From owner-FreeBSD-users-jp@jp.freebsd.org  Sun Jun 18 02:38:19 2000
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id CAA45585;
	Sun, 18 Jun 2000 02:38:19 +0900 (JST)
	(envelope-from owner-FreeBSD-users-jp@jp.FreeBSD.org)
Received: from blue.ocn.ne.jp (blue.ocn.ne.jp [202.234.232.78])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with ESMTP id CAA45580
	for <FreeBSD-users-jp@jp.freebsd.org>; Sun, 18 Jun 2000 02:38:19 +0900 (JST)
	(envelope-from ueta@pixy.issp.u-tokyo.ac.jp)
Received: from localhost (p39-dn06inage.chiba.ocn.ne.jp [210.225.249.232])
	by blue.ocn.ne.jp (8.9.1a/OCN/) with ESMTP id CAA21471;
	Sun, 18 Jun 2000 02:38:17 +0900 (JST)
To: FreeBSD-users-jp@jp.freebsd.org
Cc: ueta@pixy.issp.u-tokyo.ac.jp
In-Reply-To: Your message of "Sun, 18 Jun 2000 00:53:53 +0900"
	<394B9F1123A.A0C1DAISAITO@smtp.lares.dti.ne.jp>
References: <394B9F1123A.A0C1DAISAITO@smtp.lares.dti.ne.jp>
X-Mailer: Mew version 1.93 on Emacs 19.28 / Mule 2.3 (SUETSUMUHANA)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Message-Id: <20000618024430V.ueta@pixy.issp.u-tokyo.ac.jp>
Date: Sun, 18 Jun 2000 02:44:30 +0900
From: Ueta Masateru <ueta@pixy.issp.u-tokyo.ac.jp>
X-Dispatcher: imput version 980905(IM100)
Lines: 103
Reply-To: FreeBSD-users-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+000315
X-Sequence: FreeBSD-users-jp 52686
Subject: [FreeBSD-users-jp 52686] Re: IP =?ISO-2022-JP?B?GyRCJWsbKEI=?=
 =?ISO-2022-JP?B?GyRCITwlPyROQF9EaiQsJG8kKyRqJF4kOyRzGyhC?= 
Errors-To: owner-FreeBSD-users-jp@jp.freebsd.org
Sender: owner-FreeBSD-users-jp@jp.freebsd.org
X-Originator: ueta@pixy.issp.u-tokyo.ac.jp

$B$3$s$K$A$O?"ED$G$9!#(B
From: SaitoMasaru <daisaito@lares.dti.ne.jp>
Subject: [FreeBSD-users-jp 52683] Re: IP  $B%k!<%?$N@_Dj$,$o$+$j$^$;$s(B 
Date: Sun, 18 Jun 2000 00:53:53 +0900
Message-ID: <394B9F1123A.A0C1DAISAITO@smtp.lares.dti.ne.jp>
> On 00/06/17 21:10:32
> WADA Masashi <mwada@mil.allnet.ne.jp> Wrote: 
> Subject [FreeBSD-users-jp 52679] Re: IP $B%k!<%?$N@_Dj$,$o$+$j$^$;$s(B 
> > insvr$B$K(Bnatd$B$OITMW$H;W$$$^$9!#$J$<$J$i!"%"%I%l%9JQ49$9$kI,MW$,$J$$$+$i!#(B
> interface$B$+$i(Binterface$B$K(Bpacket$B$rDL2a$5$;$k$N$K(Bnatd
> ($B$^$?$O$=$N$h$&$JF/$-$r$9$k%b%N(B)
> $B$OI,MW$G$O$J$$$G$7$g$&$+!)(B
> ipfw$B$G$O$^$:!"$=$N%Q%1%C%H%U%#%k%?%j%s%0$9$k%k!<%k$r@_Dj$7$F(B
> $B$=$N>e$GMM!9$J%k!<%k$r@_Dj$7$F$$$/$N$G$"$C$F!"(Bipfw$B<+BN$,(Binterface$B$+$i(B
> interface$B$K(Bpacket$B$rDL2a$5$;$k5!G=$O$J$+$C$?$H;W$&$N$G$9$,!&!&!&(B
> $B$b$72DG=$J$i$I$N$h$&$K$9$k$N$G$7$g$&$+!)!)(B

