Date: Sun, 27 Aug 2000 11:42:16 -0700 From: Kent Stewart <kstewart@urx.com> To: Chip <chip@wiegand.org> Cc: "freebsd-questions@freebsd.org" <freebsd-questions@FreeBSD.ORG> Subject: Re: IPFW redirect rule? Message-ID: <39A96108.5DF34E88@urx.com> References: <39A8AC92.1203D118@wiegand.org> <39A8AEB7.F03138FF@urx.com> <39A8AFA4.CDC6981A@urx.com> <39A94963.CA8856E8@wiegand.org> <39A94B4A.197F7BB6@wiegand.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Chip wrote: > > Could it be as simple as this? -> > 00100 divert 8668 ip from 208.194.173.xx:80 to 192.168.0.7:80 via dc0 > I wonder about the line number though, my rc.firewall > rules do not have line numbers, they start with /sbin/ipfw, > so do I leave those off and replace them with /sbin/ipfw > when I add the necessary line to my rules? This is beyond my knowledge but I think if you divert to the other machine too soon, you don't have a firewall. You need to check for a number of things. The bad non-routables, spoofing and then divert your port 80 requests to your web server. I think a side effect would be not browsing from your other machines. I thought at first a "fwd" command would be the choice but I don't have any idea at that point. I have an internal W2K server that I use to maintain my FrontPage stuff on. I ftp my web stuff from it to my FreeBSD machine. WS-FTP Pro will order by date and that makes it easy to move everything above the old log. I also want people to see Apache and not IIS. Kemt > > -- > Chip W. > www.wiegand.org > Alternative Operating Systems > > Chip wrote: > > > Kent Stewart wrote: > > > > > Kent Stewart wrote: > > > > > > > > Chip wrote: > > > > > > > > > > I am setting up a machine as a firewall and am starting by > > > > > using the default ipfw rc.firewall rules and am following > > > > > the instructions in the Complete FreeBSD book by Greg > > > > > Lehey. I want to add a redirect rule to allow access to my > > > > > web server on another machine. I am not sure if I use rdr > > > > > or divert, maybe I am confusing ipfw and ipfilter stuff. > > > > > I haven't found an answer on the FreeBSD Diary or in > > > > > the archives. My kernel is reconfigured as directed in the > > > > > book, everything else is set up as per the instructions. > > > > > My firewall machine has two nics, one with the public > > > > > ip address,208.194.173.xx, the other with a private ip > > > > > address, part of my home network. My web server also > > > > > has a private ip address, part of my home network, > > > > > 192.168.0.x. I'm sure this is probably no problem, I > > > > > just haven't found the answer anywhere. > > > > > > > > I had the same experience. I found the example at > > > > http://www.mostgraveconcern.com/freebsd/ for the "Dual homed setup" > > > > worked out of the box. > > > > > > I forgot something. The latest rc.firewall has a divert located at the > > > top of "Simple". I modified my addition of the "Dual Homed setup" to > > > look like that for the non-routeable networks. > > > > > > That eliminates the "in" and "out" sections for those networks. > > > > > > > That works if the web server is on the same box as the firewall, > > in my case it is not. My web server and firewall boxes are two > > seperate machines, firewall ipaddress are: > > 208.194.173.xx and 192.168.0.1 > > and the ipaddress of the web server is: > > 192.168.0.7 > > so the rule needs to redirect 208.194.173.xx:80 to 192.168.0.7:80 > > This is where I haven't found the correct way to right > > the rule. > > > > -- > > Chip W. > > www.wiegand.org > > Alternative Operating Systems > > > > > > > > Kent > > > > > > -- > > > Kent Stewart > > > Richland, WA > > > > > > > How are things in the Tri-Cities these days? I am a native > > of Kennewick. Now living in *ugh* the Seattle area. In > > Mountlake Terrace, near Edmonds and Lynnwood. > > > > > > > > mailto:kbstew99@hotmail.com > > > http://kstewart.urx.com/kstewart/index.html > > > FreeBSD News http://daily.daemonnews.org/ > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-questions" in the body of the message -- Kent Stewart Richland, WA mailto:kbstew99@hotmail.com http://kstewart.urx.com/kstewart/index.html FreeBSD News http://daily.daemonnews.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?39A96108.5DF34E88>