$FreeBSD: head/ja_JP.eucJP/articles/dialup-firewall/article.sgml 39544
2012-09-14 17:47:48Z gabor $
FreeBSD ¤Ï The FreeBSD Foundation ¤ÎÅÐÏ¿¾¦É¸¤Ç¤¹¡£
À½Â¤¼Ô¤ª¤è¤ÓÈÎÇä¼Ô¤¬À½Éʤò¶èÊ̤¹¤ë¤Î¤Ë ÍѤ¤¤Æ¤¤¤ëɽ¼¨¤Î¿¤¯¤Ï¡¢¾¦É¸¤È¤µ¤ì¤Æ¤¤¤Þ¤¹¡£ ¤³¤Îʸ½ñ¤ËÅо줹¤ëɽ¼¨¤Î¤¦¤Á FreeBSD Project ¤¬¤½¤Î¾¦É¸¤ò³Îǧ¤·¤Æ¤¤¤ë¤â¤Î¤Ë¤Ï¡¢¤½¤Îɽ¼¨¤Ë³¤¤¤Æ “™” ¤Þ¤¿¤Ï “®” µ¹æ¤¬¤ª¤«¤ì¤Æ¤¤¤Þ¤¹¡£
¤³¤Îµ»ö¤Ï FreeBSD ¤Î PPP ¥À¥¤¥¢¥ë¥¢¥Ã¥×¤È IPFW ¤òÍѤ¤¤Ê¤¬¤é¤É¤Î¤è¤¦¤Ë¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤ò¥»¥Ã¥È¥¢¥Ã¥×¤¹¤ë¤«¡¢ ÆäËưŪ¤Ë³ä¤êÅö¤Æ¤é¤ì¤¿ IP ¥¢¥É¥ì¥¹¤Ë¤è¤ë¥À¥¤¥¢¥ë¥¢¥Ã¥×¾å¤Î¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤Ë¤Ä¤¤¤Æ¡¢ »ö¼Â¤ò¸µ¤Ë¾ÜºÙ¤ËÀâÌÀ¤·¤Þ¤¹¡£ ¤Ê¤ª¡¢»Ï¤á¤Ë¤·¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤ PPP Àܳ¤ÎÀßÄê¤Ë¤Ä¤¤¤Æ¤Ï¿¨¤ì¤Æ ¤¤¤Þ¤»¤ó¡£PPP Àܳ¤ÎÀßÄê¤Ë¤Ä¤¤¤Æ¾Ü¤·¤¤¤³¤È¤Ï¡¢ppp(8) ¤Î¥Þ ¥Ë¥å¥¢¥ë¤ò»²¹Í¤Ë¤·¤Æ¤¯¤À¤µ¤¤¡£
FreeBSD ¤Ë¤è¤ë¥À¥¤¥¢¥ë¥¢¥Ã¥×¼°¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤Î¹½ÃÛ
¤³¤Îʸ½ñ¤Ï¤¢¤Ê¤¿¤Î ISP ¤Ë¤è¤Ã¤Æ IP ¥¢¥É¥ì¥¹¤¬Æ°Åª¤Ë³ä¤êÅö¤Æ¤é¤ì¤ë¾ì¹ç¤Ë¡¢FreeBSD
¤Ç ¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤òÀßÄꤹ¤ë¤Î¤ËɬÍפʼê½ç¤Î³µÎ¬¤ò½Ò¤Ù¤ë¤â¤Î¤Ç¤¹¡£
