Hi , Thanks for you reply, And please tell me more information about the patch of fwd. I have compiled the kernel by myself. already included the options, and I have activated the pf and ipfw at the same time,
a patch for fwd to work on layer 2? I need to do google a little bit more on this, Best Regards, bycn82 On Tue, Jun 5, 2012 at 1:30 AM, Ermal Luçi <[email protected]> wrote: > On Mon, Jun 4, 2012 at 6:49 PM, Bill Yuan <[email protected]> wrote: > > Hi All, > > > > I am trying to run a FreeBSD as a gateway, just like pfsense, but I met > > something which I not understand. I found that on pfsense we can > redirect > > the traffic to 8000 port because the firewall rule > > "fwd 127.0.0.1,8000 tcp from any to any in", but when I was running a > > FreeBSD as gateway, and I found that the port in the redirect rule is not > > working, the senarios likes below. > > > > I have three servers. > > > > 1, FreeBSD as a gateway, WAN IP 192.168.0.100 LAN IP 192.168.1.1 , and > I > > am running an apache on it , and the apache listening to port 80 ,and > 8000 > > 2, A downstream client which using the FreeBSD as a gateway, > > > > The firewall rule on the FreeBSD is also simple > > 00001 fwd 127.0.0.1,8000 tcp from any to any in > > 65535 allow ip from any to any > > > > But I found something strange. I though the traffic will be redirect to > > 127.0.0.1,8000. but actually it has been redirect to 127.0.0.1, but the > port > > still not same, did not change to 8000 > > First consider that pfSense is a very customized FreeBSD(especially in > kernel). > > For your test it depends on how you have configured your server. > Is ipfw running at layer2? layer3? pfSense runs it at layer2 and you > need a patch for fwd to work at that layer. > You are running both pf(4) and ipfw(4)? > Which is hooked first on pfil(9)? > You compiled ipfw with the necessary kernel options for fwd to be > available? > > You see pfSense is not just packaged software but a developed effort. > > > > > Open Link Result > > http://1.1.1.1 open 80 port of FreeBSD > > http://1.1.1.1:80 <http://1.1.1.1/> open 80 port of > FreeBSD > > http://1.1.1.1:8000 open 8000 port of FreeBSD > > http://1.1.1.1:123 can not open it , (because FreeBSD > only > > listening to 80 and 8000, ) > > > > that means it did not redirect the port!!! according to the > documentation of > > ipfw fwd, the port only works when the IP is the same, anyway , but at > > least ,the pfsesne can redirect traffic to p[ort 8000! > > > > can someone please tell me how it works ? how to pfsense can rediret the > > port to 8000 when client was trying to open port 80. while I cannot . > > > > > > thanks in advance. > > > > bycn82 > > > > > > > > _______________________________________________ > > List mailing list > > [email protected] > > http://lists.pfsense.org/mailman/listinfo/list > > > _______________________________________________ > List mailing list > [email protected] > http://lists.pfsense.org/mailman/listinfo/list >
_______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
