From owner-FreeBSD-users-jp@jp.FreeBSD.org Mon Dec  9 09:21:48 2002
Received: (from daemon@localhost)
	by castle.jp.FreeBSD.org (8.11.6+3.4W/8.11.3) id gB90Lm732126;
	Mon, 9 Dec 2002 09:21:48 +0900 (JST)
	(envelope-from owner-FreeBSD-users-jp@jp.FreeBSD.org)
Received: from rose.netforest.co.jp (mail.wattmann.co.jp [218.45.24.57])
	by castle.jp.FreeBSD.org (8.11.6+3.4W/8.11.3) with SMTP/inet id gB90Lm232121
	for <FreeBSD-users-jp@jp.FreeBSD.org>; Mon, 9 Dec 2002 09:21:48 +0900 (JST)
	(envelope-from ueda@Raomen.Net)
Received: (qmail 27898 invoked by uid 544); 9 Dec 2002 09:21:47 +0900
Received: from unknown (HELO ?127.0.0.1?) (218.45.16.38)
  by mail.raomen.net with SMTP; 9 Dec 2002 09:21:47 +0900
From: =?ISO-2022-JP?B?GyRCPyJFRE01RzcbKEI=?= <ueda@raomen.net>
To: FreeBSD-users-jp@jp.FreeBSD.org
In-Reply-To: <000d01c29ed0$0a0aeeb0$0501a8c0@drroom>
References: <000d01c29ed0$0a0aeeb0$0501a8c0@drroom>
Message-Id: <20021209091713.BB7F.UEDA@Raomen.Net>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-2022-JP"
Content-Transfer-Encoding: 7bit
X-Mailer: Becky! ver. 2.05.06
Reply-To: FreeBSD-users-jp@jp.FreeBSD.org
Precedence: list
Date: Mon, 09 Dec 2002 09:21:46 +0900
X-Sequence: FreeBSD-users-jp 72506
Subject: [FreeBSD-users-jp 72506] Re: IPFILTER in PPTP
Errors-To: owner-FreeBSD-users-jp@jp.FreeBSD.org
Sender: owner-FreeBSD-users-jp@jp.FreeBSD.org
X-Originator: ueda@Raomen.Net
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+021208

$B?"ED(B@Raomen.Net $B$H?=$7$^$9!#(B


> $B$[$\LdBj$J$/@_Dj$G$-!"%5!<%P!<$b30It$+$i;2>H$G$-$^$7$?$,!"(BPPTP$B$r30$+$iDL$9(B
> $BJ}K!$,J,$+$j$^$;$s!#:#$^$G;H$C$F$$$?;THN$N%k!<%?!<$G$ODL$C$F$$$^$7$?$N$G!"(B
;
> ipf.rules
> # pptp
> pass in quick proto gre from any to any group 100
> pass in quick proto tcp from any to any port = 1723 group 100
;
> ipnat.rules
> rdr tun0 202.***.***.18/32 port 1723 -> 192.168.1.2 port 1723

$B!!$&$A$G$O$3$s$J46$8$G$9!#(B

----- ipf.rules ------
pass in quick proto tcp from any to 192.168.0.10 port = 1723
	flags S keep state group XXX
pass in quick proto gre from any to 192.168.0.10 keep state group XXX
----------------------

----- ipnat.rules ------
bimap dc0 192.168.0.10/32 -> aaa.bbb.ccc.ddd/32
------------------------


$B!!(Bkeep state $B$7$F$7$^$&$N$,3Z$@$m$&$H;W$$$^$9!#$"$H(B NAT $B$K4X$7$F$O(B port
redirection $B$@$1$@$H(B GRE $B$,DL$j$^$;$s$N$G(B bimap $B$,I,MW$@$m$&$H;W$$$^$9!#(B

# (bimap $B$,I,MW(B)$B$H;W$C$F$$$k$N$G$9$,!"$b$70c$C$F$$$?$i$465<x$/$@$5$$(B
# > $B3'MM(B m(__)m$B!#(B

$B!!;29M$K$J$l$P9,$$$G$9!#(B

-- 
$B?"EDM5G7(B <ueda@Raomen.Net>


