Port Forwarding with IPFW

[Gambler]

I need to redirect several ports to port 25 for Postfix. I would prefer to do it in some simple and manageable way. Something like this:

[cmd=]ipfw add fwd me,25 tcp from any to me 1025 in[/cmd]

Apparently, this requires IPFIREWALL_FORWARD in kernel options. I don't think my kernel has this option enabled, and I don't think I can change that (it's VPS).

So, my questions are:
1) How can I check for sure whether the kernel has IPFIREWALL_FORWARD compiled?
2) Can this be replaced by loading some module?
3) Are there any other simple ways to do port forwarding, i.e. without kernel recompilation? Preferably something that doesn't require the use of another firewall, since I'm already quite used to IPFW.

 

[SirDice]

1) How can I check for sure whether the kernel has IPFIREWALL_FORWARD compiled?

It most likely doesn't. Ask your hosting provider. If it's a 'real' VPS you should be able to do whatever you want. It's basically a complete server (not a jail or something similar).

2) Can this be replaced by loading some module?

Nope, it's an option.

3) Are there any other simple ways to do port forwarding, i.e. without kernel recompilation?

Use PF.

Preferably something that doesn't require the use of another firewall, since I'm already quite used to IPFW.

Unfortunately, you can't. Not unless you can compile a custom kernel.

 

[varda]

Add required options to /etc/make.conf

CFLAGS+= -DIPFIREWALL -DIPFIREWALL_NAT -DIPFIREWALL_FORWARD -DIPFIREWALL_DEFAULT_TO_ACCEPT -DIPSTEALTH -DIPDIVERT -DDUMMYNET

Then rebuild ipfw someting like:

cd /usr/src/sys/modules/ipfw
make clean && make cleandir && make obj && make depend && make all && make install

And use appropriate features of ipfw as kernel modules or at boot time from /boot/loader.conf.

cd /boot/kernel
ls -1 ipfw*.ko ipdivert*.ko dummynet*.ko libalias*.ko
dummynet.ko
ipdivert.ko
ipfw.ko
ipfw_nat.ko
libalias.ko

You don't need to touch kernel every time without a reason