From owner-FreeBSD-users-jp@jp.FreeBSD.org Tue Jul  6 23:39:58 2004
Received: (from daemon@localhost)
	by castle.jp.FreeBSD.org (8.11.6p2+3.4W/8.11.3) id i66Edwb93592;
	Tue, 6 Jul 2004 23:39:58 +0900 (JST)
	(envelope-from owner-FreeBSD-users-jp@jp.FreeBSD.org)
Received: from mgw.kansai-u.ac.jp (ipcmg4.ipcku.kansai-u.ac.jp [158.217.208.26])
	by castle.jp.FreeBSD.org (8.11.6p2+3.4W/8.11.3) with ESMTP/inet id i66EdwI93587
	for <FreeBSD-users-jp@jp.FreeBSD.org>; Tue, 6 Jul 2004 23:39:58 +0900 (JST)
	(envelope-from kobayasi@res.kutc.kansai-u.ac.jp)
Received: from ipcmg3.ipcku.kansai-u.ac.jp (ipcmg3.ipcku.kansai-u.ac.jp [158.217.208.21])
	by mgw.kansai-u.ac.jp (Postfix) with SMTP id 3C8AD26175
	for <FreeBSD-users-jp@jp.FreeBSD.org>; Tue,  6 Jul 2004 23:39:55 +0900 (JST)
Received: from ipcmg.ipcku.kansai-u.ac.jp(158.217.208.11) by ipcmg3.ipcku.kansai-u.ac.jp via csmap 
	 id 3006; Tue, 06 Jul 2004 23:39:55 +0900 (JST)
Received: from mailgate.kutc.kansai-u.ac.jp (ns1.kutc.kansai-u.ac.jp [158.217.43.20])
	by ipcmg.ipcku.kansai-u.ac.jp (Postfix) with ESMTP id 6B99F17F8C
	for <FreeBSD-users-jp@jp.FreeBSD.org>; Tue,  6 Jul 2004 23:39:51 +0900 (JST)
Received: from ns2.kutc.kansai-u.ac.jp (ns2 [158.217.43.2])
	by mailgate.kutc.kansai-u.ac.jp (8.12.11/8.12.11) with ESMTP id i66Edpgg022436
	for <FreeBSD-users-jp@jp.FreeBSD.org>; Tue, 6 Jul 2004 23:39:51 +0900 (JST)
Received: from grove.kutc.kansai-u.ac.jp (ta2475.res.kutc.kansai-u.ac.jp [158.217.42.100])
	by ns2.kutc.kansai-u.ac.jp (8.12.11/8.12.11) with ESMTP id i66EdoKW016102;
	Tue, 6 Jul 2004 23:39:50 +0900 (JST)
Received: from [IPv6:2002:dae4:abeb:1:20a:95ff:febc:cb98] ([IPv6:2002:dae4:abeb:1:20a:95ff:febc:cb98])
	(authenticated bits=0)
	by grove.kutc.kansai-u.ac.jp (8.12.10/8.12.10/cf-20030920) with ESMTP id i66EdfhH007522
	(version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NOT);
	Tue, 6 Jul 2004 23:39:49 +0900 (JST)
In-Reply-To: <20040706165200.F84B.DAISAITO@lares.dti.ne.jp>
References: <20040706165200.F84B.DAISAITO@lares.dti.ne.jp>
Mime-Version: 1.0 (Apple Message framework v618)
Content-Type: text/plain; charset=ISO-2022-JP; delsp=yes; format=flowed
Message-Id: <50070FED-CF5A-11D8-9FA9-000A95BCCB98@res.kutc.kansai-u.ac.jp>
Content-Transfer-Encoding: 7bit
From: Takashi Kobayashi <kobayasi@res.kutc.kansai-u.ac.jp>
To: FreeBSD-users-jp@jp.FreeBSD.org
X-Mailer: Apple Mail (2.618)
Reply-To: FreeBSD-users-jp@jp.FreeBSD.org
Precedence: list
Date: Tue, 6 Jul 2004 23:39:40 +0900
X-Sequence: FreeBSD-users-jp 80058
Subject: [FreeBSD-users-jp 80058] Re: ipf+ipnat
 =?ISO-2022-JP?B?GyRCJE4layE8JWskSyREJCQkRhsoQg==?= 
Sender: owner-FreeBSD-users-jp@jp.FreeBSD.org
X-Originator: kobayasi@res.kutc.kansai-u.ac.jp
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+040628

