| nsg 仕様 |
| OS FreeBSD 4.5-RELEASE Machine PC-9821Na12 Pentiam 120MHz Mem 48MB ------------------------------------------------------------------------ # # na7 kernel Config File # machine pc98 cpu I586_CPU cpu I686_CPU ident na7kernel maxusers 0 options PC98 #PC98 options INET #InterNETworking options FFS #Berkeley Fast Filesystem options FFS_ROOT #FFS usable as root device [keep this!] options SOFTUPDATES #Enable FFS soft updates support options UFS_DIRHASH #Improve performance on big directories options PROCFS #Process filesystem options COMPAT_43 #Compatible with BSD 4.3 [KEEP THIS!] options UCONSOLE #Allow users to grab the console options KTRACE #ktrace(1) support options SYSVSHM #SYSV-style shared memory options SYSVMSG #SYSV-style message queues options SYSVSEM #SYSV-style semaphores options P1003_1B #Posix P1003_1B real-time extensions options _KPOSIX_PRIORITY_SCHEDULING options ICMP_BANDLIM #Rate limit bad replies # # PPPoE を使用の為追加 options NETGRAPH #netgraph(4) system options NETGRAPH_ETHER options NETGRAPH_PPPOE options NETGRAPH_SOCKET # # IPFW を使用の為追加 options IPFIREWALL #firewall options IPFIREWALL_VERBOSE #enable logging to syslogd(8) options IPFIREWALL_FORWARD #enable transparent proxy support # # NATD を使用の為追加 options IPDIVERT #divert sockets options MSGBUF_SIZE=40960 device isa device pci device fdc0 at isa? port IO_FD1 irq 11 drq 2 device fd0 at fdc0 drive 0 device wdc0 at isa? port IO_WD1 irq 9 device wd0 at wdc0 drive 0 device wcd #IDE CD-ROM device pckbd0 at isa? port IO_KBD irq 1 device gdc0 at isa? pseudo-device splash device sc0 at isa? device npx0 at nexus? port IO_NPX irq 8 device apm0 at nexus? flags 0x20 # Advanced Power Management device card device pcic0 at isa? irq 0 port 0x3e0 options COM_MULTIPORT device sio0 at isa? port IO_COM1 irq 4 device mse0 at isa? port IO_MSE irq 13 device ppc0 at isa? irq 14 device ppbus # Parallel port bus (required) device lpt # Printer device miibus # MII bus support device sn device ed pseudo-device loop # Network loopback pseudo-device ether # Ethernet support pseudo-device sl 1 # Kernel SLIP pseudo-device tun 2 # Packet tunnel. pseudo-device pty # Pseudo-ttys (telnet etc) pseudo-device gif # IPv6 and IPv4 tunneling pseudo-device faith 1 # IPv6-to-IPv4 relaying (translation) pseudo-device bpf 4 #Berkeley packet filter ------------------------------------------------------------------------ # # Na7 rc.conf file # apm_enable="YES" saver="blank" blanktime="300" keymap="jp.pc98" hostname="nsg.ryuhoku.jp" kern_securelevel_enable="NO" nfs_reserved_port_only="YES" # pccard_enable="YES" pccard_mem="DEFAULT" pccardd_flags="-z -i 3 -i 5 -i 10" # # inside net ifconfig_ed0="inet 218.44.161.146 netmask 255.255.255.248" # outside adsl ifconfig_ed1="up" # fw_iif="ed0" fw_iip="218.44.161.146" fw_inet="218.44.161.144" fw_imask="255.255.255.248" # fw_oif="tun0" fw_oip="218.44.161.144" fw_onet="218.44.161.144" fw_omask="255.255.255.248" # sendmail_enable="NO" sshd_enable="NO" inetd_enable="NO" nfs_server_enable="NO" # #router_flags="-q -P rdisc_interval=45" router_flags="-s" router="routed" router_enable="NO" gateway_enable="YES" # firewall_enable="YES" firewall_script="/etc/rc.firewall" #firewall_type="open" firewall_type="simple" firewall_quiet="NO" firewall_logging="NO" firewall_flags="" # natd_enable="YES" natd_program="/sbin/natd" natd_interface="tun0" natd_flags="-f /etc/natd.conf" # ppp_enable="YES" ppp_mode="ddial" ppp_profile="isp00" #ppp_profile="pppoe" ppp_nat="NO" # named_enable="YES" ------------------------------------------------------------------------ # # ppp.conf file # default: set device PPPoE:ed1 set log Phase Chat LCP IPCP CCP tun command set speed sync set mru 1454 set mtu 1454 set ctsrts off set timeout 0 accept CHAP add default HISADDR isp00: set authname FreeBSD@ffa.ocn.ne.jp set authkey Release4.5 pppoe: set device PPPoE:ed1:pppoe-i set mru 1454 set mtu 1454 set cd 5 set dial set login set AuthName Myname set AuthKey Mypasswd set redial 0 0 ------------------------------------------------------------------------ # # natd.conf file # # natd.conf # log yes # verbose no # deny_incoming no # log_denied yes # log_facility security # use_sockets yes # same_ports yes # unregistered_only yes # # lsnat の為の設定 #redirect_port tcp nr15w:80,nw15w:80,ne2:80 www:80 redirect_port tcp 218.44.161.147:80,218.44.161.148:80,218.44.161.145:80 218.44.161.147:80 ------------------------------------------------------------------------ # # rc.firewall file # # Suck in the configuration variables. if [ -z "${source_rc_confs_defined}" ]; then if [ -r /etc/defaults/rc.conf ]; then . /etc/defaults/rc.conf source_rc_confs elif [ -r /etc/rc.conf ]; then . /etc/rc.conf fi fi if [ -n "${1}" ]; then firewall_type="${1}" fi ############ # Set quiet mode if requested # case ${firewall_quiet} in [Yy][Ee][Ss]) fwcmd="/sbin/ipfw -q" ;; *) fwcmd="/sbin/ipfw" ;; esac ############ # Flush out the list before we begin. # ${fwcmd} -f flush ############ # Network Address Translation. All packets are passed to natd(8) case ${firewall_type} in [Oo][Pp][Ee][Nn]|[Cc][Ll][Ii][Ee][Nn][Tt]) case ${natd_enable} in [Yy][Ee][Ss]) if [ -n "${natd_interface}" ]; then ${fwcmd} add 50 divert natd all from any to any via ${natd_interface} fi ;; esac esac # Only in rare cases do you want to change these rules # ${fwcmd} add 100 pass all from any to any via lo0 ${fwcmd} add 200 deny all from any to 127.0.0.0/8 ${fwcmd} add 300 deny ip from 127.0.0.0/8 to any # Prototype setups. # case ${firewall_type} in [Oo][Pp][Ee][Nn]) ${fwcmd} add 65000 pass all from any to any ;; [Ss][Ii][Mm][Pp][Ll][Ee]) # set these to your outside interface network and netmask and ip oif="ed0" onet="192.0.2.0" omask="255.255.255.240" oip="192.0.2.1" # set these to your inside interface network and netmask and ip iif="ed1" inet="192.0.2.16" imask="255.255.255.240" iip="192.0.2.17" # Stop spoofing ${fwcmd} add deny all from ${inet}:${imask} to any in via ${oif} ${fwcmd} add deny all from ${onet}:${omask} to any in via ${iif} # Stop RFC1918 nets on the outside interface ${fwcmd} add deny all from any to 10.0.0.0/8 via ${oif} ${fwcmd} add deny all from any to 172.16.0.0/12 via ${oif} ${fwcmd} add deny all from any to 192.168.0.0/16 via ${oif} # Stop draft-manning-dsua-03.txt (1 May 2000) nets (includes RESERVED-1, # DHCP auto-configuration, NET-TEST, MULTICAST (class D), and class E) # on the outside interface ${fwcmd} add deny all from any to 0.0.0.0/8 via ${oif} ${fwcmd} add deny all from any to 169.254.0.0/16 via ${oif} ${fwcmd} add deny all from any to 192.0.2.0/24 via ${oif} ${fwcmd} add deny all from any to 224.0.0.0/4 via ${oif} ${fwcmd} add deny all from any to 240.0.0.0/4 via ${oif} # Network Address Translation. This rule is placed here deliberately case ${natd_enable} in [Yy][Ee][Ss]) if [ -n "${natd_interface}" ]; then ${fwcmd} add divert natd all from any to any via ${natd_interface} fi ;; esac # Stop RFC1918 nets on