From owner-FreeBSD-net-jp@jp.freebsd.org  Fri Nov 14 13:37:29 1997
Received: by jaz.jp.freebsd.org (8.8.8+2.7Wbeta7/8.7.3) id NAA28066
	Fri, 14 Nov 1997 13:37:29 +0900 (JST)
Received: by jaz.jp.freebsd.org (8.8.7+2.7Wbeta7/8.7.3) with ESMTP id NAA28051
	for <freebsd-net-jp@jp.freebsd.org>; Fri, 14 Nov 1997 13:37:24 +0900 (JST)
Received: from masato-nt ([202.24.73.74]) by pcbw01.ponycanyon.co.jp with ESMTP id <23041-1>; Fri, 14 Nov 1997 13:29:13 +0900
Message-ID: <346BD2F9.9DE61BD3@vir.bekkoame.or.jp>
Date: Fri, 14 Nov 1997 13:26:33 +0900
From: Masato Kobayashi <masato.k@vir.bekkoame.or.jp>
Organization: >
X-Mailer: Mozilla 4.01 [en] (WinNT; I)
MIME-Version: 1.0
To: "freebsd-net-jp@jp.freebsd.org" <freebsd-net-jp@jp.freebsd.org>
X-Priority: 3 (Normal)
Content-Type: text/plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Reply-To: FreeBSD-net-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute [version 2.1 (Alpha) patchlevel=20]
X-Sequence: FreeBSD-net-jp 329
Subject: [FreeBSD-net-jp 329] IP Filter Setup
Errors-To: owner-FreeBSD-net-jp@jp.freebsd.org
Sender: owner-FreeBSD-net-jp@jp.freebsd.org

$B;O$a$^$7$F!#>.NS$H?=$7$^$9!#(J
$B:#$^$G#R#O#M$7$F$$$^$7$?$,!"(JIP Filter $B$N@_Dj$G$o$+$i$J$$;v$,=P$F$-$^$7$?(J
$B$N$G65$($F$/$@$5$$!#(J

$B:#2s@_7W$7$?#F#i#r#e#W#a#l#l$N%l%$%"%&%H$O!"<!$N$h$&$K$J$C$F$$$^$9!#(J


                       OCN
                        |        x.x.x.128/28
                        |
                      Router     x.x.x.129
                        |
                        |
                        |        x.x.x.130
                     FireWall
                        |        192.168.2.y
                        |
                        |        192.168.2.0/24
                        |        Local Network
                    +---+---+
                    |       |
                   WWW    Clieant
                   Mail
                  Server

FireWall $B%^%7%s(J
    OS FreeBSD 2.2.1-R
    NIC ed1 (External) IP:x.x.x.130/28
        ed0 (Internal) IP:192.168.2.y/24
    IP Filtter v3.2
        FireWall $B$K$O!"(JIP-Filter v3.2$B$r;HMQ$7$F!"%Q%1%C%H%U%#%k%?$r(J
        $B$+$1$^$9!#(J
        $B%m!<%+%k%M%C%H$K?6$i$l$?%W%i%$%Y!<%H%"%I%l%9$O!"(JNAT $B$r(J
        $B;H$C$F!"%0%m!<%P%k%"%I%l%9$KJQ49$7$^$9!#(J

$B0J>e$N$3$H$r@_Dj$9$l$P!"FbIt%M%C%H$N%/%i%$%"%s%H$+$i!"30It%M%C%H$K%"%/%;(J
$B%9$G$-$k$H9M$($^$7$?!#(J

$B$=$3$G!"(JIP Filter $B$KIUB0$N%I%-%e%a%s%H!J(JINST.FreeBSD-2.2$B!K$K=>$C$F%+!<%M(J
$B%k$r:F9=C[$7$F!"<!$N$h$&$K@_Dj%U%!%$%k$r:n@.$7$^$7$?!#(J

ipf.conf
$B!JFbIt%M%C%H$+$i30It%M%C%H$X$N(J telnet $B@\B3$N$_$r5v2D$9$k!K(J
--------------------------------
pass out on ed0 proto tcp from x.x.x.136/29 to any port =  23
pass in  on ed1 proto tcp from any to x.x.x.136/29 port >  1023

block in  from any to any
block out from any to any
--------------------------------

ipnat.conf
--------------------------------
map ed1 192.168.2.0/24 -> 0/32 portmap tcp/udp 10000:20000
map ed1 192.168.2.0/24 -> 0/32
--------------------------------

root $B$K$J$C$F!"%b%8%e!<%k$r5/F0$9$k$H!"%(%i!<$J$I$J$7$K!"@5>o$K5/F0$7$F(J
$B$$$k$h$&$G$9!#(J

--------------------------------
#modload if_ipl.o
#ipf -f ipf.conf
#ipnat -f ipnat.conf
--------------------------------

$B$=$3$G!"%/%i%$%"%s%H$+$i%k!<%?$K(J TELNET $B$7$F$_$k$H!"%?%$%`%"%&%H$7$F@\B3(J
$B$G$-$^$;$s!#(J
NAT$B$b=hM}$5$l$F$$$J$$$h$&$G$9!#(J

$B$A$J$_$K!"$3$NA0CJ3,$N%F%9%H$G(J Filter $B@_Dj$r$9$Y$F(J pass $B$5$;$?>l9g$K$O!"(J
TELNET $B$b@.8y$7$^$7$?!#(J

$B$I$J$?$+!"LdBjE@$r$4;XE&$/$@$5$$!#(J
-- 
========================================
   From : Masato Kobayashi
         <masato.k@vir.bekkoame.or.jp>
========================================
