From owner-FreeBSD-users-jp@jp.FreeBSD.org Thu Jan 17 17:44:55 2002
Received: (from daemon@localhost)
	by castle.jp.FreeBSD.org (8.11.6+3.4W/8.11.3) id g0H8itJ05300;
	Thu, 17 Jan 2002 17:44:55 +0900 (JST)
	(envelope-from owner-FreeBSD-users-jp@jp.FreeBSD.org)
Received: from free1.him.ne.jp (11.him.ne.jp [210.235.152.11])
	by castle.jp.FreeBSD.org (8.11.6+3.4W/8.11.3) with ESMTP/inet id g0H8ism05293
	for <freebsd-users-jp@jp.freebsd.org>; Thu, 17 Jan 2002 17:44:55 +0900 (JST)
	(envelope-from chores@him.ne.jp)
Received: (from root@localhost)
	by free1.him.ne.jp (8.12.1/8.12.1/him-011118) id g0H8inVe008536
	for freebsd-users-jp@jp.freebsd.org; Thu, 17 Jan 2002 17:44:49 +0900 (JST)
	(envelope-from chores@him.ne.jp)
Received: from dev01 (71.him.local [192.168.1.71])
	by free1.him.ne.jp (8.12.1/8.12.1/him-011118av) with ESMTP id g0H8ilCP008529
	for <FreeBSD-users-jp@jp.FreeBSD.org>; Thu, 17 Jan 2002 17:44:47 +0900 (JST)
	(envelope-from chores@him.ne.jp)
From: chores@him.ne.jp
Date: Thu, 17 Jan 2002 17:44:47 +0900
To: FreeBSD-users-jp@jp.FreeBSD.org
In-Reply-To: <20020110181059.ADF8.TOMOKAZU@colx.co.jp>
References: <20020110155200.E049.CHORES@him.ne.jp> <20020110181059.ADF8.TOMOKAZU@colx.co.jp>
Message-Id: <20020117164816.E079.CHORES@him.ne.jp>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-2022-JP"
Content-Transfer-Encoding: 7bit
X-Mailer: Becky! ver. 2.00.07
X-Virus-Scanned: by AMaViS perl-11
Reply-To: FreeBSD-users-jp@jp.FreeBSD.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+011218
X-Sequence: FreeBSD-users-jp 66499
Subject: [FreeBSD-users-jp 66499] Re: natd 
 =?ISO-2022-JP?B?GyRCJE4lPSE8JTklIiVJJWwlOT1xJC00OSQoJEsbKEI=?=
 =?ISO-2022-JP?B?GyRCJEQkJCRGGyhC?=
Errors-To: owner-FreeBSD-users-jp@jp.FreeBSD.org
Sender: owner-FreeBSD-users-jp@jp.FreeBSD.org
X-Originator: chores@him.ne.jp

$BDMED$G$9!#(B
$BAjJQ$o$i$:!"m5$$$F$*$j$^$9!#(B

> > $B%5!<%P!<$r@\B3$7$F$$$k%W%m%P%$%@!<$rJQ99$9$k$KEv$C$F!"0\9T4|4V$N%5!<%S%9(B
> > $BDd;_;~4V$r:G>.8B$K$9$kJ}K!$N<B83$H$7$F9T$C$F$$$^$9!#(B
> 
> $B$3$A$i$G$b;w$?$h$&$J$3$H$r$7$?$3$H$,$"$j$^$9!#(B
> # DNS $B$,40A4$KEAGE$9$k$^$G$N4V!"$I$A$i$+$KHt$s$G$-$?%Q%1%C%H$r(B
> # $B$b$&JRJ}$KEj$2$?$$$s$G$7$g(B?($B$A$,$&$N$+$J(B?)

$B$=$NDL$j$G$9!#(B


> natd $B$C$F!"%Q%1%C%H$N%X%C%@$r=q$-49$($i$l$k$s$G$9$,!"(B
> $B0lEY$K(B src $B$b(B dest $B$b=q$-49$($F$7$^$&$H85$KLa$;$J$/$J$k$N$G!"(B
> $B$3$l$O$G$-$J$/$F$b;EMM$@$H;W$$$^$9!#(B
> 
> $B$G!"$3$A$i$GM7$s$@$H$-$O!"(Bnatd $B$r#2$D5/F0$5$;$F!"(B
> $B$=$l$>$l$K(B src, dest $B$rJL$K=q$-49$($5$;$^$7$?!#(B
> 
> $B$3$&$9$l$PN>J}=q$-49$($F!"@5$7$/DL?.$G$-$^$7$?$h!#(B

$BHs>o$K;29M$K$J$j$^$7$?!#(B
$B$J$s$H$+!"(Bsrc, dest $B$N=q$-49$($O=PMh$k$h$&$K$J$C$?$N$G$9$,!":#EY$O(BACK$B$K(B
$BBP$7$F(BR(RST)$B$rJV$5$l$F$7$^$&$H$$$&>uBV$+$iH4$1$i$l$:$K$$$^$9!#(B