¤³¤Îʸ½ñ¤ò²Äǽ¤Ê¸Â¤êͱפÇÀµ³Î¤Ê¤â¤Î¤Ë¤¹¤ë¤¿¤á¤ËÅØÎϤ·¤Æ¤¤¤ë¤Î¤Ç¡¢
¤É¤¦¤¾½¤Àµ¡¢°Õ¸«¤äÄó°Æ¤ò¡¢ <marcs@draenor.org>
°¸¤ÇÃø¼Ô¤ËÁ÷¤Ã¤Æ²¼¤µ¤¤¡£
IPFW ¤ò»È¤¦¤¿¤á¤Ë¤Ï¡¢¤½¤ì¤ËÂбþ¤¹¤ë¤è¤¦¤Ë¥«¡¼¥Í¥ë¤ò ¥³¥ó¥Ñ¥¤¥ë¤·¤Ê¤±¤ì¤Ð¤Ê¤ê¤Þ¤»¤ó¡£ ¥«¡¼¥Í¥ë¤òºÆ¥³¥ó¥Ñ¥¤¥ë¤¹¤ëÊýË¡¤Ë¤Ä¤¤¤Æ¤Î¤µ¤é¤Ê¤ë¾ðÊó¤Ï¡¢ ¥Ï¥ó¥É¥Ö¥Ã¥¯¤Î ¥«¡¼¥Í¥ë¤Î¥³¥ó¥Õ¥£¥°¥ì¡¼¥·¥ç¥ó¤ÎÀá¤ò¤´Í÷¤¯¤À¤µ¤¤¡£ IPFW ¤ËÂбþ¤¹¤ë¤Ë¤Ï¡¢¥«¡¼¥Í¥ë¤ÎÀßÄê¥Õ¥¡¥¤¥ë¤Ë°Ê²¼¤Î¥ª¥×¥·¥ç¥ó¤ò Äɲ䷤ʤ±¤ì¤Ð¤Ê¤ê¤Þ¤»¤ó¡£
¥«¡¼¥Í¥ë¤Î¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤Î¥³¡¼¥É¤ò͸ú¤Ë¤·¤Þ¤¹¡£
注意: ¤³¤Îʸ½ñ¤Ç¤Ï¡¢FreeBSD 5.X ¤òÆ°¤«¤·¤Æ¤¤¤ë¤È²¾Äꤷ¤Æ ¤¤¤Þ¤¹¡£FreeBSD 4.X ¤òÆ°¤«¤·¤Æ¤¤¤ë¥æ¡¼¥¶¡¼¤Ï¡¢¥«¡¼¥Í¥ë¤ò IPFW2 ¤ËÂбþ¤¹¤ë¤è¤¦ ºÆ¥³¥ó¥Ñ¥¤¥ë¤·¤Ê¤±¤ì¤Ð¤Ê¤ê¤Þ¤»¤ó¡£FreeBSD 4.X ¤Î¥æ¡¼¥¶¡¼¤Ï¡¢ ¥·¥¹¥Æ¥à¤Ç IPFW2 ¤òÍøÍѤ¹¤ë¤¿¤á¤Î¾ÜºÙ¤Ï ipfw(8) ¤Î¥Þ¥Ë¥å¥¢¥ë¥Ú¡¼¥¸¤ò»²¹Í¤Ë¤·¤Æ¤¯¤À¤µ¤¤¡£Æäˡ¢ USING IPFW2 IN FreeBSD-STABLE ¤È¤¤¤¦Àá¤ÏÃí°Õ¿¼¤¯Æɤó¤Ç¤¯¤À¤µ¤¤¡£
¥·¥¹¥Æ¥à¤Î logger ¤ØµÏ¿¤µ¤ì¤¿¥Ñ¥±¥Ã¥È¤òÁ÷¤ê¤Þ¤¹¡£
Åö¤Æ¤Ï¤Þ¤ë¥¨¥ó¥È¥ê¤¬µÏ¿¤µ¤ì¤¦¤ë¿ô¤òÀ©¸Â¤·¤Þ¤¹¡£ ¤³¤ì¤Ï¡¢¥µ¡¼¥Ó¥¹ÉÔǽ (DoS) ¹¶·â¤¬µ¯¤¤Æ¤â¡¢syslog ¤¬°î¤ì¤ë ´í¸±¤òÈò¤±¤Æ¡¢¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤Î³èÆ°¤òµÏ¿¤Ç¤¤ë¤è¤¦¤Ë¤·¤Þ¤¹¡£ 500 ¤ÏÂÅÅö¤Ê¿ô¤Ç¤¹¤¬¡¢¤¢¤Ê¤¿¤Î Í×·ï¤Ë´ð¤Å¤¤¤ÆÄ´À°¤Ç¤¤Þ¤¹¡£
