From owner-FreeBSD-net-jp@jp.freebsd.org  Fri Aug 27 15:21:47 1999
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id PAA26760;
	Fri, 27 Aug 1999 15:21:47 +0900 (JST)
	(envelope-from owner-FreeBSD-net-jp@jp.FreeBSD.org)
Received: from mail.netwave.or.jp (mail.netwave.or.jp [202.214.48.114])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with ESMTP id PAA26755
	for <FreeBSD-net-jp@jp.freebsd.org>; Fri, 27 Aug 1999 15:21:46 +0900 (JST)
	(envelope-from takesima@mail.netwave.or.jp)
Received: from BLESS (ppp20018.netwave.or.jp [202.214.54.18])
	by mail.netwave.or.jp (8.8.8+2.7Wbeta7/3.6W) with SMTP id PAA10845
	for <FreeBSD-net-jp@jp.freebsd.org>; Fri, 27 Aug 1999 15:22:41 +0900 (JST)
Message-ID: <008101bef054$3b77f930$dd00a8c0@BLESS>
From: "takesima" <takesima@mail.netwave.or.jp>
To: <FreeBSD-net-jp@jp.freebsd.org>
Date: Fri, 27 Aug 1999 15:19:54 +0900
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-2022-jp"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2014.211
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2014.211
Reply-To: FreeBSD-net-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+990727
X-Sequence: FreeBSD-net-jp 1868
Subject: [FreeBSD-net-jp 1868] NAT =?ISO-2022-JP?B?GyRCISdEOUo4JEcbKEI=?=
 =?ISO-2022-JP?B?GyRCJDkhIyQ0PXU4QCQqNGokJCQ3JF4kOSEjGyhC?= 
Errors-To: owner-FreeBSD-net-jp@jp.freebsd.org
Sender: owner-FreeBSD-net-jp@jp.freebsd.org
X-Originator: takesima@mail.netwave.or.jp

$BC]Eg(B@$B2,K-IB1!$H?=$7$^$9!#(B

 $B<+J,$J$j$K(BNAT$B$7$^$7$?$,!"$5$F$$$1$F$k$N$+$I$&$+J,$+$j$^$;$s!#(B
 $B$G!"$4=u8@$*4j$$?=$7>e$2$^$9!#(B

$BL\I8$O!"(B

$B%$%s%?!<%M%C%H(B
$B!C(B
$B%k!<%?!<(B192.168.1.1
$B!C(B
$B!C(Bed2$B!'(B192.168.1.2
FreeBSD3.2$B!J$3$l$r(Bfirewall+NAT$B2=$1$5$;$?$$!K(B
$B!C(Bed1:192.168.0.2
$B!C(B
$B$$$m$s$J(B192.168.0.$B#x$N%Q%=%3%s(B
$B$G$9!#(B

$B$^$:!"(B
 NIC$B$N(B2$BKg:9$G$9!#(B
 $B$b$H$b$H!!(BPCI$B$N(BNE2000$B%3%s%Q%A(BNIC$B$,F~$C$F$^$7$?!#(B
 $B$3$l$O(Birq9$B$G!"(Bed1$B$H$7$FG'<1$5$l$F$$$^$7$?!#(B

 $B$3$l$K(BISA$B$N(BNIC$B$rDI2C$7$h$&$H$7$^$7$?$,!"$&$^$/9T$-$^$;$s!J(Bed2$B$K$J$C$F$/$l$^(B
$B$;$s!K!#(B
$B$G$7$g$&$,$J$$$+$i!"(BPCI$B$N(BNE2000$B%3%s%Q%A(BNIC$B$r?7$?$K9XF~$7$^$7$?!J(B1600$B1_!K!#(B

 $B$=$7$F%+!<%M%k$N:F9=@.$G$9!#$=$NFbMF$O!"(B
 *----------------------------
 $BN,(B
 options  USERCONFIG  #boot -c editor
 options  VISUAL_USERCONFIG #visual boot -c editor
 options         NETATALK
 options         QUOTA
 ###############
 options  IPFIREWALL $B!z(B
 options  "IPFIREWALL_VERBOSE_LIMIT=100"$B!!!!!z(B
 options  IPDIVERT$B!!!!!z(B
 $BN,(B
 device ed0 at isa? port 0x300 net irq 10 iomem 0xd8000$B!!!z(B
 device ie0 at isa? port 0x300 net irq 10 iomem 0xd0000
 ------------*

 $B$G!"(Betc/rc.conf$B$O(B
 *------------
 # This file now contains just the overrides from /etc/defaults/rc.conf
 # please make all changes to this file.
 # -- sysinstall generated deltas -- #
 network_interfaces="ed1 ed2 lo0"$B!!!z(B
 ifconfig_ed1="inet 192.168.0.2  netmask 255.255.255.0"$B!!!z(B
 ######
 ifconfig_ed2="inet 192.168.1.2  netmask 255.255.255.0"$B!!!z(B
 ######
 moused_port="/dev/psm0"
 moused_enable="YES"
 defaultrouter="192.168.0.1"
 nfs_server_enable="YES"
 nfs_client_enable="YES"
 ######
 hostname="bsd.hiroyuki.co.jp"
 keymap="jp.106"
 # -- sysinstall generated deltas -- #
 lpd_enable="YES"
 named_enable="YES"
 # -- sysinstall generated deltas -- #
 check_quotas="YES"


