-<html>
-<head>
-<title>Opegnate Install</title>
-<meta http-equiv="content-type" content="text/html">
-<link rel="stylesheet" type="text/css" media="screen" href="style.css">
-</head>
-
-<body bgcolor="#BBEECC">
-
-<h2>Opengate Install Procedure<a name="top" href="#top" class="anchor">†</a></h2>
-
-<!-- Start:Content Table -->
-<ul>
- <li class="list_alpha"><a href="#opengate0">Opengate Install Procedure</a></li>
- <ul>
- <li class="list_num"><a href="#opengate1">Install Procedure</a></li>
- <li class="list_num"><a href="#opengate2">Install FreeBSD</a></li>
- <li class="list_num"><a href="#opengate3">Install Opengate</a></li>
- </ul>
- <li class="list_alpha"><a href="#ipfw0">Setup ipfw,ip6fw</a></li>
- <ul>
- <li class="list_num"><a href="#ipfw1">Prepare Kernel</a></li>
- <li class="list_num"><a href="#ipfw2">Setup ipfw</a></li>
- <li class="list_num"><a href="#ipfw3">Setup ip6fw</a></li>
- </ul>
- <li class="list_alpha"><a href="#apache0">Install Apache2</a></li>
- <ul>
- <li class="list_num"><a href="#apache1">Install (ports)</a></li>
- <li class="list_num"><a href="#apache2">Install (source)</a></li>
- <li class="list_num"><a href="#apache3">Make ricate key, Certificate</a></li>
- <li class="list_num"><a href="#apache4">Setup VirtualHost</a></li>
- <li class="list_num"><a href="#apache5">Setup HTTP_ERROR 404</a></li>
- </ul>
- <li class="list_alpha"><a href="#dhcp0">Install isc-dhcp3</a></li>
- <ul>
- <li class="list_num"><a href="#dhcp1">Install (ports)</a></li>
- <li class="list_num"><a href="#dhcp2">Setup dhcpd.conf</a></li>
- </ul>
- <li class="list_alpha"><a href="#bind0">Install BIND9</a></li>
- <ul>
- <li class="list_num"><a href="#bind1">Install (ports)</a></li>
- <li class="list_num"><a href="#bind2">Make RNDC key</a></li>
- <li class="list_num"><a href="#bind3">Setup named.conf</a></li>
- <li class="list_num"><a href="#bind4">Setup Zone</a></li>
- <li class="list_num"><a href="#bind5">Start confirmation</a></li>
- </ul>
- <li class="list_alpha"><a href="#mrtg0">Install MRTG</a></li>
- <ul>
- <li class="list_num"><a href="#mrtg1">Install (ports)</a></li>
- <li class="list_num"><a href="#mrtg2">Setup MRTG</a></li>
- <li class="list_num"><a href="#mrtg3">Start confirmation</a></li>
- <li class="list_num"><a href="#mrtg4">Setup crontab</a></li>
- </ul>
-</ul>
-
-<!-- End:Content Table -->
-<hr>
-
-<!-- Start:Install Opengate -->
-<h3>A Install Opegnate<a name="opengate0" href="#opengate0" class="anchor">†</a></h3>
-<ul>
- <li class="list_num"><a href="#opengate1">Install Procedure</a></li>
- <li class="list_num"><a href="#opengate2">Install FreeBSD</a></li>
- <li class="list_num"><a href="#opengate3">Install Opengate</a></li>
-</ul>
-
-<!-- ************ 1 ************** -->
-<h4>A.1 Install Procedure<a name="opengate1" href="#opengate1" class="anchor">†</a></h4>
-
-<p>List of Install Procedure.(*:Necessary by all means)</p>
-
-<ul>
- <li class="list_num">Gateway Machine *</li>
- <li class="list_num">Install FreeBSD *</li>
- <li class="list_num">Prepare kernel *</li>
- <li class="list_num">Setup ipfw,ip6fw *</li>
- <li class="list_num">Setup NAT</li>
- <li class="list_num">Install Apache2 *</li>
- <li class="list_num">Install DHCP</li>
- <li class="list_num">Install BIND9</li>
-</ul>
-
-<div align="right"><a href="#opengate0">back</a> <a href="#top">top</a></div>
-
-<!-- ************ 2 ************** -->
-<h4>A.2 Install FreeBSD<a name="opengate2" href="#opengate2" class="anchor">†</a></h4>
-
-<ul>
- <li>Gateway Machine</li>
- <uL>
- <li>FreeBSD Ver 4.x, 5.x, or 6.x</li>
- <li>Having Two more EtherBoard</li>
- </uL>
-</ul>
-
-<p>Choose distribution Developer(Full sorces, binaries and doc), because we have to prepare a kernel.</p>
-<p>Add next line to "/etc/rc.conf", because you validate a function of a gateway.</p>
-
-<table>
-<td><code>gateway_enable="YES"</code></td>
-</table>
-
-<div align="right"><a href="#opengate0">back</a> <a href="#top">top</a></div>
-
-<!-- ************ 3 ************** -->
-<h4>A.3 Install Opengate<a name="opengate3" href="#opengate3" class="anchor">†</a></h4>
-
-<h5>A.3.1 Package of Opengate<a name="opengate4" href="#opengate4" class="anchor">†</a></h5>
-
-<p>Unfolds the latest package of Opengate. It have next directory.</p>
-
-<table>
-<tr><td>
-<pre>
-doc\81FDocumentations
-conf\81Fconfiguration file sample and firewall control perl script sample
-javahtml\81FClient Java Programs and HTML files
-opengatesrv\81FServer CGI program
-</pre>
-</td></tr>
-</table>
-
-<h5>A.3.2 Compile<a name="opengate5" href="#opengate5" class="anchor">†</a></h5>
-
-<p>Edit Makefile and opengatesrv.h in opengatesrv before carry out compile.</p>
-<p>Opengate needs tow FQDNs(FQDN_4 and FQDN_64). For example, FQDN_4 is "opengate.saga-u.ac.jp"
-(IPv4 address: 133.49.31.1). FQDN_64 is "opengate.saga-u.ac.jp"(IPv4 address: 192.168.55.1, IPv6 address: 2001:e38:100:100::1).</p>
-
-<p>Makefile</p>
-<ul>
- <li class="list_none">HOSTNAME</li>
- <ul>
- <li>Set FQDN_64</li>
- </ul>
- <li class="list_none">HOSTNAME4</li>
- <ul>
- <li>Set FQDN_4</li>
- </ul>
- <li class="list_none">OPENGATEDIR</li>
- <ul>
- <li>Opengate install directory (from Web top)</li>
- </ul>
- <li class="list_none">HTMLTOP1,HTMLTOP2</li>
- <ul>
- <li>Web top directory</li>
- <li>Web top directory (for HTTPS)</li>
- </ul>
- <li class="list_none">CGIPATH,CGIPROG,CGIURL</li>
- <ul>
- <li>CGI directory</li>
- <li>CGI program name</li>
- <li>URL of CGI program</li>
- </ul>
- <li class="list_none">AUTHCGIPROG,AUTHCGIURL</li>
- <ul>
- <li>Authentication CGI program name</li>
- <li>URL of Authentication CGI program</li>
- </ul>
- <li class="list_none">CONFIGFILE</li>
- <ul>
- <li>Configuration file name</li>
- </ul>
- <li class="list_none">USEFWSCRIPT,FWSCRIPT,FWSCRIPTFILE</li>
- <ul>
- <li>Enable(1) or disable(0) Perl script to control firewall open</li>
- <li>Firewall control Perl script name</li>
- <li>Path to fireall control Perl script</li>
- </ul>
- <li class="list_none">LOCKFILE</li>
- <ul>
- <li>Lock file for exclusive execution</li>
- </ul>
- <li class="list_none">HTMLDOCS,DENYDOC,DENYDOCSSL,ACCEPTDOC,ACCEPTDOC2</li>
- <ul>
- <li>HTML files listing</li>
- <li>HTML file sent at dynying</li>
- <li>HTML file sent at dynying(For HTTPS)</li>
- <li>HTML file sent at accepting</li>
- <li>HTML file sent at accepting in popup window (can chenge this in URL. Refer INFOMATION)</li>
- </ul>
- <li class="list_none">INFOMATION</li>
- <ul>
- <li>Enable(1) or disable(0), Instead of ACCEPTDOC2, Call other URL in popup window</li>
- </ul>
- <li class="list_none">INFOMATIONURL</li>
- <ul>
- <li>URL instead of ACCEPTDOC2</li>
- </ul>
- <li class="list_none">AUTHHTMLJA,AUTHHTMLEN,AUTHHTMLJASSL,AUTHHTMLENSSL</li>
- <ul>
- <li>Authentication HTML file in Japanese</li>
- <li>Authentication HTML file in English</li>
- <li>Authentication HTML file in Japanese (For HTTPS)</li>
- <li>Authentication HTML file in English (For HTTPS)</li>
- <li>When you add other languages, add other languages to "javahtml", add HTMLDOCS, DENYDOC, DENYDOCSSL,
- ACCEPTDOC, ACCEPTDOC2. And edit opengateauth.h, add AUTHMLXX lines.</li>
- </ul>
- <li class="list_none">ARPPATH</li>
- <ul>
- <li>Path to arp command</li>
- </ul>
- <li class="list_none">NDPPAHT</li>
- <ul>
- <li>Path to ndp command</li>
- </ul>
- <li class="list_none">IPFW,IP6FW</li>
- <ul>
- <li>Path to ipfw and ip6fw commands</li>
- </ul>
-</ul>
-
-<p>opengatesrv.h</p>
-
-<ul>
- <li class="list_none">DEBUG</li>
- <ul>
- <li>If set to 1, function call trace log is put out to syslog</li>
- </ul>
- <li class="list_none">DURATIONDEFAULT</li>
- <ul>
- <li>Default time duration to wait for Java Applet connect.(second)
- If no connection in the duration, the network is closed.
- The duration can be changed in auth page by the user.</li>
- </ul>
- <li class="list_none">DURATIONMAX</li>
- <ul>
- <li>Maximum duration to wait for Java Applet connect. (second)
- Under this value, the Applet waiting duration (= duration of
- network open without Java Applet) can be specified by the user
- on the authentication page.
- If user specified duration is not agreeable, set it the same
- value as DURATIONDEFAULT and remove the field in auth page.</li>
- </ul>
- <li class="list_none">ACTIVECHECKINTERVAL</li>
- <ul>
- <li>Time interval of checking the terminal.(second)
- In no java mode, check by MAC address and packet count for the
- terminal's IP address.
- In java mode, check by HELLO exchange and packet count.</li>
- </ul>
- <li class="list_none">COMMWAITTIMEOUT</li>
- <ul>
- <li>Server waiting time for communication reply.(second)</li>
- </ul>
- <li class="list_none">NOREPLYMAX</li>
- <ul>
- <li>Permitted count of no reply to HELLO. If the client does not
- send back HELLO more than NOREPLYMAX times, then the network
- is closed.</li>
- </ul>
- <li class="list_none">NOPAKETINTERVAL</li>
- <ul>
- <li>If no packet is passed for this time interval, then
- the network is closed.(second)</li>
- </ul>
- <li class="list_none">LOCKTIMEOUT</li>
- <ul>
- <li>Maximum locking time for exclusive ipfw action.(second)</li>
- </ul>
- <li class="list_none">IPFWMIN</li>
- <ul>
- <li>Minimum ipfw rule number used by opengate.</li>
- </ul>
- <li class="list_none">IPFWMAX</li>
- <ul>
- <li>Maximum ipfw rule number used by opengate.</li>
- </ul>
- <li class="list_none">IPFWINTERVAL</li>
- <ul>
- <li>Rule number interval used by opengate.
