Site Navigation

Date:      Fri, 01 Jul 2016 11:05:32 +0900
From:      maruyama@ism.ac.jp (=?iso-2022-jp?B?GyRCNF07M0Q+PjsbKEI=?=)
To:        Hideki SAKAMOTO <hs@on-sky.net>
Cc:        freebsd-users-jp@freebsd.org
Subject:   [FreeBSD-users-jp 95839] Re: =?iso-2022-jp?b?aXBmdxskQiRIGyhCRE5T?=
Message-ID:  <ydl1t3edser.fsf@indra.ism.ac.jp>
In-Reply-To: <b1ce2805-f2b6-0332-31e4-230183648906@on-sky.net> (message from Hideki SAKAMOTO on Fri, 1 Jul 2016 10:21:23 %2B0900)

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

$BE}7W?tM}8&5f=j$N4];3$G$9!#(B

$B3'MM$N$*1"$G$@$s$@$s8-$/$J$C$F$f$/$h$&$J5$J,$G$9!#M-Fq$&$4$6$$$^$9!#(B
$B$d$C$F$_$?$H$3$m!"(B keep-state $B$J$7$G(B

ipfw -q add 30000 allow ip from 192.168.255.0:255.255.255.0 to any

$B$G$&$^$/$f$-$^$7$?!#:#$N$H$3$m!"$3$l$,0lHV5$$KF~$C$F$$$^$9!#(B
ipfw.openports $B$r;H$&<j$OCN$C$F$$$^$7$?$,!"(Bnfs$B0J30$N$b$N$b>-Mh$d$j$?$/$J$C(B
$B$?>l9g$b9M$($k$H!"<+J,$@$1$,$$$8$l$kJD:?%5%V%M%C%HFb$O!V2?$G$b$"$j!W$K$7(B
$B$F$*$$$?J}$,3Z$@$J!"$H;W$C$F:NMQ$;$:$K!"$=$N$?$a$K:#2s$N;vBV$KAx6x$7$?!"(B
$B$H$$$&;v>p$G$9!#(B

$BM-Fq$&$4$6$$$^$7$?!#(B

Fri, 1 Jul 2016 10:21:23 +0900
Hideki SAKAMOTO <hs@on-sky.net> writes:

