From owner-FreeBSD-users-jp@jp.FreeBSD.org Sat Aug  6 11:33:53 2005
Received: (from daemon@localhost)
	by castle.jp.FreeBSD.org (8.11.6p2+3.4W/8.11.3) id j762Xr175813;
	Sat, 6 Aug 2005 11:33:53 +0900 (JST)
	(envelope-from owner-FreeBSD-users-jp@jp.FreeBSD.org)
Received: from shonan.homeunix.org ([2002:dae1:d104::1])
	by castle.jp.FreeBSD.org (8.11.6p2+3.4W/8.11.3) with ESMTP/inet6 id j762XqI75808
	for <FreeBSD-users-jp@jp.FreeBSD.org>; Sat, 6 Aug 2005 11:33:52 +0900 (JST)
	(envelope-from uchiyama@shonan.homeunix.org)
Received: from uptown.shonan.homeunix.org (uptown.homeunix.org [192.168.1.252])
	by shonan.homeunix.org (Postfix) with SMTP id 1334B11A065
	for <FreeBSD-users-jp@jp.FreeBSD.org>; Sat,  6 Aug 2005 11:33:51 +0900 (JST)
Message-Id: <200508060233.AA00768@uptown.shonan.homeunix.org>
From: Toshio Uchiyama <uchiyama@shonan.homeunix.org>
To: FreeBSD-users-jp@jp.FreeBSD.org
In-Reply-To: <20050806011321.72781.qmail@web3101.mail.bbt.yahoo.co.jp>
References: <20050806011321.72781.qmail@web3101.mail.bbt.yahoo.co.jp>
MIME-Version: 1.0
X-Mailer: AL-Mail32 Version 1.13
Content-Type: text/plain; charset=iso-2022-jp
Reply-To: FreeBSD-users-jp@jp.FreeBSD.org
Precedence: list
Date: Sat, 06 Aug 2005 11:33:39 +0900
X-Sequence: FreeBSD-users-jp 86461
Subject: [FreeBSD-users-jp 86461] Re: FreeBSD5.4
 =?ISO-2022-JP?B?GyRCJEskaCRrJWshPCU/OT1DWyRLJEQkJCRGGyhC?=
Sender: owner-FreeBSD-users-jp@jp.FreeBSD.org
X-Originator: uchiyama@shonan.homeunix.org
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+050320

$BCf@n$5$s!#$h$m$7$/$*4j$$$7$^$9!#Fb;3$H?=$7$^$9!#(B

$BCf@n(B $BB@(B $B$5$s$O=q$-$^$7$?(B:
>$B>0!":#8=:_3NG'$G$-$F$$$k$3$H$O!"(BFreeBSD$B%k!<%?$h$j(BWAN$B$X$N(B
>$BABDL$O3NG'$7$F$*$j$^$9!#$^$?%/%i%$%"%s%H!J(BWindows2000$B$+(B
>$B$i$O(B200.201.202.203$B$^$G$O(Bping$B3NG'$G$-$F$$$^$9$,!"(BFreeBSD
>$B%k!<%?$NABDL3NG':Q$_(BWAN$B%"%I%l%9$X$NABDL$,=PMh$J$$>u67$G(B
>$B$9!#$^$?3F<o%O!<%I$NF0:n$bLdBj$"$j$^$;$s!#$3$N$h$&$J>u67(B
>$B2<$G$9$,59$7$/$4;XE&$r$*4j$$$7$^$9!#(B

$B2<L>$O!"(BIP(6)FW+NATD on FreeBSD 5.4-R $B$G(B PPPoE $B%k!<%?!<$r9=C[(B
$B$7$F$*$j$^$9!#$O$C$-$j$7$?$3$H$O?=$;$^$;$s$,!"7P83>e!"!V(BPPPoE 
$B%k!<%?!<$+$i(Bping$B$,DL$k!"(BLAN $BFb$+$i!"(BPPPoE $B%k!<%?!<$K(B ping $B$,(B
$BDL$k!"$7$+$7!"(BLAN$B!!Fb$+$i30$K(B ping $B$,DL$i$J$$!W$H$$$&>l9g!"(B
nat $B$,@5>o$KF0:n$7$F$$$J$$$3$H$,$"$j$^$7$?!#(Bipnat $B$r$*;H$$(B
$B$G$$$i$C$7$c$k$h$&$G$9$,!"2<L>$O(B ipnat $B$r;H$C$?$3$H$,$J$$$N$G!"(B
$B%"%I%P%$%9$O$G$-$J$$$G$9!#(Bppp_nat $B$+!"(Bnatd $B$r;H$C$F$_$?$i(B
$B$I$&$G$7$g$&$+(B($BF0:nJ]>c$9$k$b$N$G$O$"$j$^$;$s$N$G!"<+8J@UG$(B
$B$K$*$$$F!"I,MW$J$b$N$O%P%C%/%"%C%W$r$H$C$F$+$i$*;n$7(B
$B$/$@$5$$!K!)(B

natd $B$r;H$&>l9g!"(Brc.conf $B$G(B

natd_enable="YES"
natd_program="natd"
natd_flags="-f /etc/natd.conf"

