From owner-FreeBSD-net-jp@jp.freebsd.org  Fri Jun 23 01:11:00 2000
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id BAA96420;
	Fri, 23 Jun 2000 01:11:00 +0900 (JST)
	(envelope-from owner-FreeBSD-net-jp@jp.FreeBSD.org)
Received: from ns1.isf.co.jp (ns1.isf.co.jp [210.163.25.2])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with ESMTP id BAA96415
	for <FreeBSD-net-jp@jp.freebsd.org>; Fri, 23 Jun 2000 01:11:00 +0900 (JST)
	(envelope-from msuzuki@isf.co.jp)
Received: from lp042 (gw1.isf.co.jp [210.163.25.4])
	by ns1.isf.co.jp (8.9.3+3.2W/3.7W/ISF1.00) with SMTP id BAA27153
	for <FreeBSD-net-jp@jp.freebsd.org>; Fri, 23 Jun 2000 01:10:29 +0900 (JST)
Message-Id: <200006221610.BAA27153@ns1.isf.co.jp>
X-Sender: msuzuki@mx1.isf.co.jp
X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.3-J (32)
Date: Fri, 23 Jun 2000 01:12:28 +0900
To: FreeBSD-net-jp@jp.freebsd.org
From: MasaruSuzuki <msuzuki@isf.co.jp>
In-Reply-To: <20000623005351C.hideishi@rei.geofront.magisystem.net>
References: <200006221518.AAA27018@ns1.isf.co.jp>
 <200006190945.SAA29053@aerith.cks.canon.co.jp>
 <200006211239.AA00353@blackmarlin.osiplus.co.jp>
 <200006221518.AAA27018@ns1.isf.co.jp>
Mime-Version: 1.0
Content-Type: text/plain; charset="ISO-2022-JP"
Reply-To: FreeBSD-net-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+000315
X-Sequence: FreeBSD-net-jp 2647
Subject: [FreeBSD-net-jp 2647] Re: ppp  =?ISO-2022-JP?B?GyRCJE4bKEI=?=
 =?ISO-2022-JP?B?GyRCQF9EahsoSg==?= 
Errors-To: owner-FreeBSD-net-jp@jp.freebsd.org
Sender: owner-FreeBSD-net-jp@jp.freebsd.org
X-Originator: msuzuki@isf.co.jp

suzuki$B$G$9!#(J
$B$"$j$,$H$&$4$6$$$^$9!#Hs>o$K;29M$K$J$j$^$9!#(J
$B=PMh$?$i(Jrc.conf$B$N(Jrouter,routed$B$"$?$j$N@_Dj$K$D$$$F$bCN$j$?$$$G$9!#(J
$B$J$s$H$J$/%k!<%F%#%s%0$N@_Dj$,$^$:$$$h$&$J5$$,$7$F$$$k$s$G$9$,!#!#!#(J
$B!J<+J,$N@_Dj$b8+$;$?$$$N$G$9$,!"B~:#;D6HCf$G$"$$$K$/2H$KK:$l$F$-$F$7$^$C$?$b(J
$B$N$G!&!&!&!K(J



At 00:53 00/06/23 +0900, you wrote:
> $B@P@n!w@iMUBg$G$9!#(J
> 
> From: MasaruSuzuki <msuzuki@isf.co.jp>
> Subject: [FreeBSD-net-jp 2645] ppp $B$N@_Dj(J 
> Date: Fri, 23 Jun 2000 00:20:43 +0900
> 
> msuzuki> ppp$B$GIaDL$K%W%m%Q%$%@$K@\B3$G$-$F$$$k?M$N@_Dj%U%!%$%k$,8+$?$$$J$!!#(J
> 
> msuzuki> /etc/ppp/ppp.conf
> 
> --------------------ppp.conf
> default:
>  allow users ********
>  disable lqr
>  deny lqr
>  disable acfcomp
>  deny acfcomp
>  disable protocomp
>  deny protocomp
>  disable pred1
>  deny pred1
>  disable pap
>  accept pap
>  disable chap
>  deny chap
>  set filter dial 0 deny 0 0
>  set filter alive 0 deny icmp
>  set filter alive 1 deny tcp src eq 53
>  set filter alive 2 deny udp src eq 53
>  set filter alive 3 deny tcp dst eq 53
>  set filter alive 4 deny udp dst eq 53
>  set filter alive 5 deny udp src eq 520
>  set filter alive 6 deny udp dst eq 520
>  set filter alive 7 permit 0 0
>  set openmode active
> provider:
>  set device /dev/cuaa0
>  set speed 115200
>  set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 3 \"\" AT$N1=1 OK-AT-OK
\\dATDT\\T TIMEOUT 50 CONNECT"
>  set phone ********
>  set login
>  set authname ********
>  set authkey ********
>  set timeout 0
> ## ssh
>  set filter in  0  permit tcp src eq 22 estab
>  set filter out 0  permit tcp dst eq 22
> ## ftp
>  set filter in  1  permit tcp src eq 21 estab
>  set filter out 1  permit tcp dst eq 21
>  set filter in  2  permit tcp src eq 20 dst gt 1023
>  set filter out 2  permit tcp dst eq 20
> ## dns
>  set filter in  3  permit udp src eq 53
>  set filter out 3  permit udp dst eq 53
>  set filter in  4  permit tcp src eq 53
>  set filter out 4  permit tcp src eq 53
> ## smtp
>  set filter in  5  permit tcp src eq 25
