Date: Thu, 25 Sep 2008 16:31:47 -0700 From: "Tim Gustafson" <tjg@soe.ucsc.edu> To: <freebsd-questions@freebsd.org> Subject: NATD Reverse Proxy Message-ID: <5A97CB869CB943CA9C29606D8E52DF5E@soe.cse.ucsc.edu>
next in thread | raw e-mail | index | archive | help
Hi, I'm trying to build a server that will act as a gateway between my wireless network and the rest of the world. Here's an overview of the current setup: 1. FreeBSD 7.1 2. isc-dhcp3-server-3.0.5_2 3. natd configured to connect fxp0 (public network, dynamic IP) to fxp1 (private network, static IP) 4. ipfw 5. bind 6. apache 2.2 7. php 5.2.6 Right now, when someone connects to the private net, they get an IP address and can connect to the Internet no problemo. So, this is all working so far. What I'd like to do next is this: When someone obtains an IP address, I'm going to configure DHCP to block that IP using IPFW initially, and I'd like to redirect any requests that come from that IP to port 80 or 443 to be silently redirected to the local Apache installation, where the user can enter their login and password. Once they've been authenticated, the firewall will allow them to connect out to everywhere else. So, it seems to me that I need to use natd again to do a silent proxy of traffic from certain IPs on the private net to the server box. But, since I'm already using natd, I'm a little perplexed about how to set this up. Do I need to run a second instance of natd on a different port, and then update the firewall rules to divert to one or the other based on the user's authentication status? Or can this all be configured in one natd instance? Tim Gustafson SOE Webmaster UC Santa Cruz tjg@soe.ucsc.edu 831-459-5354
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5A97CB869CB943CA9C29606D8E52DF5E>