- The maximum terminals/processes can be controled by these value.</li>
- </ul>
- <li class="list_none">PORTMIN</li>
- <ul>
- <li>Minimum port value used by opengate.</li>
- </ul>
- <li class="list_none">PORTMAX</li>
- <ul>
- <li>Maximum port value used by opengate. Set unused port range.</li>
- </ul>
- <li class="list_none">FACILITY</li>
- <ul>
- <li>syslog facility</li>
- </ul>
-</ul>
-
-<p>Compile and Install after finishing the above-mentioned setting.</p>
-
-<table><tr><td><pre>
-#make
-cc -DCONFIGFILE=\"/etc/opengatesrv.conf\"
--DOPENGATEDIR=\"/opengate\" -DDENYDOC=\"deny.html\"
--DDENYDOC=\"deny.html\" -DDENYDOCSSL=\"deny-ssl.html\"
------------------
------------------
------------------
-# make install
-</pre></td></tr></table>
-
-<h5>A.3.3 Setup authentication server<a name="opengate6" href="#opengate6" class="anchor">†</a></h5>
-
-<p>It is described the details of a setting method in a configuration file (opengatesrv.conf).</p>
-
-<div align="right"><a href="#opengate0">back</a> <a href="#top">top</a></div>
-
-<hr>
-<!-- Start:Setup ipfw,ip6fw -->
-<h3>B Setup ipfw,ip6fw<a name="ipfw0" href="#ipfw0" class="anchor">†</a></h3>
-
-<ul>
- <li class="list_num"><a href="#ipfw1">Prepare kernel</a></li>
- <li class="list_num"><a href="#ipfw2">Setup ipfw</a></li>
- <li class="list_num"><a href="#ipfw3">Setup ip6fw</a></li>
-</ul>
-
-
-<!-- ************ 1 ************** -->
-<h4>B.1 Prepare kernel<a name="ipfw1" href="#ipfw1" class="anchor">†</a></h4>
-
-<p>Prepare kernel having ipfw and ip6fw functions.</p>
-
-<p>Copy kernel options file.</p>
-
-<table><tr><td><pre>
-# cd /usr/src/sys/i386/conf
-# cp GENERIC MYKERNEL
-</pre></td></tr></table>
-
-<p>Add next lines.</p>
-
-<table><tr><td><pre>
-options IPDIVERT
-
-options IPFIREWALL
-options IPFIREWALL_FORWARD
-options IPFIREWALL_VERBOSE
-options IPFIREWALL_VERBOSE_LIMIT=100
-
-options IPV6FIREWALL
-options IPV6FIREWALL_VERBOSE
-options IPV6FIREWALL_VERBOSE_LIMIT=100
-
-options IPSEC
-options IPSEC_ESP
-options TCP_DROP_SYSFIN
-</pre></td></tr></table>
-
-<li>When use NAT, IPDIVERT is necessary.</li>
-<li>When need firewal log, *VERBOSE is necessary.</li>
-<li>When use IPSEC, *IPSEC is nnecessary.</li>
-
-<p>compile and install kernel having ipfw and ip6fw functions.</p>
-
-<table><tr><td><pre>
-# config MYKERNEL
-# cd ../compile/MYKERNEL
-# make depend
-# make
-# make install
-</pre></td></tr></table>
-
-<p>Add next lines to "/etc/rc.conf".</p>
-
-<table><tr><td><pre>
-firewall_enable="YES"
-firewall_script="/etc/rc.firewall"
-
-ipv6_firewall_enable="YES"
-ipv6_firewall_script="/etc/rc.firewall6"
-
-natd_enable="YES"
-natd_interface="em0"
-</pre></td></tr></table>
-
-<p>Validate a ipfw and ip6fw. And setup configuration script path.
-When use NAT, Validate natd and setup natd interface.</p>
-
-<div align="right"><a href="#ipfw0">back</a> <a href="#top">top</a></div>
-
-<!-- ************ 2 ************** -->
-<h4>B.2 Setup ipfw<a name="ipfw2" href="#ipfw2" class="anchor">†</a></h4>
-
-<p>Write a rule of ipfw for Opengate. This is example "/etc/rc.firewall".</p>
-
-<table><tr><td><pre>
-### set these to your outside interface network and netmask and ip
-oif="em0"
-onet="192.168.0.0"
-omask="255.255.255.0"
-oip="192.168.0.34"
-
-### set these to your inside interface network and netmask and ip
-iif="bge0"
-inet="192.168.55.0"
-imask="255.255.255.0"
-iip="192.168.55.1"
-
-fwcmd="/sbin/ipfw"
-
-### divert packet to NATD
-$fwcmd add 1 divert natd ip from any to any via ${oif}
-
-### Stop spoofing
-$fwcmd add deny all from ${inet}:${imask} to any in via ${oif}
-$fwcmd add deny all from ${onet}:${omask} to any in via ${iif}
-
-### Stop http from softeather
-$fwcmd add deny tcp from 192.168.0.0:255.255.255.0 to ${oip} 80
-$fwcmd add deny tcp from 192.168.0.0:255.255.255.0 to ${oip} 443
-
-### Allow from / to myself
-$fwcmd add pass all from ${iip} to any via ${iif}
-$fwcmd add pass all from ${oip} to any via ${oif}
-$fwcmd add pass all from any to ${iip} via ${iif}
-$fwcmd add pass all from any to ${oip} via ${oif}
-
-### Allow DNS queries out in the world
-### (if DNS is on localhost, delete passDNS)
-$fwcmd add pass udp from any 53 to any
-$fwcmd add pass udp from any to any 53
-$fwcmd add pass tcp from any to any 53
-$fwcmd add pass tcp from any 53 to any
-
-### Forwarding http connection from unauth client
-$fwcmd add 60000 fwd localhost tcp from ${inet}:${imask} to any 80
-$fwcmd add 60010 fwd localhost tcp from ${inet}:${imask} to any 443
-
-### Allow TCP through if setup succeeded
-$fwcmd add 60100 pass tcp from any to any established
-</pre></td></tr></table>
-
-<p>Rule number for [forward] Command must be larger than the rule numbers used in opengate(10000-40000).
-Rule number for [divert to natd] must be smaller than most rules.</p>
-
-<p>The file [conf/opengatefw.conf] is the script describing the above rules.
- You can edit and use this script instead of rc.firewall. </p>
-
-<p>Be falimiar with ipfw command. Opengate is a software to send out the ipfw command like above one.</p>
-
-<div align="right"><a href="#ipfw0">back</a> <a href="#top">top</a></div>
-
-<!-- ************ 3 ************** -->
-<h4>B.3 Setup ip6fw<a name="ipfw3" href="#ipfw3" class="anchor">†</a></h4>
-
-<p>Write a rule of ip6fw for Opengate. This is example "/etc/rc.firewall6".</p>
-
-<table><tr><td><pre>
-### set these to your outside interface network and prefixlen and ip
-oif="em0"
-onet="2001:e38:3661:1a0::"
-oprefixlen="64"
-oip="2001:e38:3661:1a0::34"
-
-### set these to your inside interface network and prefixlen and ip
-iif="bge0"
-inet="2001:e38:3661:1a5::"
-iprefixlen="64"
-iip="2001:e38:3661:1a5::1"
-
-### path to command "ip6fw"
-fw6cmd="/sbin/ip6fw"
-
-${fw6cmd} add pass all from ${iip} to any
-${fw6cmd} add pass all from any to ${iip}
-${fw6cmd} add pass all from ${oip} to any
-${fw6cmd} add pass all from any to ${oip}
-
-### Allow RA RS NS NA Redirect...
-${fw6cmd} add pass ipv6-icmp from any to any
-
-# Allow IP fragments to pass through
-${fw6cmd} add pass all from any to any frag
-
-# Allow RIPng
-${fw6cmd} add pass udp from fe80::/10 521 to ff02::9 521
-${fw6cmd} add pass udp from fe80::/10 521 to fe80::/10 521
-
-### Allow TCP through if setup succeeded
-${fw6cmd} add 60100 pass tcp from any to any established
-
-# TCP reset notice message
-${fw6cmd} add 60200 reset tcp from any to any 80
-${fw6cmd} add 60300 reset tcp from any to any 443
-</pre></td></tr></table>
-
-<p>ip6fw dose not have [forward] function. Threrfore Opengate waits for
-timeout of IPv6 HTTP request. And uses [forward] function of ipfw.</p>
-
-<p>When use FreeBSD 5.2 more, ip6fw has TCP reset function.
-TCP reset try to send a TCP reset (RST) notice.</p>
-
-<p>The file [conf/opengatefw6.conf] is the script describing the above rules.
- You can edit and use this script instead of rc.firewall6. </p>
-
-<p>Be falimiar with ip6fw command too.</p>
-
-<div align="right"><a href="#ipfw0">back</a> <a href="#top">top</a></div>
-
-<hr>
-<!-- Start:Install Apache2 -->
-<h3>C Install Apache2<a name="apache0" href="#apache0" class="anchor">†</a></h3>
-<ul>
- <li class="list_num"><a href="#apache1">Install (ports)</a></li>
- <li class="list_num"><a href="#apache2">Install (source)</a></li>
- <li class="list_num"><a href="#apache3">Make Private key, Certificate</a></li>
- <li class="list_num"><a href="#apache4">Setup VirtualHost</a></li>
- <li class="list_num"><a href="#apache5">Setup HTTP_ERROR 404</a></li>
-</ul>
-
-<!-- ************ 1 ************** -->
-<h4>C.1 Install (ports)<a name="apache1" href="#apache1" class="anchor">†</a></h4>
-
-<p>Opengate needs Apache2 supporting IPv6. Because Opengate does authentication, Apache2
-had better support SSL. But you don't have to install mod_ssl because
-Apache2 support SSL with a standard.</p>
-
-<table><tr><td><pre>
-# cd /usr/ports/www/apache2
-# make clean
-===> Cleaning for autoconf-2.53_1
-===> Cleaning for libtool-1.3.5_1
-===> Cleaning for m4-1.4_1
-===> Cleaning for help2man-1.29
-===> Cleaning for expat-1.95.6_1
-===> Cleaning for apache-2.0.48_3
-# make install clean ; rehash
-</pre></td></tr></table>
-
-<p>Add next lines to "/etc/rc.conf"</p>
-
-<table><tr><td><pre>
-apache2_enable="YES"
-apache2ssl_enable="YES"
-</pre></td></tr></table>
-
-
-<div align="right"><a href="#apache0">back</a> <a href="#top">top</a></div>
-
-<!-- ************ 2 ************** -->
-<h4>C.2 Install (source)<a name="apache2" href="#apache2" class="anchor">†</a></h4>
-
-<p>You can get a source of Apache2 from "www.apache.org".</p>
-
-<p>Validate a SSL module in configure.</p>
-
-<table><tr><td><pre>
-# tar xvfz httpd-2.0.55.tar.gz
-# cd httpd-2.0.55
-# ./configure --enable-modules="so ssl"
-# make
-# make install
-</pre></td></tr></table>
-
-<div align="right"><a href="#apache0">back</a> <a href="#top">top</a></div>
-
-<!-- ************ 3 ************** -->
-<h4>C.3 Make private key, certificate<a name="apache3" href="#apache3" class="anchor">†</a></h4>
-
-<p>Make two Private keys and Certificates for Apache2 because Opengate needs
-two FQDNs.</p>
-
-<table><tr><td><pre>
-# cd /usr/local/etc/apache2
-# mkdir ssl.key ssl.crt
-# chmod 700 ssl.key ssl.crt
-
-# /usr/bin/openssl genrsa -out /usr/local/etc/apache2/ssl.key/server1.key 1024
-# /usr/bin/openssl genrsa -out /usr/local/etc/apache2/ssl.key/server2.key 1024
-</pre></td></tr></table>
-
-<br>
-
-<table><tr><td><pre>
-# /usr/bin/openssl req -new -x509 -days 365 \
- -key /usr/local/etc/apache2/ssl.key/server1.key \
- -out /usr/local/etc/apache2/ssl.crt/server1.crt
-
-You are about to be asked to enter information that will be incorporated
-into your certificate request.
-What you are about to enter is what is called a Distinguished Name or a DN.
-There are quite a few fields but you can leave some blank
-For some fields there will be a default value,
-If you enter '.', the field will be left blank.
------
-Country Name (2 letter code) [AU]:JP
-State or Province Name (full name) [Some-State]:Saga
-Locality Name (eg, city) []:Saga-city
-Organization Name (eg, company) [Internet Widgits Pty Ltd]:Saga-university
-Organizational Unit Name (eg, subsection) []:Information Science
-Common Name (eg, YOUR name) []:opengate.is.saga-u.ac.jp
-Email Address []:administrator@opengate.is.saga-u.ac.jp
-
-Please enter the following 'extra' attributes
-to be sent with your certificate request
-A challenge password []:
-An optional company name []:
-
-# /usr/bin/openssl req -new -x509 -days 365 \
- -key /usr/local/etc/apache2/ssl.key/server2.key \
- -out /usr/local/etc/apache2/ssl.crt/server2.crt
-
-You are about to be asked to enter information that will be incorporated
-into your certificate request.
-What you are about to enter is what is called a Distinguished Name or a DN.
-There are quite a few fields but you can leave some blank
-For some fields there will be a default value,
-If you enter '.', the field will be left blank.
