From owner-freebsd-current@FreeBSD.ORG Tue Nov 14 02:08:32 2006 Return-Path: X-Original-To: freebsd-current@freebsd.org Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9E6F316A417 for ; Tue, 14 Nov 2006 02:08:32 +0000 (UTC) (envelope-from fulanpeng@gmail.com) Received: from wr-out-0506.google.com (wr-out-0506.google.com [64.233.184.231]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7AD054404B for ; Tue, 14 Nov 2006 02:00:57 +0000 (GMT) (envelope-from fulanpeng@gmail.com) Received: by wr-out-0506.google.com with SMTP id i20so616070wra for ; Mon, 13 Nov 2006 18:00:35 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=BzVkg6mGlSeJOlyS8vDqZ5YkpC0+D5ZyakvWo76TX2YWlu/XL9gHKGKuEZ3019afzFDJwJjnTzixpBvJjNzf1/KzbJNmQLDQnlxrYPRkbv2s8fH/a70et0blln5kM5pN+mYDmhvsCSLYGTLKuYDxjnQwnIC4Ceg5DWbm2LFSXwg= Received: by 10.90.31.19 with SMTP id e19mr409567age.1163469634911; Mon, 13 Nov 2006 18:00:34 -0800 (PST) Received: by 10.64.233.11 with HTTP; Mon, 13 Nov 2006 18:00:34 -0800 (PST) Message-ID: Date: Mon, 13 Nov 2006 21:00:34 -0500 From: "fulan Peng" To: freebsd-current@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Subject: Please help with ipfw to redirect port 443 to 8892! X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Nov 2006 02:08:32 -0000 Hi, I have recompiled the CURRENT and 6.1 kernel and added IPFIREWALL. All I want to do is to redirect incoming 443 request to 8892 which is listening and I have tested out https://breakevilaxis.org:8892 working. I added one line in the /etc/rc.firewall file with ipfw add 400 fwd 66.29.75.29,443 tcp from any to any 8892 in via "rl0" keep-state breakevilaxis# ipfw -t list 00100 Mon Nov 13 16:45:36 2006 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 00300 deny ip from 127.0.0.0/8 to any 00400 fwd 66.29.75.20,443 tcp from any to any dst-port 8892 in via rl0 keep-state 65000 Mon Nov 13 16:48:02 2006 allow ip from any to any 65535 deny ip from any to any Now when I type https://66.29.75.20, it won't redirect to port 8892. Please help me to redirect port 443 to 8892. Seems FreeBSD does not allow any one to use port below 1024 except root but all of the port applications configured to run as non-root users such www. I checked pf. It is even complicated than ipfw. It needs compiling the kernel with some file system. When I type pf -e, it says /dev/pf file or directory not exists. So I have to give up pf. In CURRENT, there is a port of PAM, but there is no PAM in 6.1. I have got PAM working in CURRENT to redirect port 80 to port 8080.