$B@hF|$O(BNIC1$BKg$G9T$C$F$$$?$?$a!"%k!<%?$r7PM3$7$F$$$FOC$,M>7W$KLq2p$K$J$C$F(B
$B$$$?$h$&$G$7$?$N$G!"(BNIC$B$,(B2$BKgA^$5$C$F$$$kJL$N%^%7%s$G8=:_$O;n$7$F$$$^$9!#(B
$B$"$?$i$a$F!"8=:_$N9=@.$G$9!#(B

 $B%^%7%s(BA           $B%^%7%s(BB                       $B%^%7%s(BC
+-----------+     +-----------------------+     +----------------------+
| 192.x.x.10|--+  | (ed1)           (ed2) |     |                      |
+-----------+  |  | 192.x.x.2   210.y.y.1 +-----+ 210.y.y.2            |
 $B%^%7%s(BA'      +--+ 192.x.x.1             |     |                      |
+-----------+  |  |(ipfw $B$d(B natd $B$r@_Dj(B)  |     |(http,smtp,pop3 etc..)|
| 192.x.x.11|--+  +-----------------------+     +----------------------+
+-----------+

$B%^%7%s(BB$B$K$O0J2<$N$h$&$J@_Dj$r9T$C$?$N$G$9$,!"$3$l$G$OBLL\$J$h$&$G$9!#(B

# ifconfig  ($BH4?h(B)
ed1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet 192.x.x.2 netmask 0xffffff00 broadcast 192.x.x.255
        inet 192.x.x.1 netmask 0xffffff00 broadcast 192.x.x.255
ed2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet 210.y.y.1 netmask 0xffffff00 broadcast 210.y.y.255

# ipfw list
00100 divert 8888 ip from any to 192.x.x.1
00200 divert 9999 ip from any to 210.y.y.2
65535 allow ip from any to any

# natd -p 8888 -n ed2 -redirect_address 210.y.y.2 192.x.x.1 -v
# natd -p 9999 -n ed2 -redirect_address 210.y.y.1 0.0.0.0 -v


$B$3$N>uBV$G!"%^%7%s(BA$B$+$i(B lynx 192.y.y.1 $B$H$9$k$H!"%^%7%s(BC$B$G$N(B tcpdump $B$,(B
$B0J2<$NDL$j$H$J$j!"%^%7%s(BA$B$N(Blynx$B$O(B Making HTTP connection $B$N$^$^$K$J$C$F(B
$B$7$^$$$^$9!#(B

17:20:43.804631 210.y.y.1.1078 > 210.y.y.2.http:
 S 3997132308:3997132308(0) win 16384 <mss 1460> (DF)

17:20:43.804741 210.y.y.2.http > 210.y.y.1.1078:
 S 3067866409:3067866409(0) ack 3997132309 win 17520 <mss 1460> (DF)

17:20:43.809770 210.y.y.1.39017 > 210.y.y.2.http:
 R 3997132309:3997132309(0) win 0

17:20:46.800961 210.y.y.2.http > 210.y.y.1.1078:
 S 3067866409:3067866409(0) ack 3997132309 win 17520 <mss 1460> (DF)

17:20:46.803182 210.y.y.1.39017 > 210.y.y.2.http:
 R 3997132309:3997132309(0) win 0

$B"((B $B<B:]$K$O(B 17:20:46.800961 $B$H(B 17:20:46.803182 $B$HF1$8$b$N$,!"$"$H?t2sI=(B
   $B<($5$l$^$9!#(B


$BB?J,(B R(RST) $B$,5"$C$F$-$F$$$k$N$,LdBj$J$N$@$H$O;W$&$N$G$9$,!"2?$,860x$G$I(B
$B$N$h$&$K2sHr$7$?$i$h$$$N$+J,$+$i$:$K$*$j$^$9!#(B

$B$J$*!"(Bnatd$B$G$O0J2<$N$h$&$KI=<($5$l$^$9!#(B

# natd -p 8888 -n ed2 -redirect_address 210.y.y.2 192.x.x.1 -v
In  [TCP]  [TCP] 192.x.x.10:1078 -> 192.x.x.1:80 aliased to
           [TCP] 192.x.x.10:1078 -> 210.y.y.2:80

# natd -p 9999 -n ed2 -redirect_address 210.y.y.1 0.0.0.0 -v
In  [TCP]  [TCP] 192.x.x.10:1078 -> 210.y.y.2:80 aliased to
           [TCP] 192.x.x.10:1078 -> 210.y.y.2:80
Out [TCP]  [TCP] 192.x.x.10:1078 -> 210.y.y.2:80 aliased to
           [TCP] 210.y.y.1:1078 -> 210.y.y.2:80
Out [TCP]  [TCP] 210.y.y.1:1078 -> 210.y.y.2:80 aliased to
           [TCP] 210.y.y.1:39017 -> 210.y.y.2:80

$B"((B $B<B:]$K$O:G8e$N(B Out [TCP] $B$HF1$8$b$N$,!"$"$H?t2sI=<($5$l$^$9!#(B

$B@5$7$$@_Dj$NJ}K!!"%A%'%C%/$9$Y$-E@!";29M$K$J$k(BWEB$B%Z!<%8!">pJsITB-$NE@$J(B
$B$I$I$s$J;v$G$b7k9=$G$9$N$G65$($F$/$@$5$$!#(B

-- 
$B0J>e!"$h$m$7$/$*4j$$$$$?$7$^$9!#(B
 <chores@him.ne.jp>

