0

I'm setting up a freebsd router and want certain IPs on my network to be forwarded to our local webserver if they make port 80 requests. An example would be - banned user tries to surf the web, but all his requests are forwarded to the web page which notifies him that he is banned. As I understand I can use IPFW for this and maybe NATD.

I would be grateful if someone could show me a good example on how to do it.

Alec T
  • 463
  • 1
  • 9
  • 21

2 Answers2

1

If you don't want to bother with natd you need kernel compiled with IPFIREWALL_FORWARD option. You can check your current kernel issuing 'sysctl kern.conftxt | grep IPFIREWALL_FORWARD'. If this option is absent you need to rebuild your kernel (or stick to pf).

If you have such kernel you just need to add this rules:

ipfw add allow tcp from any to 192.168.0.0/24 via internal_if0
ipfw add fwd localhost,80 tcp from any to any 80 via internal_if0
kworr
  • 1,055
  • 8
  • 14
1

FreeBSD now comes with 3 (sic!) different firewalls, ipfw2 is just one of them, and two left are Darren Reed's ipfilter and OpenBSD's PF. Both of them has built-in NAT which supports port redirecting "from the box", see, for e. g., PF's way. So why not use them instead?

poige
  • 9,448
  • 2
  • 25
  • 52