From owner-freebsd-questions Sat Aug 26 23: 5:30 2000 Delivered-To: freebsd-questions@freebsd.org Received: from 2711.dynacom.net (2711.dynacom.net [206.107.213.3]) by hub.freebsd.org (Postfix) with ESMTP id E4F1A37B43C for ; Sat, 26 Aug 2000 23:05:26 -0700 (PDT) Received: from urx.com (dsl1-160.dynacom.net [206.159.132.160]) by 2711.dynacom.net (Build 101 8.9.3/NT-8.9.3) with ESMTP id XAA04135; Sat, 26 Aug 2000 23:05:24 -0700 Message-ID: <39A8AFA4.CDC6981A@urx.com> Date: Sat, 26 Aug 2000 23:05:24 -0700 From: Kent Stewart Reply-To: kstewart@urx.com Organization: Dynacom X-Mailer: Mozilla 4.74 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Chip , "freebsd-questions@freebsd.org" Subject: Re: IPFW redirect rule? References: <39A8AC92.1203D118@wiegand.org> <39A8AEB7.F03138FF@urx.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Kent Stewart wrote: > > Chip wrote: > > > > I am setting up a machine as a firewall and am starting by > > using the default ipfw rc.firewall rules and am following > > the instructions in the Complete FreeBSD book by Greg > > Lehey. I want to add a redirect rule to allow access to my > > web server on another machine. I am not sure if I use rdr > > or divert, maybe I am confusing ipfw and ipfilter stuff. > > I haven't found an answer on the FreeBSD Diary or in > > the archives. My kernel is reconfigured as directed in the > > book, everything else is set up as per the instructions. > > My firewall machine has two nics, one with the public > > ip address,208.194.173.xx, the other with a private ip > > address, part of my home network. My web server also > > has a private ip address, part of my home network, > > 192.168.0.x. I'm sure this is probably no problem, I > > just haven't found the answer anywhere. > > I had the same experience. I found the example at > http://www.mostgraveconcern.com/freebsd/ for the "Dual homed setup" > worked out of the box. I forgot something. The latest rc.firewall has a divert located at the top of "Simple". I modified my addition of the "Dual Homed setup" to look like that for the non-routeable networks. That eliminates the "in" and "out" sections for those networks. Kent -- Kent Stewart Richland, WA mailto:kbstew99@hotmail.com http://kstewart.urx.com/kstewart/index.html FreeBSD News http://daily.daemonnews.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message