From owner-freebsd-questions Sun Aug 27 10: 0: 7 2000 Delivered-To: freebsd-questions@freebsd.org Received: from pioneernet.net (pop3.pioneernet.net [208.240.196.25]) by hub.freebsd.org (Postfix) with ESMTP id C47EF37B43C for ; Sun, 27 Aug 2000 10:00:00 -0700 (PDT) Received: from wiegand.org [208.194.173.26] by pioneernet.net with ESMTP (SMTPD32-6.03) id AC2198EB00E8; Sun, 27 Aug 2000 10:13:05 -0700 Message-ID: <39A94963.CA8856E8@wiegand.org> Date: Sun, 27 Aug 2000 10:01:23 -0700 From: Chip X-Mailer: Mozilla 4.74 [en] (X11; U; FreeBSD 4.0-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: kstewart@urx.com Cc: "freebsd-questions@freebsd.org" Subject: Re: IPFW redirect rule? References: <39A8AC92.1203D118@wiegand.org> <39A8AEB7.F03138FF@urx.com> <39A8AFA4.CDC6981A@urx.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Kent Stewart wrote: > Kent Stewart wrote: > > > > Chip wrote: > > > > > > I am setting up a machine as a firewall and am starting by > > > using the default ipfw rc.firewall rules and am following > > > the instructions in the Complete FreeBSD book by Greg > > > Lehey. I want to add a redirect rule to allow access to my > > > web server on another machine. I am not sure if I use rdr > > > or divert, maybe I am confusing ipfw and ipfilter stuff. > > > I haven't found an answer on the FreeBSD Diary or in > > > the archives. My kernel is reconfigured as directed in the > > > book, everything else is set up as per the instructions. > > > My firewall machine has two nics, one with the public > > > ip address,208.194.173.xx, the other with a private ip > > > address, part of my home network. My web server also > > > has a private ip address, part of my home network, > > > 192.168.0.x. I'm sure this is probably no problem, I > > > just haven't found the answer anywhere. > > > > I had the same experience. I found the example at > > http://www.mostgraveconcern.com/freebsd/ for the "Dual homed setup" > > worked out of the box. > > I forgot something. The latest rc.firewall has a divert located at the > top of "Simple". I modified my addition of the "Dual Homed setup" to > look like that for the non-routeable networks. > > That eliminates the "in" and "out" sections for those networks. > That works if the web server is on the same box as the firewall, in my case it is not. My web server and firewall boxes are two seperate machines, firewall ipaddress are: 208.194.173.xx and 192.168.0.1 and the ipaddress of the web server is: 192.168.0.7 so the rule needs to redirect 208.194.173.xx:80 to 192.168.0.7:80 This is where I haven't found the correct way to right the rule. -- Chip W. www.wiegand.org Alternative Operating Systems > > Kent > > -- > Kent Stewart > Richland, WA > How are things in the Tri-Cities these days? I am a native of Kennewick. Now living in *ugh* the Seattle area. In Mountlake Terrace, near Edmonds and Lynnwood. > > mailto:kbstew99@hotmail.com > http://kstewart.urx.com/kstewart/index.html > FreeBSD News http://daily.daemonnews.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message