<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> <HTML> <HEAD> <META NAME="GENERATOR" CONTENT="SGML-Tools 1.0.9"> <TITLE>Linux IP Masquerade HOWTO: IP $B%^%9%+%l!<%I$K4XO"$7$?$=$NB>$N9`L\$H%=%U%H%&%(%"%5%]!<%H(B</TITLE> <LINK HREF="IP-Masquerade-HOWTO-7.html" REL=next> <LINK HREF="IP-Masquerade-HOWTO-5.html" REL=previous> <LINK HREF="IP-Masquerade-HOWTO.html#toc6" REL=contents> </HEAD> <BODY> <A HREF="IP-Masquerade-HOWTO-7.html">$B<!$N%Z!<%8(B</A> <A HREF="IP-Masquerade-HOWTO-5.html">$BA0$N%Z!<%8(B</A> <A HREF="IP-Masquerade-HOWTO.html#toc6">$BL\<!$X(B</A> <HR> <H2><A NAME="s6">6. IP $B%^%9%+%l!<%I$K4XO"$7$?$=$NB>$N9`L\$H%=%U%H%&%(%"%5%]!<%H(B</A></H2> <P> <P> <H2><A NAME="ss6.1">6.1 IP $B%^%9%+%l!<%I$K4X78$7$?LdBj(B</A> </H2> <P>TCP/IP $B$r;H$C$?%"%W%j%1!<%7%g%s%W%m%H%3%k$N$&$A$N0lIt$K$O!"8=:_$N(B Linux $B$N(B IP $B%^%9%+%l!<%G%#%s%0$G%5%]!<%H$5$l$F$$$J$$$b$N$b$"$j$^$9!#(B $B$H$$$&$N$b!"$3$l$i$O0EL[$N$&$A$KFCDj$N%]!<%HHV9f$r;H$C$F$$$?$j!"(B $B$"$k$$$O$=$l$i$N%G!<%?%9%H%j!<%`Cf$K!"(B TCP/IP $B%"%I%l%9$d%]!<%HHV9f$r(B $B0E9f2=$7$F;E9~$s$G$$$?$j$9$k$+$i$G$9!#(B $B8e<T$N%W%m%H%3%k$rF0$+$9$?$a$K$OFCJL$J%W%m%-%7$+(B IP MASQ $B%b%8%e!<%k(B $B$r%^%9%+%l!<%G%#%s%0$N%3!<%I$K;E9~$`I,MW$,$"$j$^$9!#(B <P> <H2><A NAME="ss6.2">6.2 $B30It$+$iF~$C$F$/$k%5!<%S%9(B</A> </H2> <P>$B%G%U%)%k%H$G$O$$$/$D$+$NNc30$r$N$>$$$F!"(BLinux IP $B%^%9%+%l!<%G%#%s%0$G$O30It$+$iF~$C$F$/$k(B $B%5!<%S%9$r<h$j07$&$3$H$,$G$-$^$;$s!#(B <P>$B$b$7!"9b$$%l%Y%k$G%;%-%e%j%F%#$r3NJ]$9$kI,MW$,$J$$$J$i!"C1=c$K(B IP $B$H%]!<%H$r%U%)%o!<%I$J$j(B $B%j%@%$%l%/%H$9$l$P$9$`$G$7$g$&!#$d$jJ}$O$?$/$5$s$"$j$^$9$,!":G$b0BDj$7$F$$$k$N$O(B IPPORTFW $B$r;H$C$?$d$j$+$?$G$7$g$&!#>\:Y$O!"(B <A HREF="#Forwarders">$B%U%)%o!<%@(B ($B%]!<%HE>Aw%D!<%k(B)</A> $B$N>O$r;2>H$7$F$/$@$5$$!#(B <P>$B$b$7!"30It$+$iF~$C$F$/$k@\B3$K2?$i$+$NG'>Z$r@_Dj$7$?$$$J$i!"(BTCP-wrapper $B$+(B Xinetd $B$r(B $B@_Dj$7$FFCDj$N(B IP $B%"%I%l%9$+$i$N$_$N@\B3$r5v$9$3$H$,$G$-$^$9!#(BTIS Firewall Toolkit $B$O(B $B%D!<%k$d>pJs$rF~<j$9$k$N$K$h$$>l=j$G$7$g$&!#(B <P>$B$h$j>\:Y$J%;%-%e%j%F%#>pJs$K$D$$$F$O!"(B <A HREF="http://www.ecst.csuchico.edu/~dranch/LINUX/index-linux.html#TrinityOS">TrinityOS</A> $B$H(B <A HREF="http://ipmasq.cjb.net/">IP $B%^%9%+%l!<%I$N>pJs8;(B</A> $B$+$i8+$D$1$k$3$H$,$G$-$^$9!#(B <P> <A NAME="Supported Client Software"></A> <P> <P> <P> <H2><A NAME="Clients"></A> <A NAME="ss6.3">6.3 $B%5%]!<%H$7$F$$$k%/%i%$%"%s%H%=%U%H%&%(%"$H$=$NB>$N@_Dj>pJs(B</A> </H2> <P> <P> <BLOCKQUOTE> <B>** <A HREF="http://www.tsmservices.com/masq">Linux Masquerade Application list</A> $B$K$O!"%"%W%j%1!<%7%g%s$r(BLinux $B$N(B IP $B%^%9%+%l!<%G%#%s%0$r(B $BDL$8$FF0$+$9$?$a$NB?$/$N>pJs$,7G:\$5$l$F$$$^$9!#$3$N%5%$%H$O:G6a$K$J$C$F!"(BSteve Srevemeyer $B$K$h$C$F%G!<%?%Y!<%9%P%C%/%(%s%I$GF0:n$9$k$h$&$K=q$-2~$a$i$l$^$7$?!#AG@2$i$7$$>pJs8;$G$9!*(B</B> </BLOCKQUOTE> <P>$B0lHLE*$K!"I8=`E*$J(B TCP $B5Z$S(B UDP $B$r;H$C$?%"%W%j%1!<%7%g%s$G$"$l$P(B $BF0:n$7$^$9!#(B $B$b$7!"%R%s%H$d%"%I%P%$%9Ey$,$"$k$J$i!">\:Y$K$D$$$F$O(B <A HREF="http://ipmasq.cjb.net/">IP $B%^%9%+%l!<%I$N>pJs8;(B</A> $B$r;2>H$7$F$/$@$5$$!#(B <P> <P> <H3>IP $B%^%9%+%l!<%I$GF0:n$9$k%M%C%H%o!<%/%/%i%$%"%s%H(B</H3> <P>$B0lHLE*$J%/%i%$%"%s%H(B - <P> <P> <DL> <DT><B>Archie</B><DD><P>IP $B%^%9%+%l!<%I$,%5%]!<%H:Q$_$NA4$F$N%W%i%C%H%U%)!<%`(B $B$GF0:n$9$k!"%U%!%$%kC5:w%/%i%$%"%s%H(B ($BC"$7!"A4$F$N(B archie $B%/%i%$%"%s%H(B $B$,F0:n$9$k$o$1$G$O$J$$(B)$B!#(B <P> <P> <DT><B>FTP</B><DD><P>FTP $B@\B3$K$D$$$F$O!"(B<EM>ip_masq_ftp.o</EM> $B%+!<%M%k%b%8%e!<%k$r;H$&$3$H$G!"A4$F$N%5%]!<%H:Q$_%W%i%C%H%U%)!<%`>e$G(B $BF0:n$9$k!#(B <P>$B!ZLuCm(B: NAT $B4D6-$N0lIt(B (marked forward $BJ;MQ;~(B) $B$G$O!"(B ip_masq_ftp $B$,(B $BF0:n$7$J$$$3$H$,3NG'$5$l$F$$$^$9!#(B ftp $B%/%i%$%"%s%H$r%Q%C%7%V(B (PASV) $B%b!<%I$G5/F0$9$l$P!"(B ip_masq_ftp.o $B$,(B $B$J$/$F$bBg35$N(B ftp $B%5!<%P$X$N@\B3$,2DG=$G$9!#(B PASV $B%b!<%I$N>\:Y$K$D$$$F$O!"Nc$($P(B <A HREF="http://www.rtpro.yamaha.co.jp/RT/FAQ/TCPIP/ftp-passive-mode.html">http://www.rtpro.yamaha.co.jp/RT/FAQ/TCPIP/ftp-passive-mode.html</A> $BJU$j$,;29M$K$J$k$+$H;W$$$^$9!#![(B <P> <P> <DT><B>Gopher $B%/%i%$%"%s%H(B</B><DD><P>$BA4$F$N%5%]!<%H:Q$_%W%i%C%H%U%)!<%`$GF0:n$9$k!#(B <P> <P> <DT><B>HTTP</B><DD><P>$BA4$F$N%5%]!<%H:Q$_%W%i%C%H%U%)!<%`$GF0:n$9$k!"(BWeb$B%5!<%U%#%s!#(B <P> <P> <DT><B>IRC</B><DD><P>$B<o!9$N%5%]!<%H:Q$_%W%i%C%H%U%)!<%`$GF0:n$9$k!#(B $B$J$*!"(B DCC $B$O(B <EM>ip_masq_irc.o</EM> $B%b%8%e!<%k$rF3F~$9$l$PF0:n$9$k!#(B <P>$B!ZLuCm(B: DCC $B$K$D$$$F$O!"(B <A HREF="IP-Masquerade-HOWTO-3.html#rc.firewall-2.2.x">Linux 2.2.x $B%+!<%M%k(B</A> $B$NLuCm$r;2>H$7$F$/$@$5$$!#![(B <P> <P> <DT><B>NNTP (USENET)</B><DD><P>$BA4$F$N%5%]!<%H:Q$_%W%i%C%H%U%)!<%`$GF0:n$9$k!"(B USENET $B%K%e!<%9%/%i%$%"%s%H!#(B <P> <P> <DT><B>PING</B><DD><P>$B%+!<%M%k%*%W%7%g%s$N(B ICMP $B%^%9%+%l!<%I$rM-8z$K$9$k$3$H$G!"(B $BA4$F$N%W%i%C%H%U%)!<%`>e$GF0:n$9$k!#(B <P> <P> <DT><B>POP3</B><DD><P>$B$9$Y$F$N%W%i%C%H%U%)!<%`$GF0:n$9$k!"EE;R%a!<%k%/%i%$%"%s%H(B <P> <DT><B>SSH</B><DD><P>$BA4$F$N%5%]!<%H:Q$_%W%i%C%H%U%)!<%`$GF0:n$9$k!"(B $B0BA4$J(B TELNET/FTP $B%/%i%$%"%s%H!#(B <P> <P> <DT><B>SMTP</B><DD><P>$BA4$F$N%5%]!<%H:Q$_%W%i%C%H%U%)!<%`$GF0:n$9$k!"(B sendmail, qmail, PostFix $BEy$N%a!<%k%5!<%P!#(B <P> <P> <DT><B>TELNET</B><DD><P>$BA4$F$N%5%]!<%H:Q$_%W%i%C%H%U%)!<%`$GF0:n$9$k!"(B $B%j%b!<%H%;%C%7%g%s!#(B <P> <P> <DT><B>TRACEROUTE</B><DD><P>UNIX $B$H(B Windows $B%W%i%C%H%U%)!<%`$GDs6!$5$l$F$$$k$,!"(B $B$$$/$D$+$N0!<o$OF0$+$J$$$+$b$7$l$J$$!#(B <P> <P> <DT><B>VRML</B><DD><P>Windows ($B$"$k$$$O$3$l0J30$N%5%]!<%H:Q$_%W%i%C%H%U%)!<%`(B) $B$K$FF0:n$9$k!"!V%P!<%A%c%k!&%j%"%j%F%#!ZLuCm(B: $B2>A[8=<B![!W5;=Q$K$h$k(B Web $B%5!<%U%#%s!#(B <P> <P> <DT><B>WAIS $B%/%i%$%"%s%H(B</B><DD><P>$BA4$F$N%5%]!<%H:Q$_%W%i%C%H%U%)!<%`$GF0:n$9$k!#(B <P> </DL> <P>$B%^%k%A%a%G%#%"(B $B5Z$S(B $BDL?.%/%i%$%"%s%H(B - <P> <P> <DL> <DT><B>$BA4$F$N(B H.323 $B%W%m%0%i%`(B</B><DD><P>- MS Netmeeting, Intel Internet Phone Beta $B5Z$S$=$NB>$N(B H.323 $B%"%W%j%1!<%7%g%s(B - $B$3$l$i$K$D$$$F$O!"(B IP $B%^%9%+%l!<%I$r(B $B7PM3$7$?@\B3$GF0$+$9$?$a$NJ}K!$,:#$N$H$3$m#2$DB8:_$7$^$9(B - <P> <P>2.2.x $B%+!<%M%k$G(B Microsoft Netmeeting v3.x$B$rF0$+$9$?$a$N0BDj$7$FF0:n$9$k%Y!<%?HG%b%8%e!<%k$,(B <A HREF="http://ipmasq.cjb.net/">IP $B%^%9%+%l!<%I$N>pJs8;(B</A> $B$^$?$O(B <A HREF="http://www.coritel.it/projects/sofia/nat.html">http://www.coritel.it/projects/sofia/nat.html</A> $B$K$"$j$^$9!#$3$l$i$O$^$?JL$J%P!<%8%g%s(B $B$H$7$F!"(BNetmeeting 2.x $B$r(B 2.0.x $B%+!<%M%k$GF0$+$9$?$a$N%b%8%e!<%k$,@h$N(B MASQ WWW $B%5%$%H$K$"$j$^$9$,(B $B$3$l$O(B Netmeeting v3.x $B$O%5%]!<%H$7$F$$$^$;$s!#(B <P> <P>$B>&MQ%=%U%H$K$h$kJL$N2r7hJ}K!$H$7$F$O!"(B <A HREF="http://www.equival.com.au/phonepatch/index.html">Equivalence $B$N(B PhonePatch</A> $B$K$h$k(B H.323 $B%2!<%H%&%'%$$,$"$j$^$9!#(B <P> <P> <DT><B>Alpha Worlds</B><DD><P>Windows $B$GF0:n$9$k(B $B%/%i%$%"%s%H!&%5!<%PJ}<0$N(B 3D $B%A%c%C%H%W%m%0%i%`(B <P> <DT><B>CU-SeeMe</B><DD><P>$BA4$F$N%5%]!<%H:Q$_%W%i%C%H%U%)!<%`$GF0:n$7$^$9$,!"(B <EM>ip_masq_cuseeme</EM> $B$rAH$_9~$`$3$H$,I,MW$G$9!#(B $B>\:Y$K$D$$$F$O(B <A HREF="#CuSeeme">CuSeeme</A> $B$N>O$r;2>H$7$F$/$@$5$$!#(B <P> <P> <DT><B>ICQ</B><DD><P>$BDs6!$5$l$?$9$Y$F$N%W%i%C%H%U%)!<%`$GF0:n!#(B Linux $B%+!<%M%k$r(B IPPORTFW $B%5%]!<%H$rM-8z$K$7$F%3%s%Q%$%k$7!"(B ICQ $B<+?H$O(B $BHs(B SOCKS $B%W%m%-%7$NFbIt$GF0:n$9$k$h$&$K@_Dj$7$J$1$l$P$J$j$^$;$s!#(B $B@_Dj$NA4>\:Y$K$D$$$F$O(B <A HREF="#ICQ">ICQ</A> $B$N>O$r;2>H$7$F$/$@$5$$!#(B <P> <P> <DT><B>Internet Phone 3.2</B><DD><P>Windows $B$GF0:n$9$k(B $B%T%"!&%D!<!&%T%"$N2;@<$K$h$k(B $BDL?.$r2DG=$H$9$k$b$N$G$9!#(B $B$"$J$?$NB&$+$iAj<j$r8F$S=P$;$PDLOC$,$G$-$^$9$,!"B>$NJ}$,$"$J$?$r8F$S=P$9$K$O(B $BFCDj$N%]!<%H$KBP$9$kE>Aw$r@_Dj$7$J$1$l$P$J$j$^$;$s!#(B $B>\:Y$K$D$$$F$O(B <A HREF="#Forwarders">$B%U%)%o!<%@(B ($B%]!<%HE>Aw%D!<%k(B)</A> $B$N>O$r;2>H$7$F$/$@$5$$!#(B <P> <P> <DT><B>Internet Wave Player</B><DD><P>Windows $B$GF0:n$9$k!"%M%C%H%o!<%/!&%9%H%j!<%`!&%*!<%G%#%*!&%W%m%0%i%`(B <P> <DT><B>Powwow</B><DD><P>Windows $B$GF0:n$9$k!"%T%"!&%D!<!&%T%"%?%$%W$NJ8;z$H2;@<$r(B $BJ;MQ$G$-$k!V%[%o%$%H%\!<%I!WDL?.%W%m%0%i%`$G$9!#(B $B$"$J$?$NB&$+$iAj<j$r8F$S=P$;$PDLOC$,$G$-$^$9$,!"B>$NJ}$,$"$J$?$r8F$S=P$9$K$O(B $BFCDj$N%]!<%H$KBP$9$kE>Aw$r@_Dj$7$J$1$l$P$J$j$^$;$s!#(B $B>\:Y$K$D$$$F$O(B <A HREF="#Forwarders">$B%U%)%o!<%@(B ($B%]!<%HE>Aw%D!<%k(B)</A> $B$N>O$r;2>H$7$F$/$@$5$$!#(B <P> <P> <DT><B>Real Audio Player</B><DD><P>Windows $B$GF0:n$9$k!"%M%C%H%o!<%/!&%9%H%j!<%_%s%0!&(B $B%*!<%G%#%*!&%W%m%0%i%`$G$9!#(B <EM>ip_masq_raudio</EM> UDP $B%b%8%e!<%k$r;H$($P!"9bIJ0L$N:F@8$,2DG=$G$9!#(B <P> <P> <DT><B>True Speech Player 1.1b</B><DD><P>Windows $B$GF0:n$9$k%9%H%j!<%_%s%0!&%*!<%G%#%*!&%W%m%0%i%`$G$9!#(B <P> <DT><B>VDOLive</B><DD><P>Windows $B$GF0:n$7$^$9!#(B <EM>ip_masq_vdolive</EM> $B%b%8%e!<%k$r;H$($P2DG=$G$9!#(B <P>$B!ZLuCm(B: $B86J8$O(B ip_masq_vdolive patch $B$H$J$C$F$$$^$9$,!"<B:]$O(B $B%b%8%e!<%k$G$9!#![(B <P> <P> <DT><B>Worlds Chat 0.9a</B><DD><P>Windows $B$GF0:n$9$k!"%/%i%$%"%s%H!&%5!<%PJ}<0$N(B 3D $B%A%c%C%H%W%m%0%i%`$G$9!#(B </DL> <P> <A NAME="Game-Clients"></A> <P> <P>$B%M%C%H%o!<%/BP1~%2!<%`$NN`(B - LooseUDP $B%Q%C%A$K$D$$$F$N>\:Y$O(B <A HREF="#LooseUDP">LooseUDP</A> $B$N>O$r;2>H$7$F$/$@$5$$!#(B <P> <P> <DL> <DT><B>Battle.net</B><DD><P>$B%2!<%`%^%7%s$KBP$7$F!"(B TCP $B%]!<%H(B 116 $B$H(B 118$B!"(B $B99$K(B UDP $B%]!<%H(B 6112 $B$r(B IPPORTFW $B$K$FM-8z$K$9$k$3$H$GF0:n$7$^$9!#(B $B>\:Y$O(B <A HREF="#Forwarders">$B%U%)%o!<%@(B ($B%]!<%HE>Aw%D!<%k(B)</A> $B$N>O$r;2>H$7$F$/$@$5$$!#(B FSGS $B$H(B Bnetd $B%5!<%P$O$^$@(B NAT $B4D6-$G$&$^$/F0$/$h$&$K=q$-D>$5$l$F(B $B$$$^$;$s$N$G!"(B IPPORTFW $B$,I,MW$H$J$k$3$H$KCm0U$7$F$/$@$5$$!#(B <P> <P>$B!ZLuCm(B: FSGS (Free Standard Game Server) $B$O!"%V%j%6!<%I<R@=$N(B $B%2!<%`%=%U%H$r%M%C%H%o!<%/BP@o;~$K;HMQ$9$k(B battle.net $B$r<g:E$9$k(B $B%5!<%P%=%U%H%&%'%"$G$9!#(B $B>\:Y$O!"(B <A HREF="http://www.fsgs.com/">Net-Games ...are you ready to play?</A> $B5Z$S(B <A HREF="http://b-ring.acc.ne.jp/">B-Ring</A> $B$r;2>H$7$F$/$@$5$$!#(B $B$J$*!"Lu<T$,3NG'$7$?8B$j$G$O!"(B B-Ring web $B%5%$%H$N%H%C%W%Z!<%8$K(B $B%"%/%;%9$9$k$K$O!"(B ipchains $B$G(B tcp $B%]!<%H(B 11000 $BHV$r(B REJECT $B$K(B $B@_Dj$7$J$1$l$P$J$j$^$;$s$G$7$?!#(B bnetd $B$O!"(B Starcraft Battle.net server $B$N%(%_%e%l!<%?$G!"(B GPL $B$K=>$C$?%=!<%9$,<+M3$KF~<j$G$-$k$@$1$G$J$/!"(B Linux, Irix $B$N(B $B%P%$%J%j$bG[I[$5$l$F$$$^$9!#(B $B>\:Y$O!"(B <A HREF="http://www.bnetd.org/">http://www.bnetd.org/</A> $BEy$r;2>H$7$F$/$@$5$$!#![(B <P> <P> <DT><B>BattleZone 1.4</B><DD><P>LooseUDP $B%Q%C%A5Z$S(B NAT $B4D6-$G$b$&$^$/F0$/(B <A HREF="http://us4.alink.activision.com/tmp/nat/">.DLLs from Activision</A> $B$,I,MW$G$9!#(B <P> <DT><B>Dark Reign 1.4</B><DD><P>LooseUDP $B%Q%C%A$rE,MQ$9$k$+!"$^$?$O(B $B%2!<%`%^%7%s$KBP$7$F(BTCP $B%]!<%H(B 116$B$H(B118 $B!"99$K(B UDP $B%]!<%H(B 6112 $B$K(B $BBP$7$F(B IPPORTFW $B$rM-8z$K$9$k$3$H$,I,MW$G$9!#(B $B>\:Y$K$D$$$F$O(B <A HREF="#Forwarders">$B%U%)%o!<%@(B ($B%]!<%HE>Aw%D!<%k(B)</A> $B$r;2>H$7$F$/$@$5$$!#(B <P> <P> <DT><B>Diablo</B><DD><P>LooseUDP $B%Q%C%A$^$?$O(B $B%2!