Sophie

Sophie

distrib > Mandriva > 9.2 > i586 > by-pkgid > a804ef007a99f7d26cf24253c2994680 > files > 336

howto-html-ja-9.1-0.5mdk.noarch.rpm

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
 <META NAME="GENERATOR" CONTENT="SGML-Tools 1.0.9">
 <TITLE>Firewall And Proxy Server HOWTO: TIS $B%W%m%-%7%5!<%P$r%$%s%9%H!<%k$9$k(B</TITLE>
 <LINK HREF="Firewall-HOWTO-11.html" REL=next>
 <LINK HREF="Firewall-HOWTO-9.html" REL=previous>
 <LINK HREF="Firewall-HOWTO.html#toc10" REL=contents>
</HEAD>
<BODY>
<A HREF="Firewall-HOWTO-11.html">$B<!$N%Z!<%8(B</A>
<A HREF="Firewall-HOWTO-9.html">$BA0$N%Z!<%8(B</A>
<A HREF="Firewall-HOWTO.html#toc10">$BL\<!$X(B</A>
<HR>
<H2><A NAME="s10">10. TIS $B%W%m%-%7%5!<%P$r%$%s%9%H!<%k$9$k(B</A></H2>

<P>
<P>
<H2><A NAME="ss10.1">10.1 $B%=%U%H%&%'%"$rF~<j$9$k(B</A>
</H2>

<P>TIS FWTK $B$O<!$N$H$3$m$GF~<j$G$-$^$9!#(B
<B>
<A HREF="http://www.tis.com/research/software/">http://www.tis.com/research/software/</A></B>
<P>$B;d$,$d$C$?$h$&$J4V0c$$$r$7$F$O$$$1$^$;$s!#(B
TIS $B$+$i%U%!%$%k$r(B ftp $B$9$k;~!"(B README $B$r$7$C$+$jFI$s$G$/$@$5$$!#(B
TIS fwtk $B$O%5!<%P$N1#$7%G%#%l%/%H%j$KCV$+$l$F$$$^$9!#(B
<P>TIS $B$O!"<!$N>l=j$G(B 
<A HREF="http://www.tis.com/research/software/fwtk_readme.html">http://www.tis.com/research/software/fwtk_readme.html</A>
$BF10U=q$rFI$_!"$=$l$+$i1#$7%G%#%l%/%H%j$NL>>N$rCN$i$;$F$b$i$&0Y$K(B
$BK\J8$K(B<B>$BF10U$9$k(B(accepted)</B>$B$H$@$1=q$$$F(B<B>$B<!$N%"%I%l%908$K(B
$B%a!<%k$rAw$k$h$&MW@A$7$F$$$^$9!#(B
<A HREF="mailto:fwtk-request@tislabs.com">fwtk-request@tislabs.com</A> </B>
subject $B$OITMW$G$9!#(B
TIS $B$N%7%9%F%`$O%=!<%9$r%@%&%s%m!<%I$G$-$k(B (12 $B;~4VM-8z$N(B) $B%G%#%l%/%H%j$N(B
$BL>$r=q$$$?%a!<%k$rJVAw$7$F$-$^$9!#(B
<P>$B$3$NJ8=q$r=q$$$F$$$k;~E@$G$N(B FWTK $B$N:G?7HG$O(B 2.1 $B$G$9!#(B
<P>
<H2><A NAME="ss10.2">10.2 TIS FWTK $B$r%3%s%Q%$%k$9$k(B</A>
</H2>

<P> 
FWTK $B$N(B Version 2.1 $B$O!"5lHG$N$I$l$h$j$b4JC1$K%3%s%Q%$%k$G$-$^$9!#(B
<P>$B@bL@$O$3$l$@$1(B!!!
<P>$B$5$"!"(B <B>make</B> $B$r<B9T$7$^$7$g$&!#(B
<P>
<H2><A NAME="ss10.3">10.3 TIS FWTK $B$r%$%s%9%H!<%k$9$k(B</A>
</H2>

