From owner-FreeBSD-users-jp@jp.FreeBSD.org Fri Aug 19 11:15:06 2005
Received: (from daemon@localhost)
	by castle.jp.FreeBSD.org (8.11.6p2+3.4W/8.11.3) id j7J2F6Q81835;
	Fri, 19 Aug 2005 11:15:06 +0900 (JST)
	(envelope-from owner-FreeBSD-users-jp@jp.FreeBSD.org)
Received: from office.fukui.dcmp.co.jp (lgkp001.dcmp.co.jp [210.160.212.219])
	by castle.jp.FreeBSD.org (8.11.6p2+3.4W/8.11.3) with ESMTP/inet id j7J2F5I81829
	for <FreeBSD-users-jp@jp.FreeBSD.org>; Fri, 19 Aug 2005 11:15:05 +0900 (JST)
	(envelope-from narita@dcmp.co.jp)
Received: from [192.168.0.159] (009.fukui.dcmp.co.jp [192.168.0.159])
	by office.fukui.dcmp.co.jp (8.13.1/8.13.1) with ESMTP id j7J2F5ka025853
	for <FreeBSD-users-jp@jp.FreeBSD.org>; Fri, 19 Aug 2005 11:15:05 +0900 (JST)
	(envelope-from narita@dcmp.co.jp)
Mime-Version: 1.0 (Apple Message framework v734)
Content-Transfer-Encoding: 7bit
Message-Id: <FC8FF8BB-AAFB-4BBD-88D9-177311C659DC@dcmp.co.jp>
Content-Type: text/plain; charset=ISO-2022-JP; delsp=yes; format=flowed
To: FreeBSD-users-jp@jp.FreeBSD.org
From: =?ISO-2022-JP?B?GyRCQC5FRCEhN0kbKEI=?= <narita@dcmp.co.jp>
X-Mailer: Apple Mail (2.734)
Reply-To: FreeBSD-users-jp@jp.FreeBSD.org
Precedence: list
Date: Fri, 19 Aug 2005 11:15:04 +0900
X-Sequence: FreeBSD-users-jp 86663
Subject: [FreeBSD-users-jp 86663] ipfw: pullup failed
 =?ISO-2022-JP?B?GyRCJCw+QyQoJEokJBsoQg==?= 
Sender: owner-FreeBSD-users-jp@jp.FreeBSD.org
X-Originator: narita@dcmp.co.jp
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+050320

$B@.ED!w(BDC&MP$B$G$9!#(B

$B@hF|!"L\$NA0$G(BHD$B4X78$N%Q%K%C%/$,5/$3$j!"%5!<%P!<$,$*K4$/$J(B 
$B$j$K$J$C(B
$B$F$7$^$$$^$7$?!#(B
$B30=P@h$+$i5"$C$F$-$?%?%$%_%s%0$@$C$?$N$G!":G8e$N=V4V$KN)$A2q$C$?!D(B
$B$C$F46$8$G$9!J(BTT

$B85$O(B FreeBSD4.3R $B$G1?MQ$7$F$$$?$N$G$9$,!"5^n1(B  
FreeBSD5.4R $B$G%j%W(B
$B%l!<%9$r9T$$$^$7$?!#(B
$B85!9(B NIC $B#2Kg;I$7$N%^%k%A%[!<%`%[%9%H$G1?MQ$7$F$$$?$N$G!"(B 
$B:#2s$b(B
$BF1MM$K@_Dj$r$7$?=j(B /var/log/messages $B$K(B ipfw: pullup  
failed $B$H%m(B
$B%0$rEG$-$^$/$C$F$$$^$9!#(B

$B%m%0$rEG$/0J30$OFC$KLdBj$J$/F0$$$F$$$k$h$&$G$9!#(B

Google$B@h@8$K$*4j$$$7$F$bM-1W$J>pJs$,$J$$$N$G$*<j>e$2>uBV$G$9!#(B
$B2?$+$4B8$8$NJ}$,$$$i$C$7$c$$$^$7$?$i!"$*CN7C$rGR<Z$r$P!D!#(B

$B<j=g$H$7$F$O!"2<5-$N$H$*$j$G$9!#(B

$B#1!K2<5-$N%*%W%7%g%s$rDI2C$7$F%+!<%M%k$N:F%3%s%Q%$%k$r9T$$$^$7$?!#(B

options    IPFIREWALL
options    IPFIREWALL_FORWARD
options    IPFIREWALL_FORWARD_EXTENDED
$B!J",:G=i$O$3$N9T$,L5$$$N$,2r$i$J$/$F$D$^$E$-$^$7$?!K(B
options    IPFIREWALL_VERBOSE
options    IPFIREWALL_VERBOSE_LIMIT=500
options    TCP_DROP_SYNFIN


$B#2!K(B/etc/firewall.conf $B$r:n@.8e%U%)%o!<%G%#%s%0>pJs$r@_Dj!#(B

ipfw add 1010 fwd 192.168.xx.1 all from 192.168.xx.5 to any out

192.168.xx.1 $B!D(B $B%k!<%?!<$N(BIP
$B!J%k!<%?!<$N(BDMZ$B5!G=$G30It$+$i$N%"%/%;%9$r?6$C$F$$$^$9!K(B
192.168.xx.5 $B!D(B $B%5!<%P!<$N(BIP

$B"(%G%U%)%k%H%k!<%?!<$r@_Dj$7$F$$$k$?$a!"(B/etc/ 
firewall.conf $B$K$O(B
$B#2KgL\$N(B NIC $B$N@_Dj$@$1$r5-=R$7$F$$$^$9!#(B


$B#3!K(B/etc/rc.conf $B$X2<5-$rDI2C!#(B

defaultrouter="210.xxx.xxx.xxx"
#
# FireWall
#
firewall_enable="YES"
firewall_script="/etc/firewall.conf"
firewall_logging="YES"
firewall_quiet="NO"
tcp_drop_synfin="YES"
ipmon_enable="NO"

$B#4!K%5!<%P!<$N4D6-$O2<5-$N$H$*$j$G$9(B

        ISP$B#1(B
         $B("(B
   210.xxx.xxx.xxx
$B!J%0%m!<%P%k%k!<%?!<!K(B
         $B("(B
   210.xxx.xxx.xxx
   $B!J%0%m!<%P%k(BIP$B!K(B
$B(#(!(!(!(!(!(!(!(!(!($(B
$B("(B    $B%5!<%P!<(B     $B("(B
$B(&(!(!(!(!(!(!(!(!(!(%(B
     192.168.xx.5
    $B!J%m!<%+%k(BIP$B!K(B
         $B("(B
     192.168.xx.1
$B!J%;%+%s%@%j!<%k!<%?!<!K(B
         $B("(B
        ISP2


netstat -rn $B$G8+$F$b$-$A$s$H?6$jJ,$1$5$l$F$$$k$h$&$G!"2?$,0-$$$N(B 
$B$+!D(B
$B$4B8$8$NJ}$,$$$i$C$7$c$$$^$7$?$i!"$h$m$7$/$*4j$$$7$^$9!#(Bm(_ _)m


