From owner-doc-jp@jp.freebsd.org  Wed Aug 15 20:45:46 2001
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id UAA13990;
	Wed, 15 Aug 2001 20:45:46 +0900 (JST)
	(envelope-from owner-doc-jp@jp.FreeBSD.org)
Received: from catv00.kitanet.ne.jp (catv00.kitanet.ne.jp [210.146.3.11])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with SMTP id UAA13971
	for <doc-jp@jp.freebsd.org>; Wed, 15 Aug 2001 20:45:30 +0900 (JST)
	(envelope-from sugimura@YasudaKei.org)
Received: (qmail 4045 invoked by uid 0); 15 Aug 2001 11:45:26 -0000
Received: from proxy01.kitanet.ne.jp (HELO localhost) (210.146.3.4)
  by catv00.kitanet.ne.jp with SMTP; 15 Aug 2001 11:45:26 -0000
To: doc-jp@jp.freebsd.org
From: SUGIMURA Takashi =?iso-2022-jp?B?GyRCP3lCPBsoQiAbJEI1LjtOGyhC?=
 <sugimura@YasudaKei.org>
In-Reply-To: <20010806.015543.74755392.rushani@bl.mmtr.or.jp>
References: <20010730.171710.74756101.rushani@bl.mmtr.or.jp>
	<20010805151715P.sugimura@YasudaKei.org>
	<20010806.015543.74755392.rushani@bl.mmtr.or.jp>
X-Mailer: Mew version 1.94.1 on XEmacs 21.1 (Cuyahoga Valley)
Mime-Version: 1.0
Content-Type: Multipart/Mixed;
 boundary="--Next_Part(Wed_Aug_15_21:00:27_2001_559)--"
Content-Transfer-Encoding: 7bit
Message-Id: <20010815210029S.sugimura@YasudaKei.org>
Date: Wed, 15 Aug 2001 21:00:29 +0900
X-Dispatcher: imput version 20000228(IM140)
Lines: 454
Reply-To: doc-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+010328
X-Sequence: doc-jp 8341
Subject: [doc-jp 8341] Re: [tutorials] articles/dialup-firewall/
Errors-To: owner-doc-jp@jp.freebsd.org
Sender: owner-doc-jp@jp.freebsd.org
X-Originator: sugimura@YasudaKei.org

----Next_Part(Wed_Aug_15_21:00:27_2001_559)--
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit

$B?yB<$G$9!#(B

>> $B$$$D$N$^$K$+(B 1.11 $B$K$J$C$F$$$?$h$&$G$9!#!#(B
>
>$BDI=>$7$^$7$?!#(B
>$B0zB3$-!"::FI$r$*4j$$$7$^$9!#(B

$BBgJQCY$/$J$j$^$7$?$,!"3NG'$7$^$7$?!#(B
tutorials $B$N%Z!<%8$b99?7$7$^$7$?!#(B

$B0lDL$j3NG'$7$^$7$F!"1Q8lItJ,$r:o=|$7$?$b$N$rE:IU$7$^$9!#(B
$B$h$m$7$/$*$M$,$$$7$^$9!#(B

---
  $B!{!?(B
$B!c""(B   $B?yB<(B $B5.;N(B <sugimura@jp.FreeBSD.org> 
 $B!?!d(B           <sugimura@YasudaKei.org> http://YasudaKei.org/


----Next_Part(Wed_Aug_15_21:00:27_2001_559)--
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="article.sgml"

<!--
     The FreeBSD Documentation Project
     The FreeBSD Japanese Documentation Project

     Original revision: 1.11
     $FreeBSD$
-->

<!--
$BLu(B:
$BARIJ(B rushani@bl.mmtr.or.jp
-->

<!DOCTYPE article PUBLIC "-//FreeBSD//DTD DocBook V4.1-Based Extension//EN" [
<!ENTITY % man PUBLIC "-//FreeBSD//ENTITIES DocBook Manual Page Entities//EN">
%man;
]>

<article>
  <articleinfo>
    <title>FreeBSD $B$K$h$k%@%$%"%k%"%C%W<0KI2PJI$N9=C[(B</title>