<%`%^%7%s$KBP$7$F(B TCP $B%]!<%H(B 116$B$H(B118$B!"99$K(B UDP $B%]!<%H(B 6112 $B$KBP$7$F(B IPPORTFW $B$r(B $BM-8z$K$9$k$3$H$,I,MW$G$9!#(B $B?7$7$$%P!<%8%g%s$G$O(B TCP $B%]!<%H(B 6112 $B$H(B UDP $B%]!<%H(B 6112 $B$@$1$,(B $B;H$o$l$F$$$^$9!#(B $B>\:Y$K$D$$$F$O!"(B <A HREF="#Forwarders">$B%U%)%o!<%@(B ($B%]!<%HE>Aw%D!<%k(B)</A> $B$N>O$r;2>H$7$F$/$@$5$$!#(B <P> <P> <DT><B>Heavy Gear 2</B><DD><P>LooseUDP $B%Q%C%A$^$?$O(B $B%2!<%`%^%7%s$KBP$7$F(B TCP $B%]!<%H(B 116$B$H(B118$B!"99$K(B UDP $B%]!<%H(B 6112 $B$KBP$7$F(B IPPORTFW $B$r(B $BM-8z$K$9$k$3$H$,I,MW$G$9!#(B $B>\:Y$K$D$$$F$O(B <A HREF="#Forwarders">$B%U%)%o!<%@(B ($B%]!<%HE>Aw%D!<%k(B)</A> $B$r;2>H$7$F$/$@$5$$!#(B <P> <P> <DT><B>Quake I/II/III</B><DD><P>$B$=$N$^$^$G$bF0:n$7$^$9$,!"(BMASQ $B$5$l$?(B linux $B%\%C%/%9$h$jFbB&$N%M%C%H%o!<%/$KJ#?t$N(B Quake I/II/III $B%W%l%$%d!<$,(B $B5o$k>l9g$O!"(B <EM>ip_masq_quake</EM> $B$r;H$&$3$H$,I,MW$H$J$j$^$9!#(B $B$^$?!"$3$N%b%8%e!<%k$O%G%U%)%k%H$G$O(B Quake I $B$H(B QuakeWorld $B$r%5%]!<%H$9$k(B $B$h$&$K$7$+$J$C$F$$$^$;$s!#(B $B$b$7!"(BQuake II $B0J9_$d!"$"$k$$$O%G%U%)%k%H$G$O$J$$%5!<%P$N%]!<%HHV9f$r;H$&(B $BI,MW$,$"$k$J$i!"(B <A HREF="IP-Masquerade-HOWTO-3.html#rc.firewall-2.0.x">rc.firewall-2.0.x</A> $B$d(B <A HREF="IP-Masquerade-HOWTO-3.html#rc.firewall-2.2.x">rc.firewall-2.2.x</A> $B%k!<%k%;%C%H$N%b%8%e!<%k$NAH$_9~$_$N>O$r(B $B;2>H$7$F$/$@$5$$!#(B <P> <P> <DT><B>StarCraft</B><DD><P>LooseUDP $B%Q%C%A$H(B $BFbIt$N%2!<%`%^%7%s$KBP$9$k(B TCP $B$H(B UDP $B%]!<%H(B 6112 $B$r(B IPPORTFW $B$7$F$d$kI,MW$,$"$j$^$9!#(B $B>\:Y$K$D$$$F$O!"(B <A HREF="#Forwarders">$B%U%)%o!<%@(B ($B%]!<%HE>Aw%D!<%k(B)</A> $B$r;2>H$7$F$/$@$5$$!#(B <P> <P> <DT><B>WorldCraft</B><DD><P>LooseUDP $B%Q%C%A$r;H$($PF0:n$7$^$9!#(B </DL> <P> <P> <P>$B$=$NB>$N%/%i%$%"%s%H(B - <P> <P> <DL> <DT><B>Linux net-acct $B%Q%C%1!<%8(B</B><DD><P>Linux$B$GF0:n$9$k%M%C%H%o!<%/4IM}%"%+%&%s%H!&%Q%C%1!<%8(B <P> <DT><B>NCSA Telnet 2.3.08</B><DD><P>DOS$B$GF0:n$9$k(B telnet, ftp, ping $B$J$I$r4^$`%=%U%H%&%(%"%;%C%H(B <P> <DT><B>PC-anywhere for Windows </B><DD><P>MS-Windows $B$GF0:n$9$k!"(BTCP/IP $B%W%m%H%3%k$r(B $BDL$8$F!"1s3VCO$K$"$k(B PC $B$rA`:n$9$k$?$a$N%W%m%0%i%`!#(B $B%/%i%$%"%s%H$G$O$J$/%[%9%H$H$7$FF0:n$5$;$k>l9g$O!"FCJL$J%]!<%H!&(B $B%U%)%o!<%G%#%s%0@_Dj$,$J$1$l$PF0:n$7$^$;$s!#(B $B>\:Y$K$D$$$F$O!"(B <A HREF="#Forwarders">$B%U%)%o!<%@(B ($B%]!<%HE>Aw%D!<%k(B)</A> $B$N>O$r;2>H$7$F$/$@$5$$!#(B <P> <P> <P> <P> <DT><B>Socket Watch</B><DD><P>NTP($B%M%C%H%o!<%/7PM3$N;~9o@)8f%W%m%H%3%k(B)$B$r$D$+$C$F$$$k(B </DL> <P> <H3>IP $B%^%9%+%l!<%I$G40A4$K$O%5%]!<%H$5$l$F$$$J$$$b$N(B -</H3> <P> <DL> <DT><B>Intel Streaming Media Viewer Beta 1</B><DD><P>$B%5!<%P$K@\B3$G$-$J$$(B <P> <DT><B>Netscape CoolTalk</B><DD><P>$BDLOCAj<j$K@\B3$G$-$J$$(B <P> <DT><B>WebPhone</B><DD><P>$B:#$N$H$3$mF0:n$7$F$$$J$$(B($BAj<j$N;XDjJ}K!$KITE,@Z$JA0Ds$rMQ$$$F$$$k(B) <P> <P> <P> </DL> <P> <P> <H2><A NAME="ss6.4">6.4 $B$h$j6/NO$J(B IP $B%U%!%$%"%&%*!<%k(B (IPFWADM) $B%k!<%k%;%C%H(B</A> </H2> <P> <P> <A NAME="Strong-IPFWADM-Rulesets"></A> $B$3$N>O$G$O!"%+!<%M%k(B 2.0.x $B$N%U%!%$%"%&%)!<%k!&%D!<%k$G$"$k(B IPFWADM $B$r(B $B;H$&:]$N!"$h$j>\:Y$J%,%$%I$r<($7$^$9!#(B IPCHAINS $B$N%k!<%k%;%C%H$K$D$$$F$O8e=R$7$^$9!#(B <P> <P>$B$3$NNc$O!"8GDjE*$K%"%I%l%9$,M?$($i$l$k$h$&$J(B PPP $B@\B3$NGX8e$K$"$k(B $B%U%!%$%"%&%*!<%k$H%^%9%+%l!<%I$G$9(B ($BF0E*$K%"%I%l%9$,M?$($i$l$k(B PPP $B$N(B $B;HMQK!$K$D$$$F$O!"4^$^$l$F$O$$$^$9$,L58z$K$7$F$$$^$9(B)$B!#(B $B?.Mj$G$-$k%$%s%?%U%'!<%9$O(B 192.168.0.1 $B$G$"$j!"(B PPP $B%$%s%?!<%U%'!<%9$N(B $B%"%I%l%9$O!V0-$$E[$i!W$+$i<i$k$?$a$KJQ99$5$l$F$$$^$9!#(B $B=PF~$j$=$l$>$l$N%$%s%?%U%'!<%9$O$=$l$>$lJL$K%j%9%H$7$F$$$^$9$,!"$3$l$O(B $B%k!<%F%#%s%0$d%^%9%+%l!<%I$r$o$+$j$d$9$/$9$k0J30$K(BIP $B%9%W!<%U%#%s%0(B $B!ZLuCm(B: $B56Au![$d!"IT@5$J%k!<%F%#%s%0$r8!=P$7$d$9$/$9$k$?$a$N$b$N$G$b(B $B$"$j$^$9!#(B $BL@3N$K5v2D$5$l$F$$$J$$$b$N$O(B<B>$B6X;_(B</B>$B$G$9(B ($B<B:]$K$O5qH]$5$l$^$9(B)$B!#(B $B$b$7!"$"$J$?$N(B IP $B%^%9%+%l!<%I(B BOX $B$,!"$3$N(B rc.firewall $B%9%/%j%W%H$r(B $BF~$l$?$"$H$G$^$H$b$KF0$+$J$/$J$C$?$H$7$?$i!"(B /var/log/messages $B$"$k$$$O(B /var/adm/messages $B$K$"$k(B SYSLOG $B%U%!%$%k$K2?$+%U%!%$%"%&%*!<%k4X78$N(B $B%(%i!<$,$J$$$+3NG'$7$F!"@_Dj$,4V0c$C$F$$$J$$$+$r3N$+$a$F$/$@$5$$!#(B <P> <P>PPP$B$d%1!<%V%k%b%G%`$J$I$r;H$C$?!"(BIPFWADM $B$K$h$k$b$C$H6/8G$J(B IP $B%^%9%+%l!<%I$N<BMQE*$JNc$K$D$$$F$O(B <A HREF="http://www.ecst.csuchico.edu/~dranch/LINUX/index-linux.html#TrinityOS">TrinityOS - Section 10</A> $B$d(B <A HREF="http://www.greatcircle.com/">GreatCircle's Firewall WWW page</A> $B$r;2>H$7$F$/$@$5$$!#(B <P><B>$BCm0U(B - </B> $B$b$7!"(B TCP/IP $B%"%I%l%9$,(B PPP, ADSL, $B%1!<%V%k%b%G%`$J$I$r(B $B7PM3$7$F(B ISP $B$+$iF0E*$K3d$jEv$F$i$l$k>l9g$K$O!"$3$N6/8G$J%k!<%k%;%C%H$r(B <B>$B5/F0;~$K@_Dj$9$k$3$H$O$G$-$^$;$s(B</B>$B!#(B $B$3$N$h$&$J>l9g$K$O!"(B IP $B%"%I%l%9$,3d$jEv$F$i$l$kEY$K$3$N(B $B%U%!%$%"%&%*!<%k!&%k!<%k%;%C%H$r:FEYFI$_9~$^$;$k$+!"$"$k$$$O(B /ec/rc.d/rc.firewall $B%k!<%k%;%C%H$r$b$C$H%$%s%F%j%8%'%s%H$K:n$kI,MW$,(B $B$"$j$^$9!#(B PPP$B%f!<%6$,$3$N%k!<%k%;%C%H$rE,MQ$9$k>l9g$K$O!"0J9_$K<($9(B "Dynamic PPP IP fetch" $B$H=q$+$l$?ItJ,$N%3%a%s%H$rCm0U?<$/E,@Z$K(B $B30$7$F$/$@$5$$!#(B $B$^$?!"6/8G$J%k!<%k%;%C%H5Z$SF0E*$K3d$jEv$F$i$l$k(B IP $B%"%I%l%9$K$D$$$F$N(B $B$b$C$H>\$7$$2r@b$O!"(B <A HREF="http://www.ecst.csuchico.edu/~dranch/LINUX/index-linux.html#TrinityOS">TrinityOS - 10$B>O(B</A> $B$K$"$j$^$9!#(B <P> <P><B>$B$^$?!"(BGUI $B%Y!<%9$G%U%!%$%"%&%*!<%k@_Dj$r@8@.$9$k$h$&$J%D!<%k$,(B $B$$$/$D$+B8:_$7$^$9!#(B $B>\:Y$O!"(B <A HREF="IP-Masquerade-HOWTO-7.html#FAQ">$B$h$/$"$k<ALd(B (FAQ)</A> $B$N>O$r;2>H$7$F$/$@$5$$!#(B</B> <P> <P>$B:G8e$K!"$b$7@EE*$K3d$jEv$F$i$l$k(B IP $B%"%I%l%9$r;H$C$F$$$k$J$i!"0J2<$NNc$N(B "ppp_ip="your.static.PPP.address"" $B$H$J$C$F$$$kItJ,$r$"$J$?$N(B IP $B%"%I%l%9$K=q$-49$($F$/$@$5$$!#(B <P>$B!ZLuCm(B: $B0lHLE*$J%W%m%P%$%@7PM3$N(B PPP $B@\B3$N>l9g!"%W%m%P%$%@B&$+$i(B IP $B%"%I%l%9$,F0E*$K3d$jEv$F$i$l$^$9$N$G!"KX$I$N8D?M%f!<%6$O$3$N9T$K(B IP $B%"%I%l%9$r=q$-F~$l$kI,MW$O$"$j$^$;$s!#![(B <P> <P>---------------------------------------------------------------- <P> <A NAME="stronger-rc.firewall-2.0.x"></A> <P> <P> <PRE> #!/bin/sh # # /etc/rc.d/rc.firewall: IPFWADM $B$r;H$C$?$d$d6/8G$J%U%!%$%"%&%*!<%k!&%k!<%k%;%C%H(B # PATH=/sbin:/bin:/usr/sbin:/usr/bin # $B%F%9%HMQ(B - $B$7$P$i$/BT5!$7$F$+$i$9$Y$F$N%U%!%$%"%&%*!<%k%k!<%k$r%/%j%"$9$k!#(B # 10$BJ,8e$K$9$Y$F$N@_Dj$r0lC62r=|$9$kI,MW$,$"$k$J$i!"0J2<$N%3%a%s%H$r2r=|$7$F$/$@$5$$!#(B # (sleep 600; \ # ipfwadm -I -f; \ # ipfwadm -I -p accept; \ # ipfwadm -O -f; \ # ipfwadm -O -p accept; \ # ipfwadm -F -f; \ # ipfwadm -F -p accept; \ # ) & # $BI,MW$J$9$Y$F$N(B IP $B%^%9%+%l!<%I%b%8%e!<%k$r%m!<%I$9$k(B # # $BCm0U(B - $BI,MW$J(B IP $B%^%9%+%l!<%I%b%8%e!<%k$@$1$r%m!<%I$7$^$9!#$9$Y$F$N(BIP $B%^%9%+%l!<%I(B # $B%b%8%e!<%k$,0J2<$K5-=R$5$l$F$$$^$9$,!"%m!<%I$5$l$J$$$h$&$K%3%a%s%H$H$J$C$F(B # $B$$$^$9!#(B # $B%b%8%e!<%k$r:G=i$K%m!<%I$9$k;~$K$^$:I,MW(B # /sbin/depmod -a # PORT $BJ}<0$r;H$C$F(BFTP $B%U%!%$%kE>Aw$K$*$1$kE,@Z$J(B IP $B%^%9%+%l!<%I$rDs6!$7$^$9(B # /sbin/modprobe ip_masq_ftp # UDP $B%W%m%H%3%k$r7PM3$7$?!"(BRealAudio $B$N%^%9%+%l!<%I$rDs6!$7$^$9!#$3$N%b%8%e!<%k$,$J$/$F$b(B # RealAudio $B$O(B TCP $B%b!<%I$GF0:n$7$^$9$,!"2;<A$ODc2<$7$^$9!#(B # #/sbin/modprobe ip_masq_raudio # IRC DCC $B%U%!%$%kE>Aw$N%^%9%+%l!<%I$rDs6!$7$^$9(B # #/sbin/modprobe ip_masq_irc # $B0J2<$N;XDj$K$h$C$F(B Quake $B$H(B QuakeWorld $B$r%G%U%)%k%H$GDs6!$7$^$9!#(B # $B$3$N%b%8%e!<%k$O(B Linux $B$N(B $B%^%9%+%l!<%I%5!<%P$+$iFbB&$N%f!<%6$,(B # $BJ#?tB8:_$9$k>l9g$N$?$a$N$b$N$G$9!#(B # $B$b$7!"(BQuake I, II, $B$"$k$$$O(B III $B$r;H$$$?$$$J$i$P!"#2HVL\$NNc$r(B # $B;H$C$F$/$@$5$$!#(B # # $BCm0U(B - $B$b$7!"(BQUAKE $B%b%8%e!<%k$N%m!<%I;~$K%(%i!<$,=P$?>l9g$O!"8E$$%P%0$N$"$k%+!<%M%k$,F0$$$F$$$^$9!#(B # ----- $B$=$N>l9g$O$h$j?7$7$$%+!<%M%k$KCV$-49$($F$/$@$5$$!#(B # #Quake I / QuakeWorld (ports 26000 and 27000) #/sbin/modprobe ip_masq_quake # #Quake I/II/III / QuakeWorld (ports 26000, 27000, 27910, 27960) #/sbin/modprobe ip_masq_quake 26000,27000,27910,27960 # CuSeeme $B%S%G%*2q5D%=%U%H%&%(%"$KBP$9$k%^%9%+%l!<%I$rDs6!(B # #/sbin/modprobe ip_masq_cuseeme # VDO-Live $B%S%G%*2q5D%=%U%H%&%(%"$KBP$9$k%^%9%+%l!<%I$rDs6!(B # #/sbin/modprobe ip_masq_vdolive #$BHs>o$K=EMW(B - IP $B%U%)%o!<%G%#%s%0$O%G%U%)%k%H$G$OL58z$K$J$C$F$$$k$N$G!"M-8z$K$7$^$9!#(B # # Redhat $B%f!<%6$N>l9g$O!"(B/etc/sysconfig/network $B$N%*%W%7%g%s;XDj9T$r(B # # FORWARD_IPV4=false # $B$+$i(B # FORWARD_IPV4=true # $B$KJQ99$7$F$/$@$5$$!#(B # echo "1" > /proc/sys/net/ipv4/ip_forward #$BHs>o$K=EMW(B - 2.2.x $B%+!<%M%k$G$O(B IP $B%G%U%i%0%a%s%F!<%7%g%s$N%5%]!<%H$O%G%U%)%k%H$G$OL58z$G$9!#(B # # $B%3%s%Q%$%k;~$N;XDj$K$h$k$b$N$G$9$,!"(B2.2.12 $B%+!<%M%k0J9_$OJQ99$5$l$F$$$^$9!#(B # echo "1" > /proc/sys/net/ipv4/ip_always_defrag # $BF0E*$K3d$jEv$F$i$l$k(B IP $B%"%I%l%9$r;HMQ$9$k%f!<%68~$1(B - # # IP $B%"%I%l%9$r(B SLIP, PPP, DHCP $B$J$I$+$iF0E*$K<hF@$9$k>l9g$O!"<!$N%*%W%7%g%s$rM-8z$K$7$F$/$@$5$$!#(B # $B$3$N%*%W%7%g%s$O!"(BIP $B%^%9%+%l!<%I$GF0E*(B IP $B%"%I%l%9$NA`:n$r5v2D$7!"(BDiald$B$dF1MM$J%W%m%0%i%`$N(B # $B;HMQ$r$h$jMF0W$K$9$k$b$N$G$9!#(B # #echo "1" > /proc/sys/net/ipv4/ip_dynaddr # $B$"$J$?$N@EE*$J(B IP $B%"%I%l%9$r0J2<$K;XDj$7$^$9(B # # $BF0E*$K3d$jEv$F$i$l$k(B IP $B%"%I%l%9$r;HMQ$9$k$J$i!"?7$7$$(B IP $B%"%I%l%9$,3d$jEv$F$i$l$k$?$S$KE,MQ(B # $B$9$k$h$&$K!"%k!<%k%;%C%H$r=q$-49$($J$1$l$P$J$j$^$;$s!#$=$N$?$a$K$O!"!"0J2<$N$h$&$J0l9T$N%9%/%j%W%H$r(B # $BM-8z$K$9$kI,MW$,$"$j$^$9!#!J%9%/%j%W%HNcFb$N0l=E0zMQId$HFs=E0zMQId$N0c$$$O0UL#$r;}$A$^$9$N$GCm0U!K(B # # # DHCP $B$rMxMQ$9$k>l9g(B - # --------------------- # TCP/IP $B%"%I%l%9$r(B DHCP $B$+$i<hF@$9$k>l9g$O!"(B ppp $B%;%/%7%g%s$N2<$K$"$k!"(B # "#" $B$G%3%a%s%H%"%&%H$5$l$?ItJ,$rM-8z$K$7!"(B"ppp0" $B$H$"$kItJ,$r!"(B # $B%$%s%?!<%M%C%H@\B3MQ$N%$%s%?%U%'!<%9$NL>A0$KCV$-49$($J$1$l$P(B # $B$J$j$^$;$s(B ($BNc$($P!"(B eth0 $B$d(B eth1 $BEy(B) $B!#(B # DHCP $B$O3d$jEv$F$?(B IP $B%"%I%l%9$r?o;~JQ99$9$k$3$H$KCm0U$7$F$/$@$5$$!#(B # $B$3$NJQ99$r@5$7$/H?1G$5$;$k$K$O!"(B DHCP $B%j!<%9$,99?7$5$l$kEYKh$K!"(B # DHCP $B%/%i%$%"%s%H$r:FEY<B9T$7$F%U%!%$%"%&%)!<%k%k!<%k%;%C%H$rH?1G(B # $B$5$;$J$1$l$P$J$j$^$;$s!#(B # # $BCm0U(B #1 - $B5l%P!<%8%g%s$N(B "pump" $B$N$h$&$J(B ($B?7$7$$%P!<%8%g%s$G$O(B # $BLdBjE@$O=$@5$5$l$F$$$^$9(B) DHCP $B%/%i%$%"%s%H$K$h$C$F$O!"(B # IP $B%"%I%l%9%j!<%999?78e$K%9%/%j%W%H$r<B9T$9$k$3$H$,(B # $B$G$-$J$$$b$N$,$"$j$^$9!#(B # $B$=$N>l9g$O!"(B"dhcpcd" $B$+(B "dhclient" $B$KCV$-49$($J$1$l$P(B # $B$J$j$^$;$s!#(B # # $BCm0U(B #2 - $B:G6a$N%P!<%8%g%s$N(B "dhcpcd" $B$G$O!"%3%^%s%IJ8K!$,JQ$o$C$F(B # $B$$$^$9!#(B # # $B5l%P!<%8%g%s$G$N;XDjJ}K!$O!"<!$N$h$&$J$b$N$G$7$?(B - # dhcpcd -c /etc/rc.d/rc.firewall eth0 # # $B?7$7$$%P!<%8%g%s$G$O<!$N$h$&$K;XDj$7$^$9(B - # dhcpcd eth0 /etc/rc.d/rc.firewall # # $BCm0U(B #3 - Pump $B$r;H$&>l9g!"(B /etc/pump.conf $B%U%!%$%k$K<!$N5-=R$r(B # $BDI2C$7$F$/$@$5$$(B - # # script /etc/rc.d/rc.firewall # # # PPP $B$rMxMQ$9$k>l9g(B - # -------------------- # $B$*5$$E$-$G$O$J$$$+$b$7$l$^$;$s$,!"(BPPP $B@\B3$,3NN)$9$kEYKh$K!"