Re: Please help to forward port 80 to 8800 with ipfw

From: Dan Nelson <dnelson_at_allantgroup.com>
Date: Fri, 13 Oct 2006 10:17:28 -0500
In the last episode (Oct 13), fulan Peng said:
> I am using Apache on FreeBSD. If I use port 80 for http port, it
> won't work because the security problem. So I configured Apache to
> listen port 8800. Now the customer has type
> http://breakevilaxis.org:8800 to get on my web site. This is no good.
> So I have to forward port 80 request to port 8800. I guess what I
> should do is to ipfw add 100 fwd 127.0.0.0,80 tcp from any to any
> 8800 in But I got an error when I execute the command. I have
> compiled the kernel with LINT configuration. I did make LINT, make
> cleandepend;make depend;make;make install I really do not what is the
> kernel I am running. I doubt it is still the old kernel which the
> IPFIREWALL_FORWARD is not selected. Please help me to achieve this.
> 
> breakevilaxis#uname -a
> FreeBSD breakevilaxis.org 7.0-CURRENT-200610 FreeBSD
> 7.0-CURRENT-200610 #0: Mon Oct  2 05:44:21 UTC 2006
> root_at_stiles.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  amd64

That says your system is running a GENERIC kernel, compiled Oct 2.  My
guess is you didn't reboot after installing your new kernel.  Also, you
probably don't want to install the LINT kernel, since it includes every
driver FreeBSD supports and lots of debugging code.  Just copy GENERIC
to a new name, change the "ident" line to match the new filename, and
add IPFIREWALL_FORWARD to it.
 
> breakevilaxis# ipfw add 100 fwd 127.0.0.1,80 tcp from any to any 8800 in
> ipfw: getsockopt(IP_FW_ADD): Invalid argument

That command works fine on my system with IPFIREWALL_FORWARD in the
kernel, but you probably want to swap the port numbers.  Your command
forwards port 8800 to port 80.

ipfw add 100 fwd 127.0.0.1,8800 tcp from any to any 80 in

> dmesg:
> ...
> Trying to mount root from ufs:/dev/ad8s1a
> ipfw2 (+ipv6) initialized, divert loadable, rule-based forwarding disabled, 
> default to deny, logging disabled

This line should have said "rule-based forwarding enabled" if
IPFIREWALL_FORWARD was in your kernel config.

-- 
	Dan Nelson
	dnelson_at_allantgroup.com
Received on Fri Oct 13 2006 - 13:19:05 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:01 UTC