<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
<META NAME="GENERATOR" CONTENT="SGML-Tools 1.0.9">
<TITLE>Linux IP Masquerade HOWTO: IP �$B%^%9%+%l!<%I$K4XO"$7$?$=$NB>$N9`L\$H%=%U%H%&%(%"%5%]!<%H�(B</TITLE>
<LINK HREF="IP-Masquerade-HOWTO-7.html" REL=next>
<LINK HREF="IP-Masquerade-HOWTO-5.html" REL=previous>
<LINK HREF="IP-Masquerade-HOWTO.html#toc6" REL=contents>
</HEAD>
<BODY>
<A HREF="IP-Masquerade-HOWTO-7.html">�$B<!$N%Z!<%8�(B</A>
<A HREF="IP-Masquerade-HOWTO-5.html">�$BA0$N%Z!<%8�(B</A>
<A HREF="IP-Masquerade-HOWTO.html#toc6">�$BL\<!$X�(B</A>
<HR>
<H2><A NAME="s6">6. IP �$B%^%9%+%l!<%I$K4XO"$7$?$=$NB>$N9`L\$H%=%U%H%&%(%"%5%]!<%H�(B</A></H2>
<P>
<P>
<H2><A NAME="ss6.1">6.1 IP �$B%^%9%+%l!<%I$K4X78$7$?LdBj�(B</A>
</H2>
<P>TCP/IP �$B$r;H$C$?%"%W%j%1!<%7%g%s%W%m%H%3%k$N$&$A$N0lIt$K$O!"8=:_$N�(B
Linux �$B$N�(B IP �$B%^%9%+%l!<%G%#%s%0$G%5%]!<%H$5$l$F$$$J$$$b$N$b$"$j$^$9!#�(B
�$B$H$$$&$N$b!"$3$l$i$O0EL[$N$&$A$KFCDj$N%]!<%HHV9f$r;H$C$F$$$?$j!"�(B
�$B$"$k$$$O$=$l$i$N%G!<%?%9%H%j!<%`Cf$K!"�(B TCP/IP �$B%"%I%l%9$d%]!<%HHV9f$r�(B
�$B0E9f2=$7$F;E9~$s$G$$$?$j$9$k$+$i$G$9!#�(B
�$B8e<T$N%W%m%H%3%k$rF0$+$9$?$a$K$OFCJL$J%W%m%-%7$+�(B IP MASQ �$B%b%8%e!<%k�(B
�$B$r%^%9%+%l!<%G%#%s%0$N%3!<%I$K;E9~$`I,MW$,$"$j$^$9!#�(B
<P>
<H2><A NAME="ss6.2">6.2 �$B30It$+$iF~$C$F$/$k%5!<%S%9�(B</A>
</H2>
<P>�$B%G%U%)%k%H$G$O$$$/$D$+$NNc30$r$N$>$$$F!"�(BLinux IP �$B%^%9%+%l!<%G%#%s%0$G$O30It$+$iF~$C$F$/$k�(B
�$B%5!<%S%9$r<h$j07$&$3$H$,$G$-$^$;$s!#�(B
<P>�$B$b$7!"9b$$%l%Y%k$G%;%-%e%j%F%#$r3NJ]$9$kI,MW$,$J$$$J$i!"C1=c$K�(B IP �$B$H%]!<%H$r%U%)%o!<%I$J$j�(B
�$B%j%@%$%l%/%H$9$l$P$9$`$G$7$g$&!#$d$jJ}$O$?$/$5$s$"$j$^$9$,!":G$b0BDj$7$F$$$k$N$O�(B IPPORTFW
�$B$r;H$C$?$d$j$+$?$G$7$g$&!#>\:Y$O!"�(B
<A HREF="#Forwarders">�$B%U%)%o!<%@�(B (�$B%]!<%HE>Aw%D!<%k�(B)</A>
�$B$N>O$r;2>H$7$F$/$@$5$$!#�(B
<P>�$B$b$7!"30It$+$iF~$C$F$/$k@\B3$K2?$i$+$NG'>Z$r@_Dj$7$?$$$J$i!"�(BTCP-wrapper �$B$+�(B Xinetd �$B$r�(B
�$B@_Dj$7$FFCDj$N�(B IP �$B%"%I%l%9$+$i$N$_$N@\B3$r5v$9$3$H$,$G$-$^$9!#�(BTIS Firewall Toolkit �$B$O�(B
�$B%D!<%k$d>pJs$rF~<j$9$k$N$K$h$$>l=j$G$7$g$&!#�(B
<P>�$B$h$j>\:Y$J%;%-%e%j%F%#>pJs$K$D$$$F$O!"�(B
<A HREF="http://www.ecst.csuchico.edu/~dranch/LINUX/index-linux.html#TrinityOS">TrinityOS</A> �$B$H�(B
<A HREF="http://ipmasq.cjb.net/">IP �$B%^%9%+%l!<%I$N>pJs8;�(B</A>
�$B$+$i8+$D$1$k$3$H$,$G$-$^$9!#�(B
<P>
<A NAME="Supported Client Software"></A> <P>
<P>
<P>
<H2><A NAME="Clients"></A> <A NAME="ss6.3">6.3 �$B%5%]!<%H$7$F$$$k%/%i%$%"%s%H%=%U%H%&%(%"$H$=$NB>$N@_Dj>pJs�(B</A>
</H2>
<P>
<P>
<BLOCKQUOTE>
<B>**
<A HREF="http://www.tsmservices.com/masq">Linux Masquerade Application list</A> �$B$K$O!"%"%W%j%1!<%7%g%s$r�(BLinux �$B$N�(B IP �$B%^%9%+%l!<%G%#%s%0$r�(B
�$BDL$8$FF0$+$9$?$a$NB?$/$N>pJs$,7G:\$5$l$F$$$^$9!#$3$N%5%$%H$O:G6a$K$J$C$F!"�(BSteve Srevemeyer
�$B$K$h$C$F%G!<%?%Y!<%9%P%C%/%(%s%I$GF0:n$9$k$h$&$K=q$-2~$a$i$l$^$7$?!#AG@2$i$7$$>pJs8;$G$9!*�(B</B>
</BLOCKQUOTE>
<P>�$B0lHLE*$K!"I8=`E*$J�(B TCP �$B5Z$S�(B UDP �$B$r;H$C$?%"%W%j%1!<%7%g%s$G$"$l$P�(B
�$BF0:n$7$^$9!#�(B
�$B$b$7!"%R%s%H$d%"%I%P%$%9Ey$,$"$k$J$i!">\:Y$K$D$$$F$O�(B
<A HREF="http://ipmasq.cjb.net/">IP �$B%^%9%+%l!<%I$N>pJs8;�(B</A>
�$B$r;2>H$7$F$/$@$5$$!#�(B
<P>
<P>
<H3>IP �$B%^%9%+%l!<%I$GF0:n$9$k%M%C%H%o!<%/%/%i%$%"%s%H�(B</H3>
<P>�$B0lHLE*$J%/%i%$%"%s%H�(B -
<P>
<P>
<DL>
<DT><B>Archie</B><DD><P>IP �$B%^%9%+%l!<%I$,%5%]!<%H:Q$_$NA4$F$N%W%i%C%H%U%)!<%`�(B
�$B$GF0:n$9$k!"%U%!%$%kC5:w%/%i%$%"%s%H�(B (�$BC"$7!"A4$F$N�(B archie �$B%/%i%$%"%s%H�(B
�$B$,F0:n$9$k$o$1$G$O$J$$�(B)�$B!#�(B
<P>
<P>
<DT><B>FTP</B><DD><P>FTP �$B@\B3$K$D$$$F$O!"�(B<EM>ip_masq_ftp.o</EM>
�$B%+!<%M%k%b%8%e!<%k$r;H$&$3$H$G!"A4$F$N%5%]!<%H:Q$_%W%i%C%H%U%)!<%`>e$G�(B
�$BF0:n$9$k!#�(B
<P>�$B!ZLuCm�(B: NAT �$B4D6-$N0lIt�(B (marked forward �$BJ;MQ;~�(B) �$B$G$O!"�(B ip_masq_ftp �$B$,�(B
�$BF0:n$7$J$$$3$H$,3NG'$5$l$F$$$^$9!#�(B
ftp �$B%/%i%$%"%s%H$r%Q%C%7%V�(B (PASV) �$B%b!<%I$G5/F0$9$l$P!"�(B ip_masq_ftp.o �$B$,�(B
�$B$J$/$F$bBg35$N�(B ftp �$B%5!<%P$X$N@\B3$,2DG=$G$9!#�(B
PASV �$B%b!<%I$N>\:Y$K$D$$$F$O!"Nc$($P�(B
<A HREF="http://www.rtpro.yamaha.co.jp/RT/FAQ/TCPIP/ftp-passive-mode.html">http://www.rtpro.yamaha.co.jp/RT/FAQ/TCPIP/ftp-passive-mode.html</A>
�$BJU$j$,;29M$K$J$k$+$H;W$$$^$9!#![�(B
<P>
<P>
<DT><B>Gopher �$B%/%i%$%"%s%H�(B</B><DD><P>�$BA4$F$N%5%]!<%H:Q$_%W%i%C%H%U%)!<%`$GF0:n$9$k!#�(B
<P>
<P>
<DT><B>HTTP</B><DD><P>�$BA4$F$N%5%]!<%H:Q$_%W%i%C%H%U%)!<%`$GF0:n$9$k!"�(BWeb�$B%5!<%U%#%s!#�(B
<P>
<P>
<DT><B>IRC</B><DD><P>�$B<o!9$N%5%]!<%H:Q$_%W%i%C%H%U%)!<%`$GF0:n$9$k!#�(B
�$B$J$*!"�(B DCC �$B$O�(B <EM>ip_masq_irc.o</EM> �$B%b%8%e!<%k$rF3F~$9$l$PF0:n$9$k!#�(B
<P>�$B!ZLuCm�(B: DCC �$B$K$D$$$F$O!"�(B
<A HREF="IP-Masquerade-HOWTO-3.html#rc.firewall-2.2.x">Linux 2.2.x �$B%+!<%M%k�(B</A> �$B$NLuCm$r;2>H$7$F$/$@$5$$!#![�(B
<P>
<P>
<DT><B>NNTP (USENET)</B><DD><P>�$BA4$F$N%5%]!<%H:Q$_%W%i%C%H%U%)!<%`$GF0:n$9$k!"�(B
USENET �$B%K%e!<%9%/%i%$%"%s%H!#�(B
<P>
<P>
<DT><B>PING</B><DD><P>�$B%+!<%M%k%*%W%7%g%s$N�(B ICMP �$B%^%9%+%l!<%I$rM-8z$K$9$k$3$H$G!"�(B
�$BA4$F$N%W%i%C%H%U%)!<%`>e$GF0:n$9$k!#�(B
<P>
<P>
<DT><B>POP3</B><DD><P>�$B$9$Y$F$N%W%i%C%H%U%)!<%`$GF0:n$9$k!"EE;R%a!<%k%/%i%$%"%s%H�(B
<P>
<DT><B>SSH</B><DD><P>�$BA4$F$N%5%]!<%H:Q$_%W%i%C%H%U%)!<%`$GF0:n$9$k!"�(B
�$B0BA4$J�(B TELNET/FTP �$B%/%i%$%"%s%H!#�(B
<P>
<P>
<DT><B>SMTP</B><DD><P>�$BA4$F$N%5%]!<%H:Q$_%W%i%C%H%U%)!<%`$GF0:n$9$k!"�(B
sendmail, qmail, PostFix �$BEy$N%a!<%k%5!<%P!#�(B
<P>
<P>
<DT><B>TELNET</B><DD><P>�$BA4$F$N%5%]!<%H:Q$_%W%i%C%H%U%)!<%`$GF0:n$9$k!"�(B
�$B%j%b!<%H%;%C%7%g%s!#�(B
<P>
<P>
<DT><B>TRACEROUTE</B><DD><P>UNIX �$B$H�(B Windows �$B%W%i%C%H%U%)!<%`$GDs6!$5$l$F$$$k$,!"�(B
�$B$$$/$D$+$N0!<o$OF0$+$J$$$+$b$7$l$J$$!#�(B
<P>
<P>
<DT><B>VRML</B><DD><P>Windows (�$B$"$k$$$O$3$l0J30$N%5%]!<%H:Q$_%W%i%C%H%U%)!<%`�(B)
�$B$K$FF0:n$9$k!"!V%P!<%A%c%k!&%j%"%j%F%#!ZLuCm�(B: �$B2>A[8=<B![!W5;=Q$K$h$k�(B
Web �$B%5!<%U%#%s!#�(B
<P>
<P>
<DT><B>WAIS �$B%/%i%$%"%s%H�(B</B><DD><P>�$BA4$F$N%5%]!<%H:Q$_%W%i%C%H%U%)!<%`$GF0:n$9$k!#�(B
<P>
</DL>
<P>�$B%^%k%A%a%G%#%"�(B �$B5Z$S�(B �$BDL?.%/%i%$%"%s%H�(B -
<P>
<P>
<DL>
<DT><B>�$BA4$F$N�(B H.323 �$B%W%m%0%i%`�(B</B><DD><P>- MS Netmeeting, Intel Internet Phone Beta
�$B5Z$S$=$NB>$N�(B H.323 �$B%"%W%j%1!<%7%g%s�(B - �$B$3$l$i$K$D$$$F$O!"�(B IP �$B%^%9%+%l!<%I$r�(B
�$B7PM3$7$?@\B3$GF0$+$9$?$a$NJ}K!$,:#$N$H$3$m#2$DB8:_$7$^$9�(B -
<P>
<P>2.2.x �$B%+!<%M%k$G�(B Microsoft Netmeeting v3.x�$B$rF0$+$9$?$a$N0BDj$7$FF0:n$9$k%Y!<%?HG%b%8%e!<%k$,�(B
<A HREF="http://ipmasq.cjb.net/">IP �$B%^%9%+%l!<%I$N>pJs8;�(B</A>
�$B$^$?$O�(B
<A HREF="http://www.coritel.it/projects/sofia/nat.html">http://www.coritel.it/projects/sofia/nat.html</A> �$B$K$"$j$^$9!#$3$l$i$O$^$?JL$J%P!<%8%g%s�(B
�$B$H$7$F!"�(BNetmeeting 2.x �$B$r�(B 2.0.x �$B%+!<%M%k$GF0$+$9$?$a$N%b%8%e!<%k$,@h$N�(B MASQ WWW �$B%5%$%H$K$"$j$^$9$,�(B
�$B$3$l$O�(B Netmeeting v3.x �$B$O%5%]!<%H$7$F$$$^$;$s!#�(B
<P>
<P>�$B>&MQ%=%U%H$K$h$kJL$N2r7hJ}K!$H$7$F$O!"�(B
<A HREF="http://www.equival.com.au/phonepatch/index.html">Equivalence �$B$N�(B PhonePatch</A> �$B$K$h$k�(B H.323 �$B%2!<%H%&%'%$$,$"$j$^$9!#�(B
<P>
<P>
<DT><B>Alpha Worlds</B><DD><P>Windows �$B$GF0:n$9$k�(B �$B%/%i%$%"%s%H!&%5!<%PJ}<0$N�(B 3D �$B%A%c%C%H%W%m%0%i%`�(B
<P>
<DT><B>CU-SeeMe</B><DD><P>�$BA4$F$N%5%]!<%H:Q$_%W%i%C%H%U%)!<%`$GF0:n$7$^$9$,!"�(B
<EM>ip_masq_cuseeme</EM> �$B$rAH$_9~$`$3$H$,I,MW$G$9!#�(B
�$B>\:Y$K$D$$$F$O�(B
<A HREF="#CuSeeme">CuSeeme</A>
�$B$N>O$r;2>H$7$F$/$@$5$$!#�(B
<P>
<P>
<DT><B>ICQ</B><DD><P>�$BDs6!$5$l$?$9$Y$F$N%W%i%C%H%U%)!<%`$GF0:n!#�(B
Linux �$B%+!<%M%k$r�(B IPPORTFW �$B%5%]!<%H$rM-8z$K$7$F%3%s%Q%$%k$7!"�(B
ICQ �$B<+?H$O�(B �$BHs�(B SOCKS �$B%W%m%-%7$NFbIt$GF0:n$9$k$h$&$K@_Dj$7$J$1$l$P$J$j$^$;$s!#�(B
�$B@_Dj$NA4>\:Y$K$D$$$F$O�(B
<A HREF="#ICQ">ICQ</A>
�$B$N>O$r;2>H$7$F$/$@$5$$!#�(B
<P>
<P>
<DT><B>Internet Phone 3.2</B><DD><P>Windows �$B$GF0:n$9$k�(B �$B%T%"!&%D!<!&%T%"$N2;@<$K$h$k�(B
�$BDL?.$r2DG=$H$9$k$b$N$G$9!#�(B
�$B$"$J$?$NB&$+$iAj<j$r8F$S=P$;$PDLOC$,$G$-$^$9$,!"B>$NJ}$,$"$J$?$r8F$S=P$9$K$O�(B
�$BFCDj$N%]!<%H$KBP$9$kE>Aw$r@_Dj$7$J$1$l$P$J$j$^$;$s!#�(B
�$B>\:Y$K$D$$$F$O�(B
<A HREF="#Forwarders">�$B%U%)%o!<%@�(B (�$B%]!<%HE>Aw%D!<%k�(B)</A>
�$B$N>O$r;2>H$7$F$/$@$5$$!#�(B
<P>
<P>
<DT><B>Internet Wave Player</B><DD><P>Windows �$B$GF0:n$9$k!"%M%C%H%o!<%/!&%9%H%j!<%`!&%*!<%G%#%*!&%W%m%0%i%`�(B
<P>
<DT><B>Powwow</B><DD><P>Windows �$B$GF0:n$9$k!"%T%"!&%D!<!&%T%"%?%$%W$NJ8;z$H2;@<$r�(B
�$BJ;MQ$G$-$k!V%[%o%$%H%\!<%I!WDL?.%W%m%0%i%`$G$9!#�(B
�$B$"$J$?$NB&$+$iAj<j$r8F$S=P$;$PDLOC$,$G$-$^$9$,!"B>$NJ}$,$"$J$?$r8F$S=P$9$K$O�(B
�$BFCDj$N%]!<%H$KBP$9$kE>Aw$r@_Dj$7$J$1$l$P$J$j$^$;$s!#�(B
�$B>\:Y$K$D$$$F$O�(B
<A HREF="#Forwarders">�$B%U%)%o!<%@�(B (�$B%]!<%HE>Aw%D!<%k�(B)</A>
�$B$N>O$r;2>H$7$F$/$@$5$$!#�(B
<P>
<P>
<DT><B>Real Audio Player</B><DD><P>Windows �$B$GF0:n$9$k!"%M%C%H%o!<%/!&%9%H%j!<%_%s%0!&�(B
�$B%*!<%G%#%*!&%W%m%0%i%`$G$9!#�(B
<EM>ip_masq_raudio</EM> UDP �$B%b%8%e!<%k$r;H$($P!"9bIJ0L$N:F@8$,2DG=$G$9!#�(B
<P>
<P>
<DT><B>True Speech Player 1.1b</B><DD><P>Windows �$B$GF0:n$9$k%9%H%j!<%_%s%0!&%*!<%G%#%*!&%W%m%0%i%`$G$9!#�(B
<P>
<DT><B>VDOLive</B><DD><P>Windows �$B$GF0:n$7$^$9!#�(B
<EM>ip_masq_vdolive</EM> �$B%b%8%e!<%k$r;H$($P2DG=$G$9!#�(B
<P>�$B!ZLuCm�(B: �$B86J8$O�(B ip_masq_vdolive patch �$B$H$J$C$F$$$^$9$,!"<B:]$O�(B
�$B%b%8%e!<%k$G$9!#![�(B
<P>
<P>
<DT><B>Worlds Chat 0.9a</B><DD><P>Windows �$B$GF0:n$9$k!"%/%i%$%"%s%H!&%5!<%PJ}<0$N�(B 3D �$B%A%c%C%H%W%m%0%i%`$G$9!#�(B
</DL>
<P>
<A NAME="Game-Clients"></A> <P>
<P>�$B%M%C%H%o!<%/BP1~%2!<%`$NN`�(B - LooseUDP �$B%Q%C%A$K$D$$$F$N>\:Y$O�(B
<A HREF="#LooseUDP">LooseUDP</A>
�$B$N>O$r;2>H$7$F$/$@$5$$!#�(B
<P>
<P>
<DL>
<DT><B>Battle.net</B><DD><P>�$B%2!<%`%^%7%s$KBP$7$F!"�(B TCP �$B%]!<%H�(B 116 �$B$H�(B 118�$B!"�(B
�$B99$K�(B UDP �$B%]!<%H�(B 6112 �$B$r�(B IPPORTFW �$B$K$FM-8z$K$9$k$3$H$GF0:n$7$^$9!#�(B
�$B>\:Y$O�(B
<A HREF="#Forwarders">�$B%U%)%o!<%@�(B (�$B%]!<%HE>Aw%D!<%k�(B)</A>
�$B$N>O$r;2>H$7$F$/$@$5$$!#�(B
FSGS �$B$H�(B Bnetd �$B%5!<%P$O$^$@�(B NAT �$B4D6-$G$&$^$/F0$/$h$&$K=q$-D>$5$l$F�(B
�$B$$$^$;$s$N$G!"�(B IPPORTFW �$B$,I,MW$H$J$k$3$H$KCm0U$7$F$/$@$5$$!#�(B
<P>
<P>�$B!ZLuCm�(B: FSGS (Free Standard Game Server) �$B$O!"%V%j%6!<%I<R@=$N�(B
�$B%2!<%`%=%U%H$r%M%C%H%o!<%/BP@o;~$K;HMQ$9$k�(B battle.net �$B$r<g:E$9$k�(B
�$B%5!<%P%=%U%H%&%'%"$G$9!#�(B
�$B>\:Y$O!"�(B
<A HREF="http://www.fsgs.com/">Net-Games ...are you ready to play?</A>
�$B5Z$S�(B
<A HREF="http://b-ring.acc.ne.jp/">B-Ring</A>
�$B$r;2>H$7$F$/$@$5$$!#�(B
�$B$J$*!"Lu<T$,3NG'$7$?8B$j$G$O!"�(B B-Ring web �$B%5%$%H$N%H%C%W%Z!<%8$K�(B
�$B%"%/%;%9$9$k$K$O!"�(B ipchains �$B$G�(B tcp �$B%]!<%H�(B 11000 �$BHV$r�(B REJECT �$B$K�(B
�$B@_Dj$7$J$1$l$P$J$j$^$;$s$G$7$?!#�(B
bnetd �$B$O!"�(B Starcraft Battle.net server �$B$N%(%_%e%l!<%?$G!"�(B
GPL �$B$K=>$C$?%=!<%9$,<+M3$KF~<j$G$-$k$@$1$G$J$/!"�(B Linux, Irix �$B$N�(B
�$B%P%$%J%j$bG[I[$5$l$F$$$^$9!#�(B
�$B>\:Y$O!"�(B
<A HREF="http://www.bnetd.org/">http://www.bnetd.org/</A>
�$BEy$r;2>H$7$F$/$@$5$$!#![�(B
<P>
<P>
