From owner-FreeBSD-net-jp@jp.freebsd.org  Sun Feb 14 05:56:08 1999
Received: (from daemon@localhost)
	by jaz.jp.freebsd.org (8.9.1+3.1W/8.7.3) id FAA23718;
	Sun, 14 Feb 1999 05:56:08 +0900 (JST)
	(envelope-from owner-FreeBSD-net-jp@jp.FreeBSD.org)
Received: from dns1.science.gr.jp (dns1.science.gr.jp [210.230.209.26])
	by jaz.jp.freebsd.org (8.9.1+3.1W/8.7.3) with ESMTP id FAA23711
	for <FreeBSD-net-jp@jp.freebsd.org>; Sun, 14 Feb 1999 05:56:04 +0900 (JST)
	(envelope-from ohba@science.gr.jp)
Received: from nt.science.gr.jp (gw2.science.gr.jp [210.230.209.27])
	by dns1.science.gr.jp (8.9.2/3.7W) with SMTP id FAA28760
	for <FreeBSD-net-jp@jp.freebsd.org>; Sun, 14 Feb 1999 05:56:02 +0900 (JST)
Message-Id: <199902132056.AA00353@nt.science.gr.jp>
From: Masashi Ohba <ohba@science.gr.jp>
Date: Sun, 14 Feb 1999 05:56:01 +0900
To: FreeBSD-net-jp@jp.freebsd.org
In-Reply-To: <36C5B591.1B8E3D5D@cty-net.ne.jp>
MIME-Version: 1.0
X-Mailer: AL-Mail32 Version 1.10 beta7
Content-Type: text/plain; charset=iso-2022-jp
Reply-To: FreeBSD-net-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+981115
X-Sequence: FreeBSD-net-jp 1344
Subject: [FreeBSD-net-jp 1344] Re: =?ISO-2022-JP?B?GyRCI04jSSNDRnMbKEI=?=
 =?ISO-2022-JP?B?GyRCS2c6OSQ3GyhC?= 
Errors-To: owner-FreeBSD-net-jp@jp.freebsd.org
Sender: owner-FreeBSD-net-jp@jp.freebsd.org
X-Originator: ohba@science.gr.jp

$BBg>l$G$9!#(B

In message "[FreeBSD-net-jp 1341] $B#N#I#CFsKg:9$7(B",Ryouma Higuchi wrote...
>$B!X$d$j$?$$$3$H!Y(B
>$B$3$N@\B3$N7A$G!J(BFreeBSD$B$rDL$7$F!K(BWin98$B$N%V%i%&%6!<$d%a!<%i!<$r;HMQ$7$?(B
>$B$$!#(B
>
>$BCN$j9g$$$KJ9$-$J$,$i:n6H$r:#F|0lF|$9$9$a!"(BCTY$B$K$b@_DjJ}K!$rLd$$9g$o$;$?(B
>$B$N$G$9$,$3$l0J>e@h$K?J$a$^$;$s!"$I$&$7$?$i$d$j$?$$$3$H$,=PMh$k$h$&$K$J$k(B
>$B$N$G$7$g$&$+!)(B

1. FreeBSD$B%^%7%s$K(BNIC$B$r(B2$BKgA^$7$K$7$F(B
2. NIC1$B$KM?$($i$l$?(BIP$B%"%I%l%9$r$D$1(B
3. NIC2$B$K%m!<%+%k$J(BIP$B%"%I%l%9$r<+J,$G$D$1$F(B
4. $BFbB&$N%M%C%H%o!<%/$O$=$N(BFreeBSD$B$r7PM3$5$;$F(B
5. $BFbB&$+$i30B&$K<+M3$K=P$F9T$-$?$$(B

$B$H$$$&$3$H$@$H;W$&$N$G$9$,!"2f$,2H$G$O(B
$BJRB&$N(BNIC$B$O(BDION$B%9%?%s%@!<%I(B2$B$N8x<0$N(BIP$B%"%I%l%9(B
$B$b$&JRB&$O(B192.168.0.x$B;H$C$?(BWindows$B$G;H$&$*2H(BLAN
$B$H$$$&4D6-$r!"(BFreeBSD2.2.8$B$G(B1$B!A(B5$B$N5!G=$r$d$C$F$^$9!#(B

