Re: ipfw bridge + fwd questions

• Previous message: Olivier Nicole: "Re: ipfw bridge + fwd questions"
• In reply to: Ganbold: "ipfw bridge + fwd questions"
• Next in thread: Mao Shou Yan: "RE: ipfw bridge + fwd questions"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Fri, 30 Sep 2005 09:35:21 +0200
To: Ganbold <ganbold@micom.mng.net>

On Fri, 30 Sep 2005 15:39:49 +0900
Ganbold <ganbold@micom.mng.net> wrote:

> Hi,
>
> I have a question regarding ipfw fwd rule.
> I'm using FreeBSD 5.4-STABLE and running on it bridging firewall
> using ipfw.
>
> Now my question comes:)
> Can I use ipfw fwd rules against traffic coming to one of the bridged
> interfaces?
Yes you can.
sysctl net.link.ether.bridge_ipfw=1 just like in your sysctl variables.

> I would like to forward some packets (which are destined to port
> 110)
> to some other router through third vr0 interface.
Use a divert rule for that.

In this example we send all the port 80 traffic to port 8000:
# ipfw add 1000 divert 8000 tcp from any to any 80
Read this article for more info:
http://freebsd.rogness.net/snort_inline/

Cheers
Marcin.
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"

• Previous message: Olivier Nicole: "Re: ipfw bridge + fwd questions"
• In reply to: Ganbold: "ipfw bridge + fwd questions"
• Next in thread: Mao Shou Yan: "RE: ipfw bridge + fwd questions"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: ipfw-ntad-jail ... > Ok, so I setup IPFW and NATd on my freeBSD 4.5-RELEASE box, ... > host (dagobah) ... > allow ftp (port 21) ... > add 00600 allow icmp from any to any icmptypes 3 ... (FreeBSD-Security) Re: New IPFW Setup. ... > Here is the ruleset I currently use on all the servers. ... Please don't mail freebsd-ipfw with questions about ipfw usage. ... This way any service loaded in a non-privileged port ... for FTP to work. ... (freebsd-questions) Re: Do you know any open source software which can so these security protection? ... A TCP/UDP port listenerIt ... Software that allow one to manage the ports to open/close in FreeBSD. ... You need to use standard FreeBSD's ipfw. ... and recompile and install new kernel. ... (FreeBSD-Security) RE: continued IPFW issues... (actually a lack of ability on my part) ... > I'm still having some sort of issues with ipfw rules on my server. ... When a connection is made to port 80 from an external host, ... host for the given action (inbound connections to port 80 in this case). ... (freebsd-questions) RE: ng_netflow: testers are welcome ... ng_netflow never see packets that denied by ipfw before tee rule). ... Ok, THEORETICALLY, the sockaddr of the packet read from a divert socket ... has a 'port number' set to the ipfw rule that caused the diversion. ... (freebsd-isp)