From owner-FreeBSD-users-jp@jp.freebsd.org  Sun Feb 28 23:22:24 1999
Received: (from daemon@localhost)
	by jaz.jp.freebsd.org (8.9.2+3.1W/8.7.3) id XAA15784;
	Sun, 28 Feb 1999 23:22:24 +0900 (JST)
	(envelope-from owner-FreeBSD-users-jp@jp.FreeBSD.org)
Received: from green.an.egg.or.jp (mail00.jttyo.egg.or.jp [202.230.255.203])
	by jaz.jp.freebsd.org (8.9.2+3.1W/8.7.3) with ESMTP id XAA15779
	for <FreeBSD-users-jp@jp.freebsd.org>; Sun, 28 Feb 1999 23:22:23 +0900 (JST)
	(envelope-from k-shirao@green.an.egg.or.jp)
Received: from green.an.egg.or.jp (jmax004-024.tokyo2.post.an.egg.or.jp [203.183.245.25])
	by green.an.egg.or.jp (8.8.8+2.7Wbeta7/3.7W-98090719) with ESMTP id XAA20824
	for <FreeBSD-users-jp@jp.freebsd.org>; Sun, 28 Feb 1999 23:22:20 +0900 (JST)
Message-ID: <36D94DF9.817A121D@green.an.egg.or.jp>
Date: Sun, 28 Feb 1999 23:08:58 +0900
From: Kouji Shirao <k-shirao@green.an.egg.or.jp>
X-Mailer: Mozilla 4.5 [ja] (Win95; I)
X-Accept-Language: ja
MIME-Version: 1.0
To: FreeBSD-users-jp@jp.freebsd.org
Content-Type: text/plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Reply-To: FreeBSD-users-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+981115
X-Sequence: FreeBSD-users-jp 39347
Subject: [FreeBSD-users-jp 39347] PPP =?ISO-2022-JP?B?GyRCIVwbKEI=?= NAT
 =?ISO-2022-JP?B?GyRCJE4lVSUjJWslPyVqJXMlMCRLJEQkJCRGGyhC?= 
Errors-To: owner-FreeBSD-users-jp@jp.freebsd.org
Sender: owner-FreeBSD-users-jp@jp.freebsd.org
X-Originator: k-shirao@green.an.egg.or.jp

FreeBSD$BE0Dl3hMQ#1$r;29M$K@_Dj$7$F!"(BPPP+NAT$B$G%$%s%?!<%M%C%H(B
$B$X$N%*%s%G%^%s%I%@%$%d%k%"%C%W$O2DG=$K$O$J$C$F$$$k$N$G$9$,!"(B
ppp$B$N%U%#%k%?%j%s%0$K$D$$$F!"0J2<$N#3$D$N<ALd$,$"$j$^$9!#(B

$B#1!K(B FTP-DATA$B$r<u?.$9$k>l9g!"(Bsrc port$B!$(Bdst port $B$H$b$K!"(Btcpdump
     $B$G8+$?$H$3$m!"(BFTP-DATA$BMQ$N(Bport(20)$B$,@_Dj$5$l$J$$0Y!"(Bppp.
     conf $B$G(Ba)$B$N@_Dj$G$O!"<u?.$G$-$:!"(Bb)$B$N@_Dj$G$J$$$H<u?.$G$-(B
     $B$^$;$s!#(B
     $B$3$l$O!"$3$&$$$&$b$N$J$N$G$7$g$&$+!)$^$?!"(Bb)$B$NMM$J@_Dj$G%;%-%j(B
     $B%F%#>e!"LdBj$O$J$$$N$G$7$g$&$+!)(B

     a)  set ifilter 3 permit 0/0 0/0 tcp src eq 20
     b)  set ifilter 3 permit 0/0 0/0 tcp dst gt 1023

$B#2!K(B FreeBSD$BE0Dl3hMQ#1$rFI$`$H!"(Bifilter,ofilter$B6&$K(BLAN$B>e$N%^%7%s(B
     $B$N(Bip$B%"%I%l%9$G%U%#%k%?%j%s%0$,3]$1$i$l$k$HM}2r$7$?$N$G$9$,!"(B
     c)$B$NMM$K@_Dj$9$k$H!"<u?.$,$G$-$^$;$s!#(B
     $B9=J8>e$b$7$/$O!"2?$+$N@_Dj$,$*$+$7$$$N$G$7$g$&$+!)(B

     c)  set ifilter 7 permit 0/0 198.168.32.0/24 tcp src eq 110 estab

$B#3!K(B port$B$O!"Fb8~$-$N>l9g$O!"(Bsrc port$B$K(Bwell known port$B!J$G$7$?$C$1(B)
     $B$,;H$o$l!"(Bdst port$B$K$OG$0U$N(Bport$B$,;H$o$l$k!#(B
     $B308~$-$N>l9g$O!"(Bdst port$B$K(Bwell known port$B$,;H$o$l!"(Bsrc port$B$K(B
     $B$OG$0U$N(Bport$B$,;H$o$l$k!#(B
     $B0J>e$NMM$JM}2r$GNI$$$N$G$7$g$&$+!)$H$$$&$N$b!">e5-$NMM$J9M$((B
     $B$HA4$/@5H?BP$H9M$($i$l$k(Bppp.conf$B$N;29MNc$r$$$/$D$+8+$?$3$H$,$"(B
     $B$k$N$G!#(B

