From owner-freebsd-users-jp@FreeBSD.ORG Fri Apr 3 11:35:27 2015 Return-Path: Delivered-To: freebsd-users-jp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 14F1AF63 for ; Fri, 3 Apr 2015 11:35:27 +0000 (UTC) Received: from mail.allbsd.org (gatekeeper.allbsd.org [IPv6:2001:2f0:104:e001::32]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.allbsd.org", Issuer "RapidSSL CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 94872C43 for ; Fri, 3 Apr 2015 11:35:26 +0000 (UTC) Received: from alph.d.allbsd.org (alph.d.allbsd.org [IPv6:2001:2f0:104:e010:862b:2bff:febc:8956] (may be forged)) (authenticated bits=56) by mail.allbsd.org (8.14.9/8.14.8) with ESMTP id t33BZCdA053613 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Fri, 3 Apr 2015 20:35:14 +0900 (JST) (envelope-from hrs@allbsd.org) Received: from localhost (localhost [IPv6:::1]) (authenticated bits=0) by alph.d.allbsd.org (8.14.9/8.14.9) with ESMTP id t33BZBeI068842; Fri, 3 Apr 2015 20:35:12 +0900 (JST) (envelope-from hrs@allbsd.org) Date: Fri, 03 Apr 2015 20:34:29 +0900 (JST) Message-Id: <20150403.203429.791691545009508950.hrs@allbsd.org> To: chaltier@agate.plala.or.jp From: Hiroki Sato In-Reply-To: <20150402220031.899F.A7D5A726@agate.plala.or.jp> References: <20150331212326.2783.A7D5A726@agate.plala.or.jp> <20150402.053132.1512763590932251857.hrs@allbsd.org> <20150402220031.899F.A7D5A726@agate.plala.or.jp> X-PGPkey-fingerprint: BDB3 443F A5DD B3D0 A530 FFD7 4F2C D3D8 2793 CF2D X-Mailer: Mew version 6.6 on Emacs 24.4 / Mule 6.0 (HANACHIRUSATO) Mime-Version: 1.0 Content-Type: Multipart/Signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="--Security_Multipart(Fri_Apr__3_20_34_29_2015_119)--" Content-Transfer-Encoding: 7bit X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3 (mail.allbsd.org [IPv6:2001:2f0:104:e001::32]); Fri, 03 Apr 2015 20:35:19 +0900 (JST) X-Spam-Status: No, score=1.9 required=13.0 tests=CONTENT_TYPE_PRESENT, ISO2022JP_BODY,RCVD_IN_AHBL,RCVD_IN_AHBL_PROXY,RCVD_IN_AHBL_SPAM,RDNS_NONE autolearn=no autolearn_force=no version=3.4.0 X-Spam-Level: * X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on gatekeeper.allbsd.org X-Mailman-Approved-At: Fri, 03 Apr 2015 11:37:46 +0000 Cc: freebsd-users-jp@freebsd.org Subject: [FreeBSD-users-jp 95503] Re: =?iso-2022-jp?b?aXBmdxskQiRHRkNEahsoQklQGyRCMEozMCROQFwbKEI=?= =?iso-2022-jp?b?GyRCQjMkckU+QXckNyQ/JCQbKEI=?= X-BeenThere: freebsd-users-jp@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Discussion relevant to FreeBSD communities in Japan List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Apr 2015 11:35:27 -0000 ----Security_Multipart(Fri_Apr__3_20_34_29_2015_119)-- Content-Type: Text/Plain; charset=iso-2022-jp Content-Transfer-Encoding: 7bit 佐藤です。 chaltier wrote in <20150402220031.899F.A7D5A726@agate.plala.or.jp>: ch> ローカルネットの接続が拒否されるについですが、 ch> 同じLAN上のクライアントからの接続も2222/tcpに接続されてしまう状態と ch> なってしまうので、どう対処しようかと思った次第です。 ch> ch> サーバのIPが192.168.11.3で、クライアントのIPが192.168.11.2だとした場合、 ch> 192.168.11.2も特定IP外の為、fwdルールが適用されてしまいます。 ch> ch> fwdルールの前に192.168.11.0/24については全てpassするルールを ch> 追加して凌いでいます。 ch> ch> notのルールなので複数指定もできないでしょうし...。 add 1001 fwd 127.0.0.1,2222 tcp from not table(1) to me 22 table 1 add <特定IP>/32 table 1 add 192.168.11.0/24 というルールを使うのはいかがでしょうか。 -- Hiroki ----Security_Multipart(Fri_Apr__3_20_34_29_2015_119)-- Content-Type: application/pgp-signature Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEABECAAYFAlUeesUACgkQTyzT2CeTzy0U5QCggxq89DvnZ9joGU6JDdQDoJzT LDMAn1P+JCG4ox7lgY4A8jLZQKzwYE9D =W3/+ -----END PGP SIGNATURE----- ----Security_Multipart(Fri_Apr__3_20_34_29_2015_119)----