From owner-FreeBSD-users-jp@jp.FreeBSD.org Thu Aug 14 20:32:50 2003
Received: (from daemon@localhost)
	by castle.jp.FreeBSD.org (8.11.6p2+3.4W/8.11.3) id h7EBWou63629;
	Thu, 14 Aug 2003 20:32:50 +0900 (JST)
	(envelope-from owner-FreeBSD-users-jp@jp.FreeBSD.org)
Received: from mail.ua.airnet.ne.jp (mail.ua.airnet.ne.jp [210.159.65.159])
	by castle.jp.FreeBSD.org (8.11.6p2+3.4W/8.11.3) with ESMTP/inet id h7EBWm063583
	for <FreeBSD-users-jp@jp.FreeBSD.org>; Thu, 14 Aug 2003 20:32:48 +0900 (JST)
	(envelope-from audrey@ua.airnet.ne.jp)
Received: from ua.airnet.ne.jp (YahooBB219054020093.bbtec.net [219.54.20.93])
	(authenticated bits=0)
	by mail.ua.airnet.ne.jp (8.12.6p2/8.12.5) with ESMTP id h7EBWZFA070103;
	Thu, 14 Aug 2003 20:32:36 +0900 (JST)
	(envelope-from audrey@ua.airnet.ne.jp)
Message-ID: <3F3B7365.7040206@ua.airnet.ne.jp>
From: audrey <audrey@ua.airnet.ne.jp>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: FreeBSD-users-jp@jp.FreeBSD.org
References: <20030814184559L.tatsumi@qef.h.kobe-u.ac.jp>
In-Reply-To: <20030814184559L.tatsumi@qef.h.kobe-u.ac.jp>
Content-Type: text/plain; charset=ISO-2022-JP
Content-Transfer-Encoding: 7bit
Reply-To: FreeBSD-users-jp@jp.FreeBSD.org
Precedence: list
Date: Thu, 14 Aug 2003 20:32:53 +0900
X-Sequence: FreeBSD-users-jp 75824
Subject: [FreeBSD-users-jp 75824] Re: gateway
 =?ISO-2022-JP?B?GyRCJE5AX0RqGyhC?= 
Sender: owner-FreeBSD-users-jp@jp.FreeBSD.org
X-Originator: audrey@ua.airnet.ne.jp
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+030802


IPFW$BMm$_$,7k9=JQ99$5$l$F$$$k$H;W$$$^$9!#%3%s%Q%$%k%*%W%7%g%s$N(B
$BF0$-$b0lHLE*$J@bL@$+$iJQ99$5$l$F$$$?$h$&$K5-21$7$F$$$^$9!#(B
$B:#G/$N#17n$/$i$$$N$3$H$G$9$,!#(B

$B!V(Bipfw show$B!W!V(Bipfw list$B!W!J$@$C$?$+$J!K$H$+$N%3%^%s%I$G8=:_$N(B
$B%k!<%k$r3NG'$7$F$_$F$/$@$5$$!#(B

-- 
Yuri Kuwana $B7,L>M-M}!J$/$o$J$f$&$j!K!i(B
<mailto:audrey@ua.airnet.ne.jp> <http://www5.airnet.ne.jp/audrey>



