Roman Kurakin schrieb:
John Hay wrote:
On Mon, Oct 20, 2008 at 11:19:22PM +0200, Leander S. wrote:
Hi,
I'm trying to set up something like a HotSpot. Goal is it to force
unregistred users to get redirected to the Captive Portalsite where
they'll be able to agree my licence therms and get some information
... etc. ...
So fact is I need an IPFW rule which forwards Port 80,443,8080
Traffic to another Port i.e. 8080 --> where my Apache will already
wait for serving the Captive Portalsite back to the request.
So I did read the man and saw something like the fwd rule and the
Kernel Option for it - so I added the option - rcompiled the Kernel
and gave my Firewall the following fwd rule in an extra script:
${fwcmd} add 01100 fwd ${LAN_IP},8080 tcp from ${LAN} to any
80,443,8080 in via ${LAN_if}
Try to make the rule stateful, eq add 'setup keep-state'. Also add
some logging in the rule
and add the last one additional deny with the logging.
Oh-oh ... Can't log right now - have to recompile the kernel before ...
sry.
You have to catch it where it is going out and not in. Fwd only works
when packets are out bound.
I don't think so ?! And what sence would it make? Because think twice
... I want to fwd incoming HTTP:80 packages to make them look like
HTTP:8080 packages ... the outgoing ones are uninteresting because it's
apache's job to send back Websitedata on port 8080 where it's listening
anyway.
But how this works for me?
ipfw fwd 192.168.0.4,3128 log logamount 1000 tcp from 172.22.4.0/24
to 172.22.4.254 dst-port 3128 setup in via vr0 keep-state
rik
John
I tried:
[...] fwd 127.0.0.1,8080 tcp from 192.1.1.0/24 to me dst-port 80 setup
in via ath0 keep-state
as well as this one too:
[...] fwd 127.0.0.1,8080 tcp from 192.1.1.0/24 to me src-port 80
dst-port 8080 setup in via ath0 keep-state
^^
But sadly without success - "root$ ipfw show" doesn't even show me at
least one package going through .... not even blocked ones ... 0 0 ;-)
But here is my szenario again:
127.0.0.1 is my FreeBSDMashine wehre IPFW acts and Apache22 Listens on
port 8080.
192.1.1.0/24 is the ath0 Interface where Wirlessclients will try to
klick http://google:80 BUT accidently should be fwded & run into my
PortalSite:8080
192.1.1.1 is the Interfaces IP Adress. 192.1.1.1:8080 would you also
bring as well as 127.0.0.1:8080 to the portalsite.
Regards,
Leander
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
