This archive contains OPENGATE sources & documentations
Copyright (C) 1999-2005 Yoshiaki Watanabe
+ Modfied 2005 Katsuhiko Eguchi
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
-----------------------------------------------------
-install documentation is in doc/install.txt
+install documentation is in doc/install_en.txt
+ doc/install_ja.txt
-----------------------------------------------------
Content of this archive
README This file
conf/ Configuration files
- opengatefw.conf Script of initial firewall configuration
+ opengatefw.conf Script of initial IPv4 firewall configuration
+ opengatefw6.conf Script of initail IPv6 firewall configuration
opengatefw.pl Perl script executed by opengate
opengatesrv.conf Configuration of authentication servers
doc/ Documentation files
Changes.html Change log
GPL.txt GNU General Public License
- install.html Instruction of installation(Japanese)
- install-e.html Instruction of installation
+ install_ja.html Instruction of installation(Japanese)
+ install_en.html Instruction of installation
qa.html Questions and answers(Japanese)
qa-e.html Questions and answers
errcheck.html Error checking list(Japanese)
accept.html First accept message page(for Applet)
accept2.html Second accept message page(for potal)
deny.html Deny message page
+ deny-ssl.html Deny message page(in SSL)
index-ssl.html Authentication request page(in SSL)
index.html Authentication request page
topindex.html Top page displayed at firewall forward
accept.html First accept message page(for Applet)
accept2.html Second accept message page(for potal)
deny.html Deny message page
+ deny-ssl.html Deny message page(in SSL)
index-ssl.html Authentication request page(in SSL)
index.html Authentication request page
topindex.html Top page displayed at firewall forward
auth-pop3s.c Authentication by POP3S
auth-rad.c Authentication by RADIUS
comm-arp.c Communication with ARP
+ comm-ndp.c Communication with NDP
comm-auth.c Communication with authentication systems
comm-cgi.c Communication with Web server via CGI
comm-ipfw.c Communication with IPFW
+ comm-ip6fw.c Communication with IP6FW
comm-java.c Communication with Java Applet
comm-userdb.c Communication with user database
error.c Error routines
get-param.c Get parameters from config file
+ htmltemplate.c Useing html template
+ htmltemplate.h htmltemplate header file
main.c Main routine
opengatesrv.h Common header file
+ opengateauth.c Authentication CGI
+ opengateauth.h Authentication CGI header file
test-comm-auth.c Test program to debug comm-auth.c
test-comm-ipfw.c Test program to debug comm-ipfw.c
test-comm-java.c Test program to debug comm-java.c
#### section of authentication server configuration
#this setting is selected when [username] only is entered in auth form.
-default:tc=pam
+default:tc=ai
+
+ai:address=192.168.0.2:protocol=pop3s
#this setting is selected when [username@cs] is entered in auth form.
-cs:address=192.168.0.2:protocol=pop3s:tc=cgiconf1
+#cs:address=192.168.0.2:protocol=pop3s:tc=cgiconf1
#this setting is selected when [username@pam] is entered in auth form.
# or [username] only is entered (because tc links from default:)
pam:protocol=pam:tc=cgiconf1
#this setting is selected when [username@rad] is entered in auth form.
-rad:protocol=radius:tc=cgiconf1
+#rad:protocol=radius:tc=cgiconf1
#this setting is selected when when [username@guest] is entered in auth form.
-guest:protocol=ftp:address=192.168.29.138:tc=cgiconf2
+#guest:protocol=ftp:address=192.168.29.138:tc=cgiconf2
#####################################################
# <ID>:protocol=ftp:address={<hostname>|<hostaddr>}:[port=<portno>:]
# Do not insert comment line. Following lines are ignored.
##
cgiconf1:\
- :#durationdefault=1200:\
- :#durationmax=10800:\
- :#activecheckinterval=600:\
- :#noreplymax=1:\
- :#nopacketinterval=5400:\
- :#ipfwmin=10000:\
- :#ipfwmax=40000:\
- :#ipfwinterval=2:\
- :#portmin=30000:\
- :#portmax=60000:\
- :#usefwscript=1:\
- :#fwscriptpath=/etc/opengatefw.pl:\
- :#fwscript=opengatefw.pl:\
- :#enablemacaddr=1
+ :durationdefault=1200:\
+ :durationmax=10800:\
+ :activecheckinterval=600:\
+ :noreplymax=1:\
+ :nopacketinterval=5400:\
+ :ipfwmin=10000:\
+ :ipfwmax=40000:\
+ :ipfwinterval=2:\
+ :portmin=30000:\
+ :portmax=60000:\
+ :usefwscript=1:\
+ :fwscriptpath=/etc/opengatefw.pl:\
+ :fwscript=opengatefw.pl:\
+ :enablemacaddr=1
###########################################################
# durationdefault: default usage time without Java (second)
##############################################################
## other settings can be selected for specific servers
-cgiconf2:\
+#cgiconf2:\
<HTML>
-<body bgcolor=#FAFFF0>
+<BODY>
+
+<body bgcolor=#BBEECC>
<H3>Opengate History</H3>
--- /dev/null
+<html>
+<head>
+<title>Opegnate Install</title>
+<meta http-equiv="content-type" content="text/html">
+<link rel="stylesheet" type="text/css" media="screen" href="style.css">
+</head>
+
+<body bgcolor="#BBEECC">
+
+<!-- Start:Install Opengate -->
+<h3>A Install Opegnate<a name="opengate0" href="#opengate0" class="anchor">†</a></h3>
+<ul>
+ <li class="list_num"><a href="#opengate1">Install Procedure</a></li>
+ <li class="list_num"><a href="#opengate2">Install FreeBSD</a></li>
+ <li class="list_num"><a href="#opengate3">Install Opengate</a></li>
+</ul>
+
+<!-- ************ 1 ************** -->
+<h4>A.1 Install Procedure<a name="opengate1" href="#opengate1" class="anchor">†</a></h4>
+
+<p>List of Install Procedure.(*:Necessary by all means)</p>
+
+<ul>
+ <li class="list_num">Gateway Machine *</li>
+ <li class="list_num">Install FreeBSD *</li>
+ <li class="list_num">Prepare kernel *</li>
+ <li class="list_num">Setup ipfw,ip6fw *</li>
+ <li class="list_num">Setup NAT</li>
+ <li class="list_num">Install Apache2 *</li>
+ <li class="list_num">Install DHCP</li>
+ <li class="list_num">Install BIND9</li>
+</ul>
+
+<div align="right"><a href="#opengate0">top</a></div>
+
+<!-- ************ 2 ************** -->
+<h4>A.2 Install FreeBSD<a name="opengate2" href="#opengate2" class="anchor">†</a></h4>
+
+<ul>
+ <li>Gateway Machine</li>
+ <uL>
+ <li>FreeBSD Ver 4.x, 5.x, or 6.x</li>
+ <li>Having Two more EtherBoard</li>
+ </uL>
+</ul>
+
+<p>Choose distribution Developer(Full sorces, binaries and doc), because we have to prepare a kernel.</p>
+<p>Add next line to "/etc/rc.conf", because you validate a function of a gateway.</p>
+
+<table>
+<td><code>gateway_enable="YES"</code></td>
+</table>
+
+<div align="right"><a href="#opengate0">top</a></div>
+
+<!-- ************ 3 ************** -->
+<h4>A.3 Install Opengate<a name="opengate3" href="#opengate3" class="anchor">†</a></h4>
+
+<h5>A.3.1 Package of Opengate<a name="opengate4" href="#opengate4" class="anchor">†</a></h5>
+
+<p>Unfolds the latest package of Opengate. It have next directory.</p>
+
+<table>
+<tr><td>
+<pre>
+doc\81FDocumentations
+conf\81Fconfiguration file sample and firewall control perl script sample
+javahtml\81FClient Java Programs and HTML files
+opengatesrv\81FServer CGI program
+</pre>
+</td></tr>
+</table>
+
+<h5>A.3.2 Compile<a name="opengate5" href="#opengate5" class="anchor">†</a></h5>
+
+<p>Edit Makefile and opengatesrv.h in opengatesrv before carry out compile.</p>
+<p>Opengate needs tow FQDNs(FQDN_4 and FQDN_64). For example, FQDN_4 is "opengate.saga-u.ac.jp"
+(IPv4 address: 133.49.31.1). FQDN_64 is "opengate.saga-u.ac.jp"(IPv4 address: 192.168.55.1, IPv6 address: 2001:e38:100:100::1).</p>
+
+<p>Makefile</p>
+<ul>
+ <li class="list_none">HOSTNAME</li>
+ <ul>
+ <li>Set FQDN_64</li>
+ </ul>
+ <li class="list_none">HOSTNAME4</li>
+ <ul>
+ <li>Set FQDN_4</li>
+ </ul>
+ <li class="list_none">OPENGATEDIR</li>
+ <ul>
+ <li>Opengate install directory (from Web top)</li>
+ </ul>
+ <li class="list_none">HTMLTOP1,HTMLTOP2</li>
+ <ul>
+ <li>Web top directory</li>
+ <li>Web top directory (for HTTPS)</li>
+ </ul>
+ <li class="list_none">CGIPATH,CGIPROG,CGIURL</li>
+ <ul>
+ <li>CGI directory</li>
+ <li>CGI program name</li>
+ <li>URL of CGI program</li>
+ </ul>
+ <li class="list_none">AUTHCGIPROG,AUTHCGIURL</li>
+ <ul>
+ <li>Authentication CGI program name</li>
+ <li>URL of Authentication CGI program</li>
+ </ul>
+ <li class="list_none">CONFIGFILE</li>
+ <ul>
+ <li>Configuration file name</li>
+ </ul>
+ <li class="list_none">USEFWSCRIPT,FWSCRIPT,FWSCRIPTFILE</li>
+ <ul>
+ <li>Enable(1) or disable(0) Perl script to control firewall open</li>
+ <li>Firewall control Perl script name</li>
+ <li>Path to fireall control Perl script</li>
+ </ul>
+ <li class="list_none">LOCKFILE</li>
+ <ul>
+ <li>Lock file for exclusive execution</li>
+ </ul>
+ <li class="list_none">HTMLDOCS,DENYDOC,DENYDOCSSL,ACCEPTDOC,ACCEPTDOC2</li>
+ <ul>
+ <li>HTML files listing</li>
+ <li>HTML file sent at dynying</li>
+ <li>HTML file sent at dynying(For HTTPS)</li>
+ <li>HTML file sent at accepting</li>
+ <li>HTML file sent at accepting in popup window (can chenge this in URL. Refer INFOMATION)</li>
+ </ul>
+ <li class="list_none">INFOMATION</li>
+ <ul>
+ <li>Enable(1) or disable(0), Instead of ACCEPTDOC2, Call other URL in popup window</li>
+ </ul>
+ <li class="list_none">INFOMATIONURL</li>
+ <ul>
+ <li>URL instead of ACCEPTDOC2</li>
+ </ul>
+ <li class="list_none">AUTHHTMLJA,AUTHHTMLEN,AUTHHTMLJASSL,AUTHHTMLENSSL</li>
+ <ul>
+ <li>Authentication HTML file in Japanese</li>
+ <li>Authentication HTML file in English</li>
+ <li>Authentication HTML file in Japanese (For HTTPS)</li>
+ <li>Authentication HTML file in English (For HTTPS)</li>
+ <li>When you add other languages, add other languages to "javahtml", add HTMLDOCS, DENYDOC, DENYDOCSSL,
+ ACCEPTDOC, ACCEPTDOC2. And edit opengateauth.h, add AUTHMLXX lines.</li>
+ </ul>
+ <li class="list_none">ARPPATH</li>
+ <ul>
+ <li>Path to arp command</li>
+ </ul>
+ <li class="list_none">NDPPAHT</li>
+ <ul>
+ <li>Path to ndp command</li>
+ </ul>
+ <li class="list_none">IPFW,IP6FW</li>
+ <ul>
+ <li>Path to ipfw and ip6fw commands</li>
+ </ul>
+</ul>
+
+<p>opengatesrv.h</p>
+
+<ul>
+ <li class="list_none">DEBUG</li>
+ <ul>
+ <li>If set to 1, function call trace log is put out to syslog</li>
+ </ul>
+ <li class="list_none">DURATIONDEFAULT</li>
+ <ul>
+ <li>Default time duration to wait for Java Applet connect.(second)
+ If no connection in the duration, the network is closed.
+ The duration can be changed in auth page by the user.</li>
+ </ul>
+ <li class="list_none">DURATIONMAX</li>
+ <ul>
+ <li>Maximum duration to wait for Java Applet connect. (second)
+ Under this value, the Applet waiting duration (= duration of
+ network open without Java Applet) can be specified by the user
+ on the authentication page.
+ If user specified duration is not agreeable, set it the same
+ value as DURATIONDEFAULT and remove the field in auth page.</li>
+ </ul>
+ <li class="list_none">ACTIVECHECKINTERVAL</li>
+ <ul>
+ <li>Time interval of checking the terminal.(second)
+ In no java mode, check by MAC address and packet count for the
+ terminal's IP address.
+ In java mode, check by HELLO exchange and packet count.</li>
+ </ul>
+ <li class="list_none">COMMWAITTIMEOUT</li>
+ <ul>
+ <li>Server waiting time for communication reply.(second)</li>
+ </ul>
+ <li class="list_none">NOREPLYMAX</li>
+ <ul>
+ <li>Permitted count of no reply to HELLO. If the client does not
+ send back HELLO more than NOREPLYMAX times, then the network
+ is closed.</li>
+ </ul>
+ <li class="list_none">NOPAKETINTERVAL</li>
+ <ul>
+ <li>If no packet is passed for this time interval, then
+ the network is closed.(second)</li>
+ </ul>
+ <li class="list_none">LOCKTIMEOUT</li>
+ <ul>
+ <li>Maximum locking time for exclusive ipfw action.(second)</li>
+ </ul>
+ <li class="list_none">IPFWMIN</li>
+ <ul>
+ <li>Minimum ipfw rule number used by opengate.</li>
+ </ul>
+ <li class="list_none">IPFWMAX</li>
+ <ul>
+ <li>Maximum ipfw rule number used by opengate.</li>
+ </ul>
+ <li class="list_none">IPFWINTERVAL</li>
+ <ul>
+ <li>Rule number interval used by opengate.
+ The maximum terminals/processes can be controled by these value.</li>
+ </ul>
+ <li class="list_none">PORTMIN</li>
+ <ul>
+ <li>Minimum port value used by opengate.</li>
+ </ul>
+ <li class="list_none">PORTMAX</li>
+ <ul>
+ <li>Maximum port value used by opengate. Set unused port range.</li>
+ </ul>
+ <li class="list_none">FACILITY</li>
+ <ul>
+ <li>syslog facility</li>
+ </ul>
+</ul>
+
+<p>Compile and Install after finishing the above-mentioned setting.</p>
+
+<table><tr><td><pre>
+#make
+cc -DCONFIGFILE=\"/etc/opengatesrv.conf\"
+-DOPENGATEDIR=\"/opengate\" -DDENYDOC=\"deny.html\"
+-DDENYDOC=\"deny.html\" -DDENYDOCSSL=\"deny-ssl.html\"
+-----------------
+-----------------
+-----------------
+# make install
+</pre></td></tr></table>
+
+<h5>A.3.3 Setup authentication server<a name="opengate6" href="#opengate6" class="anchor">†</a></h5>
+
+<p>It is described the details of a setting method in a configuration file (opengatesrv.conf).</p>
+
+<div align="right"><a href="#opengate0">top</a></div>
+
+</body>
+</html>
\ No newline at end of file
--- /dev/null
+<html>
+<head>
+<title>Opegnate Install</title>
+<meta http-equiv="content-type" content="text/html;charset=Shift_JIS">
+<link rel="stylesheet" type="text/css" media="screen" href="style.css">
+</head>
+
+<body bgcolor="#BBEECC">
+
+<!-- Start:Setup ipfw,ip6fw -->
+<h3>B Setup ipfw,ip6fw<a name="ipfw0" href="#ipfw0" class="anchor">†</a></h3>
+
+<ul>
+ <li class="list_num"><a href="#ipfw1">Prepare kernel</a></li>
+ <li class="list_num"><a href="#ipfw2">Setup ipfw</a></li>
+ <li class="list_num"><a href="#ipfw3">Setup ip6fw</a></li>
+</ul>
+
+<!-- ************ 1 ************** -->
+<h4>B.1 Prepare kernel<a name="ipfw1" href="#ipfw1" class="anchor">†</a></h4>
+
+<p>Prepare kernel having ipfw and ip6fw functions.</p>
+
+<p>Copy kernel options file.</p>
+
+<table><tr><td><pre>
+# cd /usr/src/sys/i386/conf
+# cp GENERIC MYKERNEL
+</pre></td></tr></table>
+
+<p>Add next lines.</p>
+
+<table><tr><td><pre>
+options IPDIVERT
+
+options IPFIREWALL
+options IPFIREWALL_FORWARD
+options IPFIREWALL_VERBOSE
+options IPFIREWALL_VERBOSE_LIMIT=100
+
+options IPV6FIREWALL
+options IPV6FIREWALL_VERBOSE
+options IPV6FIREWALL_VERBOSE_LIMIT=100
+
+options IPSEC
+options IPSEC_ESP
+options TCP_DROP_SYSFIN
+</pre></td></tr></table>
+
+<li>When use NAT, IPDIVERT is necessary.</li>
+<li>When need firewal log, *VERBOSE is necessary.</li>
+<li>When use IPSEC, *IPSEC is nnecessary.</li>
+
+<p>compile and install kernel having ipfw and ip6fw functions.</p>
+
+<table><tr><td><pre>
+# config MYKERNEL
+# cd ../compile/MYKERNEL
+# make depend
+# make
+# make install
+</pre></td></tr></table>
+
+<p>Add next lines to "/etc/rc.conf".</p>
+
+<table><tr><td><pre>
+firewall_enable="YES"
+firewall_script="/etc/rc.firewall"
+
+ipv6_firewall_enable="YES"
+ipv6_firewall_script="/etc/rc.firewall6"
+
+natd_enable="YES"
+natd_interface="em0"
+</pre></td></tr></table>
+
+<p>Validate a ipfw and ip6fw. And setup configuration script path.
+When use NAT, Validate natd and setup natd interface.</p>
+
+<div align="right"><a href="#ipfw0">top</a></div>
+
+<!-- ************ 2 ************** -->
+<h4>B.2 Setup ipfw<a name="ipfw2" href="#ipfw2" class="anchor">†</a></h4>
+
+<p>Write a rule of ipfw for Opengate. This is example "/etc/rc.firewall".</p>
+
+<table><tr><td><pre>
+### set these to your outside interface network and netmask and ip
+oif="em0"
+onet="192.168.0.0"
+omask="255.255.255.0"
+oip="192.168.0.34"
+
+### set these to your inside interface network and netmask and ip
+iif="bge0"
+inet="192.168.55.0"
+imask="255.255.255.0"
+iip="192.168.55.1"
+
+fwcmd="/sbin/ipfw"
+
+### divert packet to NATD
+$fwcmd add 1 divert natd ip from any to any via ${oif}
+
+### Stop spoofing
+$fwcmd add deny all from ${inet}:${imask} to any in via ${oif}
+$fwcmd add deny all from ${onet}:${omask} to any in via ${iif}
+
+### Stop http from softeather
+$fwcmd add deny tcp from 192.168.0.0:255.255.255.0 to ${oip} 80
+$fwcmd add deny tcp from 192.168.0.0:255.255.255.0 to ${oip} 443
+
+### Allow from / to myself
+$fwcmd add pass all from ${iip} to any via ${iif}
+$fwcmd add pass all from ${oip} to any via ${oif}
+$fwcmd add pass all from any to ${iip} via ${iif}
+$fwcmd add pass all from any to ${oip} via ${oif}
+
+### Allow DNS queries out in the world
+### (if DNS is on localhost, delete passDNS)
+$fwcmd add pass udp from any 53 to any
+$fwcmd add pass udp from any to any 53
+$fwcmd add pass tcp from any to any 53
+$fwcmd add pass tcp from any 53 to any
+
+### Forwarding http connection from unauth client
+$fwcmd add 60000 fwd localhost tcp from ${inet}:${imask} to any 80
+$fwcmd add 60010 fwd localhost tcp from ${inet}:${imask} to any 443
+
+### Allow TCP through if setup succeeded
+$fwcmd add 60100 pass tcp from any to any established
+</pre></td></tr></table>
+
+<p>Rule number for [forward] Command must be larger than the rule numbers used in opengate(10000-40000).
+Rule number for [divert to natd] must be smaller than most rules.</p>
+
+<p>The file [conf/opengatefw.conf] is the script describing the above rules.
+ You can edit and use this script instead of rc.firewall. </p>
+
+<p>Be falimiar with ipfw command. Opengate is a software to send out the ipfw command like above one.</p>
+
+<div align="right"><a href="#ipfw0">top</a></div>
+
+<!-- ************ 3 ************** -->
+<h4>B.3 Setup ip6fw<a name="ipfw3" href="#ipfw3" class="anchor">†</a></h4>
+
+<p>Write a rule of ip6fw for Opengate. This is example "/etc/rc.firewall6".</p>
+
+<table><tr><td><pre>
+### set these to your outside interface network and prefixlen and ip
+oif="em0"
+onet="2001:e38:3661:1a0::"
+oprefixlen="64"
+oip="2001:e38:3661:1a0::34"
+
+### set these to your inside interface network and prefixlen and ip
+iif="bge0"
+inet="2001:e38:3661:1a5::"
+iprefixlen="64"
+iip="2001:e38:3661:1a5::1"
+
+### path to command "ip6fw"
+fw6cmd="/sbin/ip6fw"
+
+${fw6cmd} add pass all from ${iip} to any
+${fw6cmd} add pass all from any to ${iip}
+${fw6cmd} add pass all from ${oip} to any
+${fw6cmd} add pass all from any to ${oip}
+
+### Allow RA RS NS NA Redirect...
+${fw6cmd} add pass ipv6-icmp from any to any
+
+# Allow IP fragments to pass through
+${fw6cmd} add pass all from any to any frag
+
+# Allow RIPng
+${fw6cmd} add pass udp from fe80::/10 521 to ff02::9 521
+${fw6cmd} add pass udp from fe80::/10 521 to fe80::/10 521
+
+### Allow TCP through if setup succeeded
+${fw6cmd} add 60100 pass tcp from any to any established
+
+# TCP reset notice message
+${fw6cmd} add 60200 reset tcp from any to any 80
+${fw6cmd} add 60300 reset tcp from any to any 443
+</pre></td></tr></table>
+
+<p>ip6fw dose not have [forward] function. Threrfore Opengate waits for
+timeout of IPv6 HTTP request. And uses [forward] function of ipfw.</p>
+
+<p>When use FreeBSD 5.2 more, ip6fw has TCP reset function.
+TCP reset try to send a TCP reset (RST) notice.</p>
+
+<p>The file [conf/opengatefw6.conf] is the script describing the above rules.
+ You can edit and use this script instead of rc.firewall6. </p>
+
+<p>Be falimiar with ip6fw command too.</p>
+
+
+<div align="right"><a href="#ipfw0">top</a></div>
+
+</body>
+</html>
\ No newline at end of file
--- /dev/null
+<html>
+<head>
+<title>Opegnate Install</title>
+<meta http-equiv="Content-Type" content="text/html; charset=shift_jis">
+<link rel="stylesheet" type="text/css" media="screen" href="style.css">
+</head>
+
+<body bgcolor="#BBEECC">
+
+<!-- Start:Install Apache2 -->
+<h3>C Install Apache2<a name="apache0" href="#apache0" class="anchor">†</a></h3>
+<ul>
+ <li class="list_num"><a href="#apache1">Install (ports)</a></li>
+ <li class="list_num"><a href="#apache2">Install (source)</a></li>
+ <li class="list_num"><a href="#apache3">Make Private key, Certificate</a></li>
+ <li class="list_num"><a href="#apache4">Setup VirtualHost</a></li>
+ <li class="list_num"><a href="#apache5">Setup HTTP_ERROR 404</a></li>
+</ul>
+
+<!-- ************ 1 ************** -->
+<h4>C.1 Install (ports)<a name="apache1" href="#apache1" class="anchor">†</a></h4>
+
+<p>Opengate needs Apache2 supporting IPv6. Because Opengate does authentication, Apache2
+had better support SSL. But you don't have to install mod_ssl because
+Apache2 support SSL with a standard.</p>
+
+<table><tr><td><pre>
+# cd /usr/ports/www/apache2
+# make clean
+===> Cleaning for autoconf-2.53_1
+===> Cleaning for libtool-1.3.5_1
+===> Cleaning for m4-1.4_1
+===> Cleaning for help2man-1.29
+===> Cleaning for expat-1.95.6_1
+===> Cleaning for apache-2.0.48_3
+# make install clean ; rehash
+</pre></td></tr></table>
+
+<p>Add next lines to "/etc/rc.conf"</p>
+
+<table><tr><td><pre>
+apache2_enable="YES"
+apache2ssl_enable="YES"
+</pre></td></tr></table>
+
+<div align="right"><a href="#apache0">top</a></div>
+
+<!-- ************ 2 ************** -->
+<h4>C.2 Install (source)<a name="apache2" href="#apache2" class="anchor">†</a></h4>
+
+<p>You can get a source of Apache2 from "www.apache.org".</p>
+
+<p>Validate a SSL module in configure.</p>
+
+<table><tr><td><pre>
+# tar xvfz httpd-2.0.55.tar.gz
+# cd httpd-2.0.55
+# ./configure --enable-modules="so ssl"
+# make
+# make install
+</pre></td></tr></table>
+
+<div align="right"><a href="#apache0">top</a></div>
+
+<!-- ************ 3 ************** -->
+<h4>C.3 Make private key, certificate<a name="apache3" href="#apache3" class="anchor">†</a></h4>
+
+<p>Make two Private keys and Certificates for Apache2 because Opengate needs
+two FQDNs.</p>
+
+<table><tr><td><pre>
+# cd /usr/local/etc/apache2
+# mkdir ssl.key ssl.crt
+# chmod 700 ssl.key ssl.crt
+
+# /usr/bin/openssl genrsa -out /usr/local/etc/apache2/ssl.key/server1.key 1024
+# /usr/bin/openssl genrsa -out /usr/local/etc/apache2/ssl.key/server2.key 1024
+</pre></td></tr></table>
+
+<br>
+
+<table><tr><td><pre>
+# /usr/bin/openssl req -new -x509 -days 365 \
+ -key /usr/local/etc/apache2/ssl.key/server1.key \
+ -out /usr/local/etc/apache2/ssl.crt/server1.crt
+
+You are about to be asked to enter information that will be incorporated
+into your certificate request.