$B!t(BDION$B$N$/$l$k(BIP$B%"%I%l%9$O(B8$B$D$@$1$J$N$G!"%5!<%P!<6HL3$N(B
$B!tL5$$!"BP30E*$K8x3+$9$kI,MW$NL5$$%^%7%s$K%0%m!<%P%k(BIP$B$O(B
$B!t$b$C$?$$$J$$(B & $BFbB&$K0O$C$F$7$^$$$?$$$+$i$G$9!#(B

$B%a!<%k$r8+$?8B$j(BNIC2$BKgA^$7$F(BIP$B%"%I%l%9$D$1$?(B
$B$=$l0J>e!"$I$s$J@_Dj$7$?$+$,$^$C$?$/$o$+$i$J$$$s$@$1$I(B
$B>!<j$K$D$1$?(BIP$B%"%I%l%9B&$+$i30$K=P$F9T$-$?$$$J$i(B
$BFbB&$N%^%7%s$+$i30B&$N%^%7%s$X%"%/%;%9$7$?;~(B

1. FreeBSD$B%^%7%sFbIt$G(BNIC2$B"*(BNIC1$B$H%G!<%?$rAw$k(B
2. $B>!<j$K$D$1$?(BIP$B%"%I%l%9$,30$X=P$F9T$+$J$$$h$&$K(B
   NIC1$B$,<+J,$N(BIP$B%"%I%l%9$KIU$1BX$($F30B&$N%^%7%s$X%"%/%;%9(B
3. $B30B&$N%^%7%s"*(BNIC1$B$XJV;v(B
4. FreeBSD$B%^%7%sFbIt$G(BNIC1$B"*(BNIC2$B$H%G!<%?$rAw$k(B
5. $BFbB&$N$I$N%^%7%s$X$NJV;v$+H=CG(B
   FreeBSD$B%^%7%sFbIt$G(BIP$B%"%I%l%9$NIU$1BX$(JQ49:n6H(B
6. NIC2$B"*FbB&$N%^%7%s$XJV;v(B

$B$3$l$,$G$-$k$h$&$K@_Dj$7$F$"$k$H$OFI$a$J$+$C$?$N$G$9$,(B
$B$3$N$h$&$J:n6H$,I,MW$J$3$H$O$o$+$C$F$^$9$+!)(B

natd$B$OF0$$$F$k$N$G$9$+!)(B
ipfw$B$OF0$$$F$k$N$G$9$+!)(B
ipfw$B$O$I$N$h$&$J@_Dj$7$F$^$9$+!)(B
$BF0$+$9$?$a$K=q$$$?@_Dj$O!)(B

$B!t$3$l$,$o$+$s$J$$$H(B
$B!t!V$I!<$7$?$i$G$-$^$9$+!W$C$FJ9$+$l$?$C$F(B
$B!t!V$"$J$?$O$I$s$J@_Dj$7$?$s$G$9$+!)!W$H$7$+8@$($^$;$s!#(B

$B$J$N$G!"@N!9(Bfj$B$K=P$7$?(B&HOWTO$B:n$k$h$H$$$&$N$GHSEg$5$s$K(B
$BAw$C$?%a!<%k$r7!$j=P$7$F<jD>$7$7$F$_$^$7$?!#(B
$B$b$&>/$78zN($$$$J}K!$H$+!"8+$H$*$7$$$$J}K!$,$"$k$+$b(B
$B$7$l$^$;$s$1$I!"AG?M$J$j$K(BWeb$B$GD4$Y$F;n9T:x8m$7$J$,$i(B
$B?'!9<+J,$G$d$C$?J}K!$J$N$G!"$o$+$j$K$/$$J}K!$G$O$J$$$H(B
$B;W$C$F$^$9!#0J2<$N<j=g$G:n6H$9$l$PF0$/$s$8$c$J$$$+$J!)(B


$BCm(B
1. $B8=:_$O%M%C%H%o!<%/9=@.$,<c43JQ$o$C$F$^$9$,(B
   2.2.5$B"*(B2.2.8$B%P!<%8%g%s%"%C%W$7$?;~$K2<5-$NJ}?K$G(B
   $B:n6H$7$J$*$7$^$7$?$,!"@_Dj<jK!<+BN$OM-8z$G$7$?!#(B
2. 3.0$B$O;H$C$F$J$$$N$G$3$l$GF0$/$+$I$&$+$o$+$j$^$;$s!#(B
3. $B%M%C%H%^%9%/$J$s$+$O$"$/$^$G$bNc$G$9!#(B
   $B4D6-$K$"$o$;$FFI$_BX$($F$/$@$5$$!#(B
   ($B2<5-$O!"9=@.JQ99$G$3$3$N4D6-$H0c$C$F$^$9(B)

