From owner-FreeBSD-users-jp@jp.freebsd.org  Mon Mar  1 01:30:51 1999
Received: (from daemon@localhost)
	by jaz.jp.freebsd.org (8.9.2+3.1W/8.7.3) id BAA25515;
	Mon, 1 Mar 1999 01:30:51 +0900 (JST)
	(envelope-from owner-FreeBSD-users-jp@jp.FreeBSD.org)
Received: from pixy.issp.u-tokyo.ac.jp (pixy.issp.u-tokyo.ac.jp [157.82.115.45])
	by jaz.jp.freebsd.org (8.9.2+3.1W/8.7.3) with SMTP id BAA25510
	for <FreeBSD-users-jp@jp.freebsd.org>; Mon, 1 Mar 1999 01:30:50 +0900 (JST)
	(envelope-from ueta@pixy.issp.u-tokyo.ac.jp)
Received: (qmail 7956 invoked from network); 28 Feb 1999 16:33:09 -0000
Received: from p34-dn01inage.chiba.ocn.ne.jp (HELO localhost) (210.225.249.35)
  by pixy.issp.u-tokyo.ac.jp with SMTP; 28 Feb 1999 16:33:09 -0000
To: FreeBSD-users-jp@jp.freebsd.org
Cc: ueta@pixy.issp.u-tokyo.ac.jp
In-Reply-To: Your message of "Sun, 28 Feb 1999 23:08:58 +0900"
	<36D94DF9.817A121D@green.an.egg.or.jp>
References: <36D94DF9.817A121D@green.an.egg.or.jp>
X-Mailer: Mew version 1.93 on Emacs 19.28 / Mule 2.3 (SUETSUMUHANA)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Message-Id: <19990301013151I.ueta@pixy.issp.u-tokyo.ac.jp>
Date: Mon, 01 Mar 1999 01:31:51 GMT
From: Ueta Masateru <ueta@pixy.issp.u-tokyo.ac.jp>
X-Dispatcher: imput version 980905(IM100)
Lines: 73
Reply-To: FreeBSD-users-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+981115
X-Sequence: FreeBSD-users-jp 39351
Subject: [FreeBSD-users-jp 39351] PPP filtering (Re: PPP
 =?ISO-2022-JP?B?GyRCIVwbKEI=?= NAT
 =?ISO-2022-JP?B?GyRCJE4lVSUjJWslPyVqJXMlMCRLJEQkJCRGGyhC?=
 )
Errors-To: owner-FreeBSD-users-jp@jp.freebsd.org
Sender: owner-FreeBSD-users-jp@jp.freebsd.org
X-Originator: ueta@pixy.issp.u-tokyo.ac.jp

$B$3$s$K$A$O?"ED$G$9!#J,$+$k$H$3$m$@$1(B follow.
From: Kouji Shirao <k-shirao@green.an.egg.or.jp>
Subject: [FreeBSD-users-jp 39347] PPP $B!\(B NAT $B$N%U%#%k%?%j%s%0$K$D$$$F(B 
Date: Sun, 28 Feb 1999 23:08:58 +0900
Message-ID: <36D94DF9.817A121D@green.an.egg.or.jp>
> $B#1!K(B FTP-DATA$B$r<u?.$9$k>l9g!"(Bsrc port$B!$(Bdst port $B$H$b$K!"(Btcpdump
>      $B$G8+$?$H$3$m!"(BFTP-DATA$BMQ$N(Bport(20)$B$,@_Dj$5$l$J$$0Y!"(Bppp.
>      conf $B$G(Ba)$B$N@_Dj$G$O!"<u?.$G$-$:!"(Bb)$B$N@_Dj$G$J$$$H<u?.$G$-(B
>      $B$^$;$s!#(B
>      a)  set ifilter 3 permit 0/0 0/0 tcp src eq 20

ftp $B$K$O(B passive mode on/off $B$N(B 2 $B$D$N(B mode $B$,$"$j$^$9!#(BShirao $B$5$s$N(B
$B;vNc$O!"$*$=$i$/(B passive mode off $B$K$J$C$F$$$k$N$G$7$g$&!#$3$N(B mode $B$r(B 
on $B$K$7$F$"$2$l$P!"(B
>  set ofilter 2 permit 0/0 0/0 tcp dst eq 21
$B$H$5$l$F$$$k$N$G!"(Bftp $B$O;H$($k$H;W$$$^$9!#(B

$B$A$J$_$K(B passive mode off $B$N;~$O!"(Bftp server $BB&$,(B client $BB&$KBP$7$F(B 
port $B$N3dEv$F$rMW5a$7$F$-$^$9!#(Bserver $B$O!"$3$3$G3dEv$F$i$l$?(B port( ftp 
$B$N(B default port $B$N(B 21 $BHV0J30(B) $B$G(B data $B$rE>Aw$7$h$&$H$7$^$9!#0lHL$K(B 
1023 $B0J2<$N(B port $B$O4IM}<T8"8B$,L5$$$H3dEv$F$k$3$H$,=PMh$J$$$N$G!"(B1024 
$B0J>e$N(B port $B$rMW5a$7$F$-$^$9!#(B
$B$@$+$i!"(B
>      b)  set ifilter 3 permit 0/0 0/0 tcp dst gt 1023
$B$H$$$&@_Dj$,I,MW$K$J$k$o$1$G$9!#(B

