From owner-FreeBSD-users-jp@jp.freebsd.org  Fri Sep 24 08:14:42 1999
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id IAA20374;
	Fri, 24 Sep 1999 08:14:42 +0900 (JST)
	(envelope-from owner-FreeBSD-users-jp@jp.FreeBSD.org)
Received: from mb.i-chubu.ne.jp (blue.i-chubu.ne.jp [210.148.202.68])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with ESMTP id IAA20369
	for <FreeBSD-users-jp@jp.freebsd.org>; Fri, 24 Sep 1999 08:14:42 +0900 (JST)
	(envelope-from ito@mb.i-chubu.ne.jp)
Received: from mb.i-chubu.ne.jp (tyt1008.i-chubu.ne.jp [210.238.113.118])
	by mb.i-chubu.ne.jp (8.9.1a/3.7W) with ESMTP id IAA08428;
	Fri, 24 Sep 1999 08:14:38 +0900 (JST)
Message-ID: <37EAB44D.F55B6388@mb.i-chubu.ne.jp>
Date: Fri, 24 Sep 1999 08:14:21 +0900
From: "Y.ito" <ito@mb.i-chubu.ne.jp>
X-Mailer: Mozilla 4.6 [ja] (Win95; I)
X-Accept-Language: ja,en
MIME-Version: 1.0
To: FreeBSD-users-jp@jp.freebsd.org
Content-Type: text/plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Reply-To: FreeBSD-users-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+990727
X-Sequence: FreeBSD-users-jp 45936
Subject: [FreeBSD-users-jp 45936] FreeBSD3.1
 =?ISO-2022-JP?B?GyRCJEckThsoQg==?= NAT
 =?ISO-2022-JP?B?GyRCQF9EahsoQg==?= 
Errors-To: owner-FreeBSD-users-jp@jp.freebsd.org
Sender: owner-FreeBSD-users-jp@jp.freebsd.org
X-Originator: ito@mb.i-chubu.ne.jp


FreeBSD3.1$B$G(BIP Filter$B$r;HMQ$7$F%"%I%l%9JQ49$r$7$h$&$H$7$F$$$k$N$G$9$,(B
$B$&$^$/$$$+$:BgJQ:$$C$F$*$j$^$9!#%"%I%P%$%9$r$*4j$$$7$^$9!#(B


$B"##N!?#W9=@.(B

$BFbIt#N!?#W(B                          NAT                     $B30It#N!?#W(B
(A.A.A.0/24)                                               (B.B.B.0/24)
                         +-------FreeBSD3.1--------+
                         |   ep0           ep1     |
Server1   ---------HUB--- (A.A.A.3) ===== (B.B.B.2) ----HUB----Client
(A.A.A.1)           |    |                    |    |        (B.B.B.1)
                    |    |                 Server1'|
Server2   ----------+    |                (B.B.B.3)|
(A.A.A.2)                |                    |    |
                         |                 Server2'|
                         |                (B.B.B.4)|
                         +-------------------------+

$B"#<B8=$7$?$$$3$H(B

$B!&(BClient(B.B.B.1)$B$,(BServer1'(B.B.B.3)$B$K@\B3$7$K9T$/$H(BNAT$B$,08$F@h(B
  $B%"%I%l%9$rJQ49$7$F(BServer1(A.A.A.1)$B$X%Q%1%C%H$rE>Aw$7$F$[$7$$(B

$B!&(BClient(B.B.B.1)$B$,(BServer2'(B.B.B.4)$B$K@\B3$7$K9T$/$H(BNAT$B$,08$F@h(B
  $B%"%I%l%9$rJQ49$7$F(BServer2(A.A.A.2)$B$X%Q%1%C%H$rE>Aw$7$F$[$7$$(B

$B!&(BServer1$B$+$i$O(BClient(B.B.B.1)$B$,(B(A.A.A.1)$B$K@\B3$7$F$-$?$h$&$K8+$;$?$$(B

$B!&(BServer2$B$+$i$O(BClient(B.B.B.1)$B$,(B(A.A.A.2)$B$K@\B3$7$F$-$?$h$&$K8+$;$?$$(B

$B!&(BServer1,Server2$B$+$i(BClient$B$X$N1~Ez%Q%1%C%H$r%H(BNAT$B$,H/?.85%"%I%l%9$r(B
  B.B.B.3$B!"(B,B.B.B.4$B$KJQ49$7$F(BClient$B$KE>Aw$7$FM_$7$$(B

