From owner-FreeBSD-users-jp@jp.freebsd.org  Mon Mar  1 17:05:21 1999
Received: by jaz.jp.freebsd.org (8.9.2+3.1W/8.7.3) id RAA10783;
	Mon, 1 Mar 1999 17:05:21 +0900 (JST)
	(envelope-from owner-FreeBSD-users-jp@jp.FreeBSD.org)
Received: from dns1.optpia.co.jp (dns1.optpia.co.jp [210.141.102.138])
	by jaz.jp.freebsd.org (8.9.2+3.1W/8.7.3) with ESMTP id RAA10777
	for <FreeBSD-users-jp@jp.freebsd.org>; Mon, 1 Mar 1999 17:05:17 +0900 (JST)
	(envelope-from freebsd@optpia.co.jp)
Received: from fmv5120d5.optpia.co.jp (fmv5120d5 [192.51.6.7])
	by dns1.optpia.co.jp (8.8.8/3.7W+11/21/98) with SMTP id RAA02844
	for <FreeBSD-users-jp@jp.freebsd.org>; Mon, 1 Mar 1999 17:04:35 +0900 (JST)
Date: Mon, 01 Mar 1999 17:03:34 +0900
From: =?ISO-2022-JP?B?GyRCTHgbKEIg?=<freebsd@optpia.co.jp>
To: FreeBSD-users-jp@jp.freebsd.org
Message-Id: <36DA49D614A.7BCFFREEBSD@mail.optpia.co.jp>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-2022-JP
Content-Transfer-Encoding: 7bit
X-Mailer: Becky! ver 1.24.16
Reply-To: FreeBSD-users-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+981115
X-Sequence: FreeBSD-users-jp 39365
Subject: [FreeBSD-users-jp 39365] =?ISO-2022-JP?B?GyRCMzBJdCVhITwbKEI=?=
 =?ISO-2022-JP?B?GyRCJWslNSE8JVAkWCROJSIlLyU7JTkkLDBbPm8bKEI=?=
 =?ISO-2022-JP?B?GyRCJEtDWSQkGyhC?=
Errors-To: owner-FreeBSD-users-jp@jp.freebsd.org
Sender: owner-FreeBSD-users-jp@jp.freebsd.org
X-Originator: freebsd@optpia.co.jp

$BLx$H?=$7$^$9!#(B

FreeBSD2.2.5 $B$H(B IP-Filter3.2.3 $B$r;H$C$F<!$N$h$&$J(B
$B%M%C%H%o!<%/9=@.$G(BLAN$B%+!<%I#2Kg:9$7$N%5!<%P$r9=C[$7$F$$$^$9!#(B

PC ------------------ FreeBSD Server--------- POP,SMTP,DNS Server
192.168.0.2      192.168.0.1    210.1.1.1        210.1.1.2
                       aaa.xxx.co.jp           bbb.yyy.co.jp

$B$H$3$m$,!"%m!<%+%kB&$N(BPC$B$+$i30It$N%a!<%k%5!<%P(B(POP, SMTP)$B$K%a!<%k$r(B
$BAw<u?.(B(Beckey)$B$7$F$$$k$N$G$9$,!"0[>o$K=hM}$,CY$$$N$G$9!#(B
($B%a!<%kAw?.(B=45$BIC(B, $B%a!<%k<u?.(B=1$BJ,(B30$BIC(B)
$BB>$N%a!<%k%5!<%P$K%"%/%;%9$7$G$bF1$87k2L$K$J$j$^$9!#(B

$B%a!<%i!<$r(BInternet Mail$B$KJQ$($k$HCY$9$.$F%?%$%`%"%&%H$7$^$9!#(B

FreeBSD Server$B$G(BIP$B%^%9%+%l!<%I$7$F$$$k$N$G$9$,!"(B
IP Filter $B$N@_Dj$O0J2<$G$9!#(B

[/etc/natrules]
map fxp0 192.168.0.1/24 -> 210.1.1.1/32 portmap tcp/udp 10000:20000
map fxp0 192.168.0.1/24 -> 210.1.1.1/32

FreeBSD$B%^%7%s$K$O(BIPFW$B$r;HMQ$7$F%U%!%$%"%&%)!<%k$r9=C[$7$F$$(B
$B$^$9$,!"8=:_(B

# ipfw list
00100 allow ip from any to any
65535 deny ip from any to any

$B$GAGDL$7$7$F$$$^$9!#(B

FreeBSD Server$B$G(BDNS(named)$B$OF0:n$7$F$$$^$;$s!#(B
$B!J(Bresolv.conf$B$N@_Dj$N$_!K(B

PC$B$+$i30It$N%a!<%k%5!<%P(B(POP, SMTP)$B$K%a!<%kAw<u?.$7$?$H$-(B
tcpdump $B$G%0%m!<%P%k%"%I%l%9B&$N(Bdump$B$r$_$k$H!"(B
$B<!$N$h$&$KESCf$G(Bicmp$B$,(Budp port domain unreachable$B$K$J$C$F$$$^$9!#(B
$B$3$l$,860x$G$O$J$$$+$H;W$&$N$G$9$,!"0UL#!&BP=hJ}K!$,$o$+$j$^$;$s!#(B

16:00:50.214074 ns-jp.sinet.ad.jp.64740 > aaa.xxx.co.jp.domain: 44333 (50) (DF)
16:00:50.214178 aaa.xxx.co.jp > ns-jp.sinet.ad.jp: icmp: aaa.xxx.co.jp udp port domain unreachable (DF)
16:00:52.234093 bbb.yyy.co.jp.1024 > aaa.xxx.co.jp.domain: 11726 (50)
16:00:52.234206 aaa.xxx.co.jp > bbb.yyy.co.jp: icmp: aaa.xxx.co.jp udp port domain unreachable

$B$A$J$_$K!"(B
aaa.xxx.co.jp $B%5!<%P$G(B ping bbb.yyy.co.jp
bbb.yyy.co.jp $B%5!<%P$G(B ping aaa.yyy.co.jp
$B$H$7$F$b!"$I$A$i$b@5>o$KF0:n$7$^$9!#(B

FreeBSD Server(aaa.xxx.co.jp)$B$+$i(BPOP,SMTP,DNS Server$B$K(B
telnet 210.1.1.2
$B$H$9$k$H!"F1MM$K(B
16:02:00.972937 bbb.yyy.co.jp.1024 > aaa.yyy.co.jp.domain: 11729 (50)
16:02:00.973062 aaa.yyy.co.jp > bbb.yyy.co.jp: icmp: aaa.yyy.co.jp udp port domain unreachable
16:02:03.975708 bbb.yyy.co.jp.1024 > aaa.yyy.co.jp.domain: 11730 (34)
16:02:03.975818 aaa.yyy.co.jp > bbb.yyy.co.jp: icmp: aaa.yyy.co.jp udp port domain unreachable

$B$H$J$j$^$9!#(B

$B2?8N$J$N$+LdBj$N@Z$jJ,$1$,$G$-$:$K:$$C$F$$$^$9!#(B
$B59$7$/$*4j$$$7$^$9!#(B

