From owner-FreeBSD-net-jp@jp.FreeBSD.org Wed Oct 15 03:36:08 2003
Received: (from daemon@localhost)
	by castle.jp.FreeBSD.org (8.11.6p2+3.4W/8.11.3) id h9EIa8D65928;
	Wed, 15 Oct 2003 03:36:08 +0900 (JST)
	(envelope-from owner-FreeBSD-net-jp@jp.FreeBSD.org)
Received: from web504.mail.yahoo.co.jp (web504.mail.yahoo.co.jp [211.14.15.14])
	by castle.jp.FreeBSD.org (8.11.6p2+3.4W/8.11.3) with SMTP/inet id h9EIa7M65923
	for <FreeBSD-net-jp@jp.FreeBSD.org>; Wed, 15 Oct 2003 03:36:07 +0900 (JST)
	(envelope-from gakugakuman@yahoo.co.jp)
Message-ID: <20031014183602.6826.qmail@web504.mail.yahoo.co.jp>
Received: from [221.184.103.161] by web504.mail.yahoo.co.jp via HTTP; Wed, 15 Oct 2003 03:36:02 JST
From: =?ISO-2022-JP?B?GyRCTmtMWhsoQiAbJEIzWBsoQg==?= <gakugakuman@yahoo.co.jp>
To: FreeBSD-net-jp@jp.FreeBSD.org
In-Reply-To: <200310141545.AA00116@xp.m8.dion.ne.jp>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-2022-jp
Reply-To: FreeBSD-net-jp@jp.FreeBSD.org
Precedence: list
Date: Wed, 15 Oct 2003 03:36:02 +0900
X-Sequence: FreeBSD-net-jp 4003
Subject: [FreeBSD-net-jp 4003] Re: LAN =?ISO-2022-JP?B?GyRCRmJJdBsoQg==?=
 =?ISO-2022-JP?B?GyRCJE4lLyVpJSQlIiVzJUgkKyRpGyhC?= PING
 =?ISO-2022-JP?B?GyRCJCxETCRpJEokJBsoQg==?=
Sender: owner-FreeBSD-net-jp@jp.FreeBSD.org
X-Originator: gakugakuman@yahoo.co.jp
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+031013

$B3'MM!"MM!9$J$4;XE&$r$$$?$@$-$^$7$F@?$K$"$j$,$H$&(B
$B$4$6$$$^$9!#(B
$B$4JV?.$$$?$@$-$^$7$?J8LL$N2<$K;d$NJVEz$r=q$+$;$F(B
$B$$$?$@$-$^$7$?$N$G$I$&$>(B
===========================================================
$BBg>lMM$4JV?.$"$j$,$H$&$4$6$$$^$7$?!#(B
>$B!t0zMQ$O0UL#$N$"$kHO0O$GE,Ev$K$7$FM_$7$$!D(B
>$B!tB>?M$N%7%0%M%A%c$^$G4^$a$F0zMQ$9$k0UL#$C$F$"$k$N!)(B
>$B!t$^$7$F$d(BYBB$B$,>!<j$K$D$1$F$k$b$N$^$G(B
$B<:Ni$$$?$7$^$7$?!#(B
$B%U%j!<%a!<%k$N0Y:GDc0l$D$OIU$$$F$7$^$$$^$9!#(B
$BJ8LLFb$N$b$N$O:o=|$9$k$h$&$K$$$?$7$^$9!#(B