>$B:d85$G$9(B
>
>NFS$B%5!<%P$rN)$F$kL\E*$G$"$l$P!"(B/etc/ipfw.openports$B$K0J2<$N9T$r(B
>$BDI2C$7$F$*$$$F!"(B/etc/exports$B$NJ}$G(BIP$B$r@)8B$9$k$N$,$h$$$+$H;W$$(B
>$B$^$9!#(B
>tcp 111
>udp 111
>tcp 1110
>udp 1110
>tcp 2049
>udp 2049
>tcp 4045
>udp 4045
>
>$B;29M!'(Bhttps://forums.freebsd.org/threads/5123/
>
>$B85$N<ALd$N%k!<%kHV9f$K$D$$$F$O!"(B/etc/ipfw.rules$B$r8+$k$H!"(B
>$B!&(B2000$BHVBf0J2<$O%/%i%$%"%s%H$H$7$FNI$-$K7W$i$&$?$a$N@_Dj(B
>  $B!J$h$[$I<+?.$,L5$$8B$j$O?($l$J$$$N$,5H!K(B
>$B!&(B10000$BHVBf$K(B/etc/ipfw.openports$B$G;XDj$5$l$?%]!<%H$r(B($B%5!<%P$H$7$F(B)
>  $B2rJ|$9$k@_Dj(B
>$B!&(B20000$BHVBf$K(B/etc/ipfw.openip$B$G;XDj$5$l$?(BIP$B%"%I%l%9$KMh$kDL?.$r(B
>  $B5v2D$9$k@_Dj(B
>  $B!J$J$N$G>e$NBe$o$j$K(B"192.168.255.1"$B$C$F=q$$$F$b0l1~L\E*$O3p$$(B
>    $B$^$9$,!"$d$C$A$c%@%a$G$9(B(^^;;$B!K(B
>$B$H$$$&;WOG$,8+$F$H$l$^$9$N$G!"(B/etc/ipfw.custom$B$G;XDj$9$k%k!<%k$N(B
>$BHV9f$O(B30000 - 63999$B$"$?$j$r;H$&$h$&$K$9$l$P!"(B
>
>ipfw -q add 30000 allow ip from 192.168.255.0:255.255.255.0 to any keep-state
>
>$B$N(B1$B9T$@$1$G:Q$`$+$H;W$$$^$9!#(Bkeep-state$B$O$"$C$F$b$J$/$F$b$h$$$O$:(B
>$B$G$9(B($BJV$j$N%Q%1%C%H$r(B1000$BHV$N(Bcheck-state$B$G%Q%9$9$k$+$I$&$+$N0c$$!K!#(B
>
>$B$"$H<XB-$J$,$i!"(B
>> 00020 allow ip from any to any via lo0
>$B$O!"(Blo0$B%$%s%?!<%U%'%$%9(B(127.0.0.1/::1)$B$r7PM3$9$k$9$Y$F$NDL?.$r5v2D(B
>$B$9$k$H$$$&0UL#$J$N$G!"(Blocalhost<->localhost$B$NDL?.$N$_$,BP>]$G$9!#(B
>
>
>On 2016/06/30 18:57, $B4];3D>>;(B wrote:
>> $BJ?Ln(B $BMM!"@n:j(B $BMM!"8q9>(B $BMM(B
>> 
>> $B4];3$G$9!#M-Fq$&$4$6$$$^$7$?!#$*1"MM$K$F>/$7;d$NM}2r$,?J$s$@$h$&$K;W$$$^(B
>> $B$9!#(B
>> 
>>   02000 allow ip from any to any out keep-state
>> 
>> $B$r(B
>> 
>>   00110 allow ip from 133.58.124.49 to any
>> 
>> $B$G>e=q$-$7$A$c$C$F$$$k$N$G!"(B133.58.124.49 $B$G(B DNS response $B$,<u$1<h$l$J$/(B
>> $B$J$C$?!"$H$$$&7kO@$G$7$g$&$+!#(B
>> 
>> $B<+Bp$N(B PC $B$G$O:#(B
>> 
>> ipfw -q add 1200 allow ip from 192.168.255.1 to any keep-state
>> ipfw -q add 1200 allow ip from 192.168.255.0:255.255.255.0 to any
>> 
>> $B$H$7$F!"LdBj2r7h$7$^$7$?!#(B
>> 
>> $B$G!"2?$G$3$s$J$3$H$7$?$+$H$$$&$H!"(BNFS$B%5!<%P!<$r;EN)$F$F!"%5%V%M%C%HFb$N(B
>> $BB>$N%^%7%s$+$i%^%&%s%H$7$?$+$C$?$N$G$9!#$G$9$+$i(B to any $B$G$O$J$/!"$b$C$H(B
>> $B%]!<%H$r9J$l$k$N$G$9$,!"LLE]$@$+$i(B to any $B$K$7$F$3$&$$$&$3$H$K$J$C$F$7$^$C(B
>> $B$?$H$$$&<!Bh$G$9!#(B
>> 
>> $B$G!"DI2C$G$*?R$M$7$^$9$,!"$3$&$$$&>u67$G(B
>> 
>> $B@_Dj(B1
>> ipfw -q add 1200 allow ip from 192.168.255.1 to any keep-state
>> ipfw -q add 1200 allow ip from 192.168.255.0:255.255.255.0 to any
>> 
>> $B@_Dj(B2
>> ipfw -q add 1200 allow ip from 192.168.255.1 to any keep-state
>> ipfw -q add 1201 allow ip from 192.168.255.0:255.255.255.0 to any
>> 
>> $B@_Dj(B3
>> ipfw -q add 1201 allow ip from 192.168.255.1 to any keep-state
>> ipfw -q add 1200 allow ip from 192.168.255.0:255.255.255.0 to any
>> 
>> $B@_Dj(B4
>> ipfw -q add 1200 allow ip from 192.168.255.0:255.255.255.0 to any keep-state
>> 
>> $B$N$I$l$,!V@52r!W!"$"$k$$$O$*4+$a$G$7$g$&$+!#(B
>> 