 $B$3$3$^$G$G(BNIC$B$,(B2$BKgG'<1$5$l(BNAT$B$NMQ0U$,$G$-$^$7$?!#(B


 $BB3$$$F$G$9!#(B

 $BK\Ev$O(Brule$B$r(Bsimple$B$G$$$-$?$$$N$G$9$,!"$=$&$H$9$k$H(BNT$B%^%7%s!J(B192.168.0.221$B!K(B
 $B$+$i$N(Bping$B$9$iDL$i$J$/$J$j$^$7$?!#(Bsimple$B$9$k$K$O(BBIND$B$N8+$J$*$7$,I,MW$+$b$7(B
$B$l(B
 $B$^$;$s!#$G!"$d$d$3$7$$$s$G(Bclient$B$K$7$^$7$?!#(B

 /etc/default/rc.conf$B$G$9!#(B
 *---------------
 $BN,(B
 ### Network routing options: ###
 defaultrouter="NO"  # Set to default gateway (or NO).
 static_routes=""  # Set to static route list (or leave empty).
 gateway_enable="YES"  # Set to YES if this host will be a gateway.$B!!!z(B
 router_enable
 ### Basic network options: ###
 hostname="myname.my.domain" # Set this!
 nisdomainname="NO"  # Set to NIS domain if using NIS (or NO).
 firewall_enable="YES"  # Set to YES to enable firewall functionality$B!!!z(B
 firewall_script="/etc/rc.firewall" # Which script to run to set up the
 firewall$B!z(B
 firewall_type="client"  #"UNKNOWN"- Firewall type (see /etc/rc.firewall)$B!z(B
 firewall_quiet="NO"  # Set to YES to suppress rule display$B!z(B
 natd_program="/sbin/natd" # path to natd, if you want a different one.$B!z(B
 natd_enable="YES"                # Enable natd (if firewall_enable ==
 YES).$B!z(B
 natd_interface="ed2"           # Public interface or IPaddress to use.$B!z(B
 natd_flags="-m -p natd"         # Additional flags for natd.$B!z(B
 tcp_extensions="NO"  # Disallow RFC1323 extensions (or YES).
 network_interfaces="lo0" # List of network interfaces (lo0 is loopback).
 ifconfig_lo0="inet 127.0.0.1" # default loopback device configuration.
 $BN,(B


 $B$=$7$F(B/etc/rc.firewall$B$O(B
 *------------
 $BN,(B
 ############
 # Define the firewall type in /etc/rc.conf.  Valid values are:
 #   open     - will allow anyone in
 #   client   - will try to protect just this machine$B!z(B
 #   simple   - will try to protect a whole network
 #   closed   - totally disables IP services except via lo0 interface
 #   UNKNOWN  - disables the loading of firewall rules.
 #   filename - will load the rules in the given filename (full path
 required)
 #
 # For ``client'' and ``simple'' the entries below should be customized
 # appropriately.
 $BN,(B
 elif [ "${firewall_type}" = "client" ]; then

     ############
     # This is a prototype setup that will protect your system somewhat
 against
     # people from outside your own network.
     ############

     # set these to your network and netmask and ip
     net="192.168.0.0"$B!!!z(B
     mask="255.255.255.0"$B!z(B
     ip="192.168.0.2"$B!z(B

     # Allow any traffic to or from my own net.
     $fwcmd add pass all from ${ip} to ${net}:${mask}
     $fwcmd add pass all from ${net}:${mask} to ${ip}


 $B7k6I$I$&$J$C$?$+$H$$$&$H!"(B
 ipfw$B!!(Blist
 $B$G8=:_$N%k!<%k$rBG$A=P$7$F$_$k$H<!$N$h$&$G$9!#(B

 $BA4$F$N%Q%1%C%H$KIU$$$F$O(B
$B$J$*!c!d$O;d$N2r<a$G$9!#4V0c$C$F$kE@$O$*65$(2<$5$$!#(B
 00100 divert 8668 ip from any to any via ed2
$B!c(Bed1$B$+$iMh$?$N$O!"(Bed2$B$rAu$C$F(B192168.1.2$B$G$"$k$+$N$h$&$K=P$F9T$/!d(B
 00100 allow ip from any to any via lo0
 00200 deny ip from any to 127.0.0.0/8
 00300 allow ip from 192.168.0.2 to 192.168.0.0/24
 00400 allow ip from 192.168.0.0/24 to 192.168.0.2
$B!c(B192.168.0.$B#xFb$O!"(B192.168.0.2$B$rCf7QE@$H$7$F%$%1%$%1$G$"$k!d(B

 TCP$B%Q%1%C%H$KIU$$$F$O(B
 00500 allow tcp from any to any established
 00600 allow tcp from any to 192.168.0.2 25 setup
 $B!c(B25$B$O(Bmail$B!d(B
 00700 allow tcp from 192.168.0.2 to any setup
 00800 deny tcp from any to any setup
$B!c(B192.168.0.2$B$O30It$+$i$N967b$K$5$i$5$l$k!d(B


 UDP$B%Q%1%C%H$KIU$$$F$O(B
 00900 allow udp from any 53 to 192.168.0.2
 01000 allow udp from 192.168.0.2 to any 53
$B!c(B 53$B$O(Bdomain$B!d(B
 01100 allow udp from any 123 to 192.168.0.2
 01200 allow udp from 192.168.0.2 to any 123
$B!c(B 123$B$O(Bnetwork$B!!(Btime$B!!(Bprotocol$B!d(B

 $BA4$F$N%Q%1%C%H$KIU$$$F$O(B
 65535 deny ip from any to any
$B!c(B192.168.0.2$B$,(Bfirewall$B$H$J$j(B192.168.0.x$B0J30$+$i$N?.9f$OFbIt$KE~C#$5$;$J$$!d(B

 $B0J>e$G$9!#(B


 $B(.!|(.!|(.!|(.!|(.!|(.!|(.!|(B
 $B%a!<%k!'(B takesima@mail.netwave.or.jp
 $B%[!<%`JG!'(Bhttp://www.netwave.or.jp/~takesima/





