From owner-FreeBSD-users-jp@jp.FreeBSD.org Tue Jul 27 15:03:54 2004
Received: (from daemon@localhost)
	by castle.jp.FreeBSD.org (8.11.6p2+3.4W/8.11.3) id i6R63sA26232;
	Tue, 27 Jul 2004 15:03:54 +0900 (JST)
	(envelope-from owner-FreeBSD-users-jp@jp.FreeBSD.org)
Received: from mail1.accsnet.ne.jp (mail1.accsnet.ne.jp [210.235.48.69])
	by castle.jp.FreeBSD.org (8.11.6p2+3.4W/8.11.3) with ESMTP/inet id i6R63r826227
	for <FreeBSD-users-jp@jp.FreeBSD.org>; Tue, 27 Jul 2004 15:03:54 +0900 (JST)
	(envelope-from ushida@msa.biglobe.ne.jp)
Received: from olive.localdomain (164.248.accsnet.ne.jp [202.220.248.164])
	by mail1.accsnet.ne.jp (8.9.3p2/3.7W-ns) with ESMTP id PAA00189
	for <FreeBSD-users-jp@jp.FreeBSD.org>; Tue, 27 Jul 2004 15:03:53 +0900 (JST)
Received: from dove.localdomain (dove.localdomain [192.168.0.2])
	by olive.localdomain (Postfix) with SMTP id 409ED79
	for <FreeBSD-users-jp@jp.FreeBSD.org>; Tue, 27 Jul 2004 15:03:53 +0900 (JST)
From: Jun USHIDA <ushida@msa.biglobe.ne.jp>
To: FreeBSD-users-jp@jp.FreeBSD.org
In-Reply-To: Your message of "Tue, 27 Jul 2004 09:44:35 +0900".
	<20040727092450.F02D.DAISAITO@lares.dti.ne.jp>
References: <040726154948.M0160700@ushida.msa.biglobe.ne.jp>
	<20040727092450.F02D.DAISAITO@lares.dti.ne.jp>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-2022-JP
Message-ID: <040727150351.M0364851@ushida.msa.biglobe.ne.jp>
X-Mailer: mnews [version 1.22PL5] 2001-02/07(Wed)
Reply-To: FreeBSD-users-jp@jp.FreeBSD.org
Precedence: list
Date: Tue, 27 Jul 2004 15:03:53 +0900
X-Sequence: FreeBSD-users-jp 80288
Subject: [FreeBSD-users-jp 80288] [=?ISO-2022-JP?B?GyRCMnI3aBsoQg==?=]
 Re: firewall	=?ISO-2022-JP?B?GyRCRmJJdCROGyhC?= ftp server
 (Windows,Warftpd)	=?ISO-2022-JP?B?GyRCJHI4eDMrJDkkaxsoQg==?=
 =?ISO-2022-JP?B?GyRCSn1LIRsoQg==?= 
Sender: owner-FreeBSD-users-jp@jp.FreeBSD.org
X-Originator: ushida@msa.biglobe.ne.jp
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+040717

$B5mED$H?=$7$^$9!%(B

<20040727092450.F02D.DAISAITO@lares.dti.ne.jp>$B$N5-;v$K$*$$$F(B
2004$BG/(B07$B7n(B27$BF|(B($B2P(B) 09$B;~(B44$BJ,(B35$BIC:"!"(Bdaisaito$B$5$s$O=q$+$l$^$7$?!%(B

|$B;d$N4D6-$G$O!"0J2<$N5-=R$G(BOK$B$G$7$?!#(B
|rdr tun0 0/0 port 21 -> ftp-server port 21
|rdr tun0 0/0 port 20 -> ftp-server port 20

$B%3%a%s%H$"$j$,$H$&$4$6$$$^$9!%(B
$BF1MM$K@_Dj$7$FL5;v$K2r7h$7$^$7$?!%(B
---- /etc/ipnat.rules $B$KDI2C$7$?FbMF$3$3$+$i(B ------------------------------
rdr fxp0 0/0 port 21 -> 172.26.168.1 port 21 tcp/udp
rdr fxp0 0/0 port 20 -> 172.26.168.1 port 20 tcp/udp
---- /etc/ipnat.rules $B$KDI2C$7$?FbMF$3$3$^$G(B ------------------------------

|$B$A$J$_$K$3$N>l9g(Bactive mode$B$G$O$&$^$/$$$-$^$9$,!"(B
|passive mode$B$G$O$&$^$/$$$-$^$;$s!#(B

