From owner-freebsd-questions@FreeBSD.ORG Thu Apr 10 22:09:30 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5189E1065677 for ; Thu, 10 Apr 2008 22:09:30 +0000 (UTC) (envelope-from ml@t-b-o-h.net) Received: from vjofn.tucs-beachin-obx-house.com (vjofn-pt.tunnel.tserv1.fmt.ipv6.he.net [IPv6:2001:470:1f00:ffff::5e5]) by mx1.freebsd.org (Postfix) with ESMTP id E62148FC19 for ; Thu, 10 Apr 2008 22:09:29 +0000 (UTC) (envelope-from ml@t-b-o-h.net) Received: from himinbjorg.tucs-beachin-obx-house.com ([208.45.246.58]) (authenticated bits=0) by vjofn.tucs-beachin-obx-house.com (8.14.2/8.14.2) with ESMTP id m3AM9Bca094696; Thu, 10 Apr 2008 18:09:22 -0400 (EDT) Received: from himinbjorg.tucs-beachin-obx-house.com (localhost.tucs-beachin-obx-house.com [127.0.0.1]) by himinbjorg.tucs-beachin-obx-house.com (8.13.8/8.13.6) with ESMTP id m3AM9A4C041471; Thu, 10 Apr 2008 18:09:11 -0400 (EDT) (envelope-from ml@t-b-o-h.net) Received: (from tbohml@localhost) by himinbjorg.tucs-beachin-obx-house.com (8.13.8/8.13.6/Submit) id m3AM9AL1041470; Thu, 10 Apr 2008 18:09:10 -0400 (EDT) (envelope-from tbohml) From: "Tuc at T-B-O-H.NET" Message-Id: <200804102209.m3AM9AL1041470@himinbjorg.tucs-beachin-obx-house.com> To: dnelson@allantgroup.com (Dan Nelson) Date: Thu, 10 Apr 2008 18:09:10 -0400 (EDT) In-Reply-To: <20080330014331.GF28690@dan.emsphone.com> X-Mailer: ELM [version 2.5 PL8] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: "Tuc at T-B-O-H.NET" , freebsd-questions@freebsd.org Subject: Re: [freebsd-questions] Re: Quick+easy port redirect X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Apr 2008 22:09:30 -0000 > > In the last episode (Mar 28), Tuc at T-B-O-H.NET said: > > Is there a quick/easy (cookbook?) way to do port redirects. > > Basically I want that anything that leaves a specific interface to > > any ip on port 80 go to 192.168.0.1 port 87. > > > > I'm using ipfw for some other things so it has to work and play > > well with that. > > Make sure "options IPFIREWALL_FORWARD" is in your kernel config: > > ipfw add 500 forward 192.168.0.1 tcp from any to any 80 > > Note that this is a routing-style forward. The source and destination > addresses are unchanged, so you will likely need another ipfw fwd rule > at the destination machine to capture the traffic and force-forward it > to 127.0.0.1:87 (or wherever you want it to go). If you're planning on > passing the traffic to squid, there's a big FAQ section with some > alternate methods: http://wiki.squid-cache.org/SquidFaq/InterceptionProxy > Hi, I tried that (Well, 192.168.0.1,87) and it seem to have any effect, as you said that its a routing style forward. It hits my router and that ignores it and keeps on processing normally. I really am looking for a NAT type situation here. I already use the InterceptionProxy wiki to get it to pass it to Squid, thats been running great. My problem is when my primary Wireless Broadband goes down, it needs to take satellite. When it takes satellite, to get a Web acceleration thing going, I need to force it to the satellite modem port 80. SO, as clunky as it is, I used a rule that anything outbound on tun1 (OpenVPN over the satellite) goes to 127.0.0.1,87, which rinetd outta ports sends it to 192.168.0.1,87. Thanks, Tuc I ended up