警告¥«¡¼¥Í¥ë¤ÎºÆ¥³¥ó¥Ñ¥¤¥ë¤¬´°Î»¤·¤Æ¤â¡¢¥·¥¹¥Æ¥à¤ò ºÆµ¯Æ°¤·¤Ê¤¤¤Ç²¼¤µ¤¤¡£ ¤½¤¦¤·¤Æ¤·¤Þ¤¦¤È¡¢·ë²ÌŪ¤Ë¥·¥¹¥Æ¥à¤«¤éÊĤá½Ð¤µ¤ì¤Æ¤·¤Þ¤¦ ²ÄǽÀ¤¬¤¢¤ê¤Þ¤¹¡£¥ë¡¼¥ë¥»¥Ã¥È¤òŬÀÚ¤ËÇÛÃÖ¤·¡¢´ØÏ¢¤¹¤ëÀßÄê¥Õ¥¡¥¤¥ë¤ò ¤¹¤Ù¤Æ¹¹¿·¤¹¤ë¤Þ¤Ç¤ÏºÆµ¯Æ°¤·¤Æ¤Ï¤¤¤±¤Þ¤»¤ó¡£
¥·¥¹¥Æ¥à¤Ç¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤ò͸ú¤Ë¤·¡¢¥ë¡¼¥ë¥Õ¥¡¥¤¥ë¤Î¤¢¤ê¤«¤ò »ØÄꤹ¤ë¤¿¤á¤Ë /etc/rc.conf ¤ò¼ã´³Êѹ¹¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£ /etc/rc.conf ¤Ë°Ê²¼¤Î¹Ô¤ò²Ã¤¨¤Æ¤¯¤À¤µ¤¤¡£
firewall_enable="YES" firewall_script="/etc/firewall/fwrules"
¾åµ¤ÎÀßÄê¤Ë´Ø¤¹¤ë¤è¤ê¾Ü¤·¤¤¾ðÊó¤Ï /etc/defaults/rc.conf ¤ò»²¾È¤·¤¿¾å¤Ç¡¢ rc.conf(5) ¤òÆɤó¤Ç²¼¤µ¤¤¡£
¥Í¥Ã¥È¥ï¡¼¥¯Æâ¤Î¥¯¥é¥¤¥¢¥ó¥È¤¬¥²¡¼¥È¥¦¥§¥¤·Ðͳ¤ÇÀܳ¤Ç¤¤ë ¤è¤¦¤Ë¤¹¤ë¤Ë¤Ï¡¢PPP ¤Î¥Í¥Ã¥È¥ï¡¼¥¯¥¢¥É¥ì¥¹ÊÑ´¹ (NAT) ¤ò͸ú¤Ë ¤·¤Ê¤±¤ì¤Ð¤Ê¤ê¤Þ¤»¤ó¡£PPP ¤Î NAT µ¡Ç½¤òÍøÍѤ¹¤ë¤Ë¤Ï¡¢¼¡¤Î¹Ô¤ò /etc/rc.conf ¤ËÄɲ䷤Ƥ¯¤À¤µ¤¤¡£
ppp_enable="YES" ppp_mode="auto" ppp_nat="YES" ppp_profile="your_profile"
注意: your_profile ¤ò¤¢¤Ê¤¿¼«¿È¤Î¥À¥¤¥¢¥ë ¥¢¥Ã¥×¥×¥í¥Õ¥¡¥¤¥ë¤ËÊѹ¹¤¹¤ë¤è¤¦¤Ë¤·¤Æ¤¯¤À¤µ¤¤¡£
