macOS 10.14 or later no longer enforces privileged ports, which means you can bind local or dynamic port forwarding to port numbers less than 1024 without run as root.
For example:
It's worth noting that the bind address has to be set to 0.0.0.0
(for IPv4) or ::
(for IPv6), otherwise you may come across a permission error:
bind [127.0.0.1]:443: Permission denied
In the context of servers, 0.0.0.0
or ::
means all IPv4 or IPv6 addresses on the local machine. If a host has two IP addresses, 192.168.1.1 and 10.1.2.1, and a server running on the host listens on 0.0.0.0
, it will be reachable at both of those IPs.
WARNING: DO NOT bind to 0.0.0.0
or ::
on an untrusted network (airport, coffee shop, etc.), this leaves you unprotected against malicious users in the same public network.