdr pass inet proto tcp from any to any port 80 -> 127.0.0.1 port 8080 /n rdr pass inet proto tcp from any to any port 443 -> 127.0.0.1 port 8443 " \n | echo -ne “password” | sudo -S pfctl -ef -)

but alas it does not work.

I did not try the disabling function yet, but it is simpler:

sudo pfctl -F all -f /etc/pf.conf

Any clues on how I can do this? I dont want to do this permanently, I would like to start and stop it with my application.

I am on OSX and need this to run form 10.10 to 10.14.

Cheers


#2

Hi, I don’t know if it’s a copy paste error, but you should be passing a string to ofSystem(). So ofSystem("echo yo"); instead of ofSystem(echo yo); (because echo and yo are not valid C++).

Since your command has quotes in it, you should escape those double quotes: ofSystem("echo \"yo\"");

Having your sudo password in the executable doesn’t sound like a very good idea (not safe), but it depends on how much you care about such things.

ps. You didn’t mention in which way it doesn’t work :slight_smile: It fails to compile? Or to do what it should do?


#3

Cheers for the reply, it was a paste error, I was using:

ofSystem("echo -e \”rdr pass inet proto tcp from any to any port 80 -> 127.0.0.1 port 8080 /n rdr pass inet proto tcp from any to any port 443 -> 127.0.0.1 port 8443 \"  /n | echo -en \“password\” | sudo -S pfctl -ef -");

It seems that part of the command works, I get the output as if I had entered:

sudo pfctl -ef -

into terminal and added my password, but the ports are not forwarded.

When I enter this:

echo "
rdr pass inet proto tcp from any to any port 80 -> 127.0.0.1 port 8080
rdr pass inet proto tcp from any to any port 443 -> 127.0.0.1 port 8443
" | sudo pfctl -ef -

pasting in at once to terminal and typing my password the ports are forwarded correctly.

So there is not an error so to speak, as the code compiles and sends something to terminal, but it is not functioning, this is what I want some help with.

I know having the password in the code is less than ideal, but it will be on a single show machine that has no personal info or accounts and will be compiled (no code will be there so at least no passwords in plain text).

Cheers


#4

What if you move that bash code into a script, so you can call ofSystem("enable.sh")? Maybe it’s easier to debug…


#5

Ok, I eventually solved this and it works just the way I wanted. I needed to forward some incoming traffic to a different port, but only while the app was open. I made two bash scripts and called them from ofSystem().

My bash script for forwarding the ports was called portOn and contained this:

#!/bin/bash

echo "
rdr pass inet proto tcp from any to any port 80 -> 127.0.0.1 port 8080
rdr pass inet proto tcp from any to any port 443 -> 127.0.0.1 port 8443
" | sudo pfctl -ef -

and for stopping the forwarding it was called portOff and contained this:

#!/bin/bash

sudo pfctl -F all -f /etc/pf.conf

To call the scripts with ofSystem() I used this:

ofSystem("echo myPassword | sudo -S command sudo sh path/to/portOn.sh");

ofSystem("echo myPassword | sudo -S command sudo sh path/to/portOff.sh");

I was having problems because to include a password in a command I would have ot use echo and the command I was calling also needed an echo. I am sure there are better ways to do this, but this one is working great and I don’t have to make permanent changes to my ports.