Differences between version 2 and previous revision of KnowledgeBase/FreeBSD/FirewallRedirect.
Other diffs: Previous Major Revision, Previous Author
| Newer page: | version 2 | Last edited on Sunday, 10 January 2010 13:12:45 | by CyberLeo | Revert |
| Older page: | version 1 | Last edited on Friday, 1 September 2006 1:28:03 | by CyberLeo | Revert |
@@ -1,31 +1,31 @@
Recompile your kernel and add:
-<pre
>
+<code
>
options IPFIREWALL_FORWARD
-</pre
>
+</code
>
Add the following rule to the kernel ipfw table:
-<pre
>
+<code
>
add 60 forward 127.0.0.2 ip from not table(1) to not 172.16.45.0/24 via vr0 in
-</pre
>
+</code
>
-Replace <
table(1)>
with your desired authorized list table.<br>
-Replace <
172.16.45.0/24>
with your LAN's private subnet.<br>
-Replace <
vr0>
with the adapter connected to your LAN's private subnet.<br>
+Replace '
table(1)'
with your desired authorized list table.<br>
+Replace '
172.16.45.0/24'
with your LAN's private subnet.<br>
+Replace '
vr0'
with the adapter connected to your LAN's private subnet.<br>
All 'authorized' IP addresses go into table 1:
-<pre
>
+<code
>
ipfw table 1 add 172.16.45.9/32
-</pre
>
+</code
>
-Replace <
172.16.45.9/32>
with the desired IP address.
+Replace '
172.16.45.9/32'
with the desired IP address.
To handle the Apache Nyah message without messing with your current config:
* Instruct Apache to listen on 127.0.0.2
* Set up an IP-based virtual host, whose 404 and 200 status messages are both the desired message, cuz you'll be getting a lot of strange URL requests.
-<verbatim
>
+<code
>
<VirtualHost 127.0.0.2:80 >
ErrorDocument 404 "j00 R t3h suxx0r!"
ErrorDocument 200 "j00 R t3h suxx0r!"
</VirtualHost>
-</verbatim
>
+</code
>
...or something like that.
version 2
Recompile your kernel and add:
options IPFIREWALL_FORWARD
Add the following rule to the kernel ipfw table:
add 60 forward 127.0.0.2 ip from not table(1) to not 172.16.45.0/24 via vr0 in
Replace 'table(1)' with your desired authorized list table.
Replace '172.16.45.0/24' with your LAN's private subnet.
Replace 'vr0' with the adapter connected to your LAN's private subnet.
All 'authorized' IP addresses go into table 1:
ipfw table 1 add 172.16.45.9/32
Replace '172.16.45.9/32' with the desired IP address.
To handle the Apache Nyah message without messing with your current config:
- Instruct Apache to listen on 127.0.0.2
- Set up an IP-based virtual host, whose 404 and 200 status messages are both the desired message, cuz you'll be getting a lot of strange URL requests.
<VirtualHost 127.0.0.2:80 > ErrorDocument 404 "j00 R t3h suxx0r!" ErrorDocument 200 "j00 R t3h suxx0r!" </VirtualHost>
...or something like that.