------
-Country Name (2 letter code) [AU]:JP
-State or Province Name (full name) [Some-State]:Saga
-Locality Name (eg, city) []:Saga-city
-Organization Name (eg, company) [Internet Widgits Pty Ltd]:Saga-university
-Organizational Unit Name (eg, subsection) []:Information Science
-Common Name (eg, YOUR name) []:opengate4.is.saga-u.ac.jp
-Email Address []:administrator@opengate.is.saga-u.ac.jp
-
-Please enter the following 'extra' attributes
-to be sent with your certificate request
-A challenge password []:
-An optional company name []:
-</pre></td></tr></table>
-
-<div align="right"><a href="#apache0">back</a> <a href="#top">top</a></div>
-
-<!-- ************ 4 ************** -->
-<h4>C.4 Setup VirtualHost<a name="apache4" href="#apache4" class="anchor">†</a></h4>
-
-<p>Name-based virtual hosting cannot be used with SSL secure servers
-because of the nature of the SSL protocol. Therefore, use IP-based virtual host.</p>
-
-<p>Edit httpd.conf and ssl.conf like an example.</p>
-
-<table><tr><td>httpd.conf</td></tr><tr><td><pre>
-NameVirtualHost 192.168.55.1:80
-<VirtualHost 192.168.55.1:80>
- ServerAdmin administrator@opengate.is.saga-u.ac.jp
- DocumentRoot /usr/local/www
- ServerName opengate.is.saga-u.ac.jp
- ErrorLog "|/usr/bin/logger -p local6.info"
- CustomLog "|/usr/bin/logger -p local5.info" combined
-</VirtualHost>
-
-NameVirtualHost [2001:e38:3661:1a5::1]:80
-<VirtualHost [2001:e38:3661:1a5::1]:80>
- ServerAdmin administrator@opengate.is.saga-u.ac.jp
- DocumentRoot /usr/local/www
- ServerName opengate.is.saga-u.ac.jp
- ErrorLog "|/usr/bin/logger -p local6.info"
- CustomLog "|/usr/bin/logger -p local5.info" combined
-</VirtualHost>
-
-NameVirtualHost 192.168.0.34:80
-<VirtualHost 192.168.0.34:80>
- ServerAdmin administrator@opengate.is.saga-u.ac.jp
- DocumentRoot /usr/local/www
- ServerName opengate4.is.saga-u.ac.jp
- ErrorLog "|/usr/bin/logger -p local6.info"
- CustomLog "|/usr/bin/logger -p local5.info" combined
-</VirtualHost>
-</pre></td></tr></table>
-<br>
-<table><tr><td>ssl.conf</td></tr><tr><td><pre>
-NameVirtualHost 192.168.55.1:443
-<VirtualHost 192.168.55.1:443>
- DocumentRoot "/usr/local/www"
- ServerName opengate.is.saga-u.ac.jp:443
- ServerAdmin administrator@opengate.is.saga-u.ac.jp
- ErrorLog "|/usr/bin/logger -p local6.info"
- CustomLog "|/usr/bin/logger -p local5.info" combined
-
- SSLEngine on
- SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
- SSLCertificateFile /usr/local/etc/apache2/ssl.crt/server1.crt
- SSLCertificateKeyFile /usr/local/etc/apache2/ssl.key/server1.key
-</VirtualHost>
-
-NameVirtualHost [2001:e38:3661:1a5::1]:443
-<VirtualHost [2001:e38:3661:1a5::1]:443>
- DocumentRoot "/usr/local/www"
- ServerName opengate.is.saga-u.ac.jp:443
- ServerAdmin administrator@opengate.is.saga-u.ac.jp
- ErrorLog "|/usr/bin/logger -p local6.info"
- CustomLog "|/usr/bin/logger -p local5.info" combined
-
- SSLEngine on
- SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
- SSLCertificateFile /usr/local/etc/apache2/ssl.crt/server1.crt
- SSLCertificateKeyFile /usr/local/etc/apache2/ssl.key/server1.key
-</VirtualHost>
-
-NameVirtualHost 192.168.0.34:443
-<VirtualHost 192.168.0.34:443>
- DocumentRoot "/usr/local/www"
- ServerName opengate4.is.saga-u.ac.jp:443
- ServerAdmin administrator@opengate.is.saga-u.ac.jp
- ErrorLog "|/usr/bin/logger -p local6.info"
- CustomLog "|/usr/bin/logger -p local5.info" combined
-
- SSLEngine on
- SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
- SSLCertificateFile /usr/local/etc/apache2/ssl.crt/server2.crt
- SSLCertificateKeyFile /usr/local/etc/apache2/ssl.key/server2.key
-</VirtualHost>
-</pre></td></tr></table>
-
-<p>You have to edit other directive. Be familiar with apache2 configuration.</p>
-
-<div align="right"><a href="#apache0">back</a> <a href="#top">top</a></div>
-
-<!-- ************ 5 ************** -->
-<h4>C.5 Setup HTTP_ERROR 404<a name="apache5" href="#apache5" class="anchor">†</a></h4>
-
-<p>Opengate must always send authentication page for any kind of HTTP request. Therefore
-Add next line "to httpd.conf".</p>
-
-<table><tr><td><pre>
-ErrorDocument 404 /
-</pre></td></tr></table>
-
-<div align="right"><a href="#apache0">back</a> <a href="#top">top</a></div>
-
-<hr>
-
-<!-- Start:Install isc-dhcp3 -->
-<h3>D Install isc-dhcp3<a name="dhcp0" href="#dhcp0" class="anchor">†</a></h3>
-
-<ul>
- <li class="list_num"><a href="#dhcp1">Install (ports)</a></li>
- <li class="list_num"><a href="#dhcp2">Setup DHCP</a></li>
-</ul>
-
-
-<!-- *********** 1 ************* -->
-<h4>D.1 Install (ports)<a name="dhcp1" href="#dhcp1" class="anchor">†</a></h4>
-
-<table><tr><td><pre>
-# cd /usr/ports/net/isc-dhcp3-server
-# make
-===> Cleaning for isc-dhcp3-server-3.0.1.r14_3
-# make install clean ; rehash
-</pre></td></tr></table>
-
-<div align="right"><a href="#dhcp0">back</a> <a href="#top">top</a></div>
-
-<!-- ************ 2 ************** -->
-<h4>D.2 Setup DHCP<a name="dhcp2" href="#dhcp2" class="anchor">†</a></h4>
-
-<p>There is "/usr/local/etc/dhcpd.conf.sample" as configuration file after instalation.
-Copy dhcpd.conf.sample to dhcpd.conf and edit configuration file.</p>
-
-<table><tr><td><pre>
-option domain-name "saga-u.ac.jp";
-option domain-name-servers 192.168.0.2;
-option subnet-mask 255.255.255.0;
-option broadcast-address 192.168.55.255;
-option routers 192.168.55.1;
-
-default-lease-time 600;
-max-lease-time 7200;
-ddns-update-style none;
-log-facility local7;
-
-subnet 192.168.55.0 netmask 255.255.255.0 {
- range 192.168.55.100 192.168.55.200;
-}
-</pre></td></tr></table>
-
-<p>Add next lines to "/etc/rc.conf".</p>
-
-<table><tr><td><pre>
-dhcpd_enable="YES"
-dhcpd_ifaces="bge0"
-dhcpd_conf="/usr/local/etc/dhcpd.conf"
-</pre></td></tr></table>
-
-<p>dhcpd_ifaces : interfaces ID that send DHCP.</p>
-
-<div align="right"><a href="#dhcp0">back</a> <a href="#top">top</a></div>
-
-<hr>
-<!-- Start:Instal BIND9 -->
-<h3>E Install BIND9<a name="bind0" href="#bind0" class="anchor">†</a></h3>
-
-<ul>
- <li class="list_num"><a href="#bind1">Install (ports)</a></li>
- <li class="list_num"><a href="#bind2">Make RNDC key</a></li>
- <li class="list_num"><a href="#bind3">Setup named.conf</a></li>
- <li class="list_num"><a href="#bind4">Setup zone</a></li>
- <li class="list_num"><a href="#bind5">Start confirmation</a></li>
-</ul>
-
-<!-- ********** 1 *********** -->
-<h4>E.1 Install (ports)<a name="bind1" href="#bind1" class="anchor">†</a></h4>
-
-<p>Opengate needs two FQDNs. It can be settled even to register FQDN for Opengate with
-existing DNS. When use NAT, you had not better regist an address of IPv4 private network
-with outside DNS.</p>
-
-<table><tr><td><pre>
-# cd /usr/ports/dns/bind9/
-# make clean
-===> Cleaning for bind9-9.3.1
-# make install clean ; rehash
-</pre></td></tr></table>
-
-<p>There is "/etc/namedb(/var/named/etc/namedb)" after installation.</p>
-
-<div align="right"><a href="#bind0">back</a> <a href="#top">top</a></div>
-
-<!-- ********** 2 ********** -->
-<h4>E.2 Make RNDC key<a name="bind2" href="#bind2" class="anchor">†</a></h4>
-
-<p>BIND9 is controlled by rndc command for security.</p>
-
-<table><tr><td><pre>
-# /usr/local/sbin/dnssec-keygen -a hmac-md5 -b 512 -n user rndc
-</pre></td></tr></table>
-<p>When error "out of entropy", try with next method.</p>
-
-<table><tr><td><pre>
-# /usr/local/sbin/dnssec-keygen -r /dev/urandom -a hmac-md5 -b 512 -n user rndc
-</pre></td></tr></table>
-
-<ul>
- <li><pre>Krndc.+157+60849.key</pre></li>
- <li><pre>Krndc.+157+60849.private</pre></li>
-</ul>
-
-<p>There is "/usr/local/etc/rndc.conf.sample" after BIND9 installation.
-And copy to "rndc.conf".</p>
-
-<p>Edit "key" directive as like "key" directive of "Krndc.+xxxxxxxx.private.</p>
-
-<table><tr><td><pre>
-options {
- default-server localhost;
- default-key "key";
-};
-
-server localhost {
- key "key";
-};
-
-key "key" {
- algorithm hmac-md5;
- secret "...";
-};
-</pre></td></tr></table>
-
-
-<div align="right"><a href="#bind0">back</a> <a href="#top">top</a></div>
-
-<!-- ********* 3 ********* -->
-<h4>E.3 Setup named.conf<a name="bind3" href="#bind3" class="anchor">†</a></h4>
-
-<p>There is "/etc/namedb/named.conf" after installation.</p>
-
-<p>Edit "key" directive as like "key" directive of "rndc.conf"</p>
-
-<table><tr><td><pre>
-key "rndc_key" {
- algorithm hmac-md5;
- secret "...";
-};
-
-controls {
- inet ::1 allow {
- ::1;
- }
- keys {
- "rndc_key";
- };
- inet 127.0.0.1 allow {
- 127.0.0.1;
- }
- keys {
- "rndc_key";
- };
-};
-</pre></td></tr></table>
-
-<p>Write "key" directive in the other file. And you had better include it in "named.conf".
-You can secure security more by setting a permission of the other file adequately.</p>
-
-<p>Edit "options" directive.</p>
-
-<table><tr><td><pre>
-options {
- directory "/etc/namedb";
- pid-file "/var/run/named/named.pid";
- auth-nxdomain yes;
- listen-on-v6 { any; };
-};
-</pre></td></tr></table>
-
-<p>Make a directory to put "named.pid" properly.</p>
-
-<div align="right"><a href="#bind0">back</a> <a href="#top">top</a></div>
-
-<!-- ******** 4 ********* -->
-<h4>E.4 Setup Zone<a name="bind4" href="#bind4" class="anchor">†</a></h4>
-
-<p>Edit "view" and "zone" directive.</p>
-
-<p>"view" directive is implemented in BIND9. "zone" is child directive of "view".
-BIND9 can choose zone which answers client by a DNS inquiry IP address by setting "view" adequately.</p>
-
-<table><tr><td><pre>
-view "og" {
- match-clients
- {
- 10.0.0.0/16;
- };
-
- recursion yes;
-
- zone "." {
- type hint;
- file "named.root";
- };
-
- zone "og.saga-u.ac.jp" {
- type master;
- file "og.saga-u.ac.jp";
- };
-
- zone "0.0.127.IN-ADDR.ARPA" {
- type master;
- file "master/localhost.rev";
- };
-
- // RFC 3152
- zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.\
- 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA" {
- type master;
- file "master/localhost-v6.rev";
- };
-
- // RFC 1886 -- deprecated
- zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.\
- 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.INT" {
- type master;
- file "master/localhost-v6.rev";
- };
-};
-</pre></td></tr></table>
-
-<p>Make a "zone" file of domain as "og.saga-u.ac.jp".</p>
-
-<table><tr><td><pre>
-$TTL 3600
-$ORIGIN og.saga-u.ac.jp.
-
-@ IN SOA ns.og.saga-u.ac.jp. postmaster (
- 2005051702 ;
- 3600
- 1200
- 2419200
- 86400 )
- IN NS ns.og.saga-u.ac.jp.
- IN A 10.0.0.2
- IN MX 10 opengate.og.saga-u.ac.jp.
-
-ns IN A 10.0.0.2
-
-opengate IN A 10.0.0.2
- AAAA 2001:2f8:10:1::1
-
-opengate4 IN A 133.49.1.2
-</pre></td></tr></table>
-
-<div align="right"><a href="#bind0">back</a> <a href="#top">top</a></div>
-
-<!-- ********* 5 ********* -->
-<h4>E.5 Start confirmation<a name="bind5" href="#bind5" class="anchor">†</a></h4>
-
-<p>Confirm starting "named" after setting was completed.</p>
-
-<table><tr><td><pre>
-# /usr/local/sbin/named/ -u bind -c /etc/namedb/named.conf
-</pre></td></tr></table>
-
-<p>If "named" starts without a problem, Add next lines to "/etc/rc.conf".</p>
-
-<table><tr><td><pre>
-named_enable="YES"
-named_program="/usr/local/sbin/named"
-named_flags="-u bind -c /etc/namedb/named.conf"
-</pre></td></tr></table>
-
-<p>Because management of a DNS server is too complicatedly, You had better read manual of BIND9 carefully, and
-refer to other document.</p>
-
-<div align="right"><a href="#bind0">back</a> <a href="#top">top</a></div>
-<hr>
-
-<!-- Start:Install MRTG -->
-<h3>B MRTG<a name="mrtg0" href="#mrtg0" class="anchor">†</a></h3>
-
-<ul>
- <li class="list_num"><a href="#mrtg1">Install (ports)</a></li>
- <li class="list_num"><a href="#mrtg2">Setup MRTG</a></li>
- <li class="list_num"><a href="#mrtg3">Start confirmation</a></li>
- <li class="list_num"><a href="#mrtg4">Setup crontab</a></li>
-</ul>
-
-<!-- ************ 1 ************** -->
-<h4>F.1 Install MRTG<a name="mrtg1" href="#mrtg1" class="anchor">†</a></h4>
-
-<p>You can use MRTG to watch a state of Opengate. If you do not wath a state of Opengate, you
-do not have to install MRTG.</p>
-
-<p><a href="http://people.ee.ethz.ch/~oetiker/webtools/mrtg/" target="_blank">MRTG</a>(Multi Router Traffic Grapher) is system to watch network traffic.