>  set filter out 5  permit tcp dst eq 25
> ## pop
>  set filter in  6  permit tcp src eq 110
>  set filter out 6  permit tcp dst eq 110
> ## http
>  set filter in  7  permit 0.0.0.0/0 MYADDR tcp src eq 80
>  set filter out 7  permit MYADDR 0.0.0.0/0 tcp dst eq 80
>  set filter in  8  permit 0.0.0.0/0 MYADDR tcp dst eq 80
>  set filter out 8  permit MYADDR 0.0.0.0/0 tcp src eq 80
> ## https
>  set filter in  9  permit 0.0.0.0/0 MYADDR tcp src eq 443
>  set filter out 9  permit MYADDR 0.0.0.0/0 tcp dst eq 443
> ## ping
>  set filter in  10 permit icmp
>  set filter out 10 permit icmp
> ## traceroute
>  set filter in  11 permit udp dst gt 33433
>  set filter out 11 permit udp dst gt 33433
> ## ntp
>  set filter in  12 permit tcp src eq 123 dst eq 123
>  set filter out 12 permit tcp src eq 123 dst eq 123
>  set filter in  13 permit udp src eq 123 dst eq 123
>  set filter out 13 permit udp src eq 123 dst eq 123
> ## whois
>  set filter in  14 permit tcp src eq 43
>  set filter out 14 permit tcp dst eq 43
>  set filter in  15 permit udp src eq 43
>  set filter out 15 permit udp dst eq 43
> ## cvsup
>  set filter in  16 permit tcp src eq 5998
>  set filter out 16 permit tcp dst eq 5998
>  set filter in  17 permit tcp src eq 5999
>  set filter out 17 permit tcp dst eq 5999
> ## archie
>  set filter in  18 permit udp src eq 191
>  set filter out 18 permit udp dst eq 191
> ## irc
>  set filter in  19 permit tcp src eq 6667
>  set filter out 19 permit tcp dst eq 6667
> ## dnetc proxy
>  set filter in  20 permit tcp src eq 2064
>  set filter out 20 permit tcp dst eq 2064
> ## nntp
>  set filter in  23 permit tcp src eq 119
>  set filter out 23 permit tcp dst eq 119
>  set filter in  24 permit udp src eq 119
>  set filter out 24 permit udp dst eq 119
> ## ident
>  set filter in  25 permit tcp dst eq 113
>  set filter out 25 permit tcp src eq 113
> ## local to internet
>  set filter in  26 permit 0.0.0.0/0 192.168.1.0/24 tcp src gt 1023 dst gt
1023
>  set filter in  27 deny   0.0.0.0/0 192.168.1.0/24 tcp src gt 6023 dst gt
6023
>  set filter out 26 permit 192.168.1.0/24 0.0.0.0/0 tcp src gt 1023 dst gt
1023
>  set filter out 27 deny   192.168.1.0/24 0.0.0.0/0 tcp src gt 6023 dst gt
6023
>  set filter in  28 permit 0.0.0.0/0 192.168.0.0/24 tcp src gt 1023 dst gt
1023
>  set filter in  29 deny   0.0.0.0/0 192.168.0.0/24 tcp src gt 6023 dst gt
6023
>  set filter out 28 permit 192.168.0.0/24 0.0.0.0/0 tcp src gt 1023 dst gt
1023
>  set filter out 29 deny   192.168.0.0/24 0.0.0.0/0 tcp src gt 6023 dst gt
6023
> ## NAT setup
>  set ifaddr 192.168.1.254/0 210.159.190.217/0
>  add default HISADDR
> --------------------
> 
> 
> msuzuki> /etc/ppp/ppp.linkup
> 
> --------------------ppp.linkup
> provider:
>  delete ALL
>  add 0 0 HISADDR
> --------------------
> 
> 
> msuzuki> /etc/ppp/ppp.linkdown
> 
> --------------------ppp.linkup
> provider:
>  delete ALL
>  add 0 0 HISADDR
> --------------------
> 
> 
> msuzuki> $B$"$?$j$N@_Dj$r$b$7NI$+$C$?$i$I$J$?$+;29M$K$5$;$F$/$@$5$$!#(J
> 
> $B$3$&$$$C$?Nc$C$F$J$+$J$+=P$F$J$$$b$N$J$s$G$9$h$M!#(J
> $B;d$b=q$/$N$K6lO+$7$^$7$?!#(J
> 
> $B;29M$K$J$k$G$7$g$&$+!)(J
> 
> filter$B4X78$O<qL#$J$N$G!"L5;k$7$F$b$i$C$F$+$^$$$^$;$s!#(J
> 
> # $B$A$J$_$K!"(JTA$B$O(JNEC Aterm55$B$H$$$&5l<0!"(Jprovider$B$O(JDTI$B$G$9!#(J
> 
>     /-------------------------------------------------/
>    /(^^)/           Hidenori Ishikawa                /
>   / (^^)/        <hideishi@ops.dti.ne.jp>           /
>  /  (^^)/ URL http://www.ops.dti.ne.jp/~hideishi/  /
> /-------------------------------------------------/
> 
> 
-----------------------
ISF Corporation
MasaruSuzuki
msuzuki@isf.co.jp
