CDNWiki - View Source: KnowledgeBase/FreeBSD/FirewallRedirect

Note: You are viewing an old version of this page. View the current version.

Recompile your kernel and add:
<pre>
options IPFIREWALL_FORWARD
</pre>

Add the following rule to the kernel ipfw table:
<pre>
add 60 forward 127.0.0.2 ip from not table(1) to not 172.16.45.0/24 via vr0 in
</pre>

Replace <table(1)> with your desired authorized list table.<br>
Replace <172.16.45.0/24> with your LAN's private subnet.<br>
Replace <vr0> with the adapter connected to your LAN's private subnet.<br>

All 'authorized' IP addresses go into table 1:
<pre>
ipfw table 1 add 172.16.45.9/32
</pre>

Replace <172.16.45.9/32> with the desired IP address.

To handle the Apache Nyah message without messing with your current config:
* Instruct Apache to listen on 127.0.0.2
* Set up an IP-based virtual host, whose 404 and 200 status messages are both the desired message, cuz you'll be getting a lot of strange URL requests.
<verbatim>
<VirtualHost 127.0.0.2:80 >
  ErrorDocument 404 "j00 R t3h suxx0r!"
  ErrorDocument 200 "j00 R t3h suxx0r!"
</VirtualHost>
</verbatim>
...or something like that.