From owner-freebsd-questions@FreeBSD.ORG  Fri Sep 26 04:10:43 2008
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 248C5106568D
	for <freebsd-questions@freebsd.org>;
	Fri, 26 Sep 2008 04:10:43 +0000 (UTC) (envelope-from on@cs.ait.ac.th)
Received: from mail.cs.ait.ac.th (mail.cs.ait.ac.th [192.41.170.16])
	by mx1.freebsd.org (Postfix) with ESMTP id 84D098FC17
	for <freebsd-questions@freebsd.org>;
	Fri, 26 Sep 2008 04:10:42 +0000 (UTC) (envelope-from on@cs.ait.ac.th)
Received: from banyan.cs.ait.ac.th (banyan.cs.ait.ac.th [192.41.170.5])
	by mail.cs.ait.ac.th (8.13.1/8.13.1) with ESMTP id m8Q4AldD097271
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Fri, 26 Sep 2008 11:10:47 +0700 (ICT)
	(envelope-from on@banyan.cs.ait.ac.th)
Received: (from on@localhost)
	by banyan.cs.ait.ac.th (8.14.2/8.12.11) id m8Q4F4u7074316;
	Fri, 26 Sep 2008 11:15:04 +0700 (ICT)
Date: Fri, 26 Sep 2008 11:15:04 +0700 (ICT)
Message-Id: <200809260415.m8Q4F4u7074316@banyan.cs.ait.ac.th>
From: Olivier Nicole <on@cs.ait.ac.th>
To: kdk@daleco.biz
In-reply-to: <48DC5E21.5010008@daleco.biz> (message from Kevin Kinsey on Thu, 
	25 Sep 2008 22:59:29 -0500)
References: <5A97CB869CB943CA9C29606D8E52DF5E@soe.cse.ucsc.edu>
	<48DC5E21.5010008@daleco.biz>
X-Virus-Scanned: on CSIM by amavisd-milter (http://www.amavis.org/)
Cc: tjg@soe.ucsc.edu, freebsd-questions@freebsd.org
Subject: Re: NATD Reverse Proxy
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Sep 2008 04:10:43 -0000

> I'm trying to build a server that will act as a gateway between my wireless
> network and the rest of the world.  Here's an overview of the current setup:
> 
> 1. FreeBSD 7.1
> 2. isc-dhcp3-server-3.0.5_2
> 3. natd configured to connect fxp0 (public network, dynamic IP) to fxp1
> (private network, static IP)
> 4. ipfw
> 5. bind
> 6. apache 2.2
> 7. php 5.2.6
> 
> Right now, when someone connects to the private net, they get an IP address
> and can connect to the Internet no problemo.  So, this is all working so
> far.
> 
> What I'd like to do next is this:
> 
> When someone obtains an IP address, I'm going to configure DHCP to block
> that IP using IPFW initially, and I'd like to redirect any requests that
> come from that IP to port 80 or 443 to be silently redirected to the local
> Apache installation, where the user can enter their login and password.
> Once they've been authenticated, the firewall will allow them to connect out
> to everywhere else.

I think that monowall (or pfsense) do that for you.

Best regards,

Olivier