From owner-freebsd-ipfw@FreeBSD.ORG Tue Oct 21 04:46:50 2008 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7BCD81065670 for ; Tue, 21 Oct 2008 04:46:50 +0000 (UTC) (envelope-from rik@inse.ru) Received: from mail.inse.ru (mail.inse.ru [144.206.128.1]) by mx1.freebsd.org (Postfix) with ESMTP id 365548FC0A for ; Tue, 21 Oct 2008 04:46:49 +0000 (UTC) (envelope-from rik@inse.ru) Received: from www.inse.ru (www.inse.ru [144.206.128.1]) by mail.inse.ru (Postfix) with ESMTPSA id 12F5533C51; Tue, 21 Oct 2008 08:46:48 +0400 (MSD) Message-ID: <48FD5ED0.2030909@localhost.inse.ru> Date: Tue, 21 Oct 2008 08:47:12 +0400 From: Roman Kurakin User-Agent: Thunderbird 2.0.0.16 (X11/20080723) MIME-Version: 1.0 To: John Hay References: <48FCF5DA.5060802@googlemail.com> <20081021040349.GA29232@zibbi.meraka.csir.co.za> In-Reply-To: <20081021040349.GA29232@zibbi.meraka.csir.co.za> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: "Leander S." , freebsd-ipfw@freebsd.org Subject: Re: IPFW + Portforwarding X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Oct 2008 04:46:50 -0000 John Hay wrote: > On Mon, Oct 20, 2008 at 11:19:22PM +0200, Leander S. wrote: > >> Hi, >> >> I'm trying to set up something like a HotSpot. Goal is it to force >> unregistred users to get redirected to the Captive Portalsite where >> they'll be able to agree my licence therms and get some information ... >> etc. ... >> >> So fact is I need an IPFW rule which forwards Port 80,443,8080 Traffic >> to another Port i.e. 8080 --> where my Apache will already wait for >> serving the Captive Portalsite back to the request. >> >> So I did read the man and saw something like the fwd rule and the Kernel >> Option for it - so I added the option - rcompiled the Kernel and gave my >> Firewall the following fwd rule in an extra script: >> >> ${fwcmd} add 01100 fwd ${LAN_IP},8080 tcp from ${LAN} to any >> 80,443,8080 in via ${LAN_if} >> Try to make the rule stateful, eq add 'setup keep-state'. Also add some logging in the rule and add the last one additional deny with the logging. > You have to catch it where it is going out and not in. Fwd only works > when packets are out bound. > But how this works for me? ipfw fwd 192.168.0.4,3128 log logamount 1000 tcp from 172.22.4.0/24 to 172.22.4.254 dst-port 3128 setup in via vr0 keep-state rik > John >