From owner-FreeBSD-users-jp@jp.FreeBSD.org Tue Mar  1 12:39:17 2005
Received: (from daemon@localhost)
	by castle.jp.FreeBSD.org (8.11.6p2+3.4W/8.11.3) id j213dHr88072;
	Tue, 1 Mar 2005 12:39:17 +0900 (JST)
	(envelope-from owner-FreeBSD-users-jp@jp.FreeBSD.org)
Received: from ns.dcmp.co.jp (ns.dcmp.co.jp [210.160.212.218])
	by castle.jp.FreeBSD.org (8.11.6p2+3.4W/8.11.3) with SMTP/inet id j213dH888063
	for <FreeBSD-users-jp@jp.FreeBSD.org>; Tue, 1 Mar 2005 12:39:17 +0900 (JST)
	(envelope-from narita@dcmp.co.jp)
Received: (qmail 90446 invoked from network); 1 Mar 2005 03:39:20 -0000
Received: from 009.fukui.dcmp.co.jp (HELO ?192.168.0.159?) (192.168.0.159)
  by ns.dcmp.co.jp with SMTP; 1 Mar 2005 03:39:20 -0000
Mime-Version: 1.0 (Apple Message framework v619.2)
Content-Transfer-Encoding: 7bit
Message-Id: <2d7349228e6c463b79b644c427e513dc@dcmp.co.jp>
Content-Type: text/plain; charset=ISO-2022-JP; format=flowed
To: FreeBSD-users-jp@jp.FreeBSD.org
From: =?ISO-2022-JP?B?GyRCQC5FRCEhN0kbKEI=?= <narita@dcmp.co.jp>
X-Mailer: Apple Mail (2.619.2)
Reply-To: FreeBSD-users-jp@jp.FreeBSD.org
Precedence: list
Date: Tue, 1 Mar 2005 12:39:16 +0900
X-Sequence: FreeBSD-users-jp 83162
Subject: [FreeBSD-users-jp 83162] NAT+ =?ISO-2022-JP?B?GyRCNEowVxsoQg==?=
 DMZ =?ISO-2022-JP?B?GyRCO34kThsoQg==?= IPFW
 =?ISO-2022-JP?B?GyRCQF9EahsoQg==?= 
Sender: owner-FreeBSD-users-jp@jp.FreeBSD.org
X-Originator: narita@dcmp.co.jp
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+041223

$B@.ED!w(BDC&MP$B$G$9!#(B

$B8=:_2<5-$N$h$&$J(BNIC$B#3Kg:9$7$N(BFreeBSD$B%k!<%?!<$r:n@.Cf$J$N$G$9$,!"(BNAT$B$H4J0W(BDMZ$B$r;HMQ$7$?:]$N(B
IPFW$B$N@_Dj$G$A$g$$$H5?LdE@$,!#(B

      FTTH (pcn1)
        |
+------+--------+        $B4J0W(BDMZ
|FreeBSD$B%k!<%?!<(B +---- $B8x3+%5!<%P!<72(B (pcn0)
+------+--------+      $B%0%m!<%P%k(BIP
        | NAT(tun0)
       LAN (vr0)

/etc/firewall.nat $B%U%!%$%k$K$F2<5-$N$h$&$J@_Dj$K$7$?>l9g(B

# Drop Windows Services
$fwcmd add deny log tcp from any to any 137-139,445 via pcn1
$fwcmd add deny log tcp from any to any 137-139,445 via tun0
# For NAT
$fwcmd add divert natd all from any to any via tun0

$B!V(B ipfw -a l $B!W$G3NG'$7$?$H$3$m(Btun0$B$K$7$+%U%#%k%?%j%s%0$,3]$+$i$J$$$h$&$G$9(B

00600      0         0 deny log logamount 100 tcp from any to any 
137-139,445 via pcn1
01000     74      3544 deny log logamount 100 tcp from any to any 
137-139,445 via tun0
03200 151137  81742567 divert 8668 ip from any to any via tun0

$B$H$$$&$3$H$O(BNAT$B$r$+$1$F$$$k>l9g!"30It$+$iF~$C$F$/$k%Q%1%C%H$O30It(BNIC$B$rDL$C$F$$$k$HG'<1$5$l$:!"(B
$BA4$F%H%s%M%k%G%P%$%9$rDL$C$F$/$k$H8@$&;v$G$7$g$&$+!)(B
$B$=$&$J$k$H!"(BIPFW$B$NB>$N@_Dj$bA4$F(B tun0 $B$KBP$7$F@_Dj$r$9$kI,MW$H$J$j$^$9$h$M!#(B

$B%Q%1%C%H$NN.$l$O(B pcn1 $B"*(B pcn0 $B$^$?$O(B pcn1 $B"*(B tun0 $B"*(B pcn0 $B$X$HDL$k$H;W$C$F$$$?$N$G$9$,!"G'<1(B
$BITB-$J$N$G$7$g$&$+!#(B

$B$G$-$l$P!"(Bpcn1$B$KBP$7$F%U%#%k%?%j%s%0=hM}$r$+$1$?$$$N$G$9$,!"$$$m$$$mC5$7$F$_$F$b!"DL>o$N(B nat $BNc(B
$B$7$+8+$D$+$i$J$$$h$&$J$N$G!"$4B8$8$NJ}$,$$$i$C$7$c$$$^$7$?$i$465<x$r$P!#(B

                                                   . .
------------------------------------------------w--U--w----------

$B@.ED!w(BDC&MP  ( narita@dcmp.co.jp )