-MRTG makes graphic images and HTML files. </p>
-
-<p>You can install MRTG to gateway server or another server. If you must watch plural Opengate, you
-had better install MRTG to another server.</p>
-
-<table><tr><td><pre>
-# cd /usr/ports/net-mgmt/mrtg/
-# make clean
-===> Cleaning for mrtg-2.12.2,1
-# make install clean ; rehash
-</pre></td></tr></table>
-
-<div align="right"><a href="#mrtg0">back</a> <a href="#top">top</a></div>
-
-<!-- ************ 2 ************** -->
-<h4>F.2 Setup MRTG<a name="mrtg2" href="#mrtg2" class="anchor">†</a></h4>
-
-<p>There is "/usr/local/etc/mrtg/mrtg.cfg.sample" as configuration file after instalation.
-Copy mrtg.cfg.sample to opengate.cfg and edit configuration file.</p>
-
-<table><tr><td><pre>
-##################################################
-# opengate user counter
-
-WorkDir: /usr/home/user/public_html/mrtg/opengate/
-
-##### Options
-Options[^]: growright,gauge,nopercent,integer
-
-Target[opengate]:`/usr/home/user/bin/input.sh`
-Title[opengate]: Opengate user counter
-
-PageTop[opengate]: <h1>Opengate user counter</h1>
- <p>Show the number of people using Opengate</p>
-
-# Max Number
-MaxBytes[opengate]: 200
-
-# Title of Y axis
-YLegend[opengate]: Opengate User
-# unit
-ShortLegend[opengate]: s
-# Title of graph LegendI: first line LegendO: second line
-LegendI[opengate]: IPv6 Users
-LegendO[opengate]: Total Users
-</pre></td></tr></table>
-
-<p>make a directory which you appointed in "WorkDir". MRTG makes graphic images and HTML files in WorkDir.</p>
-
-<p>"Target[opengate]" is path to program to hand data to MRTG. explain below th details.</p>
-
-
-
-<h5>F.2.1 Case of gateway server<a name="mrtg21" href="#mrtg21" class="anchor">†</a></h5>
-
-<p>Put this shellscript as "/usr/home/user/bin/input.sh".</p>
-
-<table><tr><td><pre>
-#!/bin/sh
-
-#######################################
-##
-## shwo opengate status for MRTG
-##
-## 1 line : IPv6 Users
-## 2 line : Total Users
-## 3 line : uptime
-## 4 line : comment for data
-##
-#######################################
-
-LANG=C
-COLUMNS=256
-
-export LANG
-export COLUMNS
-
-### IPv6 prefix
-prefix="2001:2f8:22:801:"
-
-### opengate process name
-process="opengatesrv.cgi"
-
-### tmp file name
-tmp_all="/tmp/og_count_all.tmp"
-tmp_6="/tmp/og_count_6.tmp"
-
-######################################################
-
-ps ax | grep $process > $tmp_all
-COUNT=`wc -l $tmp_all | awk '{print $1}'`
-grep $prefix $tmp_all > $tmp_6
-COUNT6=`wc -l $tmp_6 | awk '{print $1}'`
-UPTIME=`uptime | awk '{print $3$4}' | sed -e "s/,//g"`
-
-rm $tmp_all
-rm $tmp_6
-
-echo "$COUNT6"
-echo "$COUNT"
-echo "$UPTIME"
-echo "Opengate User Counter"
-</pre></td></tr></table>
-
-<p>carry out this shell script alone and confirm that you can acquire the following data.</p>
-
-<table><tr><td><pre>
-5
-48
-10days
-Opengate User Counter
-</pre></td></tr></table>
-
-
-<h5>F.2.2 Case of another server<a name="mrtg22" href="#mrtg22" class="anchor">†</a></h5>
-
-<p>Put this shellscript as "/usr/home/user/bin/input.sh" on another server.</p>
-
-<table><tr><td><pre>
-#!/bin/sh
-
-#######################################
-##
-## input data for MRTG
-##
-## 1 line : IPv6 Users
-## 2 line : Total Users
-## 3 line : uptime
-## 4 line : comment for data
-##
-#######################################
-
-# tmp file name
-file="/tmp/opengate.tmp"
-
-# URL of output.sh at opengate
-url="http://opengate.saga-u.ac.jp/cgi-bin/output.sh"
-
-fetch -o $file $url &> /dev/null
-
-more $file
-</pre></td></tr></table>
-
-<p>Put this shell script as "/usr/local/apache2/cgi-bin/output.sh" on Opengate server.
-And set this URL to $url in script explained by the above.</p>
-
-<table><tr><td><pre>
-#!/bin/sh
-
-#######################################
-##
-## shwo opengate status for MRTG
-##
-## 1 line : IPv6 Users
-## 2 line : Total Users
-## 3 line : uptime
-## 4 line : comment for data
-##
-#######################################
-
-LANG=C
-COLUMNS=256
-
-export LANG
-export COLUMNS
-
-### IPv6 prefix
-prefix="2001:2f8:22:801:"
-
-### opengate process name
-process="opengatesrv.cgi"
-
-### tmp file name
-tmp_all="/tmp/og_count_all.tmp"
-tmp_6="/tmp/og_count_6.tmp"
-
-######################################################3
-
-ps ax | grep $process > $tmp_all
-COUNT=`wc -l $tmp_all | awk '{print $1}'`
-grep $prefix $tmp_all > $tmp_6
-COUNT6=`wc -l $tmp_6 | awk '{print $1}'`
-UPTIME=`uptime | awk '{print $3$4}' | sed -e "s/,//g"`
-rm $tmp_all
-rm $tmp_6
-
-echo "Content-type: text/plain; charset=iso-8859-1"
-echo
-
-echo "$COUNT6"
-echo "$COUNT"
-echo "$UPTIME"
-echo "Opengate User Counter"
-</pre></td></tr></table>
-
-<p>carry out "input.sh" shell script on another server and confirm that you can acquire the following data.</p>
-
-<table><tr><td><pre>
-5
-48
-10days
-Opengate User Counter
-</pre></td></tr></table>
-
-<div align="right"><a href="#mrtg0">back</a> <a href="#top">top</a></div>
-
-
-<!-- ************ 3 ************** -->
-<h4>F.3 Start confirmation<a name="mrtg3" href="#mrtg3" class="anchor">†</a></h4>
-
-<p>Confirm after setting was completed.</p>
-
-<table><tr><td><pre>
-# /usr/local/bin/mrtg /usr/local/etc/mrtg/opengate.cfg
-</pre></td></tr></table>
-
-<p>Various WARNING is output the first time and second.</p>
-
-<p>There is some files in "WorkDir".</p>
-
-<table><tr><td><pre>
-> ls -l
--rw-r--r-- 1 root wheel 538 12 14 04:40 mrtg-l.png
--rw-r--r-- 1 root wheel 414 12 14 04:40 mrtg-m.png
--rw-r--r-- 1 root wheel 1759 12 14 04:40 mrtg-r.png
--rw-r--r-- 1 root wheel 2941 12 20 15:15 opengate-day.png
--rw-r--r-- 1 root wheel 2146 12 20 14:35 opengate-month.png
--rw-r--r-- 1 root wheel 2867 12 20 14:55 opengate-week.png
--rw-r--r-- 1 root wheel 1897 12 20 05:00 opengate-year.png
--rw-r--r-- 1 root wheel 5961 12 20 15:15 opengate.html
--rw-r--r-- 1 root wheel 48786 12 20 15:15 opengate.log
--rw-r--r-- 1 root wheel 48784 12 20 15:10 opengate.old
-</pre></td></tr></table>
-
-<div align="right"><a href="#mrtg0">back</a> <a href="#top">top</a></div>
-
-
-<!-- ************ 4 ************** -->
-<h4>F.4 Setup crontab<a name="mrtg4" href="#mrtg4" class="anchor">†</a></h4>
-
-<p>Add next line to "/etc/crontab".</p>
-
-<table><tr><td><pre>
-*/5 * * * * root /usr/local/bin/mrtg /usr/local/etc/mrtg/opengate.cfg
-</pre></td></tr></table>
-
-<div align="right"><a href="#mrtg0">back</a> <a href="#top">top</a></div>
-
-<hr>
-</body>
+<html>\r
+<head>\r
+<title>Opegnate Install</title>\r
+<meta http-equiv="content-type" content="text/html">\r
+<link rel="stylesheet" type="text/css" media="screen" href="style.css">\r
+</head>\r
+\r
+\r
+<body bgcolor="#fafff0">\r
+\r
+<h2>Opengate Install Procedure<A class=anchor href="#top" name=top>†</A></h2>\r
+\r
+<!-- Start:Content Table -->\r
+<ul>\r
+ <li class="list_alpha"><A href="#opengate0">Opengate Install Procedure</A>\r
+ <ul>\r
+ <li class="list_num"><A href="#opengate1">Install Procedure</A></li>\r
+ <li class="list_num"><A href="#opengate2">Install FreeBSD</A></li>\r
+ <li class="list_num"><A href="#opengate3">Install Opengate</A></li>\r
+ </ul></li>\r
+ <li class="list_alpha"><A href="#ipfw0">Setup ipfw,ip6fw</A>\r
+ <ul>\r
+ <li class="list_num"><A href="#ipfw1">Prepare Kernel</A></li>\r
+ <li class="list_num"><A href="#ipfw2">Setup ipfw</A></li>\r
+ <li class="list_num"><A href="#ipfw3">Setup ip6fw</A></li>\r
+ </ul></li>\r
+ <li class="list_alpha"><A href="#apache0">Install Apache2</A>\r
+ <ul>\r
+ <li class="list_num"><A href="#apache1">Install (ports)</A></li>\r
+ <li class="list_num"><A href="#apache2">Install (source)</A></li>\r
+ <li class="list_num"><A href="#apache3">Make ricate key, Certificate</A></li>\r
+ <li class="list_num"><A href="#apache4">Setup VirtualHost</A></li>\r
+ <li class="list_num"><A href="#apache5">Setup HTTP_ERROR 404</A></li>\r
+ </ul></li>\r
+ <li class="list_alpha"><A href="#dhcp0">Install isc-dhcp3</A>\r
+ <ul>\r
+ <li class="list_num"><A href="#dhcp1">Install (ports)</A></li>\r
+ <li class="list_num"><A href="#dhcp2">Setup dhcpd.conf</A></li>\r
+ </ul></li>\r
+ <li class="list_alpha"><A href="#bind0">Install BIND9</A>\r
+ <ul>\r
+ <li class="list_num"><A href="#bind1">Install (ports)</A></li>\r
+ <li class="list_num"><A href="#bind2">Make RNDC key</A></li>\r
+ <li class="list_num"><A href="#bind3">Setup named.conf</A></li>\r
+ <li class="list_num"><A href="#bind4">Setup Zone</A></li>\r
+ <li class="list_num"><A href="#bind5">Start confirmation</A></li>\r
+ </ul></li>\r
+ <li class="list_alpha"><A href="#mrtg0">Install MRTG</A>\r
+ <ul>\r
+ <li class="list_num"><A href="#mrtg1">Install (ports)</A></li>\r
+ <li class="list_num"><A href="#mrtg2">Setup MRTG</A></li>\r
+ <li class="list_num"><A href="#mrtg3">Start confirmation</A></li>\r
+ <li class="list_num"><A href="#mrtg4">Setup crontab</A></li>\r
+ </ul></li>\r
+ <li class="list_alpha"><A href="#rulechk">Install rulechk</A>\r
+ </li>\r
+</ul>\r
+<!-- End:Content Table -->\r
+<hr>\r
+\r
+\r
+<!-- Start:Install Opengate -->\r
+<h3>A Install Opegnate<A class=anchor href="#opengate0" name=opengate0>†</A></h3>\r
+<ul>\r
+ <li class="list_num"><A href="#opengate1">Install Procedure</A></li>\r
+ <li class="list_num"><A href="#opengate2">Install FreeBSD</A></li>\r
+ <li class="list_num"><A href="#opengate3">Install Opengate</A></li>\r
+</ul>\r
+\r
+<!-- ************ 1 ************** -->\r
+<h4>A.1 Install Procedure<A class=anchor href="#opengate1" name=opengate1>†</A></h4>\r
+\r
+<p>List of Install Procedure.(*:Necessary by all means)</p>\r
+\r
+<ul>\r
+ <li class="list_num">Gateway Machine * </li>\r
+ \r
+ <li class="list_num">Install FreeBSD * </li>\r
+ \r
+ <li class="list_num">Prepare kernel * </li>\r
+ \r
+ <li class="list_num">Setup ipfw,ip6fw * </li>\r
+ \r
+ <li class="list_num">Setup NAT </li>\r
+ \r
+ <li class="list_num">Install Apache2 * </li>\r
+ \r
