The tricks behind pow!

pow! has two superuser features I want to extract to work with my vagrant, openvpn setup: custom top-level domain and port forwarding so I can set up an app server on each workstation, like https://mikan.desu

To setup the desu top-level domain, create a file (as root) in /etc/resolver/desu:

# contents of /etc/resolver/desu
nameserver 127.0.0.1
port 5053

The high level port is key because you don't need to be root to bind a dns service to that port. Requests for mikan.desu's address will go to 127.0.0.1:5053, which could be a bind server or a vagrant guest.

To redirect traffic to port 80 and 443, sudo privileges are required but only to set up the network. Like the dns service, the web service will be bound to a high port without root privileges.

Enable forwarding:

sudo sysctl -w net.inet.ip.forwarding=1

Direct port 80 to 8080, port 443 to 8443:

sudo ipfw add fwd 127.0.0.1,8080 tcp from any to any 80 "in" 
sudo ipfw add fwd 127.0.0.1,8443 tcp from any to any 443 "in"