+What you are about to enter is what is called a Distinguished Name or a DN.
+There are quite a few fields but you can leave some blank
+For some fields there will be a default value,
+If you enter '.', the field will be left blank.
+-----
+Country Name (2 letter code) [AU]:JP
+State or Province Name (full name) [Some-State]:Saga
+Locality Name (eg, city) []:Saga-city
+Organization Name (eg, company) [Internet Widgits Pty Ltd]:Saga-university
+Organizational Unit Name (eg, subsection) []:Information Science
+Common Name (eg, YOUR name) []:opengate.is.saga-u.ac.jp
+Email Address []:administrator@opengate.is.saga-u.ac.jp
+
+Please enter the following 'extra' attributes
+to be sent with your certificate request
+A challenge password []:
+An optional company name []:
+
+# /usr/bin/openssl req -new -x509 -days 365 \
+ -key /usr/local/etc/apache2/ssl.key/server2.key \
+ -out /usr/local/etc/apache2/ssl.crt/server2.crt
+
+You are about to be asked to enter information that will be incorporated
+into your certificate request.
+What you are about to enter is what is called a Distinguished Name or a DN.
+There are quite a few fields but you can leave some blank
+For some fields there will be a default value,
+If you enter '.', the field will be left blank.
+-----
+Country Name (2 letter code) [AU]:JP
+State or Province Name (full name) [Some-State]:Saga
+Locality Name (eg, city) []:Saga-city
+Organization Name (eg, company) [Internet Widgits Pty Ltd]:Saga-university
+Organizational Unit Name (eg, subsection) []:Information Science
+Common Name (eg, YOUR name) []:opengate4.is.saga-u.ac.jp
+Email Address []:administrator@opengate.is.saga-u.ac.jp
+
+Please enter the following 'extra' attributes
+to be sent with your certificate request
+A challenge password []:
+An optional company name []:
+</pre></td></tr></table>
+
+<div align="right"><a href="#apache0">top</a></div>
+
+<!-- ************ 4 ************** -->
+<h4>C.4 Setup VirtualHost<a name="apache4" href="#apache4" class="anchor">†</a></h4>
+
+<p>Name-based virtual hosting cannot be used with SSL secure servers
+because of the nature of the SSL protocol. Therefore, use IP-based virtual host.</p>
+
+<p>Edit httpd.conf and ssl.conf like an example.</p>
+
+<table><tr><td>httpd.conf</td></tr><tr><td><pre>
+NameVirtualHost 192.168.55.1:80
+<VirtualHost 192.168.55.1:80>
+ ServerAdmin administrator@opengate.is.saga-u.ac.jp
+ DocumentRoot /usr/local/www
+ ServerName opengate.is.saga-u.ac.jp
+ ErrorLog "|/usr/bin/logger -p local6.info"
+ CustomLog "|/usr/bin/logger -p local5.info" combined
+</VirtualHost>
+
+NameVirtualHost [2001:e38:3661:1a5::1]:80
+<VirtualHost [2001:e38:3661:1a5::1]:80>
+ ServerAdmin administrator@opengate.is.saga-u.ac.jp
+ DocumentRoot /usr/local/www
+ ServerName opengate.is.saga-u.ac.jp
+ ErrorLog "|/usr/bin/logger -p local6.info"
+ CustomLog "|/usr/bin/logger -p local5.info" combined
+</VirtualHost>
+
+NameVirtualHost 192.168.0.34:80
+<VirtualHost 192.168.0.34:80>
+ ServerAdmin administrator@opengate.is.saga-u.ac.jp
+ DocumentRoot /usr/local/www
+ ServerName opengate4.is.saga-u.ac.jp
+ ErrorLog "|/usr/bin/logger -p local6.info"
+ CustomLog "|/usr/bin/logger -p local5.info" combined
+</VirtualHost>
+</pre></td></tr></table>
+<br>
+<table><tr><td>ssl.conf</td></tr><tr><td><pre>
+NameVirtualHost 192.168.55.1:443
+<VirtualHost 192.168.55.1:443>
+ DocumentRoot "/usr/local/www"
+ ServerName opengate.is.saga-u.ac.jp:443
+ ServerAdmin administrator@opengate.is.saga-u.ac.jp
+ ErrorLog "|/usr/bin/logger -p local6.info"
+ CustomLog "|/usr/bin/logger -p local5.info" combined
+
+ SSLEngine on
+ SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
+ SSLCertificateFile /usr/local/etc/apache2/ssl.crt/server1.crt
+ SSLCertificateKeyFile /usr/local/etc/apache2/ssl.key/server1.key
+</VirtualHost>
+
+NameVirtualHost [2001:e38:3661:1a5::1]:443
+<VirtualHost [2001:e38:3661:1a5::1]:443>
+ DocumentRoot "/usr/local/www"
+ ServerName opengate.is.saga-u.ac.jp:443
+ ServerAdmin administrator@opengate.is.saga-u.ac.jp
+ ErrorLog "|/usr/bin/logger -p local6.info"
+ CustomLog "|/usr/bin/logger -p local5.info" combined
+
+ SSLEngine on
+ SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
+ SSLCertificateFile /usr/local/etc/apache2/ssl.crt/server1.crt
+ SSLCertificateKeyFile /usr/local/etc/apache2/ssl.key/server1.key
+</VirtualHost>
+
+NameVirtualHost 192.168.0.34:443
+<VirtualHost 192.168.0.34:443>
+ DocumentRoot "/usr/local/www"
+ ServerName opengate4.is.saga-u.ac.jp:443
+ ServerAdmin administrator@opengate.is.saga-u.ac.jp
+ ErrorLog "|/usr/bin/logger -p local6.info"
+ CustomLog "|/usr/bin/logger -p local5.info" combined
+
+ SSLEngine on
+ SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
+ SSLCertificateFile /usr/local/etc/apache2/ssl.crt/server2.crt
+ SSLCertificateKeyFile /usr/local/etc/apache2/ssl.key/server2.key
+</VirtualHost>
+</pre></td></tr></table>
+
+<p>You have to edit other directive. Be familiar with apache2 configuration.</p>
+
+<div align="right"><a href="#apache0">top</a></div>
+
+<!-- ************ 5 ************** -->
+<h4>C.5 Setup HTTP_ERROR 404<a name="apache5" href="#apache5" class="anchor">†</a></h4>
+
+<p>Opengate must always send authentication page for any kind of HTTP request. Therefore
+Add next line "to httpd.conf".</p>
+
+<table><tr><td><pre>
+ErrorDocument 404 /
+</pre></td></tr></table>
+
+<div align="right"><a href="#apache0">top</a></div>
+
+</body>
+</html>
\ No newline at end of file
--- /dev/null
+<html>
+<head>
+<title>Opegnate Install</title>
+<meta http-equiv="Content-Type" content="text/html; charset=shift_jis">
+<link rel="stylesheet" type="text/css" media="screen" href="style.css">
+</head>
+
+<body bgcolor="#BBEECC">
+
+<!-- Start:Install isc-dhcp3 -->
+<h3>D Install isc-dhcp3<a name="dhcp0" href="#dhcp0" class="anchor">†</a></h3>
+
+<ul>
+ <li class="list_num"><a href="#dhcp1">Install (ports)</a></li>
+ <li class="list_num"><a href="#dhcp2">Setup DHCP</a></li>
+</ul>
+
+<!-- *********** 1 ************* -->
+<h4>D.1 Install (ports)<a name="dhcp1" href="#dhcp1" class="anchor">†</a></h4>
+
+<table><tr><td><pre>
+# cd /usr/ports/net/isc-dhcp3-server
+# make
+===> Cleaning for isc-dhcp3-server-3.0.1.r14_3
+# make install clean ; rehash
+</pre></td></tr></table>
+
+<div align="right"><a href="#dhcp0">top</a></div>
+
+<!-- ************ 2 ************** -->
+<h4>D.2 Setup DHCP<a name="dhcp2" href="#dhcp2" class="anchor">†</a></h4>
+
+<p>There is "/usr/local/etc/dhcpd.conf.sample" as configuration file after instalation.
+Copy dhcpd.conf.sample to dhcpd.conf and edit configuration file.</p>
+
+<table><tr><td><pre>
+option domain-name "saga-u.ac.jp";
+option domain-name-servers 192.168.0.2;
+option subnet-mask 255.255.255.0;
+option broadcast-address 192.168.55.255;
+option routers 192.168.55.1;
+
+default-lease-time 600;
+max-lease-time 7200;
+ddns-update-style none;
+log-facility local7;
+
+subnet 192.168.55.0 netmask 255.255.255.0 {
+ range 192.168.55.100 192.168.55.200;
+}
+</pre></td></tr></table>
+
+<p>Add next lines to "/etc/rc.conf".</p>
+
+<table><tr><td><pre>
+dhcpd_enable="YES"
+dhcpd_ifaces="bge0"
+dhcpd_conf="/usr/local/etc/dhcpd.conf"
+</pre></td></tr></table>
+
+<p>dhcpd_ifaces : interfaces ID that send DHCP.</p>
+
+<div align="right"><a href="#dhcp0">top</a></div>
+
+</body>
+</html>
\ No newline at end of file
--- /dev/null
+<html>
+<head>
+<title>Opegnate Install</title>
+<meta http-equiv="Content-Type" content="text/html; charset=shift_jis">
+<link rel="stylesheet" type="text/css" media="screen" href="style.css">
+</head>
+
+<body bgcolor="#BBEECC">
+
+<!-- Start:Instal BIND9 -->
+<h3>E Install BIND9<a name="bind0" href="#bind0" class="anchor">†</a></h3>
+
+<ul>
+ <li class="list_num"><a href="#bind1">Install (ports)</a></li>
+ <li class="list_num"><a href="#bind2">Make RNDC key</a></li>
+ <li class="list_num"><a href="#bind3">Setup named.conf</a></li>
+ <li class="list_num"><a href="#bind4">Setup zone</a></li>
+ <li class="list_num"><a href="#bind5">Start confirmation</a></li>
+</ul>
+
+<!-- ********** 1 *********** -->
+<h4>E.1 Install (ports)<a name="bind1" href="#bind1" class="anchor">†</a></h4>
+
+<p>Opengate needs two FQDNs. It can be settled even to register FQDN for Opengate with
+existing DNS. When use NAT, you had not better regist an address of IPv4 private network
+with outside DNS.</p>
+
+<table><tr><td><pre>
+# cd /usr/ports/dns/bind9/
+# make clean
+===> Cleaning for bind9-9.3.1
+# make install clean ; rehash
+</pre></td></tr></table>
+
+<p>There is "/etc/namedb(/var/named/etc/namedb)" after installation.</p>
+
+<div align="right"><a href="#bind0">top</a></div>
+
+<!-- ********** 2 ********** -->
+<h4>E.2 Make RNDC key<a name="bind2" href="#bind2" class="anchor">†</a></h4>
+
+<p>BIND9 is controlled by rndc command for security.</p>
+
+<table><tr><td><pre>
+# /usr/local/sbin/dnssec-keygen -a hmac-md5 -b 512 -n user rndc
+</pre></td></tr></table>
+<p>When error "out of entropy", try with next method.</p>
+
+<table><tr><td><pre>
+# /usr/local/sbin/dnssec-keygen -r /dev/urandom -a hmac-md5 -b 512 -n user rndc
+</pre></td></tr></table>
+
+<ul>
+ <li><pre>Krndc.+157+60849.key</pre></li>
+ <li><pre>Krndc.+157+60849.private</pre></li>
+</ul>
+
+<p>There is "/usr/local/etc/rndc.conf.sample" after BIND9 installation.
+And copy to "rndc.conf".</p>
+
+<p>Edit "key" directive as like "key" directive of "Krndc.+xxxxxxxx.private.</p>
+
+<table><tr><td><pre>
+options {
+ default-server localhost;
+ default-key "key";
+};
+
+server localhost {
+ key "key";
+};
+
+key "key" {
+ algorithm hmac-md5;
+ secret "...";
+};
+</pre></td></tr></table>
+
+<div align="right"><a href="#bind0">top</a></div>
+
+<!-- ********* 3 ********* -->
+<h4>E.3 Setup named.conf<a name="bind3" href="#bind3" class="anchor">†</a></h4>
+
+<p>There is "/etc/namedb/named.conf" after installation.</p>
+
+<p>Edit "key" directive as like "key" directive of "rndc.conf"</p>
+
+<table><tr><td><pre>
+key "rndc_key" {
+ algorithm hmac-md5;
+ secret "...";
+};
+
+controls {
+ inet ::1 allow {
+ ::1;
+ }
+ keys {
+ "rndc_key";
+ };
+ inet 127.0.0.1 allow {
+ 127.0.0.1;
+ }
+ keys {
+ "rndc_key";
+ };
+};
+</pre></td></tr></table>
+
+<p>Write "key" directive in the other file. And you had better include it in "named.conf".
+You can secure security more by setting a permission of the other file adequately.</p>
+
+<p>Edit "options" directive.</p>
+
+<table><tr><td><pre>
+options {
+ directory "/etc/namedb";
+ pid-file "/var/run/named/named.pid";
+ auth-nxdomain yes;
+ listen-on-v6 { any; };
+};
+</pre></td></tr></table>
+
+<p>Make a directory to put "named.pid" properly.</p>
+
+<div align="right"><a href="#bind0">top</a></div>
+
+<!-- ******** 4 ********* -->
+<h4>E.4 Setup Zone<a name="bind4" href="#bind4" class="anchor">†</a></h4>
+
+<p>Edit "view" and "zone" directive.</p>
+
+<p>"view" directive is implemented in BIND9. "zone" is child directive of "view".
+BIND9 can choose zone which answers client by a DNS inquiry IP address by setting "view" adequately.</p>
+
+<table><tr><td><pre>
+view "og" {
+ match-clients
+ {
+ 10.0.0.0/16;
+ };
+
+ recursion yes;
+
+ zone "." {
+ type hint;
+ file "named.root";
+ };
+
+ zone "og.saga-u.ac.jp" {
+ type master;
+ file "og.saga-u.ac.jp";
+ };
+
+ zone "0.0.127.IN-ADDR.ARPA" {
+ type master;
+ file "master/localhost.rev";
+ };
+
+ // RFC 3152
+ zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.\
+ 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA" {
+ type master;
+ file "master/localhost-v6.rev";
+ };
+
+ // RFC 1886 -- deprecated
+ zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.\
+ 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.INT" {
+ type master;
+ file "master/localhost-v6.rev";
+ };
+};
+</pre></td></tr></table>
+
+<p>Make a "zone" file of domain as "og.saga-u.ac.jp".</p>
+
+<table><tr><td><pre>
+$TTL 3600
+$ORIGIN og.saga-u.ac.jp.
+
+@ IN SOA ns.og.saga-u.ac.jp. postmaster (
+ 2005051702 ;
+ 3600
+ 1200
+ 2419200
+ 86400 )
+ IN NS ns.og.saga-u.ac.jp.
+ IN A 10.0.0.2
+ IN MX 10 opengate.og.saga-u.ac.jp.
+
+ns IN A 10.0.0.2
+
+opengate IN A 10.0.0.2
+ AAAA 2001:2f8:10:1::1
+
+opengate4 IN A 133.49.1.2
+</pre></td></tr></table>
+
+<div align="right"><a href="#bind0">top</a></div>
+
+<!-- ********* 5 ********* -->
+<h4>E.5 Start confirmation<a name="bind5" href="#bind5" class="anchor">†</a></h4>
+
+<p>Confirm starting "named" after setting was completed.</p>
+
+<table><tr><td><pre>
+# /usr/local/sbin/named/ -u bind -c /etc/namedb/named.conf
+</pre></td></tr></table>
+
+<p>If "named" starts without a problem, Add next lines to "/etc/rc.conf".</p>
+
+<table><tr><td><pre>
+named_enable="YES"
+named_program="/usr/local/sbin/named"
+named_flags="-u bind -c /etc/namedb/named.conf"
+</pre></td></tr></table>
+
+<p>Because management of a DNS server is too complicatedly, You had better read manual of BIND9 carefully, and
+refer to other document.</p>
+
+<div align="right"><a href="#bind0">top</a></div>
+
+</body>
+</html>
\ No newline at end of file
--- /dev/null
+<html>
+<head>
+<title>Opegnate Install</title>
+<meta http-equiv="content-type" content="text/html">
+<link rel="stylesheet" type="text/css" media="screen" href="style.css">
+</head>
+
+<body bgcolor="#BBEECC">
+
+<h2>Opengate Install Procedure<a name="top" href="#top" class="anchor">†</a></h2>
+
+<!-- Start:Content Table -->
+<ul>
+ <li class="list_alpha"><a href="#opengate0">Opengate Install Procedure</a></li>
+ <ul>
+ <li class="list_num"><a href="#opengate1">Install Procedure</a></li>
+ <li class="list_num"><a href="#opengate2">Install FreeBSD</a></li>
+ <li class="list_num"><a href="#opengate3">Install Opengate</a></li>
+ </ul>
+ <li class="list_alpha"><a href="#ipfw0">Setup ipfw,ip6fw</a></li>
+ <ul>
+ <li class="list_num"><a href="#ipfw1">Prepare Kernel</a></li>
+ <li class="list_num"><a href="#ipfw2">Setup ipfw</a></li>
+ <li class="list_num"><a href="#ipfw3">Setup ip6fw</a></li>
+ </ul>
+ <li class="list_alpha"><a href="#apache0">Install Apache2</a></li>
+ <ul>
+ <li class="list_num"><a href="#apache1">Install (ports)</a></li>
+ <li class="list_num"><a href="#apache2">Install (source)</a></li>
+ <li class="list_num"><a href="#apache3">Make ricate key, Certificate</a></li>
+ <li class="list_num"><a href="#apache4">Setup VirtualHost</a></li>
+ <li class="list_num"><a href="#apache5">Setup HTTP_ERROR 404</a></li>
+ </ul>
+ <li class="list_alpha"><a href="#dhcp0">Install isc-dhcp3</a></li>
+ <ul>
+ <li class="list_num"><a href="#dhcp1">Install (ports)</a></li>
+ <li class="list_num"><a href="#dhcp2">Setup dhcpd.conf</a></li>
+ </ul>
+ <li class="list_alpha"><a href="#bind0">Install BIND9</a></li>
+ <ul>
+ <li class="list_num"><a href="#bind1">Install (ports)</a></li>
+ <li class="list_num"><a href="#bind2">Make RNDC key</a></li>
+ <li class="list_num"><a href="#bind3">Setup named.conf</a></li>
+ <li class="list_num"><a href="#bind4">Setup Zone</a></li>
+ <li class="list_num"><a href="#bind5">Start confirmation</a></li>
+ </ul>
+</ul>
+
+<!-- End:Content Table -->
+<hr>
+
+<!-- Start:Install Opengate -->
+<h3>A Install Opegnate<a name="opengate0" href="#opengate0" class="anchor">†</a></h3>
+<ul>
+ <li class="list_num"><a href="#opengate1">Install Procedure</a></li>
+ <li class="list_num"><a href="#opengate2">Install FreeBSD</a></li>
+ <li class="list_num"><a href="#opengate3">Install Opengate</a></li>
+</ul>
+
+<!-- ************ 1 ************** -->
+<h4>A.1 Install Procedure<a name="opengate1" href="#opengate1" class="anchor">†</a></h4>
+
+<p>List of Install Procedure.(*:Necessary by all means)</p>
+
+<ul>
+ <li class="list_num">Gateway Machine *</li>
+ <li class="list_num">Install FreeBSD *</li>
+ <li class="list_num">Prepare kernel *</li>
+ <li class="list_num">Setup ipfw,ip6fw *</li>
+ <li class="list_num">Setup NAT</li>
+ <li class="list_num">Install Apache2 *</li>
+ <li class="list_num">Install DHCP</li>
+ <li class="list_num">Install BIND9</li>
+</ul>
+
+<div align="right"><a href="#opengate0">back</a> <a href="#top">top</a></div>
+
+<!-- ************ 2 ************** -->
+<h4>A.2 Install FreeBSD<a name="opengate2" href="#opengate2" class="anchor">†</a></h4>
+
+<ul>
+ <li>Gateway Machine</li>
+ <uL>
+ <li>FreeBSD Ver 4.x, 5.x, or 6.x</li>
+ <li>Having Two more EtherBoard</li>
+ </uL>
+</ul>
+
+<p>Choose distribution Developer(Full sorces, binaries and doc), because we have to prepare a kernel.</p>
+<p>Add next line to "/etc/rc.conf", because you validate a function of a gateway.</p>
+
+<table>
+<td><code>gateway_enable="YES"</code></td>
+</table>
+
+<div align="right"><a href="#opengate0">back</a> <a href="#top">top</a></div>
+
+<!-- ************ 3 ************** -->
+<h4>A.3 Install Opengate<a name="opengate3" href="#opengate3" class="anchor">†</a></h4>
+
+<h5>A.3.1 Package of Opengate<a name="opengate4" href="#opengate4" class="anchor">†</a></h5>
+
+<p>Unfolds the latest package of Opengate. It have next directory.</p>
+
+<table>
+<tr><td>
+<pre>
+doc\81FDocumentations
+conf\81Fconfiguration file sample and firewall control perl script sample
+javahtml\81FClient Java Programs and HTML files
+opengatesrv\81FServer CGI program
+</pre>
+</td></tr>
+</table>
+
+<h5>A.3.2 Compile<a name="opengate5" href="#opengate5" class="anchor">†</a></h5>
+
+<p>Edit Makefile and opengatesrv.h in opengatesrv before carry out compile.</p>
+<p>Opengate needs tow FQDNs(FQDN_4 and FQDN_64). For example, FQDN_4 is "opengate.saga-u.ac.jp"
+(IPv4 address: 133.49.31.1). FQDN_64 is "opengate.saga-u.ac.jp"(IPv4 address: 192.168.55.1, IPv6 address: 2001:e38:100:100::1).</p>
+
+<p>Makefile</p>
+<ul>
+ <li class="list_none">HOSTNAME</li>
+ <ul>
+ <li>Set FQDN_64</li>
+ </ul>
+ <li class="list_none">HOSTNAME4</li>
+ <ul>
+ <li>Set FQDN_4</li>
+ </ul>
+ <li class="list_none">OPENGATEDIR</li>
+ <ul>
+ <li>Opengate install directory (from Web top)</li>
+ </ul>
+ <li class="list_none">HTMLTOP1,HTMLTOP2</li>
+ <ul>
+ <li>Web top directory</li>
+ <li>Web top directory (for HTTPS)</li>
+ </ul>
+ <li class="list_none">CGIPATH,CGIPROG,CGIURL</li>
+ <ul>
+ <li>CGI directory</li>
+ <li>CGI program name</li>
+ <li>URL of CGI program</li>
+ </ul>
+ <li class="list_none">AUTHCGIPROG,AUTHCGIURL</li>
+ <ul>
+ <li>Authentication CGI program name</li>
+ <li>URL of Authentication CGI program</li>
+ </ul>
+ <li class="list_none">CONFIGFILE</li>
+ <ul>
+ <li>Configuration file name</li>
+ </ul>
+ <li class="list_none">USEFWSCRIPT,FWSCRIPT,FWSCRIPTFILE</li>
+ <ul>
+ <li>Enable(1) or disable(0) Perl script to control firewall open</li>
+ <li>Firewall control Perl script name</li>
+ <li>Path to fireall control Perl script</li>
+ </ul>
+ <li class="list_none">LOCKFILE</li>
+ <ul>
+ <li>Lock file for exclusive execution</li>
+ </ul>
+ <li class="list_none">HTMLDOCS,DENYDOC,DENYDOCSSL,ACCEPTDOC,ACCEPTDOC2</li>
+ <ul>
+ <li>HTML files listing</li>
+ <li>HTML file sent at dynying</li>
+ <li>HTML file sent at dynying(For HTTPS)</li>
+ <li>HTML file sent at accepting</li>
+ <li>HTML file sent at accepting in popup window (can chenge this in URL. Refer INFOMATION)</li>
+ </ul>
+ <li class="list_none">INFOMATION</li>
+ <ul>
+ <li>Enable(1) or disable(0), Instead of ACCEPTDOC2, Call other URL in popup window</li>
+ </ul>
+ <li class="list_none">INFOMATIONURL</li>
+ <ul>
+ <li>URL instead of ACCEPTDOC2</li>
+ </ul>
+ <li class="list_none">AUTHHTMLJA,AUTHHTMLEN,AUTHHTMLJASSL,AUTHHTMLENSSL</li>
+ <ul>
+ <li>Authentication HTML file in Japanese</li>
+ <li>Authentication HTML file in English</li>
+ <li>Authentication HTML file in Japanese (For HTTPS)</li>
+ <li>Authentication HTML file in English (For HTTPS)</li>
+ <li>When you add other languages, add other languages to "javahtml", add HTMLDOCS, DENYDOC, DENYDOCSSL,
+ ACCEPTDOC, ACCEPTDOC2. And edit opengateauth.h, add AUTHMLXX lines.</li>
+ </ul>
+ <li class="list_none">ARPPATH</li>
+ <ul>
+ <li>Path to arp command</li>
+ </ul>
+ <li class="list_none">NDPPAHT</li>
+ <ul>
+ <li>Path to ndp command</li>
+ </ul>
+ <li class="list_none">IPFW,IP6FW</li>
+ <ul>
+ <li>Path to ipfw and ip6fw commands</li>
+ </ul>
+</ul>
+
+<p>opengatesrv.h</p>
+
+<ul>
+ <li class="list_none">DEBUG</li>
+ <ul>
+ <li>If set to 1, function call trace log is put out to syslog</li>
+ </ul>
+ <li class="list_none">DURATIONDEFAULT</li>
+ <ul>
+ <li>Default time duration to wait for Java Applet connect.(second)
+ If no connection in the duration, the network is closed.
+ The duration can be changed in auth page by the user.</li>
+ </ul>
+ <li class="list_none">DURATIONMAX</li>
+ <ul>
+ <li>Maximum duration to wait for Java Applet connect. (second)
+ Under this value, the Applet waiting duration (= duration of
+ network open without Java Applet) can be specified by the user
+ on the authentication page.
