From owner-FreeBSD-users-jp@jp.freebsd.org  Mon Jun 14 10:13:24 1999
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id KAA66573;
	Mon, 14 Jun 1999 10:13:24 +0900 (JST)
	(envelope-from owner-FreeBSD-users-jp@jp.FreeBSD.org)
Received: from pixy.issp.u-tokyo.ac.jp (pixy.issp.u-tokyo.ac.jp [157.82.115.45])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with SMTP id KAA66568
	for <FreeBSD-users-jp@jp.freebsd.org>; Mon, 14 Jun 1999 10:13:23 +0900 (JST)
	(envelope-from ueta@pixy.issp.u-tokyo.ac.jp)
Received: (qmail 16417 invoked from network); 14 Jun 1999 01:16:58 -0000
Received: from localhost (127.0.0.1)
  by localhost with SMTP; 14 Jun 1999 01:16:58 -0000
To: FreeBSD-users-jp@jp.freebsd.org
Cc: ueta@pixy.issp.u-tokyo.ac.jp
In-Reply-To: Your message of "Mon, 14 Jun 1999 08:11:58 +0900"
	<37643ABE14A.CB8CT-GO@po.tcn.zaq.ne.jp>
References: <37643ABE14A.CB8CT-GO@po.tcn.zaq.ne.jp>
X-Mailer: Mew version 1.93 on Emacs 19.34 / Mule 2.3 (SUETSUMUHANA)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Message-Id: <19990614101658D.ueta@pixy.issp.u-tokyo.ac.jp>
Date: Mon, 14 Jun 1999 10:16:58 +0900
From: Ueta Masateru <ueta@pixy.issp.u-tokyo.ac.jp>
X-Dispatcher: imput version 980905(IM100)
Lines: 49
Reply-To: FreeBSD-users-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+990610
X-Sequence: FreeBSD-users-jp 43190
Subject: [FreeBSD-users-jp 43190] Configurations on ipfw (Re: ipfw + natd
 =?ISO-2022-JP?B?GyRCJEclKCVpITwbKEI=?=
 )
Errors-To: owner-FreeBSD-users-jp@jp.freebsd.org
Sender: owner-FreeBSD-users-jp@jp.freebsd.org
X-Originator: ueta@pixy.issp.u-tokyo.ac.jp

$B$3$s$K$A$O?"ED$G$9!#(B
From: Go <t-go@geocities.co.jp>
Subject: [FreeBSD-users-jp 43187] Re: ipfw + natd $B$G%(%i!<(B 
Date: Mon, 14 Jun 1999 08:11:58 +0900
Message-ID: <37643ABE14A.CB8CT-GO@po.tcn.zaq.ne.jp>
> 00100  16  1210  allow ip from any to any via xl0
> 00200   0     0  deny ip from any to 127.0.0.0/8
> 65535  36  2903  deny ip from any to any
> $B!!$H=P$F$$$^$9!#$d$C$H%0%m!<%P%k%"%I%l%9!J30B&!K$X$N(BPING$B$,DL$k$h$&$K$J$j(B
> $B$^$7$?!#(B
> $B$7$+$7!#!#!#!!#D#N#S$,0z$1$J$/$J$C$F$7$^$$$^$7$?!#(B
> $B$R$H$D$R$H$D2r7h$7$F$$$+$J$1$l$P$$$1$J$$$h$&$G$9!#(B

$B$I$3$N5!3#$+$i!"$I$3$N(B DNS $B$K(B access $B$,=PMh$J$/$J$C$?$N$+$,!"$h$/$o$+(B
$B$i$J$$$N$G$9$,!"$H$j$"$($:5$$K$J$C$?E@$r0l$D$@$1!#(B

$B;d$N5!3#$@$H!"(Bipfw show $B$r$9$k$H(B
>00100      14968    9872986 allow ip from any to any via lo0
$B$H$$$&7k2L$,=P$F$-$^$9!#(Blo0 (loopback device) $B$+$iH/?.$5$l$k(B IP $B$r!"30(B
$BIt$KF)2a$G$-$k$h$&$K$9$k@_Dj$G$9$M!#(B

$B$H$3$m$,!"(BGo $B$5$s$N(B ipfw show $B$N7k2L$K$O!"$3$N9T$,$"$j$^$;$s!#$3$l$,$J(B
$B$$$H!"(Blo0 $B$KBP$9$k(B access $B$H$+$,6X;_$5$l$F$7$^$&$h$&$J5$$,$7$^$9!#2>$K(B 
/etc/resolv.conf $B$N(B nameserver $B$N9`$,!"(B127.0.0.1 $B$H$+$K$J$C$F$$$k$H!"(B
$B$3$N(B IP address $B$X$N$NDL?.$,0l@Z=PMh$J$/$J$j$^$9!#(B
#$B$3$N@_Dj$O$?$7$+(B etc/rc.firewall $B$G$O!"(Bdefault $B$N@_Dj$@$C$?$h$&$J5$$,(B
#$B$9$k$N$G$9$,!D(B

> On Sun, 13 Jun 1999 23:03:57 +0900
> Nobuyo Hiratsuka <kether@orangesoft.co.jp> wrote:
> > /etc/rc.firewall $B$r@_Dj$7$?$N$G$7$?$i(B /etc/rc.conf $B$NCf$G(B
> >    firewall_enable="YES"
> >    firewall_type="simple"
> > $B$H$J$C$F$$$k$+3NG'$7$F$_$F$/$@$5$$!#(B
> > # $B%k!<%k$r=q$$$?$N$,(B simple $B$N$H$3$m$G$"$l$P(B....$B$J$N$G$9$,!#(B
> $B!!$3$3$,$*$+$7$+$C$?$h$&$G$9!#(B
> /sbin/ipfw show$B!!!!$r$7$F$_$k$H(B

$B$I$N$h$&$J(B network $B$r9=C[$5$l$h$&$H$7$F$$$k$+$O!"J,$+$i$J$$$N$G$9$,!"(B
$B$H$j$"$($:$I$N$h$&$J(B network (filtering $B$H$+$r4^$a$F(B)$B@0M}$5$l$F$_$k$3(B
$B$H$r$*4+$a$7$^$9!#(B
#simple $B$H$$$&@_Dj$O!"(BIP packet $B$rA4ItF)2a$9$k$H$$$&@_Dj$G$O(B "$B$"$j$^$;(B
#$B$s(B"$B!#$=$N$h$&$J@_Dj$O!"(B"open" $B$H$$$&@_Dj$K$J$j$^$9!#>\$7$/$O(B ipfw $B$N(B
#$B@_Dj$H$+!"(B/etc/rc.firewall $B$H$+$r8f;29M2<$5$$!#(B

$B$G$O$G$O(B
----
$B?"ED(B $B@551(B(ueta@pixy.issp.u-tokyo.ac.jp)