    <authorgroup>
      <author>
	<firstname>Marc</firstname>
	<surname>Silver</surname>

	<affiliation>
	  <address><email>marcs@draenor.org</email></address>
	</affiliation>
      </author>
    </authorgroup>

    <pubdate>$Date$</pubdate>

    <abstract>
      <para>
        $B$3$N5-;v$O(B FreeBSD $B$N(B PPP $B%@%$%"%k%"%C%W$H(B IPFW
        $B$rMQ$$$J$,$i$I$N$h$&$KKI2PJI$r%;%C%H%"%C%W$9$k$+(B,
	$BFC$KF0E*$K3d$jEv$F$i$l$?(B IP
	$B%"%I%l%9$K$h$k%@%$%"%k%"%C%W>e$NKI2PJI$K$D$$$F;v<B$r85$K>\:Y$K@bL@$7$^$9(B.
	$B$J$*(B, $BA0CJ3,$G$"$k(B PPP $B@\B3$K$D$$$F$N@_Dj$O?($l$F$$$^$;$s(B.</para>      	
    </abstract>
  </articleinfo>

  <sect1 id="preface">
    <title>$B=xJ8(B</title>
    
    <para>FreeBSD $B$K$h$k%@%$%"%k%"%C%W<0KI2PJI$N9=C[(B</para>
    
    <para>
      $B$3$NJ8=q$O$"$J$?$N(B ISP $B$K$h$C$F(B
      IP $B%"%I%l%9$rF0E*$K3d$jEv$F$i$l$?;~(B, FreeBSD
      $B$GKI2PJI$r%;%C%H%"%C%W$?$a$KMW5a$5$l$k<j=g$r07$&$3$H$r$a$6$7$?$b$N$G$9(B.
      $B$3$NJ8=q$r2DG=$J8B$jM-1W$G@53N$J$b$N$K$9$k$?$a$KEXNO$7$F$$$k$N$G(B,
      $B$I$&$>0U8+$dDs0F$r(B
      <email>marcs@draenor.org</email>.
      $B$KAw$C$F2<$5$$(B.</para>
   </sect1>

  <sect1 id="kernel">
    <title>$B%+!<%M%k%*%W%7%g%s(B</title>
    
    <para>
      $B:G=i$K$J$9$Y$-$3$H$O(B FreeBSD $B$N%+!<%M%k$r:F%3%s%Q%$%k$9$k$3$H$G$9(B.
      $B%+!<%M%k$r:F%3%s%Q%$%k$9$kJ}K!$K$D$$$F$5$i$K>pJs$,I,MW$J$i(B,
      <ulink URL="http://www.freebsd.org/handbook/kernelconfig.html">
      $B%O%s%I%V%C%/$N%+!<%M%k$N%3%s%U%#%0%l!<%7%g%s$N@a(B</ulink>
      $B$+$iFI$_;O$a$k$N$,:GE,$G$7$g$&(B.
      $B%+!<%M%k$NCf$K0J2<$N%*%W%7%g%s$r$D$1$F%3%s%Q%$%k$9$kI,MW$,$"$j$^$9(B: </para>

    <variablelist>
      <varlistentry>
	<term><literal>options IPFIREWALL</literal></term>

	<listitem>
	  <para>$B%+!<%M%k$NKI2PJI$N%3!<%I$rM-8z$K$7$^$9(B.</para>
	</listitem>
      </varlistentry>

      <varlistentry>
	<term><literal>options IPFIREWALL_VERBOSE</literal></term>

	<listitem>
	  <para>$B%7%9%F%`$N(B logger $B$X5-O?$5$l$?%Q%1%C%H$rAw$j$^$9(B.</para>
	</listitem>
      </varlistentry>

      <varlistentry>
	<term><literal>options
	    IPFIREWALL_VERBOSE_LIMIT=<replaceable>100</replaceable></literal></term>