$B$5$F!"$+$J$jD9J8(B
$B$3$3$+$i(B--------------------------------------------------
FreeBSD2.2.8$B$G(Bnatd+ipfw$B$rF0$+$7!"(BIP$B%"%I%l%9JQ495!G=IU(Bgateway$B$r:n$kJ}K!(B

HOWTO

$B0J2<$N$h$&$J4D6-$rA[Dj$7$^$9!#(B
OS PC$B$G$N(BFreeBSD 2.2.8

host$BL>(B       natbox
$B%0%m!<%P%k(BIP$BB&(B
IP$B%"%I%l%9(B   aaa.bbb.ccc.ddd
$B%M%C%H%^%9%/(B 255.255.255.0
$B%$!<%5%+!<%I(B ed0

$B%m!<%+%k(BIP$BB&(B
IP$B%"%I%l%9(B   192.168.0.1
$B%M%C%H%^%9%/(B 255.255.255.0
$B%$!<%5%+!<%I(B ed1

$B$3$l$r0J2<$N$h$&$K9=@.$7$F$"$k$H$7$^$9!#(B($B8GDj%T%C%A$J%U%)%s%H$G8+$F$/$@$5$$(B)

                            $B%m!<%+%k(B(192.168.0.2$B!A(B)
           _____              HUB
          |     |          __________
      ed0 |     |ed1      |__________|
$B30(B--------|     |----------| | | | |--PC4
          |     |            | | |
          |_____|           /  |  \
        FreeBSD2.2.8       /   |   \
           $B%^%7%s(B        PC1  PC2  PC3
         (natbox)


1. $B%+!<%M%k$N%j%3%s%U%#%0(B

$B%+!<%M%k$N:F9=C[A4HL$K$D$$$F$O%^%K%e%"%k$dK\$K$"$?$C$F$/$@$5$$!#(B
$B;d$,(Bnatd+ipfw$B$N$?$a$KIU$1B-$7$?ItJ,$N$O0J2<$NItJ,$G$9!#(B
($B$3$l$@$1$GLdBj$J$/F0$$$F$$$^$9(B)

options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPDIVERT

$B$3$3$G$NCm0U$O!"(Boptions IPFIREWALL$B$rM-8z$K$9$k$H(Bipfw$B$N@_Dj$,(B
$B$5$l$k$^$G30It$H$NDL?.$,0l@Z=PMh$J$/$J$j$^$9!#(B
$B$G$9$+$i!"(Btelnet$B$G30$+$i@_Dj$r$7$h$&$H$$$&$N$OL5KE$J$N$G!"(B
$B$=$N%^%7%s$H8~$-9g$C$F@_Dj$7$^$7$g$&!#(B

$B%G%e%"%k%[!<%`%[%9%H$K$7$?$D$$$G$KM>J,$J%$!<%5%M%C%H%+!<%I$N(B
$BItJ,$b%3%a%s%H%"%&%H$7$F!"(Bed0$B$H(Bed1$B$@$1$K$7$^$7$?!#$3$l$O;d$N@_Dj!#(B

device ed0 at isa? port 0x280 net irq  5 iomem 0xd8000 vector edintr
device ed1 at isa? port 0x300 net irq  9 iomem 0xd8000 vector edintr
$B$3$l0J2<!"(B#$B$r$D$1$F%3%a%s%H$K$7$F$$$^$9!#(B


2. /etc/services$B$K0J2<$rDI2C(B

natd 6668/divert #Network Address Translation socket

6668$B$OB>$H%@%V$i$J$$$h$&$K9%$-$K$D$1$F$b$$$$$H;W$$$^$9$,(B
$B8e=R$9$k(Bnatd.sh$B$H$O9g$o$;$F$/$@$5$$!#(B


3./etc/rc.conf$B$N@_Dj(B

$B$d$kI,MW$,$"$k$3$H$O<!$N(B2$BE@$G$9!#(B
1.$B%$!<%5%+!<%I$r(B2$BKgG'<1$5$;$k(B
2.gateway$B$H$7$F5!G=$5$;$k(B

