Freebsd – Redirecting port 80 requests to local web server with IPFW

freebsdipfwredirect

I'm setting up a freebsd router and want certain IPs on my network to be forwarded to our local webserver if they make port 80 requests.
An example would be – banned user tries to surf the web, but all his requests are forwarded to the web page which notifies him that he is banned.
As I understand I can use IPFW for this and maybe NATD.

I would be grateful if someone could show me a good example on how to do it.

Best Answer

If you don't want to bother with natd you need kernel compiled with IPFIREWALL_FORWARD option. You can check your current kernel issuing 'sysctl kern.conftxt | grep IPFIREWALL_FORWARD'. If this option is absent you need to rebuild your kernel (or stick to pf).

If you have such kernel you just need to add this rules:

ipfw add allow tcp from any to 192.168.0.0/24 via internal_if0
ipfw add fwd localhost,80 tcp from any to any 80 via internal_if0

Related Solutions

Iis – Way Around Empty HTTP_REFERRER From 301 Redirect

Here's how 301/302 redirects work:

User access the shortened URL
Shortened URL service returns a redirect header
The User's BROWSER gets the redirect header and loads the page without using the HTTP_REFERRER

As you can see, its not the service that's at fault, its the client-side browser. This is just how redirects work. You'll have to either (a) start using a URL shortening service that allows for traffic statistics (i.e., DwarfURL), or (b) force all your users to use specific browsers that DO enforce the returning of the referral.

Also see this post for more info.

Good luck!

Linux – rsync to remote server that does not have the same users setup as local server produces permission error

You may want to try --fake-super. From the rsync man page:

--fake-super

When this option is enabled, rsync simulates super-user activities by saving/restoring the privileged attributes via special extended attributes that are attached to each file (as needed). This includes the file's owner and group (if it is not the default), the file's device info (device & special files are created as empty text files), and any permission bits that we won't allow to be set on the real file (e.g. the real file gets u-s,g-s,o-t for safety) or that would limit the owner's access (since the real super-user can always access/change a file, the files we create can always be accessed/changed by the creating user).

In your case, since you want to use --fake-super on the remote side, you will need to invoke it via --rsync-path, e.g.:

rsync -avz --rsync-path='rsync --fake-super' /source/ backupuser@remote:/dest/

When restoring from your backups, you will also need to ensure that --fake-super is always in force on the system where the backups are stored.

Best Answer

Related Solutions

Iis – Way Around Empty HTTP_REFERRER From 301 Redirect

Linux – rsync to remote server that does not have the same users setup as local server produces permission error

Related Topic