<DT><B>BattleZone 1.4</B><DD><P>LooseUDP �$B%Q%C%A5Z$S�(B NAT �$B4D6-$G$b$&$^$/F0$/�(B
<A HREF="http://us4.alink.activision.com/tmp/nat/">.DLLs from Activision</A> �$B$,I,MW$G$9!#�(B
<P>
<DT><B>Dark Reign 1.4</B><DD><P>LooseUDP �$B%Q%C%A$rE,MQ$9$k$+!"$^$?$O�(B
�$B%2!<%`%^%7%s$KBP$7$F�(BTCP �$B%]!<%H�(B 116�$B$H�(B118 �$B!"99$K�(B UDP �$B%]!<%H�(B 6112 �$B$K�(B
�$BBP$7$F�(B IPPORTFW �$B$rM-8z$K$9$k$3$H$,I,MW$G$9!#�(B
�$B>\:Y$K$D$$$F$O�(B
<A HREF="#Forwarders">�$B%U%)%o!<%@�(B (�$B%]!<%HE>Aw%D!<%k�(B)</A>
�$B$r;2>H$7$F$/$@$5$$!#�(B
<P>
<P>
<DT><B>Diablo</B><DD><P>LooseUDP �$B%Q%C%A$^$?$O�(B �$B%2!<%`%^%7%s$KBP$7$F�(B
TCP �$B%]!<%H�(B 116�$B$H�(B118�$B!"99$K�(B UDP �$B%]!<%H�(B 6112 �$B$KBP$7$F�(B IPPORTFW �$B$r�(B
�$BM-8z$K$9$k$3$H$,I,MW$G$9!#�(B
�$B?7$7$$%P!<%8%g%s$G$O�(B TCP �$B%]!<%H�(B 6112 �$B$H�(B UDP �$B%]!<%H�(B 6112 �$B$@$1$,�(B
�$B;H$o$l$F$$$^$9!#�(B
�$B>\:Y$K$D$$$F$O!"�(B
<A HREF="#Forwarders">�$B%U%)%o!<%@�(B (�$B%]!<%HE>Aw%D!<%k�(B)</A>
�$B$N>O$r;2>H$7$F$/$@$5$$!#�(B
<P>
<P>
<DT><B>Heavy Gear 2</B><DD><P>LooseUDP �$B%Q%C%A$^$?$O�(B �$B%2!<%`%^%7%s$KBP$7$F�(B
TCP �$B%]!<%H�(B 116�$B$H�(B118�$B!"99$K�(B UDP �$B%]!<%H�(B 6112 �$B$KBP$7$F�(B IPPORTFW �$B$r�(B
�$BM-8z$K$9$k$3$H$,I,MW$G$9!#�(B
�$B>\:Y$K$D$$$F$O�(B
<A HREF="#Forwarders">�$B%U%)%o!<%@�(B (�$B%]!<%HE>Aw%D!<%k�(B)</A>
�$B$r;2>H$7$F$/$@$5$$!#�(B
<P>
<P>
<DT><B>Quake I/II/III</B><DD><P>�$B$=$N$^$^$G$bF0:n$7$^$9$,!"�(BMASQ �$B$5$l$?�(B
linux �$B%\%C%/%9$h$jFbB&$N%M%C%H%o!<%/$KJ#?t$N�(B Quake I/II/III �$B%W%l%$%d!<$,�(B
�$B5o$k>l9g$O!"�(B <EM>ip_masq_quake</EM> �$B$r;H$&$3$H$,I,MW$H$J$j$^$9!#�(B
�$B$^$?!"$3$N%b%8%e!<%k$O%G%U%)%k%H$G$O�(B Quake I �$B$H�(B QuakeWorld �$B$r%5%]!<%H$9$k�(B
�$B$h$&$K$7$+$J$C$F$$$^$;$s!#�(B
�$B$b$7!"�(BQuake II �$B0J9_$d!"$"$k$$$O%G%U%)%k%H$G$O$J$$%5!<%P$N%]!<%HHV9f$r;H$&�(B
�$BI,MW$,$"$k$J$i!"�(B
<A HREF="IP-Masquerade-HOWTO-3.html#rc.firewall-2.0.x">rc.firewall-2.0.x</A>
�$B$d�(B
<A HREF="IP-Masquerade-HOWTO-3.html#rc.firewall-2.2.x">rc.firewall-2.2.x</A>
�$B%k!<%k%;%C%H$N%b%8%e!<%k$NAH$_9~$_$N>O$r�(B
�$B;2>H$7$F$/$@$5$$!#�(B
<P>
<P>
<DT><B>StarCraft</B><DD><P>LooseUDP �$B%Q%C%A$H�(B �$BFbIt$N%2!<%`%^%7%s$KBP$9$k�(B
TCP �$B$H�(B UDP �$B%]!<%H�(B 6112 �$B$r�(B IPPORTFW �$B$7$F$d$kI,MW$,$"$j$^$9!#�(B
�$B>\:Y$K$D$$$F$O!"�(B
<A HREF="#Forwarders">�$B%U%)%o!<%@�(B (�$B%]!<%HE>Aw%D!<%k�(B)</A>
�$B$r;2>H$7$F$/$@$5$$!#�(B
<P>
<P>
<DT><B>WorldCraft</B><DD><P>LooseUDP �$B%Q%C%A$r;H$($PF0:n$7$^$9!#�(B
</DL>
<P>
<P>
<P>�$B$=$NB>$N%/%i%$%"%s%H�(B -
<P>
<P>
<DL>
<DT><B>Linux net-acct �$B%Q%C%1!<%8�(B</B><DD><P>Linux�$B$GF0:n$9$k%M%C%H%o!<%/4IM}%"%+%&%s%H!&%Q%C%1!<%8�(B
<P>
<DT><B>NCSA Telnet 2.3.08</B><DD><P>DOS�$B$GF0:n$9$k�(B telnet, ftp, ping �$B$J$I$r4^$`%=%U%H%&%(%"%;%C%H�(B
<P>
<DT><B>PC-anywhere for Windows </B><DD><P>MS-Windows �$B$GF0:n$9$k!"�(BTCP/IP �$B%W%m%H%3%k$r�(B
�$BDL$8$F!"1s3VCO$K$"$k�(B PC �$B$rA`:n$9$k$?$a$N%W%m%0%i%`!#�(B
�$B%/%i%$%"%s%H$G$O$J$/%[%9%H$H$7$FF0:n$5$;$k>l9g$O!"FCJL$J%]!<%H!&�(B
�$B%U%)%o!<%G%#%s%0@_Dj$,$J$1$l$PF0:n$7$^$;$s!#�(B
�$B>\:Y$K$D$$$F$O!"�(B
<A HREF="#Forwarders">�$B%U%)%o!<%@�(B (�$B%]!<%HE>Aw%D!<%k�(B)</A>
�$B$N>O$r;2>H$7$F$/$@$5$$!#�(B
<P>
<P>
<P>
<P>
<DT><B>Socket Watch</B><DD><P>NTP(�$B%M%C%H%o!<%/7PM3$N;~9o@)8f%W%m%H%3%k�(B)�$B$r$D$+$C$F$$$k�(B
</DL>
<P>
<H3>IP �$B%^%9%+%l!<%I$G40A4$K$O%5%]!<%H$5$l$F$$$J$$$b$N�(B -</H3>
<P>
<DL>
<DT><B>Intel Streaming Media Viewer Beta 1</B><DD><P>�$B%5!<%P$K@\B3$G$-$J$$�(B
<P>
<DT><B>Netscape CoolTalk</B><DD><P>�$BDLOCAj<j$K@\B3$G$-$J$$�(B
<P>
<DT><B>WebPhone</B><DD><P>�$B:#$N$H$3$mF0:n$7$F$$$J$$�(B(�$BAj<j$N;XDjJ}K!$KITE,@Z$JA0Ds$rMQ$$$F$$$k�(B)
<P>
<P>
<P>
</DL>
<P>
<P>
<H2><A NAME="ss6.4">6.4 �$B$h$j6/NO$J�(B IP �$B%U%!%$%"%&%*!<%k�(B (IPFWADM) �$B%k!<%k%;%C%H�(B</A>
</H2>
<P>
<P>
<A NAME="Strong-IPFWADM-Rulesets"></A>
�$B$3$N>O$G$O!"%+!<%M%k�(B 2.0.x �$B$N%U%!%$%"%&%)!<%k!&%D!<%k$G$"$k�(B IPFWADM �$B$r�(B
�$B;H$&:]$N!"$h$j>\:Y$J%,%$%I$r<($7$^$9!#�(B
IPCHAINS �$B$N%k!<%k%;%C%H$K$D$$$F$O8e=R$7$^$9!#�(B
<P>
<P>�$B$3$NNc$O!"8GDjE*$K%"%I%l%9$,M?$($i$l$k$h$&$J�(B PPP �$B@\B3$NGX8e$K$"$k�(B
�$B%U%!%$%"%&%*!<%k$H%^%9%+%l!<%I$G$9�(B (�$BF0E*$K%"%I%l%9$,M?$($i$l$k�(B PPP �$B$N�(B
�$B;HMQK!$K$D$$$F$O!"4^$^$l$F$O$$$^$9$,L58z$K$7$F$$$^$9�(B)�$B!#�(B
�$B?.Mj$G$-$k%$%s%?%U%'!<%9$O�(B 192.168.0.1 �$B$G$"$j!"�(B PPP �$B%$%s%?!<%U%'!<%9$N�(B
�$B%"%I%l%9$O!V0-$$E[$i!W$+$i<i$k$?$a$KJQ99$5$l$F$$$^$9!#�(B
�$B=PF~$j$=$l$>$l$N%$%s%?%U%'!<%9$O$=$l$>$lJL$K%j%9%H$7$F$$$^$9$,!"$3$l$O�(B
�$B%k!<%F%#%s%0$d%^%9%+%l!<%I$r$o$+$j$d$9$/$9$k0J30$K�(BIP �$B%9%W!<%U%#%s%0�(B
�$B!ZLuCm�(B: �$B56Au![$d!"IT@5$J%k!<%F%#%s%0$r8!=P$7$d$9$/$9$k$?$a$N$b$N$G$b�(B
�$B$"$j$^$9!#�(B
�$BL@3N$K5v2D$5$l$F$$$J$$$b$N$O�(B<B>�$B6X;_�(B</B>�$B$G$9�(B (�$B<B:]$K$O5qH]$5$l$^$9�(B)�$B!#�(B
�$B$b$7!"$"$J$?$N�(B IP �$B%^%9%+%l!<%I�(B BOX �$B$,!"$3$N�(B rc.firewall �$B%9%/%j%W%H$r�(B
�$BF~$l$?$"$H$G$^$H$b$KF0$+$J$/$J$C$?$H$7$?$i!"�(B /var/log/messages �$B$"$k$$$O�(B
/var/adm/messages �$B$K$"$k�(B SYSLOG �$B%U%!%$%k$K2?$+%U%!%$%"%&%*!<%k4X78$N�(B
�$B%(%i!<$,$J$$$+3NG'$7$F!"@_Dj$,4V0c$C$F$$$J$$$+$r3N$+$a$F$/$@$5$$!#�(B
<P>
<P>PPP�$B$d%1!<%V%k%b%G%`$J$I$r;H$C$?!"�(BIPFWADM �$B$K$h$k$b$C$H6/8G$J�(B IP �$B%^%9%+%l!<%I$N<BMQE*$JNc$K$D$$$F$O�(B
<A HREF="http://www.ecst.csuchico.edu/~dranch/LINUX/index-linux.html#TrinityOS">TrinityOS - Section 10</A> �$B$d�(B
<A HREF="http://www.greatcircle.com/">GreatCircle's Firewall WWW page</A> �$B$r;2>H$7$F$/$@$5$$!#�(B
<P><B>�$BCm0U�(B - </B> �$B$b$7!"�(B TCP/IP �$B%"%I%l%9$,�(B PPP, ADSL, �$B%1!<%V%k%b%G%`$J$I$r�(B
�$B7PM3$7$F�(B ISP �$B$+$iF0E*$K3d$jEv$F$i$l$k>l9g$K$O!"$3$N6/8G$J%k!<%k%;%C%H$r�(B
<B>�$B5/F0;~$K@_Dj$9$k$3$H$O$G$-$^$;$s�(B</B>�$B!#�(B
�$B$3$N$h$&$J>l9g$K$O!"�(B IP �$B%"%I%l%9$,3d$jEv$F$i$l$kEY$K$3$N�(B
�$B%U%!%$%"%&%*!<%k!&%k!<%k%;%C%H$r:FEYFI$_9~$^$;$k$+!"$"$k$$$O�(B
/ec/rc.d/rc.firewall �$B%k!<%k%;%C%H$r$b$C$H%$%s%F%j%8%'%s%H$K:n$kI,MW$,�(B
�$B$"$j$^$9!#�(B
PPP�$B%f!<%6$,$3$N%k!<%k%;%C%H$rE,MQ$9$k>l9g$K$O!"0J9_$K<($9�(B
"Dynamic PPP IP fetch" �$B$H=q$+$l$?ItJ,$N%3%a%s%H$rCm0U?<$/E,@Z$K�(B
�$B30$7$F$/$@$5$$!#�(B
�$B$^$?!"6/8G$J%k!<%k%;%C%H5Z$SF0E*$K3d$jEv$F$i$l$k�(B IP �$B%"%I%l%9$K$D$$$F$N�(B
�$B$b$C$H>\$7$$2r@b$O!"�(B
<A HREF="http://www.ecst.csuchico.edu/~dranch/LINUX/index-linux.html#TrinityOS">TrinityOS - 10�$B>O�(B</A> �$B$K$"$j$^$9!#�(B
<P>
<P><B>�$B$^$?!"�(BGUI �$B%Y!<%9$G%U%!%$%"%&%*!<%k@_Dj$r@8@.$9$k$h$&$J%D!<%k$,�(B
�$B$$$/$D$+B8:_$7$^$9!#�(B
�$B>\:Y$O!"�(B
<A HREF="IP-Masquerade-HOWTO-7.html#FAQ">�$B$h$/$"$k<ALd�(B (FAQ)</A>
�$B$N>O$r;2>H$7$F$/$@$5$$!#�(B</B>
<P>
<P>�$B:G8e$K!"$b$7@EE*$K3d$jEv$F$i$l$k�(B IP �$B%"%I%l%9$r;H$C$F$$$k$J$i!"0J2<$NNc$N�(B
"ppp_ip="your.static.PPP.address"" �$B$H$J$C$F$$$kItJ,$r$"$J$?$N�(B IP �$B%"%I%l%9$K=q$-49$($F$/$@$5$$!#�(B
<P>�$B!ZLuCm�(B: �$B0lHLE*$J%W%m%P%$%@7PM3$N�(B PPP �$B@\B3$N>l9g!"%W%m%P%$%@B&$+$i�(B
IP �$B%"%I%l%9$,F0E*$K3d$jEv$F$i$l$^$9$N$G!"KX$I$N8D?M%f!<%6$O$3$N9T$K�(B
IP �$B%"%I%l%9$r=q$-F~$l$kI,MW$O$"$j$^$;$s!#![�(B
<P>
<P>----------------------------------------------------------------
<P>
<A NAME="stronger-rc.firewall-2.0.x"></A> <P>
<P>
<PRE>
#!/bin/sh
#
# /etc/rc.d/rc.firewall: IPFWADM �$B$r;H$C$?$d$d6/8G$J%U%!%$%"%&%*!<%k!&%k!<%k%;%C%H�(B
#
PATH=/sbin:/bin:/usr/sbin:/usr/bin
# �$B%F%9%HMQ�(B - �$B$7$P$i$/BT5!$7$F$+$i$9$Y$F$N%U%!%$%"%&%*!<%k%k!<%k$r%/%j%"$9$k!#�(B
# 10�$BJ,8e$K$9$Y$F$N@_Dj$r0lC62r=|$9$kI,MW$,$"$k$J$i!"0J2<$N%3%a%s%H$r2r=|$7$F$/$@$5$$!#�(B
# (sleep 600; \
# ipfwadm -I -f; \
# ipfwadm -I -p accept; \
# ipfwadm -O -f; \
# ipfwadm -O -p accept; \
# ipfwadm -F -f; \
# ipfwadm -F -p accept; \
# ) &
# �$BI,MW$J$9$Y$F$N�(B IP �$B%^%9%+%l!<%I%b%8%e!<%k$r%m!<%I$9$k�(B
#
# �$BCm0U�(B - �$BI,MW$J�(B IP �$B%^%9%+%l!<%I%b%8%e!<%k$@$1$r%m!<%I$7$^$9!#$9$Y$F$N�(BIP �$B%^%9%+%l!<%I�(B
# �$B%b%8%e!<%k$,0J2<$K5-=R$5$l$F$$$^$9$,!"%m!<%I$5$l$J$$$h$&$K%3%a%s%H$H$J$C$F�(B
# �$B$$$^$9!#�(B
# �$B%b%8%e!<%k$r:G=i$K%m!<%I$9$k;~$K$^$:I,MW�(B
#
/sbin/depmod -a
# PORT �$BJ}<0$r;H$C$F�(BFTP �$B%U%!%$%kE>Aw$K$*$1$kE,@Z$J�(B IP �$B%^%9%+%l!<%I$rDs6!$7$^$9�(B
#
/sbin/modprobe ip_masq_ftp
# UDP �$B%W%m%H%3%k$r7PM3$7$?!"�(BRealAudio �$B$N%^%9%+%l!<%I$rDs6!$7$^$9!#$3$N%b%8%e!<%k$,$J$/$F$b�(B
# RealAudio �$B$O�(B TCP �$B%b!<%I$GF0:n$7$^$9$,!"2;<A$ODc2<$7$^$9!#�(B
#
#/sbin/modprobe ip_masq_raudio
# IRC DCC �$B%U%!%$%kE>Aw$N%^%9%+%l!<%I$rDs6!$7$^$9�(B
#
#/sbin/modprobe ip_masq_irc
# �$B0J2<$N;XDj$K$h$C$F�(B Quake �$B$H�(B QuakeWorld �$B$r%G%U%)%k%H$GDs6!$7$^$9!#�(B
# �$B$3$N%b%8%e!<%k$O�(B Linux �$B$N�(B �$B%^%9%+%l!<%I%5!<%P$+$iFbB&$N%f!<%6$,�(B
# �$BJ#?tB8:_$9$k>l9g$N$?$a$N$b$N$G$9!#�(B
# �$B$b$7!"�(BQuake I, II, �$B$"$k$$$O�(B III �$B$r;H$$$?$$$J$i$P!"#2HVL\$NNc$r�(B
# �$B;H$C$F$/$@$5$$!#�(B
#
# �$BCm0U�(B - �$B$b$7!"�(BQUAKE �$B%b%8%e!<%k$N%m!<%I;~$K%(%i!<$,=P$?>l9g$O!"8E$$%P%0$N$"$k%+!<%M%k$,F0$$$F$$$^$9!#�(B
# ----- �$B$=$N>l9g$O$h$j?7$7$$%+!<%M%k$KCV$-49$($F$/$@$5$$!#�(B
#
#Quake I / QuakeWorld (ports 26000 and 27000)
#/sbin/modprobe ip_masq_quake
#
#Quake I/II/III / QuakeWorld (ports 26000, 27000, 27910, 27960)
#/sbin/modprobe ip_masq_quake 26000,27000,27910,27960
# CuSeeme �$B%S%G%*2q5D%=%U%H%&%(%"$KBP$9$k%^%9%+%l!<%I$rDs6!�(B
#
#/sbin/modprobe ip_masq_cuseeme
# VDO-Live �$B%S%G%*2q5D%=%U%H%&%(%"$KBP$9$k%^%9%+%l!<%I$rDs6!�(B
#
#/sbin/modprobe ip_masq_vdolive
#�$BHs>o$K=EMW�(B - IP �$B%U%)%o!<%G%#%s%0$O%G%U%)%k%H$G$OL58z$K$J$C$F$$$k$N$G!"M-8z$K$7$^$9!#�(B
#
# Redhat �$B%f!<%6$N>l9g$O!"�(B/etc/sysconfig/network �$B$N%*%W%7%g%s;XDj9T$r�(B
#
# FORWARD_IPV4=false
# �$B$+$i�(B
# FORWARD_IPV4=true
# �$B$KJQ99$7$F$/$@$5$$!#�(B
#
echo "1" > /proc/sys/net/ipv4/ip_forward
#�$BHs>o$K=EMW�(B - 2.2.x �$B%+!<%M%k$G$O�(B IP �$B%G%U%i%0%a%s%F!<%7%g%s$N%5%]!<%H$O%G%U%)%k%H$G$OL58z$G$9!#�(B
#
# �$B%3%s%Q%$%k;~$N;XDj$K$h$k$b$N$G$9$,!"�(B2.2.12 �$B%+!<%M%k0J9_$OJQ99$5$l$F$$$^$9!#�(B
#
echo "1" > /proc/sys/net/ipv4/ip_always_defrag
# �$BF0E*$K3d$jEv$F$i$l$k�(B IP �$B%"%I%l%9$r;HMQ$9$k%f!<%68~$1�(B -
#
# IP �$B%"%I%l%9$r�(B SLIP, PPP, DHCP �$B$J$I$+$iF0E*$K<hF@$9$k>l9g$O!"<!$N%*%W%7%g%s$rM-8z$K$7$F$/$@$5$$!#�(B
# �$B$3$N%*%W%7%g%s$O!"�(BIP �$B%^%9%+%l!<%I$GF0E*�(B IP �$B%"%I%l%9$NA`:n$r5v2D$7!"�(BDiald�$B$dF1MM$J%W%m%0%i%`$N�(B
# �$B;HMQ$r$h$jMF0W$K$9$k$b$N$G$9!#�(B
#
#echo "1" > /proc/sys/net/ipv4/ip_dynaddr