+ <li class="list_num">Install DHCP </li>\r
+ \r
+ <li class="list_num">Install BIND9</li>\r
+</ul>\r
+\r
+<div align="right"><A href="#opengate0">back</A> <A href="#top">top</A></div>\r
+\r
+<!-- ************ 2 ************** -->\r
+<h4>A.2 Install FreeBSD<A class=anchor href="#opengate2" name=opengate2>†</A></h4>\r
+\r
+<ul>\r
+ <li>Gateway Machine \r
+ \r
+ <ul>\r
+ <li>FreeBSD Ver 4.x, 5.x, or 6.x </li>\r
+ \r
+ <li>Having Two more EtherBoard</li>\r
+ </ul> </li>\r
+</ul>\r
+\r
+<p>Choose distribution Developer(Full sorces, binaries and doc), because we have to prepare a kernel.</p>\r
+<p>Add next line to "/etc/rc.conf", because you validate a function of a gateway.</p>\r
+\r
+<table>\r
+ \r
+ <TR>\r
+<td><code>gateway_enable="YES"</code></td></TR>\r
+</table>\r
+\r
+<div align="right"><A href="#opengate0">back</A> <A href="#top">top</A></div>\r
+\r
+<!-- ************ 3 ************** -->\r
+<h4>A.3 Install Opengate<A class=anchor href="#opengate3" name=opengate3>†</A></h4>\r
+\r
+<h5>A.3.1 Package of Opengate<A class=anchor href="#opengate4" name=opengate4>†</A></h5>\r
+\r
+<p>Unfolds the latest package of Opengate. It have next directory.</p>\r
+\r
+<table>\r
+<tr><td>\r
+<pre>\r
+doc: Documentations\r
+conf: Fconfiguration file sample and firewall control perl script sample\r
+javahtml: Client Java Programs and HTML files\r
+opengatesrv: Server CGI program\r
+tools: Some related tools\r
+</pre>\r
+</td></tr>\r
+</table>\r
+\r
+<h5>A.3.2 Compile<A class=anchor href="#opengate5" name=opengate5>†</A></h5>\r
+\r
+<p>Edit Makefile and opengatesrv.h in opengatesrv before carry out compile. The following is the parameter list. But, except the HOSTNAME and HOSTNAME4, the default value might be used when the related application directory is not changed.</p>\r
+\r
+<p>If the IPv6 function is available, Opengate needs two FQDNs(FQDN_4 and FQDN_64). For example, FQDN_4 is "opengate4.saga-u.ac.jp"\r
+(IPv4 address: 133.49.31.1). FQDN_64 is "opengate.saga-u.ac.jp"(IPv4 address: 192.168.55.1, IPv6 address: 2001:e38:100:100::1).\r
+</p>\r
+<p>Set two FQDNs to HOSTNAME and HOSTNAME4 as indicated in the table. </p>\r
+<p>If the IPv6 function is not available, Set same FQDN (or IP address) to HOSTNAME and HOSTNAME4.</p>\r
+\r
+<p>Makefile</p>\r
+\r
+<table>\r
+ <tr>\r
+ <td>HOSTNAME</td>\r
+ <td>Set FQDN_64</td>\r
+ </tr>\r
+ <tr>\r
+ <td>HOSTNAME4</td>\r
+ <td>Set FQDN_4</td>\r
+ </tr>\r
+ <tr>\r
+ <td>OPENGATEDIR</td>\r
+ <td>Opengate install directory (from Web top)</td>\r
+ </tr>\r
+ <tr>\r
+ <td>HTMLTOP1</td>\r
+ <td>Web top directory</td>\r
+ </tr>\r
+ <tr>\r
+ <td>HTMLTOP2</td>\r
+ <td>Web top directory (for HTTPS)</td>\r
+ </tr>\r
+ <tr>\r
+ <td>CGIPATH</td>\r
+ <td>CGI directory</td>\r
+ </tr>\r
+ <tr>\r
+ <td>CGIPROG</td>\r
+ <td>CGI program name</td>\r
+ </tr>\r
+ <tr>\r
+ <td>CGIURL</td>\r
+ <td>URL of CGI program</td>\r
+ </tr>\r
+ <tr>\r
+ <td>AUTHCGIPROG</td>\r
+ <td>Authentication CGI program name</td>\r
+ </tr>\r
+ <tr>\r
+ <td>AUTHCGIURL</td>\r
+ <td>URL of Authentication CGI program</td>\r
+ </tr>\r
+ <tr>\r
+ <td>CONFIGFILE</td>\r
+ <td>Configuration file name</td>\r
+ </tr>\r
+ <tr>\r
+ <td>USEFWSCRIPT</td>\r
+ <td>Enable(1) or disable(0) Perl script to control \r
+ firewall open</td>\r
+ </tr>\r
+ <tr>\r
+ <td>FWSCRIPT</td>\r
+ <td>Firewall control Perl script name</td>\r
+ </tr>\r
+ <tr>\r
+ <td>FWSCRIPTFILE</td>\r
+ <td>Path to fireall control Perl script</td>\r
+ </tr>\r
+ <tr>\r
+ <td>LOCKFILE</td>\r
+ <td>Lock file for exclusive execution</td>\r
+ </tr>\r
+ <tr>\r
+ <td>HTMLDOCS</td>\r
+ <td>HTML files listing</td>\r
+ </tr>\r
+ <tr>\r
+ <td>DENYDOC</td>\r
+ <td>HTML file sent at dynying</td>\r
+ </tr>\r
+ <tr>\r
+ <td>DENYDOCSSL</td>\r
+ <td>HTML file sent at dynying(For HTTPS)</td>\r
+ </tr>\r
+ <tr>\r
+ <td>ACCEPTDOC</td>\r
+ <td>HTML file sent at accepting</td>\r
+ </tr>\r
+ <tr>\r
+ <td>ACCEPTDOC2</td>\r
+ <td>HTML file sent at accepting in popup window (can \r
+ chenge this in URL. Refer INFOMATION)</td>\r
+ </tr>\r
+ <tr>\r
+ <td>INFOMATION</td>\r
+ <td>Enable(1) or disable(0), Instead of ACCEPTDOC2, \r
+ Call other URL in popup window</td>\r
+ </tr>\r
+ <tr>\r
+ <td>INFOMATIONURL</td>\r
+ <td>URL instead of ACCEPTDOC2</td>\r
+ </tr>\r
+ <tr>\r
+ <td>AUTHHTMLJA</td>\r
+ <td>Authentication HTML file in Japanese</td>\r
+ </tr>\r
+ <tr>\r
+ <td>AUTHHTMLEN</td>\r
+ <td>Authentication HTML file in English</td>\r
+ </tr>\r
+ <tr>\r
+ <td>AUTHHTMLJASSL</td>\r
+ <td>Authentication HTML file in Japanese (For HTTPS)</td>\r
+ </tr>\r
+ <tr>\r
+ <td>AUTHHTMLENSSL</td>\r
+ <td>Authentication HTML file in English (For HTTPS)</td>\r
+ </tr>\r
+ <tr>\r
+ <td></td>\r
+ <td>When you add other languages, add other languages \r
+ to "javahtml", add HTMLDOCS, DENYDOC, DENYDOCSSL, ACCEPTDOC, ACCEPTDOC2. \r
+ And edit opengateauth.h, add AUTHMLXX lines</td>\r
+ </tr>\r
+ <tr>\r
+ <td>ARPPATH</td>\r
+ <td>Path to arp command</td>\r
+ </tr>\r
+ <tr>\r
+ <td>NDPPATH</td>\r
+ <td>Path to ndp command</td>\r
+ </tr>\r
+ <tr>\r
+ <td>IPFW</td>\r
+ <td>Path to ipfw command</td>\r
+ </tr>\r
+ <tr>\r
+ <td>IP6FW</td>\r
+ <td>Path to ip6fw command</td>\r
+ </tr>\r
+</table>\r
+\r
+<p>opengatesrv.h</p>\r
+<table>\r
+ <tr>\r
+ <td>DEBUG</td>\r
+ <td>If set to 1, function call trace log is put out \r
+ to syslog</td>\r
+ </tr>\r
+ <tr>\r
+ <td>DURATIONDEFAULT</td>\r
+ <td>Default time duration to wait for Java Applet \r
+ connect.(second) If no connection in the duration, the network is closed. \r
+ The duration can be changed in auth page by the user.</td>\r
+ </tr>\r
+ <tr>\r
+ <td>DURATIONMAX</td>\r
+ <td>Maximum duration to wait for Java Applet connect. \r
+ (second) Under this value, the Applet waiting duration (= duration of \r
+ network open without Java Applet) can be specified by the user on the \r
+ authentication page. If user specified duration is not agreeable, set it \r
+ the same value as DURATIONDEFAULT and remove the field in auth page.</td>\r
+ </tr>\r
+ <tr>\r
+ <td>ACTIVECHECKINTERVAL</td>\r
+ <td>Time interval of checking the terminal.(second) \r
+ In no java mode, check by MAC address and packet count for the terminal's \r
+ IP address. In java mode, check by HELLO exchange and packet count</td>\r
+ </tr>\r
+ <tr>\r
+ <td>COMMWAITTIMEOUT</td>\r
+ <td>Server waiting time for communication \r
+ reply.(second)</td>\r
+ </tr>\r
+ <tr>\r
+ <td>NOREPLYMAX</td>\r
+ <td>Permitted count of no reply to HELLO. If the \r
+ client does not send back HELLO more than NOREPLYMAX times, then the \r
+ network is closed.</td>\r
+ </tr>\r
+ <tr>\r
+ <td>NOPAKETINTERVAL</td>\r
+ <td>If no packet is passed for this time interval, \r
+ then the network is closed.(second)</td>\r
+ </tr>\r
+ <tr>\r
+ <td>LOCKTIMEOUT</td>\r
+ <td>Maximum locking time for exclusive ipfw \r
+ action.(second)</td>\r
+ </tr>\r
+ <tr>\r
+ <td>IPFWMIN</td>\r
+ <td>Minimum ipfw rule number used by opengate.</td>\r
+ </tr>\r
+ <tr>\r
+ <td>IPFWMAX</td>\r
+ <td>Maximum ipfw rule number used by opengate.</td>\r
+ </tr>\r
+ <tr>\r
+ <td>IPFWINTERVAL</td>\r
+ <td>Rule number interval used by opengate. The \r
+ maximum terminals/processes can be controled by these value.</td>\r
+ </tr>\r
+ <tr>\r
+ <td>PORTMIN</td>\r
+ <td>Minimum port value used by opengate.</td>\r
+ </tr>\r
+ <tr>\r
+ <td>PORTMAX</td>\r
+ <td>Maximum port value used by opengate. Set unused \r
+ port range</td>\r
+ </tr>\r
+ <tr>\r
+ <td>FACILITY</td>\r
+ <td>syslog facility</td>\r
+ </tr>\r
+</table>\r
+\r
+<p>Compile and Install after finishing the above-mentioned setting.</p>\r
+\r
+<table><tr><td><pre>#make\r
+cc -DCONFIGFILE=\"/etc/opengatesrv.conf\" \r
+-DOPENGATEDIR=\"/opengate\" -DDENYDOC=\"deny.html\"\r
+-DDENYDOC=\"deny.html\" -DDENYDOCSSL=\"deny-ssl.html\"\r
+-----------------\r
+-----------------\r
+-----------------\r
+# make install\r
+</pre></td></tr></table>\r
+\r
+<h5>A.3.3 Setup authentication server<A class=anchor href="#opengate6" name=opengate6>†</A></h5>\r
+\r
+<p>It is described the details of a setting method in a configuration file (opengatesrv.conf).</p>\r
+\r
+<div align="right"><A href="#opengate0">back</A> <A href="#top">top</A></div>\r
+\r
+<hr>\r
+<!-- Start:Setup ipfw,ip6fw -->\r
+<h3>B Setup ipfw,ip6fw<A class=anchor href="#ipfw0" name=ipfw0>†</A></h3>\r
+\r
+<ul>\r
+ <li class="list_num"><A href="#ipfw1">Prepare kernel</A></li>\r
+ <li class="list_num"><A href="#ipfw2">Setup ipfw</A></li>\r
+ <li class="list_num"><A href="#ipfw3">Setup ip6fw</A></li>\r
+</ul>\r
+\r
+<!-- ************ 1 ************** -->\r
+<h4>B.1 Prepare kernel<A class=anchor href="#ipfw1" name=ipfw1>†</A></h4>\r
+\r
+<p>Prepare kernel having ipfw and ip6fw functions.</p>\r
+\r
+<p>Copy kernel options file.</p>\r
+\r
+<table><tr><td><pre># cd /usr/src/sys/i386/conf\r
+# cp GENERIC MYKERNEL\r
+</pre></td></tr></table>\r
+\r
+<p>Add next lines.</p>\r
+\r
+<table><tr><td><pre>options IPDIVERT\r
+\r
+options IPFIREWALL\r
+options IPFIREWALL_FORWARD\r
+options IPFIREWALL_VERBOSE\r
+options IPFIREWALL_VERBOSE_LIMIT=100\r
+\r
+options IPV6FIREWALL\r
+options IPV6FIREWALL_VERBOSE\r
+options IPV6FIREWALL_VERBOSE_LIMIT=100\r
+\r
+options IPSEC\r
+options IPSEC_ESP\r
+options TCP_DROP_SYSFIN\r
+</pre></td></tr></table>\r
+\r
+<li>When use NAT, IPDIVERT is necessary. </li>\r
+<li>When need firewal log, *VERBOSE is necessary. </li>\r
+<li>When use IPSEC, IPSEC* is necessary. </li>\r
+<li>When use IPv6, IPV6* is necessary. </li>\r
+\r
+<p>compile and install kernel having ipfw and ip6fw functions.</p>\r
+\r
+<table><tr><td><pre># config MYKERNEL\r
+# cd ../compile/MYKERNEL\r
+# make depend\r
+# make\r
+# make install\r
+</pre></td></tr></table>\r
+\r
+<p>Add next lines to "/etc/rc.conf".</p>\r
+\r
+<table><tr><td><pre>firewall_enable="YES"\r
+firewall_script="/etc/rc.firewall"\r
+\r
+ipv6_firewall_enable="YES"\r