$B;d$O!"(Bfirewall=NO$B$H$9$kN.57$NJ}$,J,$+$j$d$9$+$C$?$N$G(B
rc.conf$B$+$i(Bfirewall$B$,M-8z$K$J$k$h$&$K$O@_Dj$7$^$;$s$G$7$?!#(B
$B4X78$"$kItJ,$O(Brc.conf$B$N>e$+$i0J2<$NItJ,$G$9!#(B
$B;d$N@_Dj$NNc(B($B0lItIz$;;z$G%3%a%s%H$O%+%C%H!#(Bed0 ed1$B$O4D6-0MB8(B)

firewall_enable="NO"
network_interfaces="ed0 ed1 lo0"
ifconfig_ed0="inet aaa.bbb.ccc.ddd  netmask 255.255.255.0"
ifconfig_ed1="inet 192.168.0.1 netmask 255.255.255.0"
gateway_enable="YES"


4. /usr/local/etc/rc.d$B$K0J2<$N$h$&$JFbMF$N(Bnatd.sh$B$rCV$$$F(B
   $B<B9T2DG=(B(+x)$B$K$9$k!#(B

$BFbMF$H$7$F$O(Bipwf$B$K$h$k%U%#%k%?%j%s%0$H(Bnatd$B$K0z?t$rM?$($F5/F0$5$;$k$G$9!#(B  
$B$3$l$K$h$C$F!"%^%7%s$N5/F0$N:G8e$K(Bnatd+ipfw$B$,F0:n$7$^$9!#(B

ipfw$B$NItJ,$K?'!9$H=q$-B-$;$P!"DL$9(B/$BDL$5$J$$$N@_Dj$,=PMh$^$9!#(B
$B$3$N(Bnatd.sh$B$O;d$,<B:]$K;H$C$F$k$b$N$G$9$,!"(BIP$B%"%I%l%9@aLs$N$?$a(B
$B$@$1$G;H$C$F$k$N$G%m!<%+%kB&$+$i$OAGDL$7$G$9!#(B
$B>e$N3($N$h$&$J9=@.$N>l9g!"30$+$i8+$($k$N$O(BFreeBSD$B%^%7%s$@$1$K$J$j$^$9!#(B

natd$B$O%*%W%7%g%s$r%U%!%$%k$K$+$$$FFI$_9~$^$;$k;v$b=PMh$^$9$,(B
($B$3$l$O%^%K%e%"%k$r8+$F$/$@$5$$(B)$B;d$N>l9g$?$C$?(B2$B$D$J$N$G(B
$B%*%W%7%g%s$H$7$F0z?t$rD>@\M?$($F$^$9(B
($B%]!<%H;XDj$N(B-p 6668 $B$H308~$-%$%s%?!<%U%'!<%9;XDj$N(B-n ed0)

$BCm(B ed0$B$NItJ,$O3F<+$N4D6-0MB8$G$9!#I,MW$J$h$&$K=q$-49$($F$/$@$5$$!#(B

$B0J2<!";d$N(Bnatd.sh$B$NFbMF(B

$B!!$3$3$+$i(B-----------------------------------------------

echo 'Start natd '
echo ''

## setting ipfw

# Flush out the list before we bigin.
/sbin/ipfw -f flush

/sbin/ipfw add divert 6668 all from any to any via ed0
/sbin/ipfw add pass all from any to any

# Start up Network Address Transretor daemon (natd) 

/usr/local/sbin/natd -p 6668 -n ed0

$B!!$3$3$^$G(B-----------------------------------------------


5. $B$3$3$^$G$d$C$?$i!"?7$7$$%+!<%M%k$G:F5/F0(B

natd+ipfw$B$,$A$c$s$HF0$/$H(B

  1. IP packet filtering initialized, divert enabled, unlimited logging
     $B$,(B/var/log/messages$B$K;D$j$^$9!#(B

  2. $B%V!<%H$N:G8e$K0J2<$N$h$&$J(Bipfw$B$N@_Dj$,FI$a$^$9!#(B
     ($B$,!"%^%7%s$,B.$$$HI=<($,$^$?=V$/$K>C$($k$N$GFI$s$G$i$l$^$;$s(B)
     00000    divert 6668 ip from any to any via ed0
     00000    allow ip from any to any

     $B$"$k$$$O!"(Bsu$B$7$F!"(Bipfw -a l $B$G$b0J2<$N$h$&$JI=<($,=P$^$9!#(B
     00100      24490    9655161 divert 6668 ip from any to any via ed0
     00200      43389   17224095 allow ip from any to any
     65535          2        128 deny ip from any to any
     ($BF,$N?t;z0J30$O!";d$N4D6-$G$NNc$H$$$&$3$H$G!D(B)

