IPFW + Portforwarding
Roman Kurakin
rik at inse.ru
Tue Oct 21 04:46:50 UTC 2008
John Hay wrote:
> On Mon, Oct 20, 2008 at 11:19:22PM +0200, Leander S. wrote:
>
>> Hi,
>>
>> I'm trying to set up something like a HotSpot. Goal is it to force
>> unregistred users to get redirected to the Captive Portalsite where
>> they'll be able to agree my licence therms and get some information ...
>> etc. ...
>>
>> So fact is I need an IPFW rule which forwards Port 80,443,8080 Traffic
>> to another Port i.e. 8080 --> where my Apache will already wait for
>> serving the Captive Portalsite back to the request.
>>
>> So I did read the man and saw something like the fwd rule and the Kernel
>> Option for it - so I added the option - rcompiled the Kernel and gave my
>> Firewall the following fwd rule in an extra script:
>>
>> ${fwcmd} add 01100 fwd ${LAN_IP},8080 tcp from ${LAN} to any
>> 80,443,8080 in via ${LAN_if}
>>
Try to make the rule stateful, eq add 'setup keep-state'. Also add some
logging in the rule
and add the last one additional deny with the logging.
> You have to catch it where it is going out and not in. Fwd only works
> when packets are out bound.
>
But how this works for me?
ipfw fwd 192.168.0.4,3128 log logamount 1000 tcp from 172.22.4.0/24 to
172.22.4.254 dst-port 3128 setup in via vr0 keep-state
rik
> John
>
More information about the freebsd-ipfw
mailing list