	<listitem>
	  <para>
	    $B5-O?$5$l$k%^%C%A$9$k%(%s%H%j$N?t$r@)8B$7$^$9(B.
	    $B$3$l$O%m%0%U%!%$%k$,$?$/$5$s$N7+JV$7$N%(%s%H%j$G0lGU$K$J$k$N$rM^@)$7$^$9(B.
	    <replaceable>100</replaceable> $B$O;HMQ>eL5M}$N$J$$?t$G$9$,(B,
	    $B<+J,$NMW5a$K4p$E$$$FD4@0$9$k$3$H$,$G$-$^$9(B.</para>
	</listitem>
      </varlistentry>

      <varlistentry>
	<term><literal>options IPDIVERT</literal></term>

	<listitem>
	  <para><emphasis>divert</emphasis>$B%=%1%C%H(B
	  ($B8e=R(B) $B$rM-8z$K$7$^$9(B.</para>
	</listitem>
      </varlistentry>
    </variablelist>

    <para>
     $B99$J$k%;%-%e%j%F%#!<$N$?$a$K%+!<%M%k$NCf$KAH$_9~$`$3$H$N$G$-$k%*%W%7%g%s$,B>$K$$$/$D$+$"$j$^$9(B.
     $B$3$l$i$OKI2PJI$rF0$+$9$?$a$K$OI,MW$G$O$"$j$^$;$s$,(B,
     $B%;%-%e%j%F%#!<$KLTNu$K$3$@$o$k%f!<%6$OM-8z$K$7$F$+$^$$$^$;$s(B.</para>

    <variablelist>
      <varlistentry>
	<term><literal>options TCP_DROP_SYNFIN</literal></term>

	<listitem>
	  <para>
	   $B$3$N%*%W%7%g%s$O(B SYN $B$H(B FIN $B$N%U%i%0$r$b$C$?(B
	   TCP $B%Q%1%C%H$rL5;k$7$^$9(B.
	   $B$3$l$O(B $B%^%7%s$N(B TCP/IP $B%9%?%C%/$r<1JL$9$k$N$G(B
	   nmap $B$J$I$N$h$&$J%D!<%k$rK8$2$k$3$H$,$G$-$^$9(B.
	   $B$7$+$7(B RFC1644 $B3HD%$N%5%]!<%H$K0cH?$7$F$$$^$9(B.
	   $B$3$l$O8=:_2TF/$7$F$$$k(B web $B%5!<%P$K$O?d>)(B *$B$7$^$;$s(B*.</para>
	</listitem>
      </varlistentry>
     </variablelist>

    <para>
      $B$$$C$?$s%+!<%M%k$r:F%3%s%Q%$%k$7$?$i:F5/F0$7$J$$$G2<$5$$(B.
      $B4uK>E*$K$b(B,
      $BKI2PJI$N@_CV$r40N;$9$k$?$a$K0l2s$@$1:F5/F0$9$kI,MW$,$"$j$^$9(B.</para>
  </sect1>

  <sect1 id="rcconf">
    <title>$BKI2PJI$rEk:\$9$k$h$&$K(B
      <filename>/etc/rc.conf</filename> $B$rJQ99$9$k(B</title>
    
    <para>
      $BKI2PJI$K$D$$$F(B
      <filename>/etc/rc.conf</filename>
      $B$r$N$3$H$r=R$Y$k$?$a$K(B, $B$=$3$K$$$/$D$+$NJQ99$r9T$$$^$9(B.
      $BC1=c$K0J2<$N9T$r2C$($^$9(B:</para>
    
    <programlisting>firewall_enable="YES"
firewall_script="/etc/firewall/fwrules"
natd_enable="YES"
natd_interface="tun0"
natd_flags="-dynamic"</programlisting>

    <para>
      $B>e$G$7$?$b$N$K4X$9$k99$J$k>pJs$O(B
      <filename>/etc/defaults/rc.conf</filename> $B$r8+$F(B,
      &man.rc.conf.5; $B$rFI$s$G2<$5$$(B.</para>
  </sect1>
  