the outside interface ${fwcmd} add deny all from 10.0.0.0/8 to any via ${oif} ${fwcmd} add deny all from 172.16.0.0/12 to any via ${oif} ${fwcmd} add deny all from 192.168.0.0/16 to any via ${oif} # Stop draft-manning-dsua-03.txt (1 May 2000) nets (includes RESERVED-1, # DHCP auto-configuration, NET-TEST, MULTICAST (class D), and class E) # on the outside interface ${fwcmd} add deny all from 0.0.0.0/8 to any via ${oif} ${fwcmd} add deny all from 169.254.0.0/16 to any via ${oif} ${fwcmd} add deny all from 192.0.2.0/24 to any via ${oif} ${fwcmd} add deny all from 224.0.0.0/4 to any via ${oif} ${fwcmd} add deny all from 240.0.0.0/4 to any via ${oif} # Allow TCP through if setup succeeded ${fwcmd} add pass tcp from any to any established # Allow IP fragments to pass through ${fwcmd} add pass all from any to any frag # Allow setup of incoming email ${fwcmd} add pass tcp from any to ${oip} 25 setup # Allow access to our DNS ${fwcmd} add pass tcp from any to ${oip} 53 setup ${fwcmd} add pass udp from any to ${oip} 53 ${fwcmd} add pass udp from ${oip} 53 to any # Allow access to our WWW ${fwcmd} add pass tcp from any to ${oip} 80 setup # Reject&Log all setup of incoming connections from the outside ${fwcmd} add deny log tcp from any to any in via ${oif} setup # Allow setup of any other TCP connection ${fwcmd} add pass tcp from any to any setup # Allow DNS queries out in the world ${fwcmd} add pass udp from ${oip} to any 53 keep-state # Allow NTP queries out in the world ${fwcmd} add pass udp from ${oip} to any 123 keep-state # Everything else is denied by default, unless the # IPFIREWALL_DEFAULT_TO_ACCEPT option is set in your kernel # config file. ;; [Uu][Nn][Kk][Nn][Oo][Ww][Nn]) ;; *) if [ -r "${firewall_type}" ]; then ${fwcmd} ${firewall_flags} ${firewall_type} fi ;; esac ------------------------------------------------------------------------ # # named.conf file # options { directory "/etc/namedb"; zone "." { type hint; file "named.root"; }; zone "0.0.127.IN-ADDR.ARPA" { type master; file "localhost.rev"; }; zone "ryuhoku.jp" { type master; file "ryuhoku.jp.zone"; }; zone "144.161.44.218.in-addr.arpa" { type master; file "218.44.161.144.rev"; }; ------------------------------------------------------------------------ # # ryuhoku.jp.zone file # $TTL 3600 ryuhoku.jp. IN SOA nsg.ryuhoku.jp. root.nsg.ryuhoku.jp. ( 20020426; Serial 3600 ; Refresh 900 ; Retry 3600000 ; Expire 3600 ) ; Minimum ; IN NS nsg.ryuhoku.jp. IN NS ns-tk061.ocn.ad.jp. ; for mail IN MX 10 nrg.ryuhoku.jp. ; ryuhoku.jp IN A 218.44.161.147 ; ne2 IN A 218.44.161.145 nsg IN A 218.44.161.146 nr15w IN A 218.44.161.147 nw15w IN A 218.44.161.148 p8x IN A 218.44.161.149 nrg IN A 218.44.161.150 ; localhost IN A 127.0.0.1 ; www IN CNAME nr15w www0 IN CNAME nr15w www1 IN CNAME nw15w www2 IN CNAME ne2 mail IN CNAME nrg sw-1 IN CNAME www tech IN CNAME www town IN CNAME www town1 IN CNAME www shop IN CNAME www sky IN CNAME www fax0 IN CNAME www1 fax1 IN CNAME p8x game IN CNAME www ------------------------------------------------------------------------ # # 218.44.161.144.rev file # $TTL 3600 144.161.44.218.in-addr.arpa. IN SOA nsg.ryuhoku.jp. root.nsg.ryuhoku.jp. ( 20020416; Serial 3600 ; Refresh 900 ; Retry 3600000 ; Expire 3600 ) ; Minimum ; IN NS nsg.ryuhoku.jp. IN NS ns-tk061.ocn.ad.jp. ; 146 IN PTR nsg.ryuhoku.jp. 147 IN PTR nr15w.ryuhoku.jp. 145 IN PTR ne2.ryuhoku.jp. 148 IN PTR nw15w.ryuhoku.jp. 149 IN PTR p8x.ryuhoku.jp. 150 IN PTR nrg.ryuhoku.jp. |