+ If user specified duration is not agreeable, set it the same
+ value as DURATIONDEFAULT and remove the field in auth page.</li>
+ </ul>
+ <li class="list_none">ACTIVECHECKINTERVAL</li>
+ <ul>
+ <li>Time interval of checking the terminal.(second)
+ In no java mode, check by MAC address and packet count for the
+ terminal's IP address.
+ In java mode, check by HELLO exchange and packet count.</li>
+ </ul>
+ <li class="list_none">COMMWAITTIMEOUT</li>
+ <ul>
+ <li>Server waiting time for communication reply.(second)</li>
+ </ul>
+ <li class="list_none">NOREPLYMAX</li>
+ <ul>
+ <li>Permitted count of no reply to HELLO. If the client does not
+ send back HELLO more than NOREPLYMAX times, then the network
+ is closed.</li>
+ </ul>
+ <li class="list_none">NOPAKETINTERVAL</li>
+ <ul>
+ <li>If no packet is passed for this time interval, then
+ the network is closed.(second)</li>
+ </ul>
+ <li class="list_none">LOCKTIMEOUT</li>
+ <ul>
+ <li>Maximum locking time for exclusive ipfw action.(second)</li>
+ </ul>
+ <li class="list_none">IPFWMIN</li>
+ <ul>
+ <li>Minimum ipfw rule number used by opengate.</li>
+ </ul>
+ <li class="list_none">IPFWMAX</li>
+ <ul>
+ <li>Maximum ipfw rule number used by opengate.</li>
+ </ul>
+ <li class="list_none">IPFWINTERVAL</li>
+ <ul>
+ <li>Rule number interval used by opengate.
+ The maximum terminals/processes can be controled by these value.</li>
+ </ul>
+ <li class="list_none">PORTMIN</li>
+ <ul>
+ <li>Minimum port value used by opengate.</li>
+ </ul>
+ <li class="list_none">PORTMAX</li>
+ <ul>
+ <li>Maximum port value used by opengate. Set unused port range.</li>
+ </ul>
+ <li class="list_none">FACILITY</li>
+ <ul>
+ <li>syslog facility</li>
+ </ul>
+</ul>
+
+<p>Compile and Install after finishing the above-mentioned setting.</p>
+
+<table><tr><td><pre>
+#make
+cc -DCONFIGFILE=\"/etc/opengatesrv.conf\"
+-DOPENGATEDIR=\"/opengate\" -DDENYDOC=\"deny.html\"
+-DDENYDOC=\"deny.html\" -DDENYDOCSSL=\"deny-ssl.html\"
+-----------------
+-----------------
+-----------------
+# make install
+</pre></td></tr></table>
+
+<h5>A.3.3 Setup authentication server<a name="opengate6" href="#opengate6" class="anchor">†</a></h5>
+
+<p>It is described the details of a setting method in a configuration file (opengatesrv.conf).</p>
+
+<div align="right"><a href="#opengate0">back</a> <a href="#top">top</a></div>
+
+<hr>
+<!-- Start:Setup ipfw,ip6fw -->
+<h3>B Setup ipfw,ip6fw<a name="ipfw0" href="#ipfw0" class="anchor">†</a></h3>
+
+<ul>
+ <li class="list_num"><a href="#ipfw1">Prepare kernel</a></li>
+ <li class="list_num"><a href="#ipfw2">Setup ipfw</a></li>
+ <li class="list_num"><a href="#ipfw3">Setup ip6fw</a></li>
+</ul>
+
+
+<!-- ************ 1 ************** -->
+<h4>B.1 Prepare kernel<a name="ipfw1" href="#ipfw1" class="anchor">†</a></h4>
+
+<p>Prepare kernel having ipfw and ip6fw functions.</p>
+
+<p>Copy kernel options file.</p>
+
+<table><tr><td><pre>
+# cd /usr/src/sys/i386/conf
+# cp GENERIC MYKERNEL
+</pre></td></tr></table>
+
+<p>Add next lines.</p>
+
+<table><tr><td><pre>
+options IPDIVERT
+
+options IPFIREWALL
+options IPFIREWALL_FORWARD
+options IPFIREWALL_VERBOSE
+options IPFIREWALL_VERBOSE_LIMIT=100
+
+options IPV6FIREWALL
+options IPV6FIREWALL_VERBOSE
+options IPV6FIREWALL_VERBOSE_LIMIT=100
+
+options IPSEC
+options IPSEC_ESP
+options TCP_DROP_SYSFIN
+</pre></td></tr></table>
+
+<li>When use NAT, IPDIVERT is necessary.</li>
+<li>When need firewal log, *VERBOSE is necessary.</li>
+<li>When use IPSEC, *IPSEC is nnecessary.</li>
+
+<p>compile and install kernel having ipfw and ip6fw functions.</p>
+
+<table><tr><td><pre>
+# config MYKERNEL
+# cd ../compile/MYKERNEL
+# make depend
+# make
+# make install
+</pre></td></tr></table>
+
+<p>Add next lines to "/etc/rc.conf".</p>
+
+<table><tr><td><pre>
+firewall_enable="YES"
+firewall_script="/etc/rc.firewall"
+
+ipv6_firewall_enable="YES"
+ipv6_firewall_script="/etc/rc.firewall6"
+
+natd_enable="YES"
+natd_interface="em0"
+</pre></td></tr></table>
+
+<p>Validate a ipfw and ip6fw. And setup configuration script path.
+When use NAT, Validate natd and setup natd interface.</p>
+
+<div align="right"><a href="#ipfw0">back</a> <a href="#top">top</a></div>
+
+<!-- ************ 2 ************** -->
+<h4>B.2 Setup ipfw<a name="ipfw2" href="#ipfw2" class="anchor">†</a></h4>
+
+<p>Write a rule of ipfw for Opengate. This is example "/etc/rc.firewall".</p>
+
+<table><tr><td><pre>
+### set these to your outside interface network and netmask and ip
+oif="em0"
+onet="192.168.0.0"
+omask="255.255.255.0"
+oip="192.168.0.34"
+
+### set these to your inside interface network and netmask and ip
+iif="bge0"
+inet="192.168.55.0"
+imask="255.255.255.0"
+iip="192.168.55.1"
+
+fwcmd="/sbin/ipfw"
+
+### divert packet to NATD
+$fwcmd add 1 divert natd ip from any to any via ${oif}
+
+### Stop spoofing
+$fwcmd add deny all from ${inet}:${imask} to any in via ${oif}
+$fwcmd add deny all from ${onet}:${omask} to any in via ${iif}
+
+### Stop http from softeather
+$fwcmd add deny tcp from 192.168.0.0:255.255.255.0 to ${oip} 80
+$fwcmd add deny tcp from 192.168.0.0:255.255.255.0 to ${oip} 443
+
+### Allow from / to myself
+$fwcmd add pass all from ${iip} to any via ${iif}
+$fwcmd add pass all from ${oip} to any via ${oif}
+$fwcmd add pass all from any to ${iip} via ${iif}
+$fwcmd add pass all from any to ${oip} via ${oif}
+
+### Allow DNS queries out in the world
+### (if DNS is on localhost, delete passDNS)
+$fwcmd add pass udp from any 53 to any
+$fwcmd add pass udp from any to any 53
+$fwcmd add pass tcp from any to any 53
+$fwcmd add pass tcp from any 53 to any
+
+### Forwarding http connection from unauth client
+$fwcmd add 60000 fwd localhost tcp from ${inet}:${imask} to any 80
+$fwcmd add 60010 fwd localhost tcp from ${inet}:${imask} to any 443
+
+### Allow TCP through if setup succeeded
+$fwcmd add 60100 pass tcp from any to any established
+</pre></td></tr></table>
+
+<p>Rule number for [forward] Command must be larger than the rule numbers used in opengate(10000-40000).
+Rule number for [divert to natd] must be smaller than most rules.</p>
+
+<p>The file [conf/opengatefw.conf] is the script describing the above rules.
+ You can edit and use this script instead of rc.firewall. </p>
+
+<p>Be falimiar with ipfw command. Opengate is a software to send out the ipfw command like above one.</p>
+
+<div align="right"><a href="#ipfw0">back</a> <a href="#top">top</a></div>
+
+<!-- ************ 3 ************** -->
+<h4>B.3 Setup ip6fw<a name="ipfw3" href="#ipfw3" class="anchor">†</a></h4>
+
+<p>Write a rule of ip6fw for Opengate. This is example "/etc/rc.firewall6".</p>
+
+<table><tr><td><pre>
+### set these to your outside interface network and prefixlen and ip
+oif="em0"
+onet="2001:e38:3661:1a0::"
+oprefixlen="64"
+oip="2001:e38:3661:1a0::34"
+
+### set these to your inside interface network and prefixlen and ip
+iif="bge0"
+inet="2001:e38:3661:1a5::"
+iprefixlen="64"
+iip="2001:e38:3661:1a5::1"
+
+### path to command "ip6fw"
+fw6cmd="/sbin/ip6fw"
+
+${fw6cmd} add pass all from ${iip} to any
+${fw6cmd} add pass all from any to ${iip}
+${fw6cmd} add pass all from ${oip} to any
+${fw6cmd} add pass all from any to ${oip}
+
+### Allow RA RS NS NA Redirect...
+${fw6cmd} add pass ipv6-icmp from any to any
+
+# Allow IP fragments to pass through
+${fw6cmd} add pass all from any to any frag
+
+# Allow RIPng
+${fw6cmd} add pass udp from fe80::/10 521 to ff02::9 521
+${fw6cmd} add pass udp from fe80::/10 521 to fe80::/10 521
+
+### Allow TCP through if setup succeeded
+${fw6cmd} add 60100 pass tcp from any to any established
+
+# TCP reset notice message
+${fw6cmd} add 60200 reset tcp from any to any 80
+${fw6cmd} add 60300 reset tcp from any to any 443
+</pre></td></tr></table>
+
+<p>ip6fw dose not have [forward] function. Threrfore Opengate waits for
+timeout of IPv6 HTTP request. And uses [forward] function of ipfw.</p>
+
+<p>When use FreeBSD 5.2 more, ip6fw has TCP reset function.
+TCP reset try to send a TCP reset (RST) notice.</p>
+
+<p>The file [conf/opengatefw6.conf] is the script describing the above rules.
+ You can edit and use this script instead of rc.firewall6. </p>
+
+<p>Be falimiar with ip6fw command too.</p>
+
+<div align="right"><a href="#ipfw0">back</a> <a href="#top">top</a></div>
+
+<hr>
+<!-- Start:Install Apache2 -->
+<h3>C Install Apache2<a name="apache0" href="#apache0" class="anchor">†</a></h3>
+<ul>
+ <li class="list_num"><a href="#apache1">Install (ports)</a></li>
+ <li class="list_num"><a href="#apache2">Install (source)</a></li>
+ <li class="list_num"><a href="#apache3">Make Private key, Certificate</a></li>
+ <li class="list_num"><a href="#apache4">Setup VirtualHost</a></li>
+ <li class="list_num"><a href="#apache5">Setup HTTP_ERROR 404</a></li>
+</ul>
+
+<!-- ************ 1 ************** -->
+<h4>C.1 Install (ports)<a name="apache1" href="#apache1" class="anchor">†</a></h4>
+
+<p>Opengate needs Apache2 supporting IPv6. Because Opengate does authentication, Apache2
+had better support SSL. But you don't have to install mod_ssl because
+Apache2 support SSL with a standard.</p>
+
+<table><tr><td><pre>
+# cd /usr/ports/www/apache2
+# make clean
+===> Cleaning for autoconf-2.53_1
+===> Cleaning for libtool-1.3.5_1
+===> Cleaning for m4-1.4_1
+===> Cleaning for help2man-1.29
+===> Cleaning for expat-1.95.6_1
+===> Cleaning for apache-2.0.48_3
+# make install clean ; rehash
+</pre></td></tr></table>
+
+<p>Add next lines to "/etc/rc.conf"</p>
+
+<table><tr><td><pre>
+apache2_enable="YES"
+apache2ssl_enable="YES"
+</pre></td></tr></table>
+
+
+<div align="right"><a href="#apache0">back</a> <a href="#top">top</a></div>
+
+<!-- ************ 2 ************** -->
+<h4>C.2 Install (source)<a name="apache2" href="#apache2" class="anchor">†</a></h4>
+
+<p>You can get a source of Apache2 from "www.apache.org".</p>
+
+<p>Validate a SSL module in configure.</p>
+
+<table><tr><td><pre>
+# tar xvfz httpd-2.0.55.tar.gz
+# cd httpd-2.0.55
+# ./configure --enable-modules="so ssl"
+# make
+# make install
+</pre></td></tr></table>
+
+<div align="right"><a href="#apache0">back</a> <a href="#top">top</a></div>
+
+<!-- ************ 3 ************** -->
+<h4>C.3 Make private key, certificate<a name="apache3" href="#apache3" class="anchor">†</a></h4>
+
+<p>Make two Private keys and Certificates for Apache2 because Opengate needs
+two FQDNs.</p>
+
+<table><tr><td><pre>
+# cd /usr/local/etc/apache2
+# mkdir ssl.key ssl.crt
+# chmod 700 ssl.key ssl.crt
+
+# /usr/bin/openssl genrsa -out /usr/local/etc/apache2/ssl.key/server1.key 1024
+# /usr/bin/openssl genrsa -out /usr/local/etc/apache2/ssl.key/server2.key 1024
+</pre></td></tr></table>
+
+<br>
+
+<table><tr><td><pre>
+# /usr/bin/openssl req -new -x509 -days 365 \
+ -key /usr/local/etc/apache2/ssl.key/server1.key \
+ -out /usr/local/etc/apache2/ssl.crt/server1.crt
+
+You are about to be asked to enter information that will be incorporated
+into your certificate request.
+What you are about to enter is what is called a Distinguished Name or a DN.
+There are quite a few fields but you can leave some blank
+For some fields there will be a default value,
+If you enter '.', the field will be left blank.
+-----
+Country Name (2 letter code) [AU]:JP
+State or Province Name (full name) [Some-State]:Saga
+Locality Name (eg, city) []:Saga-city
+Organization Name (eg, company) [Internet Widgits Pty Ltd]:Saga-university
+Organizational Unit Name (eg, subsection) []:Information Science
+Common Name (eg, YOUR name) []:opengate.is.saga-u.ac.jp
+Email Address []:administrator@opengate.is.saga-u.ac.jp
+
+Please enter the following 'extra' attributes
+to be sent with your certificate request
+A challenge password []:
+An optional company name []:
+
+# /usr/bin/openssl req -new -x509 -days 365 \
+ -key /usr/local/etc/apache2/ssl.key/server2.key \
+ -out /usr/local/etc/apache2/ssl.crt/server2.crt
+
+You are about to be asked to enter information that will be incorporated
+into your certificate request.
+What you are about to enter is what is called a Distinguished Name or a DN.
+There are quite a few fields but you can leave some blank
+For some fields there will be a default value,
+If you enter '.', the field will be left blank.
+-----
+Country Name (2 letter code) [AU]:JP
+State or Province Name (full name) [Some-State]:Saga
+Locality Name (eg, city) []:Saga-city
+Organization Name (eg, company) [Internet Widgits Pty Ltd]:Saga-university
+Organizational Unit Name (eg, subsection) []:Information Science
+Common Name (eg, YOUR name) []:opengate4.is.saga-u.ac.jp
+Email Address []:administrator@opengate.is.saga-u.ac.jp
+
+Please enter the following 'extra' attributes
+to be sent with your certificate request
+A challenge password []:
+An optional company name []:
+</pre></td></tr></table>
+
+<div align="right"><a href="#apache0">back</a> <a href="#top">top</a></div>
+
+<!-- ************ 4 ************** -->
+<h4>C.4 Setup VirtualHost<a name="apache4" href="#apache4" class="anchor">†</a></h4>
+
+<p>Name-based virtual hosting cannot be used with SSL secure servers
+because of the nature of the SSL protocol. Therefore, use IP-based virtual host.</p>
+
+<p>Edit httpd.conf and ssl.conf like an example.</p>
+
+<table><tr><td>httpd.conf</td></tr><tr><td><pre>
+NameVirtualHost 192.168.55.1:80
+<VirtualHost 192.168.55.1:80>
+ ServerAdmin administrator@opengate.is.saga-u.ac.jp
+ DocumentRoot /usr/local/www
+ ServerName opengate.is.saga-u.ac.jp
+ ErrorLog "|/usr/bin/logger -p local6.info"
+ CustomLog "|/usr/bin/logger -p local5.info" combined
+</VirtualHost>
+
+NameVirtualHost [2001:e38:3661:1a5::1]:80
+<VirtualHost [2001:e38:3661:1a5::1]:80>
+ ServerAdmin administrator@opengate.is.saga-u.ac.jp
+ DocumentRoot /usr/local/www
+ ServerName opengate.is.saga-u.ac.jp
+ ErrorLog "|/usr/bin/logger -p local6.info"
+ CustomLog "|/usr/bin/logger -p local5.info" combined
+</VirtualHost>
+
+NameVirtualHost 192.168.0.34:80
+<VirtualHost 192.168.0.34:80>
+ ServerAdmin administrator@opengate.is.saga-u.ac.jp
+ DocumentRoot /usr/local/www
+ ServerName opengate4.is.saga-u.ac.jp
+ ErrorLog "|/usr/bin/logger -p local6.info"
+ CustomLog "|/usr/bin/logger -p local5.info" combined
+</VirtualHost>
+</pre></td></tr></table>
+<br>
+<table><tr><td>ssl.conf</td></tr><tr><td><pre>
+NameVirtualHost 192.168.55.1:443
+<VirtualHost 192.168.55.1:443>
+ DocumentRoot "/usr/local/www"
+ ServerName opengate.is.saga-u.ac.jp:443
+ ServerAdmin administrator@opengate.is.saga-u.ac.jp
+ ErrorLog "|/usr/bin/logger -p local6.info"
+ CustomLog "|/usr/bin/logger -p local5.info" combined
+
+ SSLEngine on
+ SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
+ SSLCertificateFile /usr/local/etc/apache2/ssl.crt/server1.crt
+ SSLCertificateKeyFile /usr/local/etc/apache2/ssl.key/server1.key
+</VirtualHost>
+
+NameVirtualHost [2001:e38:3661:1a5::1]:443
+<VirtualHost [2001:e38:3661:1a5::1]:443>
+ DocumentRoot "/usr/local/www"
+ ServerName opengate.is.saga-u.ac.jp:443
+ ServerAdmin administrator@opengate.is.saga-u.ac.jp
+ ErrorLog "|/usr/bin/logger -p local6.info"
+ CustomLog "|/usr/bin/logger -p local5.info" combined
+
+ SSLEngine on
+ SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
+ SSLCertificateFile /usr/local/etc/apache2/ssl.crt/server1.crt
+ SSLCertificateKeyFile /usr/local/etc/apache2/ssl.key/server1.key
+</VirtualHost>
+
+NameVirtualHost 192.168.0.34:443
+<VirtualHost 192.168.0.34:443>
+ DocumentRoot "/usr/local/www"
+ ServerName opengate4.is.saga-u.ac.jp:443
+ ServerAdmin administrator@opengate.is.saga-u.ac.jp
+ ErrorLog "|/usr/bin/logger -p local6.info"
+ CustomLog "|/usr/bin/logger -p local5.info" combined
+
+ SSLEngine on
+ SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
+ SSLCertificateFile /usr/local/etc/apache2/ssl.crt/server2.crt
+ SSLCertificateKeyFile /usr/local/etc/apache2/ssl.key/server2.key
+</VirtualHost>
+</pre></td></tr></table>
+
+<p>You have to edit other directive. Be familiar with apache2 configuration.</p>
+
+<div align="right"><a href="#apache0">back</a> <a href="#top">top</a></div>
+
+<!-- ************ 5 ************** -->
+<h4>C.5 Setup HTTP_ERROR 404<a name="apache5" href="#apache5" class="anchor">†</a></h4>
+
+<p>Opengate must always send authentication page for any kind of HTTP request. Therefore
+Add next line "to httpd.conf".</p>
+
+<table><tr><td><pre>
+ErrorDocument 404 /
+</pre></td></tr></table>
+
+<div align="right"><a href="#apache0">back</a> <a href="#top">top</a></div>
+
+<hr>
+
+<!-- Start:Install isc-dhcp3 -->
+<h3>D Install isc-dhcp3<a name="dhcp0" href="#dhcp0" class="anchor">†</a></h3>
+
+<ul>
+ <li class="list_num"><a href="#dhcp1">Install (ports)</a></li>
+ <li class="list_num"><a href="#dhcp2">Setup DHCP</a></li>
+</ul>
+
+
+<!-- *********** 1 ************* -->
+<h4>D.1 Install (ports)<a name="dhcp1" href="#dhcp1" class="anchor">†</a></h4>
+
+<table><tr><td><pre>
+# cd /usr/ports/net/isc-dhcp3-server
+# make
+===> Cleaning for isc-dhcp3-server-3.0.1.r14_3
+# make install clean ; rehash
+</pre></td></tr></table>
+
+<div align="right"><a href="#dhcp0">back</a> <a href="#top">top</a></div>
+
+<!-- ************ 2 ************** -->
+<h4>D.2 Setup DHCP<a name="dhcp2" href="#dhcp2" class="anchor">†</a></h4>
+
+<p>There is "/usr/local/etc/dhcpd.conf.sample" as configuration file after instalation.
+Copy dhcpd.conf.sample to dhcpd.conf and edit configuration file.</p>
+
+<table><tr><td><pre>
+option domain-name "saga-u.ac.jp";
+option domain-name-servers 192.168.0.2;
+option subnet-mask 255.255.255.0;
+option broadcast-address 192.168.55.255;
+option routers 192.168.55.1;
+
+default-lease-time 600;
+max-lease-time 7200;
+ddns-update-style none;
+log-facility local7;
+
+subnet 192.168.55.0 netmask 255.255.255.0 {
+ range 192.168.55.100 192.168.55.200;
+}
+</pre></td></tr></table>
+
+<p>Add next lines to "/etc/rc.conf".</p>
+
+<table><tr><td><pre>
+dhcpd_enable="YES"
+dhcpd_ifaces="bge0"
+dhcpd_conf="/usr/local/etc/dhcpd.conf"
+</pre></td></tr></table>
+
+<p>dhcpd_ifaces : interfaces ID that send DHCP.</p>
+
+<div align="right"><a href="#dhcp0">back</a> <a href="#top">top</a></div>
+
+<hr>
+<!-- Start:Instal BIND9 -->
+<h3>E Install BIND9<a name="bind0" href="#bind0" class="anchor">†</a></h3>
+
+<ul>
+ <li class="list_num"><a href="#bind1">Install (ports)</a></li>
+ <li class="list_num"><a href="#bind2">Make RNDC key</a></li>
+ <li class="list_num"><a href="#bind3">Setup named.conf</a></li>
+ <li class="list_num"><a href="#bind4">Setup zone</a></li>
+ <li class="list_num"><a href="#bind5">Start confirmation</a></li>
+</ul>
+
+<!-- ********** 1 *********** -->
+<h4>E.1 Install (ports)<a name="bind1" href="#bind1" class="anchor">†</a></h4>
+
+<p>Opengate needs two FQDNs. It can be settled even to register FQDN for Opengate with
+existing DNS. When use NAT, you had not better regist an address of IPv4 private network
+with outside DNS.</p>
+
+<table><tr><td><pre>
+# cd /usr/ports/dns/bind9/
+# make clean
+===> Cleaning for bind9-9.3.1
+# make install clean ; rehash
+</pre></td></tr></table>
+
+<p>There is "/etc/namedb(/var/named/etc/namedb)" after installation.</p>
+
+<div align="right"><a href="#bind0">back</a> <a href="#top">top</a></div>
+
+<!-- ********** 2 ********** -->
+<h4>E.2 Make RNDC key<a name="bind2" href="#bind2" class="anchor">†</a></h4>
+
+<p>BIND9 is controlled by rndc command for security.</p>
+
+<table><tr><td><pre>
+# /usr/local/sbin/dnssec-keygen -a hmac-md5 -b 512 -n user rndc
+</pre></td></tr></table>
+<p>When error "out of entropy", try with next method.</p>
+
+<table><tr><td><pre>
+# /usr/local/sbin/dnssec-keygen -r /dev/urandom -a hmac-md5 -b 512 -n user rndc
+</pre></td></tr></table>
+
+<ul>
+ <li><pre>Krndc.+157+60849.key</pre></li>
+ <li><pre>Krndc.+157+60849.private</pre></li>
+</ul>
+
+<p>There is "/usr/local/etc/rndc.conf.sample" after BIND9 installation.
+And copy to "rndc.conf".</p>
+
+<p>Edit "key" directive as like "key" directive of "Krndc.+xxxxxxxx.private.</p>
+
+<table><tr><td><pre>
+options {
+ default-server localhost;
+ default-key "key";
+};
+
+server localhost {
+ key "key";
+};
+
+key "key" {
+ algorithm hmac-md5;
+ secret "...";
+};
+</pre></td></tr></table>
+
+
+<div align="right"><a href="#bind0">back</a> <a href="#top">top</a></div>
+
+<!-- ********* 3 ********* -->
+<h4>E.3 Setup named.conf<a name="bind3" href="#bind3" class="anchor">†</a></h4>
+
+<p>There is "/etc/namedb/named.conf" after installation.</p>
+
+<p>Edit "key" directive as like "key" directive of "rndc.conf"</p>
+
+<table><tr><td><pre>
+key "rndc_key" {
+ algorithm hmac-md5;
+ secret "...";
+};
+
+controls {
+ inet ::1 allow {
+ ::1;
+ }
+ keys {
+ "rndc_key";
+ };
+ inet 127.0.0.1 allow {
+ 127.0.0.1;
+ }
+ keys {
+ "rndc_key";
+ };
+};
+</pre></td></tr></table>
+
+<p>Write "key" directive in the other file. And you had better include it in "named.conf".
+You can secure security more by setting a permission of the other file adequately.</p>
+
+<p>Edit "options" directive.</p>
+
+<table><tr><td><pre>
+options {
+ directory "/etc/namedb";
+ pid-file "/var/run/named/named.pid";
+ auth-nxdomain yes;
+ listen-on-v6 { any; };
+};
+</pre></td></tr></table>
+
+<p>Make a directory to put "named.pid" properly.</p>
+
+<div align="right"><a href="#bind0">back</a> <a href="#top">top</a></div>
+
+<!-- ******** 4 ********* -->
+<h4>E.4 Setup Zone<a name="bind4" href="#bind4" class="anchor">†</a></h4>
+
+<p>Edit "view" and "zone" directive.</p>
+
+<p>"view" directive is implemented in BIND9. "zone" is child directive of "view".