<P><B>make install</B> $B$r<B9T$7$^$7$g$&!#(B
<P>$B%G%U%)%k%H$G%$%s%9%H!<%k$5$l$k%G%#%l%/%H%j$O!"(B/usr/local/etc $B$G$9!#(B
($B;d$OJQ99$O$7$F$$$^$;$s$,(B) $B%$%s%9%H!<%k%G%#%l%/%H%j$O$b$C$H0BA4$J(B
$B%G%#%l%/%H%j$KJQ99$G$-$^$9!#(B
$B;d$O%G%U%)%k%H$N%G%#%l%/%H%j$r(B 'chmod 700' $B$KJQ99$7$F$$$^$9!#(B
<P>$B:G8e$K%U%!%$%"%&%)!<%k$r@_Dj$9$k;E;v$,;D$C$F$$$^$9!#(B
<P>
<H2><A NAME="ss10.4">10.4 TIS FWTK $B$r@_Dj$9$k(B</A>
</H2>

<P> 
$B$5$F!"$3$3$+$i2B6-$KF~$j$^$9!#(B
$B$3$l$i$N?7$7$$%5!<%S%9$N8F$S=P$7$r%7%9%F%`$K65$($F$d$j!"$=$l$i$r(B
$B@)8f$9$k%F!<%V%k$r:n$i$J$/$F$O$$$1$^$;$s!#(B
<P>$B$3$3$G(B TIS FWTK $B$N%^%K%e%"%k$r$b$&0lEY=q$/$D$b$j$O$"$j$^$;$s!#(B
$B;d$,F0:n$r3NG'$7$?@_Dj!"$O$^$j$3$s$@LdBj$r@bL@$7!"$=$l$i$r2sHr$9$k(B
$BJ}K!$K$D$$$F$*EA$($7$^$9!#(B
<P>$B@)8f$r9=@.$9$k;0$D$N%U%!%$%k$,$"$j$^$9!#(B
<P>
<P>
<P>
<UL>
<LI>/etc/services
<UL>
<LI> $B%5!<%S%9$,$I$N%]!<%H$G9T$o$l$k$+$r%7%9%F%`$KCN$i$;$k!#(B</LI>
</UL>
</LI>
</UL>

<UL>
<LI>/etc/inetd.conf
<UL>
<LI> $B2?<T$+$,%5!<%S%9%]!<%H$rC!$$$?$H$-$K!"8F$S=P$5$l$k%W%m%0%i%`$r(B
$B%j%9%H$7$F%7%9%F%`$KCN$i$;$k!#(B</LI>
</UL>
</LI>
</UL>

<UL>
<LI>/usr/local/etc/netperm-table
<UL>
<LI> $B%5!<%S%9$r5v2D$H5qH]$7$F$$$k<T$r(B FWTK $B%5!<%S%9$KCN$i$;$k!#(B</LI>
</UL>
</LI>
</UL>
<P>FWTK $B$N5!G=$r;H$&0Y$K!"$3$l$i$N%U%!%$%k$r<j=g$K=>$C$F(B
$BJT=8$7$J$1$l$P$$$1$^$;$s!#(B
inetd.conf $B$d(B netperm-table $B%U%!%$%k$r@5$7$/@_Dj$7$J$$$G(B
$B%5!<%S%9%U%!%$%k$rJT=8$9$k$H!"$*;H$$$N%7%9%F%`$K(B
$B%"%/%;%9$G$-$J$/$J$j$^$9!#(B
<P>
<H3>netperm-table $B%U%!%$%k(B</H3>

