IPFW + Portforwarding

Leander S. leander.schaefer at googlemail.com
Mon Oct 20 21:43:17 UTC 2008 

Hi,

I'm trying to set up something like a HotSpot. Goal is it to force 
unregistred users to get redirected to the Captive Portalsite where 
they'll be able to agree my licence therms and get some information ... 
etc. ...

So fact is I need an IPFW rule which forwards Port 80,443,8080 Traffic 
to another Port i.e. 8080 --> where my Apache will already wait for 
serving the Captive Portalsite back to the request.

So I did read the man and saw something like the fwd rule and the Kernel 
Option for it - so I added the option - rcompiled the Kernel and gave my 
Firewall the following fwd rule in an extra script:

       ${fwcmd} add 01100 fwd ${LAN_IP},8080 tcp from ${LAN} to any 
80,443,8080 in via ${LAN_if}


^^ But it's sadly not working ....


so here is my whole Firewallscript.
Btw. my IPFW is compiled as default deny into the Kernel.






The Script:
____________________________________________________________________________ 



#!/bin/sh

if [ -z "${source_rc_confs_defined}" ]; then
       if [ -r /etc/defaults/rc.conf ]; then
               . /etc/defaults/rc.conf
               source_rc_confs
       elif [ -r /etc/rc.conf ]; then
               . /etc/rc.conf
       fi
fi


#############################
#### Globale Variablen: #####
#############################

WAN_if="msk0"
WAN_IP="10.1.10.50"
WAN_net="255.0.0.0"
WAN="10.0.0.0/8"

LAN_if="ath0"
LAN_IP="192.1.1.1"
LAN_net="255.255.255.0"
LAN="192.1.1.0/24"

fwcmd="/sbin/ipfw -q"


#############################
########## Start: ###########
#############################

### Firewall Reset ###

   ${fwcmd} -f flush


### Localhost ###

   ${fwcmd} add 00100 allow all from any to any via lo0
   ${fwcmd} add 00200 deny all from any to 127.0.0.0/8
   ${fwcmd} add 00300 deny all from 127.0.0.0/8 to any



### WAN Konfiguration ###

   ${fwcmd} add 00400 allow all from any to any via ${WAN_if}
   ${fwcmd} add 00500 divert natd all from any to any in via ${WAN_if}
   ${fwcmd} add 00600 divert natd all from any to any out via ${WAN_if}



### LAN Konfiguration ###

   ### Ping
   ${fwcmd} add 00700 allow icmp from ${LAN} to ${LAN} icmptypes 0,8

   ### Portfreigabe
   ${fwcmd} add 00800 allow tcp from any to ${LAN_IP} 22 in via ${LAN_if}
   ${fwcmd} add 00900 allow tcp from any to ${LAN_IP} 1723 in via ${LAN_if}
   ${fwcmd} add 01000 allow tcp from any to ${LAN_IP} 8080 in via ${LAN_if}

   ### PortalSite - Forwarding:
   ${fwcmd} add 01100 fwd ${LAN_IP},8080 tcp from ${LAN} to any 
80,8080,443 in via ${LAN_if}

   ### Package Detour
   ${fwcmd} add 01200 allow all from any to any out via ${LAN_if}


____________________________________________________________________________ 




Every positiv type of help will be very appreciated !!!
Thanks,

  Leander


P.S. Additionally: This is my first firewallscript - so if this seems to 
be to ugly for you - feel free to give me some NewBee tips and tricks! 
;) THX

More information about the freebsd-ipfw mailing list