+BIND9 can choose zone which answers client by a DNS inquiry IP address by setting "view" adequately.</p>
+
+<table><tr><td><pre>
+view "og" {
+ match-clients
+ {
+ 10.0.0.0/16;
+ };
+
+ recursion yes;
+
+ zone "." {
+ type hint;
+ file "named.root";
+ };
+
+ zone "og.saga-u.ac.jp" {
+ type master;
+ file "og.saga-u.ac.jp";
+ };
+
+ zone "0.0.127.IN-ADDR.ARPA" {
+ type master;
+ file "master/localhost.rev";
+ };
+
+ // RFC 3152
+ zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.\
+ 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA" {
+ type master;
+ file "master/localhost-v6.rev";
+ };
+
+ // RFC 1886 -- deprecated
+ zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.\
+ 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.INT" {
+ type master;
+ file "master/localhost-v6.rev";
+ };
+};
+</pre></td></tr></table>
+
+<p>Make a "zone" file of domain as "og.saga-u.ac.jp".</p>
+
+<table><tr><td><pre>
+$TTL 3600
+$ORIGIN og.saga-u.ac.jp.
+
+@ IN SOA ns.og.saga-u.ac.jp. postmaster (
+ 2005051702 ;
+ 3600
+ 1200
+ 2419200
+ 86400 )
+ IN NS ns.og.saga-u.ac.jp.
+ IN A 10.0.0.2
+ IN MX 10 opengate.og.saga-u.ac.jp.
+
+ns IN A 10.0.0.2
+
+opengate IN A 10.0.0.2
+ AAAA 2001:2f8:10:1::1
+
+opengate4 IN A 133.49.1.2
+</pre></td></tr></table>
+
+<div align="right"><a href="#bind0">back</a> <a href="#top">top</a></div>
+
+<!-- ********* 5 ********* -->
+<h4>E.5 Start confirmation<a name="bind5" href="#bind5" class="anchor">†</a></h4>
+
+<p>Confirm starting "named" after setting was completed.</p>
+
+<table><tr><td><pre>
+# /usr/local/sbin/named/ -u bind -c /etc/namedb/named.conf
+</pre></td></tr></table>
+
+<p>If "named" starts without a problem, Add next lines to "/etc/rc.conf".</p>
+
+<table><tr><td><pre>
+named_enable="YES"
+named_program="/usr/local/sbin/named"
+named_flags="-u bind -c /etc/namedb/named.conf"
+</pre></td></tr></table>
+
+<p>Because management of a DNS server is too complicatedly, You had better read manual of BIND9 carefully, and
+refer to other document.</p>
+
+<div align="right"><a href="#bind0">back</a> <a href="#top">top</a></div>
+<hr>
+</body>
+</html>
\ No newline at end of file
--- /dev/null
+\r
+body {\r
+ width : 800px;\r
+ margin-left:30px;\r
+}\r
+\r
+p {\r
+ text-indent : 10px;\r
+}\r
+\r
+table {\r
+ border-style : solid;\r
+ border-bottom-color : #CCCCCC;\r
+ border-width : thin;\r
+ width : 90%;\r
+ border-spacing : 10px;\r
+}\r
+\r
+.anchor {\r
+ font-size : xx-small;\r
+ vertical-align : super;\r
+}\r
+\r
+.list_alpha {\r
+ list-style-type : upper-alpha;\r
+}\r
+.list_num {\r
+ list-style : decimal;\r
+}\r
+\r
+.list_none {\r
+ list-style : none;\r
+ font-weight : bold;\r
+}\r
+\r
-<HTML>\r
-<head>\r
-<title>Opengate Error Check</title>\r
-</head>\r
-\r
-<body bgcolor=#FAFFF0>\r
-\r
-<H3>Opengate Error Check</H3>\r
-\r
-<P>\r
-As opengate interacts with many software, it is diffcult to recognize the behavior. Then this memo is prepared to assist debug.\r
-<P>\r
-When error occured, check the stand alone action of each related software. Especially setting of ipfw is difficult and affects to many sides. At first, debug with ipfw fully open state. Then close it little by little. \r
-<P>\r
-Opengate uses following files, where the directorys are default. Is these files correctly settled.\r
-\r
-<PRE>\r
- /usr/local/www/cgi-bin/opengate/opengatesrv.cgi\r
- /usr/local/www/data/index.html.*\r
- /usr/local/www/data/opengate/Opengate.class\r
- /usr/local/www/data/opengate/OpengateClient.class\r
- /usr/local/www/data/opengate/*/index.html\r
- /usr/local/www/data/opengate/*/index-ssl.html\r
- /usr/local/www/data/opengate/*/accept.html\r
- /usr/local/www/data/opengate/*/accept2.html\r
- /usr/local/www/data/opengate/*/deny.html\r
- /etc/opengatesrv.conf\r
- /etc/opengatefw.pl\r
- /var/log/opengate.log\r
-</PRE>\r
-And Opengate creates a lock file [/tmp/opengate.lock] at execution. \r
-It can be removed.\r
-<P>\r
-Please understand the basic flow of the system by reading <A HREF=progflow.html>the description of system flow</A>. \r
-<P>\r
-Test programs are prepared as opengatesrv/test-*. \r
-<P>\r
-\r
-Following are the checking list for debugging. \r
-<UL>\r
-<LI>Japanese characters in html and java files cannot be understood.\r
-<P>\r
-<UL>\r
-<LI>Html sample files in English are saved in sub directory. Java messages are described in program comments.\r
-</UL>\r
-<P>\r
-<LI>Compiler tells the lack of librarys or headers.\r
-<P>\r
-<UL>\r
-<LI>Opengate after Ver.0.56 can be compiled on FreeBSD Ver.4.1.\r
-</UL>\r
-<P>\r
-\r
-<LI>Cannot redirect web access to gateway machine.\r
-<P>\r
-<UL>\r
-<LI>Opengatesrv.cgi is not yet loaded in this moment.\r
-\r
-<LI>Try to access opengate URL directly. If no response is returned, check the setting of Apache and HTML document directory. Check the Apache access log and Apache error log.\r
-\r
-<LI>Check default directory of Apache document. It may be different to this document.\r
-\r
-<LI>Check ipfw setting. Rule number of foward command must be larger than opengate rule numbers.\r
-\r
-<LI>If error occurs only when accessing sub page(not top page), [PageNotFound] setting in Apache httpd.conf may not be correct. \r
-\r
-<LI> In Microsoft Internet Explorer 5 or later, redirection to a page at [PageNotFound] cannot be done, when the size of the page is less than 512Bytes. Try to increase the size of the top page file larger than 512Bytes by adding space chacters. Reference <a href=http://support.microsoft.com/default.aspx?scid=kb;EN-US;q218155>http://support.microsoft.com/default.aspx?scid=kb;EN-US;q218155</a>.\r
-\r
-<LI>Does the web access pass through the gateway? Only the packet passing through the gateway is redirected.\r
-\r
-<LI>Try to access by IP address. If domain name is not recognized, check the DNS setting.\r
-\r
-<LI>The top page cannot be settled under SSL.\r
-</UL>\r
-<P>\r
-\r
-<LI>Cannot jump to authentication page.\r
-<P>\r
-<UL>\r
-<LI>Many ADDRESS descriptions in HTML files must be changed to your site.\r
-\r
-<LI>Try manual jump. If sccess, check jump description of html.\r
-\r
-<LI>Try non SSL setting. If success, check about SSL.\r
-\r
-<LI>URL in authentication page must be described with full/absolute pass.\r
-</UL>\r
-\r
-<P>\r
-<LI>No reply or error reply to posting userID and password.\r
-<P>\r
-<UL>\r
-<LI>At this moment, [opengatesrv.cgi] is loaded. \r
- \r
-<LI>The authentication page cannot be the top page. Set up some top page from which authentication page is jumped.\r
-\r
-<LI>Check processes by [ps ax]. If [opengatesrv.cgi] is not loaded, check the directory of CGI and URL description in html file. Check Apache setting about CGI enable and CGI directory.\r
-\r
-<LI>If [opengatesrv.cgi] is loaded, check [/var/log/opengate.log]. Set [#define DEBUG 1] in [opengatesrv.h] for debug output to syslog.\r
-\r
-<LI>Check the firewall rule for the accessed terminal by entering [ipfw list]. Ipfw command requires root permission. Check [opengatesrv.cgi] has root permission.\r
-\r
-<LI>Check [opengatesrv.h] and [Makefile]. Does the settings match to the positions of files?\r
-\r
-<LI>Check applet insertion mark in [accept.html]. Does it match to the [#DEFINE] in [opengatesrv.h]?\r
-\r
-<LI>Check setting of web browser. Is Java Enabled?\r
-\r
-<LI>Check with other web browsers or other OSs. Error may be caused by browser's bug.\r
-\r
-<LI>Check the directory of Java Applet. Does it recognized by web server? Does the Java Applet run normally.\r
-\r
-<LI>Change the host description in [opengatesrv.conf] from domain name to IP address. If success, an error may occur in the name resolution.\r
-</UL>\r
-\r
-<P>\r
-<LI>Access is rejected, even though I send correct password.\r
-<P>\r
-<UL>\r
-<LI>Check [/var/log/opengate.log].\r
-\r
-<LI>Check [opengatesrv.conf]. Is the setting correct? The file must ended with return key.\r
-\r
-<LI>Try to access from gateway console to the authentication server. Does the server reply normally?\r
-\r
-<LI>Opengate assumes that the welcome message of FTP server is only one line. If the server puts out multiple lines, change the server setting or the routine in opengatesrv. Opengate(Ver.0.90l) is modeified to communicate such servers.\r
-\r
-<LI>If the client is already opened, the request form same client is rejected. Check the firewall state by accessing outside. At mulfunction of JavaApplet, the server side program waits for Java Applet connection, and closes firewall after fixed duration. \r
-</UL>\r
-\r
-<P>\r
-<LI>The accept page is displayed and the network is opened. But the network is closed after a while.\r
-<P>\r
-<UL>\r
-<LI>If userID is not shown in the yellow frame layouted in the page, Java Applet loading might be failed. Check the setting relating Java. Standard instalation of Netscape6 and InternetExplorer6 does not include JavaVM. At accessing Java page, download of JavaVM is requested. Please follow the messages. If it does not work, try other browser or other version. Some browser in some version cannot run Java Applet well. It might work after installation of SunJava2.\r
-<LI>If userID is shown, check message displayed by Java Applet. It might be caused by following.\r
-(1)No connection request comes from Java Applet. (2)No reply to hello message comes from Java Applet. (3)No packet from/to the terminal is passed through the gateway for a while. (4) Java Applet is terminated by unknown cause. (5)Server process is terminated by unknown cause.\r
-<LI>At no connection from Java Applet, the network is closed in the following cases. (1)The duration entered in auth page is passed. (2)No packet from/to the terminal is passed through the gateway for a while. (3)Arp command replys the different MAC address. (4)The TERMINATE link in accept page is clicked.\r
-\r
-<LI>\r
-If internet connection firewall(ICF) in WindowsXP is enabled, the connection is closed in some condition, but we cannot identify the condition. If occured, disable the firewall.\r
-\r
-<LI>\r
-In some browser, the connection was closed when the java applet page is removed. The behavior is dissolved in version 0.90h.\r
-\r
-<LI>Check [/var/log/opengate.log].\r
-\r
-<LI> Check above notes relating Java. Check network state with [netstat] or other tools. Check message displayed on web browser.\r
-\r
-<LI>If address translation system such as NAT or Proxy is inserted between the terminal and the gateway, opengate cannot work normally.\r
-</UL>\r
-\r
-<P>\r
-<LI>Accept page may be not normal.\r
-<P>\r
-<UL>\r
-<LI>In normal state, 2pages are displayed. In the first page, java Applet layouts yellow frame and shows user ID. In the second page, some links and cautions are displayed. \r
-<LI>If the yellow frame is not shown, Java Applet might not work normally. Check the items above.\r
-<LI>Second page is started by JavaScript. Check the javaScript setting at mulfunction. The second page exists only for convenience and is not needed for network control. If the window.open is denied only by Internet Explorer, the setting of the browser might corrupt. Reffer <A HREF=http://support.microsoft.com/support/kb/articles/q180/1/76.asp> http://support.microsoft.com/support/kb/articles/q180/1/76.asp </A> It is occured in IE6 also.\r
-</UL>\r
-\r
-<P>\r
-<LI>The network is opened without authentication.\r
-<P>\r
-<UL>\r
-<LI>Check the application in client(terminal) machine. Is the web browser really terminated? For example,in MacOS, application can be resident in hidden state. In some OS, the application is resident forever. In this case, Java Applet is needed to modify such as adding close button. \r
-\r
-<LI>When the network is cut off or the terminal system is suddenly terminated, TCP close signal cannot be sent to gateway. Thus detection is delayed until next message exchange. \r
- \r
-<LI>When ipfw rule is failed to be removed, permanently open state is occured. In such case, remove the rule manually or reboot the system. After Ver.0.90e, a <A HREF=rulechk.txt>script</A> can remove the rules failed to remove at terminating the process.\r
-</UL>\r
-<P>\r
-\r
-<LI>Accept page is displayed, but the network is closed.\r
-<P>\r
-<UL>\r
-<LI>Check ipfw rule with command [ipfw list]. Is the rule sequence correct? \r
-\r
-<LI>Check [/var/log/opengate.log].\r
-\r
-<LI>If redirect page does not include [NoCache] setting, the cached page is loaded responding to the another access. For example, if yahoo access is redirected to the opengate page, another yahoo access loads the cached opengate page, even if the network is opened.\r
-</UL>\r
-\r
-<P>\r
-<LI>I sent correct password, but denied.\r
-<P>\r
-<UL>\r
-<LI>Check the authentication server by sending request from console.\r
-<LI>Check the description in opengatesrv.conf, radius.conf and pam.conf.\r
-<LI>Check [/var/log/opengate.log].\r
-</UL>\r
-\r
-<P>\r
-<LI>Displayed page is not my desired language.\r
-<P>\r
-<UL>\r
-<LI>Check index.html, its directory and Makefile. These language IDs must be same The ID is case sensitive and is two bytes length.\r
-<LI>If you want to add new language, add new directory and files. Then add its ID in makefile. \r
-</UL>\r
-\r
-<P>\r
-<LI>Network troubles increased after the installation of this soft.\r
-<P>\r
-<UL>\r
-Please use latter versions. Do not use before Ver.0.54 which includes a serious bug.\r
-</UL>\r
-\r
-<P>\r
-<LI>Sometimes, there are very long response time (60sec or more) for authentication request.\r
-<P>\r
-<UL>\r
-Please discover the part waisting long time. We experienced following case. The setting "HostnameLookups" in httpd.conf is "On", and DNS servers do not have sufficient informations about clients. Then, very long time is wasted in name lookup. The trouble is canceled by setting the above switch "Off".\r
-</UL>\r
-<P>\r
-<LI>All is checked. I cannot know what to do.\r
-<P>\r
-<UL>\r
-<LI>Set [#define DEBUG 1] in [opengatesrv.h]. Program tracing is put out in syslog.\r
-<LI>Insert [err_msg()] in proper place in the program to get debug print. The function put out message to syslog. The sample usage exists in the program. Format is same as [printf()].\r
-<P>\r
-</UL>\r
-</UL>\r
-</BODY>\r
-</HTML>\r
+<HTML>
+<head>
+<title>Opengate Error Check</title>
+</head>
+
+<BODY>
+
+<body bgcolor=#BBEECC>
+
+<H3>Opengate Error Check</H3>
+
+<P>
+As opengate interacts with many software, it is diffcult to recognize the behavior. Then this memo is prepared to assist debug.
+<P>
+When error occured, check the stand alone action of each related software. Especially setting of ipfw is difficult and affects to many sides. At first, debug with ipfw fully open state. Then close it little by little.
+<P>
+Opengate uses following files, where the directorys are default. Is these files correctly settled.
+
+<PRE>
+ /usr/local/www/cgi-bin/opengate/opengatesrv.cgi
+ /usr/local/www/data/index.html.*
+ /usr/local/www/data/opengate/Opengate.class
+ /usr/local/www/data/opengate/OpengateClient.class
+ /usr/local/www/data/opengate/*/index.html
+ /usr/local/www/data/opengate/*/index-ssl.html
+ /usr/local/www/data/opengate/*/accept.html
+ /usr/local/www/data/opengate/*/accept2.html
+ /usr/local/www/data/opengate/*/deny.html
+ /etc/opengatesrv.conf
+ /etc/opengatefw.pl
+ /var/log/opengate.log
+</PRE>
+And Opengate creates a lock file [/tmp/opengate.lock] at execution.
+It can be removed.
+<P>
+Please understand the basic flow of the system by reading <A HREF=progflow.html>the description of system flow</A>.
+<P>
+Test programs are prepared as opengatesrv/test-*.
+<P>
+
+Following are the checking list for debugging.
+<UL>
+<LI>Japanese characters in html and java files cannot be understood.
+<P>
+<UL>
+<LI>Html sample files in English are saved in sub directory. Java messages are described in program comments.
+</UL>
+<P>
+<LI>Compiler tells the lack of librarys or headers.
+<P>
+<UL>
+<LI>Opengate after Ver.0.56 can be compiled on FreeBSD Ver.4.1.
+</UL>
+<P>
+
+<LI>Cannot redirect web access to gateway machine.
+<P>
+<UL>
+<LI>Opengatesrv.cgi is not yet loaded in this moment.
+
+<LI>Try to access opengate URL directly. If no response is returned, check the setting of Apache and HTML document directory. Check the Apache access log and Apache error log.
+
+<LI>Check default directory of Apache document. It may be different to this document.
+
+<LI>Check ipfw setting. Rule number of foward command must be larger than opengate rule numbers.
+
+<LI>If error occurs only when accessing sub page(not top page), [PageNotFound] setting in Apache httpd.conf may not be correct.
+
+<LI> In Microsoft Internet Explorer 5 or later, redirection to a page at [PageNotFound] cannot be done, when the size of the page is less than 512Bytes. Try to increase the size of the top page file larger than 512Bytes by adding space chacters. Reference <a href=http://support.microsoft.com/default.aspx?scid=kb;EN-US;q218155>http://support.microsoft.com/default.aspx?scid=kb;EN-US;q218155</a>.
+
+<LI>Does the web access pass through the gateway? Only the packet passing through the gateway is redirected.
+
+<LI>Try to access by IP address. If domain name is not recognized, check the DNS setting.
+
+<LI>The top page cannot be settled under SSL.
+</UL>
+<P>
+
+<LI>Cannot jump to authentication page.
+<P>
+<UL>
+<LI>Many ADDRESS descriptions in HTML files must be changed to your site.
+
+<LI>Try manual jump. If sccess, check jump description of html.
+
+<LI>Try non SSL setting. If success, check about SSL.
+
+<LI>URL in authentication page must be described with full/absolute pass.
+</UL>
+
+<P>
+<LI>No reply or error reply to posting userID and password.
+<P>
+<UL>
+<LI>At this moment, [opengatesrv.cgi] is loaded.
+
+<LI>The authentication page cannot be the top page. Set up some top page from which authentication page is jumped.
+
+<LI>Check processes by [ps ax]. If [opengatesrv.cgi] is not loaded, check the directory of CGI and URL description in html file. Check Apache setting about CGI enable and CGI directory.
+
+<LI>If [opengatesrv.cgi] is loaded, check [/var/log/opengate.log]. Set [#define DEBUG 1] in [opengatesrv.h] for debug output to syslog.
+
+<LI>Check the firewall rule for the accessed terminal by entering [ipfw list]. Ipfw command requires root permission. Check [opengatesrv.cgi] has root permission.
+
+<LI>Check [opengatesrv.h] and [Makefile]. Does the settings match to the positions of files?
+
+<LI>Check applet insertion mark in [accept.html]. Does it match to the [#DEFINE] in [opengatesrv.h]?
+
+<LI>Check setting of web browser. Is Java Enabled?
+
+<LI>Check with other web browsers or other OSs. Error may be caused by browser's bug.
+
+<LI>Check the directory of Java Applet. Does it recognized by web server? Does the Java Applet run normally.
+
+<LI>Change the host description in [opengatesrv.conf] from domain name to IP address. If success, an error may occur in the name resolution.
+</UL>
+
+<P>
+<LI>Access is rejected, even though I send correct password.
+<P>
+<UL>
+<LI>Check [/var/log/opengate.log].
+
+<LI>Check [opengatesrv.conf]. Is the setting correct? The file must ended with return key.
+
+<LI>Try to access from gateway console to the authentication server. Does the server reply normally?
+
+<LI>Opengate assumes that the welcome message of FTP server is only one line. If the server puts out multiple lines, change the server setting or the routine in opengatesrv. Opengate(Ver.0.90l) is modeified to communicate such servers.
+
+<LI>If the client is already opened, the request form same client is rejected. Check the firewall state by accessing outside. At mulfunction of JavaApplet, the server side program waits for Java Applet connection, and closes firewall after fixed duration.
+</UL>
+
+<P>
+<LI>The accept page is displayed and the network is opened. But the network is closed after a while.
+<P>
+<UL>
+<LI>If userID is not shown in the yellow frame layouted in the page, Java Applet loading might be failed. Check the setting relating Java. Standard instalation of Netscape6 and InternetExplorer6 does not include JavaVM. At accessing Java page, download of JavaVM is requested. Please follow the messages. If it does not work, try other browser or other version. Some browser in some version cannot run Java Applet well. It might work after installation of SunJava2.
+<LI>If userID is shown, check message displayed by Java Applet. It might be caused by following.
+(1)No connection request comes from Java Applet. (2)No reply to hello message comes from Java Applet. (3)No packet from/to the terminal is passed through the gateway for a while. (4) Java Applet is terminated by unknown cause. (5)Server process is terminated by unknown cause.
+<LI>At no connection from Java Applet, the network is closed in the following cases. (1)The duration entered in auth page is passed. (2)No packet from/to the terminal is passed through the gateway for a while. (3)Arp command replys the different MAC address. (4)The TERMINATE link in accept page is clicked.
+
+<LI>
+If internet connection firewall(ICF) in WindowsXP is enabled, the connection is closed in some condition, but we cannot identify the condition. If occured, disable the firewall.
+
+<LI>
+In some browser, the connection was closed when the java applet page is removed. The behavior is dissolved in version 0.90h.
+
+<LI>Check [/var/log/opengate.log].
+
+<LI> Check above notes relating Java. Check network state with [netstat] or other tools. Check message displayed on web browser.
+
+<LI>If address translation system such as NAT or Proxy is inserted between the terminal and the gateway, opengate cannot work normally.
+</UL>
+
+<P>
+<LI>Accept page may be not normal.
+<P>
+<UL>
+<LI>In normal state, 2pages are displayed. In the first page, java Applet layouts yellow frame and shows user ID. In the second page, some links and cautions are displayed.
+<LI>If the yellow frame is not shown, Java Applet might not work normally. Check the items above.
+<LI>Second page is started by JavaScript. Check the javaScript setting at mulfunction. The second page exists only for convenience and is not needed for network control. If the window.open is denied only by Internet Explorer, the setting of the browser might corrupt. Reffer <A HREF=http://support.microsoft.com/support/kb/articles/q180/1/76.asp> http://support.microsoft.com/support/kb/articles/q180/1/76.asp </A> It is occured in IE6 also.
+</UL>
+
+<P>
+<LI>The network is opened without authentication.
+<P>
+<UL>
+<LI>Check the application in client(terminal) machine. Is the web browser really terminated? For example,in MacOS, application can be resident in hidden state. In some OS, the application is resident forever. In this case, Java Applet is needed to modify such as adding close button.
+
+<LI>When the network is cut off or the terminal system is suddenly terminated, TCP close signal cannot be sent to gateway. Thus detection is delayed until next message exchange.
+
+<LI>When ipfw rule is failed to be removed, permanently open state is occured. In such case, remove the rule manually or reboot the system. After Ver.0.90e, a <A HREF=rulechk.txt>script</A> can remove the rules failed to remove at terminating the process.
+</UL>
+<P>
+
+<LI>Accept page is displayed, but the network is closed.
+<P>
+<UL>
+<LI>Check ipfw rule with command [ipfw list]. Is the rule sequence correct?
+
+<LI>Check [/var/log/opengate.log].
+
+<LI>If redirect page does not include [NoCache] setting, the cached page is loaded responding to the another access. For example, if yahoo access is redirected to the opengate page, another yahoo access loads the cached opengate page, even if the network is opened.
+</UL>
+
+<P>
+<LI>I sent correct password, but denied.
+<P>
+<UL>
+<LI>Check the authentication server by sending request from console.
+<LI>Check the description in opengatesrv.conf, radius.conf and pam.conf.
+<LI>Check [/var/log/opengate.log].
+</UL>
+
+<P>
+<LI>Displayed page is not my desired language.
+<P>
+<UL>
+<LI>Check index.html, its directory and Makefile. These language IDs must be same The ID is case sensitive and is two bytes length.
+<LI>If you want to add new language, add new directory and files. Then add its ID in makefile.
+</UL>
+
+<P>
+<LI>Network troubles increased after the installation of this soft.
+<P>
+<UL>
+Please use latter versions. Do not use before Ver.0.54 which includes a serious bug.
+</UL>
+
+<P>
+<LI>Sometimes, there are very long response time (60sec or more) for authentication request.
+<P>
+<UL>
+Please discover the part waisting long time. We experienced following case. The setting "HostnameLookups" in httpd.conf is "On", and DNS servers do not have sufficient informations about clients. Then, very long time is wasted in name lookup. The trouble is canceled by setting the above switch "Off".
+</UL>
+<P>
+<LI>All is checked. I cannot know what to do.
+<P>
+<UL>
+<LI>Set [#define DEBUG 1] in [opengatesrv.h]. Program tracing is put out in syslog.
+<LI>Insert [err_msg()] in proper place in the program to get debug print. The function put out message to syslog. The sample usage exists in the program. Format is same as [printf()].
