From owner-FreeBSD-users-jp@jp.freebsd.org  Sun Jun 18 03:06:01 2000
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id DAA47409;
	Sun, 18 Jun 2000 03:06:01 +0900 (JST)
	(envelope-from owner-FreeBSD-users-jp@jp.FreeBSD.org)
Received: from smtp5.dti.ne.jp (smtp5.dti.ne.jp [202.216.228.40])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with ESMTP id DAA47403
	for <FreeBSD-users-jp@jp.freebsd.org>; Sun, 18 Jun 2000 03:06:00 +0900 (JST)
	(envelope-from daisaito@lares.dti.ne.jp)
Received: from saito-1 (PPP161.kawasaki-ap5.dti.ne.jp [210.170.177.161]) by smtp5.dti.ne.jp (8.9.3/3.7W) with SMTP id DAA21228; Sun, 18 Jun 2000 03:05:59 +0900 (JST)
Date: Sun, 18 Jun 2000 02:37:50 +0900
From: SaitoMasaru <daisaito@lares.dti.ne.jp>
To: FreeBSD-users-jp@jp.freebsd.org
In-Reply-To: <20000618024430V.ueta@pixy.issp.u-tokyo.ac.jp>
References: <394B9F1123A.A0C1DAISAITO@smtp.lares.dti.ne.jp> <20000618024430V.ueta@pixy.issp.u-tokyo.ac.jp>
Message-Id: <394BB76E320.80CCDAISAITO@smtp.lares.dti.ne.jp>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-2022-JP
Content-Transfer-Encoding: 7bit
X-Mailer: Becky! ver 1.26.02
Reply-To: FreeBSD-users-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+000315
X-Sequence: FreeBSD-users-jp 52687
Subject: [FreeBSD-users-jp 52687] Re: IP  =?ISO-2022-JP?B?GyRCJWsbKEI=?=
 =?ISO-2022-JP?B?GyRCITwlPyROQF9EaiQsJG8kKyRqJF4kOyRzGyhC?= 
Errors-To: owner-FreeBSD-users-jp@jp.freebsd.org
Sender: owner-FreeBSD-users-jp@jp.freebsd.org
X-Originator: daisaito@lares.dti.ne.jp

On 00/06/18 02:44:30
Ueta Masateru <ueta@pixy.issp.u-tokyo.ac.jp> Wrote: 
Subject [FreeBSD-users-jp 52686] Re: IP $B%k!<%?$N@_Dj$,$o$+$j$^$;$s(B 

> $B$3$s$K$A$O?"ED$G$9!#(B

$B$O$8$a$^$7$F!"c7F#$G$9!#(B

> > > insvr$B$K(Bnatd$B$OITMW$H;W$$$^$9!#$J$<$J$i!"%"%I%l%9JQ49$9$kI,MW$,$J$$$+$i!#(B
> > interface$B$+$i(Binterface$B$K(Bpacket$B$rDL2a$5$;$k$N$K(Bnatd
> > ($B$^$?$O$=$N$h$&$JF/$-$r$9$k%b%N(B)
> > $B$OI,MW$G$O$J$$$G$7$g$&$+!)(B
> > ipfw$B$G$O$^$:!"$=$N%Q%1%C%H%U%#%k%?%j%s%0$9$k%k!<%k$r@_Dj$7$F(B
> > $B$=$N>e$GMM!9$J%k!<%k$r@_Dj$7$F$$$/$N$G$"$C$F!"(Bipfw$B<+BN$,(Binterface$B$+$i(B
> > interface$B$K(Bpacket$B$rDL2a$5$;$k5!G=$O$J$+$C$?$H;W$&$N$G$9$,!&!&!&(B
> > $B$b$72DG=$J$i$I$N$h$&$K$9$k$N$G$7$g$&$+!)!)(B
> 
> $BOBED$5$s$NDs<($5$l$F$$$kJ}K!$G!"(B192.168.2.x $B$K$*$$$F!"(B192.168.3.x $B$K8~(B
> $B$+$&(B packet $B$,Mn$5$l$k$3$H$K$J$j$^$9!#$G$9$+$i!"$3$NJ}K!$G!":XF#$5$s$N(B
> $BMWK>$OK~$5$l$k$H;W$$$^$9!#(B
> 
> $B:XF#$5$s$O!"(B"natd $B$N1?MQ$,I,MW$G$J$$$+!)(B" $B$H=q$+$l$F$$$^$9$,!";d$O$=$l(B
> $B$OI,MW$J$$$H;W$$$^$9!#$=$l$O!"(Bpacket $B$N(B routing $B$H!"(Bpacket $B$N(B 
> filtering $B$H9T$J$($P!"=jK>$N>u67$rC#@.$G$-$k$H9M$($k$+$i$G$9!#(B

$B$J$k$[$I!"(Bnat$B$r4*0c$$$7$F$$$?$H$$$&;v$G$9$M!#(B($B@VCQ(B)
$B$4;XE&$"$j$,$H$&$4$6$$$^$9!#(B


