From owner-freebsd-current@FreeBSD.ORG Fri Oct 13 17:11:33 2006 Return-Path: X-Original-To: freebsd-current@freebsd.org Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 96B2016A40F for ; Fri, 13 Oct 2006 17:11:33 +0000 (UTC) (envelope-from fulanpeng@gmail.com) Received: from nz-out-0102.google.com (nz-out-0102.google.com [64.233.162.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4FD3543D70 for ; Fri, 13 Oct 2006 17:11:32 +0000 (GMT) (envelope-from fulanpeng@gmail.com) Received: by nz-out-0102.google.com with SMTP id 13so427766nzn for ; Fri, 13 Oct 2006 10:11:31 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=uDR+sgWhYfzgiQd5S0UJgyn4HT4LHnTM4hG+NIHUVxRfXGD7tE+tvIa1i9XFPVZqJgsaJiC+1i0h143B1L038IBvQMl2/yAgtqRbXCLbbNvfjfQORqd2twCuE1owdv8+2BGiYLXXAYTeqehqmcVY6RMZx6jMrWqzxlGrXXNu8Ok= Received: by 10.65.138.4 with SMTP id q4mr5287695qbn; Fri, 13 Oct 2006 10:11:31 -0700 (PDT) Received: by 10.64.241.6 with HTTP; Fri, 13 Oct 2006 10:11:30 -0700 (PDT) Message-ID: Date: Fri, 13 Oct 2006 13:11:30 -0400 From: "fulan Peng" To: "Dan Nelson" In-Reply-To: <20061013151728.GA41884@dan.emsphone.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <20061013151728.GA41884@dan.emsphone.com> Cc: freebsd-current@freebsd.org Subject: Re: Please help to forward port 80 to 8800 with ipfw X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Oct 2006 17:11:33 -0000 After make LINT;make cleandepend;make depend;make; make install, I really rebooted the machine serveral time. I read somewhere says FreeBSD would not change its kernel unless you manually copy the new kernel to somewhere. I think this is my problem. I already tried to copy the GENERIC to my hostname file. And I changed the ident to my hostname. I added options IPFIREWALL options IPFIREWALL_FORWARD options IPFIREWALL_VERBOSE. I did not pass the make. Then I leave only one line there options IPFIREWALL_FORWARD Still won't pass the make command. Please help me to get the new LINT kernel to work. Thanks a lot! On 10/13/06, Dan Nelson wrote: > In the last episode (Oct 13), fulan Peng said: > > I am using Apache on FreeBSD. If I use port 80 for http port, it > > won't work because the security problem. So I configured Apache to > > listen port 8800. Now the customer has type > > http://breakevilaxis.org:8800 to get on my web site. This is no good. > > So I have to forward port 80 request to port 8800. I guess what I > > should do is to ipfw add 100 fwd 127.0.0.0,80 tcp from any to any > > 8800 in But I got an error when I execute the command. I have > > compiled the kernel with LINT configuration. I did make LINT, make > > cleandepend;make depend;make;make install I really do not what is the > > kernel I am running. I doubt it is still the old kernel which the > > IPFIREWALL_FORWARD is not selected. Please help me to achieve this. > > > > breakevilaxis#uname -a > > FreeBSD breakevilaxis.org 7.0-CURRENT-200610 FreeBSD > > 7.0-CURRENT-200610 #0: Mon Oct 2 05:44:21 UTC 2006 > > root@stiles.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64 > > That says your system is running a GENERIC kernel, compiled Oct 2. My > guess is you didn't reboot after installing your new kernel. Also, you > probably don't want to install the LINT kernel, since it includes every > driver FreeBSD supports and lots of debugging code. Just copy GENERIC > to a new name, change the "ident" line to match the new filename, and > add IPFIREWALL_FORWARD to it. > > > breakevilaxis# ipfw add 100 fwd 127.0.0.1,80 tcp from any to any 8800 in > > ipfw: getsockopt(IP_FW_ADD): Invalid argument > > That command works fine on my system with IPFIREWALL_FORWARD in the > kernel, but you probably want to swap the port numbers. Your command > forwards port 8800 to port 80. > > ipfw add 100 fwd 127.0.0.1,8800 tcp from any to any 80 in > > > dmesg: > > ... > > Trying to mount root from ufs:/dev/ad8s1a > > ipfw2 (+ipv6) initialized, divert loadable, rule-based forwarding disabled, > > default to deny, logging disabled > > This line should have said "rule-based forwarding enabled" if > IPFIREWALL_FORWARD was in your kernel config. > > -- > Dan Nelson > dnelson@allantgroup.com >