+<P>
+</UL>
+</UL>
+</BODY>
+</HTML>
-<html LANG="jp">\r
-<head>\r
-<META HTTP-EQUIV="Content-Type" CONTENT="text/html;charset=Shift_JIS">\r
-\r
-<title>Opengate Error Check</title>\r
-</head>\r
-\r
-<body bgcolor=#FAFFF0>\r
-\r
-<H3>Opengate \83G\83\89\81[\83`\83F\83b\83N\8d\80\96Ú</H3>\r
-\r
-<P>\r
-Opengate \82Í\91½\82\82Ì\83\\83t\83g\83E\83F\83A\82Ì\8aÔ\82Ì\92\87\89î\82ð\8ds\82¤\82à\82Ì\82Å\82·\82Ì\82Å\81A\89½\82ª\8bN\82«\82Ä\82¢\82é\82Ì\82©\94»\92f\82ª\93ï\82µ\82¢\82Å\82·\81B\82Ü\82½\8c»\8fó\82Å\82Í\83f\83o\83b\83O\82Ì\82½\82ß\82É\90ê\97p\82Ì\8b@\94\\82Í\90Ý\92è\82µ\82Ä\82 \82è\82Ü\82¹\82ñ\81B\82»\82±\82Å\81A\82±\82Ì\83\81\83\82\82Í\81A\83C\83\93\83X\83g\81[\83\8b\82µ\82Ä\82à Opengate \82ª\93®\82©\82È\82¢\8e\9e\82Ì\8eQ\8dl\82Ì\82½\82ß\82É\8bL\82µ\82Ü\82·\81B\r
-<P>\r
-\82¤\82Ü\82\93®\82©\82È\82¢\8fê\8d\87\81A\82Ü\82¸\81A\8aÖ\98A\82·\82é\83\\83t\83g\83E\83F\83A\82ª\8ae\81X\92P\93Æ\82Å\90³\8fí\93®\8dì\82·\82é\82©\8am\94F\82µ\82Ä\82\82¾\82³\82¢\81B\93Á\82É ipfw \82Ì\90Ý\92è\82Í\82 \82¿\82±\82¿\82É\89e\8b¿\82µ\82Ü\82·\82Ì\82Å\8f\\95ª\92\8d\88Ó\82ª\95K\97v\82Å\82·\81B\8dÅ\8f\89\82Íipfw\82ð\91S\8aJ\95ú\82É\8bß\82\90Ý\92è\82µ\82Ä\82¤\82Ü\82\93®\82\82Ì\82ð\8am\94F\82µ\82Ä\82©\82ç\95Â\82¶\82Ä\82\82¾\82³\82¢\81B\r
-<P>\r
-Opengate\82Í\88È\89º\82Ì\83t\83@\83C\83\8b\82ð\97\98\97p\82µ\82Ü\82·\81B\82±\82ê\82ç\82Í\90³\82µ\82\94z\92u\82³\82ê\82Ä\82¢\82Ü\82·\82©\81B\r
-\83f\83B\83\8c\83N\83g\83\8a\82Ídefault\88Ê\92u\82Å\82·\81B\r
-<PRE>\r
- /usr/local/www/cgi-bin/opengate/opengatesrv.cgi\r
- /usr/local/www/data/index.html.*\r
- /usr/local/www/data/opengate/Opengate.class\r
- /usr/local/www/data/opengate/OpengateClient.class\r
- /usr/local/www/data/opengate/*/index.html\r
- /usr/local/www/data/opengate/*/index-ssl.html\r
- /usr/local/www/data/opengate/*/accept.html\r
- /usr/local/www/data/opengate/*/accept2.html\r
- /usr/local/www/data/opengate/*/deny.html\r
- /etc/opengatesrv.conf\r
- /etc/opengatefw.pl\r
- /var/log/opengate.log\r
-</PRE>\r
-\82³\82ç\82É\81A\83\8d\83b\83N\83t\83@\83C\83\8b\82Æ\82µ\82Ä /tmp/opengate.lock\82ð\8eg\97p\82µ\82Ü\82·\82ª\81A\8dì\90¬\82Í\95s\97v\r
-\82Å\82·\81B\8fÁ\82µ\82Ä\82à\8d\\82¢\82Ü\82¹\82ñ\81B\r
-<P>\r
-
\95Ê
\82É
\81A<A HREF=progflow.html>
\83v
\83\8d\83O
\83\89\83\80\83t
\83\8d\81[
\89ð
\90à</A>
\82ð
\97p
\88Ó
\82µ
\82Ä
\82¢
\82Ü
\82·
\81B
\83v
\83\8d\83O
\83\89\83\80\82Ì
\8aî
\96{
\93I
\82È
\93®
\82«
\82ð
\94c
\88¬
\82µ
\82Ä
\82
\82¾
\82³
\82¢
\81B
\r-<P>\r
-\93®\82«\83`\83F\83b\83N\82Ì\82½\82ß\82É\83e\83X\83g\83v\83\8d\83O\83\89\83\80\82ð\97p\88Ó\82µ\82Ü\82µ\82½\81Bopengatesrv\92\86\82Étest-*\82Æ\82µ\82Ä\92u\82¢\82Ä\82¢\82Ü\82·\81B\r
-<P>\r
-\r
-\88È\89º\81A\8fÇ\8fó\96\88\82É\97ñ\8b\93\82µ\82Ü\82·\81B\r
-<UL>\r
-<LI>\83\89\83C\83u\83\89\83\8a\93\99\82ª\95s\91«\82µ\82Ä\82¢\82é\82Æ\82Ì\83R\83\93\83p\83C\83\8b\83G\83\89\81[\82ª\8fo\82Ü\82·\81B\r
-<P>\r
-<UL>\r
-<LI>Ver.0.56\88È\8d~\82Í\81AFreeBSDv4\82É\82Ä\93®\8dì\8am\94F\82µ\82Ä\82¢\82Ü\82·\81BFreeBSD3\82Å\82Í\83R\83\93\83p\83C\83\8b\83G\83\89\81[\82ª\94\90¶\82µ\82Ü\82·\81B\r
-</UL>\r
-<P>\r
-\r
-<LI>\83Q\81[\83g\83E\83F\83C\82Ì\83z\81[\83\80\83y\81[\83W\82Ö\83\8a\83_\83C\83\8c\83N\83g\82µ\82È\82¢\81B\r
-<P>\r
-<UL>\r
-<LI>\82±\82Ì\92i\8aK\82Å\82ÍOpengatesrv.cgi\82Ì\96{\91Ì\82Í\96³\8aÖ\8cW\82Å\82·\81B\r
-\r
-<LI>\93\96\83z\81[\83\80\83y\81[\83W\82ð\8ew\92è\82µ\82½\82Æ\82«\82Í\90³\8fí\82É\95\\8e¦\82³\82ê\82Ü\82·\82©\81B\82»\82¤\82Å\82È\82¢\82Æ\82«\82Í Apache \82Ì\90Ý\92è\82Ü\82½\82Í\83h\83L\83\85\83\81\83\93\83g\83t\83@\83C\83\8b\82Ì\88Ê\92u\90Ý\92è\82ð\8am\94F\82\82¾\82³\82¢\81B\82Ü\82½Apache\82Ì\83A\83N\83Z\83X\83\8d\83O\82¨\82æ\82Ñ\83G\83\89\81[\83\8d\83O\82ð\8am\94F\89º\82³\82¢\81B\r
-\r
-<LI>Apache\82Í\83o\81[\83W\83\87\83\93\82É\82æ\82Á\82Ä\83f\83B\83\8c\83N\83g\83\8a\82Ì\88Ê\92u\82ª\95Ï\82í\82Á\82Ä\82¢\82Ü\82·\81B\83C\83\93\83X\83g\81[\83\8b\83\81\83\82\82Æ\82Í\88Ù\82È\82é\82©\82à\92m\82ê\82Ü\82¹\82ñ\81B\r
-\r
-<LI>ipfw \82Ì\90Ý\92è\82Í\90³\82µ\82¢\82Å\82·\82©\81B\93Á\82Éfwd\82Ì\88Ê\92u\82ª\92Ç\89Á\83\8b\81[\83\8b\82æ\82è\97D\90æ\8f\87\88Ê\82ª\92á\82\82È\82Á\82Ä\82¢\82é\82©\8am\94F\82\82¾\82³\82¢\81B\r
-\r
-<LI>\90Ú\91±\82µ\82æ\82¤\82Æ\82µ\82½\82Ì\82ª\83T\83C\83g\82Ì\83g\83b\83v\83y\81[\83W\88È\8aO\82Ì\8fê\8d\87\81A\83g\83b\83v\83y\81[\83W\82Å\8e\8e\82µ\82Ä\82\82¾\82³\82¢\81B\82±\82ê\82Å\82¤\82Ü\82\82¢\82\82Ì\82Å\82 \82ê\82Î\81AApache httpd.conf\82É\82¨\82¢\82Ä PageNotFound \83G\83\89\81[\82Ì\82Æ\82«\82É\83g\83b\83v\83y\81[\83W\82ð\95\\8e¦\82·\82é\82æ\82¤\90Ý\92è\82³\82ê\82Ä\82¢\82é\82©\8am\94F\82\82¾\82³\82¢\81B\r
-\r
-<LI>Microsoft Internet Explorer 5
\88È
\8d~
\82Í
\81A
\83\8a\83_
\83C
\83\8c\83N
\83g
\90æ
\82Ì
\83y
\81[
\83W
\82ª512
\83o
\83C
\83g
\88È
\8fã
\82Å
\82È
\82¢
\82Æ
\81APageNotFound
\8e\9e\82Ì
\83\8a\83_
\83C
\83\8c\83N
\83g
\95\
\8e¦
\82ª
\82¤
\82Ü
\82
\82¢
\82«
\82Ü
\82¹
\82ñ
\81B
\83g
\83b
\83v
\83y
\81[
\83W
\82É
\8bó
\94\92\82ð
\90\94\95S
\83o
\83C
\83g
\92Ç
\89Á
\82µ
\82Ä
\82Ý
\82Ä
\82
\82¾
\82³
\82¢
\81B
\8eQ
\8dl
\8fî
\95ñ
\82Í<a href=http://www.microsoft.com/japan/support/kb/articles/JP218/1/55.asp>http://www.microsoft.com/japan/support/kb/articles/JP218/1/55.asp</a>
\82Å
\82·
\81B
\r-\r
-<LI>\90Ú\91±\82µ\82æ\82¤\82Æ\82µ\82½\83T\83C\83g\82Í\93\96\83Q\81[\83g\83E\83F\83C\82ð\92Ê\82Á\82½\90æ\82É\90Ý\92è\82³\82ê\82Ä\82¢\82Ü\82·\82©\81B\83Q\81[\83g\83E\83F\83C\82ð\92Ê\82é\92Ê\90M\82µ\82©\83\8a\83_\83C\83\8c\83N\83g\82Å\82«\82Ü\82¹\82ñ\81B\r
-\r
-<LI>\96¼\91O\82ª\89ð\8eß\82Å\82«\82È\82¢\82Ì\82È\82ç\81ADNS\82Ì\90Ý\92è\82ð\8am\94F\82\82¾\82³\82¢\81B\r
-\r
-<LI>\8dÅ\8f\89\82Ì\89æ\96Ê\82ÍSSL\89»\82µ\82È\82¢\82Å\82\82¾\82³\82¢\81B\r
-</UL>\r
-<P>\r
-\r
-<LI>\83\86\81[\83UID\82Æ\83p\83X\83\8f\81[\83h\82Ì\93ü\97Í\89æ\96Ê\82Ö\88Ú\8ds\82µ\82È\82¢\81B\r
-<P>\r
-<UL>\r
-<LI>HTML\83t\83@\83C\83\8b\82Ì\82 \82¿\82±\82¿\82É\83A\83h\83\8c\83X\82ª\8f\91\82©\82ê\82Ä\82¢\82Ü\82·\81B\82à\82ê\82È\82\8e©\95ª\82Ì\82Æ\82±\82ë\82Ì\83A\83h\83\8c\83X\82É\8f\91\82«\8a·\82¦\82Ä\82\82¾\82³\82¢\81B\r
-\r
-<LI>\8e©\93®\88Ú\93®\82ð\90Ý\92è\82µ\82Ä\82¢\82é\8fê\8d\87\82Í\8eè\93®\88Ú\93®\82Å\82Í\82Ç\82¤\82©\8am\94F\82\82¾\82³\82¢\81B\r
-\r
-<LI>\82r\82r\82k\89»\82µ\82Ä\82 \82ê\82Î\81A\82Ü\82¸\82Í\82r\82r\82k\96³\82µ\82Å\93®\82\82±\82Æ\82ð\8am\94F\82\82¾\82³\82¢\81B\r
-\r
-<LI>\88Ú\8ds\90æ\83A\83h\83\8c\83X\82Ì\8bL\8fq\82Í\81A\91\8a\91Î\83p\83X\82Å\82Í\82È\82\83t\83\8b\83p\83X\82Å\8ew\92è\82\82¾\82³\82¢\81B\r
-</UL>\r
-<P>\r
-<LI>\83\86\81[\83U ID \82Æ\83p\83X\83\8f\81[\83h\82ð\91\97\82Á\82Ä\82à\95Ô\8e\96\82ª\82È\82¢\81B\82Ü\82½\82Í\81AWeb \82ª\83G\83\89\81[\82ð\8bA\82·\81B\r
-<P>\r
-<UL>\r
-<LI>\82±\82Ì\92i\8aK\82Å Opengatesrv.cgi \83v\83\8d\83O\83\89\83\80\82ª\8bN\93®\82µ\82Ü\82·\81B\82æ\82Á\82Ä\97l\81X\82È\83G\83\89\81[\82Ì\89Â\94\\90«\82ª\82 \82è\82Ü\82·\81B\r
-\r
-<LI>\83g\83b\83v\83y\81[\83W\82ð\8fÈ\97ª\82µ\82Ä\92¼\90Ú\82É\83p\83X\83\8f\81[\83h\93ü\97Í\89æ\96Ê\82Ö\83\8a\83_\83C\83\8c\83N\83g\82·\82é\82æ\82¤\82É\90Ý\92è\82µ\82Ä\82¢\82é\82Æ\93®\82«\82Ü\82¹\82ñ\81B\95K\82¸\82P\83y\81[\83W\8co\97R\82µ\82Ä\82\82¾\82³\82¢\81B\r
-\r
-<LI>\81ups ax\81v\82É\82Ä\83v\83\8d\83Z\83X\8fó\8bµ\82ð\8am\94F\82\82¾\82³\82¢\81Bopengatesrv.cgi \82ª\8bN\93®\82³\82ê\82Ä\82¢\82Ü\82·\82©\81B\8bN\93®\82³\82ê\82Ä\82¢\82È\82¢\82È\82ç\81Acgi \82Ì\92u\82«\8fê\8f\8a\82ª\81A\83p\83X\83\8f\81[\83h\93ü\97Í\89æ\96Ê\93à\82Ì\8ew\92è\82Æ\8b¶\82Á\82Ä\82¢\82È\82¢\82©\8am\94F\82\82¾\82³\82¢\81B\82³\82ç\82É Apache \82Ì\90Ý\92è\82É\82¨\82¢\82Ä\81Acgi \82Ì\8fê\8f\8a\82â\89Ò\93®\8b\96\89Â\82Ì\90Ý\92è\82ª\8aÔ\88á\82Á\82Ä\82¢\82È\82¢\82©\8am\94F\82\82¾\82³\82¢\81B\r
-\r
-<LI>opengatesrv.cgi \82Ì\83v\83\8d\83Z\83X\82ª\8bN\93®\82³\82ê\82Ä\82¢\82é\82È\82ç /var/log/opengate.log \82ð\8am\94F\82\82¾\82³\82¢\81B\83G\83\89\81[\82ª\8fo\82Ä\82¢\82ê\82Î\82»\82ê\82É\91Î\89\9e\82\82¾\82³\82¢\81B\82Ü\82½\81Aopengatesrv.h\92\86\82Å\81u#define DEBUG 1\81v\82ð\8ew\92è\82·\82é\82Æ\81A\8dì\90¬\8aÖ\90\94\8aÔ\82Ì\8cÄ\82Ñ\8fo\82µ\82ªlog\82É\8bL\98^\82³\82ê\82Ü\82·\82Ì\82Å\81A\96â\91è\82Ì\90Ø\82è\95ª\82¯\82É\97\98\97p\82Å\82«\82Ü\82·\81B\r
-\r
-<LI>\81uipfw list\81v\82É\82Ä\81A\83A\83N\83Z\83X\82µ\82½\92[\96\96\82É\91Î\82·\82é\83\8b\81[\83\8b\82ª\92Ç\89Á\82³\82ê\82Ä\82¢\82é\82©\8am\94F\82\82¾\82³\82¢\81Bipfw \82Í root \8c \8cÀ\82ª\95K\97v\82Å\82·\81B\82à\82µ\92Ç\89Á\82³\82ê\82Ä\82¢\82È\82¢\8fê\8d\87\82É\82Í\81Aopengatesrv.cgi \82ª root \8c \8cÀ\82Å\93®\82\82æ\82¤\82É\82È\82Á\82Ä\82¢\82é\82©\8am\94F\82\82¾\82³\82¢\81B\r
-\r
-<LI>\83w\83b\83_\81[\83t\83@\83C\83\8b opengatesrv.h \81AMakefile\93à\82Ì\90Ý\92è\82ð\8am\94F\82\82¾\82³\82¢\81B\82»\82ê\82Æ Web \83h\83L\83\85\83\81\83\93\83g\93\99\82Ì\83t\83@\83C\83\8b\88Ê\92u\82Í\8d\87\92v\82µ\82Ä\82¢\82Ü\82·\82©\81B\r
-\r
-<LI>accept.html \82Ì\92\86\82É\81AApplet \91}\93ü\88Ê\92u\8ew\92è\82ª\90³\82µ\82\8ew\92è\82³\82ê\82Ä\82¢\82Ü\82·\82©\81B\r
-\r
-<LI>Web\83u\83\89\83E\83U\82ÍJava\82ª\89Ò\93®\89Â\94\\82Ì\90Ý\92è\82É\82È\82Á\82Ä\82¢\82Ü\82·\82©\81B\r
-\r
-<LI>\91¼\82ÌWeb\83u\83\89\83E\83U\82âOS\82Å\8am\94F\82\82¾\82³\82¢\81B\r
-\r
-<LI>Java \82Í\90³\82µ\82¢\88Ê\92u\82É\95Û\91¶\82µ\82Ä\82¢\82Ü\82·\82©\81B\82»\82Ì Java \82Í\90³\8fí\82É\93®\82\83v\83\8d\83O\83\89\83\80\82Å\82·\82©\81B\r
-\r
-<LI>conf\83t\83@\83C\83\8b\92\86\82Ì\83T\81[\83o\83A\83h\83\8c\83X\82ð\96¼\91O\82Å\82Í\82È\82\81A\90\94\8e\9a\95\\8bL\82É\82µ\82Ä\82Ý\82Ä\82\82¾\82³\82¢\81B\r
-</UL>\r
-<P>\r
-<LI>\90³\82µ\82\83p\83X\83\8f\81[\83h\82ð\93ü\82ê\82Ä\82¢\82é\82Í\82¸\82È\82Ì\82É\8b\91\94Û\82³\82ê\82é\81B\r
-<P>\r
-<UL>\r
-<LI>/var/log/opengate.log\82ð\92²\82×\82Ä\82\82¾\82³\82¢\81B\r
-\r
-<LI>server\96¼\82ªconf\83t\83@\83C\83\8b\82É\82 \82é\82Ì\82É\96³\82¢\82Ælog\83\81\83b\83Z\81[\83W\82ª\8fo\82é\82Æ\82«\81Aconf\83t\83@\83C\83\8b\82Ì\96\96\94ö\82É\89ü\8ds\82ª\94²\82¯\82Ä\82¢\82é\82±\82Æ\82ª\82 \82è\82Ü\82µ\82½\81B\r
-\r
-<LI>\83R\83\93\83\\81[\83\8b\82©\82ç\94F\8fØ\83T\81[\83o\82Ö\83A\83N\83Z\83X\82µ\82Ä\82Ý\82Ä\90³\82µ\82\93®\82\82©\8am\94F\89º\82³\82¢\81B\r
-\r
-<LI>FTP\83T\81[\83o\82É\82æ\82Á\82Ä\82Í\81AWelcome\83\81\83b\83Z\81[\83W\82È\82Ç\82ª\95¡\90\94\8ds\82É\82È\82Á\82Ä\82¢\82é\82±\82Æ\82ª\82 \82è\82Ü\82·\82ª\81AOpengate\82Í\88ê\8ds\82ð\89¼\92è\82µ\82Ä\93®\8dì\82µ\82Ü\82·\81BFTP\83T\81[\83o\82Ì\90Ý\92è\82ð\95Ï\8dX\82µ\82Ä\82\82¾\82³\82¢\81B\r
-\95Ï\8dX\95s\89Â\82È\82çOpengate\82Ì\89ï\98b\95\94\95ª\83\\81[\83X\82Ì\95Ï\8dX\82Å\91Î\89\9e\89º\82³\82¢\81BVer.0.90l\82Å\95¡\90\94\8ds\82É\91Î\89\9e\82µ\82Ü\82µ\82½\81B\r
-\r
-<LI>\8aJ\95ú\8dÏ\82Ì\92[\96\96\82©\82ç\8fd\95¡\82µ\82Ä\97v\8b\81\82ª\97\88\82é\82Æ\8b\91\94Û\82µ\82Ü\82·\81B\82»\82Ì\82Ü\82Ü\8aO\82Ì\83T\83C\83g\82ª\8c©\82¦\82é\82È\82ç\8aJ\95ú\82³\82ê\82Ä\82¢\82Ü\82·\81BJavaApplet\82ª\8bN\93®\82É\8e¸\94s\82µ\82½\8fê\8d\87\82Í\81A\83T\81[\83o\91¤\83v\83\8d\83Z\83X\82ÍJavaApplet\82ª\90Ú\91±\82µ\82Ä\82\82é\82Ì\82ðfirewall\82ð\8aJ\95ú\82µ\82Ä\88ê\92è\8e\9e\8aÔ\91Ò\82¿\81A\95Â\8d½\82µ\82Ä\8fI\97¹\82µ\82Ü\82·\81B\r
-\r
-</UL>\r
-\r
-<P>\r
-<LI>\97\98\97p\8b\96\89Â\82Ì\83y\81[\83W\82ª\95\\8e¦\82³\82ê\82é\82ª\82µ\82Î\82ç\82\8co\82Â\82Æ\83l\83b\83g\83\8f\81[\83N\82ª\90Ø\92f\82³\82ê\82é\81B\r
-<P>\r
-<UL>\r
-<LI>\97\98\97p\8b\96\89Â\82Ì\83y\81[\83W\82É\81A\89©\90F\82¢\83t\83\8c\81[\83\80\82Å\83\86\81[\83U\96¼\95\\8e¦\82ª\8fo\82Ä\82¢\82Ü\82·\82©\81B\8fo\82Ä\82¢\82È\82¯\82ê\82Î\81AJava\82Ì\8bN\93®\82É\8e¸\94s\82µ\82½\82æ\82¤\82Å\82·\81BJava\8aÖ\98A\82ð\8am\94F\82\82¾\82³\82¢\81B\82È\82¨Netscape6\81AInternetExplorer6\82Í\81A\95W\8f\80\83C\83\93\83X\83g\81[\83\8b\82Å\82ÍJava\82ª\93ü\82è\82Ü\82¹\82ñ\81B\8dÅ\8f\89\82ÌJava\83y\81[\83W\83A\83N\83Z\83X\8e\9e\82É\83_\83E\83\93\83\8d\81[\83h\82ª\97v\8b\81\82³\82ê\82Ü\82·\82Ì\82Å\83\81\83b\83Z\81[\83W\82É\8f]\82Á\82Ä\93±\93ü\82\82¾\82³\82¢\81B\82»\82ê\82Å\82à\93®\8dì\82ª\82¨\82©\82µ\82¢\8fê\8d\87\82Í\95Ê\82Ì\83u\83\89\83E\83U\82ð\8eg\82Á\82Ä\82Ý\82Ä\82\82¾\82³\82¢\81B\83o\81[\83W\83\87\83\93\82É\82æ\82Á\82Ä\82ÍJava\82ª\93®\82©\82È\82¢\8e\96\82ª\82 \82è\82Ü\82·\81BSunJava2\82ð\93±\93ü\82µ\82Ä\8c©\82Ä\82\82¾\82³\82¢\81B\r
-<LI>\8fo\82Ä\82¢\82ê\82Î\81AJavaApplet\82Ì\8fo\82·\83\81\83b\83Z\81[\83W\82ð\8am\94F\82\82¾\82³\82¢\81B\88È\89º\82Ì\8c´\88ö\82ª\8dl\82¦\82ç\82ê\82Ü\82·\81B(1)\83_\83E\83\93\83\8d\81[\83h\82µ\82½Java\82©\82ç\83T\81[\83o\82É\91Î\82µ\82Ä\83R\83l\83N\83g\82µ\82Ä\82±\82È\82¢\81B(2)Java\82ª\92è\8aú\92Ê\90M\82É\89\9e\93\9a\82µ\82È\82¢\81B(3)\93\96\92[\96\96\82Ì\83p\83P\83b\83g\82ª\88ê\92è\8aú\8aÔ\81A\83Q\81[\83g\83E\83F\83C\82ð\92Ê\89ß\82µ\82Ä\82¢\82È\82¢\81B(4)Java\8fI\97¹\82È\82Ç\82ÅTCP\83R\83l\83N\83V\83\87\83\93\82ª\95Â\82¶\82½\81B(5)\83T\81[\83o\83v\83\8d\83O\83\89\83\80\82ª\89½\82ç\82©\82Ì\8c´\88ö\82Å\8fI\97¹\82µ\82½\81B\r
-<LI>Java\82ª\83R\83l\83N\83g\82µ\82Ä\97\88\82È\82¢\8e\9e\82Í\81A\88È\89º\82Ì\8fê\8d\87\82É\95Â\8d½\82µ\82Ü\82·\81B(1)\94F\8fØ\83y\81[\83W\82Å\8ew\92è\82µ\82½\97\98\97p\8e\9e\8aÔ\82ª\8co\89ß\82µ\82½\81B(2)\93\96\92[\96\96\82Ì\83p\83P\83b\83g\82ª\88ê\92è\8aú\8aÔ\81A\83Q\81[\83g\83E\83F\83C\82ð\92Ê\89ß\82µ\82Ä\82¢\82È\82¢\81B(3)\94F\8fØ\8e\9e\82Æ\88Ù\82È\82éMAC\83A\83h\83\8c\83X\82ª\8c\9f\8fo\82³\82ê\82½\81B(4)\8b\96\89Â\83y\81[\83W\82Ì\97\98\97p\92\86\92f\83\8a\83\93\83N\82ª\89\9f\82³\82ê\82½\81B\r
-<LI>WindowsXP\82Ì\83C\83\93\83^\81[\83l\83b\83g\90Ú\91±\83t\83@\83C\83A\83E\83H\81[\83\8b(ICF)\82ª\90Ý\92è\82³\82ê\82Ä\82¢\82é\8fê\8d\87\82É\81A\90Ø\92f\82³\82ê\82é\82±\82Æ\82ª\82 \82è\82Ü\82·\81B\82µ\82©\82µ\81A\82Ç\82Ì\82æ\82¤\82È\8fð\8c\8f\89º\82Å\94\90¶\82·\82é\82©\82Í\94c\88¬\82Å\82«\82Ä\82¢\82Ü\82¹\82ñ\81B\94\90¶\82·\82é\8fê\8d\87\82Í\8aO\82µ\82Ä\82Ý\82Ä\82\82¾\82³\82¢\81B\r