$BOBED$5$s$NDs<($5$l$F$$$kJ}K!$G!"(B192.168.2.x $B$K$*$$$F!"(B192.168.3.x $B$K8~(B
$B$+$&(B packet $B$,Mn$5$l$k$3$H$K$J$j$^$9!#$G$9$+$i!"$3$NJ}K!$G!":XF#$5$s$N(B
$BMWK>$OK~$5$l$k$H;W$$$^$9!#(B

$B:XF#$5$s$O!"(B"natd $B$N1?MQ$,I,MW$G$J$$$+!)(B" $B$H=q$+$l$F$$$^$9$,!";d$O$=$l(B
$B$OI,MW$J$$$H;W$$$^$9!#$=$l$O!"(Bpacket $B$N(B routing $B$H!"(Bpacket $B$N(B 
filtering $B$H9T$J$($P!"=jK>$N>u67$rC#@.$G$-$k$H9M$($k$+$i$G$9!#(B

 NAT $B$H$O!"(B"Network Address Translator" $B$H$$$&L>A0$N<($9$H$*$j!"(B
"Network $B$N(B address $B$rJQ49$9$k(B" $B$3$H$G$9!#:XF#$5$s$N>l9g!"(Bnetwork $B$N(B 
address $B$rJQ49$9$kI,MW$O!"FC$K$"$j$^$;$s!#$G$9$+$i!"(Bnatd $B$N1?MQ$OI,MW(B
$B$J$$$H;W$$$^$9!#(B

$B$J$*!"(Bpacket $B$N(B routing $B$*$h$S(B filtering $B$K2C$($F(B NAT $B$r9T$J$C$F$b!"$-(B
$B$A$s$H@_Dj$5$l$F$$$l$P!"LdBjL5$/F0$+$9$3$H$O2DG=$G$9!#$7$+$7!"$o$6$o$6(B
$BLLE]$J$3$H$r$9$k$H!"7k2L$H$7$F(B network $B$NCf?H$,(B blackbox $B$H2=$7$F$7$^(B
$B$&$3$H$,1}!9$K$7$F$"$j$^$9!#$7$?$,$C$F!"$3$N$h$&$JJ}K!$r<h$k$3$H$O$"$^(B
$B$j$*4+$a$7$^$;$s!#(B

-- $B0J2<M>CL(B --
$B:#2s$N:XF#$5$s$N$*OC$NMWK>$r@0M}$9$k$H!"(B

$B!&(B192.168.2.x $B$N5!3#$+$i$O(B 192.168.3.x $B$X$N(B access $B$O=PMh$J$$$h$&$K$7(B
$B$?$$!#(B
$B$H$$$&7A$K@0M}$G$-$^$9!#(B

$B$9$k$H!"LdBj$r2r7h$9$kJ}K!$H$7$F$O!"(B

(1)192.168.2.x $B$r5/8;$H$9$k(B packet $B$O!"(B192.168.1.x <-> 192.168.3.x $B$N5!(B
$B3#$K$FMn$9!#(B
(2)192.168.2.x $B$r5/8;$H$9$k(B packet $B$O!"(B192.168.2.x <-> 192.168.1.x $B$N5!(B
$B3#$K$FMn$9!#(B

$B$N(B 2 $BDL$j$N<jCJ$,$"$k$H9M$($i$l$^$9!#(B
#$BFbMF$O$I$A$i$b!">e$G8@$&(B routing $B$H(B filtering $B$G$9!#0c$&$N$O!"$I$3$G(B 
#filtering $B$r9T$J$&$N$+!)$H$$$&E@$G$9!#(B

$B$7$+$7!"8=<BE*$K$O(B (1) $B$N<jCJ$O:NMQ$7$K$/$$$G$7$g$&!#$3$NJ}K!$G$O!"F1(B
$B$8$h$&$J@)8B$r2C$($?$/$J$C$?$H$-(B($B$?$H$($P!"(B192.168.4.x $B$N(B access $B$b6X(B
$B;_$7$?$$>l9g$J$I(B)$B!"$=$N@)8B$r2C$($k?t$@$1!"@_Dj$N<j4V$,A}$($k$+$i$G$9!#(B

