From owner-freebsd-current@FreeBSD.ORG Fri Oct 13 15:19:05 2006 Return-Path: X-Original-To: freebsd-current@freebsd.org Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7DF7E16A4E0 for ; Fri, 13 Oct 2006 15:19:05 +0000 (UTC) (envelope-from dan@dan.emsphone.com) Received: from dan.emsphone.com (dan.emsphone.com [199.67.51.101]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0883943E19 for ; Fri, 13 Oct 2006 15:17:49 +0000 (GMT) (envelope-from dan@dan.emsphone.com) Received: (from dan@localhost) by dan.emsphone.com (8.13.6/8.13.8) id k9DFHST9066640; Fri, 13 Oct 2006 10:17:28 -0500 (CDT) (envelope-from dan) Date: Fri, 13 Oct 2006 10:17:28 -0500 From: Dan Nelson To: fulan Peng Message-ID: <20061013151728.GA41884@dan.emsphone.com> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-OS: FreeBSD 6.2-PRERELEASE X-message-flag: Outlook Error User-Agent: Mutt/1.5.13 (2006-08-11) Cc: freebsd-current@freebsd.org Subject: Re: Please help to forward port 80 to 8800 with ipfw X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Oct 2006 15:19:05 -0000 In the last episode (Oct 13), fulan Peng said: > I am using Apache on FreeBSD. If I use port 80 for http port, it > won't work because the security problem. So I configured Apache to > listen port 8800. Now the customer has type > http://breakevilaxis.org:8800 to get on my web site. This is no good. > So I have to forward port 80 request to port 8800. I guess what I > should do is to ipfw add 100 fwd 127.0.0.0,80 tcp from any to any > 8800 in But I got an error when I execute the command. I have > compiled the kernel with LINT configuration. I did make LINT, make > cleandepend;make depend;make;make install I really do not what is the > kernel I am running. I doubt it is still the old kernel which the > IPFIREWALL_FORWARD is not selected. Please help me to achieve this. > > breakevilaxis#uname -a > FreeBSD breakevilaxis.org 7.0-CURRENT-200610 FreeBSD > 7.0-CURRENT-200610 #0: Mon Oct 2 05:44:21 UTC 2006 > root@stiles.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64 That says your system is running a GENERIC kernel, compiled Oct 2. My guess is you didn't reboot after installing your new kernel. Also, you probably don't want to install the LINT kernel, since it includes every driver FreeBSD supports and lots of debugging code. Just copy GENERIC to a new name, change the "ident" line to match the new filename, and add IPFIREWALL_FORWARD to it. > breakevilaxis# ipfw add 100 fwd 127.0.0.1,80 tcp from any to any 8800 in > ipfw: getsockopt(IP_FW_ADD): Invalid argument That command works fine on my system with IPFIREWALL_FORWARD in the kernel, but you probably want to swap the port numbers. Your command forwards port 8800 to port 80. ipfw add 100 fwd 127.0.0.1,8800 tcp from any to any 80 in > dmesg: > ... > Trying to mount root from ufs:/dev/ad8s1a > ipfw2 (+ipv6) initialized, divert loadable, rule-based forwarding disabled, > default to deny, logging disabled This line should have said "rule-based forwarding enabled" if IPFIREWALL_FORWARD was in your kernel config. -- Dan Nelson dnelson@allantgroup.com