Date: Tue, 21 Oct 2008 08:47:12 +0400 From: Roman Kurakin <rik@inse.ru> To: John Hay <jhay@meraka.org.za> Cc: "Leander S." <leander.schaefer@googlemail.com>, freebsd-ipfw@freebsd.org Subject: Re: IPFW + Portforwarding Message-ID: <48FD5ED0.2030909@localhost.inse.ru> In-Reply-To: <20081021040349.GA29232@zibbi.meraka.csir.co.za> References: <48FCF5DA.5060802@googlemail.com> <20081021040349.GA29232@zibbi.meraka.csir.co.za>
next in thread | previous in thread | raw e-mail | index | archive | help
John Hay wrote: > On Mon, Oct 20, 2008 at 11:19:22PM +0200, Leander S. wrote: > >> Hi, >> >> I'm trying to set up something like a HotSpot. Goal is it to force >> unregistred users to get redirected to the Captive Portalsite where >> they'll be able to agree my licence therms and get some information ... >> etc. ... >> >> So fact is I need an IPFW rule which forwards Port 80,443,8080 Traffic >> to another Port i.e. 8080 --> where my Apache will already wait for >> serving the Captive Portalsite back to the request. >> >> So I did read the man and saw something like the fwd rule and the Kernel >> Option for it - so I added the option - rcompiled the Kernel and gave my >> Firewall the following fwd rule in an extra script: >> >> ${fwcmd} add 01100 fwd ${LAN_IP},8080 tcp from ${LAN} to any >> 80,443,8080 in via ${LAN_if} >> Try to make the rule stateful, eq add 'setup keep-state'. Also add some logging in the rule and add the last one additional deny with the logging. > You have to catch it where it is going out and not in. Fwd only works > when packets are out bound. > But how this works for me? ipfw fwd 192.168.0.4,3128 log logamount 1000 tcp from 172.22.4.0/24 to 172.22.4.254 dst-port 3128 setup in via vr0 keep-state rik > John >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?48FD5ED0.2030909>