-<LI>\r
-\83u\83\89\83E\83U\82É\82æ\82Á\82Ä\82Í\81AJavaApplet\95\\8e¦\83y\81[\83W\82©\82ç\83y\81[\83W\82ð\88Ú\93®\82·\82é\82Æ\90Ø\92f\82³\82ê\82é\82±\82Æ\82ª\82 \82è\82Ü\82µ\82½\82ª\81AVer0.90h\82Å\89ð\8fÁ\82µ\82Ü\82µ\82½\81B\r
-\r
-<LI>/var/log/opengate.log\82É\83G\83\89\81[\82ª\8fo\82Ä\82¢\82ê\82Î\82»\82ê\82ð\8eQ\8dl\82É\82µ\82Ä\82\82¾\82³\82¢\81B\r
-\r
-<LI>\8fã\8bL\8d\80\96Ú\82Ì Java \8aÖ\98A\82ð\8am\94F\82\82¾\82³\82¢\81B\82Ü\82½ netstat \93\99\82Å\83l\83b\83g\83\8f\81[\83N\8fó\8bµ\82ð\94c\88¬\82\82¾\82³\82¢\81BWeb\83u\83\89\83E\83U\89º\95\94\82Ì\83\81\83b\83Z\81[\83W\8ds\82É\89½\82©\8fo\82Ä\82È\82¢\82©\8am\94F\82\82¾\82³\82¢\81B\r
-\r
-<LI>\92[\96\96\82Æ\83Q\81[\83g\83E\83F\83C\83g\82Ì\8aÔ\82É\83L\83\83\83b\83V\83\85\83T\81[\83o\82âNAT\81CProxy\82È\82Ç\82ª\91¶\8dÝ\82·\82é\8fê\8d\87\81A\82»\82Ì\83T\81[\83o\82Ì IP \83A\83h\83\8c\83X\82ð\92[\96\96\83A\83h\83\8c\83X\82Æ\8cë\89ð\82·\82é\82½\82ß\81AApplet \82ª\90³\8fí\93®\8dì\82µ\82Ü\82¹\82ñ\81B\82±\82Ì\82æ\82¤\82È\8d\\90¬\82Í\94ð\82¯\82Ä\82\82¾\82³\82¢\81B\r
-\r
-</UL>\r
-<P>\r
-<LI>\97\98\97p\8b\96\89Â\83y\81[\83W\82Ì\95\\8e¦\82ª\82¨\82©\82µ\82¢\81B\r
-<P>\r
-<UL>\r
-<LI>\90³\8fí\82Å\82 \82ê\82Î\81A2\96\87\82Ì\83y\81[\83W\82ª\8fd\82È\82Á\82Ä\95\\8e¦\82³\82ê\82Ü\82·\81B\91æ1\83y\81[\83W\82É\82Í\81AJavaApplet\82ª\89©\90F\82Ì\98g\82Ì\92\86\82É\83\86\81[\83UID\93\99\82ð\95\\8e¦\82µ\82Ü\82·\81B\91æ2\83y\81[\83W\82É\82Í\81A\8ae\8eí\83\8a\83\93\83N\82Æ\97\98\97p\8fã\82Ì\92\8d\88Ó\82ª\92u\82©\82ê\82Ü\82·\81B\r
-<LI>\91æ1\83y\81[\83W\82É\89©\90F\82¢\98g\82ª\8fo\82È\82¢\8fê\8d\87\82Í\81AJavaApplet\82Ì\8bN\93®\82É\8e¸\94s\82µ\82½\82Æ\8dl\82¦\82ç\82ê\82Ü\82·\81B\8fã\8bL\82Ì\8d\80\96Ú\82ð\8eQ\8fÆ\82\82¾\82³\82¢\81B\r
-<LI>
\91æ2
\83y
\81[
\83W
\82ÍJavaScript
\82Å
\8fo
\82µ
\82Ä
\82¢
\82Ü
\82·
\81B
\8fo
\82È
\82¢
\8fê
\8d\87\82ÍJavaScript
\8aÖ
\98A
\82ª
\8b^
\82í
\82µ
\82¢
\82Å
\82·
\81B
\82½
\82¾
\82µ
\81A
\83y
\81[
\83W
\82ª
\8fo
\82È
\82
\82Ä
\82à
\97\98\97p
\82É
\8ex
\8fá
\82Í
\82 \82è
\82Ü
\82¹
\82ñ
\81B
\82È
\82¨
\81AInterner Explorer
\82Ì
\8fê
\8d\87\82Ì
\82Ý
\8bN
\82±
\82é
\82Ì
\82Å
\82 \82ê
\82Î
\81A
\83u
\83\89\83E
\83U
\82Ì
\90Ý
\92è
\82ª
\89ó
\82ê
\82Ä
\82¢
\82é
\82½
\82ß
\82©
\82à
\92m
\82ê
\82Ü
\82¹
\82ñ
\81B
\91¼
\82Ì
\83y
\81[
\83W
\82Å
\82à
\93¯
\8c»
\8fÛ
\82ª
\82 \82ê
\82Î
\88È
\89º
\82ð
\8c©
\82Ä
\82
\82¾
\82³
\82¢
\81B<A HREF=http://support.microsoft.com/support/kb/articles/q180/1/76.asp> http://support.microsoft.com/support/kb/articles/q180/1/76.asp </A>
\81BIE6
\82Å
\82à
\8bN
\82«
\82Ü
\82µ
\82½
\81B
\r-</UL>\r
-\r
-<P>\r
-<LI>\97\98\97p\94F\8fØ\82ð\92Ê\82ç\82È\82\82Ä\82à\8dÅ\8f\89\82©\82ç\83l\83b\83g\83\8f\81[\83N\82ª\97\98\97p\82Å\82«\82é\81B\r
-<P>\r
-<UL>\r
-<LI>\83N\83\89\83C\83A\83\93\83g\83}\83V\83\93\82ÉWeb\83u\83\89\83E\83U\82ª\8fí\92\93\82µ\82Ä\82¢\82Ü\82¹\82ñ\82©\81BMacintosh\82Å\82Í\81A\89æ\96Ê\8fã\82É\96³\82\82Ä\82à\89E\8fã\92[\82Ì\83A\83v\83\8a\83P\81[\83V\83\87\83\93\83\81\83j\83\85\81[\82É\8ec\82Á\82Ä\82¢\82é\82±\82Æ\82ª\82 \82è\82Ü\82·\81B\82Ü\82½\81A\82 \82é\8eí\82ÌOS\82Å\82Í\8fI\97¹\82Ì\8aT\94O\82Ì\82È\82¢\82à\82Ì\82ª\82 \82è\82Ü\82·\81B\82±\82Ì\8fê\8d\87\82Í\81Ajava\82É\8fI\97¹\83{\83^\83\93\82ð\95t\89Á\82·\82é\82È\82Ç\82Ì\83v\83\8d\83O\83\89\83\80\95Ï\8dX\82ª\95K\97v\82Å\82·\81B\r
-\r
-<LI>\83V\83X\83e\83\80\82Ì\93Ë\91R\92â\8e~\82â\83l\83b\83g\83\8f\81[\83N\82Ì\90Ø\92f\82Ì\82Æ\82«\82É\82Í\81A\83R\83l\83N\83V\83\87\83\93\82Ì\8fI\97¹\82ª\83T\81[\83o\82É\91Î\82µ\82Ä\91¦\8e\9e\82É\93`\82í\82è\82Ü\82¹\82ñ\81Bopengatesrv \82Í\81A\8e\9f\82Ì\92è\8aú\98A\97\8d\82Ì\8e\9e\82É\82»\82ê\82ð\8c\9f\8fo\82µ\82Ü\82·\82Ì\82Å\81A\82µ\82Î\82ç\82\91Ò\82Ä\82Î\95Â\8d½\82³\82ê\82é\82Í\82¸\82Å\82·\81B\r
-\r
-<LI>
\82¢
\82Â
\82Ü
\82Å
\82à
\95Â
\8d½
\82³
\82ê
\82È
\82¢
\8fê
\8d\87\82Í
\81A
\89½
\93\99\82©
\82Ì
\8c´
\88ö
\82Å ipfw
\82Ì
\83\8b\81[
\83\8b\82ª
\90¶
\82«
\8ec
\82Á
\82Ä
\82µ
\82Ü
\82Á
\82½
\82à
\82Ì
\82Æ
\8ev
\82í
\82ê
\82Ü
\82·
\81B
\8eè
\93®
\82Å
\8dí
\8f\9c\82·
\82é
\82©
\83V
\83X
\83e
\83\80\82ð
\83\8a\83u
\81[
\83g
\82µ
\82Ä
\82
\82¾
\82³
\82¢
\81BVer.0.90e
\88È
\8d~
\82Å
\82 \82ê
\82Î
\81A
\83v
\83\8d\83Z
\83X
\82Ì
\88Ù
\8fí
\8fI
\97¹
\8e\9e\82É
\90¶
\82«
\8ec
\82Á
\82½
\83\8b\81[
\83\8b\82ð
\92T
\82µ
\82Ä
\8dí
\8f\9c\82·
\82é<A HREF=rulechk.txt>
\83X
\83N
\83\8a\83v
\83g</A>
\82ª
\97\98\97p
\82Å
\82«
\82Ü
\82·
\81B
\r-\r
-<LI>\92[\96\96\82Æ\83Q\81[\83g\83E\83F\83C\83g\82Ì\8aÔ\82É NAT \82ª\91¶\8dÝ\82·\82é\8fê\8d\87\81A\93¯\88ê\83A\83h\83\8c\83X\82ð\8b¤\97L\82·\82é\82±\82Æ\82É\82È\82è\82Ü\82·\82Ì\82Å\81A\88ê\90l\82ª\8aJ\82¯\82ê\82Î\8b¤\97L\82³\82ê\82Ü\82·\81B\82±\82Ì\82æ\82¤\82È\8d\\90¬\82Í\94ð\82¯\82Ä\82\82¾\82³\82¢\81B\r
-</UL>\r
-<P>\r
-\r
-<LI>\97\98\97p\8b\96\89Â\82ð\92Ê\82Á\82½\82Ì\82É\83l\83b\83g\83\8f\81[\83N\82ª\97\98\97p\82Å\82«\82È\82¢\81B\r
-<P>\r
-<UL>\r
-<LI>\81uipfw list\81v\82Å ipfw \82Ì\83\8b\81[\83\8b\82ð\8am\94F\82\82¾\82³\82¢\81B\83\8b\81[\83\8b\82Ì\97D\90æ\8f\87\93\99\82Å\96µ\8f\82\82Í\82È\82¢\82Å\82·\82©\81B\83u\81[\83g\8e\9e\82Éipfw \8bN\93®\83G\83\89\81[\83\81\83b\83Z\81[\83W\82Í\8fo\82Ä\82È\82¢\82Å\82µ\82å\82¤\82©\81B\r
-\r
-<LI>/var/log/opengate.log\82É\83G\83\89\81[\82ª\8fo\82Ä\82¢\82ê\82Î\82»\82ê\82ð\8eQ\8dl\82É\82µ\82Ä\82\82¾\82³\82¢\81B\r
-\r
-<LI>Redirect\82³\82ê\82étoppage\82ª\81uNoCache\81v\82Ì\90Ý\92è\82ð\8e\9d\82Á\82Ä\82¢\82È\82¢\82Æ\81A\8dÄ\93x\82Ì\83A\83N\83Z\83X\82Å\82Í\83L\83\83\83b\83V\83\85\82ª\8eg\82í\82ê\82é\81B\97á\82¦\82Î\81AYahoo\83A\83N\83Z\83X\82ªOpengate\82ÖRedirect\82³\82ê\82½\82Æ\82«\82Í\81A\97á\82¦\83l\83b\83g\83\8f\81[\83N\82ª\8aJ\82¢\82Ä\82¢\82Ä\82à\81AYahoo\83A\83N\83Z\83X\82É\91Î\82µ\82ÄOpengate\82Ì\83y\81[\83W\82ª\83L\83\83\83b\83V\83\85\82©\82ç\8eæ\82è\8fo\82³\82ê\82é\81B\r
-</UL>\r
-<P>\r
-\r
-<LI>\90³\82µ\82¢\83p\83X\83\8f\81[\83h\82ð\91\97\82Á\82Ä\82¢\82é\82Í\82¸\82È\82Ì\82É\8b\91\94Û\82³\82ê\82é\81B\r
-<P>\r
-<UL>\r
-<LI>\97\98\97p\82µ\82Ä\82¢\82é\94F\8fØ\83T\81[\83o\82É\91Î\82µ\82Ä\92¼\90Ú\82É\83p\83X\83\8f\81[\83h\82ð\91\97\82Á\82Ä\94F\8fØ\83T\81[\83o\82Ì\8fó\91Ô\82ð\8am\94F\82\82¾\82³\82¢\81B\r
-\r
-<LI>/etc/opengatesrv.conf, radius.conf, pam.conf \82Ì\94F\8fØ\83T\81[\83o\90Ý\92è\82ª\82¨\82©\82µ\82\82È\82¢\82Å\82·\82©\81B\r
-\r
-<LI>/var/log/opengate.log\82É\83G\83\89\81[\82ª\8fo\82Ä\82¢\82ê\82Î\82»\82ê\82ð\8eQ\8dl\82É\82µ\82Ä\82\82¾\82³\82¢\81B\r
-</UL> \r
-\r
-<P>\r
-<LI>\83y\81[\83W\82ª\96]\82Þ\8c¾\8cê\88È\8aO\82Å\95\\8e¦\82³\82ê\82é\81B\r
-<P>\r
-<UL>\r
-<LI>index.html\93à\82Ì\8bL\8fq\81A \82»\82Ì\83f\83B\83\8c\83N\83g\83\8a\96¼\81A makefile\93à\82Ì\8bL\8fq\82ð\8am\82©\82ß\82Ä\82\82¾\82³\82¢\81B\8c¾\8cê\8ew\92è\82ÌID\82Í\88ê\92v\82·\82é\95K\97v\82ª\82 \82è\82Ü\82·\81BID\82Í\91å\95¶\8e\9a\81A\8f¬\95¶\8e\9a\82à\8bæ\95Ê\82µ\82Ü\82·\81BID\82Í2\95¶\8e\9a\82ð\8eg\97p\82µ\82Ü\82·\81B\r
-<LI>\90V\82µ\82¢\8c¾\8cê\82ð\92Ç\89Á\82·\82é\8e\9e\82Í\81A\93¯\97l\82È\8c`\8e®\82Å\83f\83B\83\8c\83N\83g\83\8a\82É\83t\83@\83C\83\8b\82ð\94z\92u\82µ\81AMakefile\82ÉID\82ð\92Ç\89Á\82\82¾\82³\82¢\81B\r
-</UL>\r
-\r
-<P>\r
-<LI>\93±\93ü\88È\8d~\81A\83T\81[\83o\82Ì\83l\83b\83g\83\8f\81[\83N\83g\83\89\83u\83\8b\82ª\91½\82¢\82æ\82¤\82¾\81B\r
-<P>\r
-<UL>\r
-<LI>\r
-\82Å\82«\82é\82¾\82¯\90V\82µ\82¢\82à\82Ì\82ð\97\98\97p\89º\82³\82¢\81B\93Á\82ÉVer.0.54\88È\91O\82É\82Í\81C\92·\8aú\89^\97p\82É\8dÛ\82µ\82Ä\92v\96½\93I\82È\83G\83\89\81[\82ð\8bN\82±\82·\83v\83\8d\83O\83\89\83\80\83~\83X\82ð\8aÜ\82ñ\82Å\82¢\82Ü\82µ\82½\81B\r
-</UL>\r
-<P>\r
-\r
-<LI>\94F\8fØ\92Ê\89ß\82É1\95ª\88È\8fã\82à\8a|\82©\82é\82±\82Æ\82ª\82 \82é\81B\r
-<P>\r
-<UL>\r
-<LI>\r
-\82Ü\82¸\82Í\82Ç\82±\82Å\8e\9e\8aÔ\82ð\97v\82µ\82Ä\82¢\82é\82©\82ð\90Ø\82è\95ª\82¯\82Ä\89º\82³\82¢\81B\93\96\95û\82Å\82Í\81AApache\82Ìhttpd.conf\82É\82¨\82¢\82Ä"HostnameLookups On"\82ª\90Ý\92è\82³\82ê\82Ä\82¢\82½\82½\82ß\81A\96¼\91O\89ð\8c\88\82É\8e\9e\8aÔ\82ð\97v\82µ\82½\82±\82Æ\82ª\82 \82è\82Ü\82·\81BOff\82É\90Ý\92è\82µ\82Ä\89ð\8c\88\82µ\82Ü\82µ\82½\81B\r
-</UL>\r
-<P>\r
-\r
-<LI>\82Ç\82¤\82µ\82æ\82¤\82à\82È\82\82È\82Á\82½\82Æ\82«\r
-<P>\r
-<UL>\r
-<LI>\r
-opengatesrv/opengatesrv.h\92\86\82É\81u#define DEBUG\81v\82Ì\92è\8b`\82ª\82 \82è\82Ü\82·\81B\82±\82ê\82ð\81u1\81v\82É\90Ý\92è\82·\82é\82Æ\81Aopengate.log\82É\83f\83o\83b\83O\8fo\97Í\82ª\8fo\82Ü\82·\81B\82Ü\82½\81Aerr_msg()\8aÖ\90\94\82Í\81A\8fo\97Í\82ðopengate.log\82É\8fo\82µ\82Ü\82·\81B\93K\93\96\82È\88Ê\92u\82É\91}\93ü\82µ\82Ä\89º\82³\82¢\81B\8eg\82¢\95û\82Í\81A\83v\83\8d\83O\83\89\83\80\92\86\82Ì\97á\82ð\8c©\82ê\82Î\95ª\82©\82é\82Æ\8ev\82¢\82Ü\82·\82ª\81Aprintf()\8aÖ\90\94\82Æ\93¯\82¶\95¶\96@\82Å\82·\81B\r
-</UL>\r
-</UL>\r
-</BODY>\r
-</HTML>\r
+<html LANG="jp">
+<head>
+<META HTTP-EQUIV="Content-Type" CONTENT="text/html;charset=Shift_JIS">
+
+<title>Opengate Error Check</title>
+</head>
+
+<BODY>
+
+<body bgcolor=#BBEECC>
+
+<H3>Opengate \83G\83\89\81[\83`\83F\83b\83N\8d\80\96Ú</H3>
+
+<P>
+Opengate \82Í\91½\82\82Ì\83\\83t\83g\83E\83F\83A\82Ì\8aÔ\82Ì\92\87\89î\82ð\8ds\82¤\82à\82Ì\82Å\82·\82Ì\82Å\81A\89½\82ª\8bN\82«\82Ä\82¢\82é\82Ì\82©\94»\92f\82ª\93ï\82µ\82¢\82Å\82·\81B\82Ü\82½\8c»\8fó\82Å\82Í\83f\83o\83b\83O\82Ì\82½\82ß\82É\90ê\97p\82Ì\8b@\94\\82Í\90Ý\92è\82µ\82Ä\82 \82è\82Ü\82¹\82ñ\81B\82»\82±\82Å\81A\82±\82Ì\83\81\83\82\82Í\81A\83C\83\93\83X\83g\81[\83\8b\82µ\82Ä\82à Opengate \82ª\93®\82©\82È\82¢\8e\9e\82Ì\8eQ\8dl\82Ì\82½\82ß\82É\8bL\82µ\82Ü\82·\81B
+<P>
+\82¤\82Ü\82\93®\82©\82È\82¢\8fê\8d\87\81A\82Ü\82¸\81A\8aÖ\98A\82·\82é\83\\83t\83g\83E\83F\83A\82ª\8ae\81X\92P\93Æ\82Å\90³\8fí\93®\8dì\82·\82é\82©\8am\94F\82µ\82Ä\82\82¾\82³\82¢\81B\93Á\82É ipfw \82Ì\90Ý\92è\82Í\82 \82¿\82±\82¿\82É\89e\8b¿\82µ\82Ü\82·\82Ì\82Å\8f\\95ª\92\8d\88Ó\82ª\95K\97v\82Å\82·\81B\8dÅ\8f\89\82Íipfw\82ð\91S\8aJ\95ú\82É\8bß\82\90Ý\92è\82µ\82Ä\82¤\82Ü\82\93®\82\82Ì\82ð\8am\94F\82µ\82Ä\82©\82ç\95Â\82¶\82Ä\82\82¾\82³\82¢\81B
+<P>
+Opengate\82Í\88È\89º\82Ì\83t\83@\83C\83\8b\82ð\97\98\97p\82µ\82Ü\82·\81B\82±\82ê\82ç\82Í\90³\82µ\82\94z\92u\82³\82ê\82Ä\82¢\82Ü\82·\82©\81B
+\83f\83B\83\8c\83N\83g\83\8a\82Ídefault\88Ê\92u\82Å\82·\81B
+<PRE>
+ /usr/local/www/cgi-bin/opengate/opengatesrv.cgi
+ /usr/local/www/data/index.html.*
+ /usr/local/www/data/opengate/Opengate.class
+ /usr/local/www/data/opengate/OpengateClient.class
+ /usr/local/www/data/opengate/*/index.html
+ /usr/local/www/data/opengate/*/index-ssl.html
+ /usr/local/www/data/opengate/*/accept.html
+ /usr/local/www/data/opengate/*/accept2.html
+ /usr/local/www/data/opengate/*/deny.html
+ /etc/opengatesrv.conf
+ /etc/opengatefw.pl
+ /var/log/opengate.log
+</PRE>
+\82³\82ç\82É\81A\83\8d\83b\83N\83t\83@\83C\83\8b\82Æ\82µ\82Ä /tmp/opengate.lock\82ð\8eg\97p\82µ\82Ü\82·\82ª\81A\8dì\90¬\82Í\95s\97v
+\82Å\82·\81B\8fÁ\82µ\82Ä\82à\8d\\82¢\82Ü\82¹\82ñ\81B
+<P>
+
\95Ê
\82É
\81A<A HREF=progflow.html>
\83v
\83\8d\83O
\83\89\83\80\83t
\83\8d\81[
\89ð
\90à</A>
\82ð
\97p
\88Ó
\82µ
\82Ä
\82¢
\82Ü
\82·
\81B
\83v
\83\8d\83O
\83\89\83\80\82Ì
\8aî
\96{
\93I
\82È
\93®
\82«
\82ð
\94c
\88¬
\82µ
\82Ä
\82
\82¾
\82³
\82¢
\81B
+<P>
+\93®\82«\83`\83F\83b\83N\82Ì\82½\82ß\82É\83e\83X\83g\83v\83\8d\83O\83\89\83\80\82ð\97p\88Ó\82µ\82Ü\82µ\82½\81Bopengatesrv\92\86\82Étest-*\82Æ\82µ\82Ä\92u\82¢\82Ä\82¢\82Ü\82·\81B
+<P>
+
+\88È\89º\81A\8fÇ\8fó\96\88\82É\97ñ\8b\93\82µ\82Ü\82·\81B
+<UL>
+<LI>\83\89\83C\83u\83\89\83\8a\93\99\82ª\95s\91«\82µ\82Ä\82¢\82é\82Æ\82Ì\83R\83\93\83p\83C\83\8b\83G\83\89\81[\82ª\8fo\82Ü\82·\81B
+<P>
+<UL>
+<LI>Ver.0.56\88È\8d~\82Í\81AFreeBSDv4\82É\82Ä\93®\8dì\8am\94F\82µ\82Ä\82¢\82Ü\82·\81BFreeBSD3\82Å\82Í\83R\83\93\83p\83C\83\8b\83G\83\89\81[\82ª\94\90¶\82µ\82Ü\82·\81B
+</UL>
+<P>
+
+<LI>\83Q\81[\83g\83E\83F\83C\82Ì\83z\81[\83\80\83y\81[\83W\82Ö\83\8a\83_\83C\83\8c\83N\83g\82µ\82È\82¢\81B
+<P>
+<UL>
+<LI>\82±\82Ì\92i\8aK\82Å\82ÍOpengatesrv.cgi\82Ì\96{\91Ì\82Í\96³\8aÖ\8cW\82Å\82·\81B
+
+<LI>\93\96\83z\81[\83\80\83y\81[\83W\82ð\8ew\92è\82µ\82½\82Æ\82«\82Í\90³\8fí\82É\95\\8e¦\82³\82ê\82Ü\82·\82©\81B\82»\82¤\82Å\82È\82¢\82Æ\82«\82Í Apache \82Ì\90Ý\92è\82Ü\82½\82Í\83h\83L\83\85\83\81\83\93\83g\83t\83@\83C\83\8b\82Ì\88Ê\92u\90Ý\92è\82ð\8am\94F\82\82¾\82³\82¢\81B\82Ü\82½Apache\82Ì\83A\83N\83Z\83X\83\8d\83O\82¨\82æ\82Ñ\83G\83\89\81[\83\8d\83O\82ð\8am\94F\89º\82³\82¢\81B
+
+<LI>Apache\82Í\83o\81[\83W\83\87\83\93\82É\82æ\82Á\82Ä\83f\83B\83\8c\83N\83g\83\8a\82Ì\88Ê\92u\82ª\95Ï\82í\82Á\82Ä\82¢\82Ü\82·\81B\83C\83\93\83X\83g\81[\83\8b\83\81\83\82\82Æ\82Í\88Ù\82È\82é\82©\82à\92m\82ê\82Ü\82¹\82ñ\81B
+
+<LI>ipfw \82Ì\90Ý\92è\82Í\90³\82µ\82¢\82Å\82·\82©\81B\93Á\82Éfwd\82Ì\88Ê\92u\82ª\92Ç\89Á\83\8b\81[\83\8b\82æ\82è\97D\90æ\8f\87\88Ê\82ª\92á\82\82È\82Á\82Ä\82¢\82é\82©\8am\94F\82\82¾\82³\82¢\81B
+
+<LI>\90Ú\91±\82µ\82æ\82¤\82Æ\82µ\82½\82Ì\82ª\83T\83C\83g\82Ì\83g\83b\83v\83y\81[\83W\88È\8aO\82Ì\8fê\8d\87\81A\83g\83b\83v\83y\81[\83W\82Å\8e\8e\82µ\82Ä\82\82¾\82³\82¢\81B\82±\82ê\82Å\82¤\82Ü\82\82¢\82\82Ì\82Å\82 \82ê\82Î\81AApache httpd.conf\82É\82¨\82¢\82Ä PageNotFound \83G\83\89\81[\82Ì\82Æ\82«\82É\83g\83b\83v\83y\81[\83W\82ð\95\\8e¦\82·\82é\82æ\82¤\90Ý\92è\82³\82ê\82Ä\82¢\82é\82©\8am\94F\82\82¾\82³\82¢\81B
+
+<LI>Microsoft Internet Explorer 5
\88È
\8d~
\82Í
\81A
\83\8a\83_
\83C
\83\8c\83N
\83g
\90æ
\82Ì
\83y
\81[
\83W
\82ª512
\83o
\83C
\83g
\88È
\8fã
\82Å
\82È
\82¢
\82Æ
\81APageNotFound
\8e\9e\82Ì
\83\8a\83_
\83C
\83\8c\83N
\83g
\95\
\8e¦
\82ª
\82¤
\82Ü
\82
\82¢
\82«
\82Ü
\82¹
\82ñ
\81B
\83g
\83b
\83v
\83y
\81[
\83W