(B # /etc/ppp/ip-up $B%9%/%j%W%H$,F0:n$7$^$9!#(B # $B$3$l$rMxMQ$7$F!"?7$7$$(B IP $B%"%I%l%9$N<hF@$H6/8G$J%U%!%$%"%&%)!<%k!&(B # $B%k!<%k%;%C%H$N:F@_Dj$r9T$$$^$9!#(B # # $B$b$7!"(B/etc/ppp/ip-up $B$,$9$G$KB8:_$7$F$$$k$J$i!"$=$l$rJT=8$7$F(B"/etc/rc.d/rc.firewall" # $B$H$$$&5-=R$r:G8e$N$"$?$j$KDI2C$9$k$h$&$K$7$F$/$@$5$$!#(B # # $B$b$7!"(B/etc/ppp/ip-up $B%9%/%j%W%H$,B8:_$7$J$+$C$?$J$i!"(B/etc/rc.d/rc.firewall $B%9%/%j%W%H(B # $B$r<B9T$9$k$?$a$N<!$N$h$&$J%j%s%/$r:n@.$9$kI,MW$,$"$j$^$9!#(B # # ln -s /etc/rc.d/rc.firewall /etc/ppp/ip-up # # * $BB3$$$F!"0J2<$N%3%a%s%H%"%&%H$5$l$?%7%'%k%3%^%s%I$rI,MW$K1~$8$FM-8z$K$7$F$/$@$5$$(B * # # # # PPP $B5Z$S(B DHCP $B$rMxMQ$9$k>l9g(B - # -------------------------------- # $B<!$N9T$N(B "#" $B$r:o=|$7$F!"$=$N<!$N9T$N@hF,$K(B "#" $B$rF~$l$F$/$@$5$$!#(B # #ppp_ip="`/sbin/ifconfig ppp0 | grep 'inet addr' | awk '{print $2}' | sed -e 's/.*://'`" # ppp_ip="your.static.PPP.address" # $B%^%9%+%l!<%I$N%?%$%`%"%&%H(B # # 2 $B;~4V(B= TCP $B%;%C%7%g%s(B # 10 $BIC!!(B= TCP/IP $B$N(B "FIN" $B%Q%1%C%H$,<u?.$5$l$?$"$H$N%H%i%U%#%C%/(B # 60 $BIC!!(B= UDP $B%H%i%U%#%C%/(B ($B%^%9%+%l!<%I$5$l$?4D6-$G$N(B ICQ $B%f!<%6$O!"(B # ICQ $B%/%i%$%"%s%H$N@_Dj$G!"%U%!%$%"%&%)!<%k%?%$%`%"%&%HCM$r(B # 30$BIC$K;XDj$7$J$1$l$P$J$j$^$;$s(B) # /sbin/ipfwadm -M -s 7200 10 60 ############################################################################# # $BE~Ce%Q%1%C%H$K$D$$$F!"4{B8$N%k!<%k$rGK4~$7!"=i4|%]%j%7!<$r(B # $B5q@d!ZLuCm(B: reject$B![$K@_Dj!#<B:]$O!"5q@d$7$F%m%0$K5-O?$9$k(B # $B:G=*%k!<%k$rMQ0U$9$k$N$G!"$3$N%]%j%7!<$OF0:n$K$OL54X78$K$J$k!#(B # $B!ZLuCm(B: $B%k!<%k$r(B reject $B$K$9$k$H!"%k!<%k$K9gCW$7$?%Q%1%C%H$rGK4~$7$F!"(B # "destination-unreachable" ($BL\E*CO$KE~C#$7$J$$(B) $B$H$$$&(B ICMP $B%Q%1%C%H$r(B # $BAj<jB&(B ($BAw?.85%"%I%l%9$N%^%7%s(B) $B$KH/?.$7$^$9!#(B # deny $B$K$9$k$H!"(B"destination-unreachable" $B%Q%1%C%H$b=P$5$:$K!"<u?.$7$?(B # $B%Q%1%C%H$rC1$KGK4~$7$^$9!#(B # /sbin/ipfwadm -I -f /sbin/ipfwadm -I -p reject # $B%m!<%+%k%^%7%sB&$+$i%m!<%+%k%$%s%?%U%'!<%9$KF~$k%Q%1%C%H$O!"$I$3$K(B # $B8~$+$&$b$N$bM-8z$H$9$k!#(B # /sbin/ipfwadm -I -a accept -V 192.168.0.1 -S 192.168.0.0/24 -D 0.0.0.0/0 # $B%j%b!<%H%$%s%?%U%'!<%9B&$+$iF~$C$FMh$k(B IP $B%9%W!<%U%#%s%0!ZLuCm(B: IP $B56Au![(B # $B%Q%1%C%H$dLB;R%Q%1%C%H$O!"K\Mh$J$i%m!<%+%k%^%7%s$+$i$G$"$k$Y$-$b$N$J$N$G!"(B # $B5q@d$9$k!#(B # /sbin/ipfwadm -I -a reject -V $ppp_ip -S 192.168.0.0/24 -D 0.0.0.0/0 -o # $B%j%b!<%H%$%s%?!<%U%'!<%9$+$iF~$k!"08@h%"%I%l%9$,(B PPP $B%"%I%l%9$N%Q%1%C%H$O!"(B # $B$I$NH/?.85%"%I%l%9$+$i$N$b$N$bM-8z$H$9$k!#(B # $B!ZLuCm(B: $B0J2<$N%3%^%s%I$NA0$K!"(B # /sbin/ipfwadm -I -a deny -V $ppp_ip -S 0.0.0.0/0 -y -D $ppp_ip/32 -o # $B$,$"$k$+!"0?$O0J2<$N%3%^%s%I$,(B # /sbin/ipfwadm -I -a accept -V $ppp_ip -S 0.0.0.0/0 -k -D $ppp_ip/32 # $B$H$J$C$F$$$kJ}$,$h$j9%$^$7$$$H;W$$$^$9!#![(B # /sbin/ipfwadm -I -a accept -V $ppp_ip -S 0.0.0.0/0 -D $ppp_ip/32 # $B%k!<%W%P%C%/%$%s%?%U%'!<%9$rM-8z$H$9$k(B # /sbin/ipfwadm -I -a accept -V 127.0.0.1 -S 0.0.0.0/0 -D 0.0.0.0/0 # $B:G=*%k!<%k!#$=$NB>$NE~Ce%Q%1%C%H$O5q@d$5$l!"%m%0$K5-O?$5$l$k!#%]%j%7!<$K$O(B # $B%m%05-O?$N$?$a$N%*%W%7%g%s$,$J$$$?$a!"$3$l$,$=$NLr3d$rBe$o$j$K2L$?$9$3$H$K(B # $B$J$k!#(B # /sbin/ipfwadm -I -a reject -S 0.0.0.0/0 -D 0.0.0.0/0 -o ############################################################################# # $BAw=P%Q%1%C%H$K$D$$$F!"4{B8$N%k!<%k$rGK4~$7!"=i4|%]%j%7!<$r(B # $B5q@d!ZLuCm(B: reject$B![$K@_Dj!#<B:]$O!"5q@d$7$F%m%0$K5-O?$9$k:G=*%k!<%k$r(B # $BMQ0U$9$k$N$G!"$3$N%]%j%7!<$OF0:n$K$OL54X78$K$J$k!#(B # /sbin/ipfwadm -O -f /sbin/ipfwadm -O -p reject # $B%m!<%+%k%$%s%?%U%'!<%9$+$i=PNO$5$l$k!"%m!<%+%k%M%C%H$X8~$+$&%Q%1%C%H$O(B # $B$I$3$+$i$N$b$N$bM-8z$H$9$k!#(B # /sbin/ipfwadm -O -a accept -V 192.168.0.1 -S 0.0.0.0/0 -D 192.168.0.0/24 # $B%j%b!<%H%$%s%?%U%'!<%9>e$G%m!<%+%k%M%C%H$XAw=P$5$l$k%Q%1%C%H$O!"(B # $B56Au%k!<%F%#%s%0$J$N$G!"5q@d$9$k!#(B # /sbin/ipfwadm -O -a reject -V $ppp_ip -S 0.0.0.0/0 -D 192.168.0.0/24 -o # $B%j%b!<%H%$%s%?%U%'!<%9>e$G%m!<%+%k%M%C%H$+$iAw=P$5$l$k%Q%1%C%H$O!"(B # $B$"$jF@$J$$%^%9%+%l!<%G%#%s%0$J$N$G!"5q@d$9$k!#(B # /sbin/ipfwadm -O -a reject -V $ppp_ip -S 192.168.0.0/24 -D 0.0.0.0/0 -o # $B%j%b!<%H%$%s%?%U%'!<%9>e$G%m!<%+%k%M%C%H$+$iAw=P$5$l$k%Q%1%C%H$O!"(B # $B$"$jF@$J$$%^%9%+%l!<%G%#%s%0$J$N$G!"5q@d$9$k!#(B # /sbin/ipfwadm -O -a reject -V $ppp_ip -S 0.0.0.0/0 -D 192.168.0.0/24 -o # $B!ZLuCm(B: $B>e5-%k!<%k$O(B2$B$D>e$N$b$N$HA4$/F1$8$G$9$N$G!"L@$i$+$K4V0c$$$H(B # $B;W$o$l$^$9!#![(B # $B%j%b!<%H%$%s%?%U%'!<%9$+$i$N$=$l0J30$NAw=P%Q%1%C%H$OM-8z(B # /sbin/ipfwadm -O -a accept -V $ppp_ip -S $ppp_ip/32 -D 0.0.0.0/0 # $B%k!<%W%P%C%/%$%s%?%U%'!<%9$rM-8z$K$9$k(B # /sbin/ipfwadm -O -a accept -V 127.0.0.1 -S 0.0.0.0/0 -D 0.0.0.0/0 # $B:G=*%k!<%k!#$=$NB>$NAw=P%Q%1%C%H$O5q@d$5$l!"%m%0$K5-O?$5$l$k!#(B # $B%]%j%7!<$K$O%m%05-O?$N$?$a$N%*%W%7%g%s$O$J$$$?$a!"$3$l$,$=$NLr3d$r(B # $BBe$o$j$K2L$?$9$3$H$K$J$k!#(B # /sbin/ipfwadm -O -a reject -S 0.0.0.0/0 -D 0.0.0.0/0 -o ############################################################################# # $BE>Aw%Q%1%C%H$K$D$$$F!"4{B8$N%k!<%k$rGK4~$7!"=i4|%]%j%7!<$r(B # $BH]Dj!ZLuCm(B: deny$B![$K@_Dj!#<B:]$O!"H]Dj$7$F%m%0$K5-O?$9$k:G=*%k!<%k$r(B # $BMQ0U$9$k$N$G!"$3$N%]%j%7!<$OF0:n$K$OL54X78$K$J$k!#(B # /sbin/ipfwadm -F -f /sbin/ipfwadm -F -p deny # $B%m!<%+%k%$%s%?%U%'!<%9>e$N%m!<%+%k%M%C%H$+$i$=$NB>$N08@h$X$N%Q%1%C%H$r(B # $B%^%9%+%l!<%I$9$k!#(B # # /sbin/ipfwadm -F -a masquerade -W ppp0 -S 192.168.0.0/24 -D 0.0.0.0/0 # # $B:G=*%k!<%k!#$=$NB>$NE>Aw%Q%1%C%H$O5q@d$5$l!"%m%0$K5-O?$5$l$k!#(B # $B%]%j%7!<$K$O%m%05-O?$N$?$a$N%*%W%7%g%s$O$J$$$?$a!"$3$l$,$=$NLr3d$r(B # $BBe$o$j$K2L$?$9$3$H$K$J$k!#(B # /sbin/ipfwadm -F -a reject -S 0.0.0.0/0 -D 0.0.0.0/0 -o #$B%U%!%$%k=*$o$j!#(B </PRE> <P> <P> <P>IPFWADM $B$G$O!"(B -I, -O $B$"$k$$$O(B -F $B%k!<%k$K$h$C$F!"FCDj$N%5%$%H$X$N(B $B%H%i%U%#%C%/$rAK;_$9$k$3$H$,$G$-$^$9!#(B $B$3$N%k!<%k$O:G=i$+$i:G8e$X$H=g$KE,MQ$5$l$F$$$-$^$9!#(B $B$^$?!"(B IPFWADM $B$N(B "-a"$B%*%W%7%g%s$O!"4{B8$N%k!<%k72$KBP$7$F?7$7$$(B $B%k!<%k$r!VDI2C!W$9$k$b$N$@$H$$$&$3$H$KCm0U$7$F$/$@$5$$!#(B $B$3$l$KN10U$9$k$H!"A4BN$N%k!<%k$r;XDj$9$kA0$K!"B>$N8DJL$N@)8B$,I,MW$H(B $B$J$C$F$-$^$9!#(B $B$?$H$($P!"<!$N$h$&$J$b$N$G$9(B - <P> <P>-I ($BE~Ce(B)$B%k!<%k(B - <P>-I (input) $B%k!<%k$r;H$&(B - <P>$B!ZLuCm(B: $BA4$F$N%$%s%?!<%U%'!<%9$KE~Ce$9$k%Q%1%C%H$,DL2a$9$k%k!<%k$G$9!#(B $B8DJL$N%$%s%?!<%U%'!<%9$N;XDj$O!"(B -V $B%*%W%7%g%sKt$O(B -W $B%*%W%7%g%s$G(B $B;XDj$7$^$9!#![(B <P>$B$3$l$O$*$=$i$/%H%i%U%#%C%/$r%V%m%C%/$9$k0Y$N!":G$b<j$C<h$jAa$/$F(B $B8zN($NNI$$J}K!$G$9$,!"%^%9%+%l!<%I$5$l$?%^%7%s$KBP$7$F$N$_AK;_$G$-!"(B $B%U%!%$%"%&%)!<%k%^%7%s<+?H$X$N%H%i%U%#%C%/$OAK;_$G$-$^$;$s!#(B $B$b$A$m$s!"$3$NAH$_9g$o$;$r5v2D$7$?$$$H$$$&$3$H$b$"$k$G$7$g$&$,!#(B <P> <P> <P>$B$5$F!"(B 204.50.10.13 $B$H$$$&%"%I%l%9$X$N%H%i%U%#%C%/$rAK;_$9$k>l9g(B - <P> <P> <P>/etc/rc.d/rc.firewall $B%k!<%k%;%C%H$NCf$N(B <P>/etc/rc.d/rc.firewall $B$N%k!<%k%;%C%H$NCf(B - <P> <PRE> ... -I $B%k!<%k$N$O$8$^$j(B ... # $B%m!<%+%k%$%s%?%U%'!<%9>e$G!"(B 204.50.10.13 $B$H$$$&%^%7%s$X$N%Q%1%C%H$r(B # $B5q@d$7$F%m%0$r<h$k!#(B # /sbin/ipfwadm -I -a reject -V 192.168.0.1 -S 192.168.0.0/24 -D 204.50.10.13/32 -o #$B!!%m!<%+%k%$%s%?%U%'!<%9>e$G!"$"$i$f$k%m!<%+%k%^%7%s$+$iH/$;$i$l$k(B # $B%Q%1%C%H$O!"$I$3$X8~$+$&$b$N$bM-8z$H$9$k!#(B # /sbin/ipfwadm -I -a accept -V 192.168.0.1 -S 192.168.0.0/24 -D 0.0.0.0/0 ... -I $B%k!<%k$N=*$o$j(B ... </PRE> <P> <P>-o ($BAw=P(B)$B%k!<%k(B - <P>-O (output) $B%k!<%k$r;H$&(B - <P>$B!ZLuCm(B: $BA4$F$N%$%s%?!<%U%'!<%9$+$iAw=P$5$l$k%Q%1%C%H$,DL2a$9$k%k!<%k$G$9!#(B $B8DJL$N%$%s%?!<%U%'!<%9$N;XDj$O!"(B -V $B%*%W%7%g%sKt$O(B -W $B%*%W%7%g%s$G(B $B;XDj$7$^$9!#![(B <P> <P>$B$3$l$O%H%i%U%#%C%/$r%V%m%C%/$9$k$K$OCY$$J}K!$G$9!#(B $B2?8N$J$i$P!"%Q%1%C%H$OGK4~$5$l$k$h$j0JA0$K%^%9%+%l!<%I$rDL$C$F$7$^$&(B $B$+$i$G$9!#(B $B$7$+$7$J$,$i$3$N%k!<%k$G$b!"6X;_$7$F$$$k%5%$%H$+$i$N%U%!%$%"%&%)!<%k(B $B%^%7%s$KBP$9$k%"%/%;%9$rAK;_$9$k$3$H$,$G$-$^$9!#(B <P> <P> <PRE> ... -O $B%k!<%k$N;O$^$j(B ... # 204.50.10.13 $B$K8~$1$i$l$?%Q%1%C%H$r5qH]$7$F%m%0$r:N<h$9$k(B # /sbin/ipfwadm -O -a reject -V $ppp_ip -S $ppp_ip/32 -D 204.50.10.13/32 -o # $B>e5-0J30$N%j%b!<%H%$%s%?%U%'!<%9>e$G$N$"$i$f$k%Q%1%C%H$NAw=P$O(B # $BM-8z$K$9$k!#(B # /sbin/ipfwadm -O -a accept -V $ppp_ip -S $ppp_ip/32 -D 0.0.0.0/0 ... -O $B%k!<%k$N=*$o$j(B ... </PRE> <P> <P>-F ($BE>Aw(B)$B%k!<%k$N;HMQ(B - <P>-F (forward) $B%k!<%k$r;H$&(B - <P>$B!ZLuCm(B: $BA4$F$N%$%s%?!<%U%'!<%9>e$GE>Aw$5$l$k%Q%1%C%H$,DL2a$9$k%k!<%k$G$9!#(B $B8DJL$N%$%s%?!<%U%'!<%9$N;XDj$O!"(B -V $B%*%W%7%g%sKt$O(B -W $B%*%W%7%g%s$G(B $B;XDj$7$^$9!#![(B <P> <P>$B$*$=$i$/!"%H%i%U%#%C%/$r%V%m%C%/$9$k$K$O!"(B -I (input) $B%k!<%k$h$j(B $BCY$$J}K!$G$9$,!"%^%9%+%l!<%I$5$l$?%^%7%s(B ($B$?$H$($P!"%m!<%+%k%(%j%"(B $B%M%C%H%o!<%/$N%^%7%s(B) $B$KBP$9$k%H%i%U%#%C%/$@$1$OAK;_$G$-$^$9!#(B $B%U%!%$%"%&%)!<%k%^%7%s$O6X;_$7$?$$%5%$%H$+$iE~C#2DG=$N$^$^$G$9!#(B <P> <PRE> ... -F $B%k!<%k$N3+;O(B ... # PPP $B%$%s%?%U%'!<%9>e$G$N(B 204.50.10.13 $B$K8~$1$?%Q%1%C%H$r5qH]$7$F%m%0:N<h$9$k(B # /sbin/ipfwadm -F -a reject -W ppp0 -S 192.168.0.0/24 -D 204.50.10.13/32 -o # $B%m!<%+%k%$%s%?!<%U%'!<%9B&$N%m!<%+%k%M%C%H$+$i$N%^%9%+%l!<%I$r9T$&(B # /sbin/ipfwadm -F -a masquerade -W ppp0 -S 192.168.0.0/24 -D 0.0.0.0/0 ... -F $B%k!<%k$N=*$o$j(B ... </PRE> <P>192.168.0.0/24 $B$N%^%7%s$+$i(B 204.50.11.0 $B$K8~$1$F$N%"%/%;%9$r5v$9FCJL$J%k!<%k$OITMW$G$9!#(B $B$J$<$J$i!"$=$l$i$OA4BNE*$J%^%9%+%l!<%G%#%s%0$N%k!<%k$K$h$C$F$^$+$J$o$l$F$$$k$+$i$G$9!#(B <P>$BCm0U(B - $BA0=P$NJ}K!0J30$K$b!"3F%$%s%?%U%'!<%9$r5-=R$9$kJ}K!$O$"$j$^$9!#(B $BNc$($P!"(B "-V 192.168.255.1" $B$H$$$&5-=R$NBe$o$j$K!"(B"-W eth0"$B$H$b(B $B=q$1$^$9$7!"(B "-V $ppp_ip" $B$H$$$&5-=R$NBe$o$j$K(B "-W ppp0" $B$H$b(B $B=q$1$^$9!#(B "-V" $B$r;H$&J}K!$O(B IPCHAINS $B$X0\9T$9$k>l9g$K$O;H$($^$;$s!#(B $B$7$+$7!"(B IPFWADM $B$N%f!<%6$,$I$A$i$rA*Br$9$k$+$O8D?M$N<+M3$G$"$j!"(B $BL@J82=$7$F=R$Y$k$^$G$b$J$$$3$H$G$9!#(B <P> <P> <P> <H2><A NAME="ss6.5">6.5 IPCHAINS $B$K$h$k$5$i$K6/8G$J(B IP $B%U%!%$%"%&%*!<%k!&%k!<%k%;%C%H(B</A> </H2> <P> <P> <A NAME="Strong-IPCHAINS-Rulesets"></A> <P>$B$3$N>O$G$O!"(B 2.2.x $B7O%+!<%M%k$N%U%!%$%"%&%)!<%k%D!<%k$G$"$k(B IPCHAINS $B$N(B $B>\:Y$J%,%$%I$r5-$7$^$9!#(B IPFWADM $B$K$D$$$F$OA0=P$r;2>H$7$F$/$@$5$$!#(B <P> <P>$B$3$NNc$O!"8GDjE*$J(B IP $B%"%I%l%9$r;}$D(B PPP $B@\B3$NGX8e$K$"$k(B $B%U%!%$%"%&%)!<%k$H%^%9%+%l!<%I$G$9(B ($BF0E*$K%"%I%l%9$rM?$($i$l$k(B PPP $B$N(B $BL?Na$K$D$$$F$O4^$^$l$F$O$$$^$9$,M-8z$K$O$7$F$$$^$;$s(B)$B!#(B $B?.Mj$G$-$k%$%s%?%U%'!<%9$O(B 192.168.0.1 $B$G$"$j!"(B PPP $B%$%s%?!<%U%'!<%9$N(B $B%"%I%l%9$O!V0-$$E[$i!W$+$i<i$k$?$a$K=q$-49$($F$$$^$9!#(B $B=PF~$j$=$l$>$l$N%$%s%?%U%'!<%9$OJL!9$KNs5s$7$F$$$^$9$,!"(B $B$3$l$O(B $B%k!<%F%#%s%0$d%^%9%+%l!<%I$r$o$+$j$d$9$/$9$k0J30$K(B IP $B%9%W!<%U%#%s%0$dIT@5$J%k!<%F%#%s%0$r8!=P$7$d$9$/$9$k$?$a$N$b$N$G$b(B $B$"$j$^$9!#(B $BL@3N$K5v2D$5$l$F$$$J$$$b$N$O(B<B>$B6X;_(B</B>$B$G$9(B($B<B:]$K$O5q@d$5$l$^$9(B)$B!#(B $B$b$7!"$"$J$?$N(B IP $B%^%9%+%l!<%I(B BOX $B$,!"$3$N(B rc.firewall $B%9%/%j%W%H$r(B $BF~$l$?$"$H$G$^$H$b$KF0$+$J$/$J$C$?$H$7$?$i!"