From owner-FreeBSD-users-jp@jp.FreeBSD.org Thu Jun 13 10:22:22 2002
Received: (from daemon@localhost)
	by castle.jp.FreeBSD.org (8.11.6+3.4W/8.11.3) id g5D1MMf71375;
	Thu, 13 Jun 2002 10:22:22 +0900 (JST)
	(envelope-from owner-FreeBSD-users-jp@jp.FreeBSD.org)
Received: from hotmail.com (f111.pav1.hotmail.com [64.4.31.111])
	by castle.jp.FreeBSD.org (8.11.6+3.4W/8.11.3) with ESMTP/inet id g5D1MLc71370
	for <FreeBSD-users-jp@jp.FreeBSD.org>; Thu, 13 Jun 2002 10:22:21 +0900 (JST)
	(envelope-from ml_list@hotmail.com)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Wed, 12 Jun 2002 18:22:15 -0700
Received: from 218.44.247.93 by pv1fd.pav1.hotmail.msn.com with HTTP;
	Thu, 13 Jun 2002 01:22:15 GMT
X-Originating-IP: [218.44.247.93]
From: "$ fin" <ml_list@hotmail.com>
To: FreeBSD-users-jp@jp.FreeBSD.org
Date: Thu, 13 Jun 2002 10:22:15 +0900
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-2022-jp; format=flowed
Message-ID: <F111TC7T4szWdr5PXCZ000232df@hotmail.com>
X-OriginalArrivalTime: 13 Jun 2002 01:22:15.0713 (UTC) FILETIME=[C0A3C910:01C21278]
Reply-To: FreeBSD-users-jp@jp.FreeBSD.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+020611
X-Sequence: FreeBSD-users-jp 69262
Subject: [FreeBSD-users-jp 69262] NATD+IPFW
 =?ISO-2022-JP?B?GyRCJE5AX0RqJEskRCQkJEYbKEI=?= 
Errors-To: owner-FreeBSD-users-jp@jp.FreeBSD.org
Sender: owner-FreeBSD-users-jp@jp.FreeBSD.org
X-Originator: ml_list@hotmail.com



$BCSED!w#9#8%f!<%6!<$G$9(B

NATD+IPFW$B$K$D$$$F<ALd$,$"$j$^$9(B

$B?'!9$J$H$3$m$r$_$F%+!<%M%k:F9=C[$d(Brc.conf$BEy$NJT=8$r(B
$B9T$C$?$N$G$9$,<+J,$N4uK>$9$k7k2L$,F@$i$l$^$;$s!#(B

$B9T$$$?$$$3$H$O(B

INET
 |
SVPC$B!J%k!<%?7s(BWEB$B%5!<%P!<!K(B
 |    |
CL-1 CL-2 

CL-n$B$+$i(B INET$B$r$_$($k$h$&$K$7$?$$$N$G$9(B
SVPC$B$O(B $B30It(BIP$B$O(BDHCP $BFbIt$O8GDj(B
CL-n$B$O@EE*$K(B 192.168.1.3$BEy(B $B8GDj$G@_Dj$7$F$$$^$9(B

$B4D6-$G$9$,(B
PC-9821 LA
FREEBSD(98) 4.5
$B30B&%$%s%?!<%U%'%$%9(B ed13$B!J(BBUFFALO LPC2-CLT$B!K(B
$BFbB&%$%s%?!<%U%'%$%9(B ed16$B!J(BCOREGA FEther PCC$B!](BTXF$B!K(B

$B@\B3J}K!(B YAHOO!BB

$B$N9=@.$G$9(B

$B9T$C$?$3$H$O(B
$B0JA0JL$N<ALd$N:]$K(B NAT $B$K4X$9$k@_Dj$N(BHP$B$r>R2p$7$F$$$?$@$$$?$N$G(B
$B$=$3$H$[$H$s$IF1$8$K$7$^$7$?!#(B

http://www.tac.tsukuba.ac.jp/~hiromi/ipfw4.html
$B",(B $B$r;29M$K$D$/$j$^$7$?(B
IPFW$B$N%k!<%k$O%G%U%)%k%H!J!)!K$r;HMQ$7$F$$$^$9!#!J0J2<$N@_Dj!K(B
00050 1662 189596 divert 8668 ip from any to any via ed13
00100    0      0 allow ip from any to any via lo0
00200    0      0 deny ip from any to 127.0.0.0/8
00300    0      0 deny ip from 127.0.0.0/8 to any
65000 1660 189440 allow ip from any to any
65535    8   1789 deny ip from any to any

$B"(#1(B $B%+!<%M%k:F9=C[(B
options         IPFIREWALL
options         IPFIREWALL_VERBOSE
options         IPFIREWALL_VERBOSE_LIMIT=100
options         IPDIVERT

$B$rDI5-$7%+!<%M%k:F9=C[$r9T$$$^$7$?!#(B

$B"(#2(B rc.conf$B$NJT=8!JDI5-!K(B
tcp_restrict_rst="YES"
tcp_drop_synfin="YES"

gateway_enable="YES"
portmap_enable="NO"

firewall_enable="YES"
firewall_type="open"

natd_enable="YES"
natd_interface="ed13"
natd_flags="-f /etc/natd.conf"

$B"(#3(B natd.conf$B$NJT=8!J:n@.!K(B
log no
verbose no
deny_incoming no
log_denied yes
log_facility security
use_sockets yes
same_ports yes
unregistered_only yes

$B>e5-(B $B"(#1!A"(#3$^$G$r$*$3$J$$$^$7$?!#(B

$B7k2L$H$7$F(B
$B30$+$i$G$b(B $BFb$+$i$G$b(B SVPC $B$K$O(B TELNET$BEy$N@\B3$,$G$-$^$9!#(B
$B$7$+$7(B CL-n$B$N(B $B%G%U%)%k%H%2!<%H%&%'%$$K(B SVPC$B$NFbIt%"%I%l%9$r;XDj$7$F$b(B SVPC$B$K(B
$B$O(BPING$B$,DL$j$^$9$,(B $B30It$X$N(BPING$B$,$H$*$j$^$;$s!#(B
HP$B$b$_$l$^$;$s!&!&!&(B

$B@_Dj$K4X$7$F$N>pJs$r$*4j$$$7$^$9(B
$B$_$J$5$^$N$*CN7C$r$*B_$7$$$?$@$1$k$H9,$$$G$9(B

$BJdB-!K(B
ifconfig $B$N(B $BFbMF$G$9!#(B $BF1$8$h$&$JFbMF$G(B
ifconfig -u $B$N7k2L$O$I$&$J$C$F$$$^$9$+!)(B
$B$H$$$&$N$r8+$+$1$^$7$?$N$G(B

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
        inet 127.0.0.1 netmask 0xff000000
ed16: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet6 fe80::290:99ff:fe51:95f2%ed16 prefixlen 64 scopeid 0x6
        inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
        ether 00:90:99:51:95:f2
        media: Ethernet autoselect (none)
        status: no carrier
ed13: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet6 fe80::240:26ff:fe91:bbab%ed13 prefixlen 64 scopeid 0x7
        inet XXX.XXX.XXX.XXX netmask 0xffffff00 broadcast XXX.XXX.XXX.XXX
        ether 00:40:26:91:bb:ab



_________________________________________________________________
$BM'C#$H$N%A%c%C%H%D!<%k(B MSN $B%a%C%;%s%8%c!<$N%@%&%s%m!<%I$O$3$A$i(B 
http://messenger.msn.co.jp/

