On Mon, Jun 4, 2012 at 6:49 PM, Bill Yuan <[email protected]> wrote: > Hi All, > > I am trying to run a FreeBSD as a gateway, just like pfsense, but I met > something which I not understand. I found that on pfsense we can redirect > the traffic to 8000 port because the firewall rule > "fwd 127.0.0.1,8000 tcp from any to any in", but when I was running a > FreeBSD as gateway, and I found that the port in the redirect rule is not > working, the senarios likes below. > > I have three servers. > > 1, FreeBSD as a gateway, WAN IP 192.168.0.100 LAN IP 192.168.1.1 , and I > am running an apache on it , and the apache listening to port 80 ,and 8000 > 2, A downstream client which using the FreeBSD as a gateway, > > The firewall rule on the FreeBSD is also simple > 00001 fwd 127.0.0.1,8000 tcp from any to any in > 65535 allow ip from any to any > > But I found something strange. I though the traffic will be redirect to > 127.0.0.1,8000. but actually it has been redirect to 127.0.0.1, but the port > still not same, did not change to 8000
First consider that pfSense is a very customized FreeBSD(especially in kernel). For your test it depends on how you have configured your server. Is ipfw running at layer2? layer3? pfSense runs it at layer2 and you need a patch for fwd to work at that layer. You are running both pf(4) and ipfw(4)? Which is hooked first on pfil(9)? You compiled ipfw with the necessary kernel options for fwd to be available? You see pfSense is not just packaged software but a developed effort. > > Open Link Result > http://1.1.1.1 open 80 port of FreeBSD > http://1.1.1.1:80 open 80 port of FreeBSD > http://1.1.1.1:8000 open 8000 port of FreeBSD > http://1.1.1.1:123 can not open it , (because FreeBSD only > listening to 80 and 8000, ) > > that means it did not redirect the port!!! according to the documentation of > ipfw fwd, the port only works when the IP is the same, anyway , but at > least ,the pfsesne can redirect traffic to p[ort 8000! > > can someone please tell me how it works ? how to pfsense can rediret the > port to 8000 when client was trying to open port 80. while I cannot . > > > thanks in advance. > > bycn82 > > > > _______________________________________________ > List mailing list > [email protected] > http://lists.pfsense.org/mailman/listinfo/list > _______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