(B /var/log/messages $B$"$k$$$O(B /var/adm/messages $B$K$"$k(B SYSLOG $B%U%!%$%k$K2?$+%U%!%$%"%&%*!<%k4X78$N(B $B%(%i!<$,$J$$$+3NG'$7$F!"@_Dj$,4V0c$C$F$$$J$$$+$r3N$+$a$F$/$@$5$$!#(B <P> <P>PPP$B$d%1!<%V%k%b%G%`$J$I$r;H$C$?!"(BIPCHAINS $B$K$h$k$b$C$H6/8G$J(B IP $B%^%9%+%l!<%I$N<BMQE*$JNc$K$D$$$F$O(B <A HREF="http://www.ecst.csuchico.edu/~dranch/LINUX/index-linux.html#TrinityOS">TrinityOS - Section 10</A> $B$d(B <A HREF="http://www.greatcircle.com/">GreatCircle's Firewall WWW page</A> $B$r;2>H$7$F$/$@$5$$!#(B <P> <P><B>$BCm0U(B #1 - </B>2.2.16$B0JA0$N(B Linux $B%+!<%M%k$K$O!"(B TCP $B@\B3$G%k!<%H8"8B(B $B$rC%<h$5$l$k4m81@-$,$"$j!"99$K(B 2.2.11 $B0JA0$N$b$N$K$O(B IPCHAINS $B$N(B $B%U%i%0%a%s%F!<%7%g%s$K4X$9$k%P%0$,$"$j$^$9!#(B $B$3$N$?$a!"6/8G$J(B IPCHAINS $B%k!<%k%;%C%H$r2TF/$5$;$k:]$K$O!"967b$KBP$7$F(B $BL5KIHw$G$9!#(B $B=$@5$5$l$?%P!<%8%g%s$N%+!<%M%k$r;H$C$F$/$@$5$$!#(B <P> <P><B>$BCm0U(B #2 - </B> $B$b$7!"(BTCP/IP$B%"%I%l%9$,(B PPP, ADSL, $B%1!<%V%k%b%G%`$J$I$r(B $B7PM3$7$F(B ISP $B$+$iF0E*$K3d$jEv$F$i$l$k>l9g$K$O!"$3$N6/8G$J%k!<%k%;%C%H$r(B <B>$B5/F0;~$K@_Dj$9$k$3$H$O$G$-$^$;$s(B</B>$B!#(B $B$3$N$h$&$J>l9g$K$O!"(BIP $B%"%I%l%9$,3d$jEv$F$i$l$kEY$K$3$N(B $B%U%!%$%"%&%)!<%k!&%k!<%k%;%C%H$r:FEYFI$_9~$^$;$k$+!"$"$k$$$O(B /ec/rc.d/rc.firewall $B%k!<%k%;%C%H$r$b$C$H%$%s%F%j%8%'%s%H$K:n$kI,MW$,(B $B$"$j$^$9!#(B PPP $B%f!<%6$,$3$N%k!<%k%;%C%H$rE,MQ$9$k>l9g$K$O!"8e=R$9$k(B "Dynamic PPP IP fetch" $B$H=q$+$l$?ItJ,$N%3%a%s%H$rCm0U?<$/E,@Z$K(B $B30$7$F$/$@$5$$!#(B $B$^$?!"6/8G$J%k!<%k%;%C%H5Z$SF0E*$K3d$jEv$F$i$l$k(B IP $B%"%I%l%9$K$D$$$F$N(B $B$b$C$H>\$7$$2r@b$O!"(B <A HREF="http://www.ecst.csuchico.edu/~dranch/LINUX/index-linux.html#TrinityOS">TrinityOS - Section 10</A> $B$K$"$j$^$9!#(B <P> <P><B>$B$^$?!"(BGUI $B%Y!<%9$G%U%!%$%"%&%)!<%k$N@_Dj$r@8@.$9$k$h$&$J%D!<%k$,(B $B$$$/$D$+B8:_$7$^$9!#(B $B>\:Y$O(B <A HREF="IP-Masquerade-HOWTO-7.html#FAQ">$B$h$/$"$k<ALd(B (FAQ)</A> $B$N>O$r;2>H$7$F$/$@$5$$!#(B</B> <P> <P>$B:G8e$K!"$b$7@EE*$K3d$jEv$F$i$l$k(B IP $B%"%I%l%9$r;H$C$F$$$k$J$i!"0J2<$NNc$N(B "ppp_ip="your.static.PPP.address"" $B$H$J$C$F$$$kItJ,$r$"$J$?$N(B IP $B%"%I%l%9$K=q$-49$($F$/$@$5$$!#(B ---------------------------------------------------------------- <P> <P> <A NAME="stronger-rc.firewall-2.2.x"></A> <P> <PRE> #!/bin/sh # # /etc/rc.d/rc.firewall - $B$d$d6/8G$J(B IPCHAINS $B%U%!%$%"%&%*!<%k!&%k!<%k%;%C%H(B # PATH=/sbin:/bin:/usr/sbin:/usr/bin # $BI,MW$J$9$Y$F$N(B IP $B%^%9%+%l!<%I%b%8%e!<%k$r%m!<%I$9$k(B # # $BCm0U(B - $BI,MW$J(B IP $B%^%9%+%l!<%I%b%8%e!<%k$@$1$r%m!<%I$7$^$9!#$9$Y$F$N(B IP $B%^%9%+%l!<%I%b%8%e!<%k$,(B # $B0J2<$K5-=R$5$l$F$$$^$9$,!"%m!<%I$5$l$J$$$h$&$K%3%a%s%H$H$J$C$F$$$^$9!#(B # $B%b%8%e!<%k$r:G=i$K%m!<%I$9$k;~$K$^$:I,MW(B # /sbin/depmod -a # PORT $BJ}<0$r;H$C$F(BFTP $B%U%!%$%kE>Aw$K$*$1$kE,@Z$J(B IP $B%^%9%+%l!<%I$rDs6!$7$^$9(B # /sbin/modprobe ip_masq_ftp # UDP $B%W%m%H%3%k$r7PM3$7$?!"(BRealAudio $B$N%^%9%+%l!<%I$rDs6!$7$^$9!#$3$N%b%8%e!<%k$,$J$/$F$b(B # RealAudio $B$O(B TCP $B%b!<%I$GF0:n$7$^$9$,!"2;<A$ODc2<$7$^$9!#(B # /sbin/modprobe ip_masq_raudio # IRC DCC $B%U%!%$%kE>Aw$N%^%9%+%l!<%I$rDs6!$7$^$9(B # #/sbin/modprobe ip_masq_irc # $B0J2<$N;XDj$K$h$C$F(B Quake $B$H(B QuakeWorld $B$r%G%U%)%k%H$GDs6!$7$^$9!#$3$N%b%8%e!<%k$O(B Linux # $B$N(B $B%^%9%+%l!<%I!&%\%C%/%9$+$iFbB&$NJ#?t%f!<%6$,B8:_$9$k>l9g$N$?$a$N$b$N$G$9!#(B # $B$b$7!"(BQuake I, II, $B$"$k$$$O(B III $B$r;H$$$?$$$J$i$P!"#2HVL\$NNc$r;H$C$F$/$@$5$$!#(B # # $BCm0U(B - $B$b$7!"(BQUAKE $B%b%8%e!<%k$N%m!<%I;~$K%(%i!<$,=P$?>l9g$O!"8E$$%P%0$N(B # ------ $B$"$k%+!<%M%k$,F0$$$F$$$^$9!#(B # $B$=$N>l9g$O$h$j?7$7$$%+!<%M%k$KCV$-49$($F$/$@$5$$!#(B # #Quake I / QuakeWorld (ports 26000 and 27000) #/sbin/modprobe ip_masq_quake # #Quake I/II/III / QuakeWorld (ports 26000, 27000, 27910, 27960) #/sbin/modprobe ip_masq_quake 26000,27000,27910,27960 # CuSeeme $B%S%G%*2q5D%=%U%H%&%(%"$KBP$9$k%^%9%+%l!<%I$rDs6!(B # #/sbin/modprobe ip_masq_cuseeme # VDO-Live $B%S%G%*2q5D%=%U%H%&%(%"$KBP$9$k%^%9%+%l!<%I$rDs6!(B # #/sbin/modprobe ip_masq_vdolive #$BHs>o$K=EMW(B - IP $B%U%)%o!<%G%#%s%0$O%G%U%)%k%H$G$OL58z$K$J$C$F$$$k$N$G!"M-8z$K$7$^$9!#(B # # Redhat $B%f!<%6$N>l9g$O!"(B/etc/sysconfig/network $B$N%*%W%7%g%s;XDj9T$r(B # # FORWARD_IPV4=false # $B$+$i(B # FORWARD_IPV4=true # $B$KJQ99$7$F$/$@$5$$!#(B # echo "1" > /proc/sys/net/ipv4/ip_forward #$BHs>o$K=EMW(B - 2.2.x $B%+!<%M%k$G$O(B IP $B%G%U%i%0%a%s%F!<%7%g%s$N%5%]!<%H$O%G%U%)%k%H$G$OL58z$G$9!#(B # # $B%3%s%Q%$%k;~$N;XDj$K$h$k$b$N$G$9$,!"(B2.2.12 $B%+!<%M%k0J9_$OJQ99$5$l$F$$$^$9!#(B # $B$^$?!"%G%#%9%H%j%S%e!<%7%g%s$K$h$C$F$O(B /proc $B%F!<%V%k$+$i(B # $B$3$N%*%W%7%g%s$,=|30$5$l$F$$$k$3$H$b$"$j$^$9$N$G!"$=$N>l9g$O(B # /proc $B%G%#%l%/%H%j$KB8:_$7$J$1$l$P5$$K$7$J$/$F$b9=$$$^$;$s!#(B # echo "1" > /proc/sys/net/ipv4/ip_always_defrag # $BF0E*$K3d$jEv$F$i$l$k(B IP $B%"%I%l%9$r;HMQ$9$k%f!<%68~$1(B - # # IP $B%"%I%l%9$r(B SLIP, PPP, DHCP $B$J$I$+$iF0E*$K<hF@$9$k>l9g$O!"<!$N%*%W%7%g%s$rM-8z$K$7$F$/$@$5$$!#(B # $B$3$N%*%W%7%g%s$O!"(BIP $B%^%9%+%l!<%I$GF0E*(B IP $B%"%I%l%9$NA`:n$r5v2D$7!"(BDiald $B$dF1MM$J%W%m%0%i%`$N(B # $B;HMQ$r$h$jMF0W$K$9$k$b$N$G$9!#(B #echo "1" > /proc/sys/net/ipv4/ip_dynaddr # $B%$%s%?!<%M%C%H$rI,MW$H$9$k!"$$$/$D$+$N%W%m%0%i%`$KBP$9$k(B LooseUDP $B%Q%C%A$rM-8z$K$9$k(B # # IP $B%^%9%+%l!<%I$r7PM3$7$F%$%s%?!<%M%C%H%2!<%`$rF0$+$=$&$H$7$F$$$F!"$I$&$7$F$b$=$l$,F0$+$J$$$H$$$&(B # $B$N$J$i!"$3$N%*%W%7%g%s$rM-8z$K$7$F$_$F$/$@$5$$(B($B0J2<$N(B "#" $B$r:o=|$7$^$9(B)$B!#(BUDP $B%]!<%H%9%-%c%s$K(B # $BBP$9$k@H<e@-$N2DG=@-$,$"$k$N$G!"$3$N%*%W%7%g%s$O%G%U%)%k%H$G6X;_$5$l$F$$$^$9!#(B # #echo "1" > /proc/sys/net/ipv4/ip_masq_udp_dloose # $B$"$J$?$N@EE*$J(B IP $B%"%I%l%9$r0J2<$K;XDj$7$^$9(B # # $BF0E*$K3d$jEv$F$i$l$k(B IP $B%"%I%l%9$r;HMQ$9$k$J$i!"?7$7$$(B IP $B%"%I%l%9$,3d$jEv$F$i$l$k$?$S$KE,MQ(B # $B$9$k$h$&$K!"%k!<%k%;%C%H$r=q$-49$($J$1$l$P$J$j$^$;$s!#$=$N$?$a$K$O!"!"0J2<$N$h$&$J0l9T$N%9%/%j%W%H$r(B # $BM-8z$K$9$kI,MW$,$"$j$^$9!#!J%9%/%j%W%HNcFb$N0l=E0zMQId$HFs=E0zMQId$N0c$$$O0UL#$r;}$A$^$9$N$GCm0U!K(B # # # DHCP $B$rMxMQ$9$k>l9g(B - # ----------- # TCP/IP $B%"%I%l%9$r(B DHCP $B$+$i<hF@$9$k>l9g$O!"(Bppp $B%;%/%7%g%s$N2<$K$"$k(B"#"$B$G%3%a%s%H%"%&%H$5$l$?(B # $BItJ,$rM-8z$K$7!"(B"ppp0" $B$H$"$kItJ,$r!"%$%s%?!<%M%C%H@\B3MQ$N%$%s%?%U%'!<%9$NL>A0$KCV$-49$($J$1$l$P(B # $B$J$j$^$;$s(B($B$?$H$($P!"(Beth0 $B$d(B eth1 $B$J$I$K!K!#(B # DHCP $B$O3d$jEv$F$?(B IP $B%"%I%l%9$r?o;~JQ99$9$k$3$H$KCm0U$7$F$/$@$5$$!#$3$NJQ99$r@5$7$/H?1G$5$;$k$K$O(B # DHCP $B%j!<%9$,99?7$5$l$k$?$S$K!"(BDHCP $B%/%i%$%"%s%H$r:FEY<B9T$7$F%U%!%$%"%&%*!<%k%k!<%k%;%C%H$rH?1G(B # $B$5$;$J$1$l$P$J$j$^$;$s!#(B # # $BCm0U(B 1 - $B$$$/$D$+$N(B DHCP $B%/%i%$%"%s%H$O8E$$%P!<%8%g%s$N(B "pump" $B$G!J?7$7$$%P!<%8%g%s(B # $B$G$OLdBjE@$O=$@5$5$l$F$$$^$9!K!"$=$l$O%j!<%999?78e$K%9%/%j%W%H$r<B9T$9$k$3$H$,(B # $B$G$-$J$$$b$N$G$9!#$=$N>l9g$O!"(B"dhcpcd" $B$+(B "dhclient" $B$KCV$-49$($J$1$l$P(B # $B$J$j$^$;$s!#(B # # $BCm0U(B 2 - "dhcpcd" $B$O:G6a$N%P!<%8%g%s$G$O!"%3%^%s%IJ8K!$,JQ$o$C$F$$$^$9!#(B # # $B5l%P!<%8%g%s$G$N;XDjJ}K!$O!"<!$N$h$&$J$b$N$G$7$?(B - # dhcpcd -c /etc/rc.d/rc.firewall eth0 # # $B?7$7$$%P!<%8%g%s$G$O<!$N$h$&$K;XDj$7$^$9(B - # dhcpcd eth0 /etc/rc.d/rc.firewall # # # $BCm0U(B 3 - Pump $B$r;H$&>l9g!"(B/etc/pump.conf $B%U%!%$%k$K<!$N5-=R$rDI2C$7$F$/$@$5$$!#(B # # script /etc/rc.d/rc.firewall # # PPP $B$rMxMQ$9$k>l9g(B - # ---------- # $B$*5$$E$-$G$O$J$$$+$b$7$l$^$;$s$,!"(BPPP $B@\B3$,9T$o$l$k$?$S$K!"(B/etc/ppp/ip-up $B%9%/%j%W%H$,(B # $B>o$KF0:n$7$^$9!#$3$N$3$H$rMxMQ$7$F!"?7$7$$(B IP $B%"%I%l%9$N<hF@$H6/8G$J%U%!%$%"%&%*!<%k!&%k!<%k(B # $B%;%C%H$N:F@_Dj$r9T$$$^$9!#(B # # $B$b$7!"(B/etc/ppp/ip-up $B$,$9$G$KB8:_$7$F$$$k$J$i!"$=$l$rJT=8$7$F(B"/etc/rc.d/rc.firewall" # $B$H$$$&5-=R$r:G8e$N$"$?$j$KDI2C$9$k$h$&$K$7$F$/$@$5$$!#(B # # $B$b$7!"(B/etc/ppp/ip-up $B%9%/%j%W%H$,B8:_$7$J$+$C$?$J$i!"(B/etc/rc.d/rc.firewall $B%9%/%j%W%H(B # $B$r<B9T$9$k$?$a$N<!$N$h$&$J%j%s%/$r:n@.$9$kI,MW$,$"$j$^$9!#(B # # ln -s /etc/rc.d/rc.firewall /etc/ppp/ip-up # # * $BB3$$$F!"0J2<$N%3%a%s%H%"%&%H$5$l$?%7%'%k%3%^%s%I$rI,MW$K1~$8$FM-8z$K$7$F$/$@$5$$(B * # # PPP $B5Z$S(B DHCP $B$rMxMQ$9$k>l9g(B - # ------------------- # $B<!$N9T$N(B "#" $B$r:o=|$7$F!"$=$N<!$N9T$N@hF,$K(B "#" $B$rF~$l$F$/$@$5$$!#(B #extip="`/sbin/ifconfig ppp0 | grep 'inet addr' | awk '{print $2}' | sed -e 's/.*://'`" # $B@EE*$J(B IP $B%"%I%l%9$G(B PPP $B$r;H$&>l9g(B - # extip="your.static.PPP.address" # PPP $B$H(B DHCP $B$r;H$&>l9g$O!"I,$:$3$NItJ,$K@5$7$$30It%$%s%?%U%'!<%9$NL>A0$r;XDj$7$^$9(B extint="ppp0" # $BFbIt$N(B IP $B%"%I%l%9$N3d$jEv$F$r;XDj$7$^$9(B intint="eth0" intnet="192.168.0.0/24" # $B%^%9%+%l!<%I$N%?%$%`%"%&%H(B # # 2 $B;~4V(B= TCP $B%;%C%7%g%s(B # 10 $BIC!!(B= TCP/IP $B$N(B "FIN" $B%Q%1%C%H$,<u?.$5$l$?$"$H$N%H%i%U%#%C%/(B # 60 $BIC!!(B= UDP $B%H%i%U%#%C%/(B ($B%^%9%+%l!<%I$5$l$?4D6-$G$N(B ICQ $BMxMQ<T$O(B ICQ $B<+BN$N@_Dj$NCf$G(B # 30$BIC$N%U%!%$%"%&%*!<%k%?%$%`%"%&%H$r;XDj$7$J$1$l$P$J$j$^$;$s(B) # # ipchains -M -S 7200 10 60 ############################################################################# # $BE~Ce%Q%1%C%H$K$D$$$F!"4{B8$N%k!<%k$rGK4~$7!"=i4|%]%j%7!<$r(B # $B5q@d!ZLuCm(B: reject$B![$K@_Dj!#<B:]$O!"5q@d$7$F%m%0$K5-O?$9$k(B # $B:G=*%k!<%k$rMQ0U$9$k$N$G!"$3$N%]%j%7!<$OF0:n$K$OL54X78$K$J$k!#(B # $B!ZLuCm(B: $B%k!<%k$r(B REJECT $B$K$9$k$H!"%k!<%k$K9gCW$7$?%Q%1%C%H$rGK4~$7$F!"(B # "destination-unreachable" ($BL\E*CO$KE~C#$7$J$$(B) $B$H$$$&(B ICMP $B%Q%1%C%H$r(B # $BAj<jB&(B ($BAw?.85%"%I%l%9$N%^%7%s(B) $B$KH/?.$7$^$9!#(B # DENY $B$K$9$k$H!"(B"destination-unreachable" $B%Q%1%C%H$b=P$5$:$K!"<u?.$7$?(B # $B%Q%1%C%H$rC1$KGK4~$7$^$9!#(B # ipchains -F input ipchains -P input REJECT # $B%m!<%+%k%^%7%sB&$+$i%m!<%+%k%$%s%?%U%'!<%9$KF~$k%Q%1%C%H$O!"$I$3$K(B # $B8~$+$&$b$N$bM-8z$H$9$k!#(B # ipchains -A input -i $intint -s $intnet -d 0.0.0.0/0 -j ACCEPT # $B%j%b!<%H%$%s%?%U%'!<%9B&$+$iF~$C$FMh$k(B IP $B%9%W!<%U%#%s%0!ZLuCm(B: IP $B56Au![(B # $B%Q%1%C%H$dLB;R%Q%1%C%H$O!"K\Mh$J$i%m!<%+%k%^%7%s$+$i$G$"$k$Y$-$b$N$J$N$G!"(B # $B5q@d$9$k!#(B # ipchains -A input -i $extint -s $intnet -d 0.0.0.0/0 -l -j REJECT # $B%j%b!<%H%$%s%?!<%U%'!<%9$KF~$C$FMh$k!"08@h%"%I%l%9$,(B PPP $B%"%I%l%9$N(B # $B%Q%1%C%H$O!"$I$NH/?.85%"%I%l%9$+$i$N$b$N$bM-8z$H$9$k!#(B # $B!ZLuCm(B: $B0J2<$N%3%^%s%I$NA0$K!"(B # ipchains -A input -i $extint -S 0/0 -d $extip/32 -p tcp -y -j DENY -l # $B$,$"$k$+!"0?$O0J2<$N%3%^%s%I$,(B # ipchains -A input -i $extint -S 0/0 -d $extip/32 -p tcp ! -y -j ACCEPT # $B$H$J$C$F$$$kJ}$,$h$j9%$^$7$$$H;W$$$^$9!#![(B # ipchains -A input -i $extint -s 0.0.0.0/0 -d $extip/32 -j ACCEPT # $B%k!<%W%P%C%/%$%s%?%U%'!<%9$rM-8z$H$9$k(B # ipchains -A input -i lo -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT # $B:G=*%k!<%k!#$=$NB>$NE~Ce%Q%1%C%H$O5q@d$5$l!"%m%0$K5-O?$5$l$k!#%]%j%7!<$K$O(B # $B%m%05-O?$N$?$a$N%*%W%7%g%s$,$J$$$?$a!"$3$l$,$=$NLr3d$rBe$o$j$K2L$?$9$3$H$K(B # $B$J$k!#(B # ipchains -A input -s 0.0.0.0/0 -d 0.0.0.0/0 -l -j REJECT ############################################################################# # $BAw=P%Q%1%C%H$K$D$$$F!"4{B8$N%k!<%k$rGK4~$7!"=i4|%]%j%7!<$r(B # $B5q@d!ZLuCm(B: reject$B![$K@_Dj!