From owner-freebsd-java@FreeBSD.ORG  Mon May 26 21:26:56 2003
Return-Path: <owner-freebsd-java@FreeBSD.ORG>
Delivered-To: freebsd-java@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B0F5E37B401
	for <freebsd-java@freebsd.org>; Mon, 26 May 2003 21:26:56 -0700 (PDT)
Received: from yello.shallow.net (yello.shallow.net [203.18.243.120])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 0F45343F3F
	for <freebsd-java@freebsd.org>; Mon, 26 May 2003 21:26:56 -0700 (PDT)
	(envelope-from joshua@shallow.net)
Received: by yello.shallow.net (Postfix, from userid 1001)
	id E367A2A15; Tue, 27 May 2003 14:26:54 +1000 (EST)
Date: Tue, 27 May 2003 14:26:54 +1000
From: Joshua Goodall <joshua@roughtrade.net>
To: Marc van Kempen <marc@bowtie.nl>
Message-ID: <20030527042654.GB538@roughtrade.net>
References: <3ED20627.6090308@die.supsi.ch> <3ED21473.9020506@bowtie.nl>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <3ED21473.9020506@bowtie.nl>
User-Agent: Mutt/1.5.3i
cc: freebsd-java@freebsd.org
Subject: Re: tomcat on port 80 as user www:ww
X-BeenThere: freebsd-java@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Porting Java to FreeBSD <freebsd-java.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-java>,
	<mailto:freebsd-java-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-java>
List-Post: <mailto:freebsd-java@freebsd.org>
List-Help: <mailto:freebsd-java-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-java>,
	<mailto:freebsd-java-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 27 May 2003 04:26:57 -0000

On Mon, May 26, 2003 at 03:19:47PM +0200, Marc van Kempen wrote:
> Just run a port forwarder from 80 (ipfw can do it too) to 8080 (or 
> whereever Tomcat lives). That way you don't have to trust it at all.

worked example: let's say Tomcat is running on 127.0.0.1:8080
and your outside IP is 192.0.34.166, then

# ipfw add fwd 127.0.0.1,8080 tcp from any to 192.0.34.166 80

should do the trick. You will need
options         IPFIREWALL
options         IPFIREWALL_FORWARD
in your kernel config.

J

-- 
Joshua Goodall                                      "tea makes itself"
joshua@roughtrade.net                                       - Ana Susanj