\82É
\8bó
\94\92\82ð
\90\94\95S
\83o
\83C
\83g
\92Ç
\89Á
\82µ
\82Ä
\82Ý
\82Ä
\82
\82¾
\82³
\82¢
\81B
\8eQ
\8dl
\8fî
\95ñ
\82Í<a href=http://www.microsoft.com/japan/support/kb/articles/JP218/1/55.asp>http://www.microsoft.com/japan/support/kb/articles/JP218/1/55.asp</a>
\82Å
\82·
\81B
+
+<LI>\90Ú\91±\82µ\82æ\82¤\82Æ\82µ\82½\83T\83C\83g\82Í\93\96\83Q\81[\83g\83E\83F\83C\82ð\92Ê\82Á\82½\90æ\82É\90Ý\92è\82³\82ê\82Ä\82¢\82Ü\82·\82©\81B\83Q\81[\83g\83E\83F\83C\82ð\92Ê\82é\92Ê\90M\82µ\82©\83\8a\83_\83C\83\8c\83N\83g\82Å\82«\82Ü\82¹\82ñ\81B
+
+<LI>\96¼\91O\82ª\89ð\8eß\82Å\82«\82È\82¢\82Ì\82È\82ç\81ADNS\82Ì\90Ý\92è\82ð\8am\94F\82\82¾\82³\82¢\81B
+
+<LI>\8dÅ\8f\89\82Ì\89æ\96Ê\82ÍSSL\89»\82µ\82È\82¢\82Å\82\82¾\82³\82¢\81B
+</UL>
+<P>
+
+<LI>\83\86\81[\83UID\82Æ\83p\83X\83\8f\81[\83h\82Ì\93ü\97Í\89æ\96Ê\82Ö\88Ú\8ds\82µ\82È\82¢\81B
+<P>
+<UL>
+<LI>HTML\83t\83@\83C\83\8b\82Ì\82 \82¿\82±\82¿\82É\83A\83h\83\8c\83X\82ª\8f\91\82©\82ê\82Ä\82¢\82Ü\82·\81B\82à\82ê\82È\82\8e©\95ª\82Ì\82Æ\82±\82ë\82Ì\83A\83h\83\8c\83X\82É\8f\91\82«\8a·\82¦\82Ä\82\82¾\82³\82¢\81B
+
+<LI>\8e©\93®\88Ú\93®\82ð\90Ý\92è\82µ\82Ä\82¢\82é\8fê\8d\87\82Í\8eè\93®\88Ú\93®\82Å\82Í\82Ç\82¤\82©\8am\94F\82\82¾\82³\82¢\81B
+
+<LI>\82r\82r\82k\89»\82µ\82Ä\82 \82ê\82Î\81A\82Ü\82¸\82Í\82r\82r\82k\96³\82µ\82Å\93®\82\82±\82Æ\82ð\8am\94F\82\82¾\82³\82¢\81B
+
+<LI>\88Ú\8ds\90æ\83A\83h\83\8c\83X\82Ì\8bL\8fq\82Í\81A\91\8a\91Î\83p\83X\82Å\82Í\82È\82\83t\83\8b\83p\83X\82Å\8ew\92è\82\82¾\82³\82¢\81B
+</UL>
+<P>
+<LI>\83\86\81[\83U ID \82Æ\83p\83X\83\8f\81[\83h\82ð\91\97\82Á\82Ä\82à\95Ô\8e\96\82ª\82È\82¢\81B\82Ü\82½\82Í\81AWeb \82ª\83G\83\89\81[\82ð\8bA\82·\81B
+<P>
+<UL>
+<LI>\82±\82Ì\92i\8aK\82Å Opengatesrv.cgi \83v\83\8d\83O\83\89\83\80\82ª\8bN\93®\82µ\82Ü\82·\81B\82æ\82Á\82Ä\97l\81X\82È\83G\83\89\81[\82Ì\89Â\94\\90«\82ª\82 \82è\82Ü\82·\81B
+
+<LI>\83g\83b\83v\83y\81[\83W\82ð\8fÈ\97ª\82µ\82Ä\92¼\90Ú\82É\83p\83X\83\8f\81[\83h\93ü\97Í\89æ\96Ê\82Ö\83\8a\83_\83C\83\8c\83N\83g\82·\82é\82æ\82¤\82É\90Ý\92è\82µ\82Ä\82¢\82é\82Æ\93®\82«\82Ü\82¹\82ñ\81B\95K\82¸\82P\83y\81[\83W\8co\97R\82µ\82Ä\82\82¾\82³\82¢\81B
+
+<LI>\81ups ax\81v\82É\82Ä\83v\83\8d\83Z\83X\8fó\8bµ\82ð\8am\94F\82\82¾\82³\82¢\81Bopengatesrv.cgi \82ª\8bN\93®\82³\82ê\82Ä\82¢\82Ü\82·\82©\81B\8bN\93®\82³\82ê\82Ä\82¢\82È\82¢\82È\82ç\81Acgi \82Ì\92u\82«\8fê\8f\8a\82ª\81A\83p\83X\83\8f\81[\83h\93ü\97Í\89æ\96Ê\93à\82Ì\8ew\92è\82Æ\8b¶\82Á\82Ä\82¢\82È\82¢\82©\8am\94F\82\82¾\82³\82¢\81B\82³\82ç\82É Apache \82Ì\90Ý\92è\82É\82¨\82¢\82Ä\81Acgi \82Ì\8fê\8f\8a\82â\89Ò\93®\8b\96\89Â\82Ì\90Ý\92è\82ª\8aÔ\88á\82Á\82Ä\82¢\82È\82¢\82©\8am\94F\82\82¾\82³\82¢\81B
+
+<LI>opengatesrv.cgi \82Ì\83v\83\8d\83Z\83X\82ª\8bN\93®\82³\82ê\82Ä\82¢\82é\82È\82ç /var/log/opengate.log \82ð\8am\94F\82\82¾\82³\82¢\81B\83G\83\89\81[\82ª\8fo\82Ä\82¢\82ê\82Î\82»\82ê\82É\91Î\89\9e\82\82¾\82³\82¢\81B\82Ü\82½\81Aopengatesrv.h\92\86\82Å\81u#define DEBUG 1\81v\82ð\8ew\92è\82·\82é\82Æ\81A\8dì\90¬\8aÖ\90\94\8aÔ\82Ì\8cÄ\82Ñ\8fo\82µ\82ªlog\82É\8bL\98^\82³\82ê\82Ü\82·\82Ì\82Å\81A\96â\91è\82Ì\90Ø\82è\95ª\82¯\82É\97\98\97p\82Å\82«\82Ü\82·\81B
+
+<LI>\81uipfw list\81v\82É\82Ä\81A\83A\83N\83Z\83X\82µ\82½\92[\96\96\82É\91Î\82·\82é\83\8b\81[\83\8b\82ª\92Ç\89Á\82³\82ê\82Ä\82¢\82é\82©\8am\94F\82\82¾\82³\82¢\81Bipfw \82Í root \8c \8cÀ\82ª\95K\97v\82Å\82·\81B\82à\82µ\92Ç\89Á\82³\82ê\82Ä\82¢\82È\82¢\8fê\8d\87\82É\82Í\81Aopengatesrv.cgi \82ª root \8c \8cÀ\82Å\93®\82\82æ\82¤\82É\82È\82Á\82Ä\82¢\82é\82©\8am\94F\82\82¾\82³\82¢\81B
+
+<LI>\83w\83b\83_\81[\83t\83@\83C\83\8b opengatesrv.h \81AMakefile\93à\82Ì\90Ý\92è\82ð\8am\94F\82\82¾\82³\82¢\81B\82»\82ê\82Æ Web \83h\83L\83\85\83\81\83\93\83g\93\99\82Ì\83t\83@\83C\83\8b\88Ê\92u\82Í\8d\87\92v\82µ\82Ä\82¢\82Ü\82·\82©\81B
+
+<LI>accept.html \82Ì\92\86\82É\81AApplet \91}\93ü\88Ê\92u\8ew\92è\82ª\90³\82µ\82\8ew\92è\82³\82ê\82Ä\82¢\82Ü\82·\82©\81B
+
+<LI>Web\83u\83\89\83E\83U\82ÍJava\82ª\89Ò\93®\89Â\94\\82Ì\90Ý\92è\82É\82È\82Á\82Ä\82¢\82Ü\82·\82©\81B
+
+<LI>\91¼\82ÌWeb\83u\83\89\83E\83U\82âOS\82Å\8am\94F\82\82¾\82³\82¢\81B
+
+<LI>Java \82Í\90³\82µ\82¢\88Ê\92u\82É\95Û\91¶\82µ\82Ä\82¢\82Ü\82·\82©\81B\82»\82Ì Java \82Í\90³\8fí\82É\93®\82\83v\83\8d\83O\83\89\83\80\82Å\82·\82©\81B
+
+<LI>conf\83t\83@\83C\83\8b\92\86\82Ì\83T\81[\83o\83A\83h\83\8c\83X\82ð\96¼\91O\82Å\82Í\82È\82\81A\90\94\8e\9a\95\\8bL\82É\82µ\82Ä\82Ý\82Ä\82\82¾\82³\82¢\81B
+</UL>
+<P>
+<LI>\90³\82µ\82\83p\83X\83\8f\81[\83h\82ð\93ü\82ê\82Ä\82¢\82é\82Í\82¸\82È\82Ì\82É\8b\91\94Û\82³\82ê\82é\81B
+<P>
+<UL>
+<LI>/var/log/opengate.log\82ð\92²\82×\82Ä\82\82¾\82³\82¢\81B
+
+<LI>server\96¼\82ªconf\83t\83@\83C\83\8b\82É\82 \82é\82Ì\82É\96³\82¢\82Ælog\83\81\83b\83Z\81[\83W\82ª\8fo\82é\82Æ\82«\81Aconf\83t\83@\83C\83\8b\82Ì\96\96\94ö\82É\89ü\8ds\82ª\94²\82¯\82Ä\82¢\82é\82±\82Æ\82ª\82 \82è\82Ü\82µ\82½\81B
+
+<LI>\83R\83\93\83\\81[\83\8b\82©\82ç\94F\8fØ\83T\81[\83o\82Ö\83A\83N\83Z\83X\82µ\82Ä\82Ý\82Ä\90³\82µ\82\93®\82\82©\8am\94F\89º\82³\82¢\81B
+
+<LI>FTP\83T\81[\83o\82É\82æ\82Á\82Ä\82Í\81AWelcome\83\81\83b\83Z\81[\83W\82È\82Ç\82ª\95¡\90\94\8ds\82É\82È\82Á\82Ä\82¢\82é\82±\82Æ\82ª\82 \82è\82Ü\82·\82ª\81AOpengate\82Í\88ê\8ds\82ð\89¼\92è\82µ\82Ä\93®\8dì\82µ\82Ü\82·\81BFTP\83T\81[\83o\82Ì\90Ý\92è\82ð\95Ï\8dX\82µ\82Ä\82\82¾\82³\82¢\81B
+\95Ï\8dX\95s\89Â\82È\82çOpengate\82Ì\89ï\98b\95\94\95ª\83\\81[\83X\82Ì\95Ï\8dX\82Å\91Î\89\9e\89º\82³\82¢\81BVer.0.90l\82Å\95¡\90\94\8ds\82É\91Î\89\9e\82µ\82Ü\82µ\82½\81B
+
+<LI>\8aJ\95ú\8dÏ\82Ì\92[\96\96\82©\82ç\8fd\95¡\82µ\82Ä\97v\8b\81\82ª\97\88\82é\82Æ\8b\91\94Û\82µ\82Ü\82·\81B\82»\82Ì\82Ü\82Ü\8aO\82Ì\83T\83C\83g\82ª\8c©\82¦\82é\82È\82ç\8aJ\95ú\82³\82ê\82Ä\82¢\82Ü\82·\81BJavaApplet\82ª\8bN\93®\82É\8e¸\94s\82µ\82½\8fê\8d\87\82Í\81A\83T\81[\83o\91¤\83v\83\8d\83Z\83X\82ÍJavaApplet\82ª\90Ú\91±\82µ\82Ä\82\82é\82Ì\82ðfirewall\82ð\8aJ\95ú\82µ\82Ä\88ê\92è\8e\9e\8aÔ\91Ò\82¿\81A\95Â\8d½\82µ\82Ä\8fI\97¹\82µ\82Ü\82·\81B
+
+</UL>
+
+<P>
+<LI>\97\98\97p\8b\96\89Â\82Ì\83y\81[\83W\82ª\95\\8e¦\82³\82ê\82é\82ª\82µ\82Î\82ç\82\8co\82Â\82Æ\83l\83b\83g\83\8f\81[\83N\82ª\90Ø\92f\82³\82ê\82é\81B
+<P>
+<UL>
+<LI>\97\98\97p\8b\96\89Â\82Ì\83y\81[\83W\82É\81A\89©\90F\82¢\83t\83\8c\81[\83\80\82Å\83\86\81[\83U\96¼\95\\8e¦\82ª\8fo\82Ä\82¢\82Ü\82·\82©\81B\8fo\82Ä\82¢\82È\82¯\82ê\82Î\81AJava\82Ì\8bN\93®\82É\8e¸\94s\82µ\82½\82æ\82¤\82Å\82·\81BJava\8aÖ\98A\82ð\8am\94F\82\82¾\82³\82¢\81B\82È\82¨Netscape6\81AInternetExplorer6\82Í\81A\95W\8f\80\83C\83\93\83X\83g\81[\83\8b\82Å\82ÍJava\82ª\93ü\82è\82Ü\82¹\82ñ\81B\8dÅ\8f\89\82ÌJava\83y\81[\83W\83A\83N\83Z\83X\8e\9e\82É\83_\83E\83\93\83\8d\81[\83h\82ª\97v\8b\81\82³\82ê\82Ü\82·\82Ì\82Å\83\81\83b\83Z\81[\83W\82É\8f]\82Á\82Ä\93±\93ü\82\82¾\82³\82¢\81B\82»\82ê\82Å\82à\93®\8dì\82ª\82¨\82©\82µ\82¢\8fê\8d\87\82Í\95Ê\82Ì\83u\83\89\83E\83U\82ð\8eg\82Á\82Ä\82Ý\82Ä\82\82¾\82³\82¢\81B\83o\81[\83W\83\87\83\93\82É\82æ\82Á\82Ä\82ÍJava\82ª\93®\82©\82È\82¢\8e\96\82ª\82 \82è\82Ü\82·\81BSunJava2\82ð\93±\93ü\82µ\82Ä\8c©\82Ä\82\82¾\82³\82¢\81B
+<LI>\8fo\82Ä\82¢\82ê\82Î\81AJavaApplet\82Ì\8fo\82·\83\81\83b\83Z\81[\83W\82ð\8am\94F\82\82¾\82³\82¢\81B\88È\89º\82Ì\8c´\88ö\82ª\8dl\82¦\82ç\82ê\82Ü\82·\81B(1)\83_\83E\83\93\83\8d\81[\83h\82µ\82½Java\82©\82ç\83T\81[\83o\82É\91Î\82µ\82Ä\83R\83l\83N\83g\82µ\82Ä\82±\82È\82¢\81B(2)Java\82ª\92è\8aú\92Ê\90M\82É\89\9e\93\9a\82µ\82È\82¢\81B(3)\93\96\92[\96\96\82Ì\83p\83P\83b\83g\82ª\88ê\92è\8aú\8aÔ\81A\83Q\81[\83g\83E\83F\83C\82ð\92Ê\89ß\82µ\82Ä\82¢\82È\82¢\81B(4)Java\8fI\97¹\82È\82Ç\82ÅTCP\83R\83l\83N\83V\83\87\83\93\82ª\95Â\82¶\82½\81B(5)\83T\81[\83o\83v\83\8d\83O\83\89\83\80\82ª\89½\82ç\82©\82Ì\8c´\88ö\82Å\8fI\97¹\82µ\82½\81B
+<LI>Java\82ª\83R\83l\83N\83g\82µ\82Ä\97\88\82È\82¢\8e\9e\82Í\81A\88È\89º\82Ì\8fê\8d\87\82É\95Â\8d½\82µ\82Ü\82·\81B(1)\94F\8fØ\83y\81[\83W\82Å\8ew\92è\82µ\82½\97\98\97p\8e\9e\8aÔ\82ª\8co\89ß\82µ\82½\81B(2)\93\96\92[\96\96\82Ì\83p\83P\83b\83g\82ª\88ê\92è\8aú\8aÔ\81A\83Q\81[\83g\83E\83F\83C\82ð\92Ê\89ß\82µ\82Ä\82¢\82È\82¢\81B(3)\94F\8fØ\8e\9e\82Æ\88Ù\82È\82éMAC\83A\83h\83\8c\83X\82ª\8c\9f\8fo\82³\82ê\82½\81B(4)\8b\96\89Â\83y\81[\83W\82Ì\97\98\97p\92\86\92f\83\8a\83\93\83N\82ª\89\9f\82³\82ê\82½\81B
+<LI>WindowsXP\82Ì\83C\83\93\83^\81[\83l\83b\83g\90Ú\91±\83t\83@\83C\83A\83E\83H\81[\83\8b(ICF)\82ª\90Ý\92è\82³\82ê\82Ä\82¢\82é\8fê\8d\87\82É\81A\90Ø\92f\82³\82ê\82é\82±\82Æ\82ª\82 \82è\82Ü\82·\81B\82µ\82©\82µ\81A\82Ç\82Ì\82æ\82¤\82È\8fð\8c\8f\89º\82Å\94\90¶\82·\82é\82©\82Í\94c\88¬\82Å\82«\82Ä\82¢\82Ü\82¹\82ñ\81B\94\90¶\82·\82é\8fê\8d\87\82Í\8aO\82µ\82Ä\82Ý\82Ä\82\82¾\82³\82¢\81B
+<LI>
+\83u\83\89\83E\83U\82É\82æ\82Á\82Ä\82Í\81AJavaApplet\95\\8e¦\83y\81[\83W\82©\82ç\83y\81[\83W\82ð\88Ú\93®\82·\82é\82Æ\90Ø\92f\82³\82ê\82é\82±\82Æ\82ª\82 \82è\82Ü\82µ\82½\82ª\81AVer0.90h\82Å\89ð\8fÁ\82µ\82Ü\82µ\82½\81B
+
+<LI>/var/log/opengate.log\82É\83G\83\89\81[\82ª\8fo\82Ä\82¢\82ê\82Î\82»\82ê\82ð\8eQ\8dl\82É\82µ\82Ä\82\82¾\82³\82¢\81B
+
+<LI>\8fã\8bL\8d\80\96Ú\82Ì Java \8aÖ\98A\82ð\8am\94F\82\82¾\82³\82¢\81B\82Ü\82½ netstat \93\99\82Å\83l\83b\83g\83\8f\81[\83N\8fó\8bµ\82ð\94c\88¬\82\82¾\82³\82¢\81BWeb\83u\83\89\83E\83U\89º\95\94\82Ì\83\81\83b\83Z\81[\83W\8ds\82É\89½\82©\8fo\82Ä\82È\82¢\82©\8am\94F\82\82¾\82³\82¢\81B
+
+<LI>\92[\96\96\82Æ\83Q\81[\83g\83E\83F\83C\83g\82Ì\8aÔ\82É\83L\83\83\83b\83V\83\85\83T\81[\83o\82âNAT\81CProxy\82È\82Ç\82ª\91¶\8dÝ\82·\82é\8fê\8d\87\81A\82»\82Ì\83T\81[\83o\82Ì IP \83A\83h\83\8c\83X\82ð\92[\96\96\83A\83h\83\8c\83X\82Æ\8cë\89ð\82·\82é\82½\82ß\81AApplet \82ª\90³\8fí\93®\8dì\82µ\82Ü\82¹\82ñ\81B\82±\82Ì\82æ\82¤\82È\8d\\90¬\82Í\94ð\82¯\82Ä\82\82¾\82³\82¢\81B
+
+</UL>
+<P>
+<LI>\97\98\97p\8b\96\89Â\83y\81[\83W\82Ì\95\\8e¦\82ª\82¨\82©\82µ\82¢\81B
+<P>
+<UL>
+<LI>\90³\8fí\82Å\82 \82ê\82Î\81A2\96\87\82Ì\83y\81[\83W\82ª\8fd\82È\82Á\82Ä\95\\8e¦\82³\82ê\82Ü\82·\81B\91æ1\83y\81[\83W\82É\82Í\81AJavaApplet\82ª\89©\90F\82Ì\98g\82Ì\92\86\82É\83\86\81[\83UID\93\99\82ð\95\\8e¦\82µ\82Ü\82·\81B\91æ2\83y\81[\83W\82É\82Í\81A\8ae\8eí\83\8a\83\93\83N\82Æ\97\98\97p\8fã\82Ì\92\8d\88Ó\82ª\92u\82©\82ê\82Ü\82·\81B
+<LI>\91æ1\83y\81[\83W\82É\89©\90F\82¢\98g\82ª\8fo\82È\82¢\8fê\8d\87\82Í\81AJavaApplet\82Ì\8bN\93®\82É\8e¸\94s\82µ\82½\82Æ\8dl\82¦\82ç\82ê\82Ü\82·\81B\8fã\8bL\82Ì\8d\80\96Ú\82ð\8eQ\8fÆ\82\82¾\82³\82¢\81B
+<LI>
\91æ2
\83y
\81[
\83W
\82ÍJavaScript
\82Å
\8fo
\82µ
\82Ä
\82¢
\82Ü
\82·
\81B
\8fo
\82È
\82¢
\8fê
\8d\87\82ÍJavaScript
\8aÖ
\98A
\82ª
\8b^
\82í
\82µ
\82¢
\82Å
\82·
\81B
\82½
\82¾
\82µ
\81A
\83y
\81[
\83W
\82ª
\8fo
\82È
\82
\82Ä
\82à
\97\98\97p
\82É
\8ex
\8fá
\82Í
\82 \82è
\82Ü
\82¹
\82ñ
\81B
\82È
\82¨
\81AInterner Explorer
\82Ì
\8fê
\8d\87\82Ì
\82Ý
\8bN
\82±
\82é
\82Ì
\82Å
\82 \82ê
\82Î
\81A
\83u
\83\89\83E
\83U
\82Ì
\90Ý
\92è
\82ª
\89ó
\82ê
\82Ä
\82¢
\82é
\82½
\82ß
\82©
\82à
\92m
\82ê
\82Ü
\82¹
\82ñ
\81B
\91¼
\82Ì
\83y
\81[
\83W
\82Å
\82à
\93¯
\8c»
\8fÛ
\82ª
\82 \82ê
\82Î
\88È
\89º
\82ð
\8c©
\82Ä
\82
\82¾
\82³
\82¢
\81B<A HREF=http://support.microsoft.com/support/kb/articles/q180/1/76.asp> http://support.microsoft.com/support/kb/articles/q180/1/76.asp </A>
\81BIE6
\82Å
\82à
\8bN
\82«
\82Ü
\82µ
\82½
\81B
+</UL>
+
+<P>
+<LI>\97\98\97p\94F\8fØ\82ð\92Ê\82ç\82È\82\82Ä\82à\8dÅ\8f\89\82©\82ç\83l\83b\83g\83\8f\81[\83N\82ª\97\98\97p\82Å\82«\82é\81B
+<P>
+<UL>
+<LI>\83N\83\89\83C\83A\83\93\83g\83}\83V\83\93\82ÉWeb\83u\83\89\83E\83U\82ª\8fí\92\93\82µ\82Ä\82¢\82Ü\82¹\82ñ\82©\81BMacintosh\82Å\82Í\81A\89æ\96Ê\8fã\82É\96³\82\82Ä\82à\89E\8fã\92[\82Ì\83A\83v\83\8a\83P\81[\83V\83\87\83\93\83\81\83j\83\85\81[\82É\8ec\82Á\82Ä\82¢\82é\82±\82Æ\82ª\82 \82è\82Ü\82·\81B\82Ü\82½\81A\82 \82é\8eí\82ÌOS\82Å\82Í\8fI\97¹\82Ì\8aT\94O\82Ì\82È\82¢\82à\82Ì\82ª\82 \82è\82Ü\82·\81B\82±\82Ì\8fê\8d\87\82Í\81Ajava\82É\8fI\97¹\83{\83^\83\93\82ð\95t\89Á\82·\82é\82È\82Ç\82Ì\83v\83\8d\83O\83\89\83\80\95Ï\8dX\82ª\95K\97v\82Å\82·\81B
+
+<LI>\83V\83X\83e\83\80\82Ì\93Ë\91R\92â\8e~\82â\83l\83b\83g\83\8f\81[\83N\82Ì\90Ø\92f\82Ì\82Æ\82«\82É\82Í\81A\83R\83l\83N\83V\83\87\83\93\82Ì\8fI\97¹\82ª\83T\81[\83o\82É\91Î\82µ\82Ä\91¦\8e\9e\82É\93`\82í\82è\82Ü\82¹\82ñ\81Bopengatesrv \82Í\81A\8e\9f\82Ì\92è\8aú\98A\97\8d\82Ì\8e\9e\82É\82»\82ê\82ð\8c\9f\8fo\82µ\82Ü\82·\82Ì\82Å\81A\82µ\82Î\82ç\82\91Ò\82Ä\82Î\95Â\8d½\82³\82ê\82é\82Í\82¸\82Å\82·\81B
+
+<LI>
\82¢
\82Â
\82Ü
\82Å
\82à
\95Â
\8d½
\82³
\82ê
\82È
\82¢
\8fê
\8d\87\82Í
\81A
\89½
\93\99\82©
\82Ì
\8c´
\88ö
\82Å ipfw
\82Ì
\83\8b\81[
\83\8b\82ª
\90¶
\82«
\8ec
\82Á
\82Ä
\82µ
\82Ü
\82Á
\82½
\82à
\82Ì
\82Æ
\8ev
\82í
\82ê
\82Ü
\82·
\81B
\8eè
\93®
\82Å
\8dí
\8f\9c\82·
\82é
\82©
\83V
\83X
\83e
\83\80\82ð
\83\8a\83u
\81[
\83g
\82µ
\82Ä
\82
\82¾
\82³
\82¢
\81BVer.0.90e
\88È
\8d~
\82Å
\82 \82ê
\82Î
\81A
\83v
\83\8d\83Z
\83X
\82Ì
\88Ù
\8fí
\8fI
\97¹
\8e\9e\82É
\90¶
\82«
\8ec
\82Á
\82½
\83\8b\81[
\83\8b\82ð
\92T
\82µ
\82Ä
\8dí
\8f\9c\82·
\82é<A HREF=rulechk.txt>
\83X
\83N
\83\8a\83v
\83g</A>
\82ª
\97\98\97p
\82Å
\82«
\82Ü
\82·
\81B
+
+<LI>\92[\96\96\82Æ\83Q\81[\83g\83E\83F\83C\83g\82Ì\8aÔ\82É NAT \82ª\91¶\8dÝ\82·\82é\8fê\8d\87\81A\93¯\88ê\83A\83h\83\8c\83X\82ð\8b¤\97L\82·\82é\82±\82Æ\82É\82È\82è\82Ü\82·\82Ì\82Å\81A\88ê\90l\82ª\8aJ\82¯\82ê\82Î\8b¤\97L\82³\82ê\82Ü\82·\81B\82±\82Ì\82æ\82¤\82È\8d\\90¬\82Í\94ð\82¯\82Ä\82\82¾\82³\82¢\81B
+</UL>
+<P>
+
+<LI>\97\98\97p\8b\96\89Â\82ð\92Ê\82Á\82½\82Ì\82É\83l\83b\83g\83\8f\81[\83N\82ª\97\98\97p\82Å\82«\82È\82¢\81B
+<P>
+<UL>
+<LI>\81uipfw list\81v\82Å ipfw \82Ì\83\8b\81[\83\8b\82ð\8am\94F\82\82¾\82³\82¢\81B\83\8b\81[\83\8b\82Ì\97D\90æ\8f\87\93\99\82Å\96µ\8f\82\82Í\82È\82¢\82Å\82·\82©\81B\83u\81[\83g\8e\9e\82Éipfw \8bN\93®\83G\83\89\81[\83\81\83b\83Z\81[\83W\82Í\8fo\82Ä\82È\82¢\82Å\82µ\82å\82¤\82©\81B
