From owner-freebsd-questions  Sun Sep 12 17:32:25 1999
Delivered-To: freebsd-questions@freebsd.org
Received: from c956029-a.haywd2.sfba.home.com (c956029-a.haywd2.sfba.home.com [24.0.78.216])
	by hub.freebsd.org (Postfix) with ESMTP id 9726B14D9E
	for <freebsd-questions@freebsd.org>; Sun, 12 Sep 1999 17:32:23 -0700 (PDT)
	(envelope-from schluntz@redwolf.workofstone.net)
Received: from redwolf.workofstone.net (redwolf.workofstone.net [10.0.0.42])
	by c956029-a.haywd2.sfba.home.com (8.8.8/8.8.8) with ESMTP id SAA04953
	for <freebsd-questions@freebsd.org>; Sun, 12 Sep 1999 18:00:28 -0700 (PDT)
	(envelope-from schluntz@redwolf.workofstone.net)
Message-Id: <199909130100.SAA04953@c956029-a.haywd2.sfba.home.com>
To: freebsd-questions@freebsd.org
Reply-To: "Sean J. Schluntz" <schluntz@workofstone.com>
Subject: ipfw and divert question.
Date: Sun, 12 Sep 1999 17:25:12 -0700
From: "Sean J. Schluntz" <schluntz@redwolf.workofstone.net>
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


Hello, I'm having problems getting divert to work correctly with ipfw under FreeBSD 3.2.  I'm trying to get divert working so I can have the web server running as web and bound to 8000 insted of having it become root at all.

I've got the system up and running just fine, got ipfw currently running in OPEN so I can test divert with no interfienence.  I have:

options         IPFIREWALL
options         IPDIVERT
options         IPFIREWALL_VERBOSE

compiled in to the kernel.  But I seem to be missing something in my understanding of ipfw.

These are the two versions I have been playing with:

ipfw add divert all from port 80 to port 8000

gets me "ipfw: error: illegal divert port"

and:

ipfw add divert 80 tcp from any to any 8000

goes in but does not appear to do anything.

Here is an output of ipfw show:

00100     0       0 allow ip from any to any via lo0
00200     0       0 deny ip from any to 127.0.0.0/8
65000 11603 6175933 allow ip from any to any
65100     0       0 divert 80 tcp from any to any 8000
65535     0       0 deny ip from any to any


Thanks for any help.

-Sean
--------
Sean J. Schluntz                                schluntz@workofstone.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message