>gateway_enable="YES" >はいらないんでしたっけ?
あ、まさにそれです! ありがとうございます。 >古いマシンのrc.conf には書いてあったんじゃないかと思いますが…。 書いてなくて動いてました。(なぜでしょうか?) (FreeBSD 4.? のころから動かしてました) >ipf の方はどんなエラーメッセージか教えてもらえばなにかわかるかも、です。 今日、なんとなく、 # /sbin/ipf -FA -Z /etc/ipf.rules を実行したら、特にエラーがでませんでした。 bad packets: in 0 out 0 input packets: blocked 0 passed 1148 nomatch 960 counted 0 output packets: blocked 0 passed 1084 nomatch 856 counted 0 input packets logged: blocked 0 passed 0 output packets logged: blocked 0 passed 0 packets logged: input 0-0 output 0-0 エラーが出たときはメッセージは忘れましたが ?(数字) IOCTL なんとか File not found (が複数) でした しかし、 # ipfstat -io を実行すると empty list for ipfilter(out) empty list for ipfilter(in) となります。 今、動かしているipf.rulesはこれです。 ----------------- #pass in quick all #pass out quick all # smb blocks block in quick proto tcp/udp from any to 固定IP/32 port = 113 block in quick proto tcp/udp from any to 固定IP/32 port = 137 block in quick proto tcp/udp from any to 固定IP/32 port = 138 block in quick proto tcp/udp from any to 固定IP/32 port = 139 block in quick proto tcp/udp from any to 固定IP/32 port = 445 block in quick proto tcp/udp from any to 固定IP/32 port = 1512 block in quick proto tcp/udp from any to 固定IP/32 port = 3389 # localnet block #block in log quick on ng0 from 192.168.1.0/24 to any group 200 # multicast block #block in log quick on ng0 from 224.0.0.0/4 to any group 200 # smtp allow pass in quick on ng0 proto tcp from any to any port = 25 flags S/SA keep state group 200 # pop3 allow #pass in quick on ng0 proto tcp from any to any port = 110 flags S/SA group 200 # www allow pass in quick on ng0 proto tcp from any to any port = 80 flags S/SA group 200 # ssl allow pass in quick on ng0 proto tcp from any to any port = 443 flags S/SA group 200 # dns allow pass in quick on ng0 proto tcp from any to any port = 53 flags S/SA group 200 pass in quick on ng0 proto udp from any to any port = 53 group 200 # localnet allows pass out on em0 from 192.168.1.0/24 to 192.168.1.0/24 group 350 参考までに、FreeBSD 6.2で動いていたのはこれです。 (カーネルでDEFAULT_BLOCKにて) ----------------- #block in quick from any to any with ipopts frag #block in quick proto tcp from any to any with short #block in quick from 169.254.0.0/16 to any pass in quick all pass out quick all # smb block block in quick proto tcp/udp from any to 固定IP/32 port = 113 block in quick proto tcp/udp from any to 固定IP/32 port = 137 block in quick proto tcp/udp from any to 固定IP/32 port = 138 block in quick proto tcp/udp from any to 固定IP/32 port = 139 block in quick proto tcp/udp from any to 固定IP/32 port = 445 block in quick proto tcp/udp from any to 固定IP/32 port = 1512 block in quick proto tcp/udp from any to 固定IP/32 port = 3389 # localnet block block in log quick on ng0 from 192.168.1.0/24 to any group 200 # multicast block block in log quick on ng0 from 224.0.0.0/4 to any group 200 # smtp allow pass in quick on ng0 proto tcp from any to any port = 25 flag S keep state group 200 # pop3 allow pass in quick on ng0 proto tcp from any to any port = 110 flag S keep state group 200 # www allow pass in quick on ng0 proto tcp from any to any port = 80 flag S keep state group 200 # ssl allow pass in quick on ng0 proto tcp from any to any port = 443 flag S keep state group 200 # dns allow pass in quick on ng0 proto tcp from any to any port = 53 flag S keep state group 200 pass in quick on ng0 proto udp from any to any port = 53 flag S keep state group 200 # localnet allows pass out on bge0 from 192.168.1.0/24 to 192.168.1.0/24 group 350 ----- p.s. telnetが開いていますが、外部から来ますと、/usr/local/bin/sl が走ります。汗 ftpは開けておく必要があります。 sshdは有効になっていません。(あくまでlocalnetからのtelnetのみなので) なな <[email protected]>