$B!&(BB.B.B.1$B$OJL#N!?#W$N(BC.C.C.C$B$H$$$&$3$H$b$"$k(B

$B"#8=>](B

Client$B$+$i(B  Server1'$B!"(BServer2' $B$KBP$7$F@\B3$7$h$&$H$9$k$H1~Ez$,$J$$(B

Server1'$B$X$N@\B3$r(Btcpdump$B$r8+$k$H!"(BNAT$B$N%^%7%s$K$O%Q%1%C%H$r(B
$BAw$C$F$$$k$N$G$9$,(B icmp$B$GAw?.@h$,(B B.B.B.3 $B$X(B redirect$B$5$l!"(B
$B$3$l$r7+$jJV$7$F$$$^$9!#(B

B.B.B.1.1033 >B.B.B.3.telnet: S 79113310:79113310(0) win 16384 <mss
1460,nop,wscale 0,nop,nop,timestamp[|tcp]> (DF) [tos 0x10]
B.B.B.3 > B.B.B.1: icmp: redirect B.B.B.3 to host B.B.B.3 (DF)

ipnat$B$r(Bstop$B$7$F$b8=>]$OJQ$o$j$^$;$s$G$7$?!#(B

$B"#@_Dj$7$?$3$H(B

$B!&(BNAT$B$N@_Dj(B

rdr$B$H$$$&$N$,$h$/$o$+$C$F$$$^$;$s!#(B

#interface must be outside of firewall when packets outgo to outside of
firewall
map ep1 A.A.A.1/32 -> B.B.B.3/32 
map ep1 A.A.A.1/32 -> B.B.B.3/32 portmap tcp/udp 1024:60000
map ep1 A.A.A.2/32 -> B.B.B.4/32 
map ep1 A.A.A.2/32 -> B.B.B.4/32 portmap tcp/udp 1024:60000
#Port number 0 matches any number
rdr ep0 B.B.B.3/32 port 0 -> A.A.A.1 port 0
rdr ep0 B.B.B.4/32 port 0 -> A.A.A.2 port 0


$B!&(BClient$B$+$i(BServer1'$B$H(B Server2'$B$X$N%Q%1%C%H$r(BNAT$B%^%7%s$KAw$k$?$a$K!"(B
  NAT$B%^%7%s$G(Barp$B%F!<%V%k$r@_Dj(B

arp -s B.B.B.3 ep1$B$N(BMAC$B%"%I%l%9(B pub 
arp -s B.B.B.4 ep1$B$N(BMAC$B%"%I%l%9(B pub

$B!&860x@Z$jJ,$1$N$?$a(Bipf$B$r(Bstop

$B!&(BServer1$B$H(BServer2$B$G(BB.B.B.0/24$B$X$N(Bstatic route$B$r(B NAT(A.A.A.3)$B$K@_Dj(B

 $B$b$7$+$7$F(Bep1$B$K(BB.B.B.3$B$H(BB.B.B.4$B$N%"%I%l%9$r$U$C$F$d$i$J$$$H(B
 $B$$$1$J$$$N$G$7$g$&$+!)(B

$B"#3NG'$7$?$3$H(B

$B!&(BClient$B$+$i(B Server1(A.A.A.1)$B$X$N(Btelnet$B$,2DG=(B
$B!&(BClient$B$+$i(B NAT(B.B.B.2)$B$X$N(Btelnet$B$,2DG=(B
$B!&(BNAT$B%^%7%s$N(B IP fowarding$B$O(B1(ON)
$B!&(Bipnat$B$N(Brestart$B;~$N%a%C%;!<%8$r8+$k$H%F!<%V%k$OFI$_9~$s$G$$$k$_$?$$(B
$B!&(Bep0$B$G(Btcpdump$B$r8+$F$b2?$b$J$7(B

Client$B$+$i(BServer1(A.A.A.1)$B$X$N@\B3$O$G$-$k$N$GJ*M}E*$J@_Dj$O(B
$BLdBj$J$$$h$&$K;W$$$^$9!#(BNAT$B$r(Bstop$B$7$F$b8=>]$,JQ$o$i$J$$$N$G(B
$B$d$O$j(BNAT$B$N@_Dj$,$G$-$F$$$J$$$h$&$J46$8$G$9!#(B
$BIaDL$N(BNAT$B$N;H$$J}$OFbIt$+$i30It$K=P$F9T$/$H$-$NH/?.85%"%I%l%9$r(B
$BJQ49$9$k46$8$G$9$,!":#2s$O30It$+$i$N%"%/%;%9$H$$$&$3$H$G#W#W#W$H$+(B
$B$G?'!98!:w$7$?$N$G$9$,>pJs$rC5$7=P$;$^$;$s$G$7$?!#(B

$B$h$m$7$/$*4j$$$7$^$9!#(B

-- 
$B$$$H$&(B
ito@mb.i-chubu.ne.jp

