From owner-FreeBSD-users-jp@jp.FreeBSD.org Thu Sep 19 22:00:49 2002
Received: (from daemon@localhost)
	by castle.jp.FreeBSD.org (8.11.6+3.4W/8.11.3) id g8JD0nu42537;
	Thu, 19 Sep 2002 22:00:49 +0900 (JST)
	(envelope-from owner-FreeBSD-users-jp@jp.FreeBSD.org)
Received: from phoenix.shige.dip.jp (k083027.ap.plala.or.jp [218.44.83.27])
	by castle.jp.FreeBSD.org (8.11.6+3.4W/8.11.3) with ESMTP/inet id g8JD0l342532
	for <FreeBSD-users-jp@jp.FreeBSD.org>; Thu, 19 Sep 2002 22:00:48 +0900 (JST)
	(envelope-from ex_shige@shige.dip.jp)
Received: from empress (empress.shige.dip.jp [192.168.2.4])
	by phoenix.shige.dip.jp (Postfix) with ESMTP id 3F8795B4
	for <FreeBSD-users-jp@jp.FreeBSD.org>; Thu, 19 Sep 2002 22:00:49 +0900 (JST)
To: FreeBSD-users-jp@jp.FreeBSD.org
From: MUKAI Shigeru <ex_shige@shige.dip.jp>
References: <200209191700.IAD53103.JIHFFYT_@shige.dip.jp>
	<20020919183328.5479.UEDA@Raomen.Net>
In-Reply-To: <20020919183328.5479.UEDA@Raomen.Net>
Message-Id: <200209192200.BJF82520.HTFI_YFJ@shige.dip.jp>
X-Mailer: Winbiff [Version 2.34PL1]
X-Accept-Language: ja,en
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-2022-jp
Reply-To: FreeBSD-users-jp@jp.FreeBSD.org
Precedence: list
Date: Thu, 19 Sep 2002 22:00:48 +0900
X-Sequence: FreeBSD-users-jp 70880
Subject: [FreeBSD-users-jp 70880] Re: ipnat
	=?ISO-2022-JP?B?GyRCJV0hPCVIJWolQCUkJWwlLyVIO1hEajt+GyhCIA==?=
 =?ISO-2022-JP?B?GyRCQFwbKEI=?=
	=?ISO-2022-JP?B?GyRCQjMlSCVpJVYlaxsoQg==?= 
Errors-To: owner-FreeBSD-users-jp@jp.FreeBSD.org
Sender: owner-FreeBSD-users-jp@jp.FreeBSD.org
X-Originator: ex_shige@shige.dip.jp
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+020902

<20020919183328.5479.UEDA@Raomen.Net> $B$N!"(B
   "[FreeBSD-users-jp 70875] Re: ipnat$B%]!<%H%j%@%$%l%/%H;XDj;~(B $B@\B3%H%i%V%k(B" $B$K$*$$$F!"(B
   "$B?"EDM5G7(B <ueda@raomen.net>"$B$5$s$O=q$-$^$7$?!'(B

> $B?"ED(B@Raomen.Net $B$H?=$7$^$9!#(B
> $B$3$l$O!"(B
> 
> > rdr tun0 0.0.0.0/0 port 47624 -> 192.168.2.4 port 47624 tcp
> > rdr tun0 0.0.0.0/0 port 2300- 2400 -> 192.168.2.4 port 2300 tcp/udp
> 
> $B$3$NFs$D$N%k!<%k$NOC$7$G$9$h$M!)!!$3$l$H(B
> 
> > map tun0 192.168.0.0/16 -> 0.0.0.0/32 portmap auto
> 
> $B$,$V$D$+$C$F$7$^$&!"$H$$$&$3$H$G$7$g$&$+!)(B
> 
> # $B$<$s$<$s0c$C$?$i$4$a$s$J$5$$!#(B


$BH=$j$K$/$/$F$9$_$^$;$s!#?^$rF~$l$F$b$&>/$7:Y$+$/=q$$$F$_$^$9!#(B

                  +------------+
  Internet ------ | ADSL modem |
(210.173.173.19)  +------------+
                         |
                  (218.44.83.27)
                    +---------+
                    | FreeBSD |
                    +---------+
                   (192.168.2.2)
                         |
                       [LAN]
                         |
                   (192.168.2.4)
                    +---------+
                    | Windows |
                    +---------+

$B>e5-9=@.$G(BFreeBSD-4.6R$B$G(BWindows$B%^%7%s$N$?$a$K(Bipnat$B$rF0$+$7$F$*$j!"(B
$B%^%k%A%W%l!<%d!<%2!<%`$N$?$a$K(BTCP 47624$B$H(BTCP/UDP 2300$B$+$i(B2400$B$r(B
Windows$B%^%7%s$X%j%@%$%l%/%H$7$F$$$^$9!#(B

FreeBSD$B$G!"$?$H$($P(BWeb$B%V%i%&%6$J$I$G(BInternet$BB&$NAj<j$H$N%3%M%/%7%g%s(B
$BKh$K%]!<%H(B1025$B0J9_$N3+$$$F$$$k%]!<%H$r=gHV$K;H$C$F$$$C$F$$$^$9!#(B
1025$B$+$i=gHV$K;H$C$F$$$C$F!"(B2299$B$^$G$OEvA3LdBj$J$/DL?.$G$-$k$N$G$9$,(B
$B%j%@%$%l%/%H$7$F$$$k(B2300$B$r;H$&HV$K$J$k$H$3$A$i$+$i$N(BSYN$B$KBP$9$k(B
ACK,SYN$B$,%j%@%$%l%/%H;XDj$K$h$C$F(BWindows$B%^%7%s$N$[$&$K%j%@%$%l%/%H(B
$B$5$l$F$7$^$$!"(BFreeBSD$BB&$G<u$1<h$l$J$/$J$C$F$7$^$&$?$a$K@\B3$G$-$J(B
$B$/$J$C$F$7$^$$$^$9!#(B