+ipv6_firewall_script="/etc/rc.firewall6"\r
+\r
+natd_enable="YES"\r
+natd_interface="em0"\r
+</pre></td></tr></table>\r
+\r
+<p>Validate a ipfw and ip6fw. And setup configuration script path. \r
+When use NAT, Validate natd and setup natd interface.</p>\r
+\r
+<div align="right"><A href="#ipfw0">back</A> <A href="#top">top</A></div>\r
+\r
+<!-- ************ 2 ************** -->\r
+<h4>B.2 Setup ipfw<A class=anchor href="#ipfw2" name=ipfw2>†</A></h4>\r
+\r
+<p>Write a rule of ipfw for Opengate. This is example "/etc/rc.firewall".</p>\r
+\r
+<table><tr><td><pre>### set these to your outside interface network and netmask and ip\r
+oif="em0"\r
+onet="192.168.0.0"\r
+omask="255.255.255.0"\r
+oip="192.168.0.34"\r
+\r
+### set these to your inside interface network and netmask and ip\r
+iif="bge0"\r
+inet="192.168.55.0"\r
+imask="255.255.255.0"\r
+iip="192.168.55.1"\r
+\r
+fwcmd="/sbin/ipfw"\r
+\r
+### divert packet to NATD \r
+$fwcmd add 1 divert natd ip from any to any via ${oif}\r
+\r
+### Stop spoofing\r
+$fwcmd add deny all from ${inet}:${imask} to any in via ${oif}\r
+$fwcmd add deny all from ${onet}:${omask} to any in via ${iif}\r
+\r
+### Stop http from softeather\r
+$fwcmd add deny tcp from 192.168.0.0:255.255.255.0 to ${oip} 80\r
+$fwcmd add deny tcp from 192.168.0.0:255.255.255.0 to ${oip} 443\r
+\r
+### Allow from / to myself\r
+$fwcmd add pass all from ${iip} to any via ${iif}\r
+$fwcmd add pass all from ${oip} to any via ${oif}\r
+$fwcmd add pass all from any to ${iip} via ${iif}\r
+$fwcmd add pass all from any to ${oip} via ${oif}\r
+\r
+### Allow DNS queries out in the world\r
+### (if DNS is on localhost, delete passDNS)\r
+$fwcmd add pass udp from any 53 to any\r
+$fwcmd add pass udp from any to any 53\r
+$fwcmd add pass tcp from any to any 53\r
+$fwcmd add pass tcp from any 53 to any\r
+\r
+### Forwarding http connection from unauth client \r
+$fwcmd add 60000 fwd localhost tcp from ${inet}:${imask} to any 80\r
+$fwcmd add 60010 fwd localhost tcp from ${inet}:${imask} to any 443\r
+\r
+### Allow TCP through if setup succeeded \r
+$fwcmd add 60100 pass tcp from any to any established\r
+</pre></td></tr></table>\r
+\r
+<p>Rule number for [forward] Command must be larger than the rule numbers used in opengate(10000-40000).\r
+Rule number for [divert to natd] must be smaller than most rules.</p>\r
+\r
+<p>The file [conf/opengatefw.conf] is the script describing the above rules.\r
+ You can edit and use this script instead of rc.firewall. </p>\r
+\r
+<p>Be falimiar with ipfw command. Opengate is a software to send out the ipfw command like above one.</p>\r
+\r
+<div align="right"><A href="#ipfw0">back</A> <A href="#top">top</A></div>\r
+\r
+<!-- ************ 3 ************** -->\r
+<h4>B.3 Setup ip6fw<A class=anchor href="#ipfw3" name=ipfw3>†</A></h4>\r
+\r
+<p>If the IPv6 function is not available, this section is not needed. Write a rule of ip6fw for Opengate. This is example "/etc/rc.firewall6".</p>\r
+\r
+<table><tr><td><pre>### set these to your outside interface network and prefixlen and ip\r
+oif="em0"\r
+onet="2001:e38:3661:1a0::"\r
+oprefixlen="64"\r
+oip="2001:e38:3661:1a0::34"\r
+\r
+### set these to your inside interface network and prefixlen and ip\r
+iif="bge0"\r
+inet="2001:e38:3661:1a5::"\r
+iprefixlen="64"\r
+iip="2001:e38:3661:1a5::1"\r
+\r
+### path to command "ip6fw"\r
+fw6cmd="/sbin/ip6fw"\r
+\r
+${fw6cmd} add pass all from ${iip} to any\r
+${fw6cmd} add pass all from any to ${iip}\r
+${fw6cmd} add pass all from ${oip} to any\r
+${fw6cmd} add pass all from any to ${oip}\r
+\r
+### Allow RA RS NS NA Redirect...\r
+${fw6cmd} add pass ipv6-icmp from any to any\r
+\r
+# Allow IP fragments to pass through\r
+${fw6cmd} add pass all from any to any frag\r
+\r
+# Allow RIPng\r
+${fw6cmd} add pass udp from fe80::/10 521 to ff02::9 521\r
+${fw6cmd} add pass udp from fe80::/10 521 to fe80::/10 521\r
+\r
+### Allow TCP through if setup succeeded\r
+${fw6cmd} add 60100 pass tcp from any to any established\r
+\r
+# TCP reset notice message\r
+${fw6cmd} add 60200 reset tcp from any to any 80\r
+${fw6cmd} add 60300 reset tcp from any to any 443\r
+</pre></td></tr></table>\r
+\r
+<p>ip6fw dose not have [forward] function. Threrfore Opengate waits for \r
+timeout of IPv6 HTTP request. And uses [forward] function of ipfw.</p>\r
+\r
+<p>When use FreeBSD 5.2 more, ip6fw has TCP reset function.\r
+TCP reset try to send a TCP reset (RST) notice.</p>\r
+\r
+<p>The file [conf/opengatefw6.conf] is the script describing the above rules.\r
+ You can edit and use this script instead of rc.firewall6. </p>\r
+\r
+<p>Be falimiar with ip6fw command too.</p>\r
+\r
+<div align="right"><A href="#ipfw0">back</A> <A href="#top">top</A></div>\r
+\r
+<hr>\r
+<!-- Start:Install Apache2 -->\r
+<h3>C Install Apache2<A class=anchor href="#apache0" name=apache0>†</A></h3>\r
+<ul>\r
+ <li class="list_num"><A href="#apache1">Install (ports)</A></li>\r
+ <li class="list_num"><A href="#apache2">Install (source)</A></li>\r
+ <li class="list_num"><A href="#apache3">Make Private key, Certificate</A></li>\r
+ <li class="list_num"><A href="#apache4">Setup VirtualHost</A></li>\r
+ <li class="list_num"><A href="#apache5">Setup HTTP_ERROR 404</A></li>\r
+</ul>\r
+\r
+<!-- ************ 1 ************** -->\r
+<h4>C.1 Install (ports)<A class=anchor href="#apache1" name=apache1>†</A></h4>\r
+\r
+<p>Opengate needs Apache2 supporting IPv6. Because Opengate does authentication, Apache2\r
+had better support SSL. But you don't have to install mod_ssl because \r
+Apache2 support SSL with a standard.</p>\r
+\r
+<table><tr><td><pre># cd /usr/ports/www/apache2\r
+# make clean\r
+===> Cleaning for autoconf-2.53_1\r
+===> Cleaning for libtool-1.3.5_1\r
+===> Cleaning for m4-1.4_1\r
+===> Cleaning for help2man-1.29\r
+===> Cleaning for expat-1.95.6_1\r
+===> Cleaning for apache-2.0.48_3\r
+# make install clean ; rehash\r
+</pre></td></tr></table>\r
+\r
+<p>Add next lines to "/etc/rc.conf"</p>\r
+\r
+<table><tr><td><pre>apache2_enable="YES"\r
+apache2ssl_enable="YES"\r
+</pre></td></tr></table>\r
+\r
+\r
+<div align="right"><A href="#apache0">back</A> <A href="#top">top</A></div>\r
+\r
+<!-- ************ 2 ************** -->\r
+<h4>C.2 Install (source)<A class=anchor href="#apache2" name=apache2>†</A></h4>\r
+\r
+<p>You can get a source of Apache2 from "www.apache.org".</p>\r
+\r
+<p>Validate a SSL module in configure.</p>\r
+\r
+<table><tr><td><pre># tar xvfz httpd-2.0.55.tar.gz\r
+# cd httpd-2.0.55\r
+# ./configure --enable-modules="so ssl"\r
+# make\r
+# make install\r
+</pre></td></tr></table>\r
+\r
+<div align="right"><A href="#apache0">back</A> <A href="#top">top</A></div>\r
+\r
+<!-- ************ 3 ************** -->\r
+<h4>C.3 Make private key, certificate<A class=anchor href="#apache3" name=apache3>†</A></h4>\r
+\r
+<p>Make two Private keys and Certificates for Apache2 because Opengate needs \r
+two FQDNs.</p>\r
+\r
+<table><tr><td><pre># cd /usr/local/etc/apache2\r
+# mkdir ssl.key ssl.crt\r
+# chmod 700 ssl.key ssl.crt\r
+\r
+# /usr/bin/openssl genrsa -out /usr/local/etc/apache2/ssl.key/server1.key 1024\r
+# /usr/bin/openssl genrsa -out /usr/local/etc/apache2/ssl.key/server2.key 1024\r
+</pre></td></tr></table>\r
+\r
+<br>\r
+\r
+<table><tr><td><pre># /usr/bin/openssl req -new -x509 -days 365 \\r
+ -key /usr/local/etc/apache2/ssl.key/server1.key \\r
+ -out /usr/local/etc/apache2/ssl.crt/server1.crt\r
+\r
+You are about to be asked to enter information that will be incorporated\r
+into your certificate request.\r
+What you are about to enter is what is called a Distinguished Name or a DN.\r
+There are quite a few fields but you can leave some blank\r
+For some fields there will be a default value,\r
+If you enter '.', the field will be left blank.\r
+-----\r
+Country Name (2 letter code) [AU]:JP\r
+State or Province Name (full name) [Some-State]:Saga\r
+Locality Name (eg, city) []:Saga-city\r
+Organization Name (eg, company) [Internet Widgits Pty Ltd]:Saga-university\r
+Organizational Unit Name (eg, subsection) []:Information Science\r
+Common Name (eg, YOUR name) []:opengate.is.saga-u.ac.jp\r
+Email Address []:administrator@opengate.is.saga-u.ac.jp\r
+\r
+Please enter the following 'extra' attributes\r
+to be sent with your certificate request\r
+A challenge password []:\r
+An optional company name []:\r
+\r
+# /usr/bin/openssl req -new -x509 -days 365 \\r
+ -key /usr/local/etc/apache2/ssl.key/server2.key \\r
+ -out /usr/local/etc/apache2/ssl.crt/server2.crt\r
+\r
+You are about to be asked to enter information that will be incorporated\r
+into your certificate request.\r
+What you are about to enter is what is called a Distinguished Name or a DN.\r
+There are quite a few fields but you can leave some blank\r
+For some fields there will be a default value,\r
+If you enter '.', the field will be left blank.\r
+-----\r
+Country Name (2 letter code) [AU]:JP\r
+State or Province Name (full name) [Some-State]:Saga\r
+Locality Name (eg, city) []:Saga-city\r
+Organization Name (eg, company) [Internet Widgits Pty Ltd]:Saga-university\r
+Organizational Unit Name (eg, subsection) []:Information Science\r
+Common Name (eg, YOUR name) []:opengate4.is.saga-u.ac.jp\r
+Email Address []:administrator@opengate.is.saga-u.ac.jp\r
+\r
+Please enter the following 'extra' attributes\r
+to be sent with your certificate request\r
+A challenge password []:\r
+An optional company name []:\r
+</pre></td></tr></table>\r
+\r
+<div align="right"><A href="#apache0">back</A> <A href="#top">top</A></div>\r
+\r
+<!-- ************ 4 ************** -->\r
+<h4>C.4 Setup VirtualHost<A class=anchor href="#apache4" name=apache4>†</A></h4>\r
+\r
+<p>If the IPv6 function is available, Opengate uses two FQDNs. So, set virtual hosting. </p>\r
+\r