  <sect1>
    <title>PPP $B$N%M%C%H%o!<%/%"%I%l%9JQ49$rL58z$K$9$k(B</title>
    
    <para>
      $B$b$7$+$9$k$H4{$K(B PPP $B$NAH9~$_%M%C%H%o!<%/%"%I%l%9JQ49(B
      (NAT) $B$rMxMQ$7$F$$$k$+$bCN$l$^$;$s(B.
      $B$=$l$rL58z2=$7$J$1$l$P$J$i$J$$>l9g$G$"$k$J$i(B,
      &man.natd.8; $B$NNc$r;H$$(B, $BF1$8$h$&$K$7$F2<$5$$(B.</para>

    <para>
      $B4{$K(B PPP $B$N<+F0%9%?!<%H$N%(%s%H%j$N$^$H$^$j$,$"$k$J$i(B,
      $BB?J,$3$s$J$U$&$K$J$C$F$$$k$G$7$g$&(B:</para>

    <programlisting>ppp_enable="YES"
ppp_mode="auto"
ppp_nat="YES"
ppp_profile="<replaceable>profile</replaceable>"</programlisting>

    <para>
      $B$b$7$=$&$J$i(B,
      <literal>ppp_nat="YES"</literal> $B$N9T$r:o=|$7$F2<$5$$(B.
      $B$^$?(B <filename>/etc/ppp/ppp.conf</filename> $B$NCf$N(B
      <literal>nat enable yes</literal> $B$^$?$O(B
      <literal>alias enable yes</literal> $B$r:o=|$9$kI,MW$,$"$k$G$7$g$&(B.</para>
  </sect1>

  <sect1 id="rules">
    <title>$BKI2PJI$X$N%k!<%k%;%C%H(B</title>
    
    <para>
      $B$5$F(B, $B$[$H$s$I$N$3$H$r$d$j$*$o$j$^$7$?(B.
      $B;D$k:G8e$N;E;v$OKI2PJI$N%k!<%k$rDj5A$9$k$3$H$G$9(B.
      $B$=$l$+$i:F5/F0$9$k$H(B, $BKI2PJI$,N)$A>e$,$j2TF/$9$k$O$:$G$9(B.
      $B;d$O%k!<%k%Y!<%9$rDj5A$9$kCJ3,$KC#$9$k$H(B,
      $B$9$Y$F$N?M$,<c430[$J$k2?$+$r5a$a$F$$$k$N$@$H$H<B46$7$F$$$^$9(B.
      $B;d$,EXNO$7$F$-$?$N$O(B,
      $B$[$H$s$I$N%@%$%"%k%"%C%W%f!<%6$KE,9g$7$?%k!<%k%;%C%H$r=q$/$3$H$G$9(B.
      $B$"$J$?$O<+J,$NI,MW$N$?$a$K(B
      $BC1=c$K0J2<$N%k!<%k$rEZBf$H$7$FMQ$$$k$3$H$K$h$C$F(B
      $B<+J,MQ$N%k!<%k%Y!<%9$KJQ99$9$k$3$H$,$G$-$^$9(B.
      $B$^$:(B, $BJD$8$?KI2PJI$N4pAC$+$i;O$a$^$7$g$&(B.
      $BK>$`$N$O=i4|>uBV$G$9$Y$F$r5qH]$9$k$3$H$G$9(B.
      $B$=$l$+$i$"$J$?$,K\Ev$KI,MW$H$9$k$3$H$@$1$N$?$a$KKI2PJI$r$"$1$^$7$g$&(B.
      $B%k!<%k$O$^$:5v2D$7(B, $B$=$l$+$i5qH]$9$k$H$$$&=gHV$G$"$k$Y$-$G$9(B.
      $B$=$NA0Ds$O$"$J$?$N5v2D$N$?$a$N5,B'$rIU2C$9$k$H$&$$$3$H$G(B,
      $B$=$l$+$iB>$NA4$F$O5qH]$5$l$^$9(B. :)</para>

