From owner-FreeBSD-users-jp@jp.FreeBSD.org Tue Mar  1 17:53:04 2005
Received: (from daemon@localhost)
	by castle.jp.FreeBSD.org (8.11.6p2+3.4W/8.11.3) id j218r4Y19323;
	Tue, 1 Mar 2005 17:53:04 +0900 (JST)
	(envelope-from owner-FreeBSD-users-jp@jp.FreeBSD.org)
Received: from polymer3.scphys.kyoto-u.ac.jp (polymer3.scphys.kyoto-u.ac.jp [130.54.56.153])
	by castle.jp.FreeBSD.org (8.11.6p2+3.4W/8.11.3) with ESMTP/inet id j218r3819318
	for <FreeBSD-users-jp@jp.FreeBSD.org>; Tue, 1 Mar 2005 17:53:03 +0900 (JST)
	(envelope-from turutani@scphys.kyoto-u.ac.jp)
Received: from polymer5.scphys.kyoto-u.ac.jp (polymer5.prv.scphys.kyoto-u.ac.jp [192.168.16.5])
	by polymer3.scphys.kyoto-u.ac.jp (8.13.1/8.13.1/20030426-1) with SMTP id j218qv6O088809;
	Tue, 1 Mar 2005 17:52:58 +0900 (JST)
	(envelope-from turutani@scphys.kyoto-u.ac.jp)
Message-Id: <200503010852.AA00293@polymer5.scphys.kyoto-u.ac.jp>
From: Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp>
To: FreeBSD-users-jp@jp.FreeBSD.org
In-Reply-To: <2d7349228e6c463b79b644c427e513dc@dcmp.co.jp>
References: <2d7349228e6c463b79b644c427e513dc@dcmp.co.jp>
MIME-Version: 1.0
X-Mailer: AL-Mail32 Version 1.13
Content-Type: text/plain; charset=iso-2022-jp
Reply-To: FreeBSD-users-jp@jp.FreeBSD.org
Precedence: list
Date: Tue, 01 Mar 2005 17:52:53 +0900
X-Sequence: FreeBSD-users-jp 83165
Subject: [FreeBSD-users-jp 83165] Re: NAT+ =?ISO-2022-JP?B?GyRCNEobKEI=?=
 =?ISO-2022-JP?B?GyRCMFcbKEI=?= DMZ
 =?ISO-2022-JP?B?GyRCO34kThsoQg==?= IPFW
 =?ISO-2022-JP?B?GyRCQF9EahsoQg==?= 
Sender: owner-FreeBSD-users-jp@jp.FreeBSD.org
X-Originator: turutani@scphys.kyoto-u.ac.jp
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+041223

$B$3$s$K$A$O!"DaC+$G$9!#(B

$B@.ED!!7I(B <narita@dcmp.co.jp> $B$5$s(B>

> $B8=:_2<5-$N$h$&$J(BNIC$B#3Kg:9$7$N(BFreeBSD$B%k!<%?!<$r:n@.Cf$J$N$G$9$,!"(BNAT$B$H4J0W(BDMZ$B$r;HMQ$7$?:]$N(B
> IPFW$B$N@_Dj$G$A$g$$$H5?LdE@$,!#(B
> 
>       FTTH (pcn1)
>         |
> +------+--------+        $B4J0W(BDMZ
> |FreeBSD$B%k!<%?!<(B +---- $B8x3+%5!<%P!<72(B (pcn0)
> +------+--------+      $B%0%m!<%P%k(BIP
>         | NAT(tun0)
>        LAN (vr0)
> 
> /etc/firewall.nat $B%U%!%$%k$K$F2<5-$N$h$&$J@_Dj$K$7$?>l9g(B
> 
> # Drop Windows Services
> $fwcmd add deny log tcp from any to any 137-139,445 via pcn1
> $fwcmd add deny log tcp from any to any 137-139,445 via tun0
> # For NAT
> $fwcmd add divert natd all from any to any via tun0
> 
> $B!V(B ipfw -a l $B!W$G3NG'$7$?$H$3$m(Btun0$B$K$7$+%U%#%k%?%j%s%0$,3]$+$i$J$$$h$&$G$9(B
> 
> 00600      0         0 deny log logamount 100 tcp from any to any 
> 137-139,445 via pcn1
> 01000     74      3544 deny log logamount 100 tcp from any to any 
> 137-139,445 via tun0
> 03200 151137  81742567 divert 8668 ip from any to any via tun0
> 
> $B$H$$$&$3$H$O(BNAT$B$r$+$1$F$$$k>l9g!"30It$+$iF~$C$F$/$k%Q%1%C%H$O30It(BNIC$B$rDL$C$F$$$k$HG'<1$5$l(B
$B$:!"(B
> $BA4$F%H%s%M%k%G%P%$%9$rDL$C$F$/$k$H8@$&;v$G$7$g$&$+!)(B
> $B$=$&$J$k$H!"(BIPFW$B$NB>$N@_Dj$bA4$F(B tun0 $B$KBP$7$F@_Dj$r$9$kI,MW$H$J$j$^$9$h$M!#(B
> 
> $B%Q%1%C%H$NN.$l$O(B pcn1 $B"*(B pcn0 $B$^$?$O(B pcn1 $B"*(B tun0 $B"*(B pcn0 $B$X$HDL$k$H;W$C$F$$$?$N$G$9$,!"G'(B
$B<1(B
> $BITB-$J$N$G$7$g$&$+!#(B
> 
> $B$G$-$l$P!"(Bpcn1$B$KBP$7$F%U%#%k%?%j%s%0=hM}$r$+$1$?$$$N$G$9$,!"$$$m$$$mC5$7$F$_$F$b!"DL>o$N(B 
nat $BNc(B
> $B$7$+8+$D$+$i$J$$$h$&$J$N$G!"$4B8$8$NJ}$,$$$i$C$7$c$$$^$7$?$i$465<x$r$P!#(B

FTTH$B$G$I$N$h$&$K@\B3$7$F$$$k$N$+$h$/CN$i$J$$$N$G$9$,!"(Bpcn1$B$K$O%0%m!<%P%k$J(B
IP address$B$,?6$i$l$F$$$F!"2?$+$G%i%C%T%s%0$5$l$F$$$k$3$H$O$J$$$N$G$9$h$M!)(B

$B$b$7$+$7$F!"K\Ev$K$=$s$J%Q%1%C%H$O(BFTTH$BB&$+$iFO$$$F$$$J$$$@$1!"$H$$$&$3$H$O(B
$B$J$$$N$G$7$g$&$+!)(BLAN$B$+$i$NJ,$@$1$,(B1000$B9TL\$G$R$C$+$+$C$F$$$k$H$+!#(B

$B$H$3$m$G!">e$NNc$G$O!"DL>o$N(Bnat$B$H$I$&0c$&$N$G$7$g$&$+(B...
natd$B$N5/F0%*%W%7%g%s$J$I$O$I$&$J$N$G$7$g$&!)(B tun0$B$C$F!"$3$s$J$H$3$m$G;H$&$s$G$7$?$C$1!)(B
# $BM}2rITB-$J$i$4$a$s$J$5$$!#(B