+<p>Name-based virtual hosting cannot be used with SSL secure servers \r
+because of the nature of the SSL protocol. Therefore, use IP-based virtual host, as the gateway has more than two NIC.</p>\r
+\r
+<p>Edit httpd.conf and ssl.conf like an example.</p>\r
+\r
+<table><tr><td>httpd.conf</td></tr><tr><td><pre>NameVirtualHost 192.168.55.1:80\r
+<VirtualHost 192.168.55.1:80>\r
+ ServerAdmin administrator@opengate.is.saga-u.ac.jp\r
+ DocumentRoot /usr/local/www\r
+ ServerName opengate.is.saga-u.ac.jp\r
+ ErrorLog "|/usr/bin/logger -p local6.info"\r
+ CustomLog "|/usr/bin/logger -p local5.info" combined\r
+</VirtualHost>\r
+\r
+NameVirtualHost [2001:e38:3661:1a5::1]:80\r
+<VirtualHost [2001:e38:3661:1a5::1]:80>\r
+ ServerAdmin administrator@opengate.is.saga-u.ac.jp\r
+ DocumentRoot /usr/local/www\r
+ ServerName opengate.is.saga-u.ac.jp\r
+ ErrorLog "|/usr/bin/logger -p local6.info"\r
+ CustomLog "|/usr/bin/logger -p local5.info" combined\r
+</VirtualHost>\r
+ \r
+NameVirtualHost 192.168.0.34:80\r
+<VirtualHost 192.168.0.34:80>\r
+ ServerAdmin administrator@opengate.is.saga-u.ac.jp\r
+ DocumentRoot /usr/local/www\r
+ ServerName opengate4.is.saga-u.ac.jp\r
+ ErrorLog "|/usr/bin/logger -p local6.info"\r
+ CustomLog "|/usr/bin/logger -p local5.info" combined\r
+</VirtualHost>\r
+</pre></td></tr></table>\r
+<br>\r
+<table><tr><td>ssl.conf</td></tr><tr><td><pre>NameVirtualHost 192.168.55.1:443\r
+<VirtualHost 192.168.55.1:443>\r
+ DocumentRoot "/usr/local/www"\r
+ ServerName opengate.is.saga-u.ac.jp:443\r
+ ServerAdmin administrator@opengate.is.saga-u.ac.jp\r
+ ErrorLog "|/usr/bin/logger -p local6.info"\r
+ CustomLog "|/usr/bin/logger -p local5.info" combined\r
+\r
+ SSLEngine on\r
+ SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL\r
+ SSLCertificateFile /usr/local/etc/apache2/ssl.crt/server1.crt\r
+ SSLCertificateKeyFile /usr/local/etc/apache2/ssl.key/server1.key\r
+</VirtualHost>\r
+\r
+NameVirtualHost [2001:e38:3661:1a5::1]:443\r
+<VirtualHost [2001:e38:3661:1a5::1]:443>\r
+ DocumentRoot "/usr/local/www"\r
+ ServerName opengate.is.saga-u.ac.jp:443\r
+ ServerAdmin administrator@opengate.is.saga-u.ac.jp\r
+ ErrorLog "|/usr/bin/logger -p local6.info"\r
+ CustomLog "|/usr/bin/logger -p local5.info" combined\r
+\r
+ SSLEngine on\r
+ SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL\r
+ SSLCertificateFile /usr/local/etc/apache2/ssl.crt/server1.crt\r
+ SSLCertificateKeyFile /usr/local/etc/apache2/ssl.key/server1.key\r
+</VirtualHost>\r
+\r
+NameVirtualHost 192.168.0.34:443\r
+<VirtualHost 192.168.0.34:443>\r
+ DocumentRoot "/usr/local/www"\r
+ ServerName opengate4.is.saga-u.ac.jp:443\r
+ ServerAdmin administrator@opengate.is.saga-u.ac.jp\r
+ ErrorLog "|/usr/bin/logger -p local6.info"\r
+ CustomLog "|/usr/bin/logger -p local5.info" combined\r
+\r
+ SSLEngine on\r
+ SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL\r
+ SSLCertificateFile /usr/local/etc/apache2/ssl.crt/server2.crt\r
+ SSLCertificateKeyFile /usr/local/etc/apache2/ssl.key/server2.key\r
+</VirtualHost>\r
+</pre></td></tr></table>\r
+\r
+<p>You have to edit other directive. Be familiar with apache2 configuration.</p>\r
+\r
+<div align="right"><A href="#apache0">back</A> <A href="#top">top</A></div>\r
+\r
+<!-- ************ 5 ************** -->\r
+<h4>C.5 Setup HTTP_ERROR 404<A class=anchor href="#apache5" name=apache5>†</A></h4>\r
+\r
+<p>Opengate must always send authentication page for any kind of HTTP request. Therefore \r
+Add next line "to httpd.conf".</p>\r
+\r
+<table><tr><td><pre>\r
+ErrorDocument 404 /\r
+</pre></td></tr></table>\r
+\r
+<div align="right"><A href="#apache0">back</A> <A href="#top">top</A></div>\r
+\r
+<hr>\r
+\r
+<!-- Start:Install isc-dhcp3 -->\r
+<h3>D Install isc-dhcp3<A class=anchor href="#dhcp0" name=dhcp0>†</A></h3>\r
+\r
+<ul>\r
+ <li class="list_num"><A href="#dhcp1">Install (ports)</A></li>\r
+ <li class="list_num"><A href="#dhcp2">Setup DHCP</A></li>\r
+</ul>\r
+\r
+<!-- *********** 1 ************* -->\r
+<h4>D.1 Install (ports)<A class=anchor href="#dhcp1" name=dhcp1>†</A></h4>\r
+\r
+<table><tr><td><pre># cd /usr/ports/net/isc-dhcp3-server\r
+# make\r
+===> Cleaning for isc-dhcp3-server-3.0.1.r14_3\r
+# make install clean ; rehash\r
+</pre></td></tr></table>\r
+\r
+<div align="right"><A href="#dhcp0">back</A> <A href="#top">top</A></div>\r
+\r
+<!-- ************ 2 ************** -->\r
+<h4>D.2 Setup DHCP<A class=anchor href="#dhcp2" name=dhcp2>†</A></h4>\r
+\r
+<p>There is "/usr/local/etc/dhcpd.conf.sample" as configuration file after instalation.\r
+Copy dhcpd.conf.sample to dhcpd.conf and edit configuration file.</p>\r
+\r
+<table><tr><td><pre>option domain-name "saga-u.ac.jp";\r
+option domain-name-servers 192.168.0.2;\r
+option subnet-mask 255.255.255.0;\r
+option broadcast-address 192.168.55.255;\r
+option routers 192.168.55.1;\r
+\r
+default-lease-time 600;\r
+max-lease-time 7200;\r
+ddns-update-style none;\r
+log-facility local7;\r
+\r
+subnet 192.168.55.0 netmask 255.255.255.0 {\r
+ range 192.168.55.100 192.168.55.200;\r
+}\r
+</pre></td></tr></table>\r
+\r
+<p>Add next lines to "/etc/rc.conf".</p>\r
+\r
+<table><tr><td><pre>dhcpd_enable="YES"\r
+dhcpd_ifaces="bge0"\r
+dhcpd_conf="/usr/local/etc/dhcpd.conf"\r
+</pre></td></tr></table>\r
+\r
+<p>dhcpd_ifaces : interfaces ID that send DHCP.</p>\r
+\r
+<div align="right"><A href="#dhcp0">back</A> <A href="#top">top</A></div>\r
+\r
+<hr>\r
+\r
+\r
+<!-- Start:Instal BIND9 -->\r
+<h3>E Install BIND9<A class=anchor href="#bind0" name=bind0>†</A></h3>\r
+\r
+<ul>\r
+ <li class="list_num"><A href="#bind1">Install (ports)</A></li>\r
+ <li class="list_num"><A href="#bind2">Make RNDC key</A></li>\r
+ <li class="list_num"><A href="#bind3">Setup named.conf</A></li>\r
+ <li class="list_num"><A href="#bind4">Setup zone</A></li>\r
+ <li class="list_num"><A href="#bind5">Start confirmation</A></li>\r
+</ul>\r
+\r
+<!-- ********** 1 *********** -->\r
+<h4>E.1 Install (ports)<A class=anchor href="#bind1" name=bind1>†</A></h4>\r
+\r
+<p>If the IPv6 function is available, Opengate needs two FQDNs. It can be settled even to register FQDN for Opengate with existing DNS. When use NAT, you had not better regist an address of IPv4 private network with outside DNS.</p>\r
+<p>If the IPv6 function is not available, you might ignore DNS setting and control with IP address base.</p>\r
+\r
+<table><tr><td><pre># cd /usr/ports/dns/bind9/\r
+# make clean\r
+===> Cleaning for bind9-9.3.1\r
+# make install clean ; rehash\r
+</pre></td></tr></table>\r
+\r
+<p>There is "/etc/namedb(/var/named/etc/namedb)" after installation.</p>\r
+\r
+<div align="right"><A href="#bind0">back</A> <A href="#top">top</A></div>\r
+\r
+<!-- ********** 2 ********** -->\r
+<h4>E.2 Make RNDC key<A class=anchor href="#bind2" name=bind2>†</A></h4>\r
+\r
+<p>BIND9 is controlled by rndc command for security.</p>\r
+\r
+<table><tr><td><pre>\r
+# /usr/local/sbin/dnssec-keygen -a hmac-md5 -b 512 -n user rndc\r
+</pre></td></tr></table>\r
+<p>When error "out of entropy", try with next method.</p>\r
+\r
+<table><tr><td><pre>\r
+# /usr/local/sbin/dnssec-keygen -r /dev/urandom -a hmac-md5 -b 512 -n user rndc\r
+</pre></td></tr></table>\r
+\r
+<ul>\r
+ <li><pre>Krndc.+157+60849.key</pre></li>\r
+ <li><pre>Krndc.+157+60849.private</pre></li>\r
+</ul>\r
+\r
+<p>There is "/usr/local/etc/rndc.conf.sample" after BIND9 installation. \r
+And copy to "rndc.conf".</p>\r
+\r
+<p>Edit "key" directive as like "key" directive of "Krndc.+xxxxxxxx.private.</p>\r
+\r
+<table><tr><td><pre>options {\r
+ default-server localhost;\r
+ default-key "key";\r
+};\r
+\r
+server localhost {\r
+ key "key";\r
+};\r
+\r
+key "key" {\r
+ algorithm hmac-md5;\r
+ secret "...";\r
+};\r
+</pre></td></tr></table>\r
+\r
+\r
+<div align="right"><A href="#bind0">back</A> <A href="#top">top</A></div>\r
+\r
+<!-- ********* 3 ********* -->\r
+<h4>E.3 Setup named.conf<A class=anchor href="#bind3" name=bind3>†</A></h4>\r
+\r
+<p>There is "/etc/namedb/named.conf" after installation.</p>\r
+\r
+<p>Edit "key" directive as like "key" directive of "rndc.conf"</p>\r
+\r
+<table><tr><td><pre>key "rndc_key" {\r
+ algorithm hmac-md5;\r
+ secret "...";\r
+};\r
+\r
+controls {\r
+ inet ::1 allow {\r
+ ::1;\r
+ }\r
+ keys {\r
+ "rndc_key";\r
+ };\r
+ inet 127.0.0.1 allow {\r
+ 127.0.0.1;\r
+ }\r
+ keys {\r
+ "rndc_key";\r
+ };\r
+};\r
+</pre></td></tr></table>\r
+\r
+<p>Write "key" directive in the other file. And you had better include it in "named.conf". \r
+You can secure security more by setting a permission of the other file adequately.</p>\r
+\r
+<p>Edit "options" directive.</p>\r
+\r
+<table><tr><td><pre>options {\r
+ directory "/etc/namedb";\r
+ pid-file "/var/run/named/named.pid";\r
+ auth-nxdomain yes;\r
+ listen-on-v6 { any; };\r
+};\r
+</pre></td></tr></table>\r
+\r
+<p>Make a directory to put "named.pid" properly.</p>\r
+\r
+<div align="right"><A href="#bind0">back</A> <A href="#top">top</A></div>\r
+\r
+<!-- ******** 4 ********* -->\r
+<h4>E.4 Setup Zone<A class=anchor href="#bind4" name=bind4>†</A></h4>\r
+\r
+<p>Edit "view" and "zone" directive.</p>\r
+\r
+<p>"view" directive is implemented in BIND9. "zone" is child directive of "view". \r
+BIND9 can choose zone which answers client by a DNS inquiry IP address by setting "view" adequately.</p>\r
+\r
+<table><tr><td><pre>view "og" {\r
+ match-clients\r
+ {\r
+ 10.0.0.0/16;\r
+ };\r
+\r
+ recursion yes;\r
+\r
+ zone "." {\r
+ type hint;\r
+ file "named.root";\r
+ };\r
+\r
+ zone "og.saga-u.ac.jp" {\r
+ type master;\r
+ file "og.saga-u.ac.jp";\r
+ };\r
+\r
+ zone "0.0.127.IN-ADDR.ARPA" {\r
+ type master;\r
+ file "master/localhost.rev";\r
+ };\r
+\r
+ // RFC 3152\r
+ zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.\\r
+ 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA" {\r
+ type master;\r
+ file "master/localhost-v6.rev";\r
+ };\r
+\r