# �$B$"$J$?$N@EE*$J�(B IP �$B%"%I%l%9$r0J2<$K;XDj$7$^$9�(B
#
# �$BF0E*$K3d$jEv$F$i$l$k�(B IP �$B%"%I%l%9$r;HMQ$9$k$J$i!"?7$7$$�(B IP �$B%"%I%l%9$,3d$jEv$F$i$l$k$?$S$KE,MQ�(B
# �$B$9$k$h$&$K!"%k!<%k%;%C%H$r=q$-49$($J$1$l$P$J$j$^$;$s!#$=$N$?$a$K$O!"!"0J2<$N$h$&$J0l9T$N%9%/%j%W%H$r�(B
# �$BM-8z$K$9$kI,MW$,$"$j$^$9!#!J%9%/%j%W%HNcFb$N0l=E0zMQId$HFs=E0zMQId$N0c$$$O0UL#$r;}$A$^$9$N$GCm0U!K�(B
#
#
# DHCP �$B$rMxMQ$9$k>l9g�(B -
# ---------------------
# TCP/IP �$B%"%I%l%9$r�(B DHCP �$B$+$i<hF@$9$k>l9g$O!"�(B ppp �$B%;%/%7%g%s$N2<$K$"$k!"�(B
# "#" �$B$G%3%a%s%H%"%&%H$5$l$?ItJ,$rM-8z$K$7!"�(B"ppp0" �$B$H$"$kItJ,$r!"�(B
# �$B%$%s%?!<%M%C%H@\B3MQ$N%$%s%?%U%'!<%9$NL>A0$KCV$-49$($J$1$l$P�(B
# �$B$J$j$^$;$s�(B (�$BNc$($P!"�(B eth0 �$B$d�(B eth1 �$BEy�(B) �$B!#�(B
# DHCP �$B$O3d$jEv$F$?�(B IP �$B%"%I%l%9$r?o;~JQ99$9$k$3$H$KCm0U$7$F$/$@$5$$!#�(B
# �$B$3$NJQ99$r@5$7$/H?1G$5$;$k$K$O!"�(B DHCP �$B%j!<%9$,99?7$5$l$kEYKh$K!"�(B
# DHCP �$B%/%i%$%"%s%H$r:FEY<B9T$7$F%U%!%$%"%&%)!<%k%k!<%k%;%C%H$rH?1G�(B
# �$B$5$;$J$1$l$P$J$j$^$;$s!#�(B
#
# �$BCm0U�(B #1 - �$B5l%P!<%8%g%s$N�(B "pump" �$B$N$h$&$J�(B (�$B?7$7$$%P!<%8%g%s$G$O�(B
# �$BLdBjE@$O=$@5$5$l$F$$$^$9�(B) DHCP �$B%/%i%$%"%s%H$K$h$C$F$O!"�(B
# IP �$B%"%I%l%9%j!<%999?78e$K%9%/%j%W%H$r<B9T$9$k$3$H$,�(B
# �$B$G$-$J$$$b$N$,$"$j$^$9!#�(B
# �$B$=$N>l9g$O!"�(B"dhcpcd" �$B$+�(B "dhclient" �$B$KCV$-49$($J$1$l$P�(B
# �$B$J$j$^$;$s!#�(B
#
# �$BCm0U�(B #2 - �$B:G6a$N%P!<%8%g%s$N�(B "dhcpcd" �$B$G$O!"%3%^%s%IJ8K!$,JQ$o$C$F�(B
# �$B$$$^$9!#�(B
#
# �$B5l%P!<%8%g%s$G$N;XDjJ}K!$O!"<!$N$h$&$J$b$N$G$7$?�(B -
# dhcpcd -c /etc/rc.d/rc.firewall eth0
#
# �$B?7$7$$%P!<%8%g%s$G$O<!$N$h$&$K;XDj$7$^$9�(B -
# dhcpcd eth0 /etc/rc.d/rc.firewall
#
# �$BCm0U�(B #3 - Pump �$B$r;H$&>l9g!"�(B /etc/pump.conf �$B%U%!%$%k$K<!$N5-=R$r�(B
# �$BDI2C$7$F$/$@$5$$�(B -
#
# script /etc/rc.d/rc.firewall
#
#
# PPP �$B$rMxMQ$9$k>l9g�(B -
# --------------------
# �$B$*5$$E$-$G$O$J$$$+$b$7$l$^$;$s$,!"�(BPPP �$B@\B3$,3NN)$9$kEYKh$K!"�(B
# /etc/ppp/ip-up �$B%9%/%j%W%H$,F0:n$7$^$9!#�(B
# �$B$3$l$rMxMQ$7$F!"?7$7$$�(B IP �$B%"%I%l%9$N<hF@$H6/8G$J%U%!%$%"%&%)!<%k!&�(B
# �$B%k!<%k%;%C%H$N:F@_Dj$r9T$$$^$9!#�(B
#
# �$B$b$7!"�(B/etc/ppp/ip-up �$B$,$9$G$KB8:_$7$F$$$k$J$i!"$=$l$rJT=8$7$F�(B"/etc/rc.d/rc.firewall"
# �$B$H$$$&5-=R$r:G8e$N$"$?$j$KDI2C$9$k$h$&$K$7$F$/$@$5$$!#�(B
#
# �$B$b$7!"�(B/etc/ppp/ip-up �$B%9%/%j%W%H$,B8:_$7$J$+$C$?$J$i!"�(B/etc/rc.d/rc.firewall �$B%9%/%j%W%H�(B
# �$B$r<B9T$9$k$?$a$N<!$N$h$&$J%j%s%/$r:n@.$9$kI,MW$,$"$j$^$9!#�(B
#
# ln -s /etc/rc.d/rc.firewall /etc/ppp/ip-up
#
# * �$BB3$$$F!"0J2<$N%3%a%s%H%"%&%H$5$l$?%7%'%k%3%^%s%I$rI,MW$K1~$8$FM-8z$K$7$F$/$@$5$$�(B *
#
#
#
# PPP �$B5Z$S�(B DHCP �$B$rMxMQ$9$k>l9g�(B -
# --------------------------------
# �$B<!$N9T$N�(B "#" �$B$r:o=|$7$F!"$=$N<!$N9T$N@hF,$K�(B "#" �$B$rF~$l$F$/$@$5$$!#�(B
#
#ppp_ip="`/sbin/ifconfig ppp0 | grep 'inet addr' | awk '{print $2}' | sed -e
's/.*://'`"
#
ppp_ip="your.static.PPP.address"
# �$B%^%9%+%l!<%I$N%?%$%`%"%&%H�(B
#
# 2 �$B;~4V�(B= TCP �$B%;%C%7%g%s�(B
# 10 �$BIC!!�(B= TCP/IP �$B$N�(B "FIN" �$B%Q%1%C%H$,<u?.$5$l$?$"$H$N%H%i%U%#%C%/�(B
# 60 �$BIC!!�(B= UDP �$B%H%i%U%#%C%/�(B (�$B%^%9%+%l!<%I$5$l$?4D6-$G$N�(B ICQ �$B%f!<%6$O!"�(B
# ICQ �$B%/%i%$%"%s%H$N@_Dj$G!"%U%!%$%"%&%)!<%k%?%$%`%"%&%HCM$r�(B
# 30�$BIC$K;XDj$7$J$1$l$P$J$j$^$;$s�(B)
#
/sbin/ipfwadm -M -s 7200 10 60
#############################################################################
# �$BE~Ce%Q%1%C%H$K$D$$$F!"4{B8$N%k!<%k$rGK4~$7!"=i4|%]%j%7!<$r�(B
# �$B5q@d!ZLuCm�(B: reject�$B![$K@_Dj!#<B:]$O!"5q@d$7$F%m%0$K5-O?$9$k�(B
# �$B:G=*%k!<%k$rMQ0U$9$k$N$G!"$3$N%]%j%7!<$OF0:n$K$OL54X78$K$J$k!#�(B
# �$B!ZLuCm�(B: �$B%k!<%k$r�(B reject �$B$K$9$k$H!"%k!<%k$K9gCW$7$?%Q%1%C%H$rGK4~$7$F!"�(B
# "destination-unreachable" (�$BL\E*CO$KE~C#$7$J$$�(B) �$B$H$$$&�(B ICMP �$B%Q%1%C%H$r�(B
# �$BAj<jB&�(B (�$BAw?.85%"%I%l%9$N%^%7%s�(B) �$B$KH/?.$7$^$9!#�(B
# deny �$B$K$9$k$H!"�(B"destination-unreachable" �$B%Q%1%C%H$b=P$5$:$K!"<u?.$7$?�(B
# �$B%Q%1%C%H$rC1$KGK4~$7$^$9!#�(B
#
/sbin/ipfwadm -I -f
/sbin/ipfwadm -I -p reject
# �$B%m!<%+%k%^%7%sB&$+$i%m!<%+%k%$%s%?%U%'!<%9$KF~$k%Q%1%C%H$O!"$I$3$K�(B
# �$B8~$+$&$b$N$bM-8z$H$9$k!#�(B
#
/sbin/ipfwadm -I -a accept -V 192.168.0.1 -S 192.168.0.0/24 -D 0.0.0.0/0
# �$B%j%b!<%H%$%s%?%U%'!<%9B&$+$iF~$C$FMh$k�(B IP �$B%9%W!<%U%#%s%0!ZLuCm�(B: IP �$B56Au![�(B
# �$B%Q%1%C%H$dLB;R%Q%1%C%H$O!"K\Mh$J$i%m!<%+%k%^%7%s$+$i$G$"$k$Y$-$b$N$J$N$G!"�(B
# �$B5q@d$9$k!#�(B
#
/sbin/ipfwadm -I -a reject -V $ppp_ip -S 192.168.0.0/24 -D 0.0.0.0/0 -o
# �$B%j%b!<%H%$%s%?!<%U%'!<%9$+$iF~$k!"08@h%"%I%l%9$,�(B PPP �$B%"%I%l%9$N%Q%1%C%H$O!"�(B
# �$B$I$NH/?.85%"%I%l%9$+$i$N$b$N$bM-8z$H$9$k!#�(B
# �$B!ZLuCm�(B: �$B0J2<$N%3%^%s%I$NA0$K!"�(B
# /sbin/ipfwadm -I -a deny -V $ppp_ip -S 0.0.0.0/0 -y -D $ppp_ip/32 -o
# �$B$,$"$k$+!"0?$O0J2<$N%3%^%s%I$,�(B
# /sbin/ipfwadm -I -a accept -V $ppp_ip -S 0.0.0.0/0 -k -D $ppp_ip/32
# �$B$H$J$C$F$$$kJ}$,$h$j9%$^$7$$$H;W$$$^$9!#![�(B
#
/sbin/ipfwadm -I -a accept -V $ppp_ip -S 0.0.0.0/0 -D $ppp_ip/32
# �$B%k!<%W%P%C%/%$%s%?%U%'!<%9$rM-8z$H$9$k�(B
#
/sbin/ipfwadm -I -a accept -V 127.0.0.1 -S 0.0.0.0/0 -D 0.0.0.0/0
# �$B:G=*%k!<%k!#$=$NB>$NE~Ce%Q%1%C%H$O5q@d$5$l!"%m%0$K5-O?$5$l$k!#%]%j%7!<$K$O�(B
# �$B%m%05-O?$N$?$a$N%*%W%7%g%s$,$J$$$?$a!"$3$l$,$=$NLr3d$rBe$o$j$K2L$?$9$3$H$K�(B
# �$B$J$k!#�(B
#
/sbin/ipfwadm -I -a reject -S 0.0.0.0/0 -D 0.0.0.0/0 -o
#############################################################################
# �$BAw=P%Q%1%C%H$K$D$$$F!"4{B8$N%k!<%k$rGK4~$7!"=i4|%]%j%7!<$r�(B
# �$B5q@d!ZLuCm�(B: reject�$B![$K@_Dj!#<B:]$O!"5q@d$7$F%m%0$K5-O?$9$k:G=*%k!<%k$r�(B
# �$BMQ0U$9$k$N$G!"$3$N%]%j%7!<$OF0:n$K$OL54X78$K$J$k!#�(B
#
/sbin/ipfwadm -O -f
/sbin/ipfwadm -O -p reject
# �$B%m!<%+%k%$%s%?%U%'!<%9$+$i=PNO$5$l$k!"%m!<%+%k%M%C%H$X8~$+$&%Q%1%C%H$O�(B
# �$B$I$3$+$i$N$b$N$bM-8z$H$9$k!#�(B
#
/sbin/ipfwadm -O -a accept -V 192.168.0.1 -S 0.0.0.0/0 -D 192.168.0.0/24
# �$B%j%b!<%H%$%s%?%U%'!<%9>e$G%m!<%+%k%M%C%H$XAw=P$5$l$k%Q%1%C%H$O!"�(B
# �$B56Au%k!<%F%#%s%0$J$N$G!"5q@d$9$k!#�(B
#
/sbin/ipfwadm -O -a reject -V $ppp_ip -S 0.0.0.0/0 -D 192.168.0.0/24 -o
# �$B%j%b!<%H%$%s%?%U%'!<%9>e$G%m!<%+%k%M%C%H$+$iAw=P$5$l$k%Q%1%C%H$O!"�(B
# �$B$"$jF@$J$$%^%9%+%l!<%G%#%s%0$J$N$G!"5q@d$9$k!#�(B
#
/sbin/ipfwadm -O -a reject -V $ppp_ip -S 192.168.0.0/24 -D 0.0.0.0/0 -o
# �$B%j%b!<%H%$%s%?%U%'!<%9>e$G%m!<%+%k%M%C%H$+$iAw=P$5$l$k%Q%1%C%H$O!"�(B
# �$B$"$jF@$J$$%^%9%+%l!<%G%#%s%0$J$N$G!"5q@d$9$k!#�(B
#
/sbin/ipfwadm -O -a reject -V $ppp_ip -S 0.0.0.0/0 -D 192.168.0.0/24 -o
# �$B!ZLuCm�(B: �$B>e5-%k!<%k$O�(B2�$B$D>e$N$b$N$HA4$/F1$8$G$9$N$G!"L@$i$+$K4V0c$$$H�(B
# �$B;W$o$l$^$9!#![�(B
# �$B%j%b!<%H%$%s%?%U%'!<%9$+$i$N$=$l0J30$NAw=P%Q%1%C%H$OM-8z�(B
#
/sbin/ipfwadm -O -a accept -V $ppp_ip -S $ppp_ip/32 -D 0.0.0.0/0
# �$B%k!<%W%P%C%/%$%s%?%U%'!<%9$rM-8z$K$9$k�(B
#
/sbin/ipfwadm -O -a accept -V 127.0.0.1 -S 0.0.0.0/0 -D 0.0.0.0/0
# �$B:G=*%k!<%k!#$=$NB>$NAw=P%Q%1%C%H$O5q@d$5$l!"%m%0$K5-O?$5$l$k!#�(B
# �$B%]%j%7!<$K$O%m%05-O?$N$?$a$N%*%W%7%g%s$O$J$$$?$a!"$3$l$,$=$NLr3d$r�(B
# �$BBe$o$j$K2L$?$9$3$H$K$J$k!#�(B
#
/sbin/ipfwadm -O -a reject -S 0.0.0.0/0 -D 0.0.0.0/0 -o
#############################################################################
# �$BE>Aw%Q%1%C%H$K$D$$$F!"4{B8$N%k!<%k$rGK4~$7!"=i4|%]%j%7!<$r�(B
# �$BH]Dj!ZLuCm�(B: deny�$B![$K@_Dj!#<B:]$O!"H]Dj$7$F%m%0$K5-O?$9$k:G=*%k!<%k$r�(B
# �$BMQ0U$9$k$N$G!"$3$N%]%j%7!<$OF0:n$K$OL54X78$K$J$k!#�(B
#
/sbin/ipfwadm -F -f
/sbin/ipfwadm -F -p deny
# �$B%m!<%+%k%$%s%?%U%'!<%9>e$N%m!<%+%k%M%C%H$+$i$=$NB>$N08@h$X$N%Q%1%C%H$r�(B
# �$B%^%9%+%l!<%I$9$k!#�(B
#
#
/sbin/ipfwadm -F -a masquerade -W ppp0 -S 192.168.0.0/24 -D 0.0.0.0/0
#
# �$B:G=*%k!<%k!#$=$NB>$NE>Aw%Q%1%C%H$O5q@d$5$l!"%m%0$K5-O?$5$l$k!#�(B
# �$B%]%j%7!<$K$O%m%05-O?$N$?$a$N%*%W%7%g%s$O$J$$$?$a!"$3$l$,$=$NLr3d$r�(B
# �$BBe$o$j$K2L$?$9$3$H$K$J$k!#�(B
#
/sbin/ipfwadm -F -a reject -S 0.0.0.0/0 -D 0.0.0.0/0 -o
#�$B%U%!%$%k=*$o$j!#�(B
</PRE>
<P>
<P>
<P>IPFWADM �$B$G$O!"�(B -I, -O �$B$"$k$$$O�(B -F �$B%k!<%k$K$h$C$F!"FCDj$N%5%$%H$X$N�(B
�$B%H%i%U%#%C%/$rAK;_$9$k$3$H$,$G$-$^$9!#�(B
�$B$3$N%k!<%k$O:G=i$+$i:G8e$X$H=g$KE,MQ$5$l$F$$$-$^$9!#�(B
�$B$^$?!"�(B IPFWADM �$B$N�(B "-a"�$B%*%W%7%g%s$O!"4{B8$N%k!<%k72$KBP$7$F?7$7$$�(B
�$B%k!<%k$r!VDI2C!W$9$k$b$N$@$H$$$&$3$H$KCm0U$7$F$/$@$5$$!#�(B
�$B$3$l$KN10U$9$k$H!"A4BN$N%k!<%k$r;XDj$9$kA0$K!"B>$N8DJL$N@)8B$,I,MW$H�(B
�$B$J$C$F$-$^$9!#�(B
�$B$?$H$($P!"<!$N$h$&$J$b$N$G$9�(B -
<P>
<P>-I (�$BE~Ce�(B)�$B%k!<%k�(B -
<P>-I (input) �$B%k!<%k$r;H$&�(B -
<P>�$B!ZLuCm�(B: �$BA4$F$N%$%s%?!<%U%'!<%9$KE~Ce$9$k%Q%1%C%H$,DL2a$9$k%k!<%k$G$9!#�(B
�$B8DJL$N%$%s%?!<%U%'!<%9$N;XDj$O!"�(B -V �$B%*%W%7%g%sKt$O�(B -W �$B%*%W%7%g%s$G�(B
�$B;XDj$7$^$9!#![�(B
<P>�$B$3$l$O$*$=$i$/%H%i%U%#%C%/$r%V%m%C%/$9$k0Y$N!":G$b<j$C<h$jAa$/$F�(B
�$B8zN($NNI$$J}K!$G$9$,!"%^%9%+%l!<%I$5$l$?%^%7%s$KBP$7$F$N$_AK;_$G$-!"�(B
�$B%U%!%$%"%&%)!<%k%^%7%s<+?H$X$N%H%i%U%#%C%/$OAK;_$G$-$^$;$s!#�(B
�$B$b$A$m$s!"$3$NAH$_9g$o$;$r5v2D$7$?$$$H$$$&$3$H$b$"$k$G$7$g$&$,!#�(B
<P>
<P>
<P>�$B$5$F!"�(B 204.50.10.13 �$B$H$$$&%"%I%l%9$X$N%H%i%U%#%C%/$rAK;_$9$k>l9g�(B -
<P>
<P>
<P>/etc/rc.d/rc.firewall �$B%k!<%k%;%C%H$NCf$N�(B
<P>/etc/rc.d/rc.firewall �$B$N%k!<%k%;%C%H$NCf�(B -
<P>
<PRE>
... -I �$B%k!<%k$N$O$8$^$j�(B ...
# �$B%m!<%+%k%$%s%?%U%'!<%9>e$G!"�(B 204.50.10.13 �$B$H$$$&%^%7%s$X$N%Q%1%C%H$r�(B
# �$B5q@d$7$F%m%0$r<h$k!#�(B
#
/sbin/ipfwadm -I -a reject -V 192.168.0.1 -S 192.168.0.0/24 -D 204.50.10.13/32
-o
#�$B!!%m!<%+%k%$%s%?%U%'!<%9>e$G!"$"$i$f$k%m!<%+%k%^%7%s$+$iH/$;$i$l$k�(B
# �$B%Q%1%C%H$O!"$I$3$X8~$+$&$b$N$bM-8z$H$9$k!#�(B
#
/sbin/ipfwadm -I -a accept -V 192.168.0.1 -S 192.168.0.0/24 -D 0.0.0.0/0
... -I �$B%k!<%k$N=*$o$j�(B ...
</PRE>
<P>
<P>-o (�$BAw=P�(B)�$B%k!<%k�(B -
<P>-O (output) �$B%k!<%k$r;H$&�(B -
<P>�$B!ZLuCm�(B: �$BA4$F$N%$%s%?!<%U%'!<%9$+$iAw=P$5$l$k%Q%1%C%H$,DL2a$9$k%k!<%k$G$9!#�(B
�$B8DJL$N%$%s%?!<%U%'!<%9$N;XDj$O!"�(B -V �$B%*%W%7%g%sKt$O�(B -W �$B%*%W%7%g%s$G�(B
�$B;XDj$7$^$9!#![�(B
<P>
<P>�$B$3$l$O%H%i%U%#%C%/$r%V%m%C%/$9$k$K$OCY$$J}K!$G$9!#�(B
�$B2?8N$J$i$P!"%Q%1%C%H$OGK4~$5$l$k$h$j0JA0$K%^%9%+%l!<%I$rDL$C$F$7$^$&�(B
�$B$+$i$G$9!#�(B
�$B$7$+$7$J$,$i$3$N%k!<%k$G$b!"6X;_$7$F$$$k%5%$%H$+$i$N%U%!%$%"%&%)!<%k�(B
�$B%^%7%s$KBP$9$k%"%/%;%9$rAK;_$9$k$3$H$,$G$-$^$9!#�(B
<P>
<P>
<PRE>
... -O �$B%k!<%k$N;O$^$j�(B ...
# 204.50.10.13 �$B$K8~$1$i$l$?%Q%1%C%H$r5qH]$7$F%m%0$r:N<h$9$k�(B
#
/sbin/ipfwadm -O -a reject -V $ppp_ip -S $ppp_ip/32 -D 204.50.10.13/32 -o
# �$B>e5-0J30$N%j%b!<%H%$%s%?%U%'!<%9>e$G$N$"$i$f$k%Q%1%C%H$NAw=P$O�(B
# �$BM-8z$K$9$k!#�(B
#
/sbin/ipfwadm -O -a accept -V $ppp_ip -S $ppp_ip/32 -D 0.0.0.0/0
... -O �$B%k!<%k$N=*$o$j�(B ...
</PRE>
<P>
<P>-F (�$BE>Aw�(B)�$B%k!<%k$N;HMQ�(B -
<P>-F (forward) �$B%k!<%k$r;H$&�(B -
<P>�$B!ZLuCm�(B: �$BA4$F$N%$%s%?!<%U%'!<%9>e$GE>Aw$5$l$k%Q%1%C%H$,DL2a$9$k%k!<%k$G$9!#�(B
�$B8DJL$N%$%s%?!<%U%'!<%9$N;XDj$O!"�(B -V �$B%*%W%7%g%sKt$O�(B -W �$B%*%W%7%g%s$G�(B
�$B;XDj$7$^$9!#![�(B
<P>
<P>�$B$*$=$i$/!"%H%i%U%#%C%/$r%V%m%C%/$9$k$K$O!"�(B -I (input) �$B%k!<%k$h$j�(B
�$BCY$$J}K!$G$9$,!"%^%9%+%l!<%I$5$l$?%^%7%s�(B (�$B$?$H$($P!"%m!<%+%k%(%j%"�(B
�$B%M%C%H%o!<%/$N%^%7%s�(B) �$B$KBP$9$k%H%i%U%#%C%/$@$1$OAK;_$G$-$^$9!#�(B
�$B%U%!%$%"%&%)!<%k%^%7%s$O6X;_$7$?$$%5%$%H$+$iE~C#2DG=$N$^$^$G$9!#�(B
<P>
<PRE>
... -F �$B%k!<%k$N3+;O�(B ...
# PPP �$B%$%s%?%U%'!<%9>e$G$N�(B 204.50.10.13 �$B$K8~$1$?%Q%1%C%H$r5qH]$7$F%m%0:N<h$9$k�(B
#
/sbin/ipfwadm -F -a reject -W ppp0 -S 192.168.0.0/24 -D 204.50.10.13/32 -o
# �$B%m!<%+%k%$%s%?!<%U%'!<%9B&$N%m!<%+%k%M%C%H$+$i$N%^%9%+%l!<%I$r9T$&�(B
#
/sbin/ipfwadm -F -a masquerade -W ppp0 -S 192.168.0.0/24 -D 0.0.0.0/0
... -F �$B%k!<%k$N=*$o$j�(B ...