>$B$H$3$m$G!"(Bipfw$B$r$7$?;~$KDL?.$,$^$H$b$K$G$-$J$$$s$G$9$+(B
$B$i(B
>$B<ALd$7$?J}$N(Bipfw$B$N@_Dj$,$[$H$s$I=P$F$J$$$N$O$J$<$G$7$g(B
$B$&!)(B
$BBgJQ?=$7$o$1$4$6$$$^$;$s!#(B
IPFW$B$N@_Dj$r2<5-$K<($7$^$9!#(B
# /usr/local/etc/rc.ipfw
IPFW="/sbin/ipfw"
ALLOW="allow log"
DENY="deny log"
ipfw -q -f flush
${IPFW} 100 add ${ALLOW} icmp from any to any
${IPFW} 200 add ${ALLOW} ip from any to any via lo0
${IPFW} 300 add ${DENY} ip from any to any via tun0 frag
${IPFW} 400 add ${ALLOW} ip from 192.168.1.0/24 to any via
rl0
${IPFW} 410 add ${ALLOW} ip from any to 192.168.1.0/24 via
rl0
${IPFW} 500 add ${DENY} ip from 192.168.1.0/24 to any recv
tun0
${IPFW} 510 add ${DENY} ip from 127.0.0.1 to any recv tun0
${IPFW} 520 add ${DENY} ip from any to 127.0.0.0/8
${IPFW} 530 add ${DENY} ip from 127.0.0.0/8 to any
${IPFW} 600 add ${DENY} tcp from any 137-139,445 to any
${IPFW} 610 add ${DENY} udp from any 137-139,445 to any
${IPFW} 620 add ${DENY} tcp from any to any 137-139,445
${IPFW} 630 add ${DENY} udp from any to any 137-139,445
${IPFW} 900 add divert 8668 ip from any to any via tun0
${IPFW} 1000 add ${ALLOW} tcp from any to any established
${IPFW} 1010 add ${ALLOW} ip from any to any out via tun0
${IPFW} 1300 add ${ALLOW} udp from any to any 53
${IPFW} 1310 add ${ALLOW} udp from any 53 to any
${IPFW} 1400 add ${ALLOW} tcp from any to 192.168.1.1 80
setup
${IPFW} 1410 add ${ALLOW} tcp from any to 192.168.1.1 443
setup
${IPFW} 1500 add ${ALLOW} tcp from any to 192.168.1.1 25
setup
${IPFW} 1600 add ${ALLOW} udp from any 123 to any
${IPFW} 1700 add ${ALLOW} udp from any 161 to any
${IPFW} 1800 add ${ALLOW} tcp from any to 192.168.1.1 110
setup
${IPFW} 1900 add ${ALLOW} tcp from any to 192.168.1.1 20
setup
${IPFW} 1910 add ${ALLOW} udp from any to 192.168.1.1 20
${IPFW} 1920 add ${ALLOW} tcp from any to 192.168.1.1 21
setup
${IPFW} 1930 add ${ALLOW} udp from any to 192.168.1.1 21
${IPFW} 1940 add ${ALLOW} tcp from any to 192.168.1.1
7000-7500
${IPFW} 1950 add ${ALLOW} udp from any to 192.168.1.1
7000-7500
${IPFW} 2100 add ${ALLOW} tcp from any to 192.168.1.1 22
setup
${IPFW} 9999 add ${DENY} tcp from any to any
${IPFW} 20000 add ${ALLOW} udp from any to any keep-state
out via tun0
${IPFW} 20010 add check-state
${IPFW} 20020 add ${DENY} udp from any to any
=====================================================================
$B$8$c$s$/$M$3$O$OMM$"$j$,$H$&$4$6$$$^$7$?!#(B
>$B$3$3$G$$$&!"(Blocalnet,
>$B$N0UL#$O!"=j0b!P(B$iif}$B$N0UL#9g$$$G$9(B

$BMQ8l$N0UL#9g$$$,J,$+$i$:?=$7$o$1$4$6$$$^$;$s$G$7$?!#(B

>$B6qBNE*$K$O!"(Ballow icmp from 192.168.1.0/24 to any
>$B$H$J$k$G$7$g$&$+!)(B

$B>e5-$N$h$&$K@_Dj$$$?$7$^$7$?$,8=>]$OJQ$o$j$^$;$s$G$7$?!#(B

>NAT$B$G$d$C$F$k$H$J$k$H!"$A$c$s$H(Bdivert$B$5$l$F$$$k$N$+!)(B
>static route$B$G$J$/(BDHCP$B$J$i$P!"$^$?JL$N;v$b9M$($i$l$^$9(B
$B$,!#(B

DHCP$B$G$OL5$/%W%i%$%Y!<%H%"%I%l%9$r;HMQ$7$?(Bstatic route$B$G(B
$B$9!#(B
$B$^$?!"(Bdivert$B$,$5$l$F$$$k$+$H$$$&$4;XE&$G$9$,!"(BLAN$BFb$N%/(B
$B%i%$%"%s%H(B
$B$+$i30It$N%[!<%`%Z!<%8Ey$N1\Mw$,$G$-$k$H$$$&$3$H$O(Bdivert
$B$G$-(B
$B$F$$$k$H$$$&$3$H$@$H;W$$$^$9$,!"$=$N2r<a$O4V0c$C$F$*$j$^(B
$B$9(B
$B$G$7$g$&$+!)(B