$B$J$*!"(BFreeBSD$B$N%t%!!<%8%g%s$O!"(B2.2.7 release$B$G$9!#(B
$B$^$?!"0J2<$K(Bppp.conf$B$H!"(Btcpdump$B$N0lIt$b:\$;$^$9!#$h$m$7$/$*4j$$(B
$B$7$^$9!#(B

 ppp.conf$B!K(B
default:
 set log Phase Chat Connect Carrier LCP IPCP CCP tun command
 set device /dev/cuaa0
 set speed 115200
 disable lqr
 deny lqr
 set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \"\" AT OK-AT-OK
ATE1Q0 OK \\dATDT\\T TIMEOUT 40 CONNECT"
 set timeout 300
 accept chap
 deny pap
 set openmode active
 allow users *
 disable pred1
 deny pred1
 set taddr 192.168.32.0/24
tokyoinet:
 set phone 58262910
 set timeout 90
 set ifaddr 0.0.0.0/0 202.230.255.6/0
 set authname XXXXXXXX
 set authkey XXXXXXXX
 add default 255.255.255.0 202.230.255.6
#ifilter
# AUTH (ident)
 set ifilter 0 permit 0/0 0/0 tcp dst eq 113
# HTTP
 set ifilter 1 permit 0/0 0/0 tcp src eq 80
# FTP
 set ifilter 2 permit 0/0 0/0 tcp src eq 21 estab
# FTP-DATA
 set ifilter 3 permit 0/0 0/0 tcp dst gt 1023
# set ifilter 3 permit 0/0 0/0 tcp src eq 20
# DNS
 set ifilter 4 permit 0/0 0/0 udp src eq 53
# SMTP
# set ifilter 5 permit 0/0 0/0 udp src eq 25
# ICMP
 set ifilter 6 permit 0/0 0/0 icmp
# POP
 set ifilter 7 permit 0/0 0/0 tcp src eq 110 estab
# OTHER
 set ifilter 8 permit 0/0 0/0 udp dst gt 33433
# set ifilter 8 permit 0/0 0/0
#ofilter
# AUTH (ident)
 set ofilter 0 permit 0/0 0/0 tcp src eq 113
# HTTP
 set ofilter 1 permit 0/0 0/0 tcp dst eq 80
# FTP
 set ofilter 2 permit 0/0 0/0 tcp dst eq 21
# FTP-DATA
 set ofilter 3 permit 0/0 0/0 tcp src gt 1023
# set ofilter 3 permit 0/0 0/0 tcp dst eq 20
# DNS
 set ofilter 4 permit 0/0 0/0 udp dst eq 53
# SMTP
#       set ofilter 5 permit 0/0 0/0 udp dst eq 25
# ICMP
        set ofilter 6 permit 0/0 0/0 icmp
# POP
        set ofilter 7 permit 0/0 0/0 tcp dst eq 110
# OTHER
 set ofilter 8 permit 0/0 0/0 udp dst gt 33433
# set ofilter 8 permit 0/0 0/0
#dfilter
 set dfilter 0 deny icmp
#DNS packets from other machines
 set dfilter 1 deny 192.168.32.0/24 0/0 udp dst eq 53
#RIP packets
 set dfilter 2 deny 0/0 0/0 udp dst eq 520
#SMB packets
 set dfilter 3 deny 0/0 0/0 tcp dst eq 137
 set dfilter 4 deny 0/0 0/0 udp dst eq 137
 set dfilter 5 deny 0/0 0/0 tcp dst eq 138
 set dfilter 6 deny 0/0 0/0 udp dst eq 138
 set dfilter 7 deny 0/0 0/0 tcp dst eq 139
 set dfilter 8 deny 0/0 0/0 udp dst eq 139
# from Web browser closing
 set dfilter 9 deny tcp finrst
# permit other packets
 set dfilter 10 permit 0/0 0/0
#afilter
 set afilter 0 deny icmp
#not keep alive by RIP packets
 set afilter 1 deny udp src eq 520
# from Web browser closing
 set afilter 2 deny tcp syn
 set afilter 3 deny tcp finrst
# permit other packets
 set afilter 4 permit 0/0 0/0

tcpdump)
02:10:21.743042 pub1.pa.vix.com.ftp >
jmax004-020.tokyo2.post.an.egg.or.jp.1035: P 311:361(50) ack 52 win 8576
<nop,nop,timestamp 26782076 673> [tos 0x10]
02:10:21.748514 jmax004-020.tokyo2.post.an.egg.or.jp.1036 >
pub1.pa.vix.com.1184: S 64165989:64165989(0) win 16384 <mss
1484,nop,wscale 0,nop,nop,timestamp 674 0,nop,nop,ccnew[|tcp]> (DF)
02:10:21.792834 jmax004-020.tokyo2.post.an.egg.or.jp.1035 >
pub1.pa.vix.com.ftp: . ack 361 win 16768 <nop,nop,timestamp 674
26782076> (DF)
02:10:22.083062 pub1.pa.vix.com.1184 >
jmax004-020.tokyo2.post.an.egg.or.jp.1036: S 2148326541:2148326541(0)
ack 64165990 win 8576 <mss 536,nop,wscale 0,nop,nop,timestamp 26782077
674>
02:10:22.083206 jmax004-020.tokyo2.post.an.egg.or.jp.1036 >
pub1.pa.vix.com.1184: . ack 1 win 16768 <nop,nop,timestamp 675 26782077>
(DF)
02:10:22.103906 jmax004-020.tokyo2.post.an.egg.or.jp.1035 >
pub1.pa.vix.com.ftp: P 52:60(8) ack 361 win 16768 <nop,nop,timestamp 675
26782076> (DF)


+-------------------------------------------------+
 E-MAIL : k-shirao@green.an.egg.or.jp
 $BGrHx(B  $B9/<#(B
+-------------------------------------------------+


