Portforwarding - still the same issue

Leander S. leander.schaefer at gmx.net
Mon Oct 27 14:19:39 UTC 2008 

Another question would be if it is neccesary to open port 80 secificaly 
before doing some fwd .. or dows the fwd command also open port 80? I'm 
just not sure wether port 80 is opend twice - which wouldn't make sence ...



      ### HTTP Traffic forwarding to Apache:8080
      ${fwcmd} add 21200 allow tcp from any to ${LAN_IP} 80 in via 
${LAN_if}
      ${fwcmd} add 21300 allow tcp from any to ${LAN_IP} 8080 in via 
${LAN_if}
      ${fwcmd} add 21400 fwd ${LAN_IP},8080 tcp from ${LAN} to me 80 
setup in via ${LAN_if} keep-state



root ~ #  ipfw show
20100    8    4416 allow ip from any to any via lo0
20200    0       0 deny ip from any to 127.0.0.0/8
20300    0       0 deny ip from 127.0.0.0/8 to any
20400   40    4608 allow ip from any to any via msk0
20600    0       0 divert 8668 ip from any to any via msk0
20700    0       0 allow icmp from 192.1.1.0/24 to 192.1.1.0/24 
icmptypes 0,8
20800    0       0 allow tcp from any to 192.1.1.1 dst-port 1723 in via 
ath0
20900    0       0 allow gre from any to 192.1.1.0/24
21000    0       0 allow gre from 192.1.1.0/24 to any
21100    0       0 allow gre from 192.1.1.0/24 to any out via ath0
21200  450   38013 allow tcp from any to 192.1.1.1 dst-port 80 in via ath0
21300   79   23633 allow tcp from any to 192.1.1.1 dst-port 8080 in via 
ath0
21400    0       0 fwd 192.1.1.1,8080 tcp from 192.1.1.0/24 to me 
dst-port 80 setup in via ath0 keep-state
21500  904 1243836 allow ip from any to any out via ath0
65535 5922  575146 deny ip from any to any
root ~ #

root ~ #  sockstat | grep 8080
www      httpd      6413  5  tcp46  *:8080                *:*
www      httpd      6390  5  tcp46  *:8080                *:*
www      httpd      6389  5  tcp46  *:8080                *:*
www      httpd      6388  5  tcp46  *:8080                *:*
www      httpd      6384  5  tcp46  *:8080                *:*
www      httpd      1459  5  tcp46  *:8080                *:*
www      httpd      840   5  tcp46  *:8080                *:*
www      httpd      839   5  tcp46  *:8080                *:*
www      httpd      838   5  tcp46  *:8080                *:*
www      httpd      837   5  tcp46  *:8080                *:*
root     httpd      751   5  tcp46  *:8080                *:*
root ~ #

Btw.: IPFW and anything else is compiled statically into FreeBSD Kernel 
- NO_MODULES=YES


Regards,

 Leander

More information about the freebsd-ipfw mailing list