$BC$8J>fIW(B wrote:
> $B?@8MBg3X$NC$8J$H$$$$$^$9!#(B
> 
> FreeBSD 4.8R-p3 $B$K(B NIC 2$BKg(B(em0, fxp0)$B:9$7$F(B gateway $B$r$5$;$h$&$H$7$FH>(B
> $BF|DY$7$F$7$^$$$^$7$?$,!"$$$^$@@.8y$7$J$$$N$G!"$I$J$?$+%R%s%H$rD:$1$k$H(B
> $BM-Fq$$$H;W$$!"Ej9F$7$F$$$^$9!#(B
> 
> $BL\E*$O!"C1$K(B IP forwarding $B$r$5$;$k$3$H$G$"$C$F!"%U%#%k%?%j%s%0$H$+(B
> NAT $B$NN`$O(B($B$$$^$N$H$3$m(B)$B0l@Z;H$&$D$b$j$O$"$j$^$;$s!#(B
> 
> $B$d$C$F$$$k$3$H$O0J2<$NDL$j$G$9!#(B
> 
> 1. cvsup $B$G(B 4.8R-p3 $B$rF~<j(B (/usr/src/UPDATING$B$G3NG':Q(B)$B!#(B
> 
> 2. kernel $B$N%3%s%Q%$%k!#0J2<$N(B configration $B$r;HMQ!#(B
> 
> --$B$3$3$+$i(B--
> machine         i386
> cpu             I686_CPU
> ident           NS483a
> maxusers        0
> options         INET                    #InterNETworking
> options         FFS                     #Berkeley Fast Filesystem
> options         FFS_ROOT                #FFS usable as root device [keep this!]
> options         SOFTUPDATES             #Enable FFS soft updates support
> options         UFS_DIRHASH             #Improve performance on big directories
> options         CD9660                  #ISO 9660 Filesystem
> options         PROCFS                  #Process filesystem
> options         COMPAT_43               #Compatible with BSD 4.3 [KEEP THIS!]
> options         UCONSOLE                #Allow users to grab the console
> options         USERCONFIG              #boot -c editor
> options         VISUAL_USERCONFIG       #visual boot -c editor
> options         KTRACE                  #ktrace(1) support
> options         SYSVSHM                 #SYSV-style shared memory
> options         SYSVMSG                 #SYSV-style message queues
> options         SYSVSEM                 #SYSV-style semaphores
> options         P1003_1B                #Posix P1003_1B real-time extensions
> options         _KPOSIX_PRIORITY_SCHEDULING
> options         ICMP_BANDLIM            #Rate limit bad replies
> options         KBD_INSTALL_CDEV        # install a CDEV entry in /dev
> device          isa
> device          pci
> device          fdc0    at isa? port IO_FD1 irq 6 drq 2
> device          fd0     at fdc0 drive 0
> device          ata
> device          atadisk                 # ATA disk drives
> device          atapicd                 # ATAPI CDROM drives
> device          atkbdc0 at isa? port IO_KBD
> device          atkbd0  at atkbdc? irq 1 flags 0x1
> device          psm0    at atkbdc? irq 12
> device          vga0    at isa?
> pseudo-device   splash
> device          sc0     at isa? flags 0x100
> device          agp             # support several AGP chipsets
> device          npx0    at nexus? port IO_NPX irq 13
> device          sio0    at isa? port IO_COM1 flags 0x10 irq 4
> device          ppc0    at isa? irq 7
> device          ppbus           # Parallel port bus (required)
> device          lpt             # Printer
> device          em              # Intel PRO/1000 adapter Gigabit Ethernet Card (``Wiseman'')
> device          miibus          # MII bus support
> device          fxp             # Intel EtherExpress PRO/100B (82557, 82558)
> pseudo-device   loop            # Network loopback
> pseudo-device   ether           # Ethernet support
> pseudo-device   pty             # Pseudo-ttys (telnet etc)
> --$B$3$3$^$G(B--
> 
> $B$J$*!"(BIPFW $B4X78$O(B
> 
> #options        IPFIREWALL              #firewall
> #options        IPFIREWALL_VERBOSE      #enable logging to syslogd(8)
> #options        IPFIREWALL_FORWARD      #enable transparent proxy support
> #options        IPFIREWALL_VERBOSE_LIMIT=100    #limit verbosity
> #options        IPFIREWALL_DEFAULT_TO_ACCEPT    #allow everything by default
> 
> $B$H$7$F30$7$F$"$j$^$9!#(B
> 
> 3. /etc/rc.conf $B$O0J2<$NDL$j!#$3$l0J30$N@_Dj$O2?$b$J$7!#(B
> 
>    $B>eN.B&(B
>       |
>    MY_UPNET -----gateway-----  MYSUBNET
> 
> (MYDOMAIN, MY_UPNET, MYSUBNET $B$O!"K\Mh$N$b$N$r;H$C$F$$$^$9!#(B)
> 
> --$B$3$3$+$i(B--
> hostname="ns.MYDOMAIN"
> network_interfaces="lo0 fxp0 em0"
> defaultrouter="MY_UPNET.1"
> ifconfig_fxp0="inet MYSUBNET.1 netmask 255.255.255.0"
> ifconfig_em0="inet MY_UPNET.36 netmask 255.255.255.0"
> ifconfig_lo0="inet 127.0.0.1" # default loopback device configuration.
> #
> kern_securelevel_enable="NO"
> keymap="jp.106x"
> linux_enable="YES"
> moused_enable="YES"
> #
> sshd_enable="YES"
> sshd_program=/usr/local/sbin/sshd
> #
> svr4_enable="YES"
> gateway_enable="YES"
> apm_enable="YES"
> #
> router_enable="NO" # Set to YES to enable a routing daemon.
> static_routes="" # Set to static route list (or leave empty).
> #
> --$B$3$3$^$G(B--
> 
> 4. $B%+!<%M%k%j%3%s%Q%$%k!u%$%s%9%H!<%k!u:F5/F0(B
> 
>    uname -a $B$G?7$7$$%+!<%M%k$GF0$$$F$$$k$3$H$r3NG'(B
> 
> 5. MYSUBNET$BB&$N(B notePC(FreeBSD 4.8) $B$+$i!"(B
> 
>      gateway $B$X$N(B ping, SSH $B%m%0%$%s(B, web$B1\Mw$O!"$A$c$s$H$G$-$k!#(B
> 
>      MY_UPNET $BB&%[%9%H$X$N(B ping, SSH $B%m%0%$%s(B, web$B1\Mw$J$I0l@ZIT2D!#(B
> 
> $B$J$*!"(BnotePC$B$G(B netstat -r $B$r$9$k$H!"$A$c$s$H(B default route $B$O@_Dj$5$l$F$$$k!#(B
> 
> 6. gawaway $B>e$G(B arp -a $B$J$I$r$9$k$H!"$A$c$s$HN>B&$N(B MAC $B%"%I%l%9$r@5$7(B
>    $B$/A4$F=&$C$F$$$k!#$^$?!"(B
> 
>    #  sudo sysctl net.inet.ip.forwarding
>    net.inet.ip.forwarding: 1
> 
>   $B$N$h$&$KI=<($5$l$k!#(B
> 
> 7. gateway $B>e$N(B Apache $B$G(B proxy $B$rN)$F$F!"(BnotePC $B$N%V%i%&%6$G!"$=$N(B
>    proxy $B7PM3$r@_Dj$9$k$H!"$A$c$s$H30It$O1\Mw2DG=!#(B
> 
> $B0J>e$G$9!#(B
> 
> # $B%3%a%s%H$,$D$+$J$$$s$8$c$J$$$+$H;W$&$[$I!"40`z$@$H;W$&$s$G$9$,!"(B
> # $B$d$C$Q$j2?$+$r30$7$F$$$k$h$&$J5$$,$7$^$9!#0lBN2?$J$s$G$7$g$&$+!)(B
> 
> 