¤³¤³¤Ç¤¢¤Ê¤¿¤Î¥·¥¹¥Æ¥àÍѤΥե¡¥¤¥¢¥¦¥©¡¼¥ë¥ë¡¼¥ë¤òÄêµÁ¤·¤Þ¤¹¡£ »ä¤¿¤Á¤¬µ½Ò¤¹¤ë¥ë¡¼¥ë¥»¥Ã¥È¤Ï¡¢ÂçÉôʬ¤Î¥À¥¤¥¢¥ë¥¢¥Ã¥×¥æ¡¼¥¶¸þ¤±¤Î °ìÈÌŪ¤Ê¿÷·¿¤Ç¤¹¡£¥æ¡¼¥¶Ëè¤ÎÍ×µá¤Ë¤Ô¤Ã¤¿¤ê¹ç¤ï¤Ê¤¤¤Ç¤·¤ç¤¦¤¬¡¢IPFW ¤ÎÆ°ºî¤Ë¤Ä¤¤¤Æ´ðËÜŪ¤ÊÍý²ò¤òÆÀ¤é¤ì¡¢Í×µá¤Ë¹ç¤ï¤»¤ÆÀßÄê¤òÊѹ¹¤¹¤ë ¤Î¤Ï·ë¹½´Êñ¤Ê¤Ï¤º¤Ç¤¹¡£
¤Þ¤º¤Ï¡¢Êĺ¿Åª¤Ê¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤Î´ðÁ䫤é»Ï¤á¤Þ¤·¤ç¤¦¡£Êĺ¿Åª¤Ê ¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤Ï¡¢ÀßÄ꤬¤Ê¤¤¾ì¹ç¤Ï¤¹¤Ù¤ÆµñÈݤ¹¤ë¤È¤¤¤¦¹Í¤¨¤Ë ´ð¤Å¤¤¤Æ¤¤¤Þ¤¹¡£¤½¤ì¤«¤é¡¢´ÉÍý¼Ô¤Ïµö²Ä¤·¤¿¤¤ÄÌ¿®ÍѤΥ롼¥ë¤òÌÀ¼¨Åª¤Ë ÄɲäǤ¤Þ¤¹¡£ÄÌ¿®ÍѤΥ롼¥ë¤Ï¡¢µö²Ä¤¬Àè¤Ç¤½¤ì¤«¤éµñÈݤȤ¤¤¦ ½çÈ֤Ǥ¢¤ë¤Ù¤¤Ç¤¹¡£µö²Ä¤·¤¿¤¤¤â¤Î¤¹¤Ù¤Æ¤Ë¤Ä¤¤¤Æ¥ë¡¼¥ë¤òÄɲ䷤ơ¢ ¤½¤ì°Ê³°¤Ï¤¹¤Ù¤Æ¼«Æ°Åª¤ËµñÈݤµ¤ì¤ë¤³¤È¤òÁ°Äó¤È¤·¤Þ¤¹¡£
¤½¤ì¤Ç¤Ï¡¢¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤Î¥ë¡¼¥ë¤òÊݸ¤¹¤ë¥Ç¥£¥ì¥¯¥È¥ê¤ò ºîÀ®¤·¤Þ¤·¤ç¤¦¡£¤³¤ÎÎã¤Ç¤Ï¡¢ /etc/firewall ¤òÍѤ¤¤Þ¤¹¡£ ¥Ç¥£¥ì¥¯¥È¥ê¤ò¤½¤³¤ØÊѹ¹¤·¡¢ rc.conf ¤Çµ¬Äꤷ¤¿ fwrules ¥Õ¥¡¥¤¥ë¤òÊÔ½¸¤·¤Þ¤¹¡£ ¤³¤Î¥Õ¥¡¥¤¥ë̾¤ò¼«Ê¬¤¬Ë¾¤àǤ°Õ¤Î¤â¤Î¤ËÊѹ¹¤Ç¤¤ë¤È¤¤¤¦¤³¤È¤Ëµ¤¤ò¤Ä¤±¤Æ¤¯¤À¤µ¤¤¡£ ¤³¤Î¼ê°ú¤¤Ï¤¢¤Ê¤¿¤¬»È¤ª¤¦¤È¤¹¤ë¤«¤â¤·¤ì¤Ê¤¤¥Õ¥¡¥¤¥ë̾¤Î°ìÎã¤ò Í¿¤¨¤ë¤À¤±¤Ç¤¹¡£
¤½¤ì¤Ç¤Ï¡¢¤¤Á¤ó¤ÈÃí¼á¤¬»Ü¤µ¤ì¤¿¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¥Õ¥¡¥¤¥ë¤Î Îã¤ò¸«¤Æ¤ß¤Þ¤·¤ç¤¦¡£
