Max OS 下用 pfctl 做 ip 转发不生效，有人知道为啥吗？

网卡 en0 的地址是 192.168.1.8 吗。还有如果是的话，那个 lo0 怎么也会是 192.168.1.8 呢？

rdr on lo0 inet proto tcp from any to 192.168.1.8 port 80 -> 192.168.1.10 port 8000
pass out on en0 route-to lo0 inet proto tcp from any to 192.168.1.8 port 80

上面的规则不对...

rdr on lo0 inet proto tcp from any to 172.217.3.110 port {80, 443} -> 127.0.0.1 port 7892
pass out on en0 route-to lo0 inet proto tcp from any to 172.217.3.110 port {80, 443}

这条规则可以实现
本机访问 172.217.3.110 端 80 443 时转到本机 7892 端口
自己思考一下怎么对应

# Work-around to redirect traffic originating from the machine itself

Follow steps 1, 2 as above, but in step 2 change the contents of the file pf.conf to

#The ports to redirect to proxy
redir_ports = "{http, https}"

#The address the transparent proxy is listening on
tproxy = "127.0.0.1 port 8080"

#The user the transparent proxy is running as
tproxy_user = "nobody"

#The users whose connection must be redirected.
#
#This cannot involve the user which runs the
#transparent proxy as that would cause an infinite loop.
#

rdr pass proto tcp from any to any port $redir_ports -> $tproxy
pass out route-to (lo0 127.0.0.1) proto tcp from any to any port $redir_ports user { != $tproxy_user }

Follow steps 3-5 above. This will redirect the packets from all users other than nobody on the machine to mitmproxy. To avoid circularity, run mitmproxy as the user nobody. Hence step 6 should look like:

sudo -u nobody mitmproxy --mode transparent --showhost