<P> 
$B$3$N%U%!%$%k$O(B TIS FWTK $B$N%5!<%S%9$K%"%/%;%9$G$-$k<T$r%3%s%H%m!<%k$7$^$9!#(B
$B%U%!%$%"%&%)!<%k$NN>B&$+$i$N%H%i%U%#%C%/$K$D$$$F9M$($J$1$l$P$$$1$^$;$s!#(B
$B%M%C%H$N30It$N?M$?$A$O%"%/%;%9$9$kA0$KG'>Z$9$Y$-$G$9$,!"%M%C%H%o!<%/$N(B
$BFbIt$N?M$?$A$OC1$KDL2a$r5v2D$9$k$h$&$K@_Dj$9$k>l9g$b$"$j$^$9!#(B
<P>$B$=$3$G%f!<%6$,<+J,<+?H$rG'>Z$G$-$k$h$&$K!"%U%!%$%"%&%)!<%k$O(B
$B%f!<%6$N(B ID $B$H%Q%9%o!<%I$N%G!<%?%Y!<%9$rJ]4I$9$k(B <B>authsrv</B> $B$H(B
$B8F$P$l$k%W%m%0%i%`$r;H$$$^$9!#(B
netperm-table $B$NG'>ZItJ,$O!"%G!<%?%Y!<%9$,J]B8$5$l$k>l=j$H!"$=$l$K(B
$B%"%/%;%9$G$-$k?M$r%3%s%H%m!<%k$7$^$9!#(B
<P>$B;d$O!"$3$N%5!<%S%9$X$N%"%/%;%9$r;_$a$F$7$^$&%H%i%V%k$KAx6x$7$^$7$?!#(B
$BA4$F$N?M$,%"%/%;%9$G$-$k$h$&$K!"(B '*' $B$r;H$C$F$$$k(B premit-host $B9T$K(B
$BCm0U$7$F$/$@$5$$!#(B
$BF0$+$9$3$H$,$G$-$k$h$&$K$J$C$?$J$i$P!"$3$N9T$N@5$7$$@_Dj$O(B 
'' <CODE>authsrv: premit-hosts localhost</CODE> $B$G$9!#(B
<P>
<P>
<PRE>
  #
  # Proxy configuration table
  #
  # Authentication server and client rules
  authsrv:      database /usr/local/etc/fw-authdb
  authsrv:      permit-hosts *
  authsrv:      badsleep 1200
  authsrv:      nobogus true
  # Client Applications using the Authentication server
  *:            authserver 127.0.0.1 114
</PRE>
<P>$B%G!<%?%Y!<%9$r=i4|2=$9$k$?$a!"(Bsu $B$G(B root $B$K$J$j$^$9!#(B
$B$=$7$F(B /var/local/etc $B$G4IM}MQ%f!<%65-O?$r:n@.$9$k0Y$K(B
<B>./authsrv</B> $B$rF0$+$7$^$9!#(B
$BNc$r<($7$F$*$-$^$9!#(B
<P>FWTK $B$NJ8=q$rFI$_(B users $B$H(B groups $B$r2C$($kJ}K!$K$D$$$FD4$Y$F$/$@$5$$!#(B
<P>
<PRE>
    #
    # authsrv
    authsrv# list
    authsrv# adduser admin &quot;Auth DB admin&quot;
    ok - user added initially disabled
    authsrv# ena admin
    enabled
    authsrv# proto admin pass
    changed
    authsrv# pass admin &quot;plugh&quot;
    Password changed.
    authsrv# superwiz admin
    set wizard
    authsrv# list
    Report for users in database
    user   group  longname           ok?    proto   last 
    ------ ------ ------------------ -----  ------  -----
    admin         Auth DB admin      ena    passw   never
    authsrv# display admin
    Report for user admin (Auth DB admin)
    Authentication protocol: password
    Flags: WIZARD
    authsrv# ^D
    EOT
    #
</PRE>
<P>telnet gateway (tn-gw) $B%3%s%H%m!<%k$O@53N$K!"$7$+$b:G=i$K@_Dj$r(B
$B9T$o$J$1$l$P$J$j$^$;$s!#(B
<P>$B;d$NNc$G$O!"%W%i%$%Y!<%H%M%C%H%o!<%/FbIt$N%[%9%H$K$O<+?H$NG'>Z$J$7$G(B
$BDL2a$r5v2D$7$F$$$^$9(B(permit-hosts 19961.2.* -passok) $B!#(B
$B$7$+$7!"$=$NB>$N%f!<%6$O%W%m%-%7$r;H$&0Y$K!"<+J,$N(B ID $B$H%Q%9%o!<%I$r(B
$BF~NO$7$J$1$l$P$J$j$^$;$s(B (permit-hosts * -auth)$B!#(B
<P>$B$3$3$G$O$^$?!"0lBf$NJL$N%7%9%F%`(B(192.1.2.202)$B$+$i$O%U%!%$%"%&%)!<%k$r(B
$BDL$5$J$$$G!"D>@\%U%!%$%"%&%)!<%k%^%7%s$X$N%"%/%;%9$r5v2D$7$F$$$^$9!#(B
$BFs$D$N(Binetacl-in.telnetd $B9T$,$3$l$r9T$$$^$9!#(B
$B$I$N$h$&$K$7$F$3$l$i$N9T$,8F$S=P$5$l$k$+$O8e$G@bL@$7$^$9!#(B
<P>telnet $B$N%?%$%`%"%&%H$OC;$/$7$?$[$&$,$h$$$G$7$g$&!#(B
<P>
<PRE>
  # telnet $B%2!<%H%&%'%$%k!<%k(B - 
  tn-gw:                denial-msg      /usr/local/etc/tn-deny.txt
  tn-gw:                welcome-msg     /usr/local/etc/tn-welcome.txt
  tn-gw:                help-msg        /usr/local/etc/tn-help.txt
  tn-gw:                timeout 90
  tn-gw:                permit-hosts 192.1.2.* -passok -xok
  tn-gw:                permit-hosts * -auth
  # $B4IM}<T$@$1$,%]!<%H(B 24 $B7PM3$G%U%!%$%"%&%)!<%k$KD>@\(B telnet $B$G$-$^$9!#(B
  netacl-in.telnetd: permit-hosts 192.1.2.202 -exec /usr/sbin/in.telnetd