#<B:]$O!"5q@d$7$F%m%0$K5-O?$9$k:G=*%k!<%k$r(B # $BMQ0U$9$k$N$G!"$3$N%]%j%7!<$OF0:n$K$OL54X78$K$J$k!#(B # ipchains -F output ipchains -P output REJECT # $B%m!<%+%k%$%s%?%U%'!<%9$+$i=PNO$5$l$k!"%m!<%+%k%M%C%H$X8~$+$&%Q%1%C%H$O(B # $B$I$3$+$i$N$b$N$bM-8z$H$9$k!#(B # ipchains -A output -i $intint -s 0.0.0.0/0 -d $intnet -j ACCEPT # $B%j%b!<%H%$%s%?%U%'!<%9>e$G%m!<%+%k%M%C%H$XAw=P$5$l$k%Q%1%C%H$O!"(B # $B56Au%k!<%F%#%s%0$J$N$G!"5q@d$9$k!#(B # ipchains -A output -i $extint -s 0.0.0.0/0 -d $intnet -l -j REJECT # $B%j%b!<%H%$%s%?%U%'!<%9>e$G%m!<%+%k%M%C%H$+$iAw=P$5$l$k%Q%1%C%H$O!"(B # $B$"$jF@$J$$%^%9%+%l!<%G%#%s%0$J$N$G!"5q@d$9$k!#(B # ipchains -A output -i $extint -s $intnet -d 0.0.0.0/0 -l -j REJECT # $B%j%b!<%H%$%s%?%U%'!<%9$+$i$N$=$l0J30$NAw=P%Q%1%C%H$OM-8z(B # ipchains -A output -i $extint -s $extip/32 -d 0.0.0.0/0 -j ACCEPT # $B%k!<%W%P%C%/%$%s%?%U%'!<%9$rM-8z$H$9$k!#(B # ipchains -A output -i lo -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT # $B:G=*%k!<%k!#$=$NB>$NAw=P%Q%1%C%H$O5q@d$5$l!"%m%0$K5-O?$5$l$k!#(B # $B%]%j%7!<$K$O%m%05-O?$N$?$a$N%*%W%7%g%s$O$J$$$?$a!"$3$l$,$=$NLr3d$r(B # $BBe$o$j$K2L$?$9$3$H$K$J$k!#(B # ipchains -A output -s 0.0.0.0/0 -d 0.0.0.0/0 -l -j REJECT ############################################################################# # $BE>Aw%Q%1%C%H$K$D$$$F!"4{B8$N%k!<%k$rGK4~$7!"=i4|%]%j%7!<$r(B # $BH]Dj!ZLuCm(B: deny$B![$K@_Dj!#<B:]$O!"H]Dj$7$F%m%0$K5-O?$9$k:G=*%k!<%k$r(B # $BMQ0U$9$k$N$G!"$3$N%]%j%7!<$OF0:n$K$OL54X78$K$J$k!#(B # ipchains -F forward ipchains -P forward DENY # $B%m!<%+%k%$%s%?%U%'!<%9$G$N%m!<%+%k%M%C%H$+$i$=$NB>$N08@h$X$N%Q%1%C%H$r%^%9%+%l!<%I$9$k(B # ipchains -A forward -i $extint -s $intnet -d 0.0.0.0/0 -j MASQ # # $B:G=*%k!<%k!#$=$NB>$NE>Aw%Q%1%C%H$O5q@d$5$l!"%m%0$K5-O?$5$l$k!#(B # $B%]%j%7!<$K$O%m%05-O?$N$?$a$N%*%W%7%g%s$O$J$$$?$a!"$3$l$,$=$NLr3d$r(B # $BBe$o$j$K2L$?$9$3$H$K$J$k!#(B # ipchains -A forward -s 0.0.0.0/0 -d 0.0.0.0/0 -l -j REJECT # $B%U%!%$%k$N=*$o$j(B </PRE> <P> <P>IPCHAINS $B$G$O(B "input", "output", "forward" $B$N3F%k!<%k$K$*$$$F!"(B $BFCDj$N%5%$%H$X$N%H%i%U%#%C%/$rAK;_$9$k$3$H$,$G$-$^$9!#(B $B$3$N%k!<%k$O>e$+$i2<$X$H=g$KE,MQ$5$l$F$$$-!"(B "-A"$B%*%W%7%g%s$O(B IPCHAINS $B$K(B $BBP$7$F?7$7$$%k!<%k$r4{B8$N%k!<%k72$KBP$7$F!VDI2C!W$9$k$b$N$@$H$$$&$3$H$K(B $BCm0U$7$F$/$@$5$$!#(B $B$3$l$KN10U$9$k$H!"A4BN$N%k!<%k$r;XDj$9$kA0$KB>$N8DJL$N@)8B$,I,MW$H(B $B$J$C$F$-$^$9!#(B $B$?$H$($P!"<!$N$h$&$J$b$N$G$9(B - <P> <P>"input" $B%k!<%k$r;H$&(B - <P>$B!ZLuCm(B: $BA4$F$N%$%s%?!<%U%'!<%9$KE~Ce$9$k%Q%1%C%H$,DL2a$9$k%k!<%k$G$9!#(B $B8DJL$N%$%s%?!<%U%'!<%9$N;XDj$O!"(B -i $B%*%W%7%g%s$KB3$1$F%$%s%?!<%U%'!<%9L>(B $B$r;XDj$7$^$9!#![(B <P>$B$3$l$O$*$=$i$/%H%i%U%#%C%/$r%V%m%C%/$9$k0Y$N!":G$b<j$C<h$jAa$/$F(B $B8zN($NNI$$J}K!$G$9$,!"%^%9%+%l!<%I$5$l$?%^%7%s$KBP$7$F$N$_AK;_$G$-!"(B $B%U%!%$%"%&%)!<%k%^%7%s<+?H$X$N%H%i%U%#%C%/$OAK;_$G$-$^$;$s!#(B $B$b$A$m$s!"$3$NAH$_9g$o$;$r5v2D$7$?$$$H$$$&$3$H$b$"$k$G$7$g$&$,!#(B <P> <P>$B$5$F!"(B 204.50.10.13 $B$H$$$&%"%I%l%9$X$N%H%i%U%#%C%/$rAK;_$9$k>l9g(B - <P> <P>/etc/rc.d/rc.firewall $B%k!<%k%;%C%H$NCf$N(B <PRE> ... $BF~NO(B $B%k!<%k$N$O$8$^$j(B ... # $B%m!<%+%k%$%s%?%U%'!<%9B&$N(B 204.50.10.13 $B$H$$$&%^%7%s$X$N%Q%1%C%H$r5qH]$9$k(B # ipchains -A input -s 192.168.0.0/24 -d 204.50.10.13/32 -l -j REJECT #$B!!%m!<%+%k%$%s%?%U%'!<%9B&$N$I$N%m!<%+%k%^%7%s$N$I$3$X8~$+$&%Q%1%C%H$bM-8z$H$9$k(B # ipchains -A input -s 192.168.0.0/24 -d 0.0.0.0/0 -l -j ACCEPT ... $BF~NO(B $B%k!<%k$N=*$o$j(B ... </PRE> <P>"output" $B%k!<%k$r;H$&(B - <P>$B!ZLuCm(B: $BA4$F$N%$%s%?!<%U%'!<%9$+$iAw=P$5$l$k%Q%1%C%H$,DL2a$9$k%k!<%k$G$9!#(B $B8DJL$N%$%s%?!<%U%'!<%9$N;XDj$O!"(B -i $B%*%W%7%g%s$KB3$1$F%$%s%?!<%U%'!<%9L>(B $B$r;XDj$7$^$9!#![(B <P> <P>$B$3$l$O%H%i%U%#%C%/$r%V%m%C%/$9$k$K$OCY$$J}K!$G$9!#(B $B2?8N$J$i$P!"%Q%1%C%H$OGK4~$5$l$k$h$j0JA0$K%^%9%+%l!<%I$rDL$i$J$1$l$P(B $B$J$i$J$$$+$i$G$9!#(B $B$7$+$7$J$,$i$3$N%k!<%k$G$b!"6X;_$7$F$$$k%5%$%H$+$i$N%U%!%$%"%&%)!<%k(B $B%^%7%s$KBP$9$k%"%/%;%9$rAK;_$9$k$3$H$,$G$-$^$9!#(B <P> <PRE> ... $B=PNO%k!<%k$N;O$^$j(B ... # 204.50.10.13 $B$K8~$1$i$l$?%Q%1%C%H$r5qH]$7$F%m%0$r:N<h$9$k(B # ipchains -A output -s $ppp_ip/32 -d 204.50.10.13/32 -l -j REJECT # $B$=$NB>$N%j%b!<%H%$%s%?%U%'!<%9B&$X$NAw=P$OM-8z$K$9$k(B # ipchains -A output -s $ppp_ip/32 -d 0.0.0.0/0 -l -j ACCEPT ... $B=PNO%k!<%k$N=*$o$j(B ... </PRE> <P>"forward" $B%k!<%k$r;H$&(B - <P>$B!ZLuCm(B: $BA4$F$N%$%s%?!<%U%'!<%9>e$GE>Aw$5$l$k%Q%1%C%H$,DL2a$9$k%k!<%k$G$9!#(B $B8DJL$N%$%s%?!<%U%'!<%9$N;XDj$O!"(B -i $B%*%W%7%g%s$KB3$1$F%$%s%?!<%U%'!<%9L>(B $B$r;XDj$7$^$9!#![(B <P> <P>$B$*$=$i$/!"%H%i%U%#%C%/$r%V%m%C%/$9$k$K$O(B "input" $B%k!<%k$h$j(B $BCY$$J}K!$G$9$,!"%^%9%+%l!<%I$5$l$?%^%7%s(B ($BNc$($P%m!<%+%k%(%j%"(B $B%M%C%H%o!<%/$N%^%7%s(B) $B$KBP$9$k%H%i%U%#%C%/$@$1$OAK;_$G$-$^$9!#(B $B%U%!%$%"%&%)!<%k%^%7%s$O6X;_$7$?$$%5%$%H$+$iE~C#2DG=$N$^$^$G$9!#(B <P> <P> <PRE> ... $BE>Aw%k!<%k$N3+;O(B ... # PPP $B%$%s%?%U%'!<%9>e$G$N(B 204.50.10.13 $B$K8~$1$?%Q%1%C%H$r5qH]$7$F%m%0:N<h$9$k(B # ipchains -A forward -i ppp0 -s 192.168.0.0/24 -d 204.50.10.13/32 -l -j REJECT # $B%m!<%+%k%$%s%?!<%U%'!<%9B&$N%m!<%+%k%M%C%H$+$i$N%^%9%+%l!<%I$r9T$&(B # ipchains -A forward -i ppp0 -s 192.168.0.0/24 -d 0.0.0.0/0 -j MASQ ... $BE>Aw%k!<%k$N=*$o$j(B ... </PRE> <P>192.168.0.0/24 $B$N%^%7%s$+$i(B 204.50.11.0 $B$K8~$1$F$N%"%/%;%9$r5v$9FCJL$J%k!<%k$OITMW$G$9!#(B $B$J$<$J$i!"$=$l$i$OA4BNE*$J%^%9%+%l!<%G%#%s%0$N%k!<%k$K$h$C$F$^$+$J$o$l$F$$$k$+$i$G$9!#(B <P>$BCm0U(B - IPFWADM $B$H0c$C$F!"(BIPCHAINS $B$O%$%s%?%U%'!<%9L>$r;XDj$9$kJ}K!$,(B $B0l$D$7$+$"$j$^$;$s!#(B IPCHAINS $B$O(B "-i eth0" $B$N$h$&$K;XDj$7$^$9$,!"(B IPFWADM $B$G$O(B "-W"$B$G(B $B%$%s%?%U%'!<%9L>$r;XDj$7!"$^$?(B "-V" $B$G%$%s%?%U%'!<%9$N(BIP$B%"%I%l%9$r;XDj$7$^$9!#(B <P> <P> <A NAME="multiple-masqed-lans"></A> <P> <H2><A NAME="ss6.6">6.6 $BJ#?t$NFbIt%M%C%H%o!<%/$X$N(B IP $B%^%9%+%l!<%I(B</A> </H2> <P>$BJ#?t$NFbIt%M%C%H%o!<%/$r;}$D>l9g$N%^%9%+%l!<%I$O$+$J$jC1=c$G$9!#(B $B$^$:3NG'$9$k$3$H$O!"A4$F$N(B ($BFbIt$H30ItN>J}$N(B) $B%M%C%H%o!<%/$,@5$7$/(B $BF0:n$7$F$$$k$3$H$G$9!#(B $B$=$l$+$i!"N>J}$NFbIt%$%s%?%U%'!<%9$K$D$$$F%$%s%?!<%M%C%H$HB>$N(B $BFbIt%$%s%?%U%'!<%9$KBP$7$F%^%9%+%l!<%I$7$F%H%i%U%#%C%/$r5v2D$9$k$h$&$K(B $B@_Dj$7$^$9!#(B <P> <P>$BB3$$$F!"FbIt%$%s%?%U%'!<%9$K$D$$$F!"%^%9%+%l!<%I$r5v2D$7$^$9!#(B $B$3$NNc$G$O!"A4It$G#3$D$N%$%s%?%U%'!<%9$r;H$$$^$9(B - eth0 $B$O%$%s%?!<%M%C%H$X$N@\B3$r9T$&30It%$%s%?%U%'!<%9!"(B eth1 $B$O(B 192.168.0.0 $B$N%M%C%H%o!<%/!"$=$7$F(B eth2 $B$O(B 192.168.1.0 $B$N%M%C%H%o!<%/$G$9!#(B rc.firewall $B%k!<%k%;%C%H$G$N!"4{B8$N%^%9%+%l!<%I$r5v2D$7$F$$$k9T$N(B $B8e$K!"<!$N$h$&$JFbMF$rDI2C$7$^$9(B - <P> <P> <UL> <LI>IPCHAINS $B$,MxMQ2DG=$J(B 2.2.x $B7O%+!<%M%k$N>l9g(B <PRE> # $BFbIt$N%$%s%?%U%'!<%9$N4V$G$NAj8_$NDL?.$r5v2D$9$k(B /sbin/ipchains -A forward -i eth1 -d 192.168.0.0/24 /sbin/ipchains -A forward -i eth2 -d 192.168.1.0/24 # $B%$%s%?!<%M%C%H$KBP$9$k%^%9%+%l!<%I$5$l$?DL?.$r5v2D$9$k(B /sbin/ipchains -A forward -j MASQ -i eth0 -s 192.168.0.0/24 -d 0.0.0.0/0 /sbin/ipchains -A forward -j MASQ -i eth0 -s 192.168.1.0/24 -d 0.0.0.0/0 </PRE> <P> </LI> <LI>IPFWADM $B$,MxMQ2DG=$J(B 2.0.x $B7O%+!<%M%k$N>l9g(B <PRE> # $BFbIt$N%$%s%?%U%'!<%9$N4V$G$NAj8_$NDL?.$r5v2D$9$k(B /sbin/ipfwadm -F -a accept -V 192.168.0.1 -D 192.168.1.0/24 /sbin/ipfwadm -F -a accept -V 192.168.1.1 -D 192.168.0.0/24 # $B%$%s%?!<%M%C%H$KBP$9$k%^%9%+%l!<%I$5$l$?DL?.$r5v2D$9$k(B /sbin/ipfwadm -F -a masq -W eth0 -S 192.168.0.0/24 -D 0.0.0.0/0 /sbin/ipfwadm -F -a masq -W eth0 -S 192.168.1.0/24 -D 0.0.0.0/0 </PRE> </LI> </UL> <P>eth0 $B$,J#?t2s;XDj$5$l$k$N$O!">e$NNc$G$O4V0c$$$G$O$J$$$3$H$KCm0U$7$F$/$@$5$$!#(BLinux $B%+!<%M%k$O(B $B$I$N%$%s%?%U%'!<%9$,Aw=P%H%i%U%#%C%/$KBP$7$F;H$o$l$k$N$+$rCN$kI,MW$,$"$k$+$i$G$9!#>e$NNc$G(B eth0 $B$O(B $B%$%s%?!<%M%C%H$KBP$9$k@\B3$N$?$a$N$b$N$G!"$=$l$>$l$NFbIt%$%s%?%U%'!<%9$K$D$$$F;XDj$5$l$F$$$^$9!#(B <P> <A NAME="Diald"></A> <P> <H2><A NAME="ss6.7">6.7 $B%*%s%G%^%s%I!&%@%$%"%k%"%C%W@\B3$G$N(B IP $B%^%9%+%l!<%I(B</A> </H2> <P> <P> <OL> <LI>$B%$%s%?!<%M%C%H$KBP$9$k%@%$%"%k%"%C%W;~$K<+F0E*$K%M%C%H%o!<%/$N@_Dj$r9T$$$?$$$H;W$o$l$k$J$i!"(B <EM>Diald</EM> $B%G%^%s%I!&%@%$%"%k%"%C%W!&%5!<%S%9%W%m%0%i%`$+!"?7$7$$%P!<%8%g%s$N(B <EM>PPPd</EM> $B%Q%C%1!<%8$,Hs>o$KLrN)$D$G$7$g$&!#(BDiald $B$O$h$jeLL)$J@_Dj$,$G$-$k$N$G$*4+$a$G$9!#(B <P> </LI> <LI>Diald $B$r@_Dj$9$k$K$O(B <A HREF="http://home.pacific.net.sg/~harish/diald.config.html">Setting Up Diald for Linux Page</A> $B$d(B <A HREF="http://www.ecst.csuchico.edu/~dranch/LINUX/index-linux.html#TrinityOS">TrinityOS - Section 23</A> $B$r;2>H$7$F$_$F$/$@$5$$!#(B <P> </LI> <LI>Diald $B$H(B IP $B%^%9%+%l!<%I$,E,@Z$K@_Dj$5$l$l$P!"%^%9%+%l!<%I$5$l$?%^%7%s$+$i$N(B Web $B;2>H$d(B telnet, ftp $B$H$$$C$?%;%C%7%g%s$,3+;O$5$l$?;~E@$G!"(BLinux $B%\%C%/%9$OF0E*$K%$%s%?!<%M%C%H$X$N@\B3$r(B $B<B9T$9$k$h$&$K$J$j$^$9!#(B <P> </LI> <LI>$B:G=i$N@\B3$O!"%?%$%`%"%&%H$,H/@8$9$k$G$7$g$&!#(B $B$3$l$O%"%J%m%0%b%G%`$r;H$C$F$$$k>l9g!"Hr$1$i$l$J$$$3$H$G$9!#(B $B%/%i%$%"%s%H$N%W%m%0%i%`(B (Web $B%V%i%&%6$J$I(B) $B$K$H$C$F$_$l$P!"(B PPP$B@\B3$H%b%G%`$N%j%s%/$r3NN)$9$k$?$a$K;~4V$,<h$i$l$k$3$H$K$J$j$^$9!#(B $B$7$+$7!"$3$l$O0lHLE*$J$3$H$G$O$"$j$^$;$s!#(B $B$b$7!"$3$N$h$&$J;v$,5/$3$C$?$i!"(B (Web $B%Z!<%8$N;2>H$J$I$N(B) $B%$%s%?!<%M%C%H$K(B $BBP$9$k%H%i%U%#%C%/%j%/%(%9%H$,:FEYH/@8$7$?$H$-$K:FEYF1$8;v$r7+$jJV$7$F(B $B$&$^$/F0:n$9$k$G$7$g$&!#(B $B$^$?!"%+!<%M%k%*%W%7%g%s$N(B <EM>echo "1" > /proc/sys/net/ipv4/ip_dynaddr</EM> $B$N<B9T$O!"@\B3;~$N$3$N=i4|@_Dj$r;Y1g$9$k$?$a$N$b$N$G$9!#(B </LI> </OL> <P> <P> <A NAME="Forwarders"></A> <P> <H2><A NAME="ss6.8">6.8 IPPORTFW, IPMASQADM, IPAUTOFW, REDIR, UDPRED, $B5Z$S$=$NB>$N%]!<%HE>Aw%D!<%k(B</A> </H2> <P>IPPORTFW, IPAUTOFW, REDIR, UDPRED $BEy$N%W%m%0%i%`$O(B Linux $B$N(B IP $B%^%9%+%l!<%I(B $B$G;HMQ$5$l$kHFMQE*$J(B TCP $B$H(B UDP $B%]!<%H$NE>Aw$N$?$a$K;H$o$l$k%D!<%k$G$9!#(B $B$3$l$i$N%D!<%k$O0lHLE*$K(B FTP $B$d(B Quake $BMQ$K:n@.$5$l$?(B IP $B%^%9%+%l!<%IMQ$N(B $B%b%8%e!<%k$NBe$o$j$K;H$&$3$H$,$G$-$^$9!#(B $B$3$l$i%]!<%H%U%)%o!<%@$K$h$C$F!"%$%s%?!<%M%C%H$+$i(B IP $B%^%9%+%l!<%I%5!<%P$N(B $B85$GF0:n$9$k%W%i%$%Y!<%H%"%I%l%9$KG[CV$5$l$?%^%7%s$K8~$+$C$FAw$i$l$k(B $B%G!<%?@\B3$r%j%@%$%l%/%H$9$k$3$H$,$G$-$^$9!#(B $BE>Aw5!G=$O!"(B TELNET, WWW, SMTP, FTP ($B8e=R$9$kFCJL$J%Q%C%A$,I,MW$G$9(B), ICQ $B$d!"$=$NB>B?$/$N$b$N$r4^$s$G$$$^$9!#(B <P> <P>$BCm0U(B - IP $B%^%9%+%l!<%I$rH<$o$J$$C1=c$J%]!<%HE>Aw$r$*5a$a$G$b!"(BLinux $B$N(B IP $BE>Aw%D!<%k$r;H$&$K$O!"%+!<%M%k$H(B IPFWADM $B$+(B IPCHAINS $B$$$:$l$+$K$h$k(B $B%k!<%k%;%C%H$,(B<B>$BI,MW(B</B>$B$G$9!#(B <P> <P>$B$G$O$J$<0[$J$kA*Br$,4v$D$b$"$k$N$G$7$g$&$+(B? IPAUTOFW, REDIR $B$=$l$K(B UDPRED ($B$3$l$i$X$N(B URL $B$O(B <A HREF="IP-Masquerade-HOWTO-2.html#2.0.x-Requirements">2.0.x $B%+!<%M%k$NI,MW>r7o(B</A> $B$N>O$K5-:\$7$F$"$j$^$9(B) $B$J$I$O!"(BIP $B%^%9%+%l!<%I$r;H$&%f!<%6$K$H$C$F!"(B $B$3$l$i$N5!G=$rDs6!$9$k:G=i$N%D!<%kN`$G$7$?!#(B $B$=$N8e!"(B Linux $B$N(B IP $B%^%9%+%l!<%I5!G=$,@.=O$9$k$K$D$l$F!"$3$l$i$N%D!<%k$O(B IPPORTFW $B$H$$$&!"$b$C$H9bEY$J2r7hJ}K!$K$H$C$FBe$o$i$l$k$h$&$K$J$j$^$7$?!#(B $B$h$j?7$7$$%D!<%k$NEP>l$K$h$C$F!"(BIPAUTOFW $B$d(B REDIR $B$H$$$&8E$$%D!