>> localhost = 192.168.255.1 $B$G!"(B DNS$B%5!<%P!<$X$N(B query $B$O$3$N%$%s%?!<%U%'!<(B
>> $B%9$rDL$j$^$9!#(B
>> 
>> ($BCQ$:$+$7$J$,$i(B keep-state $B$N0UL#$,$o$+$C$F$$$J$$$N$G!"$3$&$$$&<ALd$r$7(B
>> $B$F$*$j$^$9!#(B)
>> 
>> Thu, 30 Jun 2016 18:11:19 +0900
>> Akihiro HIRANO <hirano@t.kanazawa-u.ac.jp> writes:
>> 
>>> $BJ?Ln!w6bBtBg$G$9!#(B
>>>
>>> On 2016/06/30 17:39, $B4];3D>>;(B wrote:
>>>> # ipfw list
>>>> 00020 allow ip from any to any via lo0
>>>> 01000 check-state
>>>> 01050 allow tcp from any to any established
>>>> 01100 allow udp from any to any established
>>>> 02000 allow ip from any to any out keep-state
>>>> 02050 allow ip6 from any to any out keep-state
>>>> 02100 allow ipv6-icmp from any to any keep-state
>>>> 02150 allow icmp from any to any keep-state
>>>> 10000 allow udp from any to any dst-port 5353 in keep-state
>>>> 10001 allow tcp from any to any dst-port 22 in keep-state
>>>> 64000 deny log ip from any to any
>>>> 65535 allow ip from any to any
>>>>
>>>> $B$3$N>uBV$G$O(B dig @133.58.32.12 ism.ac.jp ns $B$O@5>o$K7k2L$rI=<(!#(B
>>>
>>> $B!!(BDNS$B$NLd$$9g$o$;$rAw?.$9$k%Q%1%C%H$,(B
>>>
>>>> 02000 allow ip from any to any out keep-state
>>>
>>> $B$K9gCW$7$F!"$=$N8e$N%;%C%7%g%s$r5v2D$9$kF0E*%k!<%k$,@8@.$5$l$F!"(B
>>> $B$H$$$&N.$l$N$h$&$G$9!#(B
>>>
>>>> # ipfw list
>>>> 00020 allow ip from any to any via lo0
>>>> 00110 allow ip from 133.58.124.49 to any
>>>> 01000 check-state
>>>> 01050 allow tcp from any to any established
>>>> 01100 allow udp from any to any established
>>>> 02000 allow ip from any to any out keep-state
>>>> 02050 allow ip6 from any to any out keep-state
>>>> 02100 allow ipv6-icmp from any to any keep-state
>>>> 02150 allow icmp from any to any keep-state
>>>> 10000 allow udp from any to any dst-port 5353 in keep-state
>>>> 10001 allow tcp from any to any dst-port 22 in keep-state
>>>> 64000 deny log ip from any to any
>>>> 65535 allow ip from any to any
>>>>
>>>> $B$3$N$H$-!"(B
>>>>
>>>> % dig @133.58.32.12 ism.ac.jp ns
>>>
>>> $B!!$3$N>l9g$O!"(B
>>>
>>>> 00110 allow ip from 133.58.124.49 to any
>>>
>>> $B$GAw?.%Q%1%C%H$r5v2D$7$F!"8e$O$J$K$b$7$J$$$N$G!"(B
>>> $BLa$j%Q%1%C%H$O(B
>>>
>>>> 64000 deny log ip from any to any
>>>
>>> $B$G5qH]$5$l$k!"$+$H!#(B
>>>
>>> $B!!$*$=$i$/!"(B
>>>
>>> /etc/ipfw.custom
>>>         ipfw -q add 1200 allow ip from 133.58.124.49 to any keep-state
>>>
>>> $B$"$?$j$GF0$/$N$G$O$J$$$+$H;W$$$^$9!#(B
>>> $BHV9f$O$=$N$^$^(B110$B$G$bNI$$$N$G$9$,!"(B
>>> $B5v2D:Q$_$N%;%C%7%g%s$O(Bcheck-state$B$d(Bestablished$B$GAa$a$K9gCW$5$;$?$$(B
>>> $B$H$$$&<q;]$@$H;W$$$^$9$N$G!"$3$l$i$h$j$O8e$,$$$$$H;W$$$^$9!#(B
>>>
>>> $B!Z$4;29M![(B
>>> http://www.wakhok.ac.jp/~kanayama/semi/bsd/node141.html
>>> ----
>>> $BJ?Ln989((B@$B6bBtBg3X(B $BBg3X1!(B $B<+A32J3X8&5f2J(B $BEE;R>pJs2J3X@l96(B
>>> hirano@t.kanazawa-u.ac.jp
>> 
>> --------
>> $B4];3D>>;!wE}7W?tM}8&5f=j(B

--------
$B4];3D>>;!wE}7W?tM}8&5f=j(B

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ydl1t3edser.fsf>

Legal Notices | © 1995-2025 The FreeBSD Project. All rights reserved.

Contact