From owner-freebsd-current@FreeBSD.ORG Fri Oct 13 14:46:04 2006 Return-Path: X-Original-To: freebsd-current@freebsd.org Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 04BE816A403 for ; Fri, 13 Oct 2006 14:46:04 +0000 (UTC) (envelope-from fulanpeng@gmail.com) Received: from nz-out-0102.google.com (nz-out-0102.google.com [64.233.162.206]) by mx1.FreeBSD.org (Postfix) with ESMTP id D44C243DA2 for ; Fri, 13 Oct 2006 14:46:01 +0000 (GMT) (envelope-from fulanpeng@gmail.com) Received: by nz-out-0102.google.com with SMTP id 13so400551nzn for ; Fri, 13 Oct 2006 07:46:01 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=UdVVPLT8hhPLlI1sVEmbk79eyKW+AB4Ndtl66rHm3SCz62D022YR7l4o4jjyblT/tPFHA1QvUsl19NgNRj23bCfJvrwc43fvTPirAUte1wAgerulCtDBsbyKjPSPExxeF/49BTQ6HNENzApmJ7LOpPh9eJMOUv4VYKORJz3hGI4= Received: by 10.65.210.18 with SMTP id m18mr5067451qbq; Fri, 13 Oct 2006 07:46:01 -0700 (PDT) Received: by 10.64.241.6 with HTTP; Fri, 13 Oct 2006 07:46:01 -0700 (PDT) Message-ID: Date: Fri, 13 Oct 2006 10:46:01 -0400 From: "fulan Peng" To: freebsd-current@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Subject: Please help to forward port 80 to 8800 with ipfw X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Oct 2006 14:46:04 -0000 Hi, I am using Apache on FreeBSD. If I use port 80 for http port, it won't work because the security problem. So I configured Apache to listen port 8800. Now the customer has type http://breakevilaxis.org:8800 to get on my web site. This is no good. So I have to forward port 80 request to port 8800. I guess what I should do is to ipfw add 100 fwd 127.0.0.0,80 tcp from any to any 8800 in But I got an error when I execute the command. I have compiled the kernel with LINT configuration. I did make LINT, make cleandepend;make depend;make;make install I really do not what is the kernel I am running. I doubt it is still the old kernel which the IPFIREWALL_FORWARD is not selected. Please help me to achieve this. breakevilaxis#uname -a FreeBSD breakevilaxis.org 7.0-CURRENT-200610 FreeBSD 7.0-CURRENT-200610 #0: Mon Oct 2 05:44:21 UTC 2006 root@stiles.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64 breakevilaxis# ipfw add 100 fwd 127.0.0.1,80 tcp from any to any 8800 in ipfw: getsockopt(IP_FW_ADD): Invalid argument dmesg: ... Trying to mount root from ufs:/dev/ad8s1a ipfw2 (+ipv6) initialized, divert loadable, rule-based forwarding disabled, defa ult to deny, logging disabled bge0: link state changed to UP ... breakevilaxis# ipfw list 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 00300 deny ip from 127.0.0.0/8 to any 00400 allow ip from 192.168.0.52 to 192.168.0.0/24 00500 allow ip from 192.168.0.0/24 to 192.168.0.52 00600 allow tcp from any to any established 00700 allow ip from any to any frag 00800 allow tcp from any to 192.168.0.52 dst-port 25 setup 00900 allow tcp from 192.168.0.52 to any setup 01000 deny tcp from any to any setup 01100 allow udp from 192.168.0.52 to any dst-port 53 keep-state 01200 allow udp from 192.168.0.52 to any dst-port 123 keep-state 65535 deny ip from any to any rc.conf ... firewall_enable="YES" firewall_type="client" ... rc.firewall .... case ${firewall_type} in [Oo][Pp][Ee][Nn]) setup_loopback ${fwcmd} add 65000 pass all from any to any ;; [Cc][Ll][Ii][Ee][Nn][Tt]) net="192.168.0.52" mask="255.255.255.0" ip="192.168.0.52" setup_loopback ${fwcmd} add pass all from ${ip} to ${net}:${mask} ${fwcmd} add pass all from ${net}:${mask} to ${ip} ${fwcmd} add pass tcp from any to any established ${fwcmd} add pass all from any to any frag ${fwcmd} add pass tcp from any to ${ip} 25 setup ${fwcmd} add pass tcp from ${ip} to any setup ${fwcmd} add deny tcp from any to any setup ${fwcmd} add pass udp from ${ip} to any 53 keep-state ${fwcmd} add pass udp from ${ip} to any 123 keep-state ;;