$B0lJ}!"(Bpassive mode on $B$N;~$O:G=i$K$D$J$,$C$?(B port(dst=21) $B$@$1$r;H$C$F(B
$BE>Aw$7$h$&$H$7$^$9!#$@$+$i(B
>  set ofilter 2 permit 0/0 0/0 tcp dst eq 21
$B$@$1$G$bBg>fIW$J$o$1$G$9$M!#(B
#$B$A$J$_$K(B ftp-data $B$O$"$^$j;HMQ$5$l$F$$$J$$$H$+$$$&OC$,:G6aK?(B router 
#$B$N(B user ML $B$GN.$l$F$$$?$h$&$J$+$9$+$J5-21$,!D(B

>      $B$3$l$O!"$3$&$$$&$b$N$J$N$G$7$g$&$+!)$^$?!"(Bb)$B$NMM$J@_Dj$G%;%-%j(B
>      $B%F%#>e!"LdBj$O$J$$$N$G$7$g$&$+!)(B

"$BL/$J<BAu$N(B program $B$H$+$r(B inetd $B$G5/F0$K$9$k$h$&$K$7$F$$$k(B" or "inetd 
$B$8$c$J$$$1$I(B root $B$G5/F0$7$?(B process $B$,(B listen $B$7$F$$$k(B" $B$H$+$$$&(B 
program $B$,$"$C$F!"(B1024 $B0J>e$N(B port $B$r;H$C$F$$$?$j$9$k2DG=@-$,$"$j$^$9(B
$B$+$i!"$d$C$Q$j@x:_E*$J4m81$rUT$s$G$$$k$H$O;W$$$^$9!#(B

> $B#2!K(B FreeBSD$BE0Dl3hMQ#1$rFI$`$H!"(Bifilter,ofilter$B6&$K(BLAN$B>e$N%^%7%s(B
>      $B$N(Bip$B%"%I%l%9$G%U%#%k%?%j%s%0$,3]$1$i$l$k$HM}2r$7$?$N$G$9$,!"(B
>      c)$B$NMM$K@_Dj$9$k$H!"<u?.$,$G$-$^$;$s!#(B
>      $B9=J8>e$b$7$/$O!"2?$+$N@_Dj$,$*$+$7$$$N$G$7$g$&$+!)(B
>      c)  set ifilter 7 permit 0/0 198.168.32.0/24 tcp src eq 110 estab

$B$3$A$i$,!"(B110 $B$KBP$7$F@\B3$r$7$F$$$k>l9g$K$OLdBj$,L5$5$=$&$K8+$($^$9$M!D!#(B
$B8=>u$O(B PPP $B$O;HMQ$7$F$$$J$$$N$G!"$3$A$i$O(B pass $B!D!#(B
# source IP $B$H(B destination IP $B$r5U$K$7$?$i!"$I$&$J$k$s$@$m$&!)$0$i$$$N(B
#$BL5@UG$$J$3$H$7$+8@$($J$$!D!#$J$s$H$J$/!"5U$N$h$&$J5$$b$9$k$1$I!D!#(B

> $B#3!K(B port$B$O!"Fb8~$-$N>l9g$O!"(Bsrc port$B$K(Bwell known port$B!J$G$7$?$C$1(B)
>      $B$,;H$o$l!"(Bdst port$B$K$OG$0U$N(Bport$B$,;H$o$l$k!#(B
>      $B308~$-$N>l9g$O!"(Bdst port$B$K(Bwell known port$B$,;H$o$l!"(Bsrc port$B$K(B
>      $B$OG$0U$N(Bport$B$,;H$o$l$k!#(B

UNIX $B$N(B TCP/IP $B$N0lHLE*$JOC$H$7$F!"(Bsource $B$OE,Ev$J(B port $B$G!"$=$3$+$i(B 
destination $B$N(B well-known port $B$K@\B3$8$c$J$$$G$7$g$&$+!)!#(B

#$B4IM}<T$8$c$J$$(B user $B$,(B process $B$r5/F0$9$k>l9g$O;HMQ=PMh$k(B port $B$,(B 
#1024 $B0J>e$KI,A3E*$K8BDj$5$l$k$+$i!"$"$k0UL#EvA3$J$N$+!#(B

PPP $B$N>l9g$O!"(Bpacket $B$NF~=P$N8~$-$r5$$K$7$J$,$i!"$3$l$r9M$($k$H!#(B

$B0J2<40A4$JM>CL(B::$BAGKQ$J5?Ld(B
> # DNS
>  set ofilter 4 permit 0/0 0/0 udp dst eq 53
$B$3$l$C$F!"(Bnslookup $B$r;H$*$&$H$9$k$H!"$A$g$C$H$O$^$C$?$j$7$^$;$s!)(B

$B$G$O$G$O(B
--
$B?"ED(B $B@551(B(ueta@pixy.issp.u-tokyo.ac.jp)