    <para>
      $B$G$O(B /etc/firewall $B%G%#%l%/%H%j$r:n$j$^$7$g$&(B.
      $B%G%#%l%/%H%j$r$=$3$XJQ99$7(B,
      <filename>rc.conf</filename> $B$G5,Dj$7$?(B
      <filename>fwrules</filename> $B%U%!%$%k$rJT=8$7$^$9(B.
      $B$3$N%U%!%$%kL>$r<+J,$,K>$`G$0U$N$b$N$KJQ99$G$-$k$H$$$&$3$H$K5$$r$D$1$F$/$@$5$$(B.
      $B$3$N<j0z$-$O%U%!%$%kL>$N0lNc$rM?$($k$@$1$G$9(B. </para>

    <para>
      $B$=$l$G$O(B, $BKI2PJI%U%!%$%k$N8+K\$r8+$F$_$^$7$g$&(B.
      $B$=$N$9$Y$F$r>\:Y$K@bL@$7$^$9(B.</para>

    <programlisting># Firewall rules
# Written by Marc Silver (marcs@draenor.org)
# http://draenor.org/ipfw
# Freely distributable 


# (/etc/rc.firewall $B$K$"$k$h$&$K(B) $B;2>H$r4JC1$K$9$k$?$a$KKI2PJI$N%3%^%s%I$rDj5A$7$^$9(B. 
# $BFI$_$d$9$/$9$k$N$KLrN)$A$^$9(B.
fwcmd="/sbin/ipfw"

# $B:FFI9~$_$9$kA0$K8=:_$N%k!<%k$N>C5n$r6/@)$7$^$9(B.
$fwcmd -f flush

# $B%H%s%M%k%$%s%?!<%U%'!<%9$rDL$8$F$9$Y$F$N%Q%1%C%H$r(B divert $B$7$^$9(B.
$fwcmd add divert natd all from any to any via tun0

# $B<+J,$N%M%C%H%o!<%/$H%m!<%+%k%[%9%H$+$i$N%G!<%?$r$9$Y$F5v2D$7$^$9(B.
# $B:F5/F0$9$kA0$K<+J,$N%M%C%H%o!<%/%+!<%I(B ($B;d$N$O(B fxp0 $B$G$9(B) $B$KJQ99$9$k$N$r3NG'$7$^$7$g$&(B. :)
$fwcmd add allow ip from any to any via lo0
$fwcmd add allow ip from any to any via fxp0

# $B<+J,$,Ce<j$7$?$9$Y$F$N@\B3$r5v2D$7$^$9(B.
$fwcmd add allow tcp from any to any out xmit tun0 setup

# $B@\B3$,$$$C$?$s:n@.$5$l$k$H(B, $B$=$l$r5v2D$7$F3+$1$F$*$-$^$9(B.
$fwcmd add allow tcp from any to any via tun0 established

# $B0J2<$N%5!<%S%9$X@\B3$9$k$3$H$r%$%s%?!<%M%C%H>e$N$9$Y$F$N?M$K5v2D$7$^$9(B.
# $B$3$NNc$G$O?M!9$O(B ssh $B$H(B apache $B$K@\B3$7$F$h$$$H$$$&$3$H$r<($7$F$$$^$9(B.
$fwcmd add allow tcp from any to any 80 setup
$fwcmd add allow tcp from any to any 22 setup

# $B$9$Y$F$N(B ident $B%Q%1%C%H$K(B RESET $B$rAw$j$^$9(B.
$fwcmd add reset log tcp from any to any 113 in recv tun0

# $B5,Dj$5$l$?%5!<%P$KBP$7$F(B *$B$N$_(B* $B30It(B DNS $B$NLd$$9g$o$;$r5v2D$7$^$9(B.
$fwcmd add allow udp from any to <replaceable>x.x.x.x</replaceable> 53 out xmit tun0

# $B1~Ez$H$H$b$KLa$C$F$/$k$3$H$r5v2D$7$^$9(B.  :)
$fwcmd add allow udp from <replaceable>x.x.x.x</replaceable> 53 to any in recv tun0