</PRE>
<P>(rlogin $B$d(B rcp $B$d(B rsh$B$J$I$N(B)$B%j%b!<%H4XO"%3%^%s%I$O(B telnet $B$H(B
$BF1$8$h$&$JJ}K!$GF0$-$^$9!#(B
<P>
<PRE>
  # rlogin $B%2!<%H%&%'%$%k!<%k(B - 
  rlogin-gw:    denial-msg      /usr/local/etc/rlogin-deny.txt
  rlogin-gw:    welcome-msg     /usr/local/etc/rlogin-welcome.txt
  rlogin-gw:    help-msg        /usr/local/etc/rlogin-help.txt
  rlogin-gw:    timeout 90
  rlogin-gw:    permit-hosts 192.1.2.* -passok -xok
  rlogin-gw:    permit-hosts * -auth -xok
  # $B4IM}<T$@$1$,%]!<%H$rDL$8$F%U%!%$%"%&%)!<%k$KD>@\(B telnet$B$G$-$^$9!#(B
  netacl-rlogind: permit-hosts 192.1.2.202 -exec /usr/libexec/rlogind -a
</PRE>
<P>FTP $B$b4^$a!"%U%!%$%"%&%)!<%k$rD>@\%"%/%;%9$G$-$k$h$&$K$9$Y$-$G$O$"$j$^$;$s!#(B
$B$=$N$?$a%U%!%$%"%&%)!<%k$K(B FTP $B%5!<%P$rCV$$$F$O$$$1$^$;$s!#(B
<P>$B<!$N(B permit-hosts $B9T$O!"J]8n$5$l$?%M%C%H%o!<%/Fb$K5o$kA4$F$N<T$K(B
$B%$%s%?!<%M%C%H$X$N<+M3$J%"%/%;%9$r5v2D$7!"$=$NB>$N<T$O<+J,<+?H$r(B
$BG'>Z$7$J$1$l$P$J$j$^$;$s!#(B
$B;d$OAw<u?.$7$?A4$F$N%U%!%$%k$N5-O?$r<h$k@_Dj$b4^$a$F$"$j$^$9!#(B
(-log { retr stor })
<P>ftp $B$N%?%$%`%"%&%H$O!"@\B3$,F~NO$,$J$$$^$^%*!<%W%s$K$J$C$F$$$k;~4V$r(B
$B$I$l$/$i$$$K$9$k$N$+$HF1$8$h$&$K!"IT@5$J@\B3$rDd;_$9$k$N$KI,MW$J;~4V$r(B
$B$I$l$/$i$$$K$9$k$+$r@)8f$7$^$9!#(B
<P>
<PRE>
  # ftp gateway rules:
  ftp-gw:               denial-msg      /usr/local/etc/ftp-deny.txt
  ftp-gw:               welcome-msg     /usr/local/etc/ftp-welcome.txt
  ftp-gw:               help-msg        /usr/local/etc/ftp-help.txt
  ftp-gw:               timeout 300
  ftp-gw:               permit-hosts 192.1.2.* -log { retr stor }
  ftp-gw:               permit-hosts * -authall -log { retr stor }
</PRE>
<P>Web, gopher, $B%V%i%&%6$r;H$C$?(B ftp $B$O(B http-gw $B$K$h$C$F@)8f$5$l$^$9!#(B
$B:G=i$NFs9T$O(B ftp $B$d%U%!%$%"%&%)!<%k$rDL$C$FEO$5$l$F$$$k$h$&$J(B web $BJ8=q$r(B
$BCV$/%G%#%l%/%H%j$r:n$j$^$9!#(B
$B;d$O$3$l$i$N%U%!%$%k$r(B root $B=jM-$K$7!"(Broot $B$N$_$,%"%/%;%9$G$-$k(B
$B%G%#%l%/%H%j$KCV$$$F$$$^$9!#(B
<P>Web $B@\B3$OC;$/$7$?$[$&$,$h$$$G$7$g$&!#(B
$B%f!<%6$,IT@5$J@\B3$G$I$l$/$i$$BT$D$+$r@)8f$7$^$9!#(B
<P>
<PRE>
  # www and gopher gateway rules:
  http-gw:      userid          root
  http-gw:      directory       /jail
  http-gw:      timeout 90
  http-gw:      default-httpd   www.afs.net
  http-gw:      hosts           192.1.2.* -log { read write ftp }
  http-gw:      deny-hosts      * 
</PRE>
<P>ssl-gw $B$O<B:]$O$J$s$G$bDL$7$F$7$^$&(B gateway $B$G$9!#(B
$BCm0U$7$F$/$@$5$$!#(B
$B$3$NNc$G$O!";d$O%"%I%l%9(B 127.0.0.* $B$H(B 192.1.1.* $B$=$l$+$i!"%]!<%H(B 443 $B$+$i(B
563 $B>e$G$@$1!"%M%C%H%o!<%/$N30It$N$I$N%5!<%P$K$b@\B3$9$k$?$aJ]8n$5$l$?(B
$B%M%C%H%o!<%/$NFbIt$GA4$F$N?M$r5v2D$7$F$$$^$9!#(B
$B%]!<%H(B 443 $B$+$i(B 563 $B$O(B SSL $B%]!<%H$G$9!#(B
<P>
<PRE>
  # ssl gateway rules:
  ssl-gw:         timeout 300
  ssl-gw:         hosts           192.1.2.* -dest { !127.0.0.* !192.1.1.* *:443:563 }
  ssl-gw:         deny-hosts      *
</PRE>
<P>$B$3$3$G$O!"?7$7$$%5!<%P$K@\B3$r5v2D$9$k0Y$K(B plug-gw $B$r$I$N$h$&$K(B
$B;H$&$+$K$D$$$F$NNc$r<($7$^$9!#(B
$B$3$NNc$G!";d$OJ]8n$5$l$?%M%C%H%o!<%/$NFbB&$G0l$D$N%7%9%F%`$K$@$1@\B3$7!"(B
$B$=$l$,?7$7$$%]!<%H$K$@$1@\B3$9$k$N$rA4$F$N?M$K5v2D$7$^$9!#(B
<P>$BFs9TL\$OJ]8n$5$l$?%M%C%H%o!<%/$K$=$N%G!<%?$rLa$90Y$K?7$7$$%5!<%P$r5v2D$7$^$9!#(B
<P>$BKX$I$N%/%i%$%"%s%H$O%f!<%6$,%K%e!<%9$rFI$s$G$$$k4V$O@\B3>uBV$K(B
$B$"$k$3$H$r4|BT$7$^$9$+$i!"%K%e!<%9%5!<%P$N%?%$%`%"%&%H$OD9$/$7$F$*$/$Y$-$G$9!#(B
<P>
<PRE>
 