Web$B%5!<%P(B($B%]!<%H(B80)     FreeBSD($B%]!<%H(B2300)      Windows
(210.173.173.19)        (218.44.83.27)        (192.168.2.4)
       $B!C(B                      |                    |
 (1)   $B!C(B <---   SYN  ------   |                    |
 (2)   $B!C(B ---  ACK,SYN  --->   |                    |
 (3)   $B!C(B              ($B%]!<%H%j%@%$%l%/%H(B)         |
       $B!C(B                      |  --- ACK,SYN --->  |
       $B!C(B                      |                    |

(1) FreeBSD$B$,%]!<%H(B2300$B$r;H$C$F(BSYN$B$r(BWeb$B%5!<%P$N%]!<%H(B80$B$KAw?.(B
(2) Web$B%5!<%P$,%]!<%H(B80$B$r;H$C$F(BACK,SYN$B$r(BFreeBSD$B$N%]!<%H(B2300$B$KAw?.(B
(3) ipnat$B$,%j%@%$%l%/%H;XDj$5$l$F$$$k%]!<%H(B2300$B$KCe?.$7$?(BACK,SYN$B$r(B
    FreeBSD$BB&$G%]!<%H(B2300$B$r;H$C$FBT$A<u$1$F$$$k(BWeb$B%V%i%&%6$KEO$5$:$K(B
    Windows$B$KAw?.(B

$B$3$N>uBV$G(BFreeBSD$BB&$N(BWeb$B%V%i%&%6$O%5!<%PB&$+$i$-$?(BACK,SYN$B$,<u$1(B
$B<h$l$J$$$?$a!"%3%M%/%7%g%s$,3NN)$G$-$J$$$^$^$K$J$C$F$7$^$$$^$9!#(B

$B2sHrJ}K!$,$o$+$kJ}$*$i$l$^$7$?$i8f65<x$*4j$$$7$^$9!#(B



/etc/ipnat.rules
----
map tun0 192.168.0.0/16 -> 0.0.0.0/32 proxy port ftp ftp/tcp
map tun0 192.168.0.0/16 -> 0.0.0.0/32 portmap auto
map tun0 192.168.0.0/16 -> 0.0.0.0/32
rdr tun0 0.0.0.0/0 port 47624 -> 192.168.2.4 port 47624 tcp
rdr tun0 0.0.0.0/0 port 2300- 2400 -> 192.168.2.4 port 2300 tcp/udp
----

$B<B9T;~$N%m%0(B ($B%]!<%H$O(B2391$B$K$J$C$F$$$k$,K\<A$OF1$8(B)
----
# telnet 210.173.173.19 http
Trying 210.173.173.19...
^C
# netstat -n
Active Internet connections
Proto Recv-Q Send-Q  Local Address          Foreign Address        (state)
tcp4       0      0  218.44.83.27.2391      210.173.173.19.80      SYN_SENT
 ($BN,(B)

# ipnat -l
List of active MAP/Redirect filters:
map tun0 192.168.0.0/16 -> 0.0.0.0/32 proxy port ftp ftp/tcp
map tun0 192.168.0.0/16 -> 0.0.0.0/32 portmap auto
map tun0 192.168.0.0/16 -> 0.0.0.0/32
rdr tun0 0.0.0.0/0 port 47624 -> 192.168.2.4 port 47624 tcp
rdr tun0 0.0.0.0/0 port 2300- 2400 -> 192.168.2.4 port 2300 tcp/udp

List of active sessions:
RDR 192.168.2.4     2391  <- -> 218.44.83.27    2391  [210.173.173.19 80]
# 
----



P.S.

> $B!!$G$"$l$P!"(Bportmap $B$r(B auto $B$G$O$J$/$FL@<(E*$K;XDj$9$l$P$h$$$N$G$O$J$$$G(B
> $B$7$g$&$+!#(Bport redirect $B$G;HMQ$7$F$$$k(B port $B$,HO0OFb$KF~$i$J$$$h$&$K!"(B
> 
> 	map tun0 192.168.0.0/16 -> 0.0.0.0/32 portmap 50000:60000
> 
> $B$H$+$G$O$$$+$,$G$7$g$&$+!#(B

portmap$B$H(Brdr$B$N%]!<%H$,$+$V$C$F$$$F$b!"(Bipnat$B$O%"%I%l%9%]!<%HJQ49$N:]$K(B
$BAj<j$N%"%I%l%9%]!<%H$rGD0.$7$F$$$k$N$G!"$=$NAj<j$+$i$N%Q%1%C%H$O%j%@(B
$B%$%l%/%H$7$J$$$G$A$c$s$H(BLAN$BFb$N%^%7%s$KEj$2$F$/$l$^$9!#$@$+$i$+$V$C$F(B
$B$$$F$bLdBj$J$$$G$9!#(B

--
MUKAI Shigeru
shige@shige.dip.jp
ex_shige@shige.dip.jp (ML$B@lMQ(B)