# (ping $B$H(B traceroute $B$rF0:n$5$;$k$?$a$K(B) ICMP $B$r5v2D$7$^$9(B.
# $B$3$l$rHs5v2D$K$7$?$$$H;W$&$+$b$7$l$^$;$s$,(B,
# $B<{MW$rJ]$A$D$E$1$k$K$OE,$7$F$$$k$H46$8$F$$$^$9(B.
$fwcmd add 65435 allow icmp from any to any

# $B;D$j$NA4$F$r5qH]$7$^$9(B.
$fwcmd add 65435 deny log ip from any to any</programlisting>

    <para>
      $B$"$J$?$O(B 22 $BHV$H(B 80 $BHV$N%]!<%H$X$N@\B3$r5v2D$7(B,
      $B$=$l0J30$K;n$_$i$l$k$9$Y$F$N@\B3$r5-O?$9$k==J,$K5!G=E*$JKI2PJI$r<j$K$7$^$7$?(B.
      $B$G$O(B, $B$"$J$?$O0BA4$K:F5/F0$9$k$3$H$,$G$-$F(B,
      $B$"$J$?$NKI2PJI$O$&$^$/N)$A>e$,$k$O$:$G$9(B.
      $B$b$7$3$l$K@5$7$/$J$$$3$H$r8+$D$1$?$i(B,
      $B$b$7$/$OG$0U$NLdBj$r7P83$7$?$i(B,
      $B$5$b$J$/$P$3$N%Z!<%8$r8~>e$5$;$k$?$a$NG$0U$NDs0F$,$"$k$J$i(B,
      $B$=$N$$$:$l$K$7$F$b(B, $B$I$&$+;d$KEE;R%a!<%k$r2<$5$$(B.</para>
  </sect1>

  <sect1>
    <title>$B<ALd(B</title>
    
    <qandaset>
      <qandaentry>
	<question>
	  <para>
	    $BAH9~$_$N(B ppp $B%U%#%k%?$r;H$C$F$b$h$$$N$K(B,
	    $B$J$<(B natd $B$H(B ipfw $B$r;H$C$F$$$k$N$G$9$+(B?</para>
	</question>
	
	<answer>
	  <para>
	    $B@5D>$K8@$&$H(B,
	    $BAH9~$_$N(B ppp $B%U%#%k%?$NBe$o$j$K(B
	    ipfw $B$H(B natd $B$r;H$&7hDjE*$JM}M3$O$J$$$H8@$o$J$1$l$P$J$j$^$;$s(B.
	    $B$$$m$$$m$J?M$H7+$jJV$7$F$-$?5DO@$h$j(B,
	    ipfw $B$O3N$+$K(B ppp $B%U%#%k%?$h$j$b%Q%o%U%k$G@_Dj$KM;DL$,$-$/0lJ}(B,
	    $B$=$l$,5!G=E*$G$"$k$?$a$K:n$j>e$2$?$b$N$O%+%9%?%^%$%:$NMF0W$5$r(B
	    $B<:$C$F$$$k$H$$$&$3$H$G0U8+$N0lCW$r$_$?$h$&$G$9(B.
	    $B;d$,$=$l$r;H$&M}M3$N$R$H$D$O%f!<%6%i%s%I$N%W%m%0%i%`$G$9$k$h$j$b(B,
	    $B%+!<%M%k%l%Y%k$G9T$&KI2PJI$NJ}$r9%$`$+$i$G$9(B.</para>
	</answer>
      </qandaentry>

      <qandaentry>
        <question>
	  <para>
	    <errorname>limit 100 reached on entry 2800</errorname>
	    $B$N$h$&$J%a%C%;!<%8$r<u$1<h$C$?8e(B,
	    $B%m%0$NCf$K$=$l0J>e$N5qH]$rA4$/8+$J$/$J$j$^$7$?(B.
	    $BKI2PJI$O$^$@F0:n$7$F$$$k$N$G$7$g$&$+(B?</para>
        </question>