</PRE>
<P>192.168.0.0/24 �$B$N%^%7%s$+$i�(B 204.50.11.0 �$B$K8~$1$F$N%"%/%;%9$r5v$9FCJL$J%k!<%k$OITMW$G$9!#�(B
�$B$J$<$J$i!"$=$l$i$OA4BNE*$J%^%9%+%l!<%G%#%s%0$N%k!<%k$K$h$C$F$^$+$J$o$l$F$$$k$+$i$G$9!#�(B
<P>�$BCm0U�(B -
�$BA0=P$NJ}K!0J30$K$b!"3F%$%s%?%U%'!<%9$r5-=R$9$kJ}K!$O$"$j$^$9!#�(B
�$BNc$($P!"�(B "-V 192.168.255.1" �$B$H$$$&5-=R$NBe$o$j$K!"�(B"-W eth0"�$B$H$b�(B
�$B=q$1$^$9$7!"�(B "-V $ppp_ip" �$B$H$$$&5-=R$NBe$o$j$K�(B "-W ppp0" �$B$H$b�(B
�$B=q$1$^$9!#�(B
"-V" �$B$r;H$&J}K!$O�(B IPCHAINS �$B$X0\9T$9$k>l9g$K$O;H$($^$;$s!#�(B
�$B$7$+$7!"�(B IPFWADM �$B$N%f!<%6$,$I$A$i$rA*Br$9$k$+$O8D?M$N<+M3$G$"$j!"�(B
�$BL@J82=$7$F=R$Y$k$^$G$b$J$$$3$H$G$9!#�(B
<P>
<P>
<P>
<H2><A NAME="ss6.5">6.5 IPCHAINS �$B$K$h$k$5$i$K6/8G$J�(B IP �$B%U%!%$%"%&%*!<%k!&%k!<%k%;%C%H�(B</A>
</H2>
<P>
<P>
<A NAME="Strong-IPCHAINS-Rulesets"></A> <P>�$B$3$N>O$G$O!"�(B 2.2.x �$B7O%+!<%M%k$N%U%!%$%"%&%)!<%k%D!<%k$G$"$k�(B IPCHAINS �$B$N�(B
�$B>\:Y$J%,%$%I$r5-$7$^$9!#�(B
IPFWADM �$B$K$D$$$F$OA0=P$r;2>H$7$F$/$@$5$$!#�(B
<P>
<P>�$B$3$NNc$O!"8GDjE*$J�(B IP �$B%"%I%l%9$r;}$D�(B PPP �$B@\B3$NGX8e$K$"$k�(B
�$B%U%!%$%"%&%)!<%k$H%^%9%+%l!<%I$G$9�(B (�$BF0E*$K%"%I%l%9$rM?$($i$l$k�(B PPP �$B$N�(B
�$BL?Na$K$D$$$F$O4^$^$l$F$O$$$^$9$,M-8z$K$O$7$F$$$^$;$s�(B)�$B!#�(B
�$B?.Mj$G$-$k%$%s%?%U%'!<%9$O�(B 192.168.0.1 �$B$G$"$j!"�(B PPP �$B%$%s%?!<%U%'!<%9$N�(B
�$B%"%I%l%9$O!V0-$$E[$i!W$+$i<i$k$?$a$K=q$-49$($F$$$^$9!#�(B
�$B=PF~$j$=$l$>$l$N%$%s%?%U%'!<%9$OJL!9$KNs5s$7$F$$$^$9$,!"�(B
�$B$3$l$O�(B �$B%k!<%F%#%s%0$d%^%9%+%l!<%I$r$o$+$j$d$9$/$9$k0J30$K�(B
IP �$B%9%W!<%U%#%s%0$dIT@5$J%k!<%F%#%s%0$r8!=P$7$d$9$/$9$k$?$a$N$b$N$G$b�(B
�$B$"$j$^$9!#�(B
�$BL@3N$K5v2D$5$l$F$$$J$$$b$N$O�(B<B>�$B6X;_�(B</B>�$B$G$9�(B(�$B<B:]$K$O5q@d$5$l$^$9�(B)�$B!#�(B
�$B$b$7!"$"$J$?$N�(B IP �$B%^%9%+%l!<%I�(B BOX �$B$,!"$3$N�(B rc.firewall �$B%9%/%j%W%H$r�(B
�$BF~$l$?$"$H$G$^$H$b$KF0$+$J$/$J$C$?$H$7$?$i!"�(B /var/log/messages �$B$"$k$$$O�(B
/var/adm/messages �$B$K$"$k�(B SYSLOG �$B%U%!%$%k$K2?$+%U%!%$%"%&%*!<%k4X78$N�(B
�$B%(%i!<$,$J$$$+3NG'$7$F!"@_Dj$,4V0c$C$F$$$J$$$+$r3N$+$a$F$/$@$5$$!#�(B
<P>
<P>PPP�$B$d%1!<%V%k%b%G%`$J$I$r;H$C$?!"�(BIPCHAINS �$B$K$h$k$b$C$H6/8G$J�(B IP �$B%^%9%+%l!<%I$N<BMQE*$JNc$K$D$$$F$O�(B
<A HREF="http://www.ecst.csuchico.edu/~dranch/LINUX/index-linux.html#TrinityOS">TrinityOS - Section 10</A> �$B$d�(B
<A HREF="http://www.greatcircle.com/">GreatCircle's Firewall WWW page</A> �$B$r;2>H$7$F$/$@$5$$!#�(B
<P>
<P><B>�$BCm0U�(B #1 - </B>2.2.16�$B0JA0$N�(B Linux �$B%+!<%M%k$K$O!"�(B TCP �$B@\B3$G%k!<%H8"8B�(B
�$B$rC%<h$5$l$k4m81@-$,$"$j!"99$K�(B 2.2.11 �$B0JA0$N$b$N$K$O�(B IPCHAINS �$B$N�(B
�$B%U%i%0%a%s%F!<%7%g%s$K4X$9$k%P%0$,$"$j$^$9!#�(B
�$B$3$N$?$a!"6/8G$J�(B IPCHAINS �$B%k!<%k%;%C%H$r2TF/$5$;$k:]$K$O!"967b$KBP$7$F�(B
�$BL5KIHw$G$9!#�(B
�$B=$@5$5$l$?%P!<%8%g%s$N%+!<%M%k$r;H$C$F$/$@$5$$!#�(B
<P>
<P><B>�$BCm0U�(B #2 - </B> �$B$b$7!"�(BTCP/IP�$B%"%I%l%9$,�(B PPP, ADSL, �$B%1!<%V%k%b%G%`$J$I$r�(B
�$B7PM3$7$F�(B ISP �$B$+$iF0E*$K3d$jEv$F$i$l$k>l9g$K$O!"$3$N6/8G$J%k!<%k%;%C%H$r�(B
<B>�$B5/F0;~$K@_Dj$9$k$3$H$O$G$-$^$;$s�(B</B>�$B!#�(B
�$B$3$N$h$&$J>l9g$K$O!"�(BIP �$B%"%I%l%9$,3d$jEv$F$i$l$kEY$K$3$N�(B
�$B%U%!%$%"%&%)!<%k!&%k!<%k%;%C%H$r:FEYFI$_9~$^$;$k$+!"$"$k$$$O�(B
/ec/rc.d/rc.firewall �$B%k!<%k%;%C%H$r$b$C$H%$%s%F%j%8%'%s%H$K:n$kI,MW$,�(B
�$B$"$j$^$9!#�(B
PPP �$B%f!<%6$,$3$N%k!<%k%;%C%H$rE,MQ$9$k>l9g$K$O!"8e=R$9$k�(B
"Dynamic PPP IP fetch" �$B$H=q$+$l$?ItJ,$N%3%a%s%H$rCm0U?<$/E,@Z$K�(B
�$B30$7$F$/$@$5$$!#�(B
�$B$^$?!"6/8G$J%k!<%k%;%C%H5Z$SF0E*$K3d$jEv$F$i$l$k�(B IP �$B%"%I%l%9$K$D$$$F$N�(B
�$B$b$C$H>\$7$$2r@b$O!"�(B
<A HREF="http://www.ecst.csuchico.edu/~dranch/LINUX/index-linux.html#TrinityOS">TrinityOS - Section 10</A> �$B$K$"$j$^$9!#�(B
<P>
<P><B>�$B$^$?!"�(BGUI �$B%Y!<%9$G%U%!%$%"%&%)!<%k$N@_Dj$r@8@.$9$k$h$&$J%D!<%k$,�(B
�$B$$$/$D$+B8:_$7$^$9!#�(B
�$B>\:Y$O�(B
<A HREF="IP-Masquerade-HOWTO-7.html#FAQ">�$B$h$/$"$k<ALd�(B (FAQ)</A>
�$B$N>O$r;2>H$7$F$/$@$5$$!#�(B</B>
<P>
<P>�$B:G8e$K!"$b$7@EE*$K3d$jEv$F$i$l$k�(B IP �$B%"%I%l%9$r;H$C$F$$$k$J$i!"0J2<$NNc$N�(B
"ppp_ip="your.static.PPP.address"" �$B$H$J$C$F$$$kItJ,$r$"$J$?$N�(B IP �$B%"%I%l%9$K=q$-49$($F$/$@$5$$!#�(B
----------------------------------------------------------------
<P>
<P>
<A NAME="stronger-rc.firewall-2.2.x"></A> <P>
<PRE>
#!/bin/sh
#
# /etc/rc.d/rc.firewall - �$B$d$d6/8G$J�(B IPCHAINS �$B%U%!%$%"%&%*!<%k!&%k!<%k%;%C%H�(B
#
PATH=/sbin:/bin:/usr/sbin:/usr/bin
# �$BI,MW$J$9$Y$F$N�(B IP �$B%^%9%+%l!<%I%b%8%e!<%k$r%m!<%I$9$k�(B
#
# �$BCm0U�(B - �$BI,MW$J�(B IP �$B%^%9%+%l!<%I%b%8%e!<%k$@$1$r%m!<%I$7$^$9!#$9$Y$F$N�(B IP �$B%^%9%+%l!<%I%b%8%e!<%k$,�(B
# �$B0J2<$K5-=R$5$l$F$$$^$9$,!"%m!<%I$5$l$J$$$h$&$K%3%a%s%H$H$J$C$F$$$^$9!#�(B
# �$B%b%8%e!<%k$r:G=i$K%m!<%I$9$k;~$K$^$:I,MW�(B
#
/sbin/depmod -a
# PORT �$BJ}<0$r;H$C$F�(BFTP �$B%U%!%$%kE>Aw$K$*$1$kE,@Z$J�(B IP �$B%^%9%+%l!<%I$rDs6!$7$^$9�(B
#
/sbin/modprobe ip_masq_ftp
# UDP �$B%W%m%H%3%k$r7PM3$7$?!"�(BRealAudio �$B$N%^%9%+%l!<%I$rDs6!$7$^$9!#$3$N%b%8%e!<%k$,$J$/$F$b�(B
# RealAudio �$B$O�(B TCP �$B%b!<%I$GF0:n$7$^$9$,!"2;<A$ODc2<$7$^$9!#�(B
#
/sbin/modprobe ip_masq_raudio
# IRC DCC �$B%U%!%$%kE>Aw$N%^%9%+%l!<%I$rDs6!$7$^$9�(B
#
#/sbin/modprobe ip_masq_irc
# �$B0J2<$N;XDj$K$h$C$F�(B Quake �$B$H�(B QuakeWorld �$B$r%G%U%)%k%H$GDs6!$7$^$9!#$3$N%b%8%e!<%k$O�(B Linux
# �$B$N�(B �$B%^%9%+%l!<%I!&%\%C%/%9$+$iFbB&$NJ#?t%f!<%6$,B8:_$9$k>l9g$N$?$a$N$b$N$G$9!#�(B
# �$B$b$7!"�(BQuake I, II, �$B$"$k$$$O�(B III �$B$r;H$$$?$$$J$i$P!"#2HVL\$NNc$r;H$C$F$/$@$5$$!#�(B
#
# �$BCm0U�(B - �$B$b$7!"�(BQUAKE �$B%b%8%e!<%k$N%m!<%I;~$K%(%i!<$,=P$?>l9g$O!"8E$$%P%0$N�(B
# ------ �$B$"$k%+!<%M%k$,F0$$$F$$$^$9!#�(B
# �$B$=$N>l9g$O$h$j?7$7$$%+!<%M%k$KCV$-49$($F$/$@$5$$!#�(B
#
#Quake I / QuakeWorld (ports 26000 and 27000)
#/sbin/modprobe ip_masq_quake
#
#Quake I/II/III / QuakeWorld (ports 26000, 27000, 27910, 27960)
#/sbin/modprobe ip_masq_quake 26000,27000,27910,27960
# CuSeeme �$B%S%G%*2q5D%=%U%H%&%(%"$KBP$9$k%^%9%+%l!<%I$rDs6!�(B
#
#/sbin/modprobe ip_masq_cuseeme
# VDO-Live �$B%S%G%*2q5D%=%U%H%&%(%"$KBP$9$k%^%9%+%l!<%I$rDs6!�(B
#
#/sbin/modprobe ip_masq_vdolive
#�$BHs>o$K=EMW�(B - IP �$B%U%)%o!<%G%#%s%0$O%G%U%)%k%H$G$OL58z$K$J$C$F$$$k$N$G!"M-8z$K$7$^$9!#�(B
#
# Redhat �$B%f!<%6$N>l9g$O!"�(B/etc/sysconfig/network �$B$N%*%W%7%g%s;XDj9T$r�(B
#
# FORWARD_IPV4=false
# �$B$+$i�(B
# FORWARD_IPV4=true
# �$B$KJQ99$7$F$/$@$5$$!#�(B
#
echo "1" > /proc/sys/net/ipv4/ip_forward
#�$BHs>o$K=EMW�(B - 2.2.x �$B%+!<%M%k$G$O�(B IP �$B%G%U%i%0%a%s%F!<%7%g%s$N%5%]!<%H$O%G%U%)%k%H$G$OL58z$G$9!#�(B
#
# �$B%3%s%Q%$%k;~$N;XDj$K$h$k$b$N$G$9$,!"�(B2.2.12 �$B%+!<%M%k0J9_$OJQ99$5$l$F$$$^$9!#�(B
# �$B$^$?!"%G%#%9%H%j%S%e!<%7%g%s$K$h$C$F$O�(B /proc �$B%F!<%V%k$+$i�(B
# �$B$3$N%*%W%7%g%s$,=|30$5$l$F$$$k$3$H$b$"$j$^$9$N$G!"$=$N>l9g$O�(B
# /proc �$B%G%#%l%/%H%j$KB8:_$7$J$1$l$P5$$K$7$J$/$F$b9=$$$^$;$s!#�(B
#
echo "1" > /proc/sys/net/ipv4/ip_always_defrag
# �$BF0E*$K3d$jEv$F$i$l$k�(B IP �$B%"%I%l%9$r;HMQ$9$k%f!<%68~$1�(B -
#
# IP �$B%"%I%l%9$r�(B SLIP, PPP, DHCP �$B$J$I$+$iF0E*$K<hF@$9$k>l9g$O!"<!$N%*%W%7%g%s$rM-8z$K$7$F$/$@$5$$!#�(B
# �$B$3$N%*%W%7%g%s$O!"�(BIP �$B%^%9%+%l!<%I$GF0E*�(B IP �$B%"%I%l%9$NA`:n$r5v2D$7!"�(BDiald �$B$dF1MM$J%W%m%0%i%`$N�(B
# �$B;HMQ$r$h$jMF0W$K$9$k$b$N$G$9!#�(B
#echo "1" > /proc/sys/net/ipv4/ip_dynaddr
# �$B%$%s%?!<%M%C%H$rI,MW$H$9$k!"$$$/$D$+$N%W%m%0%i%`$KBP$9$k�(B LooseUDP �$B%Q%C%A$rM-8z$K$9$k�(B
#
# IP �$B%^%9%+%l!<%I$r7PM3$7$F%$%s%?!<%M%C%H%2!<%`$rF0$+$=$&$H$7$F$$$F!"$I$&$7$F$b$=$l$,F0$+$J$$$H$$$&�(B
# �$B$N$J$i!"$3$N%*%W%7%g%s$rM-8z$K$7$F$_$F$/$@$5$$�(B(�$B0J2<$N�(B "#" �$B$r:o=|$7$^$9�(B)�$B!#�(BUDP �$B%]!<%H%9%-%c%s$K�(B
# �$BBP$9$k@H<e@-$N2DG=@-$,$"$k$N$G!"$3$N%*%W%7%g%s$O%G%U%)%k%H$G6X;_$5$l$F$$$^$9!#�(B
#
#echo "1" > /proc/sys/net/ipv4/ip_masq_udp_dloose
# �$B$"$J$?$N@EE*$J�(B IP �$B%"%I%l%9$r0J2<$K;XDj$7$^$9�(B
#
# �$BF0E*$K3d$jEv$F$i$l$k�(B IP �$B%"%I%l%9$r;HMQ$9$k$J$i!"?7$7$$�(B IP �$B%"%I%l%9$,3d$jEv$F$i$l$k$?$S$KE,MQ�(B
# �$B$9$k$h$&$K!"%k!<%k%;%C%H$r=q$-49$($J$1$l$P$J$j$^$;$s!#$=$N$?$a$K$O!"!"0J2<$N$h$&$J0l9T$N%9%/%j%W%H$r�(B
# �$BM-8z$K$9$kI,MW$,$"$j$^$9!#!J%9%/%j%W%HNcFb$N0l=E0zMQId$HFs=E0zMQId$N0c$$$O0UL#$r;}$A$^$9$N$GCm0U!K�(B
#
#
# DHCP �$B$rMxMQ$9$k>l9g�(B -
# -----------
# TCP/IP �$B%"%I%l%9$r�(B DHCP �$B$+$i<hF@$9$k>l9g$O!"�(Bppp �$B%;%/%7%g%s$N2<$K$"$k�(B"#"�$B$G%3%a%s%H%"%&%H$5$l$?�(B
# �$BItJ,$rM-8z$K$7!"�(B"ppp0" �$B$H$"$kItJ,$r!"%$%s%?!<%M%C%H@\B3MQ$N%$%s%?%U%'!<%9$NL>A0$KCV$-49$($J$1$l$P�(B
# �$B$J$j$^$;$s�(B(�$B$?$H$($P!"�(Beth0 �$B$d�(B eth1 �$B$J$I$K!K!#�(B
# DHCP �$B$O3d$jEv$F$?�(B IP �$B%"%I%l%9$r?o;~JQ99$9$k$3$H$KCm0U$7$F$/$@$5$$!#$3$NJQ99$r@5$7$/H?1G$5$;$k$K$O�(B
# DHCP �$B%j!<%9$,99?7$5$l$k$?$S$K!"�(BDHCP �$B%/%i%$%"%s%H$r:FEY<B9T$7$F%U%!%$%"%&%*!<%k%k!<%k%;%C%H$rH?1G�(B
# �$B$5$;$J$1$l$P$J$j$^$;$s!#�(B
#
# �$BCm0U�(B 1 - �$B$$$/$D$+$N�(B DHCP �$B%/%i%$%"%s%H$O8E$$%P!<%8%g%s$N�(B "pump" �$B$G!J?7$7$$%P!<%8%g%s�(B
# �$B$G$OLdBjE@$O=$@5$5$l$F$$$^$9!K!"$=$l$O%j!<%999?78e$K%9%/%j%W%H$r<B9T$9$k$3$H$,�(B
# �$B$G$-$J$$$b$N$G$9!#$=$N>l9g$O!"�(B"dhcpcd" �$B$+�(B "dhclient" �$B$KCV$-49$($J$1$l$P�(B
# �$B$J$j$^$;$s!#�(B
#
# �$BCm0U�(B 2 - "dhcpcd" �$B$O:G6a$N%P!<%8%g%s$G$O!"%3%^%s%IJ8K!$,JQ$o$C$F$$$^$9!#�(B
#
# �$B5l%P!<%8%g%s$G$N;XDjJ}K!$O!"<!$N$h$&$J$b$N$G$7$?�(B -
# dhcpcd -c /etc/rc.d/rc.firewall eth0
#
# �$B?7$7$$%P!<%8%g%s$G$O<!$N$h$&$K;XDj$7$^$9�(B -
# dhcpcd eth0 /etc/rc.d/rc.firewall
#
#
# �$BCm0U�(B 3 - Pump �$B$r;H$&>l9g!"�(B/etc/pump.conf �$B%U%!%$%k$K<!$N5-=R$rDI2C$7$F$/$@$5$$!#�(B
#
# script /etc/rc.d/rc.firewall
#
# PPP �$B$rMxMQ$9$k>l9g�(B -
# ----------
# �$B$*5$$E$-$G$O$J$$$+$b$7$l$^$;$s$,!"�(BPPP �$B@\B3$,9T$o$l$k$?$S$K!"�(B/etc/ppp/ip-up �$B%9%/%j%W%H$,�(B
# �$B>o$KF0:n$7$^$9!#$3$N$3$H$rMxMQ$7$F!"?7$7$$�(B IP �$B%"%I%l%9$N<hF@$H6/8G$J%U%!%$%"%&%*!<%k!&%k!<%k�(B
# �$B%;%C%H$N:F@_Dj$r9T$$$^$9!#�(B
#
# �$B$b$7!"�(B/etc/ppp/ip-up �$B$,$9$G$KB8:_$7$F$$$k$J$i!"$=$l$rJT=8$7$F�(B"/etc/rc.d/rc.firewall"
# �$B$H$$$&5-=R$r:G8e$N$"$?$j$KDI2C$9$k$h$&$K$7$F$/$@$5$$!#�(B
#
# �$B$b$7!"�(B/etc/ppp/ip-up �$B%9%/%j%W%H$,B8:_$7$J$+$C$?$J$i!"�(B/etc/rc.d/rc.firewall �$B%9%/%j%W%H�(B
# �$B$r<B9T$9$k$?$a$N<!$N$h$&$J%j%s%/$r:n@.$9$kI,MW$,$"$j$^$9!#�(B
#
# ln -s /etc/rc.d/rc.firewall /etc/ppp/ip-up
#
# * �$BB3$$$F!"0J2<$N%3%a%s%H%"%&%H$5$l$?%7%'%k%3%^%s%I$rI,MW$K1~$8$FM-8z$K$7$F$/$@$5$$�(B *
#
# PPP �$B5Z$S�(B DHCP �$B$rMxMQ$9$k>l9g�(B -
# -------------------
# �$B<!$N9T$N�(B "#" �$B$r:o=|$7$F!"$=$N<!$N9T$N@hF,$K�(B "#" �$B$rF~$l$F$/$@$5$$!#�(B
#extip="`/sbin/ifconfig ppp0 | grep 'inet addr' | awk '{print $2}' | sed -e
's/.*://'`"
# �$B@EE*$J�(B IP �$B%"%I%l%9$G�(B PPP �$B$r;H$&>l9g�(B -
#
extip="your.static.PPP.address"
# PPP �$B$H�(B DHCP �$B$r;H$&>l9g$O!"I,$:$3$NItJ,$K@5$7$$30It%$%s%?%U%'!<%9$NL>A0$r;XDj$7$^$9�(B
extint="ppp0"
# �$BFbIt$N�(B IP �$B%"%I%l%9$N3d$jEv$F$r;XDj$7$^$9�(B
intint="eth0"
intnet="192.168.0.0/24"
# �$B%^%9%+%l!<%I$N%?%$%`%"%&%H�(B
#
# 2 �$B;~4V�(B= TCP �$B%;%C%7%g%s�(B
# 10 �$BIC!!�(B= TCP/IP �$B$N�(B "FIN" �$B%Q%1%C%H$,<u?.$5$l$?$"$H$N%H%i%U%#%C%/�(B
# 60 �$BIC!!�(B= UDP �$B%H%i%U%#%C%/�(B (�$B%^%9%+%l!<%I$5$l$?4D6-$G$N�(B ICQ �$BMxMQ<T$O�(B ICQ �$B<+BN$N@_Dj$NCf$G�(B
# 30�$BIC$N%U%!%$%"%&%*!<%k%?%$%`%"%&%H$r;XDj$7$J$1$l$P$J$j$^$;$s�(B)
#
#
ipchains -M -S 7200 10 60
#############################################################################
# �$BE~Ce%Q%1%C%H$K$D$$$F!"4{B8$N%k!<%k$rGK4~$7!"=i4|%]%j%7!<$r�(B
# �$B5q@d!ZLuCm�(B: reject�$B![$K@_Dj!#<B:]$O!"5q@d$7$F%m%0$K5-O?$9$k�(B
# �$B:G=*%k!<%k$rMQ0U$9$k$N$G!"$3$N%]%j%7!<$OF0:n$K$OL54X78$K$J$k!#�(B
# �$B!ZLuCm�(B: �$B%k!<%k$r�(B REJECT �$B$K$9$k$H!"%k!<%k$K9gCW$7$?%Q%1%C%H$rGK4~$7$F!"�(B
# "destination-unreachable" (�$BL\E*CO$KE~C#$7$J$$�(B) �$B$H$$$&�(B ICMP �$B%Q%1%C%H$r�(B
# �$BAj<jB&�(B (�$BAw?.85%"%I%l%9$N%^%7%s�(B) �$B$KH/?.$7$^$9!#�(B
# DENY �$B$K$9$k$H!"�(B"destination-unreachable" �$B%Q%1%C%H$b=P$5$:$K!"<u?.$7$?�(B
# �$B%Q%1%C%H$rC1$KGK4~$7$^$9!#�(B
#
ipchains -F input
ipchains -P input REJECT
# �$B%m!<%+%k%^%7%sB&$+$i%m!<%+%k%$%s%?%U%'!<%9$KF~$k%Q%1%C%H$O!"$I$3$K�(B
# �$B8~$+$&$b$N$bM-8z$H$9$k!#�(B
#
ipchains -A input -i $intint -s $intnet -d 0.0.0.0/0 -j ACCEPT
# �$B%j%b!<%H%$%s%?%U%'!<%9B&$+$iF~$C$FMh$k�(B IP �$B%9%W!<%U%#%s%0!ZLuCm�(B: IP �$B56Au![�(B
# �$B%Q%1%C%H$dLB;R%Q%1%C%H$O!"K\Mh$J$i%m!<%+%k%^%7%s$+$i$G$"$k$Y$-$b$N$J$N$G!"�(B
# �$B5q@d$9$k!#�(B
#
ipchains -A input -i $extint -s $intnet -d 0.0.0.0/0 -l -j REJECT
# �$B%j%b!<%H%$%s%?!<%U%'!<%9$KF~$C$FMh$k!"08@h%"%I%l%9$,�(B PPP �$B%"%I%l%9$N�(B
# �$B%Q%1%C%H$O!"$I$NH/?.85%"%I%l%9$+$i$N$b$N$bM-8z$H$9$k!#�(B
# �$B!ZLuCm�(B: �$B0J2<$N%3%^%s%I$NA0$K!"�(B
# ipchains -A input -i $extint -S 0/0 -d $extip/32 -p tcp -y -j DENY -l
# �$B$,$"$k$+!"0?$O0J2<$N%3%^%s%I$,�(B
# ipchains -A input -i $extint -S 0/0 -d $extip/32 -p tcp ! -y -j ACCEPT
# �$B$H$J$C$F$$$kJ}$,$h$j9%$^$7$$$H;W$$$^$9!#![�(B
#
ipchains -A input -i $extint -s 0.0.0.0/0 -d $extip/32 -j ACCEPT
# �$B%k!<%W%P%C%/%$%s%?%U%'!<%9$rM-8z$H$9$k�(B
#
ipchains -A input -i lo -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT
# �$B:G=*%k!<%k!#$=$NB>$NE~Ce%Q%1%C%H$O5q@d$5$l!"%m%0$K5-O?$5$l$k!#%]%j%7!<$K$O�(B
# �$B%m%05-O?$N$?$a$N%*%W%7%g%s$,$J$$$?$a!"$3$l$,$=$NLr3d$rBe$o$j$K2L$?$9$3$H$K�(B
# �$B$J$k!#�(B
#
ipchains -A input -s 0.0.0.0/0 -d 0.0.0.0/0 -l -j REJECT
#############################################################################
# �$BAw=P%Q%1%C%H$K$D$$$F!"4{B8$N%k!<%k$rGK4~$7!"=i4|%]%j%7!<$r�(B
# �$B5q@d!ZLuCm�(B: reject�$B![$K@_Dj!#<B:]$O!"5q@d$7$F%m%0$K5-O?$9$k:G=*%k!<%k$r�(B
# �$BMQ0U$9$k$N$G!"$3$N%]%j%7!<$OF0:n$K$OL54X78$K$J$k!#�(B
#
ipchains -F output
ipchains -P output REJECT
# �$B%m!<%+%k%$%s%?%U%'!<%9$+$i=PNO$5$l$k!"%m!<%+%k%M%C%H$X8~$+$&%Q%1%C%H$O�(B
# �$B$I$3$+$i$N$b$N$bM-8z$H$9$k!#�(B
#
ipchains -A output -i $intint -s 0.0.0.0/0 -d $intnet -j ACCEPT
# �$B%j%b!<%H%$%s%?%U%'!<%9>e$G%m!<%+%k%M%C%H$XAw=P$5$l$k%Q%1%C%H$O!"�(B
# �$B56Au%k!<%F%#%s%0$J$N$G!"5q@d$9$k!#�(B
#
ipchains -A output -i $extint -s 0.0.0.0/0 -d $intnet -l -j REJECT
# �$B%j%b!<%H%$%s%?%U%'!<%9>e$G%m!<%+%k%M%C%H$+$iAw=P$5$l$k%Q%1%C%H$O!"�(B
# �$B$"$jF@$J$$%^%9%+%l!<%G%#%s%0$J$N$G!"5q@d$9$k!#�(B
#
ipchains -A output -i $extint -s $intnet -d 0.0.0.0/0 -l -j REJECT
# �$B%j%b!<%H%$%s%?%U%'!<%9$+$i$N$=$l0J30$NAw=P%Q%1%C%H$OM-8z�(B
#
ipchains -A output -i $extint -s $extip/32 -d 0.0.0.0/0 -j ACCEPT
# �$B%k!<%W%P%C%/%$%s%?%U%'!<%9$rM-8z$H$9$k!#�(B
#
ipchains -A output -i lo -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT
# �$B:G=*%k!<%k!#$=$NB>$NAw=P%Q%1%C%H$O5q@d$5$l!"%m%0$K5-O?$5$l$k!#�(B
# �$B%]%j%7!<$K$O%m%05-O?$N$?$a$N%*%W%7%g%s$O$J$$$?$a!"$3$l$,$=$NLr3d$r�(B
# �$BBe$o$j$K2L$?$9$3$H$K$J$k!#�(B
#
ipchains -A output -s 0.0.0.0/0 -d 0.0.0.0/0 -l -j REJECT
#############################################################################
# �$BE>Aw%Q%1%C%H$K$D$$$F!"4{B8$N%k!<%k$rGK4~$7!"=i4|%]%j%7!<$r�(B
# �$BH]Dj!ZLuCm�(B: deny�$B![$K@_Dj!#<B:]$O!"H]Dj$7$F%m%0$K5-O?$9$k:G=*%k!<%k$r�(B
# �$BMQ0U$9$k$N$G!"$3$N%]%j%7!<$OF0:n$K$OL54X78$K$J$k!#�(B
#
ipchains -F forward
ipchains -P forward DENY
# �$B%m!<%+%k%$%s%?%U%'!<%9$G$N%m!<%+%k%M%C%H$+$i$=$NB>$N08@h$X$N%Q%1%C%H$r%^%9%+%l!<%I$9$k�(B
#
ipchains -A forward -i $extint -s $intnet -d 0.0.0.0/0 -j MASQ
#
# �$B:G=*%k!<%k!#$=$NB>$NE>Aw%Q%1%C%H$O5q@d$5$l!"%m%0$K5-O?$5$l$k!#�(B
# �$B%]%j%7!<$K$O%m%05-O?$N$?$a$N%*%W%7%g%s$O$J$$$?$a!"$3$l$,$=$NLr3d$r�(B
# �$BBe$o$j$K2L$?$9$3$H$K$J$k!#�(B
#
ipchains -A forward -s 0.0.0.0/0 -d 0.0.0.0/0 -l -j REJECT
# �$B%U%!%$%k$N=*$o$j�(B
</PRE>
<P>
<P>IPCHAINS �$B$G$O�(B "input", "output", "forward" �$B$N3F%k!<%k$K$*$$$F!"�(B
�$BFCDj$N%5%$%H$X$N%H%i%U%#%C%/$rAK;_$9$k$3$H$,$G$-$^$9!#�(B
�$B$3$N%k!<%k$O>e$+$i2<$X$H=g$KE,MQ$5$l$F$$$-!"�(B "-A"�$B%*%W%7%g%s$O�(B IPCHAINS �$B$K�(B
�$BBP$7$F?7$7$$%k!<%k$r4{B8$N%k!<%k72$KBP$7$F!VDI2C!W$9$k$b$N$@$H$$$&$3$H$K�(B
�$BCm0U$7$F$/$@$5$$!#�(B
�$B$3$l$KN10U$9$k$H!"A4BN$N%k!<%k$r;XDj$9$kA0$KB>$N8DJL$N@)8B$,I,MW$H�(B
�$B$J$C$F$-$^$9!#�(B
�$B$?$H$($P!"<!$N$h$&$J$b$N$G$9�(B -
<P>
<P>"input" �$B%k!<%k$r;H$&�(B -
<P>�$B!ZLuCm�(B: �$BA4$F$N%$%s%?!<%U%'!<%9$KE~Ce$9$k%Q%1%C%H$,DL2a$9$k%k!<%k$G$9!#�(B
�$B8DJL$N%$%s%?!<%U%'!<%9$N;XDj$O!"�(B -i �$B%*%W%7%g%s$KB3$1$F%$%s%?!<%U%'!<%9L>�(B
�$B$r;XDj$7$^$9!#![�(B
<P>�$B$3$l$O$*$=$i$/%H%i%U%#%C%/$r%V%m%C%/$9$k0Y$N!":G$b<j$C<h$jAa$/$F�(B
�$B8zN($NNI$$J}K!$G$9$,!"%^%9%+%l!<%I$5$l$?%^%7%s$KBP$7$F$N$_AK;_$G$-!"�(B
�$B%U%!%$%"%&%)!<%k%^%7%s<+?H$X$N%H%i%U%#%C%/$OAK;_$G$-$^$;$s!#�(B
�$B$b$A$m$s!"$3$NAH$_9g$o$;$r5v2D$7$?$$$H$$$&$3$H$b$"$k$G$7$g$&$,!#�(B
<P>
<P>�$B$5$F!"�(B 204.50.10.13 �$B$H$$$&%"%I%l%9$X$N%H%i%U%#%C%/$rAK;_$9$k>l9g�(B -
<P>
<P>/etc/rc.d/rc.firewall �$B%k!<%k%;%C%H$NCf$N�(B
<PRE>
... �$BF~NO�(B �$B%k!<%k$N$O$8$^$j�(B ...
