From owner-FreeBSD-net-jp@jp.freebsd.org  Tue Jul  3 23:05:08 2001
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id XAA73993;
	Tue, 3 Jul 2001 23:05:08 +0900 (JST)
	(envelope-from owner-FreeBSD-net-jp@jp.FreeBSD.org)
Received: from tech1.nextcom.co.jp (tech1.nextcom.co.jp [202.16.200.193])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with SMTP id XAA73988
	for <FreeBSD-net-jp@jp.freebsd.org>; Tue, 3 Jul 2001 23:05:07 +0900 (JST)
	(envelope-from masuda-m@nextcom.co.jp)
Received: (qmail 65037 invoked from network); 3 Jul 2001 14:05:01 -0000
Received: from unknown (HELO nextcom.co.jp) (192.168.176.4)
  by tech1.nextcom.co.jp with SMTP; 3 Jul 2001 14:05:01 -0000
Received: (qmail 42987 invoked from network); 3 Jul 2001 14:05:01 -0000
Received: from unknown (HELO nextcom.co.jp) (192.168.190.211)
  by intra.nextcom.co.jp with SMTP; 3 Jul 2001 14:05:01 -0000
Message-ID: <3B41D10D.DBDD8257@nextcom.co.jp>
Date: Tue, 03 Jul 2001 23:05:01 +0900
From: "Masuda,Masashi" <masuda-m@nextcom.co.jp>
Organization: NextCom K.K. IT System Div.
X-Mailer: Mozilla 4.75 [ja] (Windows NT 5.0; U)
X-Accept-Language: ja,en
MIME-Version: 1.0
To: FreeBSD-net-jp@jp.freebsd.org
References: <87elry9nw4.wl@miffy.taihei-dengyo.co.jp>
Content-Type: text/plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Reply-To: FreeBSD-net-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+010328
X-Sequence: FreeBSD-net-jp 3196
Subject: [FreeBSD-net-jp 3196] Re: ipfw + nat
 =?ISO-2022-JP?B?GyRCJEckTiVVJSElJCUiJSYlKSE8JWslayE8JWsbKEI=?=
 =?ISO-2022-JP?B?GyRCJE49cSQtSn0bKEI=?= 
Errors-To: owner-FreeBSD-net-jp@jp.freebsd.org
Sender: owner-FreeBSD-net-jp@jp.freebsd.org
X-Originator: masuda-m@nextcom.co.jp

  $BA}ED!w2q<R$G$9!#(B

$B!t(B ipfw $B$O;H$C$F$$$k$1$I(Bnat $B$O;H$o$J$$$N$G4V0c$C$F$$$k$+$b(B


Masaki Mizutani wrote:

> oif="lnc0"
> onet="210.237.181.32"
> omask="255.255.255.248"
> oip="210.237.181.33"
> 
> iif="sis0"
> inet="192.168.1.0"
> imask="255.255.255.0"
> iip="192.168.1.1"
> 
> $B$H$7$?>l9g!"(B192.168.1.2 $B$N%^%7%s$@$130It$N(Bsmtp$B%5!<%P$K(B
> $B%a!<%k$rEj$2$i$l$k$h$&$K$9$k$K$O(B
> 
> /sbin/ipfw add divert natd all from any to any via ${oif}
> 
> /sbin/ipfw add pass tcp from ${oip} to any 25 via ${iif}
> /sbin/ipfw add pass tcp from any 25 to ${oip} via ${oif} established


  $B%Q%1%C%H$N5$;}$A$K$J$C$F9M$($^$7$g$&!#(B ;-)

  ipfw $B$O0lHLE*$J(Bfirewall/router $B$H$*$J$8$G(Bfirstmatching $B%k!<%k$J$N$G(B
$B$?$H$($P(Bsrc 192.168.1.6:1024 / dst 10.0.0.1:25 $B$J%Q%1%C%H$N>l9g(B
$B0l9TL\$N(B /sbin/ipfw add divert natd all from any to any via ${oif}
$B$K%^%C%A%s%0$7$F$7$^$$DL$C$F$7$^$$$^$9!#(B

  $BB?J,(B

/sbin/ipfw add deny tcp from not 192.168.1.2 to any 25 in recv ${iif}
/sbin/ipfw add divert natd all from any to any via ${oif}

$B$3$s$JIw$K=q$1$PNI$$$s$@$H;W$$$^$9!#(B


$B$s$G$3$3$+$i$O0lHLE*$JOC$K$J$j$^$9$,!"(Bfirewall $B9=C[$C$F7k9=Fq$7$$$s(B
$B$@$H;W$$$^$9!#>/$J$/$H$b(BTCP/IP $B$K4X$9$kCN<1$O$7$C$+$jJ,$+$C$F$$$J$$$H(B
$B$$$1$J$$$s$@$H;W$$$^$9!#:G6a$O$$$$=q@R$,$$$C$Q$$$"$k$N$GFC$K>R2p$7$^(B
$B$;$s$,!"(BFreeBSD $B$G(Bfirewall $B$r9=C[$9$k$N$K$$$$F|K\8l$N(BWEB PAGE $B$r(B
$B>R2p$7$F$*$-$^$9!#(B

http://www.tac.tsukuba.ac.jp/%7Ehiromi/firewall.html  

$B$"$H(Bipfw(8) $B$N(Bman $B$G$9$M!#(B


-- 
/* NextCom K.K. IT System Div. Masuda,Masashi <masuda-m@nextcom.co.jp>
                       phone: +81-3-5977-0872 fax: +81-3-5977-0906   */