# (/etc/rc.firewall ¤Ë¤¢¤ë¤è¤¦¤Ë) »²¾È¤ò´Êñ¤Ë¤¹¤ë¤¿¤á¤Ë¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤Î # ¥³¥Þ¥ó¥É¤òÄêµÁ¤·¤Þ¤¹¡£Æɤߤ䤹¤¯¤¹¤ë¤Î¤ËÌòΩ¤Á¤Þ¤¹¡£ fwcmd="/sbin/ipfw" # ³°¸þ¤±¥¤¥ó¥¿¥Õ¥§¡¼¥¹¤òÄêµÁ¤·¤Þ¤¹¡£¥æ¡¼¥¶¡¼¥é¥ó¥É ppp ¤Ç¤Ï¡¢ # ²¿¤âÀßÄꤷ¤Ê¤¤¤È tun0 ¤Ë¤Ê¤ê¤Þ¤¹¡£ oif="tun0" # Æâ¸þ¤±¥¤¥ó¥¿¥Õ¥§¡¼¥¹¤òÄêµÁ¤·¤Þ¤¹¡£Ä̾ï¤Ï¥Í¥Ã¥È¥ï¡¼¥¯¥«¡¼¥É¤Ë # ¤Ê¤ê¤Þ¤¹¡£¤³¤ì¤òɬ¤º¤¢¤Ê¤¿¤Î¥Í¥Ã¥È¥ï¡¼¥¯¥¤¥ó¥¿¥Õ¥§¡¼¥¹¤Ë # ¹ç¤ï¤»¤ÆÊѹ¹¤¹¤ë¤è¤¦¤Ë¤·¤Æ¤¯¤À¤µ¤¤¡£ iif="fxp0" # ¥ë¡¼¥ë¤òºÆÆɹþ¤ß¤¹¤ëÁ°¤Ë¡¢¸½ºß¤Î¥ë¡¼¥ë¤ò¶¯À©Åª¤Ë¾Ãµî¤·¤Þ¤¹¡£ $fwcmd -f flush # ¤¹¤Ù¤Æ¤Î¥Ñ¥±¥Ã¥È¤Î¾õÂÖ¤ò³Îǧ¤·¤Þ¤¹¡£ $fwcmd add check-state # ³°¸þ¤±¥¤¥ó¥¿¥Õ¥§¡¼¥¹Â¦¤Ç¤Ê¤ê¤¹¤Þ¤·¤òËɤ®¤Þ¤¹¡£ $fwcmd add deny ip from any to any in via $oif not verrevpath # »ä¤¿¤Á¤¬³«»Ï¤·¤¿Àܳ¤Ï¤¹¤Ù¤Æµö²Ä¤·¡¢¾õÂÖ¤òÊݸ¤·¤Þ¤¹¡£ # ¤·¤«¤·¡¢Æ°Åª¤Ê¥ë¡¼¥ë¤ò»ý¤¿¤Ê¤¤³ÎΩ¤·¤¿Àܳ¤ÏµñÈݤ·¤Þ¤¹¡£ $fwcmd add allow ip from me to any out via $oif keep-state $fwcmd add deny tcp from any to any established in via $oif # ¥Í¥Ã¥È¥ï¡¼¥¯Æâ¤ÎÀܳ¤Ï¤¹¤Ù¤Æµö²Ä¤·¤Þ¤¹¡£ $fwcmd add allow ip from any to any via $iif # ¥í¡¼¥«¥ë¤ÊÄÌ¿®¤ò¤¹¤Ù¤Æµö²Ä¤·¤Þ¤¹¡£ $fwcmd add allow all from any to any via lo0 $fwcmd add deny all from any to 127.0.0.0/8 $fwcmd add deny ip from 127.0.0.0/8 