  # NetNews Pluged gateway
  plug-gw:        timeout 3600
  plug-gw: port nntp 192.1.2.* -plug-to 24.94.1.22 -port nntp
  plug-gw: port nntp 24.94.1.22 -plug-to 192.1.2.* -port nntp
</PRE>
<P>finger gateway $B$O%7%s%W%k$G$9!#(B
$BJ]8n$5$l$?%M%C%H%o!<%/$NFbIt$N?M$OC/$G$b:G=i$K%m%0%$%s$7$J$1$l$P$J$i$:!"(B
$B$=$N8e%U%!%$%"%&%)!<%k>e$N(B finger $B%W%m%0%i%`$r;H$&$3$H$,$G$-$^$9!#(B
$B$=$l0J30$NA4$F$N?M$O<!$N$h$&$J%a%C%;!<%8$r<u$1<h$j$^$9!#(B
<P>
<PRE>
  # Enable finger service 
  netacl-fingerd: permit-hosts 192.1.2.* -exec /usr/libexec/fingerd
  netacl-fingerd: permit-hosts * -exec /bin/cat /usr/local/etc/finger.txt
</PRE>
<P>$B;d$O(B Mail $B$H(B X Window System $B$N%5!<%S%9$N@_Dj$r$7$F$$$J$$$N$G!"$3$3$K$ONc$r(B
$B4^$a$F$$$^$;$s!#(B
$B$I$J$?$+F0$$$F$$$kNc$r$*;}$A$J$i(B e-mail $B$G;d$KAw$C$F$/$@$5$$!#(B
<P>
<H3>/etc/services $B%U%!%$%k(B</H3>