# �$B%m!<%+%k%$%s%?%U%'!<%9B&$N�(B 204.50.10.13 �$B$H$$$&%^%7%s$X$N%Q%1%C%H$r5qH]$9$k�(B
#
ipchains -A input -s 192.168.0.0/24 -d 204.50.10.13/32 -l -j REJECT
#�$B!!%m!<%+%k%$%s%?%U%'!<%9B&$N$I$N%m!<%+%k%^%7%s$N$I$3$X8~$+$&%Q%1%C%H$bM-8z$H$9$k�(B
#
ipchains -A input -s 192.168.0.0/24 -d 0.0.0.0/0 -l -j ACCEPT
... �$BF~NO�(B �$B%k!<%k$N=*$o$j�(B ...
</PRE>
<P>"output" �$B%k!<%k$r;H$&�(B -
<P>�$B!ZLuCm�(B: �$BA4$F$N%$%s%?!<%U%'!<%9$+$iAw=P$5$l$k%Q%1%C%H$,DL2a$9$k%k!<%k$G$9!#�(B
�$B8DJL$N%$%s%?!<%U%'!<%9$N;XDj$O!"�(B -i �$B%*%W%7%g%s$KB3$1$F%$%s%?!<%U%'!<%9L>�(B
�$B$r;XDj$7$^$9!#![�(B
<P>
<P>�$B$3$l$O%H%i%U%#%C%/$r%V%m%C%/$9$k$K$OCY$$J}K!$G$9!#�(B
�$B2?8N$J$i$P!"%Q%1%C%H$OGK4~$5$l$k$h$j0JA0$K%^%9%+%l!<%I$rDL$i$J$1$l$P�(B
�$B$J$i$J$$$+$i$G$9!#�(B
�$B$7$+$7$J$,$i$3$N%k!<%k$G$b!"6X;_$7$F$$$k%5%$%H$+$i$N%U%!%$%"%&%)!<%k�(B
�$B%^%7%s$KBP$9$k%"%/%;%9$rAK;_$9$k$3$H$,$G$-$^$9!#�(B
<P>
<PRE>
... �$B=PNO%k!<%k$N;O$^$j�(B ...
# 204.50.10.13 �$B$K8~$1$i$l$?%Q%1%C%H$r5qH]$7$F%m%0$r:N<h$9$k�(B
#
ipchains -A output -s $ppp_ip/32 -d 204.50.10.13/32 -l -j REJECT
# �$B$=$NB>$N%j%b!<%H%$%s%?%U%'!<%9B&$X$NAw=P$OM-8z$K$9$k�(B
#
ipchains -A output -s $ppp_ip/32 -d 0.0.0.0/0 -l -j ACCEPT
... �$B=PNO%k!<%k$N=*$o$j�(B ...
</PRE>
<P>"forward" �$B%k!<%k$r;H$&�(B -
<P>�$B!ZLuCm�(B: �$BA4$F$N%$%s%?!<%U%'!<%9>e$GE>Aw$5$l$k%Q%1%C%H$,DL2a$9$k%k!<%k$G$9!#�(B
�$B8DJL$N%$%s%?!<%U%'!<%9$N;XDj$O!"�(B -i �$B%*%W%7%g%s$KB3$1$F%$%s%?!<%U%'!<%9L>�(B
�$B$r;XDj$7$^$9!#![�(B
<P>
<P>�$B$*$=$i$/!"%H%i%U%#%C%/$r%V%m%C%/$9$k$K$O�(B "input" �$B%k!<%k$h$j�(B
�$BCY$$J}K!$G$9$,!"%^%9%+%l!<%I$5$l$?%^%7%s�(B (�$BNc$($P%m!<%+%k%(%j%"�(B
�$B%M%C%H%o!<%/$N%^%7%s�(B) �$B$KBP$9$k%H%i%U%#%C%/$@$1$OAK;_$G$-$^$9!#�(B
�$B%U%!%$%"%&%)!<%k%^%7%s$O6X;_$7$?$$%5%$%H$+$iE~C#2DG=$N$^$^$G$9!#�(B
<P>
<P>
<PRE>
... �$BE>Aw%k!<%k$N3+;O�(B ...
# PPP �$B%$%s%?%U%'!<%9>e$G$N�(B 204.50.10.13 �$B$K8~$1$?%Q%1%C%H$r5qH]$7$F%m%0:N<h$9$k�(B
#
ipchains -A forward -i ppp0 -s 192.168.0.0/24 -d 204.50.10.13/32 -l -j REJECT
# �$B%m!<%+%k%$%s%?!<%U%'!<%9B&$N%m!<%+%k%M%C%H$+$i$N%^%9%+%l!<%I$r9T$&�(B
#
ipchains -A forward -i ppp0 -s 192.168.0.0/24 -d 0.0.0.0/0 -j MASQ
... �$BE>Aw%k!<%k$N=*$o$j�(B ...
</PRE>
<P>192.168.0.0/24 �$B$N%^%7%s$+$i�(B 204.50.11.0 �$B$K8~$1$F$N%"%/%;%9$r5v$9FCJL$J%k!<%k$OITMW$G$9!#�(B
�$B$J$<$J$i!"$=$l$i$OA4BNE*$J%^%9%+%l!<%G%#%s%0$N%k!<%k$K$h$C$F$^$+$J$o$l$F$$$k$+$i$G$9!#�(B
<P>�$BCm0U�(B - IPFWADM �$B$H0c$C$F!"�(BIPCHAINS �$B$O%$%s%?%U%'!<%9L>$r;XDj$9$kJ}K!$,�(B
�$B0l$D$7$+$"$j$^$;$s!#�(B
IPCHAINS �$B$O�(B "-i eth0" �$B$N$h$&$K;XDj$7$^$9$,!"�(B IPFWADM �$B$G$O�(B "-W"�$B$G�(B
�$B%$%s%?%U%'!<%9L>$r;XDj$7!"$^$?�(B "-V" �$B$G%$%s%?%U%'!<%9$N�(BIP�$B%"%I%l%9$r;XDj$7$^$9!#�(B
<P>
<P>
<A NAME="multiple-masqed-lans"></A> <P>
<H2><A NAME="ss6.6">6.6 �$BJ#?t$NFbIt%M%C%H%o!<%/$X$N�(B IP �$B%^%9%+%l!<%I�(B</A>
</H2>
<P>�$BJ#?t$NFbIt%M%C%H%o!<%/$r;}$D>l9g$N%^%9%+%l!<%I$O$+$J$jC1=c$G$9!#�(B
�$B$^$:3NG'$9$k$3$H$O!"A4$F$N�(B (�$BFbIt$H30ItN>J}$N�(B) �$B%M%C%H%o!<%/$,@5$7$/�(B
�$BF0:n$7$F$$$k$3$H$G$9!#�(B
�$B$=$l$+$i!"N>J}$NFbIt%$%s%?%U%'!<%9$K$D$$$F%$%s%?!<%M%C%H$HB>$N�(B
�$BFbIt%$%s%?%U%'!<%9$KBP$7$F%^%9%+%l!<%I$7$F%H%i%U%#%C%/$r5v2D$9$k$h$&$K�(B
�$B@_Dj$7$^$9!#�(B
<P>
<P>�$BB3$$$F!"FbIt%$%s%?%U%'!<%9$K$D$$$F!"%^%9%+%l!<%I$r5v2D$7$^$9!#�(B
�$B$3$NNc$G$O!"A4It$G#3$D$N%$%s%?%U%'!<%9$r;H$$$^$9�(B -
eth0 �$B$O%$%s%?!<%M%C%H$X$N@\B3$r9T$&30It%$%s%?%U%'!<%9!"�(B
eth1 �$B$O�(B 192.168.0.0 �$B$N%M%C%H%o!<%/!"$=$7$F�(B eth2 �$B$O�(B
192.168.1.0 �$B$N%M%C%H%o!<%/$G$9!#�(B
rc.firewall �$B%k!<%k%;%C%H$G$N!"4{B8$N%^%9%+%l!<%I$r5v2D$7$F$$$k9T$N�(B
�$B8e$K!"<!$N$h$&$JFbMF$rDI2C$7$^$9�(B -
<P>
<P>
<UL>
<LI>IPCHAINS �$B$,MxMQ2DG=$J�(B 2.2.x �$B7O%+!<%M%k$N>l9g�(B
<PRE>
# �$BFbIt$N%$%s%?%U%'!<%9$N4V$G$NAj8_$NDL?.$r5v2D$9$k�(B
/sbin/ipchains -A forward -i eth1 -d 192.168.0.0/24
/sbin/ipchains -A forward -i eth2 -d 192.168.1.0/24
# �$B%$%s%?!<%M%C%H$KBP$9$k%^%9%+%l!<%I$5$l$?DL?.$r5v2D$9$k�(B
/sbin/ipchains -A forward -j MASQ -i eth0 -s 192.168.0.0/24 -d 0.0.0.0/0
/sbin/ipchains -A forward -j MASQ -i eth0 -s 192.168.1.0/24 -d 0.0.0.0/0
</PRE>
<P>
</LI>
<LI>IPFWADM �$B$,MxMQ2DG=$J�(B 2.0.x �$B7O%+!<%M%k$N>l9g�(B
<PRE>
# �$BFbIt$N%$%s%?%U%'!<%9$N4V$G$NAj8_$NDL?.$r5v2D$9$k�(B
/sbin/ipfwadm -F -a accept -V 192.168.0.1 -D 192.168.1.0/24
/sbin/ipfwadm -F -a accept -V 192.168.1.1 -D 192.168.0.0/24
# �$B%$%s%?!<%M%C%H$KBP$9$k%^%9%+%l!<%I$5$l$?DL?.$r5v2D$9$k�(B
/sbin/ipfwadm -F -a masq -W eth0 -S 192.168.0.0/24 -D 0.0.0.0/0
/sbin/ipfwadm -F -a masq -W eth0 -S 192.168.1.0/24 -D 0.0.0.0/0
</PRE>
</LI>
</UL>
<P>eth0 �$B$,J#?t2s;XDj$5$l$k$N$O!">e$NNc$G$O4V0c$$$G$O$J$$$3$H$KCm0U$7$F$/$@$5$$!#�(BLinux �$B%+!<%M%k$O�(B
�$B$I$N%$%s%?%U%'!<%9$,Aw=P%H%i%U%#%C%/$KBP$7$F;H$o$l$k$N$+$rCN$kI,MW$,$"$k$+$i$G$9!#>e$NNc$G�(B eth0 �$B$O�(B
�$B%$%s%?!<%M%C%H$KBP$9$k@\B3$N$?$a$N$b$N$G!"$=$l$>$l$NFbIt%$%s%?%U%'!<%9$K$D$$$F;XDj$5$l$F$$$^$9!#�(B
<P>
<A NAME="Diald"></A> <P>
<H2><A NAME="ss6.7">6.7 �$B%*%s%G%^%s%I!&%@%$%"%k%"%C%W@\B3$G$N�(B IP �$B%^%9%+%l!<%I�(B</A>
</H2>
<P>
<P>
<OL>
<LI>�$B%$%s%?!<%M%C%H$KBP$9$k%@%$%"%k%"%C%W;~$K<+F0E*$K%M%C%H%o!<%/$N@_Dj$r9T$$$?$$$H;W$o$l$k$J$i!"�(B
<EM>Diald</EM> �$B%G%^%s%I!&%@%$%"%k%"%C%W!&%5!<%S%9%W%m%0%i%`$+!"?7$7$$%P!<%8%g%s$N�(B <EM>PPPd</EM>
�$B%Q%C%1!<%8$,Hs>o$KLrN)$D$G$7$g$&!#�(BDiald �$B$O$h$jeLL)$J@_Dj$,$G$-$k$N$G$*4+$a$G$9!#�(B
<P>
</LI>
<LI>Diald �$B$r@_Dj$9$k$K$O�(B
<A HREF="http://home.pacific.net.sg/~harish/diald.config.html">Setting Up Diald for Linux Page</A> �$B$d�(B
<A HREF="http://www.ecst.csuchico.edu/~dranch/LINUX/index-linux.html#TrinityOS">TrinityOS - Section 23</A> �$B$r;2>H$7$F$_$F$/$@$5$$!#�(B
<P>
</LI>
<LI>Diald �$B$H�(B IP �$B%^%9%+%l!<%I$,E,@Z$K@_Dj$5$l$l$P!"%^%9%+%l!<%I$5$l$?%^%7%s$+$i$N�(B Web �$B;2>H$d�(B
telnet, ftp �$B$H$$$C$?%;%C%7%g%s$,3+;O$5$l$?;~E@$G!"�(BLinux �$B%\%C%/%9$OF0E*$K%$%s%?!<%M%C%H$X$N@\B3$r�(B
�$B<B9T$9$k$h$&$K$J$j$^$9!#�(B
<P>
</LI>
<LI>�$B:G=i$N@\B3$O!"%?%$%`%"%&%H$,H/@8$9$k$G$7$g$&!#�(B
�$B$3$l$O%"%J%m%0%b%G%`$r;H$C$F$$$k>l9g!"Hr$1$i$l$J$$$3$H$G$9!#�(B
�$B%/%i%$%"%s%H$N%W%m%0%i%`�(B (Web �$B%V%i%&%6$J$I�(B) �$B$K$H$C$F$_$l$P!"�(B
PPP�$B@\B3$H%b%G%`$N%j%s%/$r3NN)$9$k$?$a$K;~4V$,<h$i$l$k$3$H$K$J$j$^$9!#�(B
�$B$7$+$7!"$3$l$O0lHLE*$J$3$H$G$O$"$j$^$;$s!#�(B
�$B$b$7!"$3$N$h$&$J;v$,5/$3$C$?$i!"�(B (Web �$B%Z!<%8$N;2>H$J$I$N�(B) �$B%$%s%?!<%M%C%H$K�(B
�$BBP$9$k%H%i%U%#%C%/%j%/%(%9%H$,:FEYH/@8$7$?$H$-$K:FEYF1$8;v$r7+$jJV$7$F�(B
�$B$&$^$/F0:n$9$k$G$7$g$&!#�(B
�$B$^$?!"%+!<%M%k%*%W%7%g%s$N�(B <EM>echo "1" > /proc/sys/net/ipv4/ip_dynaddr</EM>
�$B$N<B9T$O!"@\B3;~$N$3$N=i4|@_Dj$r;Y1g$9$k$?$a$N$b$N$G$9!#�(B
</LI>
</OL>
<P>
<P>
<A NAME="Forwarders"></A> <P>
<H2><A NAME="ss6.8">6.8 IPPORTFW, IPMASQADM, IPAUTOFW, REDIR, UDPRED, �$B5Z$S$=$NB>$N%]!<%HE>Aw%D!<%k�(B</A>
</H2>
<P>IPPORTFW, IPAUTOFW, REDIR, UDPRED �$BEy$N%W%m%0%i%`$O�(B Linux �$B$N�(B IP �$B%^%9%+%l!<%I�(B
�$B$G;HMQ$5$l$kHFMQE*$J�(B TCP �$B$H�(B UDP �$B%]!<%H$NE>Aw$N$?$a$K;H$o$l$k%D!<%k$G$9!#�(B
�$B$3$l$i$N%D!<%k$O0lHLE*$K�(B FTP �$B$d�(B Quake �$BMQ$K:n@.$5$l$?�(B IP �$B%^%9%+%l!<%IMQ$N�(B
�$B%b%8%e!<%k$NBe$o$j$K;H$&$3$H$,$G$-$^$9!#�(B
�$B$3$l$i%]!<%H%U%)%o!<%@$K$h$C$F!"%$%s%?!<%M%C%H$+$i�(B IP �$B%^%9%+%l!<%I%5!<%P$N�(B
�$B85$GF0:n$9$k%W%i%$%Y!<%H%"%I%l%9$KG[CV$5$l$?%^%7%s$K8~$+$C$FAw$i$l$k�(B
�$B%G!<%?@\B3$r%j%@%$%l%/%H$9$k$3$H$,$G$-$^$9!#�(B
�$BE>Aw5!G=$O!"�(B TELNET, WWW, SMTP, FTP (�$B8e=R$9$kFCJL$J%Q%C%A$,I,MW$G$9�(B), ICQ
�$B$d!"$=$NB>B?$/$N$b$N$r4^$s$G$$$^$9!#�(B
<P>
<P>�$BCm0U�(B - IP �$B%^%9%+%l!<%I$rH<$o$J$$C1=c$J%]!<%HE>Aw$r$*5a$a$G$b!"�(BLinux �$B$N�(B
IP �$BE>Aw%D!<%k$r;H$&$K$O!"%+!<%M%k$H�(B IPFWADM �$B$+�(B IPCHAINS �$B$$$:$l$+$K$h$k�(B
�$B%k!<%k%;%C%H$,�(B<B>�$BI,MW�(B</B>�$B$G$9!#�(B
<P>
<P>�$B$G$O$J$<0[$J$kA*Br$,4v$D$b$"$k$N$G$7$g$&$+�(B?