to any # ¥¤¥ó¥¿¡¼¥Í¥Ã¥È¦¤Î¥æ¡¼¥¶¤Ë 22 ÈÖ¤È 80 È֥ݡ¼¥È¤ØÀܳ¤¹¤ë¤³¤È¤ò # µö²Ä¤·¤Þ¤¹¡£¤³¤ÎÎã¤Ç¤Ï¡¢sshd ¤È¥¦¥§¥Ö¥µ¡¼¥Ð¤Ø¤ÎÀܳ¤òÆä˵ö²Ä¤·¤Æ¤¤¤Þ¤¹¡£ $fwcmd add allow tcp from any to me dst-port 22,80 in via $oif setup keep-state # ICMP ¥Ñ¥±¥Ã¥È¤òµö²Ä¤·¤Þ¤¹¡£¥Û¥¹¥È¤ò ping(8) ¤Ë±þÅú¤µ¤»¤¿¤¯¤Ê¤±¤ì¤Ð¡¢ # icmptypes ¤«¤é 8 ¤òºï½ü¤·¤Æ¤¯¤À¤µ¤¤¡£ $fwcmd add allow icmp from any to any via $oif icmptypes 0,3,8,11,12 # »Ä¤ê¤Î¤¹¤Ù¤Æ¤òµñÈݤ·¤ÆµÏ¿¤·¤Þ¤¹¡£ $fwcmd add deny log ip from any to any
22 ÈÖ¤È 80 È֥ݡ¼¥È¤Ø¤ÎÀܳ¤Î¤ß¤òµö²Ä¤·¡¢¤½¤ì°Ê³°¤Ë»î¤ß¤é¤ì¤¿ Àܳ¤Ï¤¹¤Ù¤ÆµÏ¿¤¹¤ë¡¢´°Á´¤Ëµ¡Ç½¤¹¤ë¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤¬¤Ç¤¤Þ¤·¤¿¡£ ¤³¤ì¤Ç°ÂÁ´¤ËºÆµ¯Æ°¤¹¤ë¤³¤È¤¬¤Ç¤¡¢¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤¬¼«Æ°Åª¤Ë µ¯Æ°¤·¤Æ¥ë¡¼¥ë¥»¥Ã¥È¤¬Æɤ߹þ¤Þ¤ì¤ë¤Ï¤º¤Ç¤¹¡£ ¤â¤·¤³¤ì¤Ë²¿¤«´Ö°ã¤¤¤ò¸«¤Ä¤±¤¿¤ê¡¢²¿¤«ÌäÂê¤ËÅö¤¿¤Ã¤¿¤ê¡¢ ¤³¤Î¥Ú¡¼¥¸¤ò²þÁ±¤¹¤ëÄó°Æ¤¬¤¢¤ë¤Ê¤é¡¢ ¤É¤¦¤«»ä¤ËÅŻҥ᡼¥ë¤òÁ÷¤Ã¤Æ²¼¤µ¤¤¡£
6.1. “limit 500 reached on entry 2800” ¤Î¤è¤¦¤Ê¥á¥Ã¥»¡¼¥¸¤¬½Ð¤¿¸å¡¢»ä¤Î¥Þ¥·¥ó¤Ï¤½¤Î¥ë¡¼¥ëÈÖ¹æ¤ËÂÐ ±þ¤¹¤ëµñÈݤµ¤ì¤¿¥Ñ¥±¥Ã¥È¤òµÏ¿¤·¤Ê¤¯¤Ê¤ê¤Þ¤·¤¿¡£ ¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤Ï¤Þ¤ÀÆ°ºî¤·¤Æ¤¤¤ë¤Î¤Ç¤·¤ç¤¦¤«?