<P> 
$B$3$3$,A4$F$N;O$^$j$G$9!#%/%i%$%"%s%H$,%U%!%$%"%&%)!<%k$K@\B3$9$k$H$-!"(B
$B4{CN$N%]!<%H(B( 1024 $B$h$j0J2<(B)$B$K@\B3$7$^$9!#$?$H$($P(Btelnet $B$O%]!<%H(B23 $B>e$K(B
$B@\B3$7$^$9!#(Binetd $B%G!<%b%s$O$3$N@\B3$rCN$k$H!"(B /etc/services $B%U%!%$%k$K(B
$B$"$k$3$l$i$N%5!<%S%9$NL>A0$rC5$7$^$9!#$=$l$+$i(B /etc/inetd.conf $B%U%!%$%k$K(B
$B$"$kL>A0$K3d$jEv$F$i$l$?%W%m%0%i%`$r8F$S=P$7$^$9!#(B
<P>$B$o$l$o$l$,:n@.$7$F$$$k%5!<%S%9$N$"$k$b$N$O!"IaDL$O(B /etc/services
$B%U%!%$%k$K$O$"$j$^$;$s!#(B
$B$"$J$?$O!"<+J,$,K>$`$I$l$+$N%]!<%H$K2?$+$N%5!<%S%9$r3d$jEv$F$k$3$H$,(B
$B$G$-$^$9!#(B
$BNc$($P!";d$O4IM}<T$N(B telnet $B%]!<%H(B (telnet-a) $B$r%]!<%H(B24 $B$K3d$jEv$F$F$$$^$9!#(B
$B$*K>$_$J$i%]!<%H(B 2323 $B$K$=$l$r3d$jEv$F$k$3$H$b$G$-$^$9!#(B
$B%U%!%$%"%&%)!<%k$KD>@\@\B3$9$k4IM}<T(B($B$"$J$?(B)$B$KBP$7$F!";d$,9T$C$?$h$&$K!"(B
$B$"$J$?$,$4<+J,$N(B netperm-table $B%U%!%$%k$r@_Dj$9$k$J$i%]!<%H(B23 $B$G$O$J$/!"(B
$B%]!<%H(B24 $B$K(Btelnet $B$9$kI,MW$,$"$j!"J]8n$5$l$?%M%C%H%o!<%/$NFbIt$G!"(B
$B0l$D$N%7%9%F%`$+$i$3$l$r$G$-$k$h$&$K$9$k$@$1$G$9!#(B
<P>
<P>
<PRE>
 
  telnet-a        24/tcp
  ftp-gw          21/tcp           # this named changed
  auth            113/tcp   ident    # User Verification
  ssl-gw          443/tcp
</PRE>
<P>
<P>
<HR>
<A HREF="Firewall-HOWTO-11.html">$B<!$N%Z!<%8(B</A>
<A HREF="Firewall-HOWTO-9.html">$BA0$N%Z!<%8(B</A>
<A HREF="Firewall-HOWTO.html#toc10">$BL\<!$X(B</A>
</BODY>
</HTML>

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional