From owner-FreeBSD-users-jp@jp.FreeBSD.org Tue Oct  1 22:53:09 2002
Received: (from daemon@localhost)
	by castle.jp.FreeBSD.org (8.11.6+3.4W/8.11.3) id g91Dr9b88473;
	Tue, 1 Oct 2002 22:53:09 +0900 (JST)
	(envelope-from owner-FreeBSD-users-jp@jp.FreeBSD.org)
Received: from tauri.sgc.iri.co.jp (tauri.sgc.iri.co.jp [210.231.220.242])
	by castle.jp.FreeBSD.org (8.11.6+3.4W/8.11.3) with ESMTP/inet id g91Dr8388466
	for <FreeBSD-users-jp@jp.FreeBSD.org>; Tue, 1 Oct 2002 22:53:08 +0900 (JST)
	(envelope-from hirai@mbc.nifty.com)
Received: from [127.0.0.1] (dhcp246.sgc.iri.co.jp [210.231.220.246])
	(authenticated bits=0)
	by tauri.sgc.iri.co.jp (8.12.6/8.12.6) with ESMTP id g91Dr3Hm006835
	for <FreeBSD-users-jp@jp.FreeBSD.org>; Tue, 1 Oct 2002 22:53:07 +0900 (JST)
From: Atsuo Hirai <athirai@mtb.biglobe.ne.jp>
To: FreeBSD-users-jp@jp.FreeBSD.org
In-Reply-To: <200210011053.g91ArTW90216@mail.euc.jp>
References: <200210011053.g91ArTW90216@mail.euc.jp>
X-Mailer-Plugin: Plugin List for Becky!2 Ver.0.01 Rev.4, MultiRes Helper for Becky!2 Ver.0.03 Rev.8
Message-Id: <20021001221814.CE06.ATHIRAI@mtb.biglobe.ne.jp>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-2022-JP"
Content-Transfer-Encoding: 7bit
X-Mailer: Becky! ver. 2.05.06
Reply-To: FreeBSD-users-jp@jp.FreeBSD.org
Precedence: list
Date: Tue, 01 Oct 2002 22:53:44 +0900
X-Sequence: FreeBSD-users-jp 71103
Subject: [FreeBSD-users-jp 71103] Re: PPPoE multiple sessions with FreeBSD
Errors-To: owner-FreeBSD-users-jp@jp.FreeBSD.org
Sender: owner-FreeBSD-users-jp@jp.FreeBSD.org
X-Originator: athirai@mtb.biglobe.ne.jp
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+020902

$BJ?0f$G$9!#(B

On Tue, 1 Oct 2002 19:53:29 +0900
yuki@euc.jp (ITO, Takayuki) wrote:

> $B$=$3$G!"<jA0L#A9$G$O$"$j$^$9$,!"(BFreeBSD$B$G(BPPPoE$B$rJ#?t%;%C%7%g%s@\B3$9$kNc$r(B
> $B>R2p$9$k(Bweb$B%Z!<%8$r8x3+$7$^$7$?!#(B
> http://euc.jp/network/pppoe.ja.html
> $B$H$/$K!"%U%l%C%D%9%/%&%'%"$X$N@\B3$r$*9M$($NJ}$O$<$R$4Mw$/$@$5$$!#(B

$B;d$b@hF|$+$i%^%k%A%;%C%7%g%s$G%U%l%C%D!&%9%/%&%'%"$X$N@\B3$r;n$7$F$$$^$7(B
$B$?!#(B($B@hF|$+$i!"$H$$$&$N$O!"(B11$B7n$^$G$O$?$^$?$^8=:_%Y!<%7%C%/$@$+$i$J$N$G(B
$B$9$,(B^^;$B!#(B11$B7n$+$i$O%K%e!<%U%!%_%j!<$NM=Dj!D!#(B)

$B;d$OEv=i(BISP$B$H$N@\B3$K(Bppp+natd$B$rMxMQ$7$F$$$?$N$G!"F1MM$K$d$m$&$H$7$?$N$G(B
$B$9$,!"(Bnatd$B$r(Btun0$B$H(Btun1$B$H(B2$B$DF0:n$5$;$F!"E,@Z$JJ}$K(Bdivert$B$9$k$d$jJ}$,H=$i(B
$B$J$+$C$?$N$G(B($B2DG=$J$s$G$7$g$&$+(B?)$B!"(Btun0(ISP)$B$O=>MhDL$j(Bnatd$B$G!"(Btun1($B%U%l%C(B
$B%D!&%9%/%&%'%"(B)$B$O(Bppp
-nat$B$r;H$&$h$&$K$7$^$7$?!#(B