$B$H$$$&$3$H$G!"(B(2) $B$NJ}K!$r$H$k$3$H$K$J$j$^$9!#(B

$B$H$3$m$G!">e5-$N$h$&$K(B 192.168.2.x <-> 192.168.1.x $B$N$h$&$J!"0[$J$k(B IP
address $B$r;}$D!"(Binterface $B4V$G(B packet $B$N$d$j$H$j$r$9$k$3$H$r%k!<%F%#%s(B
$B%0(B(routing)$B$H8F$S$^$9!#(B 
#$B<j85$N(B "TCP/IP $B%P%$%V%k2~D{?7HG(B" $B$K$h$k$H!"(Brouting $B$K$D$$$F$O$b$C$HBt(B
#$B;3=q$$$F$"$k$N$G$9$,!"$H$j$"$($:3d0&$5$;$F$$$?$@$-$^$7$?!#(B

$B$3$N(B routing $B$r@)8f$9$kL?Na$,(B route $BL?Na$K$J$j$^$9!#$?$H$($P!"(B(2) $B$N$h(B
$B$&$K@_Dj$7$?$$$J$i(B 192.168.1.x $B$N(B default router $B$H$J$k5!3#$G(B
route add net 192.168.2.0 192.168.1.?
                            ($B",(B 2 $B$D(B interface $B$r;}$C$?5!3#$N(B IP address)
$B$H$+$rF~NO$7$F$*$1$PNI$$$o$1$G$9!#(B

$B$3$3$^$G$G!"(Bpacket $B$N(B routing $B$,@_Dj$G$-$^$9!#(B

$B<!$K(B filtering $B$K$J$k$N$G$9$,!"9,$$$J$3$H$K:G6a$N(B FreeBSD $B$G$O(B kernel 
$B$NCf$K(B firewall $B$N5!G=$,Ec:\$5$l$F$$$^$9!#(B
#$B@53N$K8@$&$H!"(Bpacket $B$N(B routing $BItJ,$K(B filtering $B$N5!G=$bIU2C$5$l$?!"(B
#$B$H$$$&$3$H$J$N$G$7$g$&$,!#(B

$B$3$N5!G=$O(B ipfw $B$H$$$&L?Na$r;H$C$F@)8f$5$l$^$9!#$G!">\$7$/$O(B man ipfw 
$B$"$?$j$r8f;29M$K!D!"$H$$$&$3$H$K$J$k$N$G$9$,!"$?$H$($P0J2<$N$h$&$J46$8(B
$B$N@_Dj$r(B /etc/rc.firewall $B$N$I$3$+$K5-=R$9$k$H$$$&$3$H$K$J$k$N$G$7$g$&(B
$B$+!D(B
#$B$A$J$_$K!"$3$3$O(B 2.2.6 $B$N;~$NCN<1$G=q$$$F$^$9!#?7$7$$(B version $B$G$O!"(B
#$B<c43JQ$o$C$F$$$k$+$b$7$l$^$;$s!D!#(B

-- $B$3$3$+$i(B
$fwcmd add 1000 deny all from 192.168.2.0/24 to 192.168.3.0/24
$fwcmd add 10000 allow all from 192.168.2.0/24 to all
-- $B$3$3$^$G(B

$B0J>e$G!":XF#$5$s$N8fMWK>(B(routing $B$H(B filtering)$B$OBgBNK~$5$l$k$H;W$$$^$9!#(B

$B$H$3$m$G!"(Bipfw $B$N(B rule $B$N5-=R$K$OJJ$,$"$j$^$9!#$?$H$($P!"(Brule $BHV9f$N=g(B
$BHV$K$O0UL#$,$"$C$?$j$7$^$9$7!"(B0 $BHV$rIU$1$F$O$$$1$J$+$C$?$j$9$k$+$b$7$l(B
$B$^$;$s!#(B"$B2?$+>e<j$/F0$+$J$$(B" $B$H$$$&$3$H$G$7$?$i!"(Bnatd $B$J$I$NItJ,$NB>$K!"(B
firewall $B$N@_Dj$NItJ,$b8+D>$5$l$F$_$k$H!"NI$$$H;W$$$^$9!#(B
#$B$3$N$"$?$j$N(B rule $B5-=R$NJJ$O!"@i:9K|JL$J$N$GBP=h$,LLE]$@$J!A!"$H2?;~(B
#$B$b;W$$$^$9(B ;-)

$B$G$O$G$O(B
--
$B?"ED(B $B@551(B(ueta@pixy.issp.u-tokyo.ac.jp)