$B3N$+$K(B active mode $B$G$O$&$^$/$$$-$^$9$,!$(Bpassive mode $B$G$OF0$-$^$;$s!%(B
$B$=$N>I>u$b$3$A$i$G$bA4$/F1$8$G$9!%(B

|3000$BHV(Bport$B$G$O$J$/IaDL$K(B21$BHV(Bport$B$r;H$C$F$_$^$7$?$+!)(B
|$BIaDL$N(BFTP$B%/%i%$%"%s%H$,$I$&F0$/$+$H$$$&;v$OCN$j$^$;$s$,!"(B
|[$B%3%^%s%I(BPORT - 1]$B$,(Bftp-data port$B$K$J$k$N$G$O$J$$$G$7$g$&$+!)(B(active mode$B;~(B)
|$B$J$N$G$3$N>l9g$O!"(B
|rdr tun0 0/0 port 2999 -> ftp-server port 20
|$B$H$7$F$_$?$i$&$^$/$$$/!"!"!"2DG=@-$O$"$k$H;W$$$^$9!#(B

daisaito $B$5$s$N8f;XE&DL$j$G$9!%;n$7$K(B
rdr fxp0 0/0 port 3000 -> 172.26.168.1 port 21 tcp/udp
rdr fxp0 0/0 port 2999 -> 172.26.168.1 port 20 tcp/udp

$B$H=q$$$F$_$?$N$G$9$,!$(B active mode $B$G(B port 3000 $B$K$D$J$2$k$H$&$^$/$$$-$^$7$?!%(B

|# $B$C$F$$$&$+$^$:$OIaDL$K(B21,20$BHV(Bport$B$G@.8y$7$F$+$iJL(BPORT
|# $B$G<B83$7$^$7$g$&$h!#!#(B

$B$*$C$7$c$kDL$j$G$9!%(B21,20$BHV(B port $B$+$i;n$9$Y$-$G$7$?!%(B
$BK\Ev$K?=$7Lu$"$j$^$;$s$G$7$?!%(B

$B$I$&$b$"$j$,$H$&$4$6$$$^$7$?!%(B
$B:G8e$K(B /etc/ipnat.rules $B$r:\$;$F$*$-$^$9!%(B

--------------- /etc/ipnat.rules $B$3$3$+$i(B ------------------------------------
map fxp0 172.26.168.0/22 -> 0/32 proxy port ftp ftp/tcp
map fxp0 172.26.168.0/22 -> 0/32 portmap tcp/udp auto
map fxp0 172.26.168.0/22 -> 0/32
#
# For VNC (port 5901)
rdr fxp0 0/0 port 5901 -> 172.26.168.1 port 5900 tcp/udp
#
# For ftpd (port 3000)
rdr fxp0 0/0 port 3000 -> 172.26.168.1 port 21 tcp/udp
rdr fxp0 0/0 port 2999 -> 172.26.168.1 port 20 tcp/udp
--------------- /etc/ipnat.rules $B$3$3$^$G(B ------------------------------------

fxp0             : firewall $B$N30B&(B NIC $B$N(B device$BL>(B
172.26.168.0/22  : firewall $B$NFbB&$K$"$k(B network
172.26.168.1     : firewall $B$NFbB&$K$"$k(B VNC server & ftp server

1. firewall $BFbIt$+$i30It$X(B $B%"%/%;%92DG=(B.
2. firewall $BFbIt$+$i30It$X(B ftp $B%"%/%;%92DG=(B.
3. firewall $B$N(B $B30B&$+$i(B firewall $B$N30B&(B NIC $B$N(B IP address$B$K8~$+$C$F(B
   vncviewer $B$G(B host:1 $B$r;XDj$7FbIt$N(B 172.26.168.1 $B$N(BVNC server $B$K%"%/%;%92DG=(B.
4. firewall $B$N(B $B30B&$+$i(B firewall $B$N30B&(B NIC $B$N(B IP address$B$K8~$+$C$F(B active mode
   $B$N(Bftp $B$r$9$k$3$H$G(B $BFbIt$N(B 172.26.168.1 $B$N(B ftp server $B$K%"%/%;%92DG=(B.

$B0J>e$G$9!%(B
$B%3%a%s%H$r2<$5$C$?3'$5$s!$$I$&$b$"$j$,$H$&$4$6$$$^$7$?!%(B
--
Jun USHIDA