	<answer>
	  <para>
	    $BC1$K%k!<%k$N%m%0%+%&%s%H$,:GBgCM$KC#$7$?$H$$$&$3$H$r0UL#$7$F$$$^$9(B.
	    $B%k!<%k<+?H$O$^$@5!G=$7$F$$$^$9$,(B,
	    $B%m%0%+%&%s%?$r%j%;%C%H$9$k$^$G$=$l0J>e%m%0$r5-O?$7$^$;$s(B.
	    $B$3$l$O(B ipfw $B%3%^%s%I$K(B <literal>resetlog</literal>
	    $B%*%W%7%g%s$rF,$K$D$1$F<B9T$9$k$@$1$G$G$-$^$9(B.</para>
        </answer>
      </qandaentry>

      <qandaentry>
	<question>
	  <para>
	    $B$b$7FbIt$G(B 192.168.0.0
	    $B$NHO0O$N$h$&$J%W%i%$%Y!<%H%"%I%l%9$r;HMQ$7$F$$$k$J$i(B,
	    <literal>$fwcmd add deny all from any to 192.168.0.0:255.255.0.0 via tun0</literal>
	    $B$N$h$&$J%3%^%s%I$r(B
	    $BFbIt$N%^%7%s$X;n$_$i$l$k30It$+$i$N@\B3$rKI;_$9$k$?$a$K(B
	    $BKI2PJI$N%k!<%k$KDI2C$7$F$b$$$$$G$9$+(B?</para>
	</question>

	<answer>
	  <para>
	    $BC<E*$JEz$($O(B no $B$G$9(B.
	    $B$3$NLdBj$KBP$9$k$=$NM}M3$O(B
	    natd $B$O(B tun0 $B%G%P%$%9$rDL$7$F(B divert $B$5$l$F$$$k(B
	    <emphasis>$B$"$i$f$k$b$N(B</emphasis>
	    $B$KBP$7$F%"%I%l%9JQ49$r9T$C$F$$$k$H$$$&$3$H$G$9(B.
	    $B$=$l$,4X78$7$F$$$k8B$j(B,
	    $BF~$C$F$/$k%Q%1%C%H$OF0E*$K3d$jEv$F$i$l$?(B
	    IP $B%"%I%l%9$KBP$7$F$N$_OC$7(B,
	    $BFbIt%M%C%H%o!<%/$KBP$7$F$O(B *$BOC$5$J$$(B* $B$N$G$9(B.
	    $BKI2PJI7PM3$G30$X=P$F9T$/%[%9%H$+$i$"$J$?$NFbIt%M%C%H%o!<%/>e$N%[%9%H$r@)8B$9$k(B
	    <literal>$fwcmd add deny all from 192.168.0.4:255.255.0.0 to any via tun0</literal>
	    $B$N$h$&$J%k!<%k$rDI2C$9$k$3$H$,$G$-$k$H$$$&$3$H$K$b5$$r$D$1$F$/$@$5$$(B.</para>
	</answer>
      </qandaentry>

      <qandaentry>
	<question>
	  <para>
	    $B2?$+4V0c$C$F$$$k$K0c$$$"$j$^$;$s(B.
	    $B;d$O$"$J$?$N@bL@$KJ8;zDL$j=>$$$^$7$?$,(B,
	    $BDy$a=P$5$l$F$7$^$$$^$7$?(B.</para>
        </question>

	<answer>
	  <para>
	    $B$3$N%A%e!<%H%j%"%k$O$"$J$?$,(B
	    <emphasis>userland-ppp</emphasis>
	    $B$r2TF/$7$F$$$F(B, $B$=$N7k2L(B
	    <devicename>tun0</devicename>
	    [&man.ppp.8; ($B$^$?$NL>$r(B <emphasis>user-ppp</emphasis>)
	    $B$G:n$i$l$k:G=i$N@\B3$KAjEv$7$^$9(B]
	    $B%$%s%?!<%U%'!<%9>e$G6!5k$5$l$?%k!<%k%;%C%H$,F0:n$7$F$$$k$3$H$rA[Dj$7$F$$$^$9(B.
	    $B$5$i$J$k$N@\B3$O(B
	    <devicename>tun1</devicename>, <devicename>tun2</devicename>
	    $B$J$I$rMQ$$$^$9(B.</para>

