¼¡¤Î¥Ú¡¼¥¸ Á°¤Î¥Ú¡¼¥¸ Ìܼ¡¤Ø

1. °ìÈÌŪ¤Ê¼ÁÌä

¤³¤ÎÀá¤Ï¡¢¥á¡¼¥ê¥ó¥°¥ê¥¹¥È¤ÇÉÑÈˤˤߤ«¤±¤Æ¤­¤¿¡¢ netfilter ¤Ë´ØÏ¢¤¹¤ë°ìÈÌŪ¤Ê¼ÁÌä(¤È netfilter ¤Ë´Ø·¸¤Ê¤¤¼ÁÌä) ¤òÂоݤȤ·¤Þ¤¹¡£

1.1 netfilter/iptables ¤Ï¤É¤³¤«¤éÆþ¼ê¤Ç¤­¤Þ¤¹¤«¡©

Netfilter ¤È IPtables ¤Ï¡¢Linux 2.4.x ·Ï¥«¡¼¥Í¥ë¤ËÅý¹ç¤µ¤ì¤Þ¤¹¡£ http://www.kernel.org/ ¤Ê¤¤¤·¤Ï¥ß¥é¡¼¥µ¥¤¥È¤«¤é¡¢ ¿·¤·¤¤¥«¡¼¥Í¥ë¤òÆþ¼ê¤·¤Æ¤¯¤À¤µ¤¤¡£

¥æ¡¼¥¶¶õ´Ö¤Î¥Ä¡¼¥ë¤Ç¤¢¤ë 'iptables' ¤Ï¡¢ http://www.netfilter.org/¡¢ http://www.iptables.org/ ¡¢ ¤È¤¤¤Ã¤¿¥ß¥é¡¼¤Ë¤¢¤ë netfilter ¥Û¡¼¥à¥Ú¡¼¥¸¤«¤éÆþ¼ê²Äǽ¤Ç¤¹¡£

1.2 netfilter ¤Î Linux 2.2 ·Ï¤Ø¥Ð¥Ã¥¯¥Ý¡¼¥È¤·¤¿¤â¤Î¤Ï¤¢¤ê¤Þ¤¹¤«¡©

¤¤¤¨¡¢¸½ºß¤Î¤È¤³¤í¤¢¤ê¤Þ¤»¤ó¡£¤·¤«¤·¡¢»Ï¤á¤¿¤¤¤È»×¤¦¤Ê¤é¡¢ ¥Í¥Ã¥È¥ï¡¼¥¯¡¦¥¹¥¿¥Ã¥¯¤Î¥¤¥ó¥¿¥Õ¥§¡¼¥¹¤Ï¤­¤ì¤¤¤Ë¤Ç¤­¤Æ¤Þ¤¹¤Î¤Ç¡¢ ¤½¤ì¤Û¤ÉÆñ¤·¤¤¤È¤¤¤¦¤³¤È¤Ï¤Ê¤¤¤Ï¤º¤Ç¤¹¡£

¤³¤ÎÊýÌ̤Dz¿¤«Æ°¤­¤¬¤¢¤ê¤Þ¤·¤¿¤é¡¢²æ¡¹¤ËÃΤ餻¤Æ¤¯¤À¤µ¤¤¡£

1.3 ICQ conntrack/NAT ¥Ø¥ë¥Ñ¡¼¡¦¥â¥¸¥å¡¼¥ë¤Ï¤¢¤ê¤Þ¤¹¤«¡©

Linux 2.2 ¤Î¥Þ¥·¥ó¤Ç¤Î IP ¥Þ¥¹¥«¥ì¡¼¥É¤Ë´·¤ì¤Æ¤¤¤ë¤Ê¤é¡¢ ¥¯¥é¥¤¥¢¥ó¥È¤É¤¦¤·¤ÇľÀÜ ICQ ÄÌ¿®¤¹¤ë¤Î¤Ë¤Ï¡¢¤º¤Ã¤È ip_masq_icq ¥â¥¸¥å¡¼¥ë¤ò»È¤Ã¤Æ¤­¤¿¤³¤È¤Ç¤·¤ç¤¦¡£ (ÌõÃí:¤³¤³¤Ç¿¨¤ì¤é¤ì¤Æ¤¤¤ë ip_masq_icq ¥â¥¸¥å¡¼¥ë¤Ï¡¢ http://djsf.narod.ru/masq-icq/ ¤è¤êÆþ¼ê²Äǽ)¡£

¤·¤«¤·¡¢Ã¯¤â¤³¤Î¥â¥¸¥å¡¼¥ë¤ò netfilter ÍѤ˺ƼÂÁõ¤·¤Þ¤»¤ó¤Ç¤·¤¿¡£ ¤È¤¤¤¦¤Î¤â¡¢ICQ ¥×¥í¥È¥³¥ë¤Ï¤Ò¤É¤¯±ø¤¤¤ó¤Ç¤¹:) ¤Ç¤â¡¢ ¤½¤ì¤¬ÍøÍѤǤ­¤ë¤è¤¦¤Ë¤Ê¤ë¤Î¤â¡¢»þ´Ö¤ÎÌäÂê¤À¤È»ä¤Ï»×¤Ã¤Æ¤Þ¤¹¡£

