1# FAQ
 2
 3## Contents
 4
 5- [Privileged ports on Docker for Mac](#privileged-ports-on-docker-for-mac)
 6
 7## Privileged ports on Docker for Mac
 8
 9There is an [issue](https://github.com/moby/vpnkit/issues/92) with the MacOS
10firewall and Docker that prevents accessing privileged ports (`< 1024`) from
11outside of the Docker host if the firewall is turned on, despite allowing
12incoming connections.
13
14As a workaround, we can use the MacOS built-in packet filter (`pf`) to forward
15privileged ports to non-privileged ports on the host with the use of a helper
16script:
17
18```sh
19bin/forward-ports.sh [[nic:]port=[ip:]port [...]]
20```
21
22If no network interface is given, forwards from all interfaces.  
23**This is not recommended on a public network.**
24
25If no IP is given, forwards to `localhost` (`127.0.0.1`).
26
27e.g. the following command forwards ports `80` and `443` on the network
28interface `vnic0` to ports `8080` and `8443` on `localhost` respectively:
29
30```sh
31bin/forward-ports.sh vnic0:80=8080 vnic0:443=8443
32```
33
34To display a list of available network interfaces, run the following command:
35
36```sh
37ifconfig
38```
39
40To reset to the original packet filter rules, simply run the helper script
41without arguments:
42
43```sh
44bin/forward-ports.sh
45```
46
47Please note that the helper script forwarding rules are only loaded in-memory
48and will be reset after a restart.