IPAUTOFW, REDIR �$B$=$l$K�(B UDPRED (�$B$3$l$i$X$N�(B URL �$B$O�(B
<A HREF="IP-Masquerade-HOWTO-2.html#2.0.x-Requirements">2.0.x �$B%+!<%M%k$NI,MW>r7o�(B</A>
�$B$N>O$K5-:\$7$F$"$j$^$9�(B) �$B$J$I$O!"�(BIP �$B%^%9%+%l!<%I$r;H$&%f!<%6$K$H$C$F!"�(B
�$B$3$l$i$N5!G=$rDs6!$9$k:G=i$N%D!<%kN`$G$7$?!#�(B
�$B$=$N8e!"�(B Linux �$B$N�(B IP �$B%^%9%+%l!<%I5!G=$,@.=O$9$k$K$D$l$F!"$3$l$i$N%D!<%k$O�(B
IPPORTFW �$B$H$$$&!"$b$C$H9bEY$J2r7hJ}K!$K$H$C$FBe$o$i$l$k$h$&$K$J$j$^$7$?!#�(B
�$B$h$j?7$7$$%D!<%k$NEP>l$K$h$C$F!"�(BIPAUTOFW �$B$d�(B REDIR �$B$H$$$&8E$$%D!<%k$N�(B
�$B%f!<%6$OBg$$$KMnC@$5$;$i$l$k$3$H$K$J$j$^$7$?!#�(B
�$B$H$$$&$N$b!"$3$l$i$N%D!<%k$O�(B Linux �$B%+!<%M%k$KBP$7$F!"<+?H$NB8:_$rE,@Z$K�(B
�$BDLCN$9$k$3$H$J$/F0$$$F$$$k$N$G!"Ii2Y$N$+$+$k$h$&$J>u67$G$O�(B Linux �$B%5!<%P$r�(B
�$B%/%i%C%7%e$5$;$F$7$^$&$h$&$J$3$H$9$i$"$C$?$+$i$G$9!#�(B
MFW �$B$H$$$&:G?7$NJ}K!$b$"$j$^$9!#�(B
MFW �$B$N:G$bBg$-$JMxE@$O!"�(BIPCHAINS �$B%D!<%k$H$N9b$$E}9g@-$G$9!#�(B
�$B$3$NJ}K!$G$O!"�(BIPCHAINS �$B%k!<%k%;%C%H$OFCDj$N%Q%1%C%H$KBP$7$F0u$rIU$1!"�(B
�$BE,@Z$JE>Aw$r9T$&$?$a$N%k!<%k$rDs6!$9$k$?$a$K;H$o$l$^$9!#�(B
�$B:#$N$H$3$m!"$3$l$K$D$$$F$O$3$N�(B HOWTO �$B$G$O=R$Y$F$$$^$;$s!#�(B
<P>
<P><B>�$BCm0U�(B #2 - 2.2.x �$B7O%+!<%M%k$K$*$1$k�(B PORTFW �$B$G$O!"�(B<EM>�$B%M%C%H%o!<%/FbIt$N�(B
�$B%^%7%s�(B</EM>�$B$+$i!"%$%s%?!<%M%C%H>e$K$"$k%M%C%H%o!<%/30It$N%^%7%s$KBP$9$k�(B
�$B%"%/%;%9$KF1$8%]!<%HE>Aw$5$l$?�(B IP �$B%"%I%l%9$r;H$&$3$H$,$G$-$^$9$,!"�(B
�$B%M%C%H%o!<%/FbIt$NB>$N%^%7%s$KBP$7$F$O;H$($^$;$s!#�(B
�$B$b$7!"$3$l$,$"$J$?$N>l9g$K3:Ev$9$k$J$i!"%M%C%H%o!<%/FbIt$N%5!<%P$X$N�(B
�$B%j%@%$%l%/%H$r9T$&$?$a$K�(B REDIR �$B%]!<%HE>Aw%D!<%k$r;n$7$F$_$F$/$@$5$$!#�(B
�$B8e$K=R$Y$k�(B
<A HREF="IP-Masquerade-HOWTO-2.html#NetFilter">NetFilter</A>
�$B%D!<%k%;%C%H$r;H$&$N$bNI$$9M$($@$H;W$$$^$9!#�(B
�$B$J$<FbIt�(B/�$B30It$NE>Aw$,F0$+$J$$$N$+$N5;=QE*@bL@$K$D$$$F$O!"�(B2.2.x �$B7O%+!<%M%k$N�(B
PORTFW �$B$K4X$9$k>O$N:G8e$K$"$k�(B Juan �$B$K$h$kCm<a$r$4Mw$/$@$5$$!#�(B</B>
<P>
<P>
<P>
<P>�$BCm0U�(B #3 - �$BFbIt$N%^%9%+%l!<%I$5$l$?�(B FTP �$B%5!<%P$KBP$9$k%H%i%U%#%C%/$N�(B
�$BE>Aw$O�(B <B>PORTFW FTP</B> �$B$H$7$FCN$i$l$F$$$^$9$,!"8=:_�(B 2.0.x �$B7O$H�(B
2.2.x �$B7O$N$$$:$l$N%+!<%M%k$G$bDs6!$5$l$k$h$&$K$J$j$^$7$?!#�(B
�$B8=>u$G$O<gN.$N�(B Linux �$B%+!<%M%k$G$O%5%]!<%H$5$l$F$$$^$;$s$,!"%+!<%M%k�(B
�$B$K%Q%C%A$rE,MQ$9$k$+!"30It�(B FTP �$B%W%m%-%7%5!<%P$K$h$C$F2DG=$H$J$j$^$9!#�(B
�$B%+!<%M%k%b%8%e!<%k%3!<%I$O$^$@<B83Cf$G!"�(BPASSIVE �$B@\B3$h$j$O�(B ACTIVE FTP
�$B%;%C%7%g%s$K$h$k@\B3$N$[$&$,NI9%$J7k2L$H$J$k>l9g$b$"$k$h$&$G$9!#�(B
�$B6=L#?<$$$3$H$K!"5U$N?6$kIq$$$GF0$/%1!<%9$b$"$k$h$&$G$9!#�(B
�$B$"$J$?$N>l9g$N7k2L$,$I$&$@$C$?$+;d$?$A$K65$($F$/$@$5$$!#�(B
�$B$3$N7o$K$D$$$F!"0J9_$N�(B2.0.x �$B7O�(B �$B5Z$S�(B 2.2.x �$B7O$=$l$>$l$N>O$KJL$J�(B
�$B%Q%C%A$rMQ$$$?2r7hJ}K!$,>\:Y$K=R$Y$i$l$F$$$^$9!#�(B
<P>
<P>
<P>2.0.x �$B7O%+!<%M%k$N�(B IPPORTFW �$B$G$b!"�(B 2.2.x �$B7O%+!<%M%k$N�(B IPPORTFW �$B%5%]!<%H$N�(B
�$B$"$k�(B IPMASQADM �$B$r;H$&>l9g$G$b!"%M%C%H%o!<%/%;%-%e%j%F%#$K4X$9$k9MN8$O�(B
�$B$=$l$i$N%]!<%H%U%)%o!<%@AH$_9~$_$NA0$KI,MW$G$9!#�(B
�$B$J$<$J$i!"$3$l$i$N%D!<%k$O4pK\E*$K$OE>Aw$5$l$?�(B TCP/UDP �$B%]!<%H$K$D$$$F!"�(B
�$B%U%!%$%"%&%)!<%k>e$K%;%-%e%j%F%#>e$N7j$r:n$k$?$a$N$b$N$@$+$i$G$9!#�(B
�$B$3$l$O!"$"$J$?$N�(B Linux �$B%^%7%s!ZLuCm�(B: �$B%U%!%$%"%&%*!<%k<+?H![$KBP$7$F�(B
�$BHo32$r5Z$\$9$3$H$O$"$j$^$;$s$,!"%H%i%U%#%C%/$,E>Aw$5$l$k@h$NFbIt%^%7%s$K�(B
�$BBP$7$F1F6A$r$*$h$\$7$^$9!#�(B
�$B$H$O$$$(!"$=$s$J$K?4G[$7$J$$$G$/$@$5$$!#�(B
�$B$3$l$O�(B Steven Clarke (IPPORTFW �$B$N:n<T�(B) �$B$,Cm0U$rB%$9$?$a$K=R$Y$J$1$l$P�(B
�$B$J$i$J$+$C$?!"0J2<$N$h$&$J>l9g$G$9�(B -
<P>
<P>
<P>
<BLOCKQUOTE><CODE>
<PRE>
�$B!V%]!<%HE>Aw$O!"�(BIPFWADM �$B$d�(B IPCHAINS �$B%k!<%k$NFbIt$+$i$N$_8F$S=P$5$l$k$h$&$K:n$i$l$F$*$j!"�(B
IP �$B%^%9%+%l!<%I$O!"�(BIP �$B%U%)%o!<%G%#%s%0$N0l<o$N3HD%$H8+$J$5$l$k!#�(B
�$B$7$+$7$J$,$i!"�(B IPPORTFW �$B$O�(B IPFWADM �$B%k!<%k%;%C%H$NE~Ce5Z$SAw=P%^%9%+%l!<%I%k!<%k$KE,9g$9$k�(B
�$B%Q%1%C%H$@$1$K$D$$$F!"<h$j07$&$h$&$K$J$C$F$$$k!#!W�(B
</PRE>
</CODE></BLOCKQUOTE>
<P>�$B$3$3$G=R$Y$F$$$k$N$O!"6/8G$J%U%!%$%"%&%*!<%k%k!<%k%;%C%H$NI,MW@-$J$N$G$9!#�(B
�$B6/8G$J%k!<%k%;%C%H$K$D$$$F$O�(B
<A HREF="#Strong-IPFWADM-Rulesets">�$B6/$$�(B IPFWADM �$B$N%k!<%k%;%C%H�(B</A>
�$B$H�(B
<A HREF="#Strong-IPCHAINS-Rulesets">�$B6/$$�(B IPCHAINS �$B$N%k!<%k%;%C%H�(B</A>
�$B$r;2>H$7$F$_$F$/$@$5$$!#�(B
<P>
<P>�$B$G$9$+$i!"�(B IPPORTFW �$B$K$h$kE>Aw%5%]!<%H$r�(B 2.2.x �$B$^$?$O�(B 2.0.x �$B7O$N�(B
�$B%+!<%M%k$K%$%s%9%H!<%k$9$k$?$a$K$O!"�(BIPPORTFW �$B$rMxMQ$G$-$k$h$&$K�(B
Linux �$B%+!<%M%k$r:F%3%s%Q%$%k$7$J$1$l$P$J$j$^$;$s!#�(B
<P>
<UL>
<LI>2.2.x �$B7O%+!<%M%k$r$*;H$$$NJ}$O!"$9$G$K�(B IPPORTFW �$B%+!<%M%k%*%W%7%g%s$r!"�(B
IPMASQADM�$B$rDL$8$F;H$&$?$a$N<j=g$G;XDj$7$F$$$k$O$:$G$9!#�(B
</LI>
<LI>2.0.x �$B7O%+!<%M%k$r$*;H$$$NJ}$O!"C1=c$J%+!<%M%k%*%W%7%g%s$N%Q%C%A$rE,MQ$9$kI,MW$,$"$j$^$9!#�(B</LI>
</UL>
<P>
<P>
<H3>2.2.x �$B7O%+!<%M%k$G$N!"�(BIPPORTFW �$B%5%]!<%H$D$-�(B IPMASQADM</H3>
<P>�$B$^$::G=i$K!":G?7$N�(B 2.2.x �$B%+!<%M%k!ZLuCm�(B: �$BK]Lu;~E@$G$O�(B 2.2.19 �$B$G$7$?![$r�(B
/usr/src/linux�$B%G%#%l%/%H%j$KE83+$7$^$9!#�(B
�$B$^$@$3$N<j=g$r$d$C$F$$$J$$J}$O!"�(B
<A HREF="IP-Masquerade-HOWTO-3.html#Kernel-Compile">�$B%+!<%M%k$N%3%s%Q%$%k�(B</A>
�$B$N>O$N>\:Y$r;2>H$7$F$/$@$5$$!#�(B
�$BB3$$$F!"�(B"ipmasqadm.c" �$B%W%m%0%i%`$r�(B
<A HREF="IP-Masquerade-HOWTO-2.html#2.2.x-Requirements">2.2.x �$B%+!<%M%k$NI,MW>r7o�(B</A>
�$B$K=R$Y$F$$$kJ}K!$G%@%&%s%m!<%I$7$FF~<j$7!"�(B /usr/src/ �$B%G%#%l%/%H%j$KCV$-$^$9!#�(B
<P>
<P>�$B0z$-B3$$$F!"�(B 2.2.x �$B7O%+!<%M%k$r�(B
<A HREF="IP-Masquerade-HOWTO-3.html#Kernel-Compile">�$B%+!<%M%k$N%3%s%Q%$%k�(B</A>
�$B$N>O$K<($5$l$F$$$k$h$&$K%3%s%Q%$%k$7$^$9!#�(B
�$B%+!<%M%k$N%*%W%7%g%s$r@_Dj$9$k:]$K!"�(BIPPORTFW �$B%*%W%7%g%s$K$O�(B YES �$B$r�(B
�$B;XDj$7$F$/$@$5$$!#�(B
�$B%+!<%M%k$,%3%s%Q%$%k$G$-!":F5/F0$r3NG'$7$?$i!":F$S$3$N>O$K�(B
�$BLa$C$F@bL@$NB3$-$rFI$s$G$/$@$5$$!#�(B
<P>
<P>�$B$G$O!"�(B IPMASQADM �$B%D!<%k$N%3%s%Q%$%k$H%$%s%9%H!<%k$r9T$$$^$9�(B -
<P>
<P>
<BLOCKQUOTE><CODE>
<PRE>
cd /usr/src
tar xzvf ipmasqadm-x.tgz
cd ipmasqadm-x
make
make install
</PRE>
</CODE></BLOCKQUOTE>
<P>
<P>�$B$5$F!"Nc$H$7$F$3$3$G!"$"$J$?$N%$%s%?!<%M%C%H>e$N�(B TCP/IP �$B%"%I%l%9$KBP$9$k�(B
�$BA4$F$N�(B WWW �$B%$%s%?!<%M%C%H%H%i%U%#%C%/�(B (�$B%]!<%H�(B80) �$B$r!"FbIt$N%^%9%+%l!<%I$5$l$?�(B
�$B%^%7%s$N�(B IP �$B%"%I%l%9!"�(B 192.168.0.10 �$B$K8~$1$k>l9g$r<h$j>e$2$^$9!#�(B
<P>
<P>PORTFW FTP - �$B$3$l$K$D$$$F$O@h$K@bL@$7$?$h$&$K!"�(B FTP �$B%5!<%P$KBP$9$k�(B
�$B%M%C%H%o!<%/FbIt$N%^%9%+%l!<%I$5$l$?%^%7%s$X$NE>Aw$O�(B 2�$B$D$NJ}K!$,$"$j$^$9!#�(B
�$B:G=i$NJ}K!$O$^$@%Y!<%?%l%Y%k$G$9$,!"FbIt$K$"$k%^%9%+%l!<%I$5$l$?�(B
FTP �$B%5!<%P$X!"�(B FTP �$B@\B3$r%]!<%HE>Aw$9$k�(B 2.2.x �$B%+!<%M%kMQ$N�(B
<EM>IP_MASQ_FTP</EM> �$B%b%8%e!<%k$r;H$&$3$H$G$9!#�(B
�$B$b$&0l$D$NJ}K!$O!"�(B FTP �$B%W%m%-%7%W%m%0%i%`�(B (
<A HREF="IP-Masquerade-HOWTO-2.html#2.2.x-Requirements">2.2.x �$B%+!<%M%k$NI,MW>r7o�(B</A>
�$B$N>O$K�(B URL �$B$r5-:\$7$F$"$j$^$9�(B) �$B$G$9!#�(B
FTP �$B%+!<%M%k%b%8%e!<%k$K$D$$$F$O!"�(B IP_MASQ_FTP �$B%b%8%e!<%k$r%"%s%m!<%I$7$?$j�(B
�$B:F%m!<%I$9$k$3$H$J$7$K!"�(B PORTFW �$B$N�(B FTP �$B%]!<%H$rF0E*$KDI2C$9$k$3$H$,�(B
�$B$G$-$^$9$,!"$3$l$O$=$N;~E@$GB8:_$7$F$$$kB>$N�(B FTP �$BE>Aw$rL58z$K$7$F$7$^$$$^$9!#�(B
�$B$3$N?7$7$$%3!<%I$N>\:Y$K$D$$$F$O!"�(B IP �$B%^%9%+%l!<%I$N�(B web �$B%5%$%H�(B
<A HREF="http://ipmasq.cjb.net/">http://ipmasq.cjb.net/</A> �$B$r$4Mw$/$@$5$$!#�(B
�$B$^$?!"�(B 2.0.x �$B7O%+!<%M%k$N>O$K!"%]!<%HE>Aw$5$l$?�(B FTP �$B@\B3$K4X$9$kNc$H�(B
�$B<c43$N>pJs$,$"$j$^$9!#�(B
<P>
<P><B>�$BCm0U�(B - </B>�$B%]!<%HE>Aw$r%]!<%H�(B 80 �$B$GM-8z$K$7$?$J$i!"$=$l0J9_$O�(B
IP �$B%^%9%+%l!<%I%5!<%P$G$=$N%]!<%H$r;H$&$3$H$O$G$-$J$/$J$j$^$9!#�(B
�$B$D$^$j!"%^%9%+%l!<%I%5!<%P>e$G$9$G$K�(B Web �$B%5!<%P$rF0$+$7$F$$$?>l9g$O!"�(B
�$B%]!<%HE>Aw$K$h$C$F!"$9$Y$F$N%$%s%?!<%M%C%H$+$i$N�(B Web �$B%"%/%;%9$O�(B
IP �$B%^%9%+%l!<%I%5!<%P$N%Z!<%8$G$O$J$/!"FbIt$N�(B Web �$B%5!<%P$KBP$7$F�(B
�$B?6$j8~$1$i$l$F$7$^$&$N$G$9!#�(B
<P>
<P>
<P>�$B$$$:$l$K$;$h!"%]!<%HE>Aw$rM-8z$K$9$k$K$O!"�(B /etc/rc.d/rc.firewall �$B$N%k!<%k%;%C%H$r=q$-49$($J$1$l$P�(B
�$B$$$1$^$;$s!#0J2<$N$h$&$J9T$rDI2C$7$^$9$,!"�(B"$extip" �$B$NItJ,$O$"$J$?$N%$%s%?!<%M%C%H$K8x3+$9$k�(B IP �$B%"%I%l%9�(B
�$B$r;XDj$9$k$h$&$K=q$-49$($F$/$@$5$$!#�(B
<P><B>�$BCm0U�(B - </B>�$B$b$7!"�(BPPP, ADSL, �$B%1!<%V%k%b%G%`$J$I$K$h$j�(B ISP �$B$+$i�(B
�$BF0E*$J�(B TCP/IP �$B%"%I%l%9$r3d$jEv$F$i$l$F$$$k>l9g$O!"�(B /etc/rc.d/rc.firewall
�$B%k!<%k%;%C%H$r$b$C$H%$%s%F%j%8%'%s%H$K:n@.$9$kI,MW$,$"$j$^$9!#�(B
�$B$=$N$?$a$N>pJs$O!"A0=P$N�(B
<A HREF="#Strong-IPCHAINS-Rulesets">�$B6/$$�(B IPCHAINS �$B$N%k!<%k%;%C%H�(B</A>
�$B$N>O$+�(B
<A HREF="http://www.ecst.csuchico.edu/~dranch/LINUX/index-linux.html#TrinityOS">TrinityOS - Section 10</A> �$B$K6/8G$J%k!<%k%;%C%H$rF0E*$J�(B IP �$B%"%I%l%94D6-$G�(B
�$B:n@.$9$k>\:Y$,=R$Y$i$l$F$$$^$9!#�(B
�$B$3$3$G$O%R%s%H$@$1�(B - PPP�$B$N�(B �$B>l9g$O!!�(B/etc/PPP/ip-up �$B$G$9!#�(B
<P>
<P>
<BLOCKQUOTE><CODE>
<PRE>
/etc/rc.d/rc.firewall
--
#echo "IPPORTFW �$B$K$h$k%j%@%$%l%/%7%g%s$r30It�(B LAN �$B$KE,MQ�(B.."
#
/usr/sbin/ipmasqadm portfw -f
/usr/sbin/ipmasqadm portfw -a -P tcp -L $extip 80 -R 192.168.0.10 80
--
</PRE>
</CODE></BLOCKQUOTE>
<P>
<P>�$B$3$l$@$1$G$9!*�(B /etc/rc.d/rc.firewall �$B%k!<%k%;%C%H$r:FEY<B9T$7$F%F%9%H$7$F$_$F$/$@$5$$!#�(B
<P>�$B$b$7!"�(B"ipchains: setsockopt failed: Protocol not available" �$B$H$$$&�(B
�$B%(%i!<%a%C%;!<%8$r<u$1<h$C$F$7$^$C$?$i!"$"$J$?$O$^$@?7$7$$%+!<%M%k$r�(B
�$BF0:n$G$-$F$$$^$;$s!#�(B
�$B?7$7$$%+!<%M%k$r@5$7$/AH$_9~$s$@$3$H$r3NG'$7!"�(B LILO �$B$r:FEY<B9T$7!"�(B
�$B:F5/F0$7$F$_$F$/$@$5$$!#�(B
�$B$b$7!"?7$7$$%+!<%M%k$,F0$$$F$$$k$N$,3N<B$J$i$P!"�(B "ls /proc/net/ip_masq"
�$B%3%^%s%I$r<B9T$7$F!"�(B "portfw" �$B%U%!%$%k$,B8:_$7$F$$$k$+3NG'$7$F$/$@$5$$!#�(B
�$B$3$l$,L5$$$J$i!"%+!<%M%k$N9=C[$G$J$K$+%(%i!<$,=P$F$$$k$O$:$G$9$N$G!"�(B
�$B$=$3$+$i$b$&0lEY$d$jD>$7$F$/$@$5$$!#�(B
<P>
<P>
<P>�$B$J$<�(B PORTFW �$B$,30It$HFbIt$N%$%s%?%U%'!<%9$NAPJ}$G%H%i%U%#%C%/$r%j%@%$%l%/%H�(B
�$B$G$-$J$$$N$+M}2r$7$?$$J}$N$?$a$K!"�(B Juanjo �$B!ZLuCm�(B: IP_MASQ_FTP �$B%b%8%e!<%k$N�(B
�$B:n<T![$+$i$N%a!<%k$r$3$3$G$*8+$;$7$^$9!#�(B
�$BH`$O$b$C$H$&$^$/@bL@$7$F$/$l$F$$$^$9�(B -
<P>
<HR>
<PRE>
From Juanjo Ciarlante
--
>�$B<!$N$h$&$J>l9g�(B -
>
>ipmasqadm portfw -a -P tcp -L 1.2.3.4 80 -R 192.168.2.3 80
>
>�$B30It$+$i$N@\B3$OLdBj$J$/F0$/$1$l$I!"FbIt$+$iF1$8�(B 1.2.3.4 �$B$KBP$9$k�(B
>�$B@\B3MW5a$O<:GT$7$^$9!#�(B
>�$B%m!<%+%k%M%C%H$N�(B 192.168.2.0 �$B$+$i�(B www.periapt.com �$B$X$N%"%/%;%9$r!"�(B
>�$B%W%m%-%7$J$7$G5v2D$9$k$h$&$J%A%'%$%s$rMQ0U$9$k$3$H$O$G$-$^$9$+�(B?