<%k$N(B $B%f!<%6$OBg$$$KMnC@$5$;$i$l$k$3$H$K$J$j$^$7$?!#(B $B$H$$$&$N$b!"$3$l$i$N%D!<%k$O(B Linux $B%+!<%M%k$KBP$7$F!"<+?H$NB8:_$rE,@Z$K(B $BDLCN$9$k$3$H$J$/F0$$$F$$$k$N$G!"Ii2Y$N$+$+$k$h$&$J>u67$G$O(B Linux $B%5!<%P$r(B $B%/%i%C%7%e$5$;$F$7$^$&$h$&$J$3$H$9$i$"$C$?$+$i$G$9!#(B MFW $B$H$$$&:G?7$NJ}K!$b$"$j$^$9!#(B MFW $B$N:G$bBg$-$JMxE@$O!"(BIPCHAINS $B%D!<%k$H$N9b$$E}9g@-$G$9!#(B $B$3$NJ}K!$G$O!"(BIPCHAINS $B%k!<%k%;%C%H$OFCDj$N%Q%1%C%H$KBP$7$F0u$rIU$1!"(B $BE,@Z$JE>Aw$r9T$&$?$a$N%k!<%k$rDs6!$9$k$?$a$K;H$o$l$^$9!#(B $B:#$N$H$3$m!"$3$l$K$D$$$F$O$3$N(B HOWTO $B$G$O=R$Y$F$$$^$;$s!#(B <P> <P><B>$BCm0U(B #2 - 2.2.x $B7O%+!<%M%k$K$*$1$k(B PORTFW $B$G$O!"(B<EM>$B%M%C%H%o!<%/FbIt$N(B $B%^%7%s(B</EM>$B$+$i!"%$%s%?!<%M%C%H>e$K$"$k%M%C%H%o!<%/30It$N%^%7%s$KBP$9$k(B $B%"%/%;%9$KF1$8%]!<%HE>Aw$5$l$?(B IP $B%"%I%l%9$r;H$&$3$H$,$G$-$^$9$,!"(B $B%M%C%H%o!<%/FbIt$NB>$N%^%7%s$KBP$7$F$O;H$($^$;$s!#(B $B$b$7!"$3$l$,$"$J$?$N>l9g$K3:Ev$9$k$J$i!"%M%C%H%o!<%/FbIt$N%5!<%P$X$N(B $B%j%@%$%l%/%H$r9T$&$?$a$K(B REDIR $B%]!<%HE>Aw%D!<%k$r;n$7$F$_$F$/$@$5$$!#(B $B8e$K=R$Y$k(B <A HREF="IP-Masquerade-HOWTO-2.html#NetFilter">NetFilter</A> $B%D!<%k%;%C%H$r;H$&$N$bNI$$9M$($@$H;W$$$^$9!#(B $B$J$<FbIt(B/$B30It$NE>Aw$,F0$+$J$$$N$+$N5;=QE*@bL@$K$D$$$F$O!"(B2.2.x $B7O%+!<%M%k$N(B PORTFW $B$K4X$9$k>O$N:G8e$K$"$k(B Juan $B$K$h$kCm<a$r$4Mw$/$@$5$$!#(B</B> <P> <P> <P> <P>$BCm0U(B #3 - $BFbIt$N%^%9%+%l!<%I$5$l$?(B FTP $B%5!<%P$KBP$9$k%H%i%U%#%C%/$N(B $BE>Aw$O(B <B>PORTFW FTP</B> $B$H$7$FCN$i$l$F$$$^$9$,!"8=:_(B 2.0.x $B7O$H(B 2.2.x $B7O$N$$$:$l$N%+!<%M%k$G$bDs6!$5$l$k$h$&$K$J$j$^$7$?!#(B $B8=>u$G$O<gN.$N(B Linux $B%+!<%M%k$G$O%5%]!<%H$5$l$F$$$^$;$s$,!"%+!<%M%k(B $B$K%Q%C%A$rE,MQ$9$k$+!"30It(B FTP $B%W%m%-%7%5!<%P$K$h$C$F2DG=$H$J$j$^$9!#(B $B%+!<%M%k%b%8%e!<%k%3!<%I$O$^$@<B83Cf$G!"(BPASSIVE $B@\B3$h$j$O(B ACTIVE FTP $B%;%C%7%g%s$K$h$k@\B3$N$[$&$,NI9%$J7k2L$H$J$k>l9g$b$"$k$h$&$G$9!#(B $B6=L#?<$$$3$H$K!"5U$N?6$kIq$$$GF0$/%1!<%9$b$"$k$h$&$G$9!#(B $B$"$J$?$N>l9g$N7k2L$,$I$&$@$C$?$+;d$?$A$K65$($F$/$@$5$$!#(B $B$3$N7o$K$D$$$F!"0J9_$N(B2.0.x $B7O(B $B5Z$S(B 2.2.x $B7O$=$l$>$l$N>O$KJL$J(B $B%Q%C%A$rMQ$$$?2r7hJ}K!$,>\:Y$K=R$Y$i$l$F$$$^$9!#(B <P> <P> <P>2.0.x $B7O%+!<%M%k$N(B IPPORTFW $B$G$b!"(B 2.2.x $B7O%+!<%M%k$N(B IPPORTFW $B%5%]!<%H$N(B $B$"$k(B IPMASQADM $B$r;H$&>l9g$G$b!"%M%C%H%o!<%/%;%-%e%j%F%#$K4X$9$k9MN8$O(B $B$=$l$i$N%]!<%H%U%)%o!<%@AH$_9~$_$NA0$KI,MW$G$9!#(B $B$J$<$J$i!"$3$l$i$N%D!<%k$O4pK\E*$K$OE>Aw$5$l$?(B TCP/UDP $B%]!<%H$K$D$$$F!"(B $B%U%!%$%"%&%)!<%k>e$K%;%-%e%j%F%#>e$N7j$r:n$k$?$a$N$b$N$@$+$i$G$9!#(B $B$3$l$O!"$"$J$?$N(B Linux $B%^%7%s!ZLuCm(B: $B%U%!%$%"%&%*!<%k<+?H![$KBP$7$F(B $BHo32$r5Z$\$9$3$H$O$"$j$^$;$s$,!"%H%i%U%#%C%/$,E>Aw$5$l$k@h$NFbIt%^%7%s$K(B $BBP$7$F1F6A$r$*$h$\$7$^$9!#(B $B$H$O$$$(!"$=$s$J$K?4G[$7$J$$$G$/$@$5$$!#(B $B$3$l$O(B Steven Clarke (IPPORTFW $B$N:n<T(B) $B$,Cm0U$rB%$9$?$a$K=R$Y$J$1$l$P(B $B$J$i$J$+$C$?!"0J2<$N$h$&$J>l9g$G$9(B - <P> <P> <P> <BLOCKQUOTE><CODE> <PRE> $B!V%]!<%HE>Aw$O!"(BIPFWADM $B$d(B IPCHAINS $B%k!<%k$NFbIt$+$i$N$_8F$S=P$5$l$k$h$&$K:n$i$l$F$*$j!"(B IP $B%^%9%+%l!<%I$O!"(BIP $B%U%)%o!<%G%#%s%0$N0l<o$N3HD%$H8+$J$5$l$k!#(B $B$7$+$7$J$,$i!"(B IPPORTFW $B$O(B IPFWADM $B%k!<%k%;%C%H$NE~Ce5Z$SAw=P%^%9%+%l!<%I%k!<%k$KE,9g$9$k(B $B%Q%1%C%H$@$1$K$D$$$F!"<h$j07$&$h$&$K$J$C$F$$$k!#!W(B </PRE> </CODE></BLOCKQUOTE> <P>$B$3$3$G=R$Y$F$$$k$N$O!"6/8G$J%U%!%$%"%&%*!<%k%k!<%k%;%C%H$NI,MW@-$J$N$G$9!#(B $B6/8G$J%k!<%k%;%C%H$K$D$$$F$O(B <A HREF="#Strong-IPFWADM-Rulesets">$B6/$$(B IPFWADM $B$N%k!<%k%;%C%H(B</A> $B$H(B <A HREF="#Strong-IPCHAINS-Rulesets">$B6/$$(B IPCHAINS $B$N%k!<%k%;%C%H(B</A> $B$r;2>H$7$F$_$F$/$@$5$$!#(B <P> <P>$B$G$9$+$i!"(B IPPORTFW $B$K$h$kE>Aw%5%]!<%H$r(B 2.2.x $B$^$?$O(B 2.0.x $B7O$N(B $B%+!<%M%k$K%$%s%9%H!<%k$9$k$?$a$K$O!"(BIPPORTFW $B$rMxMQ$G$-$k$h$&$K(B Linux $B%+!<%M%k$r:F%3%s%Q%$%k$7$J$1$l$P$J$j$^$;$s!#(B <P> <UL> <LI>2.2.x $B7O%+!<%M%k$r$*;H$$$NJ}$O!"$9$G$K(B IPPORTFW $B%+!<%M%k%*%W%7%g%s$r!"(B IPMASQADM$B$rDL$8$F;H$&$?$a$N<j=g$G;XDj$7$F$$$k$O$:$G$9!#(B </LI> <LI>2.0.x $B7O%+!<%M%k$r$*;H$$$NJ}$O!"C1=c$J%+!<%M%k%*%W%7%g%s$N%Q%C%A$rE,MQ$9$kI,MW$,$"$j$^$9!#(B</LI> </UL> <P> <P> <H3>2.2.x $B7O%+!<%M%k$G$N!"(BIPPORTFW $B%5%]!<%H$D$-(B IPMASQADM</H3> <P>$B$^$::G=i$K!":G?7$N(B 2.2.x $B%+!<%M%k!ZLuCm(B: $BK]Lu;~E@$G$O(B 2.2.19 $B$G$7$?![$r(B /usr/src/linux$B%G%#%l%/%H%j$KE83+$7$^$9!#(B $B$^$@$3$N<j=g$r$d$C$F$$$J$$J}$O!"(B <A HREF="IP-Masquerade-HOWTO-3.html#Kernel-Compile">$B%+!<%M%k$N%3%s%Q%$%k(B</A> $B$N>O$N>\:Y$r;2>H$7$F$/$@$5$$!#(B $BB3$$$F!"(B"ipmasqadm.c" $B%W%m%0%i%`$r(B <A HREF="IP-Masquerade-HOWTO-2.html#2.2.x-Requirements">2.2.x $B%+!<%M%k$NI,MW>r7o(B</A> $B$K=R$Y$F$$$kJ}K!$G%@%&%s%m!<%I$7$FF~<j$7!"(B /usr/src/ $B%G%#%l%/%H%j$KCV$-$^$9!#(B <P> <P>$B0z$-B3$$$F!"(B 2.2.x $B7O%+!<%M%k$r(B <A HREF="IP-Masquerade-HOWTO-3.html#Kernel-Compile">$B%+!<%M%k$N%3%s%Q%$%k(B</A> $B$N>O$K<($5$l$F$$$k$h$&$K%3%s%Q%$%k$7$^$9!#(B $B%+!<%M%k$N%*%W%7%g%s$r@_Dj$9$k:]$K!"(BIPPORTFW $B%*%W%7%g%s$K$O(B YES $B$r(B $B;XDj$7$F$/$@$5$$!#(B $B%+!<%M%k$,%3%s%Q%$%k$G$-!":F5/F0$r3NG'$7$?$i!":F$S$3$N>O$K(B $BLa$C$F@bL@$NB3$-$rFI$s$G$/$@$5$$!#(B <P> <P>$B$G$O!"(B IPMASQADM $B%D!<%k$N%3%s%Q%$%k$H%$%s%9%H!<%k$r9T$$$^$9(B - <P> <P> <BLOCKQUOTE><CODE> <PRE> cd /usr/src tar xzvf ipmasqadm-x.tgz cd ipmasqadm-x make make install </PRE> </CODE></BLOCKQUOTE> <P> <P>$B$5$F!"Nc$H$7$F$3$3$G!"$"$J$?$N%$%s%?!<%M%C%H>e$N(B TCP/IP $B%"%I%l%9$KBP$9$k(B $BA4$F$N(B WWW $B%$%s%?!<%M%C%H%H%i%U%#%C%/(B ($B%]!<%H(B80) $B$r!"FbIt$N%^%9%+%l!<%I$5$l$?(B $B%^%7%s$N(B IP $B%"%I%l%9!"(B 192.168.0.10 $B$K8~$1$k>l9g$r<h$j>e$2$^$9!#(B <P> <P>PORTFW FTP - $B$3$l$K$D$$$F$O@h$K@bL@$7$?$h$&$K!"(B FTP $B%5!<%P$KBP$9$k(B $B%M%C%H%o!<%/FbIt$N%^%9%+%l!<%I$5$l$?%^%7%s$X$NE>Aw$O(B 2$B$D$NJ}K!$,$"$j$^$9!#(B $B:G=i$NJ}K!$O$^$@%Y!<%?%l%Y%k$G$9$,!"FbIt$K$"$k%^%9%+%l!<%I$5$l$?(B FTP $B%5!<%P$X!"(B FTP $B@\B3$r%]!<%HE>Aw$9$k(B 2.2.x $B%+!<%M%kMQ$N(B <EM>IP_MASQ_FTP</EM> $B%b%8%e!<%k$r;H$&$3$H$G$9!#(B $B$b$&0l$D$NJ}K!$O!"(B FTP $B%W%m%-%7%W%m%0%i%`(B ( <A HREF="IP-Masquerade-HOWTO-2.html#2.2.x-Requirements">2.2.x $B%+!<%M%k$NI,MW>r7o(B</A> $B$N>O$K(B URL $B$r5-:\$7$F$"$j$^$9(B) $B$G$9!#(B FTP $B%+!<%M%k%b%8%e!<%k$K$D$$$F$O!"(B IP_MASQ_FTP $B%b%8%e!<%k$r%"%s%m!<%I$7$?$j(B $B:F%m!<%I$9$k$3$H$J$7$K!"(B PORTFW $B$N(B FTP $B%]!<%H$rF0E*$KDI2C$9$k$3$H$,(B $B$G$-$^$9$,!"$3$l$O$=$N;~E@$GB8:_$7$F$$$kB>$N(B FTP $BE>Aw$rL58z$K$7$F$7$^$$$^$9!#(B $B$3$N?7$7$$%3!<%I$N>\:Y$K$D$$$F$O!"(B IP $B%^%9%+%l!<%I$N(B web $B%5%$%H(B <A HREF="http://ipmasq.cjb.net/">http://ipmasq.cjb.net/</A> $B$r$4Mw$/$@$5$$!#(B $B$^$?!"(B 2.0.x $B7O%+!<%M%k$N>O$K!"%]!<%HE>Aw$5$l$?(B FTP $B@\B3$K4X$9$kNc$H(B $B<c43$N>pJs$,$"$j$^$9!#(B <P> <P><B>$BCm0U(B - </B>$B%]!<%HE>Aw$r%]!<%H(B 80 $B$GM-8z$K$7$?$J$i!"$=$l0J9_$O(B IP $B%^%9%+%l!<%I%5!<%P$G$=$N%]!<%H$r;H$&$3$H$O$G$-$J$/$J$j$^$9!#(B $B$D$^$j!"%^%9%+%l!<%I%5!<%P>e$G$9$G$K(B Web $B%5!<%P$rF0$+$7$F$$$?>l9g$O!"(B $B%]!<%HE>Aw$K$h$C$F!"$9$Y$F$N%$%s%?!<%M%C%H$+$i$N(B Web $B%"%/%;%9$O(B IP $B%^%9%+%l!<%I%5!<%P$N%Z!<%8$G$O$J$/!"FbIt$N(B Web $B%5!<%P$KBP$7$F(B $B?6$j8~$1$i$l$F$7$^$&$N$G$9!#(B <P> <P> <P>$B$$$:$l$K$;$h!"%]!<%HE>Aw$rM-8z$K$9$k$K$O!"(B /etc/rc.d/rc.firewall $B$N%k!<%k%;%C%H$r=q$-49$($J$1$l$P(B $B$$$1$^$;$s!#0J2<$N$h$&$J9T$rDI2C$7$^$9$,!"(B"$extip" $B$NItJ,$O$"$J$?$N%$%s%?!<%M%C%H$K8x3+$9$k(B IP $B%"%I%l%9(B $B$r;XDj$9$k$h$&$K=q$-49$($F$/$@$5$$!#(B <P><B>$BCm0U(B - </B>$B$b$7!"(BPPP, ADSL, $B%1!<%V%k%b%G%`$J$I$K$h$j(B ISP $B$+$i(B $BF0E*$J(B TCP/IP $B%"%I%l%9$r3d$jEv$F$i$l$F$$$k>l9g$O!"(B /etc/rc.d/rc.firewall $B%k!<%k%;%C%H$r$b$C$H%$%s%F%j%8%'%s%H$K:n@.$9$kI,MW$,$"$j$^$9!#(B $B$=$N$?$a$N>pJs$O!"A0=P$N(B <A HREF="#Strong-IPCHAINS-Rulesets">$B6/$$(B IPCHAINS $B$N%k!<%k%;%C%H(B</A> $B$N>O$+(B <A HREF="http://www.ecst.csuchico.edu/~dranch/LINUX/index-linux.html#TrinityOS">TrinityOS - Section 10</A> $B$K6/8G$J%k!<%k%;%C%H$rF0E*$J(B IP $B%"%I%l%94D6-$G(B $B:n@.$9$k>\:Y$,=R$Y$i$l$F$$$^$9!#(B $B$3$3$G$O%R%s%H$@$1(B - PPP$B$N(B $B>l9g$O!!(B/etc/PPP/ip-up $B$G$9!#(B <P> <P> <BLOCKQUOTE><CODE> <PRE> /etc/rc.d/rc.firewall -- #echo "IPPORTFW $B$K$h$k%j%@%$%l%/%7%g%s$r30It(B LAN $B$KE,MQ(B.." # /usr/sbin/ipmasqadm portfw -f /usr/sbin/ipmasqadm portfw -a -P tcp -L $extip 80 -R 192.168.0.10 80 -- </PRE> </CODE></BLOCKQUOTE> <P> <P>$B$3$l$@$1$G$9!*(B /etc/rc.d/rc.firewall $B%k!<%k%;%C%H$r:FEY<B9T$7$F%F%9%H$7$F$_$F$/$@$5$$!#(B <P>$B$b$7!"(B"ipchains: setsockopt failed: Protocol not available" $B$H$$$&(B $B%(%i!<%a%C%;!<%8$r<u$1<h$C$F$7$^$C$?$i!"$"$J$?$O$^$@?7$7$$%+!<%M%k$r(B $BF0:n$G$-$F$$$^$;$s!#(B $B?7$7$$%+!<%M%k$r@5$7$/AH$_9~$s$@$3$H$r3NG'$7!"(B LILO $B$r:FEY<B9T$7!"(B $B:F5/F0$7$F$_$F$/$@$5$$!#(B $B$b$7!"?7$7$$%+!<%M%k$,F0$$$F$$$k$N$,3N<B$J$i$P!"(B "ls /proc/net/ip_masq" $B%3%^%s%I$r<B9T$7$F!"(B "portfw" $B%U%!%$%k$,B8:_$7$F$$$k$+3NG'$7$F$/$@$5$$!#(B $B$3$l$,L5$$$J$i!"%+!<%M%k$N9=C[$G$J$K$+%(%i!<$,=P$F$$$k$O$:$G$9$N$G!"(B $B$=$3$+$i$b$&0lEY$d$jD>$7$F$/$@$5$$!#(B <P> <P> <P>$B$J$<(B PORTFW $B$,30It$HFbIt$N%$%s%?%U%'!<%9$NAPJ}$G%H%i%U%#%C%/$r%j%@%$%l%/%H(B $B$G$-$J$$$N$+M}2r$7$?$$J}$N$?$a$K!"(B Juanjo $B!ZLuCm(B: IP_MASQ_FTP $B%b%8%e!<%k$N(B $B:n<T![$+$i$N%a!<%k$r$3$3$G$*8+$;$7$^$9!#(B $BH`$O$b$C$H$&$^$/@bL@$7$F$/$l$F$$$^$9(B - <P> <HR> <PRE> From Juanjo Ciarlante -- >$B<!$N$h$&$J>l9g(B - > >ipmasqadm portfw -a -P tcp -L 1.2.3.4 80 -R 192.168.2.3 80 > >$B30It$+$i$N@\B3$OLdBj$J$/F0$/$1$l$I!"FbIt$+$iF1$8(B 1.2.3.4 $B$KBP$9$k(B >$B@\B3MW5a$O<:GT$7$^$9!#(B >$B%m!<%+%k%M%C%H$N(B 192.168.2.0 $B$+$i(B www.periapt.com $B$X$N%"%/%;%9$r!"(B >$B%W%m%-%7$J$7$G5v2D$9$k$h$&$J%A%'%$%s$rMQ0U$9$k$3$H$O$G$-$^$9$+(B? $B<B:]$N$H$3$m$G$-$J$$$M!#(B $BBg35!"KM$O(B ipmasqadm $B%k!<%k$r30It$N0Y$K@_Dj$7!"(B*$B$=$7$F(B* $B%]!<%H%j%@%$%l%/%?$rFbIt$N$?$a$K@_Dj$7$F$$$k$s$@!#(B $B%j%@%$%l%/%7%g%s$NA0$K(B ipmasqadm $B$N%U%C%/$,$"$k$+$i!"$3$N%U%C%/$O30It(B $B$+$i$N@\B3$NH/@8$rB*$($k!#(B _$B$@$1$I(B_ $B$=$&$G$J$$>l9g$O!"2?$b$7$J$$$GAGDL$7$7$F$7$^$&(B($B$D$^$j!"E,Ev$J(B $B%k!<%k$NE,MQ$,9T$o$l$k(B)$B!#(B $B<B:]!"(B"$B35G0E*$J(B"$BLdBj$O!"??$N%/%i%$%"%s%H(B ($B%T%"(B) $B$N(B IP $B%Q%1%C%H$N(B $BE~C#@h$,!"(B ($B$"$j$,$?$$$3$H$K%^%9%+%l!<%I$K$h$C$F(B) $BL\E*$N%5!<%P$H$7$F(B $BF1$8%M%C%H%o!<%/$KB8:_$7$F$$$k$3$H$K5/0x$9$k!#(B $B<:GT$9$k(B"$B%m!<%+%k$J%^%9%+%l!<%I(B"$B$H$$$&$N$O<!$N$h$&$J>l9g(B - $B%/%i%$%"%s%H(B: 192.168.2.100 $B%^%9%+%l!<%I(B: 192.168.2.1 $B%5!<%P(B: 192.168.2.10 1)$B%/%i%$%"%s%H$+$i%5!<%P$X$N%Q%1%C%H(B a) $B%/%i%$%"%s%H(B: 192.168.2.100:1025 -> 192.168.2.1:80 [SYN] b) ($B%^%9%+%l!<%I(B): 192.168.2.100:1025 -> 192.168.2.10:80 [SYN] ($B$=$7$F!"(B 192.168.2.1:61000 $B$H(B 192.168.2.100:1025 $B$,(B $B4XO"$E$1$i$l$F5-21$5$l$k(B) c) $B%5!<%P(B: $B%^%9%+%l!<%I$5$l$?%Q%1%C%H$r<u$1$k(B (1b) 2)$B%5!<%P$+$i%/%i%$%"%s%H$X$N%Q%1%C%H(B a) $B%5!<%P(B: 192.168.2.10:80 -> 192.168.2.100:1025 [SYN,ACK] b) $B%/%i%$%"%s%H(B: 192.168.2.100:1025 -> 192.168.2.10:80 [RST] $B$5$"!"(B (1a) $B$H(B (2a) $B$rHf$Y$F$4$i$s!#(B $B8+$F$NDL$j!"F1$8%M%C%H%o!<%/$KB8:_$9$k$b$NF1;N$@$H!"%5!<%P$O(B $B%^%9%+%l!<%I$rDL$i$:$KD>@\%/%i%$%"%s%H$K8~$1$F1~Ez$9$k$s$@!#(B ($B%5!<%P$,%^%9%+%l!