+ // RFC 1886 -- deprecated\r
+ zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.\\r
+ 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.INT" {\r
+ type master;\r
+ file "master/localhost-v6.rev";\r
+ };\r
+};\r
+</pre></td></tr></table>\r
+\r
+<p>Make a "zone" file of domain as "og.saga-u.ac.jp".</p>\r
+\r
+<table><tr><td><pre>$TTL 3600\r
+$ORIGIN og.saga-u.ac.jp.\r
+\r
+@ IN SOA ns.og.saga-u.ac.jp. postmaster (\r
+ 2005051702 ;\r
+ 3600\r
+ 1200\r
+ 2419200\r
+ 86400 )\r
+ IN NS ns.og.saga-u.ac.jp.\r
+ IN A 10.0.0.2\r
+ IN MX 10 opengate.og.saga-u.ac.jp.\r
+\r
+ns IN A 10.0.0.2\r
+\r
+opengate IN A 10.0.0.2\r
+ AAAA 2001:2f8:10:1::1\r
+\r
+opengate4 IN A 133.49.1.2\r
+</pre></td></tr></table>\r
+\r
+<div align="right"><A href="#bind0">back</A> <A href="#top">top</A></div>\r
+\r
+<!-- ********* 5 ********* -->\r
+<h4>E.5 Start confirmation<A class=anchor href="#bind5" name=bind5>†</A></h4>\r
+\r
+<p>Confirm starting "named" after setting was completed.</p>\r
+\r
+<table><tr><td><pre>\r
+# /usr/local/sbin/named/ -u bind -c /etc/namedb/named.conf\r
+</pre></td></tr></table>\r
+\r
+<p>If "named" starts without a problem, Add next lines to "/etc/rc.conf".</p>\r
+\r
+<table><tr><td><pre>named_enable="YES"\r
+named_program="/usr/local/sbin/named"\r
+named_flags="-u bind -c /etc/namedb/named.conf"\r
+</pre></td></tr></table>\r
+\r
+<p>Because management of a DNS server is too complicatedly, You had better read manual of BIND9 carefully, and \r
+refer to other document.</p>\r
+\r
+<div align="right"><A href="#bind0">back</A> <A href="#top">top</A></div>\r
+<hr>\r
+<!-- Start:Install MRTG -->\r
+<h3>F MRTG<A class=anchor href="#mrtg0" name=mrtg0>†</A></h3>\r
+\r
+<ul>\r
+ <li class="list_num"><A href="#mrtg1">Install (ports)</A></li>\r
+ <li class="list_num"><A href="#mrtg2">Setup MRTG</A></li>\r
+ <li class="list_num"><A href="#mrtg3">Start confirmation</A></li>\r
+ <li class="list_num"><A href="#mrtg4">Setup crontab</A></li>\r
+</ul>\r
+\r
+<!-- ************ 1 ************** -->\r
+<h4>F.1 Install MRTG<A class=anchor href="#mrtg1" name=mrtg1>†</A></h4>\r
+\r
+<p>This is optional. You can use MRTG to watch a state of Opengate. If you do not want to watch the state of Opengate, you do not need to install MRTG.</p>\r
+\r
+<p><a href="http://people.ee.ethz.ch/~oetiker/webtools/mrtg/" target="_blank">MRTG</a>(Multi Router Traffic Grapher) is system to watch network traffic. \r
+MRTG makes graphic images and HTML files. </p>\r
+\r
+<p>You can install MRTG to gateway server or another server. If you must watch plural Opengate, you \r
+had better install MRTG to another server.</p>\r
+\r
+<table><tr><td><pre>\r
+# cd /usr/ports/net-mgmt/mrtg/\r
+# make clean\r
+===> Cleaning for mrtg-2.12.2,1\r
+# make install clean ; rehash\r
+</pre></td></tr></table>\r
+\r
+<div align="right"><A href="#mrtg0">back</A> <A href="#top">top</A></div><!-- ************ 2 ************** -->\r
+<h4>F.2 Setup MRTG<A class=anchor href="#mrtg2" name=mrtg2>†</A></h4>\r
+\r
+<p>There is "/usr/local/etc/mrtg/mrtg.cfg.sample" as configuration file after instalation. \r
+Copy mrtg.cfg.sample to opengate.cfg and edit configuration file.</p>\r
+\r
+<table><tr><td><pre>\r
+##################################################\r
+# opengate user counter\r
+\r
+WorkDir: /usr/home/user/public_html/mrtg/opengate/\r
+\r
+##### Options\r
+Options[^]: growright,gauge,nopercent,integer\r
+\r
+Target[opengate]:`/usr/home/user/bin/input.sh`\r
+Title[opengate]: Opengate user counter\r
+\r
+PageTop[opengate]: <h1>Opengate user counter</h1>\r
+ <p>Show the number of people using Opengate</p>\r
+\r
+# Max Number\r
+MaxBytes[opengate]: 200\r
+\r
+# Title of Y axis\r
+YLegend[opengate]: Opengate User\r
+# unit\r
+ShortLegend[opengate]: s\r
+# Title of graph LegendI: first line LegendO: second line\r
+LegendI[opengate]: IPv6 Users\r
+LegendO[opengate]: Total Users\r
+</pre></td></tr></table>\r
+\r
+<p>make a directory which you appointed in "WorkDir". MRTG makes graphic images and HTML files in WorkDir.</p>\r
+\r
+<p>"Target[opengate]" is path to program to hand data to MRTG. explain below th details.</p>\r
+\r
+\r
+\r
+<h5>F.2.1 Case of gateway server<A class=anchor href="#mrtg21" name=mrtg21>†</A></h5>\r
+\r
+<p>Put this shellscript as "/usr/home/user/bin/input.sh".</p>\r
+\r
+<table><tr><td><pre>\r
+#!/bin/sh\r
+\r
+#######################################\r
+##\r
+## shwo opengate status for MRTG\r
+##\r
+## 1 line : IPv6 Users\r
+## 2 line : Total Users\r
+## 3 line : uptime\r
+## 4 line : comment for data\r
+##\r
+#######################################\r
+\r
+LANG=C\r
+COLUMNS=256\r
+\r
+export LANG\r
+export COLUMNS\r
+\r
+### IPv6 prefix\r
+prefix="2001:2f8:22:801:"\r
+###opengateprocessname\r
+process="opengatesrv.cgi" \r
+\r
+###tmp file name\r
+tmp_all="/tmp/og_count_all.tmp"\r
+tmp_6="/tmp/og_count_6.tmp"\r
+\r
+######################################################\r
+psax | grep $process > $tmp_all\r
+COUNT = `wc-l $tmp_all | awk '{print $1}'` \r
+grep $prefix $tmp_all > $tmp_6\r
+COUNT6=`wc -l $tmp_6 | awk '{print $1}'`\r
+UPTIME=`uptime | awk '{print $3$4}' | sed -e "s/,//g"`\r
+\r
+rm $tmp_all\r
+rm $tmp_6\r
+\r
+echo "$COUNT6"\r
+echo "$COUNT"\r
+echo "$UPTIME"\r
+echo "Opengate User Counter"\r
+</pre></td></tr></table>\r
+\r
+<p>carry out this shell script alone and confirm that you can acquire the following data.</p>\r
+\r
+<table><tr><td><pre>5\r
+48\r
+10days\r
+Opengate User Counter\r
+</pre></td></tr></table>\r
+\r
+\r
+<h5>F.2.2 Case of another server<A class=anchor href="#mrtg22" name=mrtg22>†</A></h5>\r
+\r
+<p>Put this shellscript as "/usr/home/user/bin/input.sh" on another server.</p>\r
+\r
+<table><tr><td><pre>\r
+#!/bin/sh\r
+\r
+#######################################\r
+##\r
+## input data for MRTG\r
+##\r
+## 1 line : IPv6 Users\r
+## 2 line : Total Users\r
+## 3 line : uptime\r
+## 4 line : comment for data\r
+##\r
+#######################################\r
+\r
+# tmp file name\r
+file="/tmp/opengate.tmp"\r
+\r
+# URL of output.sh at opengate\r
+url="http://opengate.saga-u.ac.jp/cgi-bin/output.sh"\r
+\r
+fetch -o $file $url &> /dev/null\r
+\r
+more $file\r
+</pre></td></tr></table>\r
+\r
+<p>Put this shell script as "/usr/local/apache2/cgi-bin/output.sh" on Opengate server. \r
+And set this URL to $url in script explained by the above.</p>\r
+\r
+<table><tr><td><pre>\r
+#!/bin/sh\r
+\r
+#######################################\r
+##\r
+## shwo opengate status for MRTG\r
+##\r
+## 1 line : IPv6 Users\r
+## 2 line : Total Users\r
+## 3 line : uptime\r
+## 4 line : comment for data\r
+##\r
+#######################################\r
+\r
+LANG=C\r
+COLUMNS=256\r
+\r
+export LANG\r
+export COLUMNS\r
+\r
+### IPv6 prefix\r
+prefix="2001:2f8:22:801:"\r
+###opengateprocessname\r
+process="opengatesrv.cgi" \r
+\r
+###tmp file name\r
+tmp_all="/tmp/og_count_all.tmp"\r
+tmp_6="/tmp/og_count_6.tmp"\r
+\r
+######################################################\r
+psax | grep $process > $tmp_all \r
+COUNT = `wc-l $tmp_all | awk '{print $1}'` \r
+grep $prefix $tmp_all > $tmp_6\r
+COUNT6=`wc -l $tmp_6 | awk '{print $1}'`\r
+UPTIME=`uptime | awk '{print $3$4}' | sed -e "s/,//g"`\r
+rm $tmp_all\r
+rm $tmp_6\r
+\r
+echo "Content-type: text/plain; charset=iso-8859-1"\r
+echo\r
+\r
+echo "$COUNT6"\r
+echo "$COUNT"\r
+echo "$UPTIME"\r
+echo "Opengate User Counter"\r
+</pre></td></tr></table>\r
+\r
+<p>carry out "input.sh" shell script on another server and confirm that you can acquire the following data.</p>\r
+\r
+<table><tr><td><pre>5\r
+48\r
+10days\r
+Opengate User Counter\r
+</pre></td></tr></table>\r
+\r
+<div align="right"><A href="#mrtg0">back</A> <A href="#top">top</A></div><!-- ************ 3 ************** -->\r
+<h4>F.3 Start confirmation<A class=anchor href="#mrtg3" name=mrtg3>†</A></h4>\r
+\r
+<p>Confirm after setting was completed.</p>\r
+\r
+<table><tr><td><pre>\r
+# /usr/local/bin/mrtg /usr/local/etc/mrtg/opengate.cfg\r
+</pre></td></tr></table>\r
+\r
+<p>Various WARNING is output the first time and second.</p>\r
+\r
+<p>There is some files in "WorkDir".</p>\r
+\r
+<table><tr><td><pre>> ls -l\r
+-rw-r--r-- 1 root wheel 538 12 14 04:40 mrtg-l.png\r
+-rw-r--r-- 1 root wheel 414 12 14 04:40 mrtg-m.png\r
+-rw-r--r-- 1 root wheel 1759 12 14 04:40 mrtg-r.png\r
+-rw-r--r-- 1 root wheel 2941 12 20 15:15 opengate-day.png\r
+-rw-r--r-- 1 root wheel 2146 12 20 14:35 opengate-month.png\r
+-rw-r--r-- 1 root wheel 2867 12 20 14:55 opengate-week.png\r
+-rw-r--r-- 1 root wheel 1897 12 20 05:00 opengate-year.png\r
+-rw-r--r-- 1 root wheel 5961 12 20 15:15 opengate.html\r
+-rw-r--r-- 1 root wheel 48786 12 20 15:15 opengate.log\r
+-rw-r--r-- 1 root wheel 48784 12 20 15:10 opengate.old\r
+</pre></td></tr></table>\r
+\r
+<div align="right"><A href="#mrtg0">back</A> <A href="#top">top</A></div>\r
+\r
+<!-- ************ 4 ************** -->\r
+<h4>F.4 Setup crontab<A class=anchor href="#mrtg4" name=mrtg4>†</A></h4>\r
+\r
+<p>Add next line to "/etc/crontab".</p>\r
+\r
+<table><tr><td><pre>\r
+*/5 * * * * root /usr/local/bin/mrtg /usr/local/etc/mrtg/opengate.cfg\r
+</pre></td></tr></table>\r
+\r
+<div align="right"><A href="#mrtg0">back</A> <A href="#top">top</A></div>\r
+\r
+<hr>\r
+\r
+<!-- ************ 1 ************** -->\r
+<h3>G Install rulechk<A class=anchor href="#rulechk" name=rulechk>†</A></h3>\r
+\r
+<p>This is optional. At the abnormal termination of Opengate process, superfluous rule might be left bihind. Though it is very rare, a script dealing with the case is prepared in tools/rulechk. The script compares the Opengate process list and the firewall rule list, and deletes the superfluous rules.\r
+</p>\r
+<div align="right"><A href="#rulechk">back</A> <A href="#top">top</A></div>\r
+\r
+</body>\r
</html>
\ No newline at end of file
OSDN Git Service