$B!t$3$3$^$G$G%_%9$,$"$C$F>e<j$/F0$+$J$$$H%m!<%+%k%k!<%W%P%C%/$9$i(B
$B!t;H$($J$/$J$C$F$k$+$b$7$l$^$;$s!D(B(^^;)


6. $B%m!<%+%kB&$NB>$N%^%7%s$N@_Dj(B

  1. PC$B#1(B-4$B$O%m!<%+%k(BIP$B%"%I%l%9(B(192.168.0.X)$B$K$9$k(B
  2. PC$B#1(B-4$B$O%2!<%H%&%'%$!J$"$k$$$O%G%U%)%k%H%k!<%?!<(B)$B$K(B
     natbox$B$N(Bed1(192.168.0.1)$B$r;XDj$9$k!#(B
  3. $BBf?t$,>/$J$$$J$i!"%m!<%+%kB&$N%^%7%s$OA4$F(Bhosts$B%U%!%$%k$K=q$-(B
     $BA4$F$K;}$?$;$F$7$^$&!#$3$l$r$7$F$*$+$J$$$H%m!<%+%kB&$G$NDL?.$,(B
     host$BL>$G=PMh$^$;$s!#(B

  $B$"$k$$$O(B

  3'.$B%m!<%+%kB&$K%^%7%s$,BgNL$K$"$k>l9g$O!"%m!<%+%kB&$K%M!<%`%5!<%P$r(B
     $BN)$A>e$2!"%m!<%+%k$NJ,$O$=$C$A$G=hM}$9$k!#(B
     $B!t(B $B;d$O8D?M$G?tBf$7$+;H$C$F$J$$$7!"(B3$B$G==J,$J$?$a(B3'$B$O$d$C$F$^$;$s!#(B

  3$B$N>l9g$O(B
  4. $B%M!<%`%5!<%P$K%0%m!<%P%kB&$K$"$k8x<0$J$b$N$r;XDj$9$k!#(B
     natbox$B$G(Bnatd+ipfw$B$,5!G=$7!"%M!<%`%5!<%P$K8x<0$N$b$N$r(B
     $B;XDj$7$F$*$/$H(Bnatbox$B7PM3$GLd$$9g$o$;$F!"(B
     $B%m!<%+%kB&$N%^%7%s$K$A$c$s$HJV$7$F$/$l$^$9!#(B

  5. Web$B$G30$K=P$i$l$F<+M3$KF0$-2s$l$l$P!"$^$:$O@.8y!#(B
     $B30$+$i8+$k$HFbB&$N%^%7%s$,$D$J$$$G$b!"Aj<j$K$O(B
     $B$9$Y$F(BFreeBSD$B%^%7%s$N(Bed0$B$,$D$J$$$G$k$h$&$K8+$($^$9!#(B

$B$3$3$^$G(B--------------------------------------------------

$B$3$N$h$&$J46$8$G(BFreeBSD2.2.8$B$G(Bnatd+ipfw$B$rF0$+$7$F$$$^$9!#(B
$B%m!<%+%kB&$N(BNT4.0$B$H(BWin95$B$+$i(Btelnet$B!"(Bssh$B!"(Bftp$B!"(Bping$B!"(B
traceroute$B!"(B(Windows$B$N(Btracert)$B!"(Bntp$B!"(BPOP$B!"(Barchie$B!"(BNews$B!"(B
Web$B!"(BRealaudio$B!"(BIRC$BEy$K$D$$$F$O!"F|>oE*$KIT<+M3$J$7$K(B
$B30$K=P$F$$$1$F$^$9!#(B

$B!t(BUO$B$d$C$F$k?M$b$$$^$9(B($B>P(B)

CATV$B%$%s%?!<%M%C%H$N>l9g!"ET9g(B2$BCJ3,$N(Bnatd$B$G$NJQ49$,(B
$BF~$k$h$&$G$9$N$G!"$=$N$"$?$j!">e<j$/$$$/$N$+$o$+$j$^$;$s$1$I(B
$B;29M$K$J$l$P!#(B

$B$"$H!"(BFreeBSD$B%^%7%s$r>o;~@\B3$5$;$k$J$i!"(Btcp_wrapper$B$r(B
$BF0$+$9$J$I$N%;%-%e%j%F%#$b9M$($?J}$,$$$$$+$b$G$9$M!#(B

$B!t%m!<%+%k(BIP$B;H$&(BCATV$BJ}<0$O30$+$i967b$5$l$?$j$7$J$$$N$+$J!)(B

--------------------------------------------------
Masashi Ohba  ohba@science.gr.jp