<%I$K%Q%1%C%HA`:n$r85$KLa$5$;$k$h$&$J$3$H$O$7$J$$(B) $B$@$+$i!"%/%i%$%"%s%H$O@\B3$r%j%;%C%H$7$F$7$^$&!#(B $B$3$l$,Lr$KN)$D$H$&$l$7$$$h!#(B $B$h$m$7$/(B Juanjo </PRE> <HR> <P> <H3>2.0.x $B7O%+!<%M%k$G$N(B IPPORTFW</H3> <P> <P>$B:G=i$K!"(B/usr/src/linux $B%G%#%l%/%H%j$K:G?7$N(B 2.0.x $B7O%+!<%M%k$,$"$k$3$H$r(B $B3NG'$7$F$/$@$5$$!#(B $B$^$@$@$C$?>l9g$N>\:Y$K$D$$$F$O!"(B <A HREF="IP-Masquerade-HOWTO-3.html#Kernel-Compile">$B%+!<%M%k$N%3%s%Q%$%k(B</A> $B$N>O$r;2>H$7$F$/$@$5$$!#(B $BB3$$$F!"(B "ipportfw.c" $B%W%m%0%i%`$H(B "subs-patch-x.gz" $B%+!<%M%k%Q%C%A$r(B <A HREF="IP-Masquerade-HOWTO-2.html#2.0.x-Requirements">2.0.x $B%+!<%M%k$NI,MW>r7o(B</A> $B$N>O$r;2>H$7$FF~<j$7!"(B /usr/src/ $B%G%#%l%/%H%j$K(B $BCV$-$^$9!#(B <P> <P>$BCm0U(B - "subs-patch-x.gz" $B$N(B "x" $B$O%5%$%H$GF~<j$G$-$k:G?7$N%P!<%8%g%sHV9f$K(B $BFI$_BX$($F$/$@$5$$!#(B <P> <P>$B<!$K!"FbIt%5!<%P$X$N(B FTP $B%H%i%U%#%C%/$N%]!<%HE>Aw$r9M$($F$$$k$J$i!"(B <A HREF="IP-Masquerade-HOWTO-2.html#2.0.x-Requirements">2.0.x $B%+!<%M%k$NI,MW>r7o(B</A> $B$N>O$K$"$k!"(B<B>$B?7$7$$(B</B> <EM>IP_MASQ_FTP</EM> $B%b%8%e!<%k$N%Q%C%A$rF~<j$7$F$/$@$5$$!#(B $B$3$l$O(B2.2.x $B7O%+!<%M%k$H$O0c$&%Q%C%A$G!"F0E*$K(B FTP $B%]!<%H$r3d$jEv$F$k(B $B5!G=$J$I$ODs6!$5$l$F$$$J$$$3$H$K$4Cm0U$/$@$5$$!#(B <P> <P> <P> <P>$B$=$l$+$i!"(BIPPORTFW $B%Q%C%A(B(subs-patch-x.gz)$B$r(B Linux $B%G%#%l%/%H%j$K%3%T!<$7$^$9!#(B <BLOCKQUOTE><CODE> <PRE> cp /usr/src/subs-patch-1.37.gz /usr/src/linux </PRE> </CODE></BLOCKQUOTE> <P>$B$D$E$$$F!"(BIPPORTFW $B%+!<%M%k%*%W%7%g%s$r:n$k$?$a$K%Q%C%A$rE,MQ$7$^$9!#(B <BLOCKQUOTE><CODE> <PRE> cd /usr/src/linux zcat subs-patch-1.3x.gz | patch -p1 </PRE> </CODE></BLOCKQUOTE> <P> <P> <P>$B$h$m$7$$!#(B <A HREF="IP-Masquerade-HOWTO-3.html#Kernel-Compile">$B%+!<%M%k$N%3%s%Q%$%k(B</A> $B$N>O$K<($5$l$F$$$k$h$&$K!"%+!<%M%k$r%3%s%Q%$%k$7$^$7$g$&!#(B $B%+!<%M%k$N9=@.;~$KM-8z$K$J$C$?(B IPPORTFW $B%*%W%7%g%s$r$3$3$G$O(B YES $B$K(B $B@_Dj$7$F$/$@$5$$!#(B $B%3%s%Q%$%k$,40N;$7!":F5/F0$7$?$J$i!"$3$N>O$N@bL@$rB3$1$^$9!#(B <P> <P>$B?7$7$/%3%s%Q%$%k$5$l$?%+!<%M%k$r;H$C$F!"<B:]$N(B"IPPORTFW" $B%W%m%0%i%`$r%$%s%9%H!<%k$7$^$9!#(B <BLOCKQUOTE><CODE> <PRE> cd /usr/src gcc ipportfw.c -o ipportfw mv ipportfw /usr/local/sbin </PRE> </CODE></BLOCKQUOTE> <P> <P> <P>$B$5$F!"$3$NNc$G$O$"$J$?$N%$%s%?!<%M%C%H>e$N(B TCP/IP $B%"%I%l%9$KBP$9$k(B $BA4$F$N(B WWW $B%$%s%?!<%M%C%H%H%i%U%#%C%/(B ($B%]!<%H(B80) $B$rFbIt$N%^%9%+%l!<%I$5$l$?(B $B%^%7%s$N(B IP $B%"%I%l%9!"(B 192.168.0.10 $B$K8~$1$k>l9g$r<h$j>e$2$^$9!#(B <P> <P> <P><B>$BCm0U(B - </B> $B%]!<%H(B 80 $B$G%]!<%HE>Aw$rM-8z$K$9$k$H!"(B Linux IP $B%^%9%+%l!<%I%5!<%P$+$i$O$=$N%]!<%H$O;H$($J$/$J$j$^$9!#(B $B$D$^$j!"$b$7M=$a%^%9%+%l!<%I%5!<%P>e$G(B WWW $B%5!<%P$,F0:n$7$F$$$?$H$7$F!"(B $B$=$N%5!<%P$GFbIt$N%^%9%+%l!<%I$5$l$?%3%s%T%e!<%?$X$N%]!<%H(B 80 $B$G$NE>Aw$r(B $B9T$C$?$J$i$P!"A4$F$N%$%s%?!<%M%C%H>e$N%f!<%6$O%^%9%+%l!<%I%5!<%P>e$N(B $B%Z!<%8$G$O$J$/!"(B-$BFbIt$N(B- WWW $B%5!<%P>e$N%Z!<%8$r8+$k$3$H$K$J$j$^$9!#(B $B$3$l$r2sHr$9$k$?$a$NM#0l$NJ}K!$O!"$?$H$($P(B 8080 $B$N$h$&$JJL$J%]!<%H$G(B $BE>Aw$r$+$1$k$3$H$G$9!#(B $B$3$l$GF0:n$O$G$-$^$9$,!"FbIt$N%^%9%+%l!<%I$5$l$?(B WWW $B%5!<%P$KBP$9$k(B $B%"%/%;%9$KBP$7$F!"A4$F$N%$%s%?!<%M%C%H>e$N%f!<%6$O(B <EM>:8080</EM> $B$H$$$&J8;z$r(B URL $B$KDI2C$7$J$1$l$P$J$j$^$;$s!#(B <P> <P>$B$$$:$l$K$;$h!"%]!<%HE>Aw$rM-8z$K$9$k$K$O!"(B<EM>/etc/rc.d/rc.firewall</EM> $B%k!<%k%;%C%H$r(B $BJT=8$7$J$1$l$P$J$j$^$;$s!#$=$7$F!"<!$N$h$&$J9T$rDI2C$7(B "$extip" $B$H$$$&J8;zNs$r(B $B$"$J$?$N%$%s%?!<%M%C%H>e$N(B IP $B%"%I%l%9$KCV$-49$($J$1$l$P$J$j$^$;$s!#(B <P><B>$BCm0U(B - </B> $B$b$7!"(B PPP $B$d(B ADSL $B$d(B $B%1!<%V%k%b%G%`$J$I$N$h$&$J7A$G(B ISP $B$+$iF0E*$J(B IP $B%"%I%l%93d$jEv$F$r<u$1$F$$$k$J$i$P!"(B /etc/rc.d/rc.firewall $B%k!<%k%;%C%H$O$b$C$HCNE*$KF0:n$9$k$h$&:n@.$7$J$1$l$P$J$j$^$;$s!#(B $B$=$N$?$a$K$O!"4{=P$N(B <A HREF="#Strong-IPCHAINS-Rulesets">$B6/$$(B IPCHAINS $B$N%k!<%k%;%C%H(B</A> $B$N>O$+!"(B <A HREF="http://www.ecst.csuchico.edu/~dranch/LINUX/index-linux.html#TrinityOS">TrinityOS - Section 10</A> $B$r;2>H$7$F!"6/8G$J%k!<%k$HF0E*$J(B IP $B%"%I%l%93d$jEv$F$K4X$9$k>pJs$r(B $B;2>H$7$F$/$@$5$$!#(B $B$3$3$G$O$A$g$C$H$7$?%R%s%H$@$1$r(B - PPP $B%f!<%6$G$O(B /etc/ppp/ip-up $B$G$9!#(B <P> <P> <BLOCKQUOTE><CODE> <PRE> /etc/rc.d/rc.firewall -- #echo "IPPORTFW $B$K$h$k%j%@%$%l%/%7%g%s$r30It(B LAN $B$K$D$$$FM-8z$K(B .." # /usr/local/sbin/ipportfw -C /usr/local/sbin/ipportfw -A -t$extip/80 -R 192.168.0.10/80 # $B%]!<%H(B 20 $B$KBP$9$k%]!<%HE>Aw$OF0:nCf$N@\B3$KBP$7$F$OITMW$G$9!#(B # $BFbIt$K$"$k(B FTP $B%5!<%P$O%]!<%H(B 20 $BHV$G$N@\B3$r3+;O$7$F!"4{B8$N$d$jJ}$G$N(B # $B%^%9%+%l!<%I$5$l$?%3%s%T%e!<%?$r<h$j07$&$3$H$,$G$-$^$9!#(B -- </PRE> </CODE></BLOCKQUOTE> <P> <P>$B$3$l$@$1$G$9!*(B /etc/rc.d/rc.firewall $B%k!<%k%;%C%H$r:FEYF0$+$7$F%F%9%H$7$^$7$g$&!*(B <P> <P>$B$b$7$b!"(B"ipfwadm: setsockopt failed: Protocol not available" $B$H$$$&%(%i!<%a%C%;!<%8$,(B $B=P$F$7$^$C$?>l9g$O!"$"$J$?$O$^$@?7$7$$%+!<%M%k$rF0:n$5$;$F$$$J$$$3$H$K$J$j$^$9!#(B $B?7$7$$%+!<%M%k%U%!%$%k$rE,@Z$J>l=j$K0\F0$5$;$F!"(BLILO $B%3%^%s%I$r:F<B9T$7!"%7%9%F%`$r(B $B:F5/F0$5$;$F$/$@$5$$!#(B <P> <P>FTP $B%5!<%P$KBP$9$k%]!<%HE>Aw(B - <P> <P>$B$b$7FbIt%M%C%H%o!<%/$KB8:_$9$k(B FTP $B%5!<%P$X$N%]!<%HE>Aw$r9M$($F$$$k$J$i!";vBV$O(B $B$h$jJ#;($K$J$j$^$9!#$H$$$&$N$b!"I8=`E*$J(B <EM>IP_MASQ_FTP</EM> $B%+!<%M%k%b%8%e!<%k$O(B $B$3$N$h$&$JF0:n$N$?$a$K$O:n$i$l$F$$$J$$$K$b4X$i$:!"2??M$+$N%f!<%6$+$i$OLdBj$J$/F0$$$F(B $B$$$k$H$$$&Js9p$,$"$k$+$i$G$9!#;d$NCN$k$+$.$j!"%Q%C%A$r$"$F$J$$>uBV$G$O(B 30 $BJ,$r1[$($k(B $BE>Aw;~4V$rMW$9$k>l9g$K$*$$$F$O!"LdBj$,$J$$$H8@$C$F$$$k%f!<%6$G$bE>Aw$O<:GT$9$k$H(B $B;W$$$^$9!#$I$A$i$K$;$h!"4{B8$N(B ip_masq_ftp $B%b%8%e!<%k$r;H$C$?<!$N$h$&$J%]!<%HE>Aw$N(B $BJ}K!$r;n$_$F!"$"$J$?$N4D6-$GF0$/$+$I$&$+3N$+$a$F8+$k$3$H$r$*A&$a$7$^$9!#(B $B$b$7$=$l$,F0$+$J$$$J$i$P!"2~NI$5$l$?(B ip_masq_ftp $B%b%8%e!<%k$r;n$7$^$7$g$&!#(B <P>Fred Viles $B$O%]!<%HE>Aw$,F0:n$9$k$h$&$K2~NI$7$?(B IP_MASQ_FTP $B%b%8%e!<%k$r!"$=$l$i(B $B$rI,MW$H$9$k%f!<%6$N$?$a$K:n@.$7$F$$$^$9!#$3$N%b%8%e!<%k$,;H$($k$+$I$&$+$rD4$Y$?$$(B $B$J$i!"<!$N%"!<%+%$%V$r%@%&%s%m!<%I$7$F$_$F$/$@$5$$!#(BFred $B$N:n@.$7$?J8=q$G$O(B $B>\:Y$K=R$Y$i$l$F$$$^$9!#$^$?!"$3$N%Q%C%A$O$"$/$^$G<B83E*$J$b$N$J$N$G$=$N$D$b$j$G(B $B07$C$F$/$@$5$$!#$5$i$K!"(B2.0 $B7O%+!<%M%k$+$i(B 2.2 $B7O%+!<%M%k$^$G$N$$$/$D$+$N%Q%C%A$7$+(B $BB8:_$7$F$$$^$;$s!#(B <P> <P>$B$5$F!"(B2.0 $B7O%+!<%M%kMQ$N%Q%C%A$rF0$+$9$?$a$K$O!"<!$N;v9`$,I,MW$G$9(B - <P> <UL> <LI>$B$3$N>O$N:G=i$K@bL@$7$?$h$&$K!"(BIPPORTFW $B%+!<%M%k%Q%C%A$rE,MQ$7$^$9!#(B <P> </LI> <LI>"msqsrv-patch-36" $B%Q%C%A$r(B <A HREF="IP-Masquerade-HOWTO-2.html#2.0.x-Requirements">2.0.x $B%+!<%M%k$NI,MW>r7o(B</A> $B$N>O$K$"$k(B Fred Viles $B$N(B FTP $B%5!<%P$+$i<h$C$F$-$F!"(B/usr/src/linux $B$KCV$-$^$9!#(B <P> </LI> <LI>"cat msqsrv-patch-36 | patch -p1" $B$r<B9T$7$F!"?7$7$$%3!<%I$r%+!<%M%k$KE,MQ$7$^$9!#(B <P> </LI> <LI>$B$D$E$$$F!"%*%j%8%J%k$N(B <EM>"ip_masq_ftp.c"</EM> $B%+!<%M%k%b%8%e!<%k$r?7$7$$$b$N$K(B $BCV$-49$($^$9!#(B <P> <UL> <LI>mv /usr/src/linux/net/ipv4/ip_masq_ftp.c /usr/src/linux/net/ipv4/ip_masq_ftp.c.orig</LI> <LI>mv /usr/src/linux/ip_masq_ftp.c /usr/src/linux/net/ipv4/ip_masq_ftp.c</LI> </UL> <P> </LI> <LI>$B:G8e$K!"?7$7$$%3!<%I$r4^$s$@%+!<%M%k$r%S%k%I$7$F%$%s%9%H!<%k$7$^$9!#(B</LI> </UL> <P>$B$3$N:n6H$r=*$($F$+$i!"(B/etc/rc.d/rc.firewall $B%k!<%k%;%C%H$rJT=8$7$F!"<!$N$h$&$J9T$rDI2C(B $B$7$^$9$,!"(B"$extip"$B$NItJ,$O30It(B IP $B%"%I%l%9$H$J$k$h$&$KCm0U$7$F$/$@$5$$!#(B <P>$B$3$NNc$G$O!"@hDx$N$h$&$K%$%s%?!<%M%C%H$+$i$"$J$?$N(B TCP/IP $B%"%I%l%9$KBP$9$k(B FTP ($B%]!<%HHV9f(B 21) $B$N@\B3MW5a$O!"FbIt$K$"$k(B IP $B%"%I%l%9(B 192.168.0.10 $B$K$"$k%^%9%+%l!<%I$5$l$?%3%s%T%e!<%?$K(B $BE>Aw$5$l$^$9!#(B <P>$BCm0U(B - $B0lC6%]!<%H(B 21 $B$G%]!<%HE>Aw$rM-8z$K$9$k$H!"$3$N%]!<%H$O(B IP $B%^%9%+%l!<%I%5!<%P$+$i$O;H$($J$/$J$j$^$9!#(B $B$D$^$j!"(B FTP $B%5!<%P$,$"$i$+$8$a%^%9%+%l!<%I%5!<%P$GF0:n$7$F$$$?$H$7$?$i!"(B $B%]!<%HE>Aw$O$9$Y$F$N%$%s%?!<%M%C%H$+$i$N@\B3$KBP$7$F$O!"(B $B%^%9%+%l!<%I%5!<%P$G$O$J$/FbIt$N(B FTP $B%5!<%P$X$N@\B3$r(B $BDs6!$9$k$3$H$K$J$j$^$9!#(B <P> <P> <BLOCKQUOTE><CODE> <PRE> /etc/rc.d/rc.firewall -- #echo "IPPORTFW $B$K$h$k%j%@%$%l%/%7%g%s$r30It(B LAN $B$K$D$$$FM-8z$K(B .." # /usr/local/sbin/ipportfw -C /usr/local/sbin/ipportfw -A -t$extip/21 -R 192.168.0.10/21 #$BCm0U(B - $B$b$7$"$J$?$,J#?t$N%m!<%+%k$J%]!<%HHV9f$r;H$C$F$$$F%]!<%HE>Aw$r(B # $BJ#?t$N(B FTP $B%5!<%P(B($B$?$H$($P(B 21,2121,2112$B$J$I(B)$B$KBP$7$F9T$$$?$$$J$i(B # ip_masq_ftp $B%b%8%e!<%k$rJ#?t$N%]!<%H$KBP$7$F%j%9%s$9$k$h$&$K@_Dj(B # $B$7$J$1$l$P$J$j$^$;$s!#$=$N$?$a$K$O!"$?$H$($P!"(B # /etc/rc.d/rc.firewall $B$NFbMF$r(B # # /sbin/modprobe ip_masq_ftp ports=21,2121,2112 # # $B$N$h$&$K$7!"$3$l$,M-8z$H$J$k$h$&$K(B /etc/rc.d/rc.firewall $B%9%/%j%W%H$r(B # $B:FEY<B9T$7$J$1$l$P$J$j$^$;$s!#(B # $B%]!<%H(B 20 $B$KBP$9$k%]!<%HE>Aw$OF0:nCf$N@\B3$KBP$7$F$O$*$=$i$/ITMW$G$9!#(B # $BFbIt$K$"$k(B FTP $B%5!<%P$O%]!<%H(B 20 $BHV$G$N@\B3$r3+;O$7$F!"4{B8$N$d$jJ}$G$N(B # $B%^%9%+%l!<%I$5$l$?%3%s%T%e!<%?$r<h$j07$&$3$H$,$G$-$^$9!#(B -- </PRE> </CODE></BLOCKQUOTE> <P> <P>$B$3$l$@$1$G$9(B! /etc/rc.d/rc.firewall $B%k!<%k%;%C%H$r:FEYF0$+$7$F%F%9%H$7$^$7$g$&(B! <P> <P>$B$b$7$b!"(B"ipfwadm: setsockopt failed: Protocol not available" $B$H$$$&%(%i!<%a%C%;!<%8$,(B $B=P$F$7$^$C$?>l9g$O!"$"$J$?$O$^$@?7$7$$%+!<%M%k$rF0:n$5$;$F$$$J$$$3$H$K$J$j$^$9!#(B $B?7$7$$%+!<%M%k%U%!%$%k$rE,@Z$J>l=j$K0\F0$5$;$F!"(BLILO $B%3%^%s%I$r:F<B9T$7!"%7%9%F%`$r(B $B:F5/F0$5$;$F$/$@$5$$!#?7$7$$%+!<%M%k$rF0$+$7$F$$$k$D$b$j$J$N$K!"$3$N%(%i!<$,=P$?>l9g$O!"(B "ls /proc/net" $B$r<B9T$7$F(B "ip_portfw" $B%U%!%$%k$,B8:_$9$k$+$I$&$+3NG'$7$F$/$@$5$$!#(B $B$3$l$,B8:_$7$J$$>l9g$O!"%+!<%M%k$N9=@.;~$K%(%i!<$,=P$F$$$k$O$:$G$9!#$b$&0lEY$d$jD>$7$^$7$g$&!#(B <P> <A NAME="CuSeeme"></A> <P> <H2><A NAME="ss6.9">6.9 CU-SeeMe $B$H(B Linux $B$N(B IP $B%^%9%+%l!<%I(B</A> </H2> <P> <P>Linux $B$G$N(B IP $B%^%9%+%l!<%I$G$O(B <EM>"ip_masq_cuseeme"</EM> $B%+!<%M%k%b%8%e!<%k$r(B $B;H$&$3$H$K$h$C$F(B CuSeeme $B$r%5%]!<%H$7$F$$$^$9!#(B $B$3$N%+!<%M%k%b%8%e!<%k$O!"(B /etc/rc.d/rc.firewall $B%9%/%j%W%H$G(B $BFI$_$3$^$l$J$1$l$P$J$j$^$;$s!#(B "ip_masq_cuseeme" $B%b%8%e!<%k$,FI$_9~$^$l$k$H!"%j%b!<%H$N%j%U%l%/%?(B $B!ZLuCm(B: CU-SeeMe$B$N%5!<%P$N$3$H![$d%f!<%6$H$N4V$G@\B3$r9T$&$3$H$,$G$-$^$9!#(B <P> <P>$BCm0U(B - CuSeeme $B$r;HMQ$9$k>l9g$O!"(BIPAUTOFW $B$h$j(B IPPORTFW $B%D!<%k$r;H$$$^$7$g$&!#(B <P> <P> <P>$B$b$7(B CuSeeMe $B$KBP$7$F$b$&>/$7L@3N$J>pJs$,I,MW$J$i$P!"(B <A HREF="http://www.swampgas.com/vc/ipmcus.htm">Michael Owings's CuSeeMe page</A> $B$K$"$k(B Mini-HOWTO $B$+(B <A HREF="http://ipmasq.cjb.net/">IP $B%^%9%+%l!<%I$N>pJs8;(B</A> $B$K%_%i!<$5$l$?FbMF$r8+$F$/$@$5$$!#(B <P> <P> <A NAME="ICQ"></A> <P> <H2><A NAME="ss6.10">6.10 $B%_%i%S%j%9<R$N(B ICQ</A> </H2> <P>Linux $B$N%^%9%+%l!<%I%5!<%P$NGX8e$G(B ICQ $B$rF0$+$9$h$&$K$9$k$?$a$NJ}K!$OFs$D$"$j$^$9!#(B $B0l$D$NJ}K!$O!"(BICQ $B$N%^%9%+%l!<%I%b%8%e!<%k$r;H$&$3$H$G!"$b$&0l$D$O(B IPPORTFW $B$r(B $B;H$&$3$H$G$9!#(B <P>ICQ $B%^%9%+%l!<%I%b%8%e!<%k$K$O$$$/$D$+$NMxE@$,$"$j$^$9!#$3$N%b%8%e!<%k$OJ#?t(B $B$N(B ICQ $B%f!<%6$KBP$7$F$bC1=c$J@_Dj$GF0:n$7$^$9!#$^$?