ñ¤Ë¤½¤Î¥ë¡¼¥ë¤Î¥í¥°¥«¥¦¥ó¥È¤¬ºÇÂçÃͤË㤷¤¿ ¤È¤¤¤¦¤³¤È¤ò°ÕÌ£¤·¤Æ¤¤¤Þ¤¹¡£¥ë¡¼¥ë¼«ÂΤϤޤÀµ¡Ç½¤·¤Æ¤¤¤Þ¤¹¤¬¡¢ ¥í¥°¥«¥¦¥ó¥¿¤ò¥ê¥»¥Ã¥È¤¹¤ë¤Þ¤Ç¤½¤ì°Ê¾å¥í¥°¤òµÏ¿¤·¤Þ¤»¤ó¡£ ¥«¥¦¥ó¥¿¤Î¥ê¥»¥Ã¥ÈÊýË¡¤ÎÎã¤ò°Ê²¼¤Ë¼¨¤·¤Þ¤¹¡£
# ipfw resetlog
¤Þ¤¿¡¢¤³¤Î¸Â³¦Ãͤò¾å½Ò¤Î IPFIREWALL_VERBOSE_LIMIT
¥ª¥×¥·¥ç¥ó¤Ç Êѹ¹¤¹¤ë¤³¤È¤â¤Ç¤¤Þ¤¹¡£ ¤µ¤é¤Ë¡¢¤³¤Î¸Â³¦ÃͤÏ
(¥«¡¼¥Í¥ë¤òºÆ¹½ÃÛ¤·¤ÆºÆµ¯Æ°¤»¤º¤Ë) sysctl(8) ¤Î
net.inet.ip.fw.verbose_limit ÊÑ¿ô¤Ë¤è¤ê Êѹ¹¤¹¤ë¤³¤È¤â¤Ç¤¤Þ¤¹¡£
6.2. ²¿¤«´Ö°ã¤Ã¤Æ¤¤¤ë¤Ë°ã¤¤¤¢¤ê¤Þ¤»¤ó¡£ »ä¤Ï¤¢¤Ê¤¿¤ÎÀâÌÀ¤Ëʸ»úÄ̤꽾¤¤¤Þ¤·¤¿¤¬¡¢ Äù¤á½Ð¤µ¤ì¤Æ¤·¤Þ¤¤¤Þ¤·¤¿¡£
¤³¤Î¥Á¥å¡¼¥È¥ê¥¢¥ë¤Ï¤¢¤Ê¤¿¤¬ userland-ppp ¤ò²ÔƯ¤·¤Æ¤¤¤Æ¡¢¤½¤Î·ë²Ì tun0 [ppp(8) (¤Þ¤¿¤Î̾¤ò user-ppp) ¤Çºî¤é¤ì¤ëºÇ½é¤ÎÀܳ¤ËÁêÅö¤·¤Þ¤¹] ¥¤¥ó¥¿¥Õ¥§¡¼¥¹¾å¤Ç¶¡µë¤µ¤ì¤¿¥ë¡¼¥ë¥»¥Ã¥È¤¬Æ°ºî¤·¤Æ¤¤¤ë¤³¤È¤òÁÛÄꤷ¤Æ¤¤¤Þ¤¹¡£ ¤µ¤é¤Ê¤ëÀܳ¤Ï tun1¡¢tun2 ¤Ê¤É¤òÍѤ¤¤Þ¤¹¡£
pppd(8) ¤¬ ppp0 ¥¤¥ó¥¿¥Õ¥§¡¼¥¹¤òÂå¤ï¤ê¤ËÍѤ¤¤ë¤È¤¤¤¦¤³¤È¤Ë¤âÃí°Õ¤¹¤ë¤¹¤Ù¤¤Ç¤¹¡£ ¤è¤Ã¤Æ pppd(8) ¤Ë¤è¤ëÀܳ¤ò»Ï¤á¤ë¤Ê¤é ppp0 ¤ÎÂå¤ï¤ê¤Ë tun0 ¤òÍѤ¤¤Æ²¼¤µ¤¤¡£ ¤³¤ÎÊѹ¹¤òÈ¿±Ç¤¹¤ë¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤Î¥ë¡¼¥ë¤ò ÊÔ½¸¤¹¤ëÁáÆ»¤Ï°Ê²¼¤Ë¼¨¤µ¤ì¤Æ¤¤¤Þ¤¹¡£ ¸µ¤Î¥ë¡¼¥ë¥»¥Ã¥È¤Ï fwrules_tun0 ¤È¤·¤Æ¥Ð¥Ã¥¯¥¢¥Ã¥×¤µ¤ì¤Æ¤¤¤Þ¤¹¡£