�$B<B:]$N$H$3$m$G$-$J$$$M!#�(B
�$BBg35!"KM$O�(B ipmasqadm �$B%k!<%k$r30It$N0Y$K@_Dj$7!"�(B*�$B$=$7$F�(B*
�$B%]!<%H%j%@%$%l%/%?$rFbIt$N$?$a$K@_Dj$7$F$$$k$s$@!#�(B
�$B%j%@%$%l%/%7%g%s$NA0$K�(B ipmasqadm �$B$N%U%C%/$,$"$k$+$i!"$3$N%U%C%/$O30It�(B
�$B$+$i$N@\B3$NH/@8$rB*$($k!#�(B
_�$B$@$1$I�(B_ �$B$=$&$G$J$$>l9g$O!"2?$b$7$J$$$GAGDL$7$7$F$7$^$&�(B(�$B$D$^$j!"E,Ev$J�(B
�$B%k!<%k$NE,MQ$,9T$o$l$k�(B)�$B!#�(B
�$B<B:]!"�(B"�$B35G0E*$J�(B"�$BLdBj$O!"??$N%/%i%$%"%s%H�(B (�$B%T%"�(B) �$B$N�(B IP �$B%Q%1%C%H$N�(B
�$BE~C#@h$,!"�(B (�$B$"$j$,$?$$$3$H$K%^%9%+%l!<%I$K$h$C$F�(B) �$BL\E*$N%5!<%P$H$7$F�(B
�$BF1$8%M%C%H%o!<%/$KB8:_$7$F$$$k$3$H$K5/0x$9$k!#�(B
�$B<:GT$9$k�(B"�$B%m!<%+%k$J%^%9%+%l!<%I�(B"�$B$H$$$&$N$O<!$N$h$&$J>l9g�(B -
�$B%/%i%$%"%s%H�(B: 192.168.2.100
�$B%^%9%+%l!<%I�(B: 192.168.2.1
�$B%5!<%P�(B: 192.168.2.10
1)�$B%/%i%$%"%s%H$+$i%5!<%P$X$N%Q%1%C%H�(B
a) �$B%/%i%$%"%s%H�(B: 192.168.2.100:1025 -> 192.168.2.1:80 [SYN]
b) (�$B%^%9%+%l!<%I�(B): 192.168.2.100:1025 -> 192.168.2.10:80 [SYN]
(�$B$=$7$F!"�(B 192.168.2.1:61000 �$B$H�(B 192.168.2.100:1025 �$B$,�(B
�$B4XO"$E$1$i$l$F5-21$5$l$k�(B)
c) �$B%5!<%P�(B: �$B%^%9%+%l!<%I$5$l$?%Q%1%C%H$r<u$1$k�(B (1b)
2)�$B%5!<%P$+$i%/%i%$%"%s%H$X$N%Q%1%C%H�(B
a) �$B%5!<%P�(B: 192.168.2.10:80 -> 192.168.2.100:1025 [SYN,ACK]
b) �$B%/%i%$%"%s%H�(B: 192.168.2.100:1025 -> 192.168.2.10:80 [RST]
�$B$5$"!"�(B (1a) �$B$H�(B (2a) �$B$rHf$Y$F$4$i$s!#�(B
�$B8+$F$NDL$j!"F1$8%M%C%H%o!<%/$KB8:_$9$k$b$NF1;N$@$H!"%5!<%P$O�(B
�$B%^%9%+%l!<%I$rDL$i$:$KD>@\%/%i%$%"%s%H$K8~$1$F1~Ez$9$k$s$@!#�(B
(�$B%5!<%P$,%^%9%+%l!<%I$K%Q%1%C%HA`:n$r85$KLa$5$;$k$h$&$J$3$H$O$7$J$$�(B)
�$B$@$+$i!"%/%i%$%"%s%H$O@\B3$r%j%;%C%H$7$F$7$^$&!#�(B
�$B$3$l$,Lr$KN)$D$H$&$l$7$$$h!#�(B
�$B$h$m$7$/�(B
Juanjo
</PRE>
<HR>
<P>
<H3>2.0.x �$B7O%+!<%M%k$G$N�(B IPPORTFW</H3>
<P>
<P>�$B:G=i$K!"�(B/usr/src/linux �$B%G%#%l%/%H%j$K:G?7$N�(B 2.0.x �$B7O%+!<%M%k$,$"$k$3$H$r�(B
�$B3NG'$7$F$/$@$5$$!#�(B
�$B$^$@$@$C$?>l9g$N>\:Y$K$D$$$F$O!"�(B
<A HREF="IP-Masquerade-HOWTO-3.html#Kernel-Compile">�$B%+!<%M%k$N%3%s%Q%$%k�(B</A>
�$B$N>O$r;2>H$7$F$/$@$5$$!#�(B
�$BB3$$$F!"�(B "ipportfw.c" �$B%W%m%0%i%`$H�(B "subs-patch-x.gz" �$B%+!<%M%k%Q%C%A$r�(B
<A HREF="IP-Masquerade-HOWTO-2.html#2.0.x-Requirements">2.0.x �$B%+!<%M%k$NI,MW>r7o�(B</A>
�$B$N>O$r;2>H$7$FF~<j$7!"�(B /usr/src/ �$B%G%#%l%/%H%j$K�(B
�$BCV$-$^$9!#�(B
<P>
<P>�$BCm0U�(B - "subs-patch-x.gz" �$B$N�(B "x" �$B$O%5%$%H$GF~<j$G$-$k:G?7$N%P!<%8%g%sHV9f$K�(B
�$BFI$_BX$($F$/$@$5$$!#�(B
<P>
<P>�$B<!$K!"FbIt%5!<%P$X$N�(B FTP �$B%H%i%U%#%C%/$N%]!<%HE>Aw$r9M$($F$$$k$J$i!"�(B
<A HREF="IP-Masquerade-HOWTO-2.html#2.0.x-Requirements">2.0.x �$B%+!<%M%k$NI,MW>r7o�(B</A>
�$B$N>O$K$"$k!"�(B<B>�$B?7$7$$�(B</B>
<EM>IP_MASQ_FTP</EM> �$B%b%8%e!<%k$N%Q%C%A$rF~<j$7$F$/$@$5$$!#�(B
�$B$3$l$O�(B2.2.x �$B7O%+!<%M%k$H$O0c$&%Q%C%A$G!"F0E*$K�(B FTP �$B%]!<%H$r3d$jEv$F$k�(B
�$B5!G=$J$I$ODs6!$5$l$F$$$J$$$3$H$K$4Cm0U$/$@$5$$!#�(B
<P>
<P>
<P>
<P>�$B$=$l$+$i!"�(BIPPORTFW �$B%Q%C%A�(B(subs-patch-x.gz)�$B$r�(B Linux �$B%G%#%l%/%H%j$K%3%T!<$7$^$9!#�(B
<BLOCKQUOTE><CODE>
<PRE>
cp /usr/src/subs-patch-1.37.gz /usr/src/linux
</PRE>
</CODE></BLOCKQUOTE>
<P>�$B$D$E$$$F!"�(BIPPORTFW �$B%+!<%M%k%*%W%7%g%s$r:n$k$?$a$K%Q%C%A$rE,MQ$7$^$9!#�(B
<BLOCKQUOTE><CODE>
<PRE>
cd /usr/src/linux
zcat subs-patch-1.3x.gz | patch -p1
</PRE>
</CODE></BLOCKQUOTE>
<P>
<P>
<P>�$B$h$m$7$$!#�(B
<A HREF="IP-Masquerade-HOWTO-3.html#Kernel-Compile">�$B%+!<%M%k$N%3%s%Q%$%k�(B</A>
�$B$N>O$K<($5$l$F$$$k$h$&$K!"%+!<%M%k$r%3%s%Q%$%k$7$^$7$g$&!#�(B
�$B%+!<%M%k$N9=@.;~$KM-8z$K$J$C$?�(B IPPORTFW �$B%*%W%7%g%s$r$3$3$G$O�(B YES �$B$K�(B
�$B@_Dj$7$F$/$@$5$$!#�(B
�$B%3%s%Q%$%k$,40N;$7!":F5/F0$7$?$J$i!"$3$N>O$N@bL@$rB3$1$^$9!#�(B
<P>
<P>�$B?7$7$/%3%s%Q%$%k$5$l$?%+!<%M%k$r;H$C$F!"<B:]$N�(B"IPPORTFW" �$B%W%m%0%i%`$r%$%s%9%H!<%k$7$^$9!#�(B
<BLOCKQUOTE><CODE>
<PRE>
cd /usr/src
gcc ipportfw.c -o ipportfw
mv ipportfw /usr/local/sbin
</PRE>
</CODE></BLOCKQUOTE>
<P>
<P>
<P>�$B$5$F!"$3$NNc$G$O$"$J$?$N%$%s%?!<%M%C%H>e$N�(B TCP/IP �$B%"%I%l%9$KBP$9$k�(B
�$BA4$F$N�(B WWW �$B%$%s%?!<%M%C%H%H%i%U%#%C%/�(B (�$B%]!<%H�(B80) �$B$rFbIt$N%^%9%+%l!<%I$5$l$?�(B
�$B%^%7%s$N�(B IP �$B%"%I%l%9!"�(B 192.168.0.10 �$B$K8~$1$k>l9g$r<h$j>e$2$^$9!#�(B
<P>
<P>
<P><B>�$BCm0U�(B - </B> �$B%]!<%H�(B 80 �$B$G%]!<%HE>Aw$rM-8z$K$9$k$H!"�(B Linux IP
�$B%^%9%+%l!<%I%5!<%P$+$i$O$=$N%]!<%H$O;H$($J$/$J$j$^$9!#�(B
�$B$D$^$j!"$b$7M=$a%^%9%+%l!<%I%5!<%P>e$G�(B WWW �$B%5!<%P$,F0:n$7$F$$$?$H$7$F!"�(B
�$B$=$N%5!<%P$GFbIt$N%^%9%+%l!<%I$5$l$?%3%s%T%e!<%?$X$N%]!<%H�(B 80 �$B$G$NE>Aw$r�(B
�$B9T$C$?$J$i$P!"A4$F$N%$%s%?!<%M%C%H>e$N%f!<%6$O%^%9%+%l!<%I%5!<%P>e$N�(B
�$B%Z!<%8$G$O$J$/!"�(B-�$BFbIt$N�(B- WWW �$B%5!<%P>e$N%Z!<%8$r8+$k$3$H$K$J$j$^$9!#�(B
�$B$3$l$r2sHr$9$k$?$a$NM#0l$NJ}K!$O!"$?$H$($P�(B 8080 �$B$N$h$&$JJL$J%]!<%H$G�(B
�$BE>Aw$r$+$1$k$3$H$G$9!#�(B
�$B$3$l$GF0:n$O$G$-$^$9$,!"FbIt$N%^%9%+%l!<%I$5$l$?�(B WWW �$B%5!<%P$KBP$9$k�(B
�$B%"%/%;%9$KBP$7$F!"A4$F$N%$%s%?!<%M%C%H>e$N%f!<%6$O�(B <EM>:8080</EM>
�$B$H$$$&J8;z$r�(B URL �$B$KDI2C$7$J$1$l$P$J$j$^$;$s!#�(B
<P>
<P>�$B$$$:$l$K$;$h!"%]!<%HE>Aw$rM-8z$K$9$k$K$O!"�(B<EM>/etc/rc.d/rc.firewall</EM> �$B%k!<%k%;%C%H$r�(B
�$BJT=8$7$J$1$l$P$J$j$^$;$s!#$=$7$F!"<!$N$h$&$J9T$rDI2C$7�(B "$extip" �$B$H$$$&J8;zNs$r�(B
�$B$"$J$?$N%$%s%?!<%M%C%H>e$N�(B IP �$B%"%I%l%9$KCV$-49$($J$1$l$P$J$j$^$;$s!#�(B
<P><B>�$BCm0U�(B - </B> �$B$b$7!"�(B PPP �$B$d�(B ADSL �$B$d�(B �$B%1!<%V%k%b%G%`$J$I$N$h$&$J7A$G�(B
ISP �$B$+$iF0E*$J�(B IP �$B%"%I%l%93d$jEv$F$r<u$1$F$$$k$J$i$P!"�(B /etc/rc.d/rc.firewall
�$B%k!<%k%;%C%H$O$b$C$HCNE*$KF0:n$9$k$h$&:n@.$7$J$1$l$P$J$j$^$;$s!#�(B
�$B$=$N$?$a$K$O!"4{=P$N�(B
<A HREF="#Strong-IPCHAINS-Rulesets">�$B6/$$�(B IPCHAINS �$B$N%k!<%k%;%C%H�(B</A>
�$B$N>O$+!"�(B
<A HREF="http://www.ecst.csuchico.edu/~dranch/LINUX/index-linux.html#TrinityOS">TrinityOS - Section 10</A>
�$B$r;2>H$7$F!"6/8G$J%k!<%k$HF0E*$J�(B IP �$B%"%I%l%93d$jEv$F$K4X$9$k>pJs$r�(B
�$B;2>H$7$F$/$@$5$$!#�(B
�$B$3$3$G$O$A$g$C$H$7$?%R%s%H$@$1$r�(B - PPP �$B%f!<%6$G$O�(B /etc/ppp/ip-up �$B$G$9!#�(B
<P>
<P>
<BLOCKQUOTE><CODE>
<PRE>
/etc/rc.d/rc.firewall
--
#echo "IPPORTFW �$B$K$h$k%j%@%$%l%/%7%g%s$r30It�(B LAN �$B$K$D$$$FM-8z$K�(B .."
#
/usr/local/sbin/ipportfw -C
/usr/local/sbin/ipportfw -A -t$extip/80 -R 192.168.0.10/80
# �$B%]!<%H�(B 20 �$B$KBP$9$k%]!<%HE>Aw$OF0:nCf$N@\B3$KBP$7$F$OITMW$G$9!#�(B
# �$BFbIt$K$"$k�(B FTP �$B%5!<%P$O%]!<%H�(B 20 �$BHV$G$N@\B3$r3+;O$7$F!"4{B8$N$d$jJ}$G$N�(B
# �$B%^%9%+%l!<%I$5$l$?%3%s%T%e!<%?$r<h$j07$&$3$H$,$G$-$^$9!#�(B
--
</PRE>
</CODE></BLOCKQUOTE>
<P>
<P>�$B$3$l$@$1$G$9!*�(B /etc/rc.d/rc.firewall �$B%k!<%k%;%C%H$r:FEYF0$+$7$F%F%9%H$7$^$7$g$&!*�(B
<P>
<P>�$B$b$7$b!"�(B"ipfwadm: setsockopt failed: Protocol not available" �$B$H$$$&%(%i!<%a%C%;!<%8$,�(B
�$B=P$F$7$^$C$?>l9g$O!"$"$J$?$O$^$@?7$7$$%+!<%M%k$rF0:n$5$;$F$$$J$$$3$H$K$J$j$^$9!#�(B
�$B?7$7$$%+!<%M%k%U%!%$%k$rE,@Z$J>l=j$K0\F0$5$;$F!"�(BLILO �$B%3%^%s%I$r:F<B9T$7!"%7%9%F%`$r�(B
�$B:F5/F0$5$;$F$/$@$5$$!#�(B
<P>
<P>FTP �$B%5!<%P$KBP$9$k%]!<%HE>Aw�(B -
<P>
<P>�$B$b$7FbIt%M%C%H%o!<%/$KB8:_$9$k�(B FTP �$B%5!<%P$X$N%]!<%HE>Aw$r9M$($F$$$k$J$i!";vBV$O�(B
�$B$h$jJ#;($K$J$j$^$9!#$H$$$&$N$b!"I8=`E*$J�(B <EM>IP_MASQ_FTP</EM> �$B%+!<%M%k%b%8%e!<%k$O�(B
�$B$3$N$h$&$JF0:n$N$?$a$K$O:n$i$l$F$$$J$$$K$b4X$i$:!"2??M$+$N%f!<%6$+$i$OLdBj$J$/F0$$$F�(B
�$B$$$k$H$$$&Js9p$,$"$k$+$i$G$9!#;d$NCN$k$+$.$j!"%Q%C%A$r$"$F$J$$>uBV$G$O�(B 30 �$BJ,$r1[$($k�(B
�$BE>Aw;~4V$rMW$9$k>l9g$K$*$$$F$O!"LdBj$,$J$$$H8@$C$F$$$k%f!<%6$G$bE>Aw$O<:GT$9$k$H�(B
�$B;W$$$^$9!#$I$A$i$K$;$h!"4{B8$N�(B ip_masq_ftp �$B%b%8%e!<%k$r;H$C$?<!$N$h$&$J%]!<%HE>Aw$N�(B
�$BJ}K!$r;n$_$F!"$"$J$?$N4D6-$GF0$/$+$I$&$+3N$+$a$F8+$k$3$H$r$*A&$a$7$^$9!#�(B
�$B$b$7$=$l$,F0$+$J$$$J$i$P!"2~NI$5$l$?�(B ip_masq_ftp �$B%b%8%e!<%k$r;n$7$^$7$g$&!#�(B
<P>Fred Viles �$B$O%]!<%HE>Aw$,F0:n$9$k$h$&$K2~NI$7$?�(B IP_MASQ_FTP �$B%b%8%e!<%k$r!"$=$l$i�(B
�$B$rI,MW$H$9$k%f!<%6$N$?$a$K:n@.$7$F$$$^$9!#$3$N%b%8%e!<%k$,;H$($k$+$I$&$+$rD4$Y$?$$�(B
�$B$J$i!"<!$N%"!<%+%$%V$r%@%&%s%m!<%I$7$F$_$F$/$@$5$$!#�(BFred �$B$N:n@.$7$?J8=q$G$O�(B
�$B>\:Y$K=R$Y$i$l$F$$$^$9!#$^$?!"$3$N%Q%C%A$O$"$/$^$G<B83E*$J$b$N$J$N$G$=$N$D$b$j$G�(B
�$B07$C$F$/$@$5$$!#$5$i$K!"�(B2.0 �$B7O%+!<%M%k$+$i�(B 2.2 �$B7O%+!<%M%k$^$G$N$$$/$D$+$N%Q%C%A$7$+�(B
�$BB8:_$7$F$$$^$;$s!#�(B
<P>
<P>�$B$5$F!"�(B2.0 �$B7O%+!<%M%kMQ$N%Q%C%A$rF0$+$9$?$a$K$O!"<!$N;v9`$,I,MW$G$9�(B -
<P>
<UL>
<LI>�$B$3$N>O$N:G=i$K@bL@$7$?$h$&$K!"�(BIPPORTFW �$B%+!<%M%k%Q%C%A$rE,MQ$7$^$9!#�(B
<P>
</LI>
<LI>"msqsrv-patch-36" �$B%Q%C%A$r�(B
<A HREF="IP-Masquerade-HOWTO-2.html#2.0.x-Requirements">2.0.x �$B%+!<%M%k$NI,MW>r7o�(B</A>
�$B$N>O$K$"$k�(B
Fred Viles �$B$N�(B FTP �$B%5!<%P$+$i<h$C$F$-$F!"�(B/usr/src/linux �$B$KCV$-$^$9!#�(B
<P>
</LI>
<LI>"cat msqsrv-patch-36 | patch -p1" �$B$r<B9T$7$F!"?7$7$$%3!<%I$r%+!<%M%k$KE,MQ$7$^$9!#�(B
<P>
</LI>
<LI>�$B$D$E$$$F!"%*%j%8%J%k$N�(B <EM>"ip_masq_ftp.c"</EM> �$B%+!<%M%k%b%8%e!<%k$r?7$7$$$b$N$K�(B
�$BCV$-49$($^$9!#�(B
<P>
<UL>
<LI>mv /usr/src/linux/net/ipv4/ip_masq_ftp.c
/usr/src/linux/net/ipv4/ip_masq_ftp.c.orig</LI>
<LI>mv /usr/src/linux/ip_masq_ftp.c /usr/src/linux/net/ipv4/ip_masq_ftp.c</LI>
</UL>
<P>
</LI>
<LI>�$B:G8e$K!"?7$7$$%3!<%I$r4^$s$@%+!<%M%k$r%S%k%I$7$F%$%s%9%H!<%k$7$^$9!#�(B</LI>
</UL>
<P>�$B$3$N:n6H$r=*$($F$+$i!"�(B/etc/rc.d/rc.firewall �$B%k!<%k%;%C%H$rJT=8$7$F!"<!$N$h$&$J9T$rDI2C�(B
�$B$7$^$9$,!"�(B"$extip"�$B$NItJ,$O30It�(B IP �$B%"%I%l%9$H$J$k$h$&$KCm0U$7$F$/$@$5$$!#�(B
<P>�$B$3$NNc$G$O!"@hDx$N$h$&$K%$%s%?!<%M%C%H$+$i$"$J$?$N�(B TCP/IP �$B%"%I%l%9$KBP$9$k�(B FTP (�$B%]!<%HHV9f�(B 21)
�$B$N@\B3MW5a$O!"FbIt$K$"$k�(B IP �$B%"%I%l%9�(B 192.168.0.10 �$B$K$"$k%^%9%+%l!<%I$5$l$?%3%s%T%e!<%?$K�(B
�$BE>Aw$5$l$^$9!#�(B
<P>�$BCm0U�(B - �$B0lC6%]!<%H�(B 21 �$B$G%]!<%HE>Aw$rM-8z$K$9$k$H!"$3$N%]!<%H$O�(B
IP �$B%^%9%+%l!<%I%5!<%P$+$i$O;H$($J$/$J$j$^$9!#�(B
�$B$D$^$j!"�(B FTP �$B%5!<%P$,$"$i$+$8$a%^%9%+%l!<%I%5!<%P$GF0:n$7$F$$$?$H$7$?$i!"�(B
�$B%]!<%HE>Aw$O$9$Y$F$N%$%s%?!<%M%C%H$+$i$N@\B3$KBP$7$F$O!"�(B
�$B%^%9%+%l!<%I%5!<%P$G$O$J$/FbIt$N�(B FTP �$B%5!<%P$X$N@\B3$r�(B
�$BDs6!$9$k$3$H$K$J$j$^$9!#�(B
<P>
<P>
<BLOCKQUOTE><CODE>
<PRE>
/etc/rc.d/rc.firewall
--
#echo "IPPORTFW �$B$K$h$k%j%@%$%l%/%7%g%s$r30It�(B LAN �$B$K$D$$$FM-8z$K�(B .."
#
/usr/local/sbin/ipportfw -C
/usr/local/sbin/ipportfw -A -t$extip/21 -R 192.168.0.10/21
#�$BCm0U�(B - �$B$b$7$"$J$?$,J#?t$N%m!<%+%k$J%]!<%HHV9f$r;H$C$F$$$F%]!<%HE>Aw$r�(B
# �$BJ#?t$N�(B FTP �$B%5!<%P�(B(�$B$?$H$($P�(B 21,2121,2112�$B$J$I�(B)�$B$KBP$7$F9T$$$?$$$J$i�(B
# ip_masq_ftp �$B%b%8%e!<%k$rJ#?t$N%]!<%H$KBP$7$F%j%9%s$9$k$h$&$K@_Dj�(B
# �$B$7$J$1$l$P$J$j$^$;$s!#$=$N$?$a$K$O!"$?$H$($P!"�(B
# /etc/rc.d/rc.firewall �$B$NFbMF$r�(B
#
# /sbin/modprobe ip_masq_ftp ports=21,2121,2112
#
# �$B$N$h$&$K$7!"$3$l$,M-8z$H$J$k$h$&$K�(B /etc/rc.d/rc.firewall �$B%9%/%j%W%H$r�(B
# �$B:FEY<B9T$7$J$1$l$P$J$j$^$;$s!#�(B
# �$B%]!<%H�(B 20 �$B$KBP$9$k%]!<%HE>Aw$OF0:nCf$N@\B3$KBP$7$F$O$*$=$i$/ITMW$G$9!#�(B
# �$BFbIt$K$"$k�(B FTP �$B%5!<%P$O%]!<%H�(B 20 �$BHV$G$N@\B3$r3+;O$7$F!"4{B8$N$d$jJ}$G$N�(B
# �$B%^%9%+%l!<%I$5$l$?%3%s%T%e!<%?$r<h$j07$&$3$H$,$G$-$^$9!#�(B
--
</PRE>
</CODE></BLOCKQUOTE>
<P>
<P>�$B$3$l$@$1$G$9�(B! /etc/rc.d/rc.firewall �$B%k!<%k%;%C%H$r:FEYF0$+$7$F%F%9%H$7$^$7$g$&�(B!