Rusty(ÌõÃí: netfilter ¤Î¼çÍ׳«È¯¼Ô¤Ç¤¢¤ë Rusty Russell ¤Î¤³¤È) ¤Ï¤«¤Ä¤Æ¡¢¤¢¤ë¥×¥í¥È¥³¥ë¤Î¥â¥¸¥å¡¼¥ë¤ò netfilter ¥Ç¥£¥¹¥È¥ê¥Ó¥å¡¼¥·¥ç¥ó¤ËÁȤ߹þ¤à¤Ë¤Ï¡¢¥Õ¥ê¡¼¤Ê¥¯¥é¥¤¥¢¥ó¥È¤È ¥Õ¥ê¡¼¤Ê¥µ¡¼¥Ð¤¬¾¯¤Ê¤¯¤È¤â°ì¤Ä¤º¤Ä¸ºß¤·¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¡¢¤È¸À¤¤¤Þ¤·¤¿¡£ ICQ ¤Ë´Ø¤·¤Æ¸À¤¨¤Ð¡¢¥Õ¥ê¡¼¤Ê¥¯¥é¥¤¥¢¥ó¥È¤ÎÊý¤·¤«Â¸ºß¤·¤Þ¤»¤ó¤Î¤Ç¡¢ ¤³¤Î´ð½à¤Ë¤ÏŬ¹ç¤·¤Þ¤»¤ó¡£(¤³¤³¤Ç¥Õ¥ê¡¼¤È¤¤¤¦¤Î¤Ï¼«Í³¤Î¤³¤È¤Ç¡¢ ̵ÎÁ¥Ó¡¼¥ë(free beer)¤Î¥Õ¥ê¡¼¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó¡£¤Ä¤Þ¤ê¡¢RMS ¤ÎÄêµÁÄ̤ꡢ ¤È¤¤¤¦¤³¤È¤Ç¤¹)

1.4 ip_masq_vdolive ¤ä ip_masq_quake ¤Ê¤É¤Î¥â¥¸¥å¡¼¥ë·²¤Ï¤É¤³¤Ë¹Ô¤Ã¤¿¤Î¤Ç¤¹¤«¡©

¤½¤ÎɬÍפ¬¤Ê¤¯¤Ê¤Ã¤¿¤â¤Î¤â¤¢¤ê¤Þ¤¹¤·¡¢¤Þ¤À netfilter ¤Ë°Ü¿¢¤µ¤ì¤Æ¤Ê¤¤¤â¤Î¤â¤¢¤ê¤Þ¤¹¡£netfilter ¤Ï¡¢ UDP ¤Ë¤Ä¤¤¤Æ¤â´°Á´¤Ê¥³¥Í¥¯¥·¥ç¥ó¤ÎÄÉÀפò¹Ô¤¤¤Þ¤¹¤·¡¢¤Þ¤¿ ¥Ñ¥±¥Ã¥È¤Îή¤ì¤ò¤Ç¤­¤ë¸Â¤ê˸¤²¤Ê¤¤¤è¤¦¤Ë¤¹¤ë¥Ý¥ê¥·¡¼¤¬¤¢¤ê¤Þ¤¹¤Î¤Ç¡¢ ¡Ö¤ä¤Ã¤Æ¤ß¤¿¤éÆ°¤¯¡×¤È¤¤¤¦¤â¤Î¤â¤¢¤ê¤Þ¤¹¡£

1.5 patch-o-matic ¤È¤Ï°ìÂβ¿¤Ç¤¹¤«¡©¡¡¤Þ¤¿¤½¤ì¤ò»ä¤Ï¤É¤Î¤è¤¦¤Ë»È¤¨¤Ð¤è¤¤¤Î¤Ç¤¹¤«¡©

2.4.x ·Ï¥«¡¼¥Í¥ë¤Ï°ÂÄêÈÇ¥ê¥ê¡¼¥¹¤Ç¤¹¤Î¤Ç¡¢²æ¡¹¤¬¸½ºß³«È¯Ãæ¤Î¤â¤Î¤ò¡¢ ¥ê¥ê¡¼¥¹ÈǤΥ«¡¼¥Í¥ë¤Ë»ý¤Á¤³¤à¤³¤È¤Ï¤Ç¤­¤Þ¤»¤ó¡£²æ¡¹¤Î¥³¡¼¥É¤Ï¤¹¤Ù¤Æ¡¢ ¤Þ¤º netfilter patch-o-matic ¤Ë¤ª¤¤¤Æ³«È¯¤µ¤ì¡¢»î¸³¤µ¤ì¤Þ¤¹¡£ netfilter ¤ÎºÇÀèü¤Îµ¡Ç½¤ò»È¤¤¤¿¤¤¤Ê¤é¡¢patch-o-matic ¤«¤é¥Ñ¥Ã¥Á¤ò°ì¤Ä°Ê¾å¤¢¤Æ¤Ê¤¯¤Æ¤Ï¤Ê¤é¤Ê¤¤¤«¤â¤·¤ì¤Þ¤»¤ó¡£ ºÇ¿·¤Î iptables ¥Ñ¥Ã¥±¡¼¥¸(¤â¤Á¤í¤ó CVS ¤Î¥½¡¼¥¹¤Ç¤âÂç¾æÉפǤ¹) ¤ò netfilter ¥Û¡¼¥à¥Ú¡¼¥¸¤«¤é¥À¥¦¥ó¥í¡¼¥É¤¹¤ì¤Ð¡¢patch-o-matic ¤ò»È¤¦¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£