% cd /etc/firewall /etc/firewall% su Password: /etc/firewall# mv fwrules fwrules_tun0 /etc/firewall# cat fwrules_tun0 | sed s/tun0/ppp0/g > fwrules
¤¤¤Ã¤¿¤óÀܳ¤¬³ÎΩ¤·¤¿¤é¡¢ ¸½ºß ppp(8) ¤« pppd(8) ¤Î¤É¤Á¤é¤òÍøÍѤ·¤Æ¤¤¤ë¤«¤òÃΤ뤿¤á¤Ë ifconfig(8) ¤Î½ÐÎϤǸ¡ºº¤¹¤ë¤³¤È¤¬¤Ç¤¤Þ¤¹¡£ Îã¤È¤·¤Æ¡¢pppd(8) ¤ÇºîÀ®¤µ¤ì¤¿Àܳ¤Ç¤Ï¡¢ ¤³¤Î¤è¤¦¤Ê¤â¤Î¤¬Ìܤˤ¹¤ë¤Ç¤·¤ç¤¦ (´Ø·¸¤Î¤¢¤ë¤â¤Î¤À¤±¼¨¤·¤Æ¤¤¤Þ¤¹)¡£
% ifconfig (skipped...) ppp0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1524 inet xxx.xxx.xxx.xxx --> xxx.xxx.xxx.xxx netmask 0xff000000 (skipped...)
¾Êý¤Ç¡¢ppp(8) (user-ppp) ¤ÇºîÀ®¤µ¤ì¤¿Àܳ¤Ç¤Ï¡¢ ¤¢¤Ê¤¿¤Ï¤³¤ì¤Ë»÷¤¿¤â¤Î¤òÌܤˤ¹¤ë¤Ï¤º¤Ç¤¹¡£
% ifconfig (skipped...) ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500 (skipped...) tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1524 (IPv6 stuff skipped...) inet xxx.xxx.xxx.xxx --> xxx.xxx.xxx.xxx netmask 0xffffff00 Opened by PID xxxxx (skipped...)
ËÜʸ½ñ¡¢¤ª¤è¤Ó¾¤Îʸ½ñ¤Ï ftp://ftp.FreeBSD.org/pub/FreeBSD/doc/ ¤«¤é¥À¥¦¥ó¥í¡¼¥É¤Ç¤¤Þ¤¹¡£
FreeBSD ¤Ë´Ø¤¹¤ë¼ÁÌ䤬¤¢¤ë¾ì¹ç¤Ë¤Ï¡¢¥É¥¥å¥á¥ó¥È ¤òÆɤó¤À¾å¤Ç <questions@FreeBSD.org> ¤Þ¤Ç (±Ñ¸ì¤Ç)
Ï¢Íí¤·¤Æ¤¯¤À¤µ¤¤¡£
ËÜʸ½ñ¤Ë´Ø¤¹¤ë¼ÁÌä¤Ë¤Ä¤¤¤Æ¤Ï¡¢<doc@FreeBSD.org> ¤Þ¤ÇÅŻҥ᡼¥ë¤ò (±Ñ¸ì¤Ç)
Á÷¤Ã¤Æ¤¯¤À¤µ¤¤¡£