Date: Sun, 12 Sep 1999 21:00:30 -0500 From: Dick Arnold <darnold@fgi.net> To: freebsd-questions@FreeBSD.ORG Subject: Re: ipfw and divert question. Message-ID: <99091221050300.00405@darnold.fgi.net> References: <199909130100.SAA04953@c956029-a.haywd2.sfba.home.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 12 Sep 1999, Sean J. Schluntz wrote: > Hello, I'm having problems getting divert to work correctly with ipfw under FreeBSD 3.2. I'm trying to get divert working so I can have the web server running as web and bound to 8000 insted of having it become root at all. > > I've got the system up and running just fine, got ipfw currently running in OPEN so I can test divert with no interfienence. I have: > > options IPFIREWALL > options IPDIVERT > options IPFIREWALL_VERBOSE > > compiled in to the kernel. But I seem to be missing something in my understanding of ipfw. > > These are the two versions I have been playing with: > > ipfw add divert all from port 80 to port 8000 > > gets me "ipfw: error: illegal divert port" > > and: > > ipfw add divert 80 tcp from any to any 8000 > > goes in but does not appear to do anything. > > Here is an output of ipfw show: > > 00100 0 0 allow ip from any to any via lo0 > 00200 0 0 deny ip from any to 127.0.0.0/8 > 65000 11603 6175933 allow ip from any to any > 65100 0 0 divert 80 tcp from any to any 8000 > 65535 0 0 deny ip from any to any > > The rule at 65100 needs to be inserted prior to rule at 65000. As you can see by rule counts everything meets rule 65000 so it never makes it to 65100. Dick A. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?99091221050300.00405>