patch-o-matic ¤Ï¡¢¤¹¤Ã¤­¤ê¤·¤¿¥æ¡¼¥¶¡¦¥¤¥ó¥¿¥Õ¥§¡¼¥¹¤ò»ý¤Ã¤Æ¤¤¤Þ¤¹¡£

make patch-o-matic

¤ÈÆþÎϤ¹¤ë¤À¤±¤Ç¤¹¡£¥«¡¼¥Í¥ë¡¦¥Ä¥ê¡¼¤¬ /usr/src/linux ¤Ë¤Ê¤¤¾ì¹ç¤Ï¡¢iptables ¥Ñ¥Ã¥±¡¼¥¸¤Î¥È¥Ã¥×¡¦¥Ç¥£¥ì¥¯¥È¥ê¤Ç

make KERNEL_DIR={your-kernel-dir} patch-o-matic

¤È¤·¤Æ¤¯¤À¤µ¤¤¡£patch-o-matic ¤Ï¡¢¥Ñ¥Ã¥ÁËè¤Ë¡¢¥¤¥ó¥¹¥È¡¼¥ë¤µ¤ì¤Æ¤¤¤ë ¥«¡¼¥Í¥ë¡¦¥½¡¼¥¹¤Ë¤½¤Î¥Ñ¥Ã¥Á¤¬Å¬¹ç¤¹¤ë¤«¤É¤¦¤«¤ò¥Á¥§¥Ã¥¯¤·¤Þ¤¹¡£ ¥Ñ¥Ã¥Á¤¬Å¬¹ç¤¹¤ì¤Ð¡¢¤³¤Î¥Ñ¥Ã¥Á¤Ë´Ø¤¹¤ë¤è¤ê¾Ü¤·¤¤¾ðÊó¤òɽ¼¨¤¹¤ë¤«¡¢ ¥Ñ¥Ã¥Á¤òŬÍѤ¹¤ë¤«¡¢¥¹¥­¥Ã¥×¤·¤Æ¼¡¤Î¥Ñ¥Ã¥Á¤Ë¹Ô¤¯¤«¡Ä¤Ê¤É¤ÎÁªÂò¤¬¤Ç¤­¤ë¡¢ ¾®¤µ¤Ê¥×¥í¥ó¥×¥È¤¬É½¼¨¤µ¤ì¤Þ¤¹¡£

1.6 ipnatctl ¤È¡¢¤½¤ì¤Ë´Ø¤¹¤ë¾ÜºÙ¤Ê¾ðÊó¤Ï¤É¤³¤Ë¤¢¤ê¤Þ¤¹¤«¡©

ipnatctl ¤Ï¡¢2.3.x ¥«¡¼¥Í¥ë¤Îº¢¡¢netfilter ¤Î¤´¤¯½é´ü¤Î³«È¯ÈǤˤª¤¤¤Æ¡¢ ¥æ¡¼¥¶¶õ´Ö¤«¤é NAT ¥ë¡¼¥ë¤òÀßÄꤹ¤ë¤Î¤Ë»È¤ï¤ì¤Æ¤¤¤Þ¤·¤¿¡£ ¤â¤¦É¬Íפʤ¯¤Ê¤Ã¤¿¤Î¤Ç¡¢Æþ¼ê¤â¤Ç¤­¤Ê¤¯¤Ê¤ê¤Þ¤·¤¿¡£ ipatctl ¤Îµ¡Ç½¤Ï¤¹¤Ù¤Æ¡¢iptables ¼«¿È¤Ë¤è¤êÄ󶡤µ¤ì¤Æ¤¤¤Þ¤¹¡£ Netfilter ¥Û¡¼¥à¥Ú¡¼¥¸¤Ë¤¢¤ë NAT HOWTO ¤ò»²¾È¤¯¤À¤µ¤¤ (ÌõÃí: NAT HOWTO ¤ÎÆüËܸìÌõ¤Ï¡¢ http://www.linux.or.jp/JF/JFdocs/NAT-HOWTO.html ¤Ë¤¢¤ê¤Þ¤¹)¡£


¼¡¤Î¥Ú¡¼¥¸ Á°¤Î¥Ú¡¼¥¸ Ìܼ¡¤Ø