<P>
<P>�$B$b$7$b!"�(B"ipfwadm: setsockopt failed: Protocol not available" �$B$H$$$&%(%i!<%a%C%;!<%8$,�(B
�$B=P$F$7$^$C$?>l9g$O!"$"$J$?$O$^$@?7$7$$%+!<%M%k$rF0:n$5$;$F$$$J$$$3$H$K$J$j$^$9!#�(B
�$B?7$7$$%+!<%M%k%U%!%$%k$rE,@Z$J>l=j$K0\F0$5$;$F!"�(BLILO �$B%3%^%s%I$r:F<B9T$7!"%7%9%F%`$r�(B
�$B:F5/F0$5$;$F$/$@$5$$!#?7$7$$%+!<%M%k$rF0$+$7$F$$$k$D$b$j$J$N$K!"$3$N%(%i!<$,=P$?>l9g$O!"�(B
"ls /proc/net" �$B$r<B9T$7$F�(B "ip_portfw" �$B%U%!%$%k$,B8:_$9$k$+$I$&$+3NG'$7$F$/$@$5$$!#�(B
�$B$3$l$,B8:_$7$J$$>l9g$O!"%+!<%M%k$N9=@.;~$K%(%i!<$,=P$F$$$k$O$:$G$9!#$b$&0lEY$d$jD>$7$^$7$g$&!#�(B
<P>
<A NAME="CuSeeme"></A> <P>
<H2><A NAME="ss6.9">6.9 CU-SeeMe �$B$H�(B Linux �$B$N�(B IP �$B%^%9%+%l!<%I�(B</A>
</H2>
<P>
<P>Linux �$B$G$N�(B IP �$B%^%9%+%l!<%I$G$O�(B <EM>"ip_masq_cuseeme"</EM> �$B%+!<%M%k%b%8%e!<%k$r�(B
�$B;H$&$3$H$K$h$C$F�(B CuSeeme �$B$r%5%]!<%H$7$F$$$^$9!#�(B
�$B$3$N%+!<%M%k%b%8%e!<%k$O!"�(B /etc/rc.d/rc.firewall �$B%9%/%j%W%H$G�(B
�$BFI$_$3$^$l$J$1$l$P$J$j$^$;$s!#�(B
"ip_masq_cuseeme" �$B%b%8%e!<%k$,FI$_9~$^$l$k$H!"%j%b!<%H$N%j%U%l%/%?�(B
�$B!ZLuCm�(B: CU-SeeMe�$B$N%5!<%P$N$3$H![$d%f!<%6$H$N4V$G@\B3$r9T$&$3$H$,$G$-$^$9!#�(B
<P>
<P>�$BCm0U�(B - CuSeeme �$B$r;HMQ$9$k>l9g$O!"�(BIPAUTOFW �$B$h$j�(B IPPORTFW �$B%D!<%k$r;H$$$^$7$g$&!#�(B
<P>
<P>
<P>�$B$b$7�(B CuSeeMe �$B$KBP$7$F$b$&>/$7L@3N$J>pJs$,I,MW$J$i$P!"�(B
<A HREF="http://www.swampgas.com/vc/ipmcus.htm">Michael Owings's CuSeeMe page</A> �$B$K$"$k�(B Mini-HOWTO �$B$+�(B
<A HREF="http://ipmasq.cjb.net/">IP �$B%^%9%+%l!<%I$N>pJs8;�(B</A> �$B$K%_%i!<$5$l$?FbMF$r8+$F$/$@$5$$!#�(B
<P>
<P>
<A NAME="ICQ"></A> <P>
<H2><A NAME="ss6.10">6.10 �$B%_%i%S%j%9<R$N�(B ICQ</A>
</H2>
<P>Linux �$B$N%^%9%+%l!<%I%5!<%P$NGX8e$G�(B ICQ �$B$rF0$+$9$h$&$K$9$k$?$a$NJ}K!$OFs$D$"$j$^$9!#�(B
�$B0l$D$NJ}K!$O!"�(BICQ �$B$N%^%9%+%l!<%I%b%8%e!<%k$r;H$&$3$H$G!"$b$&0l$D$O�(B IPPORTFW �$B$r�(B
�$B;H$&$3$H$G$9!#�(B
<P>ICQ �$B%^%9%+%l!<%I%b%8%e!<%k$K$O$$$/$D$+$NMxE@$,$"$j$^$9!#$3$N%b%8%e!<%k$OJ#?t�(B
�$B$N�(B ICQ �$B%f!<%6$KBP$7$F$bC1=c$J@_Dj$GF0:n$7$^$9!#$^$?�(B ICQ �$B%/%i%$%"%s%H%W%m%0%i%`$K�(B
�$BBP$7$F$J$s$iFCJL$JJQ99$r2C$($kI,MW$,$"$j$^$;$s!#:G6a$G$O�(B �$B$3$N%b%8%e!<%k$N%P!<%8%g%s�(B
2.2 �$B7O%+!<%M%k$X$N%"%C%W%G!<%H$G$O%U%!%$%kE>Aw$d%j%"%k%?%$%`%A%c%C%H$b%5%]!<%H$9$k�(B
�$B$h$&$K$J$j$^$7$?!#�(B
�$B$7$+$7!"�(B2.0 �$B7O%+!<%M%k$G$O%U%!%$%kE>Aw$d%j%"%k%?%$%`%A%c%C%H$O40A4$K$O%5%]!<%H�(B
�$B$5$l$F$$$^$;$s!#$H$b$+$/!"�(B2.2 �$B7O%+!<%M%k$N>e$G�(B IP �$B%^%9%+%l!<%I$r9T$C$F�(B ICQ �$B$rF0$+$9�(B
�$B$h$&$K$7$?$[$&$,$$$$$@$m$&$H$O;W$$$^$9!#�(B
<P>
<P>IPPORTFW �$B$r@_Dj$9$k>l9g!"�(BLinux �$B$H�(B ICQ �$B%/%i%$%"%s%H$KBP$7$F�(B ICQ �$B%a%C%;!<%8%s%0!"�(B
URL�$B!"%A%c%C%H!"%U%!%$%kE>Aw$J$I$J$I$rJQ99$7$J$1$l$P$J$j$^$;$s!#�(B
<P>�$B$b$7!"�(B Andrew Deryabin �$B$N�(B
<A HREF="mailto:djsf@usa.net">djsf@usa.net</A> 2.2 �$B7O%+!<%M%k8~$1�(B ICQ IP �$B%^%9%+%l!<%I%b%8%e!<%k$K�(B
�$B4X?4$,$"$k$J$i!"�(B
<A HREF="IP-Masquerade-HOWTO-2.html#2.2.x-Requirements">2.2.x �$B%+!<%M%k$NI,MW>r7o�(B</A>
�$B$N>O$K>\$7$$@bL@$,$"$j$^$9!#�(B
<P>
<P>�$B%^%9%+%l!<%I%5!<%P$NFbIt$G�(B ICQ �$B$rF0$+$9$?$a$K8EE5E*$JJ}K!$r<h$j$?$$>l9g$O!"�(B
�$B<!$N$h$&$JJ}K!$G9T$$$^$9�(B -
<P>
<UL>
<LI> �$B$^$::G=i$K!"�(BIPPPORTFW �$B$rM-8z$K$7$?>uBV$G%+!<%M%k$rF0:n$5$;$^$9!#�(B
<A HREF="#Forwarders">�$B%U%)%o!<%@�(B (�$B%]!<%HE>Aw%D!<%k�(B)</A>
�$B$N>O$r;2>H$7$F$/$@$5$$!#�(B
<P>
<UL>
<LI> �$BB3$$$F!"�(B/etc/rc.d/rc.firewall �$B%U%!%$%k$K<!$N$h$&$J5-=R$rDI2C$7$^$9!#�(B
�$B$3$NNc$G$O!"�(B10.1.2.3 �$B$O30It$N�(B IP �$B%"%I%l%9$G!"FbIt$N%3%s%T%e!<%?$N�(B IP �$B%"%I%l%9$O�(B 192.168.0.10
�$B$G$"$k$H2>Dj$7$F$$$^$9!#�(B
<P>�$B2<5-$O!"�(BIPFWADM �$B$K$h$k�(B 2.0 �$B7O%+!<%M%k$N$?$a$NNc$G$9!#�(B
<P>
<P>
<PRE>
�$B$3$3$GFs$D$NNc$r$"$2$F$*$-$^$7$?!#$I$A$i$bLdBj$J$/F0:n$7$^$9!#�(B
�$BNc$=$N�(B 1
--
/usr/local/sbin/ipportfw -A -t10.1.2.3/2000 -R 192.168.0.10/2000
/usr/local/sbin/ipportfw -A -t10.1.2.3/2001 -R 192.168.0.10/2001
/usr/local/sbin/ipportfw -A -t10.1.2.3/2002 -R 192.168.0.10/2002
/usr/local/sbin/ipportfw -A -t10.1.2.3/2003 -R 192.168.0.10/2003
/usr/local/sbin/ipportfw -A -t10.1.2.3/2004 -R 192.168.0.10/2004
/usr/local/sbin/ipportfw -A -t10.1.2.3/2005 -R 192.168.0.10/2005
/usr/local/sbin/ipportfw -A -t10.1.2.3/2006 -R 192.168.0.10/2006
/usr/local/sbin/ipportfw -A -t10.1.2.3/2007 -R 192.168.0.10/2007
/usr/local/sbin/ipportfw -A -t10.1.2.3/2008 -R 192.168.0.10/2008
/usr/local/sbin/ipportfw -A -t10.1.2.3/2009 -R 192.168.0.10/2009
/usr/local/sbin/ipportfw -A -t10.1.2.3/2010 -R 192.168.0.10/2010
/usr/local/sbin/ipportfw -A -t10.1.2.3/2011 -R 192.168.0.10/2011
/usr/local/sbin/ipportfw -A -t10.1.2.3/2012 -R 192.168.0.10/2012
/usr/local/sbin/ipportfw -A -t10.1.2.3/2013 -R 192.168.0.10/2013
/usr/local/sbin/ipportfw -A -t10.1.2.3/2014 -R 192.168.0.10/2014
/usr/local/sbin/ipportfw -A -t10.1.2.3/2015 -R 192.168.0.10/2015
/usr/local/sbin/ipportfw -A -t10.1.2.3/2016 -R 192.168.0.10/2016
/usr/local/sbin/ipportfw -A -t10.1.2.3/2017 -R 192.168.0.10/2017
/usr/local/sbin/ipportfw -A -t10.1.2.3/2018 -R 192.168.0.10/2018
/usr/local/sbin/ipportfw -A -t10.1.2.3/2019 -R 192.168.0.10/2019
/usr/local/sbin/ipportfw -A -t10.1.2.3/2020 -R 192.168.0.10/2020
--
�$BNc$=$N�(B 2
--
port=2000
while [ $port -le 2020 ]
do
/usr/local/sbin/ipportfw -A t10.1.2.3/$port -R 192.168.0.10/$port
port=$((port+1))
done
--
</PRE>
<P>IPCHAINS �$B$r;H$C$?�(B 2.2 �$B7O%+!<%M%k$N$?$a$NNc$r<!$K<($7$^$9�(B -
<P>
<P>
<PRE>
�$B$3$3$GFs$D$NNc$r$"$2$F$*$-$^$7$?!#$I$A$i$bLdBj$J$/F0:n$7$^$9�(B -
�$BNc$=$N�(B 1
--
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2000 -R 192.168.0.10 2000
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2001 -R 192.168.0.10 2001
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2002 -R 192.168.0.10 2002
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2003 -R 192.168.0.10 2003
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2004 -R 192.168.0.10 2004
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2005 -R 192.168.0.10 2005
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2006 -R 192.168.0.10 2006
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2007 -R 192.168.0.10 2007
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2008 -R 192.168.0.10 2008
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2009 -R 192.168.0.10 2009
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2010 -R 192.168.0.10 2010
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2011 -R 192.168.0.10 2011
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2012 -R 192.168.0.10 2012
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2013 -R 192.168.0.10 2013
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2014 -R 192.168.0.10 2014
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2015 -R 192.168.0.10 2015
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2016 -R 192.168.0.10 2016
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2017 -R 192.168.0.10 2017
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2018 -R 192.168.0.10 2018
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2019 -R 192.168.0.10 2019
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2020 -R 192.168.0.10 2020
--
�$BNc$=$N�(B 2
--
port=2000
while [ $port -le 2020 ]
do
/usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 $port -R
192.168.0.10 $port
port=$((port+1))
done
--
</PRE>
<P>
<P>
</LI>
<LI><P>�$B?7$7$$�(B rc.firewall �$B$,=`Hw$G$-$?$i!"�(B"/etc/rc.d/rc.firewall" �$B$H%?%$%W$7$F�(B
�$B@_Dj$,LdBj$J$$$3$H$r3NG'$9$k$?$a$K%k!<%k%;%C%H$N:FFI$_9~$_$r9T$$$^$9!#�(B
�$B$b$72?$+%(%i!<$,=P$?>l9g!"�(BIPPORTFW �$B%5%]!<%H$N$"$k%+!<%M%k$rF0:n$5$;$F$$$J$$$+!"�(B
rc.firewall �$B%U%!%$%k$K$J$K$+%?%$%W%_%9$,$"$k$3$H$G$7$g$&!#�(B
</LI>
<LI><P>ICQ �$B$N�(B [�$B%W%j%U%!%l%s%9�(B] - [�$B@\B3�(B] �$B@_Dj$G�(B "LAN�$B$+$i;H$&�(B" �$B$H�(B
"�$B%U%!%$%"%&%)!<%k$^$?$O%W%m%-%7$r7PM3$7$F;H$&�(B" �$B$r@_Dj$7$F$/$@$5$$!#�(B
�$B$=$l$+$i!"�(B "�$B%U%!%$%"%&%)!<%k@_Dj�(B" �$B$r%/%j%C%/$7$F!"�(B"SOCKS �$B%W%m%-%7$r�(B
�$B;H$o$J$$�(B" �$B$r@_Dj$7$^$9!#�(B
�$B0JA0$O�(B "�$B%U%!%$%"%&%)!<%k%?%$%`%"%&%H�(B" �$B$r�(B "30" �$B$K$9$k$3$H$r?d>)$7$F�(B
�$B$$$^$7$?$,!"B?$/$NMxMQ<T$O$3$l$K$h$j�(B ICQ �$B$N?.Mj@-$,2<$,$k$3$H$K�(B
�$B5$$E$$$F$$$kE@$KCm0U$7$F$/$@$5$$!#�(B
ICQ �$B$O5,Dj$N%?%$%`%"%&%H@_Dj�(B (�$B$3$N�(B ICQ �$B%*%W%7%g%s$rM-8z$K$7$J$$>uBV�(B) �$B$,�(B
�$B:G$b?.Mj@-$,9b$$$N$G!"%^%9%+%l!<%I%5!<%P$G$N%?%$%`%"%&%H$r�(B160�$BIC$K$7$^$9!#�(B
�$B$3$N%?%$%`%"%&%H@_Dj$rJQ99$9$kJ}K!$K$D$$$F$O�(B
<A HREF="IP-Masquerade-HOWTO-3.html#rc.firewall-2.0.x">rc.firewall-2.0.x</A>
�$B$H�(B
<A HREF="IP-Masquerade-HOWTO-3.html#rc.firewall-2.2.x">rc.firewall-2.2.x</A>
�$B%k!<%k%;%C%H$r;2>H$7$F$/$@$5$$!#�(B
�$B$=$l$+$i!"�(B "�$B<!$X�(B" �$B$r%/%j%C%/$7$F�(B "�$B0J2<$N�(B TCP �$B4F;k%]!<%H$r;H$&�(B" �$B$N�(B
�$B9`L\$G$O!"�(B "2000" �$B$+$i�(B "2020" �$B$^$G$r;XDj$7$F$/$@$5$$!#$=$7$F�(B"�$B40N;�(B"�$B$r�(B
�$B%/%j%C%/$7$F=*$o$j$G$9!#�(B
<P>ICQ �$B%/%i%$%"%s%H$OJQ99$rM-8z$K$9$k$?$a$K�(B ICQ �$B$N:F5/F0$rB%$7$F$-$^$9!#<B$O!";d$N�(B
�$B>l9g$OJQ99$r@5$7$/H?1G$5$;$FF0$+$9$?$a$K�(B Windows9x �$B<+BN$r:F5/F0$5$;$J$1$l$P$J$j�(B
�$B$^$;$s$G$7$?$,!"$"$k?M$O$=$s$J$3$H$r$9$kI,MW$O$J$$$H$b8@$C$F$$$^$9!#$b$7$@$a$J$iN>J}�(B
�$B;n$7$F$_$F$/$@$5$$!#�(B
</LI>
</UL>
<P>
</LI>
<LI> �$B$"$k?M$O%]!<%HHV9f�(B 4000 �$B$@$1$r�(B ICQ �$B$NF0$$$F$$$k%^%7%s$K%]!<%HE>Aw$9$k$@$1$N�(B
�$B>uBV$,%Y%9%H$@!"$H$bOC$7$F$/$l$^$7$?!#H`$O$3$l$@$1$G�(B ICQ �$B<+BN$N@_Dj$r4{DjCM$+$i2?$i�(B
�$BJQ99$9$k$3$H$J$/A4It$N5!G=�(B(�$B%A%c%C%H!"%U%!%$%kE>Aw$J$I�(B)�$B$,$&$^$/F0:n$7$?$HJs9p$7$F$$$^$9!#�(B
�$B$*$=$i$/$d$jJ}$O$?$/$5$s$"$k$N$G$7$g$&$,!"JL$J@_Dj$NJ}K!$r;n$9$N$b$$$$$+$b$7$l$^$;$s!#�(B</LI>
</UL>
<P>
<A NAME="LooseUDP"></A> <P>
<H2><A NAME="ss6.11">6.11 �$B%2!<%^!<8~$1�(B - LooseUDP �$B%Q%C%A�(B</A>
</H2>
<P>
<P>LooseUDP �$B%Q%C%A$O�(B NAT �$B$H$N?FOB@-$,$"$j!"DL>o�(B UDP �$B$rMQ$$$k%2!<%`$r�(B
Linux IP �$B%^%9%+%l!<%I%5!<%P$NGX8e$GLdBj$J$/F0:n$5$;$k$?$a$N$b$N$G$9!#�(B
�$B:#$N$H$3$m!"�(BLooseUDP �$B$O%P!<%8%g%s�(B 2.0.36 �$B0J>e$N%+!<%M%k$KBP$7$F$O�(B
�$B%Q%C%A$H$7$FDs6!$5$l!"�(B2.2.3 �$B0J>e$N%+!<%M%k$K$OAH$_9~$^$l$F$$$^$9$,!"�(B
2.2.16 �$B0J>e$N%+!<%M%k$G$O%G%U%)%k%H$G6X;_>uBV$K$J$C$F$$$^$9!#�(B
<P>
<P>LooseUDP �$B$r�(B2.0.x �$B7O%+!<%M%k$GF0:n$5$;$k$K$O<!$N<j=g$K=>$$$^$9�(B -
<P>
<UL>
<LI>�$B:G?7$N�(B 2.0.x �$B%+!<%M%k$rMQ0U$7!"�(B/usr/src/linux �$B%G%#%l%/%H%j$KE83+$7$^$9!#�(B
<P>
</LI>
<LI>�$B%P!<%8%g%s�(B 2.0.x �$B$G$OI,?\�(B - IPPORTFW �$B%Q%C%A$r!"$3$N�(B HOW-TO �$B$N�(B
<A HREF="IP-Masquerade-HOWTO-2.html#2.0.x-Requirements">2.0.x �$B%+!<%M%k$NI,MW>r7o�(B</A>
�$B$N>O$+!"$^$?$O�(B
<A HREF="#Forwarders">�$B%U%)%o!<%@�(B (�$B%]!<%HE>Aw%D!<%k�(B)</A>
�$B$N>O$r;29M$K$7$F$/$@$5$$!#�(B
<P>
</LI>
<LI>
<A HREF="IP-Masquerade-HOWTO-2.html#2.0.x-Requirements">2.0.x �$B%+!<%M%k$NI,MW>r7o�(B</A>
�$B$N>O$+$i�(B LooseUDP �$B%Q%C%A$r%@%&%s%m!<%I$7$^$9!#�(B
<P>LooseUDP �$B%Q%C%A$r�(B /usr/src/linux �$B%G%#%l%/%H%j$KCV$-!"<!$N$h$&$K%?%$%W$7$^$9!#�(B
<P>
<BLOCKQUOTE><CODE>
�$B05=L$5$l$?%Q%C%A%U%!%$%k$N>l9g�(B - zcat loose-udp-2.0.36.patch.gz | patch -p1
</CODE></BLOCKQUOTE>
<P>
<BLOCKQUOTE><CODE>
�$B05=L$5$l$F$$$J$$%Q%C%A%U%!%$%k$N>l9g�(B - cat loose-udp-2.0.36.patch | patch
-p1
</CODE></BLOCKQUOTE>
<P>
<P>
<P>�$B$*;H$$$N�(B patch �$B%W%m%0%i%`$N%P!<%8%g%s$K$b$h$j$^$9$,!"<!$N$h$&$J%F%-%9%H$r�(B
�$B8+$k$3$H$K$J$k$G$7$g$&�(B -
<P>
<P>
<BLOCKQUOTE><CODE>
<PRE>
patching file `CREDITS'
patching file `Documentation/Configure.help'
patching file `include/net/ip_masq.h'
patching file `net/ipv4/Config.in'
patching file `net/ipv4/ip_masq.c'
</PRE>
</CODE></BLOCKQUOTE>
<P>�$B$b$7!"�(B"Hunk FAILED" �$B$,%Q%C%A2aDx$N3F!9$G$=$l$>$l0lEY$@$1I=<($5$l$F$$$k$J$i!"$=$l$O�(B
�$B7Y9p$G$O$"$j$^$;$s!#8E$$%Q%C%A%U%!%$%k$,Ev$?$C$F$$$k$N$@$H;W$o$l$^$9$,!"$3$N>uBV$G$"$l$P�(B
�$BF0:n$7$^$9!#A4$/<:GT$K=*$o$C$F$7$^$C$?>l9g$O!"�(BIPPORTFW �$B%Q%C%A$,%+!<%M%k$KE,MQ$5$l$F$$$k�(B
�$B$+$I$&$+!"$^$:3NG'$7$F$_$F$/$@$5$$!#�(B
<P>�$B$3$N%Q%C%A$,AH$_9~$^$l$k$H!"�(B
<A HREF="IP-Masquerade-HOWTO-3.html#Kernel-Compile">�$B%+!<%M%k$N%3%s%Q%$%k�(B</A>
�$B$N>O$K<($5$l$F$$$kDL$j$K�(B
"IP: loose UDP port managing (EXPERIMENTAL) (CONFIG_IP_MASQ_LOOSE_UDP) [Y/n/?]" �$B%*%W%7%g%s�(B
�$B$KBP$7$F�(B "Y" �$B$HEz$($F9=@.$7$F$/$@$5$$!#�(B
</LI>
</UL>
<P>2.2 �$B7O%+!<%M%k$G�(B LooseUDP �$B$,F0$/$h$&$K$9$k$?$a$K$O!"<!$N$h$&$J<j=g$r<B;\$7$^$9�(B -
<UL>
<LI>/etc/rc.d/rc.firewall �$B%9%/%j%W%H$N:G8e$N$"$?$j$K$"$k�(B LooseUDP �$B$N9`L\$rC5$7$^$9!#�(B
<CODE>echo "0" > /proc/sys/net/ipv4/ip_masq_udp_dloose</CODE>
�$B$H$$$&9T$K$"$k�(B "0" �$B$r�(B "1" �$B$KJQ99$7$F!"�(B rc.firewall �$B%k!<%k%;%C%H$r:F<B9T$7$^$9!#�(B
�$B$3$N<BNc$O!"�(B
<A HREF="IP-Masquerade-HOWTO-3.html#rc.firewall-2.2.x">rc.firewall-2.2.x</A>
�$B$H�(B
<A HREF="#stronger-rc.firewall-2.2.x">stronger-rc.firewall-2.2.x</A>
�$B$K$"$j$^$9!#�(B</LI>
</UL>
<P>�$B?7$7$/�(B LooseUDP �$B$,M-8z$H$J$C$?%+!<%M%k$rF0$+$9$H!"KX$I$N�(B NAT �$B$H$N�(B
�$B?FOB@-$N$"$k%2!<%`$,LdBj$J$/F0$/$h$&$K$J$j$^$9!#�(B
�$B$$$/$D$+$N%Z!<%8$G!"�(B BattleZone �$B$J$I$H$$$C$?%2!<%`$K�(B NAT �$B?FOB@-$r�(B
�$B;}$?$;$k%Q%C%A$rDs6!$9$k�(B web �$B%Z!<%8$b$"$j$^$9!#�(B
�$B>\:Y$O�(B
<A HREF="#Game-Clients">Game-Clients</A>
�$B$N>O$r;2>H$7$F$/$@$5$$!#�(B
<P>
<P>
<P>
<P>
<P>
<P>
<HR>
<A HREF="IP-Masquerade-HOWTO-7.html">�$B<!$N%Z!<%8�(B</A>
<A HREF="IP-Masquerade-HOWTO-5.html">�$BA0$N%Z!<%8�(B</A>
<A HREF="IP-Masquerade-HOWTO.html#toc6">�$BL\<!$X�(B</A>
</BODY>
</HTML>