$B$H$7$F!"(Bnatd.conf $B$O%G%U%)%k%H$GBg>fIW$@$H;W$$$^$9$,(B
$BG0$N$?$a!"2<L>$N(B natd.conf $B$r%3%T%Z$7$F$*$-$^$9!#(B

## $FreeBSD: src/sbin/natd/samples/natd.cf.sample,v 1.5 
1999/09/13 18:18:33 ru Exp $
### Configuration file for natd.
###dynamic        yes # added by uchiyama from http://pc.2ch.net/test/read.cgi/uxnix/103860563/301-400
# Enable logging to file /var/log/alias.log
#log             no
## Incoming connections.  Should NEVER be set to "yes" if 
redirect_port
# or redirect_address statements are activated in this file!
## Setting to yes provides additional anti-crack protection
#deny_incoming   no
## Use sockets to avoid port clashes.  Uses additional system 
resources, but
# guarantees successful connections when port numbers conflict
#use_sockets     yes
## Avoid port changes if possible when altering outbound 
packets. Makes rlogin
# work in most cases.
#same_ports      yes
## Verbose mode. Enables dumping of packets and disables
# forking to background.  Only set to yes for debugging.
#verbose         no
## Divert port. Can be a name in /etc/services or numeric value.
##port           32000
## Interface name or address being aliased. Either one,
# not both is required.
## Obtain interface name from the command output of "ifconfig -
a"
## alias_address 192.168.0.1
interface       tun0
#
# Alias unregistered addresses or all addresses.  Set this to 
yes if
# the inside network is all RFC1918 addresses.
#
unregistered_only       yes
#
# Configure permanent links. If you use host names instead
# of addresses here, be sure that name server works BEFORE
# natd is up - this is usually not the case. So either use
# numeric addresses or hosts that are in /etc/hosts.
## Note:  Current versions of FreeBSD all call /etc/rc.firewall
# BEFORE running named, so if the DNS server and NAT are on the 
same
# machine, the nameserver won't be up if natd is called from 
/etc/rc.firewall
## Map connections coming to port 30000 to telnet in 
my_private_host.
# Remember to allow the connection /etc/rc.firewall also.
##redirect_port          tcp my_private_host:telnet 30000
#redirect_port  tcp 192.168.2.2:80 218.225.209.4:8001
#redirect_port  tcp 192.168.2.1:80 218.225.209.4:8002
#redirect_port  tcp 192.168.1.5:80 218.225.209.4:8003
## Map connections coming from host.xyz.com to port 30001 to
# telnet in another_host.
#redirect_port          tcp another_host:telnet 30001 
host.xyz.com
## Static NAT address mapping:
##  ipconfig must apply any legal IP numbers that inside hosts
# will be known by to the outside interface.  These are 
sometimes known as
# virtual IP numbers.  It's suggested to use the "interface" 
directive
# instead of the "alias_address" directive to make it more clear 
what is
# going on. (although both will work)
## DNS in this situation can get hairy.  For example, an inside 
host
# named aweb.company.com is located at 192.168.1.56, and needs 
to be
# accessible through a legal IP number like 198.105.232.1.  If 
both
# 192.168.1.56 and 198.105.232.1 are set up as address records 
in the DNS
# for aweb.company.com, then external hosts attempting to access
# aweb.company.com may use address 192.168.1.56 which is 
inaccessible to them.
## The obvious solution is to use only a single address for the 
name, the
# outside address.  However, this creates needless traffic 
through the
# NAT, because inside hosts will go through the NAT to get to 
the legal
# number, even when the inside number is on the same subnet as 
they are!
## It's probably not a good idea to use DNS names in 
redirect_address statements
##The following mapping points outside address 198.105.232.1 to 
192.168.1.56
#redirect_address  192.168.1.56         198.105.232.1

----
$BFb;3IRO:(B
IPv4 uchiyama@shonan.homeunix.org http://shonan.homeunix.org/
IPv6 uchiyama@shonan.afraid.org http://shonan.afraid.org/