$B>.NS!w4X@>Bg$G$9!%(B

On 2004/07/06, at 17:35, SAITO Masaru wrote:

> $B$7$+$7!"(B/etc/ipfrules$B$r2<5-$N$h$&$K$7$?$i(Bipf$B$K(Bblock$B$5$l$F$7$^$$$^$9!#(B
> /var/log/ipf.log$B$K$O2<5-$N$h$&$K5-O?$5$l$F$*$j$^$9!#(B
> /var/log/ipf.log
> ======================================================================= 
> ===================================
> 06/07/2004 16:50:16.664372 tun0 @100:19 b 202.216.228.36,49338 ->  
> 192.168.1.100,25 PR tcp len 20 48 -S IN
> 06/07/2004 16:50:20.028027 tun0 @100:19 b 202.216.228.36,49338 ->  
> 192.168.1.100,25 PR tcp len 20 48 -S IN
> 06/07/2004 16:50:26.777573 tun0 @100:19 b 202.216.228.36,49338 ->  
> 192.168.1.100,25 PR tcp len 20 48 -S IN
> ======================================================================= 
> ===================================

@100:19 $B$G$9$1$I!$(B

> /etc/ipf.rules
> ======================================================================= 
> =
> pass in on tun0 all head 100
(snip)
> ########################################################
> # others
> ########################################################
> # $B$=$l0J30$N30It$+$i$N(BTCP$B@\B3$r5qH](B
> block in log proto tcp all flags S/SA group 100

$B$3$l$,(B group 100 $B$N(B 19 $BHVL\$N%k!<%k$J$N$G!$$3$l$GCF$+$l$F$k$o$1$G$9!%(B

> $B$3$3$G$"$k5?Ld$,@8$8$^$7$?!#(B
> ipf.rules$B$K$O(B211.xxx.yyy.2$B$N(B25$BHV(Bport$B$r5v2D$9$k$h$&$K=q$$$?$N$G$9$,!"(B
> $B$=$NA0$K(Bipnat$B$K$h$C$F(Bdest$B$,(B192.168.1.100$B$K=q$-JQ$o$C$F(B
> $B$7$^$C$F$$$k$h$&$J5$$,$7$^$9!#$3$N>l9g$O(Bipf.rules$B$K$b(B
> $B$=$N$h$&$K=q$/$Y$-$J$N$G$7$g$&$+!)(B
> ipf.rules$B$K$O$G$-$l$P%W%i%$%Y!<%H%"%I%l%9$r=q$-$?$/$O$J$$$N$G$9$,!#!#(B

ipnat.conf $B$K$h$k$H(B ipnat $B$O30$+$iFb$X$N=q$-49$($O$d$C$F$J$$$s$G$9!%(B
$BFb$+$i30$N>l9g$N=q$-49$($O$7$^$9$1$I!%(B

$B$3$N>l9g$O!$(Bipf.rules $B$K$O30$+$i(B 192.168.1.100 $B$X$N%H%i%R%C%/$r5v2D$9$k(B
$B$h$&$K=q$+$J$$$H!$(Bipnat.conf $B$G%j%@%$%l%/%H(B(rdr)$B$r5-=R$7$F$$$F$b!$(Bipnat $B$,(B
$B=hM}$9$k$h$j$bA0$K!$(Bipf $B$G(B block $B$5$l$A$c$&$o$1$G$9!%(B

----
$B>.NS(B


