I'm new to freeBSD, so I'm very very very sorry for my ignorance.
I've just installed a minimal freeBSD and I have this problem with ipfw: I have a very unsafe application featuring an simple, embedded http server. I don't want to run this app as root, which means it must be bound to some unprivileged port. Let's say I choose port 8080. This is unpleasant because a user in the lan must remember the port number and digit something like http://app.office.lan:8080 in a browser, which is unacceptable. How do I map port 8080 to 80 instead, so employers can simply write app.office.lan just like any other site?
In linux netfilter the correct syntax would be (I'm currently running the app on linux where it works this way and I'm trying to switch it to freebsd):
This is my current /etc/ipfw.rules:
and this is my /etc/natd.conf
I'm going mad so I thought it was better to ask for help.
Thanks for your time.
I've just installed a minimal freeBSD and I have this problem with ipfw: I have a very unsafe application featuring an simple, embedded http server. I don't want to run this app as root, which means it must be bound to some unprivileged port. Let's say I choose port 8080. This is unpleasant because a user in the lan must remember the port number and digit something like http://app.office.lan:8080 in a browser, which is unacceptable. How do I map port 8080 to 80 instead, so employers can simply write app.office.lan just like any other site?
In linux netfilter the correct syntax would be (I'm currently running the app on linux where it works this way and I'm trying to switch it to freebsd):
Code:
...other stuff for managing packets with state, ssh, and so on...
iptables -t nat -A PREROUTING -s 192.168.1.0/24 -d 192.168.1.8/32 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.8:8080
iptables -t nat -A POSTROUTING -s 192.168.1.8/32 -d 192.168.1.0/24 -p tcp -m tcp --sport 8080 -j SNAT --to-source 192.168.1.8:80
This is my current /etc/ipfw.rules:
Code:
ipfw -q -f flush
cmd="ipfw -q add"
$cmd 00010 allow all from any to any via lo0
$cmd 00014 divert natd tcp from any to any 80 in via le0
$cmd 00015 check-state
$cmd 00250 allow tcp from any to any 22 via le0 setup keep-state
$cmd 00304 allow log tcp from any to any 80 in setup
$cmd 00305 allow tcp from any to any 80 in
$cmd 00306 allow tcp from any to any 8080 in
Code:
interface le0
use_sockets yes
dynamic yes
redirect_port tcp 192.168.1.8:8080 192.168.1.8:80
I'm going mad so I thought it was better to ask for help.
Thanks for your time.