(B ICQ $B%/%i%$%"%s%H%W%m%0%i%`$K(B $BBP$7$F$J$s$iFCJL$JJQ99$r2C$($kI,MW$,$"$j$^$;$s!#:G6a$G$O(B $B$3$N%b%8%e!<%k$N%P!<%8%g%s(B 2.2 $B7O%+!<%M%k$X$N%"%C%W%G!<%H$G$O%U%!%$%kE>Aw$d%j%"%k%?%$%`%A%c%C%H$b%5%]!<%H$9$k(B $B$h$&$K$J$j$^$7$?!#(B $B$7$+$7!"(B2.0 $B7O%+!<%M%k$G$O%U%!%$%kE>Aw$d%j%"%k%?%$%`%A%c%C%H$O40A4$K$O%5%]!<%H(B $B$5$l$F$$$^$;$s!#$H$b$+$/!"(B2.2 $B7O%+!<%M%k$N>e$G(B IP $B%^%9%+%l!<%I$r9T$C$F(B ICQ $B$rF0$+$9(B $B$h$&$K$7$?$[$&$,$$$$$@$m$&$H$O;W$$$^$9!#(B <P> <P>IPPORTFW $B$r@_Dj$9$k>l9g!"(BLinux $B$H(B ICQ $B%/%i%$%"%s%H$KBP$7$F(B ICQ $B%a%C%;!<%8%s%0!"(B URL$B!"%A%c%C%H!"%U%!%$%kE>Aw$J$I$J$I$rJQ99$7$J$1$l$P$J$j$^$;$s!#(B <P>$B$b$7!"(B Andrew Deryabin $B$N(B <A HREF="mailto:djsf@usa.net">djsf@usa.net</A> 2.2 $B7O%+!<%M%k8~$1(B ICQ IP $B%^%9%+%l!<%I%b%8%e!<%k$K(B $B4X?4$,$"$k$J$i!"(B <A HREF="IP-Masquerade-HOWTO-2.html#2.2.x-Requirements">2.2.x $B%+!<%M%k$NI,MW>r7o(B</A> $B$N>O$K>\$7$$@bL@$,$"$j$^$9!#(B <P> <P>$B%^%9%+%l!<%I%5!<%P$NFbIt$G(B ICQ $B$rF0$+$9$?$a$K8EE5E*$JJ}K!$r<h$j$?$$>l9g$O!"(B $B<!$N$h$&$JJ}K!$G9T$$$^$9(B - <P> <UL> <LI> $B$^$::G=i$K!"(BIPPPORTFW $B$rM-8z$K$7$?>uBV$G%+!<%M%k$rF0:n$5$;$^$9!#(B <A HREF="#Forwarders">$B%U%)%o!<%@(B ($B%]!<%HE>Aw%D!<%k(B)</A> $B$N>O$r;2>H$7$F$/$@$5$$!#(B <P> <UL> <LI> $BB3$$$F!"(B/etc/rc.d/rc.firewall $B%U%!%$%k$K<!$N$h$&$J5-=R$rDI2C$7$^$9!#(B $B$3$NNc$G$O!"(B10.1.2.3 $B$O30It$N(B IP $B%"%I%l%9$G!"FbIt$N%3%s%T%e!<%?$N(B IP $B%"%I%l%9$O(B 192.168.0.10 $B$G$"$k$H2>Dj$7$F$$$^$9!#(B <P>$B2<5-$O!"(BIPFWADM $B$K$h$k(B 2.0 $B7O%+!<%M%k$N$?$a$NNc$G$9!#(B <P> <P> <PRE> $B$3$3$GFs$D$NNc$r$"$2$F$*$-$^$7$?!#$I$A$i$bLdBj$J$/F0:n$7$^$9!#(B $BNc$=$N(B 1 -- /usr/local/sbin/ipportfw -A -t10.1.2.3/2000 -R 192.168.0.10/2000 /usr/local/sbin/ipportfw -A -t10.1.2.3/2001 -R 192.168.0.10/2001 /usr/local/sbin/ipportfw -A -t10.1.2.3/2002 -R 192.168.0.10/2002 /usr/local/sbin/ipportfw -A -t10.1.2.3/2003 -R 192.168.0.10/2003 /usr/local/sbin/ipportfw -A -t10.1.2.3/2004 -R 192.168.0.10/2004 /usr/local/sbin/ipportfw -A -t10.1.2.3/2005 -R 192.168.0.10/2005 /usr/local/sbin/ipportfw -A -t10.1.2.3/2006 -R 192.168.0.10/2006 /usr/local/sbin/ipportfw -A -t10.1.2.3/2007 -R 192.168.0.10/2007 /usr/local/sbin/ipportfw -A -t10.1.2.3/2008 -R 192.168.0.10/2008 /usr/local/sbin/ipportfw -A -t10.1.2.3/2009 -R 192.168.0.10/2009 /usr/local/sbin/ipportfw -A -t10.1.2.3/2010 -R 192.168.0.10/2010 /usr/local/sbin/ipportfw -A -t10.1.2.3/2011 -R 192.168.0.10/2011 /usr/local/sbin/ipportfw -A -t10.1.2.3/2012 -R 192.168.0.10/2012 /usr/local/sbin/ipportfw -A -t10.1.2.3/2013 -R 192.168.0.10/2013 /usr/local/sbin/ipportfw -A -t10.1.2.3/2014 -R 192.168.0.10/2014 /usr/local/sbin/ipportfw -A -t10.1.2.3/2015 -R 192.168.0.10/2015 /usr/local/sbin/ipportfw -A -t10.1.2.3/2016 -R 192.168.0.10/2016 /usr/local/sbin/ipportfw -A -t10.1.2.3/2017 -R 192.168.0.10/2017 /usr/local/sbin/ipportfw -A -t10.1.2.3/2018 -R 192.168.0.10/2018 /usr/local/sbin/ipportfw -A -t10.1.2.3/2019 -R 192.168.0.10/2019 /usr/local/sbin/ipportfw -A -t10.1.2.3/2020 -R 192.168.0.10/2020 -- $BNc$=$N(B 2 -- port=2000 while [ $port -le 2020 ] do /usr/local/sbin/ipportfw -A t10.1.2.3/$port -R 192.168.0.10/$port port=$((port+1)) done -- </PRE> <P>IPCHAINS $B$r;H$C$?(B 2.2 $B7O%+!<%M%k$N$?$a$NNc$r<!$K<($7$^$9(B - <P> <P> <PRE> $B$3$3$GFs$D$NNc$r$"$2$F$*$-$^$7$?!#$I$A$i$bLdBj$J$/F0:n$7$^$9(B - $BNc$=$N(B 1 -- /usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2000 -R 192.168.0.10 2000 /usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2001 -R 192.168.0.10 2001 /usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2002 -R 192.168.0.10 2002 /usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2003 -R 192.168.0.10 2003 /usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2004 -R 192.168.0.10 2004 /usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2005 -R 192.168.0.10 2005 /usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2006 -R 192.168.0.10 2006 /usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2007 -R 192.168.0.10 2007 /usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2008 -R 192.168.0.10 2008 /usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2009 -R 192.168.0.10 2009 /usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2010 -R 192.168.0.10 2010 /usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2011 -R 192.168.0.10 2011 /usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2012 -R 192.168.0.10 2012 /usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2013 -R 192.168.0.10 2013 /usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2014 -R 192.168.0.10 2014 /usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2015 -R 192.168.0.10 2015 /usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2016 -R 192.168.0.10 2016 /usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2017 -R 192.168.0.10 2017 /usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2018 -R 192.168.0.10 2018 /usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2019 -R 192.168.0.10 2019 /usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 2020 -R 192.168.0.10 2020 -- $BNc$=$N(B 2 -- port=2000 while [ $port -le 2020 ] do /usr/local/sbin/ipmasqadm portfw -a -P tcp -L 10.1.2.3 $port -R 192.168.0.10 $port port=$((port+1)) done -- </PRE> <P> <P> </LI> <LI><P>$B?7$7$$(B rc.firewall $B$,=`Hw$G$-$?$i!"(B"/etc/rc.d/rc.firewall" $B$H%?%$%W$7$F(B $B@_Dj$,LdBj$J$$$3$H$r3NG'$9$k$?$a$K%k!<%k%;%C%H$N:FFI$_9~$_$r9T$$$^$9!#(B $B$b$72?$+%(%i!<$,=P$?>l9g!"(BIPPORTFW $B%5%]!<%H$N$"$k%+!<%M%k$rF0:n$5$;$F$$$J$$$+!"(B rc.firewall $B%U%!%$%k$K$J$K$+%?%$%W%_%9$,$"$k$3$H$G$7$g$&!#(B </LI> <LI><P>ICQ $B$N(B [$B%W%j%U%!%l%s%9(B] - [$B@\B3(B] $B@_Dj$G(B "LAN$B$+$i;H$&(B" $B$H(B "$B%U%!%$%"%&%)!<%k$^$?$O%W%m%-%7$r7PM3$7$F;H$&(B" $B$r@_Dj$7$F$/$@$5$$!#(B $B$=$l$+$i!"(B "$B%U%!%$%"%&%)!<%k@_Dj(B" $B$r%/%j%C%/$7$F!"(B"SOCKS $B%W%m%-%7$r(B $B;H$o$J$$(B" $B$r@_Dj$7$^$9!#(B $B0JA0$O(B "$B%U%!%$%"%&%)!<%k%?%$%`%"%&%H(B" $B$r(B "30" $B$K$9$k$3$H$r?d>)$7$F(B $B$$$^$7$?$,!"B?$/$NMxMQ<T$O$3$l$K$h$j(B ICQ $B$N?.Mj@-$,2<$,$k$3$H$K(B $B5$$E$$$F$$$kE@$KCm0U$7$F$/$@$5$$!#(B ICQ $B$O5,Dj$N%?%$%`%"%&%H@_Dj(B ($B$3$N(B ICQ $B%*%W%7%g%s$rM-8z$K$7$J$$>uBV(B) $B$,(B $B:G$b?.Mj@-$,9b$$$N$G!"%^%9%+%l!<%I%5!<%P$G$N%?%$%`%"%&%H$r(B160$BIC$K$7$^$9!#(B $B$3$N%?%$%`%"%&%H@_Dj$rJQ99$9$kJ}K!$K$D$$$F$O(B <A HREF="IP-Masquerade-HOWTO-3.html#rc.firewall-2.0.x">rc.firewall-2.0.x</A> $B$H(B <A HREF="IP-Masquerade-HOWTO-3.html#rc.firewall-2.2.x">rc.firewall-2.2.x</A> $B%k!<%k%;%C%H$r;2>H$7$F$/$@$5$$!#(B $B$=$l$+$i!"(B "$B<!$X(B" $B$r%/%j%C%/$7$F(B "$B0J2<$N(B TCP $B4F;k%]!<%H$r;H$&(B" $B$N(B $B9`L\$G$O!"(B "2000" $B$+$i(B "2020" $B$^$G$r;XDj$7$F$/$@$5$$!#$=$7$F(B"$B40N;(B"$B$r(B $B%/%j%C%/$7$F=*$o$j$G$9!#(B <P>ICQ $B%/%i%$%"%s%H$OJQ99$rM-8z$K$9$k$?$a$K(B ICQ $B$N:F5/F0$rB%$7$F$-$^$9!#<B$O!";d$N(B $B>l9g$OJQ99$r@5$7$/H?1G$5$;$FF0$+$9$?$a$K(B Windows9x $B<+BN$r:F5/F0$5$;$J$1$l$P$J$j(B $B$^$;$s$G$7$?$,!"$"$k?M$O$=$s$J$3$H$r$9$kI,MW$O$J$$$H$b8@$C$F$$$^$9!#$b$7$@$a$J$iN>J}(B $B;n$7$F$_$F$/$@$5$$!#(B </LI> </UL> <P> </LI> <LI> $B$"$k?M$O%]!<%HHV9f(B 4000 $B$@$1$r(B ICQ $B$NF0$$$F$$$k%^%7%s$K%]!<%HE>Aw$9$k$@$1$N(B $B>uBV$,%Y%9%H$@!"$H$bOC$7$F$/$l$^$7$?!#H`$O$3$l$@$1$G(B ICQ $B<+BN$N@_Dj$r4{DjCM$+$i2?$i(B $BJQ99$9$k$3$H$J$/A4It$N5!G=(B($B%A%c%C%H!"%U%!%$%kE>Aw$J$I(B)$B$,$&$^$/F0:n$7$?$HJs9p$7$F$$$^$9!#(B $B$*$=$i$/$d$jJ}$O$?$/$5$s$"$k$N$G$7$g$&$,!"JL$J@_Dj$NJ}K!$r;n$9$N$b$$$$$+$b$7$l$^$;$s!#(B</LI> </UL> <P> <A NAME="LooseUDP"></A> <P> <H2><A NAME="ss6.11">6.11 $B%2!<%^!<8~$1(B - LooseUDP $B%Q%C%A(B</A> </H2> <P> <P>LooseUDP $B%Q%C%A$O(B NAT $B$H$N?FOB@-$,$"$j!"DL>o(B UDP $B$rMQ$$$k%2!<%`$r(B Linux IP $B%^%9%+%l!<%I%5!<%P$NGX8e$GLdBj$J$/F0:n$5$;$k$?$a$N$b$N$G$9!#(B $B:#$N$H$3$m!"(BLooseUDP $B$O%P!<%8%g%s(B 2.0.36 $B0J>e$N%+!<%M%k$KBP$7$F$O(B $B%Q%C%A$H$7$FDs6!$5$l!"(B2.2.3 $B0J>e$N%+!<%M%k$K$OAH$_9~$^$l$F$$$^$9$,!"(B 2.2.16 $B0J>e$N%+!<%M%k$G$O%G%U%)%k%H$G6X;_>uBV$K$J$C$F$$$^$9!#(B <P> <P>LooseUDP $B$r(B2.0.x $B7O%+!<%M%k$GF0:n$5$;$k$K$O<!$N<j=g$K=>$$$^$9(B - <P> <UL> <LI>$B:G?7$N(B 2.0.x $B%+!<%M%k$rMQ0U$7!"(B/usr/src/linux $B%G%#%l%/%H%j$KE83+$7$^$9!#(B <P> </LI> <LI>$B%P!<%8%g%s(B 2.0.x $B$G$OI,?\(B - IPPORTFW $B%Q%C%A$r!"$3$N(B HOW-TO $B$N(B <A HREF="IP-Masquerade-HOWTO-2.html#2.0.x-Requirements">2.0.x $B%+!<%M%k$NI,MW>r7o(B</A> $B$N>O$+!"$^$?$O(B <A HREF="#Forwarders">$B%U%)%o!<%@(B ($B%]!<%HE>Aw%D!<%k(B)</A> $B$N>O$r;29M$K$7$F$/$@$5$$!#(B <P> </LI> <LI> <A HREF="IP-Masquerade-HOWTO-2.html#2.0.x-Requirements">2.0.x $B%+!<%M%k$NI,MW>r7o(B</A> $B$N>O$+$i(B LooseUDP $B%Q%C%A$r%@%&%s%m!<%I$7$^$9!#(B <P>LooseUDP $B%Q%C%A$r(B /usr/src/linux $B%G%#%l%/%H%j$KCV$-!"<!$N$h$&$K%?%$%W$7$^$9!#(B <P> <BLOCKQUOTE><CODE> $B05=L$5$l$?%Q%C%A%U%!%$%k$N>l9g(B - zcat loose-udp-2.0.36.patch.gz | patch -p1 </CODE></BLOCKQUOTE> <P> <BLOCKQUOTE><CODE> $B05=L$5$l$F$$$J$$%Q%C%A%U%!%$%k$N>l9g(B - cat loose-udp-2.0.36.patch | patch -p1 </CODE></BLOCKQUOTE> <P> <P> <P>$B$*;H$$$N(B patch $B%W%m%0%i%`$N%P!<%8%g%s$K$b$h$j$^$9$,!"<!$N$h$&$J%F%-%9%H$r(B $B8+$k$3$H$K$J$k$G$7$g$&(B - <P> <P> <BLOCKQUOTE><CODE> <PRE> patching file `CREDITS' patching file `Documentation/Configure.help' patching file `include/net/ip_masq.h' patching file `net/ipv4/Config.in' patching file `net/ipv4/ip_masq.c' </PRE> </CODE></BLOCKQUOTE> <P>$B$b$7!"(B"Hunk FAILED" $B$,%Q%C%A2aDx$N3F!9$G$=$l$>$l0lEY$@$1I=<($5$l$F$$$k$J$i!"$=$l$O(B $B7Y9p$G$O$"$j$^$;$s!#8E$$%Q%C%A%U%!%$%k$,Ev$?$C$F$$$k$N$@$H;W$o$l$^$9$,!"$3$N>uBV$G$"$l$P(B $BF0:n$7$^$9!#A4$/<:GT$K=*$o$C$F$7$^$C$?>l9g$O!"(BIPPORTFW $B%Q%C%A$,%+!<%M%k$KE,MQ$5$l$F$$$k(B $B$+$I$&$+!"$^$:3NG'$7$F$_$F$/$@$5$$!#(B <P>$B$3$N%Q%C%A$,AH$_9~$^$l$k$H!"(B <A HREF="IP-Masquerade-HOWTO-3.html#Kernel-Compile">$B%+!<%M%k$N%3%s%Q%$%k(B</A> $B$N>O$K<($5$l$F$$$kDL$j$K(B "IP: loose UDP port managing (EXPERIMENTAL) (CONFIG_IP_MASQ_LOOSE_UDP) [Y/n/?]" $B%*%W%7%g%s(B $B$KBP$7$F(B "Y" $B$HEz$($F9=@.$7$F$/$@$5$$!#(B </LI> </UL> <P>2.2 $B7O%+!<%M%k$G(B LooseUDP $B$,F0$/$h$&$K$9$k$?$a$K$O!"<!$N$h$&$J<j=g$r<B;\$7$^$9(B - <UL> <LI>/etc/rc.d/rc.firewall $B%9%/%j%W%H$N:G8e$N$"$?$j$K$"$k(B LooseUDP $B$N9`L\$rC5$7$^$9!#(B <CODE>echo "0" > /proc/sys/net/ipv4/ip_masq_udp_dloose</CODE> $B$H$$$&9T$K$"$k(B "0" $B$r(B "1" $B$KJQ99$7$F!"(B rc.firewall $B%k!<%k%;%C%H$r:F<B9T$7$^$9!#(B $B$3$N<BNc$O!"(B <A HREF="IP-Masquerade-HOWTO-3.html#rc.firewall-2.2.x">rc.firewall-2.2.x</A> $B$H(B <A HREF="#stronger-rc.firewall-2.2.x">stronger-rc.firewall-2.2.x</A> $B$K$"$j$^$9!#(B</LI> </UL> <P>$B?7$7$/(B LooseUDP $B$,M-8z$H$J$C$?%+!<%M%k$rF0$+$9$H!"KX$I$N(B NAT $B$H$N(B $B?FOB@-$N$"$k%2!<%`$,LdBj$J$/F0$/$h$&$K$J$j$^$9!#(B $B$$$/$D$+$N%Z!<%8$G!"(B BattleZone $B$J$I$H$$$C$?%2!<%`$K(B NAT $B?FOB@-$r(B $B;}$?$;$k%Q%C%A$rDs6!$9$k(B web $B%Z!<%8$b$"$j$^$9!#(B $B>\:Y$O(B <A HREF="#Game-Clients">Game-Clients</A> $B$N>O$r;2>H$7$F$/$@$5$$!#(B <P> <P> <P> <P> <P> <P> <HR> <A HREF="IP-Masquerade-HOWTO-7.html">$B<!$N%Z!<%8(B</A> <A HREF="IP-Masquerade-HOWTO-5.html">$BA0$N%Z!<%8(B</A> <A HREF="IP-Masquerade-HOWTO.html#toc6">$BL\<!$X(B</A> </BODY> </HTML>