$BN>J}(B ppp -nat$B$K$7$F$7$^$C$?J}$,!"(Bipfw$B$,%7%s%W%k$K$J$C$F$$$$$+$b$7$l$J$$(B
$B$G$9$M!#(B

> $B$40U8+$b$*BT$A$7$F$*$j$^$9!#(B

$B$5$C$=$/GR8+$5$;$F$$$?$@$-$^$7$?!#(B
$B$G!"$A$g$C$H5$$,IU$$$?$N$O%U%#%k%?$NDj5A$G$9$,!"(B

ipfw add xxxxx allow ip from any to 172.26.35.128/25 out xmit tun1
ipfw add yyyyy allow ip from 172.26.35.128/25 to any in  recv tun1

$B$H$5$l$F$$$k$=$&$G$9$,!"$3$l$@$1$@$H%U%l%C%D!&%9%/%&%'%"B&$+$i$b@\B3$G$-(B
$B$F$7$^$$$^$9$h$M!#Nc$($P!"F1MM$K%U%l%C%D!&%9%/%&%'%"$K@\B3$7$F$$$k%f!<%6(B
$B$H$+!#(B

$B$;$a$F!"(Byyyyy$B$N9T$N:G8e$K!V(Bestablished$B!W$r$D$1$?J}$,NI$$5$$,$7$^$9!#(B
$B$"$k$$$O!"(Byyyy$B$N9T$NA0$K(B

ipfw deny ip from 172.26.35.128/25 to any in recv tun1 setup

$B$r=q$/$H$+!#(B

$B$A$J$_$K!";d$O(Btun1$B$K4X$7$F$O$3$s$J46$8$K$7$F$$$^$9!#(B
$B!VG0$N$?$a!WE*$J%U%#%k%?$b$"$j$^$9$1$I!#(B
(in via/out via$B$h$j$b!"(Bout xmit/in recv $B$NJ}$,E,@Z$J$N$+$J!D(B? via $B$r;H$&(B
$B$H>o;~%A%'%C%/$K$J$k$+$i%U%#%k%?%j%s%0$K$+$+$k%3%9%H$,0c$C$F$/$k(B???)

# deny NetBIOS
ipfw add deny udp from any 137-139,445 to any via tun1
ipfw add deny tcp from any 137-139,445 to any via tun1
ipfw add deny udp from any to any 137-139,445 via tun1
ipfw add deny tcp from any to any 137-139,445 via tun1

# deny snmp/snmp-trap
ipfw add deny tcp from any to any 161-162 via tun1

# deny own global-address for tun0 from tun1
ipfw add deny all from 219.111.8.134 to any in via tun1

# deny faked-packet
ipfw add deny all from me to any in via tun1

# allows for Flet's Square
ipfw add allow icmp from any to any via tun1
ipfw add allow tcp from any to 172.26.0.0/16 out via tun1
ipfw add allow tcp from 172.26.0.0/16 to any in via tun1 established
ipfw add allow udp from any to any 53 via tun1
ipfw add allow udp from any 53 to any via tun1

# deny private and multicast from outside
ipfw add deny all from any to 10.0.0.0/8 via tun1
ipfw add deny all from any to 172.16.0.0/12 via tun1
ipfw add deny all from any to 192.168.0.0/16 via tun1
ipfw add deny all from any to 0.0.0.0/8 via tun1
ipfw add deny all from any to 169.254.0.0/16 via tun1
ipfw add deny all from any to 192.0.2.0/24 via tun1
ipfw add deny all from any to 224.0.0.0/4 via tun1
ipfw add deny all from any to 240.0.0.0/4 via tun1

# deny private and multicast to outside
ipfw add deny all from 10.0.0.0/8 to any via tun1
ipfw add deny all from 172.16.0.0/12 to any via tun1
ipfw add deny all from 192.168.0.0/16 to any via tun1
ipfw add deny all from 0.0.0.0/8 to any via tun1
ipfw add deny all from 169.254.0.0/16 to any via tun1
ipfw add deny all from 192.0.2.0/24 to any via tun1
ipfw add deny all from 224.0.0.0/4 to any via tun1
ipfw add deny all from 240.0.0.0/4 to any via tun1

$B$A$J$_$K!"(Bwww.flets$BEy$K$O(BFreeBSD$B$J$I$N(BUDP-base$B$N(Btraceroute$B$ODL$i$J$$$h$&(B
$B$G$9$,!"(BWindows$B$N(BICMP-base$B$N(Btracert$B$ODL$k$h$&$G$9!#(B
--
$BJ?0f(B $B=_IW(B (Atsuo Hirai)
mailto:athirai@mtb.biglobe.ne.jp
http://member.nifty.ne.jp/hirai/


