Iptables converting problem



  • hi everybody,

    i'm new here and got problem with this iptables issue..

    i'm setup a new server for filtering my network traffic. i'm using pfsense as my firewall and using CentOS for my proxy+dansguardian. in order to make it transparent, i have to put this rule to make it works in firewall.

    the proble is how can i converting this iptables rules to ipfw rules

    #iptables -t mangle -A PREROUTING -j ACCEPT -p tcp –dport 80 -s 192.168.1.2
    #iptables -t mangle -A PREROUTING -j MARK --set-mark 3 -p tcp --dport 80

    my pfsense firewall did not accept iptables syntax rule ..
    anyone please help..
    thanks you..



  • Umm… pfSense uses pf and not ipfw to filter traffic.
    Afaik ipfw is only used for scheduled rules and the CP.

    Also it's not such a good idea to add rules vi the console.
    The next time you reboote/reload the rules they will be gone.

    Just add your rules via the GUI and they will stay.



  • Thanks for the reply…
    all the suggestion and comment will be usefull for me.


    If i'm using GUI, where should i put the rule...
    Is it in the    'Firewall -> Rules -> LAN',    Sorry for the silly question.
    In my network, I have multiple VLAN and all computers in every VLAN connect to the internet through gateway server.

    FYI : Internet --> Router --> Firewall --> Core switch --> Switch --> User.

    Any suggestion... Thanks.



  • How are your VLAN's set up?
    Do you have a trunk interface to the pfSense machine?

    Go to Interfaces –> assign and you can create VLANs on the interfaces.
    Each VLAN will appear as a "virtual" interface.

    Just dont mix untagged and tagged traffic on a single interface.

    You create the rules under firewall --> rules.
    If you work with VLANs you will have multiple (virtual) interfaces.
    About the rules: http://forum.pfsense.org/index.php/topic,7001.0.html



  • sorry for long time not come to this forum…

    my firewall inteface was set as :-
    1. WAN
    2. LAN (User in my network use this interface)
    3. DMZ
    4. SLAN (LAN for server)

    so.. what you think..


Log in to reply