MacOS Loopback Address Whitelisting

[Z-Kris]

MacOS by default only whitelists the 127.0.0.1 loopback address. This is a problem as we use loopback addresses in the range of 127.x.x.2 for the proxy tool, with one IP corresponding to one game world.
Without whitelisting these addresses, the clients will be unable to communicate with the proxy tool after being patched, rendering the entire process non-functional.

In order to remedy this problem, we need to write a script that can whitelist all the loopback addresses from world 301 up to around 600 - effectively every world that exists in Old School RuneScape. Because this process is only done once (until a reboot occurs), we need to secure all the existing worlds and give some headroom for new worlds that might be added as well.

The problem with whitelisting these loopback addresses is that they require sudo privileges - this is likely not something the proxy tool will have. The current best plan forward is to do these steps:

1. Launch the HTTP server when the proxy tool boots up.
2. If the operating system is MacOS, attempt to ping the HTTP server on. If the ping is successful, do nothing - the addresses have been whitelisted. If it isn't successful, go to step 3.
3. Launch a modal window asking the user for the sudo password, with an explanation for why this is necessary.
4. Once the sudo password has been acquired, run the script with sudo privileges, whitelisting all the loopback addresses that we'll need.
5. Restart the HTTP server - it is unclear whether this is necessary, but it probably is.

The command to whitelist a loopback address is sudo ifconfig lo0 alias 127.x.x.2.

[kylmp]

Probably just providing a script to run would work. I think if someone is messing with rsprox they will know how to run a script. Add a line to the setup instructions for mac users.

BTW thanks for the post, this got my rsprox working.

[notmeta]

Probably just providing a script to run would work. I think if someone is messing with rsprox they will know how to run a script. Add a line to the setup instructions for mac users.

BTW thanks for the post, this got my rsprox working.

I came up with a script that registers all the possible aliases, but in my limited testing it made the general networking of my machine super slow and also doesn't persist across reboots which is far from ideal.

Probably just providing a script to run would work. I think if someone is messing with rsprox they will know how to run a script. Add a line to the setup instructions for mac users.
BTW thanks for the post, this got my rsprox working.

I came up with a script that registers all the possible aliases, but in my limited testing it made the general networking of my machine super slow and also doesn't persist across reboots which is far from ideal.

Can you provide this script?

[notmeta]

Probably just providing a script to run would work. I think if someone is messing with rsprox they will know how to run a script. Add a line to the setup instructions for mac users.
BTW thanks for the post, this got my rsprox working.

I came up with a script that registers all the possible aliases, but in my limited testing it made the general networking of my machine super slow and also doesn't persist across reboots which is far from ideal.

Can you provide this script?

#!/bin/bash

# Loop for the range 127.1.x.2 where x is 44..255
for ((x=44; x<=255; x++))
do
    sudo ifconfig lo0 alias 127.1.$x.2
done

# Loop for the range 127.2.x.2 where x is 0..88
for ((x=0; x<=88; x++))
do
    sudo ifconfig lo0 alias 127.2.$x.2
done

echo "Alias IPs have been added to lo0 interface."

[CygnixDev]

Some additional context:

• With 200+ aliases, networking for the whole device comes to pretty much a grinding halt. 10+ seconds of wait time with every DNS lookup/request to services.
• There's no alternative way on macOS to efficiently alias a range of IP's as one alias.
• To undo an alias, you can run sudo ifconfig lo0 -alias 127.x.x.2 (note the - bit)

Ideally, you'd only address the current world's IP, as well as the one you're hopping to, but since this requires sudo it likely would lead to loads of disconnects if the rsprox constantly either has to ask or if the alias command / network stack is too slow to execute.

Alternatively, you could inject a custom RuneLite plugin that tracks the current/new world from the client, and that transmits this to rsprot over a socket. That way, you could (in theory) handle most of this using either one or two fixed ip's.

In either case, here's my "disable aliases" script to restore the network stack, which compliments @notmeta's script above that enables said aliases:

 #!/bin/bash

# Loop for the range 127.1.x.2 where x is 44..255
for ((x=44; x<=255; x++))
do
    sudo ifconfig lo0 -alias 127.1.$x.2
done

# Loop for the range 127.2.x.2 where x is 0..88
for ((x=0; x<=88; x++))
do
    sudo ifconfig lo0 -alias 127.2.$x.2
done

echo "Alias IPs have been removed from lo0 interface."

[celoj]

This script worked for me:

#!/bin/bash
set -euo pipefail

# === Config ====================================================
# For each proxy target, configure the world ID range
# GROUP_ID calculation: 2 = OldSchool, 3 = first custom (id: 1), 4 = second custom (id: 2), etc.
# Example: For proxy-targets.yaml with id: 1, use GROUP_ID=3
MIN_WORLD_ID=1        # Minimum world id to whitelist, inclusive.
MAX_WORLD_ID=1000     # Maximum world id to whitelist, inclusive.
GROUP_ID=3            # Proxy target (2 is Oldschool, 3 is first custom with id: 1, etc).
MODE=+                # "+" to whitelist, "-" to un-whitelist
# ===============================================================

for ((w=MIN_WORLD_ID; w<=MAX_WORLD_ID; w++)); do
  a=$(( w / 256 ))
  b=$(( w % 256 ))
  c=$GROUP_ID
  ip="127.$a.$b.$c"

  if [[ "$MODE" == "+" ]]; then
    if ! ifconfig lo0 | grep -q "inet $ip "; then
      sudo ifconfig lo0 alias "$ip" || {
        echo "Warning: Failed to add alias $ip (may already exist or need sudo)" >&2
      }
    fi
  else
    if ifconfig lo0 | grep -q "inet $ip "; then
      sudo ifconfig lo0 -alias "$ip" || {
        echo "Warning: Failed to remove alias $ip" >&2
      }
    fi
  fi
done

echo "Alias IPs ${MODE}configured for worlds $MIN_WORLD_ID..$MAX_WORLD_ID (group $GROUP_ID)."

Important note: GROUP_ID dictates the final value for the ips, i.e.127.x.y.2, 127.x.y.3 and so forth.

Formula that RSProx uses: 127.{worldId>>8}.{worldId&0xFF}.{2 + config.id}

In other words, the GROUP_ID you should use is going to be the id you use in your proxy-targets.yaml + 2. So if it's id: 1 in your proxy-targets, leave GROUP_ID as 3.