Date: Thu, 25 Sep 2008 22:59:29 -0500 From: Kevin Kinsey <kdk@daleco.biz> To: Tim Gustafson <tjg@soe.ucsc.edu> Cc: freebsd-questions@freebsd.org Subject: Re: NATD Reverse Proxy Message-ID: <48DC5E21.5010008@daleco.biz> In-Reply-To: <5A97CB869CB943CA9C29606D8E52DF5E@soe.cse.ucsc.edu> References: <5A97CB869CB943CA9C29606D8E52DF5E@soe.cse.ucsc.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Tim Gustafson wrote: > Hi, > > I'm trying to build a server that will act as a gateway between my wireless > network and the rest of the world. Here's an overview of the current setup: > > 1. FreeBSD 7.1 > 2. isc-dhcp3-server-3.0.5_2 > 3. natd configured to connect fxp0 (public network, dynamic IP) to fxp1 > (private network, static IP) > 4. ipfw > 5. bind > 6. apache 2.2 > 7. php 5.2.6 > > Right now, when someone connects to the private net, they get an IP address > and can connect to the Internet no problemo. So, this is all working so > far. > > What I'd like to do next is this: > > When someone obtains an IP address, I'm going to configure DHCP to block > that IP using IPFW initially, and I'd like to redirect any requests that > come from that IP to port 80 or 443 to be silently redirected to the local > Apache installation, where the user can enter their login and password. > Once they've been authenticated, the firewall will allow them to connect out > to everywhere else. > > So, it seems to me that I need to use natd again to do a silent proxy of > traffic from certain IPs on the private net to the server box. But, since > I'm already using natd, I'm a little perplexed about how to set this up. Do > I need to run a second instance of natd on a different port, and then update > the firewall rules to divert to one or the other based on the user's > authentication status? Or can this all be configured in one natd instance? > > Tim Gustafson > SOE Webmaster > UC Santa Cruz > tjg@soe.ucsc.edu > 831-459-5354 Someone else's wheel, for perusal, at least: http://www.shmoo.com/~bmc/software/wicap/announce.html The tarball is still up there. HTH, Kevin Kinsey -- If you do not think about the future, you cannot have one. -- John Galsworthy
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?48DC5E21.5010008>