>$B;d8+$G$9$,!"(BGateway$B%^%7%s$K$O!"$"$l$3$l%$%s%9%H!<%k$;$:(B
$B$K(B
>ipfw,NAT,DNS$BDxEY$K$7$?$[$&$,!"LdBjH/@8;~$N@Z$jJ,$1(B
>$B0BA4@-$+$i$$$C$F$$$$$H$*$b$$$^$9!#(B

$B3N$+$K$4;XE&$NDL$j$@$H;W$$$^$9!#(B
ipfw,NAT,DNS$B0J30$OJL%5!<%P!<$G2TF0$9$k$3$H$r8!F$$7$F$_$^(B
$B$9!#(B

>$BJL$N;kE@$G!"(B nslookup$B$GG$0U$N%I%a%$%s!"(Bwww.jp.FreeBSD.org
>$B$"$?$j$N5U0z$-!"@50z$-$,$G$-$k$N$+;n$7$F$_$?$i!)(B
>$B=PMh$J$$$H$J$k$H!"(BDNS$B$N@_Dj$,2x$7$$$+$b!)(B
>$B$7$l$^$;$s!#(B

nslookup$B$OLdBjL5$/$G$-$k$h$&$G$9!#(B
nslookup$BI=<(7k2L(B
Server:  ns.suzuki.home
Address:  192.168.1.1
Name:    www.jp.FreeBSD.org
Address:  203.139.121.132

=====================================================================
$B?@EDIR9-(B $BMM(B $B$4JV?.$$$?$@$-$^$7$F$"$j$,$H$&$4$6$$$^$7$?!#(B
>   HOST "G"$B$G(Bipfw list
>     00100 allow log icmp from any to any
>$B$3$l$C$F(B divert $B$NA0$KF~$C$F$k$N$+$J(B?
>$B$@$H(B natd $B$r7PM3$7$J$$$N$G%@%a$G$7$g$&!#(B
divert $B$NA0$KF~$C$F$$$^$7$?!#(B
$B$4;XE&$N$H$*$j(Bdivert$B$N8e$K(B
00910 allow log icmp from any to any
$B$r5-=R$7!"G0$N0Y:F5/F0$7$F:FEY(Bping$B$r9T$$$^$7$?$,(B
$B8=>]$OJQ$o$j$^$;$s$G$7$?!#(B
=====================================================================
$BA}EDMM(B $B$4JV?.$$$?$@$-$^$7$F$"$j$,$H$&$4$6$$$^$7$?!#(B
>   HOST "G"$B$G(Bipfw list
>     00100 allow log icmp from any to any

>HOST "G" $B$G(Bnat $B$r$d$i$l$F$$$k$H8@$&;v$G$9$,$I$N$h$&$K@_(B
$BDj$J$5$l$F(B
>$B$$$k$N$G$7$g$&$+!)(B
/etc/rc.conf$B$G5/F0;~$K(Bnatd$B$rN)$A>e$2$F$$$^$9!#(B

#/etc/rc.conf
kern_securelevel_enable="NO"
nfs_reserved_port_only="YES"
sendmail_enable="YES"
sshd_enable="YES"
usbd_enable="YES"
keymap="jp.106"
hostname="ns"
ppp_enable="YES"
ppp_mode="ddial"
ppp_nat="NO"
ppp_profile="provider"
gateway_enable="YES"
firewall_enable="YES"
firewall_script="/usr/local/etc/rc.ipfw"
named_enable="YES"
natd_enable="YES"
natd_program="/sbin/natd"
natd_interface="tun0"
natd_flags="-config /etc/natd.conf"
ifconfig_rl0="inet 192.168.1.1 netmask 255.255.255.0"

# /etc/natd.conf
use_sockets yes
same_ports yes
port 8668
unregistered_only yes
dynamic yes
>ipfw $B$H(Bnat $B<~$j$N%k!<%k$r8+D>$7$F$_$k$HNI$$$+$bCN$l$^$;(B
$B$s!#(B
$B$"$j$,$H$&$4$6$$$^$7$?!#(B
ipfw$B$OA4$FDL$9@_Dj$K$7$F(BPING$B$r9T$$$^$7$?$,8=>]$,JQ$o$i$J(B
$B$+$C$?(B
$B$N$G:FEY(Bnat$B$H(Bdivert$B$K4X$7$FD4$Y$F$_$^$9!#(B
=====================================================================


__________________________________________________
Do You Yahoo!?
Yahoo! BB is Broadband by Yahoo!
http://bb.yahoo.co.jp/