	  <para>
	    &man.pppd.8; $B$,(B
	    <devicename>ppp0</devicename>
	    $B%$%s%?!<%U%'!<%9$rBe$o$j$KMQ$$$k$H$$$&$3$H$K$bCm0U$9$k$9$Y$-$G$9(B.
	    $B$h$C$F(B &man.pppd.8; $B$K$h$k@\B3$r;O$a$k$J$i(B
	    <devicename>ppp0</devicename> $B$NBe$o$j$K(B
	    <devicename>tun0</devicename> $B$rMQ$$$F2<$5$$(B.
	    $B$3$NJQ99$rH?1G$9$kKI2PJI$N%k!<%k$rJT=8$9$kAaF;$O0J2<$K<($5$l$F$$$^$9(B.
	    $B85$N%k!<%k%;%C%H$O(B <filename>fwrules_tun0</filename>
	    $B$H$7$F%P%C%/%"%C%W$5$l$F$$$^$9(B.</para>

	  <screen>	    &prompt.user; <userinput>cd /etc/firewall</userinput>
	    /etc/firewall&prompt.user; <userinput>su</userinput>
	    <prompt>Password:</prompt>
	    /etc/firewall&prompt.root; <userinput>mv fwrules fwrules_tun0</userinput>
	    /etc/firewall&prompt.root; <userinput>cat fwrules_tun0 | sed s/tun0/ppp0/g > fwrules</userinput>
	  </screen>

	  <para>
	    $B$$$C$?$s@\B3$,3NN)$7$?$i(B,
	    $B8=:_(B &man.ppp.8; $B$+(B &man.pppd.8; $B$N$I$A$i$rMxMQ$7$F$$$k$+$rCN$k$?$a$K(B
	    &man.ifconfig.8; $B$N=PNO$G8!::$9$k$3$H$,$G$-$^$9(B.
	    $BNc$H$7$F(B, &man.pppd.8; $B$G:n@.$5$l$?@\B3$G$O(B,
	    $B$3$N$h$&$J$b$N$,L\$K$9$k$G$7$g$&(B
	    ($B4X78$N$"$k$b$N$@$1<($7$F$$$^$9(B).</para>

	  <screen>	    &prompt.user; <userinput>ifconfig</userinput>
	    <emphasis>(skipped...)</emphasis>
	    ppp0: flags=<replaceable>8051&lt;UP,POINTOPOINT,RUNNING,MULTICAST&gt; mtu 1524</replaceable>
                    inet <replaceable>xxx.xxx.xxx.xxx</replaceable> --&gt; <replaceable>xxx.xxx.xxx.xxx</replaceable> netmask <replaceable>0xff000000</replaceable>
	    <emphasis>(skipped...)</emphasis>
	    </screen>

	  <para>
	    $BB>J}$G(B, &man.ppp.8; (<emphasis>user-ppp</emphasis>)
	    $B$G:n@.$5$l$?@\B3$G$O(B,
	    $B$"$J$?$O$3$l$K;w$?$b$N$rL\$K$9$k$O$:$G$9(B.</para>

	  <screen>	    &prompt.user; <userinput>ifconfig</userinput>
	    <emphasis>(skipped...)</emphasis>
	    ppp0: flags=<replaceable>8010&lt;POINTOPOINT,MULTICAST&gt; mtu 1500</replaceable>
	    <emphasis>(skipped...)</emphasis>
	    tun0: flags=<replaceable>8051&lt;UP,POINTOPOINT,RUNNING,MULTICAST&gt; mtu 1524</replaceable>
	            <emphasis>(IPv6 stuff skipped...)</emphasis>
                    inet <replaceable>xxx.xxx.xxx.xxx</replaceable> --&gt; <replaceable>xxx.xxx.xxx.xxx</replaceable> netmask <replaceable>0xffffff00</replaceable>
                    Opened by PID <replaceable>xxxxx</replaceable>
            <emphasis>(skipped...)</emphasis></screen>
	</answer>
      </qandaentry>
    </qandaset>
  </sect1>
</article>

----Next_Part(Wed_Aug_15_21:00:27_2001_559)----