> -- $B0J2<M>CL(B --
> $B:#2s$N:XF#$5$s$N$*OC$NMWK>$r@0M}$9$k$H!"(B
> 
> $B!&(B192.168.2.x $B$N5!3#$+$i$O(B 192.168.3.x $B$X$N(B access $B$O=PMh$J$$$h$&$K$7(B
> $B$?$$!#(B
> $B$H$$$&7A$K@0M}$G$-$^$9!#(B
> 
> $B$9$k$H!"LdBj$r2r7h$9$kJ}K!$H$7$F$O!"(B
> 
> (1)192.168.2.x $B$r5/8;$H$9$k(B packet $B$O!"(B192.168.1.x <-> 192.168.3.x $B$N5!(B
> $B3#$K$FMn$9!#(B
> (2)192.168.2.x $B$r5/8;$H$9$k(B packet $B$O!"(B192.168.2.x <-> 192.168.1.x $B$N5!(B
> $B3#$K$FMn$9!#(B
> 
> $B$N(B 2 $BDL$j$N<jCJ$,$"$k$H9M$($i$l$^$9!#(B
> #$BFbMF$O$I$A$i$b!">e$G8@$&(B routing $B$H(B filtering $B$G$9!#0c$&$N$O!"$I$3$G(B 
> #filtering $B$r9T$J$&$N$+!)$H$$$&E@$G$9!#(B
> 
> $B$7$+$7!"8=<BE*$K$O(B (1) $B$N<jCJ$O:NMQ$7$K$/$$$G$7$g$&!#$3$NJ}K!$G$O!"F1(B
> $B$8$h$&$J@)8B$r2C$($?$/$J$C$?$H$-(B($B$?$H$($P!"(B192.168.4.x $B$N(B access $B$b6X(B
> $B;_$7$?$$>l9g$J$I(B)$B!"$=$N@)8B$r2C$($k?t$@$1!"@_Dj$N<j4V$,A}$($k$+$i$G$9!#(B
> 
> $B$H$$$&$3$H$G!"(B(2) $B$NJ}K!$r$H$k$3$H$K$J$j$^$9!#(B

$B$J$k$[$I!"F~8}$G$O$J$/$F=P8}$G(Bfilter$B$9$k$s$G$9$M!#(B


> $B$H$3$m$G!">e5-$N$h$&$K(B 192.168.2.x <-> 192.168.1.x $B$N$h$&$J!"0[$J$k(B IP
> address $B$r;}$D!"(Binterface $B4V$G(B packet $B$N$d$j$H$j$r$9$k$3$H$r%k!<%F%#%s(B
> $B%0(B(routing)$B$H8F$S$^$9!#(B 
> #$B<j85$N(B "TCP/IP $B%P%$%V%k2~D{?7HG(B" $B$K$h$k$H!"(Brouting $B$K$D$$$F$O$b$C$HBt(B
> #$B;3=q$$$F$"$k$N$G$9$,!"$H$j$"$($:3d0&$5$;$F$$$?$@$-$^$7$?!#(B

$B$3$NK\:#EYC5$7$F$-$^$9!#(B


> $B$3$N(B routing $B$r@)8f$9$kL?Na$,(B route $BL?Na$K$J$j$^$9!#$?$H$($P!"(B(2) $B$N$h(B
> $B$&$K@_Dj$7$?$$$J$i(B 192.168.1.x $B$N(B default router $B$H$J$k5!3#$G(B
> route add net 192.168.2.0 192.168.1.?
>                             ($B",(B 2 $B$D(B interface $B$r;}$C$?5!3#$N(B IP address)
> $B$H$+$rF~NO$7$F$*$1$PNI$$$o$1$G$9!#(B
> 
> $B$3$3$^$G$G!"(Bpacket $B$N(B routing $B$,@_Dj$G$-$^$9!#(B
> 
> $B<!$K(B filtering $B$K$J$k$N$G$9$,!"9,$$$J$3$H$K:G6a$N(B FreeBSD $B$G$O(B kernel 
> $B$NCf$K(B firewall $B$N5!G=$,Ec:\$5$l$F$$$^$9!#(B
> #$B@53N$K8@$&$H!"(Bpacket $B$N(B routing $BItJ,$K(B filtering $B$N5!G=$bIU2C$5$l$?!"(B
> #$B$H$$$&$3$H$J$N$G$7$g$&$,!#(B
> 
> $B$3$N5!G=$O(B ipfw $B$H$$$&L?Na$r;H$C$F@)8f$5$l$^$9!#$G!">\$7$/$O(B man ipfw 
> $B$"$?$j$r8f;29M$K!D!"$H$$$&$3$H$K$J$k$N$G$9$,!"$?$H$($P0J2<$N$h$&$J46$8(B
> $B$N@_Dj$r(B /etc/rc.firewall $B$N$I$3$+$K5-=R$9$k$H$$$&$3$H$K$J$k$N$G$7$g$&(B
> $B$+!D(B
> #$B$A$J$_$K!"$3$3$O(B 2.2.6 $B$N;~$NCN<1$G=q$$$F$^$9!#?7$7$$(B version $B$G$O!"(B
> #$B<c43JQ$o$C$F$$$k$+$b$7$l$^$;$s!D!#(B
> 
> -- $B$3$3$+$i(B
> $fwcmd add 1000 deny all from 192.168.2.0/24 to 192.168.3.0/24
> $fwcmd add 10000 allow all from 192.168.2.0/24 to all
> -- $B$3$3$^$G(B

$B$3$N(Bfwcmd $B$C$F(Bipfw$B$_$?$$$J$b$N$G$9$+!)=q$-J}$b$=$C$/$j$@$7!&!&!&(B
$BF1$8$h$&$J=q$-J}$r(Bipfw$B$G$d$l$P(BOK$B$=$&$G$9$M!#(B


-=-=-=-=-=-=-
$Bc7F#(B $BBg!!(BSaito Masaru
daisaito@lares.dti.ne.jp
-=-=-=-=-=-=-