+
+<LI>/var/log/opengate.log\82É\83G\83\89\81[\82ª\8fo\82Ä\82¢\82ê\82Î\82»\82ê\82ð\8eQ\8dl\82É\82µ\82Ä\82\82¾\82³\82¢\81B
+
+<LI>Redirect\82³\82ê\82étoppage\82ª\81uNoCache\81v\82Ì\90Ý\92è\82ð\8e\9d\82Á\82Ä\82¢\82È\82¢\82Æ\81A\8dÄ\93x\82Ì\83A\83N\83Z\83X\82Å\82Í\83L\83\83\83b\83V\83\85\82ª\8eg\82í\82ê\82é\81B\97á\82¦\82Î\81AYahoo\83A\83N\83Z\83X\82ªOpengate\82ÖRedirect\82³\82ê\82½\82Æ\82«\82Í\81A\97á\82¦\83l\83b\83g\83\8f\81[\83N\82ª\8aJ\82¢\82Ä\82¢\82Ä\82à\81AYahoo\83A\83N\83Z\83X\82É\91Î\82µ\82ÄOpengate\82Ì\83y\81[\83W\82ª\83L\83\83\83b\83V\83\85\82©\82ç\8eæ\82è\8fo\82³\82ê\82é\81B
+</UL>
+<P>
+
+<LI>\90³\82µ\82¢\83p\83X\83\8f\81[\83h\82ð\91\97\82Á\82Ä\82¢\82é\82Í\82¸\82È\82Ì\82É\8b\91\94Û\82³\82ê\82é\81B
+<P>
+<UL>
+<LI>\97\98\97p\82µ\82Ä\82¢\82é\94F\8fØ\83T\81[\83o\82É\91Î\82µ\82Ä\92¼\90Ú\82É\83p\83X\83\8f\81[\83h\82ð\91\97\82Á\82Ä\94F\8fØ\83T\81[\83o\82Ì\8fó\91Ô\82ð\8am\94F\82\82¾\82³\82¢\81B
+
+<LI>/etc/opengatesrv.conf, radius.conf, pam.conf \82Ì\94F\8fØ\83T\81[\83o\90Ý\92è\82ª\82¨\82©\82µ\82\82È\82¢\82Å\82·\82©\81B
+
+<LI>/var/log/opengate.log\82É\83G\83\89\81[\82ª\8fo\82Ä\82¢\82ê\82Î\82»\82ê\82ð\8eQ\8dl\82É\82µ\82Ä\82\82¾\82³\82¢\81B
+</UL>
+
+<P>
+<LI>\83y\81[\83W\82ª\96]\82Þ\8c¾\8cê\88È\8aO\82Å\95\\8e¦\82³\82ê\82é\81B
+<P>
+<UL>
+<LI>index.html\93à\82Ì\8bL\8fq\81A \82»\82Ì\83f\83B\83\8c\83N\83g\83\8a\96¼\81A makefile\93à\82Ì\8bL\8fq\82ð\8am\82©\82ß\82Ä\82\82¾\82³\82¢\81B\8c¾\8cê\8ew\92è\82ÌID\82Í\88ê\92v\82·\82é\95K\97v\82ª\82 \82è\82Ü\82·\81BID\82Í\91å\95¶\8e\9a\81A\8f¬\95¶\8e\9a\82à\8bæ\95Ê\82µ\82Ü\82·\81BID\82Í2\95¶\8e\9a\82ð\8eg\97p\82µ\82Ü\82·\81B
+<LI>\90V\82µ\82¢\8c¾\8cê\82ð\92Ç\89Á\82·\82é\8e\9e\82Í\81A\93¯\97l\82È\8c`\8e®\82Å\83f\83B\83\8c\83N\83g\83\8a\82É\83t\83@\83C\83\8b\82ð\94z\92u\82µ\81AMakefile\82ÉID\82ð\92Ç\89Á\82\82¾\82³\82¢\81B
+</UL>
+
+<P>
+<LI>\93±\93ü\88È\8d~\81A\83T\81[\83o\82Ì\83l\83b\83g\83\8f\81[\83N\83g\83\89\83u\83\8b\82ª\91½\82¢\82æ\82¤\82¾\81B
+<P>
+<UL>
+<LI>
+\82Å\82«\82é\82¾\82¯\90V\82µ\82¢\82à\82Ì\82ð\97\98\97p\89º\82³\82¢\81B\93Á\82ÉVer.0.54\88È\91O\82É\82Í\81C\92·\8aú\89^\97p\82É\8dÛ\82µ\82Ä\92v\96½\93I\82È\83G\83\89\81[\82ð\8bN\82±\82·\83v\83\8d\83O\83\89\83\80\83~\83X\82ð\8aÜ\82ñ\82Å\82¢\82Ü\82µ\82½\81B
+</UL>
+<P>
+
+<LI>\94F\8fØ\92Ê\89ß\82É1\95ª\88È\8fã\82à\8a|\82©\82é\82±\82Æ\82ª\82 \82é\81B
+<P>
+<UL>
+<LI>
+\82Ü\82¸\82Í\82Ç\82±\82Å\8e\9e\8aÔ\82ð\97v\82µ\82Ä\82¢\82é\82©\82ð\90Ø\82è\95ª\82¯\82Ä\89º\82³\82¢\81B\93\96\95û\82Å\82Í\81AApache\82Ìhttpd.conf\82É\82¨\82¢\82Ä"HostnameLookups On"\82ª\90Ý\92è\82³\82ê\82Ä\82¢\82½\82½\82ß\81A\96¼\91O\89ð\8c\88\82É\8e\9e\8aÔ\82ð\97v\82µ\82½\82±\82Æ\82ª\82 \82è\82Ü\82·\81BOff\82É\90Ý\92è\82µ\82Ä\89ð\8c\88\82µ\82Ü\82µ\82½\81B
+</UL>
+<P>
+
+<LI>\82Ç\82¤\82µ\82æ\82¤\82à\82È\82\82È\82Á\82½\82Æ\82«
+<P>
+<UL>
+<LI>
+opengatesrv/opengatesrv.h\92\86\82É\81u#define DEBUG\81v\82Ì\92è\8b`\82ª\82 \82è\82Ü\82·\81B\82±\82ê\82ð\81u1\81v\82É\90Ý\92è\82·\82é\82Æ\81Aopengate.log\82É\83f\83o\83b\83O\8fo\97Í\82ª\8fo\82Ü\82·\81B\82Ü\82½\81Aerr_msg()\8aÖ\90\94\82Í\81A\8fo\97Í\82ðopengate.log\82É\8fo\82µ\82Ü\82·\81B\93K\93\96\82È\88Ê\92u\82É\91}\93ü\82µ\82Ä\89º\82³\82¢\81B\8eg\82¢\95û\82Í\81A\83v\83\8d\83O\83\89\83\80\92\86\82Ì\97á\82ð\8c©\82ê\82Î\95ª\82©\82é\82Æ\8ev\82¢\82Ü\82·\82ª\81Aprintf()\8aÖ\90\94\82Æ\93¯\82¶\95¶\96@\82Å\82·\81B
+</UL>
+</UL>
+</BODY>
+</HTML>
--- /dev/null
+<html>
+<head>
+<title>Opegnate Install</title>
+<meta http-equiv="content-type" content="text/html">
+<link rel="stylesheet" type="text/css" media="screen" href="./install/en/style.css">
+</head>
+
+<body bgcolor="#BBEECC">
+
+<h2>Opengate Install Procedure</h2>
+
+<!-- Start:Content Table -->
+<ul>
+ <li class="list_alpha"><a href="./install/en/a.html#opengate0">Opengate Install Procedure</a></li>
+ <ul>
+ <li class="list_num"><a href="./en/a.html#opengate1">Install Procedure</a></li>
+ <li class="list_num"><a href="./en/a.html#opengate2">Install FreeBSD</a></li>
+ <li class="list_num"><a href="./en/a.html#opengate3">Install Opengate</a></li>
+ </ul>
+ <li class="list_alpha"><a href="./en/b.html#ipfw0">Setup ipfw,ip6fw</a></li>
+ <ul>
+ <li class="list_num"><a href="./en/b.html#ipfw1">Prepare kernel</a></li>
+ <li class="list_num"><a href="./en/b.html#ipfw2">Setup ipfw</a></li>
+ <li class="list_num"><a href="./en/b.html#ipfw3">Setup ip6fw</a></li>
+ </ul>
+ <li class="list_alpha"><a href="./en/c.html#apache0">Install Apache2</a></li>
+ <ul>
+ <li class="list_num"><a href="./en/c.html#apache1">Install (ports)</a></li>
+ <li class="list_num"><a href="./en/c.html#apache2">Install (source)</a></li>
+ <li class="list_num"><a href="./en/c.html#apache3">Make Private key, Certificate</a></li>
+ <li class="list_num"><a href="./en/c.html#apache4">Setup VirtualHost</a></li>
+ <li class="list_num"><a href="./en/c.html#apache5">Setup HTTP_ERROR 404</a></li>
+ </ul>
+ <li class="list_alpha"><a href="./en/d.html#dhcp0">Install isc-dhcp3</a></li>
+ <ul>
+ <li class="list_num"><a href="./en/d.html#dhcp1">Install (ports)</a></li>
+ <li class="list_num"><a href="./en/d.html#dhcp2">Setup dhcpd.conf</a></li>
+ </ul>
+ <li class="list_alpha"><a href="./en/e.html#bind0">Install BIND9</a></li>
+ <ul>
+ <li class="list_num"><a href="./en/e.html#bind1">Install (ports)</a></li>
+ <li class="list_num"><a href="./en/e.html#bind2">Make RNDC key</a></li>
+ <li class="list_num"><a href="./en/e.html#bind3">Setup named.conf</a></li>
+ <li class="list_num"><a href="./en/e.html#bind4">Setup zone</a></li>
+ <li class="list_num"><a href="./en/e.html#bind5">Start confirmation</a></li>
+ </ul>
+</ul>
+
+<!-- End:Content Table -->
+</body>
+</html>
\ No newline at end of file
--- /dev/null
+<html>\r
+<head>\r
+<title>Opegnate Install</title>\r
+<meta http-equiv="content-type" content="text/html;charset=Shift_JIS">\r
+<link rel="stylesheet" type="text/css" media="screen" href="./install/ja/style.css" charset="Shift_JIS">\r
+</head>\r
+\r
+<body bgcolor="#BBEECC">\r
+\r
+<h2>Opengate \83C\83\93\83X\83g\81[\83\8b\8eè\8f\87</h2>\r
+\r
+<!-- Start:\96Ú\8e\9f -->\r
+<ul>\r
+ <li class="list_alpha"><a href="./ja/a.html#opengate0">Opengate \82Ì\83C\83\93\83X\83g\81[\83\8b</a></li>\r
+ <ul>\r
+ <li class="list_num"><a href="./ja/a.html#opengate1">\83C\83\93\83X\83g\81[\83\8b\8eè\8f\87</a></li>\r
+ <li class="list_num"><a href="./ja/a.html#opengate2">FreeBSD \82Ì\83C\83\93\83X\83g\81[\83\8b</a></li>\r
+ <li class="list_num"><a href="./ja/a.html#opengate3">Opengate \82Ì\83C\83\93\83X\83g\81[\83\8b</a></li>\r
+ </ul>\r
+ <li class="list_alpha"><a href="./ja/b.html#ipfw0">ipfw,ip6fw\82Ì\90Ý\92è</a></li>\r
+ <ul>\r
+ <li class="list_num"><a href="./ja/b.html#ipfw1">\83J\81[\83l\83\8b\82Ì\8dÄ\8d\\92z</a></li>\r
+ <li class="list_num"><a href="./ja/b.html#ipfw2">ipfw\82Ì\90Ý\92è</a></li>\r
+ <li class="list_num"><a href="./ja/b.html#ipfw3">ip6fw\82Ì\90Ý\92è</a></li>\r
+ </ul>\r
+ <li class="list_alpha"><a href="./ja/c.html#apache0">Apache2\82Ì\83C\83\93\83X\83g\81[\83\8b</a></li>\r
+ <ul>\r
+ <li class="list_num"><a href="./ja/c.html#apache1">\83C\83\93\83X\83g\81[\83\8b\81iports\81j</a></li>\r
+ <li class="list_num"><a href="./ja/c.html#apache2">\83C\83\93\83X\83g\81[\83\8b\81i\83\\81[\83X\81j</a></li>\r
+ <li class="list_num"><a href="./ja/c.html#apache3">\94é\96§\8c®\81A\8fØ\96¾\8f\91\82Ì\8dì\90¬</a></li>\r
+ <li class="list_num"><a href="./ja/c.html#apache4">\83o\81[\83`\83\83\83\8b\83z\83X\83g\82Ì\90Ý\92è</a></li>\r
+ <li class="list_num"><a href="./ja/c.html#apache5">HTTP_ERROR 404\82Ö\82Ì\91Î\89\9e</a></li>\r
+ </ul>\r
+ <li class="list_alpha"><a href="./ja/d.html#dhcp0">isc-dhcp3\82Ì\83C\83\93\83X\83g\81[\83\8b</a></li>\r
+ <ul>\r
+ <li class="list_num"><a href="./ja/d.html#dhcp1">\83C\83\93\83X\83g\81[\83\8b\81iports\81j</a></li>\r
+ <li class="list_num"><a href="./ja/d.html#dhcp2">DHCP\82Ì\90Ý\92è</a></li>\r
+ </ul>\r
+ <li class="list_alpha"><a href="./ja/e.html#bind0">BIND9\82Ì\83C\83\93\83X\83g\81[\83\8b</a></li>\r
+ <ul>\r
+ <li class="list_num"><a href="./ja/e.html#bind1">\83C\83\93\83X\83g\81[\83\8b\81iports\81j</a></li>\r
+ <li class="list_num"><a href="./ja/e.html#bind2">\94F\8fØ\83L\81[\82Ì\8dì\90¬</a></li>\r
+ <li class="list_num"><a href="./ja/e.html#bind3">named.conf\82Ì\90Ý\92è</a></li>\r
+ <li class="list_num"><a href="./ja/e.html#bind4">zone\82Ì\90Ý\92è</a></li>\r
+ <li class="list_num"><a href="./ja/e.html#bind5">\8bN\93®\8am\94F</a></li>\r
+ </ul>\r
+</ul>\r
+\r
+<!-- End:\96Ú\8e\9f -->\r
+\r
+\r
+</body>\r
+</html>
\ No newline at end of file
--- /dev/null
+<html>
+<head>
+<title>Opegnate Install</title>
+<meta http-equiv="content-type" content="text/html;charset=Shift_JIS">
+<link rel="stylesheet" type="text/css" media="screen" href="style.css">
+</head>
+
+<body bgcolor="#BBEECC">
+
+<!-- Start:Opengate\82Ì\83C\83\93\83X\83g\81[\83\8b -->
+<h3>A Opegnate
\82Ì
\83C
\83\93\83X
\83g
\81[
\83\8b<a name="opengate0" href="#opengate0" class="anchor">†</a></h3>
+<ul>
+ <li class="list_num"><a href="#opengate1">\83C\83\93\83X\83g\81[\83\8b\8eè\8f\87</a></li>
+ <li class="list_num"><a href="#opengate2">FreeBSD \82Ì\83C\83\93\83X\83g\81[\83\8b</a></li>
+ <li class="list_num"><a href="#opengate3">Opengate \82Ì\83C\83\93\83X\83g\81[\83\8b</a></li>
+</ul>
+
+<!-- ************ 1 ************** -->
+<h4>A.1
\83C
\83\93\83X
\83g
\81[
\83\8b\8eè
\8f\87<a name="opengate1" href="#opengate1" class="anchor">†</a></h4>
+
+<p>Opengate\82Ì\83C\83\93\83X\83g\81[\83\8b\8eè\8f\87\82ð\88È\89º\82É\8e¦\82·\81B\82½\82¾\82µ\81A\81¦\82Í\95K\90{\8d\80\96Ú\82ð\8e¦\82µ\81A\82»\82ê\88È\8aO\82Ì\8eè\8f\87\82Í\95K\97v\82É\89\9e\82¶\82Ä\8ds\82È\82¤\81B</p>
+
+<ul>
+ <li class="list_num">\83Q\81[\83g\83E\83F\83C\83}\83V\83\93\82Ì\8f\80\94õ \81¦</li>
+ <li class="list_num">FreeBSD(OS)\82Ì\83C\83\93\83X\83g\81[\83\8b \81¦</li>
+ <li class="list_num">\83J\81[\83l\83\8b\82Ì\8dÄ\8d\\92z \81¦</li>
+ <li class="list_num">ipfw,ip6fw\82Ì\90Ý\92è \81¦</li>
+ <li class="list_num">NAT\82Ì\90Ý\92è</li>
+ <li class="list_num">Apache2\82Ì\83C\83\93\83X\83g\81[\83\8b\81A\90Ý\92è \81¦</li>
+ <li class="list_num">DHCP\82Ì\83C\83\93\83X\83g\81[\83\8b\81A\90Ý\92è</li>
+ <li class="list_num">BIND9\82Ì\83C\83\93\83X\83g\81[\83\8b\81A\90Ý\92è</li>
+</ul>
+
+<div align="right"><a href="#opengate0">top</a></div>
+
+<!-- ************ 2 ************** -->
+<h4>A.2 FreeBSD
\82Ì
\83C
\83\93\83X
\83g
\81[
\83\8b<a name="opengate2" href="#opengate2" class="anchor">†</a></h4>
+
+<p>\83Q\81[\83g\83E\83F\83C\83}\83V\83\93\82Æ\82µ\82Ä\81ANIC\82ð\82Q\96\87\88È\8fã\8e\9d\82¿\81AFreeBSD\82ð\83C\83\93\83X\83g\81[\83\8b\82·\82é\82±\82Æ\82ª\89Â\94\\82È\82à\82Ì\82ð\97p\88Ó\82·\82é\81B</p>
+<p>FreeBSD 4.x,5.x,6.x\82Ì\89½\82ê\82©\82ð\83C\83\93\83X\83g\81[\83\8b\82·\82é\81B\8cã\82É\83J\81[\83l\83\8b\82ð\8dÄ\8d\\92z\82·\82é\95K\97v\82ª\82 \82é\82Ì\82Å\81A\83C\83\93\83X\83g\81[\83\8b\82·\82é
+Distributions\82ð\91I\91ð\82·\82é\8dÛ\82ÉDeveloper(Full sorces,binaries and doc)\82ð\91I\91ð\82µ\82È\82¯\82ê\82Î\82È\82ç\82È\82¢\81B</p>
+<p>FreeBSD\82ð\83C\83\93\83X\83g\81[\83\8b\82µ\82½\8cã\82É\81A\83Q\81[\83g\83E\83F\83C\82Æ\82µ\82Ä\82Ì\8b@\94\\82ð\97L\8cø\82É\82·\82é\82½\82ß\82É\81A/etc/rc.conf\82É\8e\9f\82Ì\90Ý\92è\82ð\8bL\8fq\82·\82é
+\81B\82à\82µ\82\82Í\81AFreeBSD\82ð\83C\83\93\83X\83g\81[\83\8b\82·\82é\8dÛ\82É\81A\83Q\81[\83g\83E\83F\83C\82Æ\82µ\82Ä\82Ì\8b@\94\\82ð\97L\8cø\82É\82·\82é\82©\94Û\82©\82ð\96â\82í\82ê\82é\82Ì\82Å\81A\82±\82±\82Å
+\83Q\81[\83g\83E\83F\83C\82Ì\8b@\94\\82ð\97L\8cø\82É\82µ\82Ä\82à\8d\\82í\82È\82¢\81B</p>
+
+<table>
+<td><code>gateway_enable="YES"</code></td>
+</table>
+
+<div align="right"><a href="#opengate0">top</a></div>
+
+<!-- ************ 3 ************** -->
+<h4>A.3 Opengate
\82Ì
\83C
\83\93\83X
\83g
\81[
\83\8b<a name="opengate3" href="#opengate3" class="anchor">†</a></h4>
+
+<h5>A.3.1 Opengate
\83p
\83b
\83P
\81[
\83W<a name="opengate4" href="#opengate4" class="anchor">†</a></h5>
+
+<p>Opengate\82Ì\8dÅ\90V\82Ì\83p\83b\83P\81[\83W\82ð\93K\93\96\82È\83f\83B\83\8c\83N\83g\83\8a\82É\93W\8aJ\82·\82é\81B\83p\83b\83P\81[\83W\82É\82Í\88È\89º\82Ì\83f\83B\83\8c\83N\83g\83\8a\82ª\8aÜ\82Ü\82ê\82é\81B</p>
+
+<table>
+<tr><td>
+<pre>
+doc\81F\8ae\8eí\95¶\8f\91
+conf\81F\90Ý\92è\83t\83@\83C\83\8b\81A\83t\83@\83C\83A\83E\83H\81[\83\8b\83X\83N\83\8a\83v\83g
+javahtml\81F\83N\83\89\83C\83A\83\93\83gJava Applet\81AHTML\83t\83@\83C\83\8b
+opengatesrv\81F\83T\81[\83oCGI\83v\83\8d\83O\83\89\83\80
+</pre>
+</td></tr>
+</table>
+
+<h5>A.3.2
\83R
\83\93\83p
\83C
\83\8b<a name="opengate5" href="#opengate5" class="anchor">†</a></h5>
+
+<p>Opengate\83p\83b\83P\81[\83W\82É\8aÜ\82Ü\82ê\82éopengatesrv\83f\83B\83\8c\83N\83g\83\8a\82ÉMakefile\82ª\97p\88Ó\82³\82ê\82Ä\82¢\82é\81B
+\93¯\83f\83B\83\8c\83N\83g\83\8a\82É\82¨\82¢\82Ä\81AOpengate\82Ì\83R\83\93\83p\83C\83\8b\82Æ\83C\83\93\83X\83g\81[\83\8b\8dì\8bÆ\82ð\8ds\82È\82¤\82ª\81A\83R\83\93\83p\83C\83\8b
+\82ð\8ds\82È\82¤\91O\82É\81A\8ae\8eí\90Ý\92è\82ð\8ds\82È\82¤\95K\97v\82 \82ª\82é\81B\90Ý\92è\82Ì\82½\82ß\82É\82Í\81AMakefile\82Æopengatesrv.h\82ð\95Ò\8fW\82·\82é\81B</p>
+<p>Makefle\82É\82¨\82¢\82Ä\81A\88È\89º\82Ì\8d\80\96Ú\82ð\90Ý\92è\82µ\82È\82¯\82ê\82Î\82È\82ç\82È\82¢\81B</p>
+
+<ul>
+ <li class="list_none">HOSTNAME</li>
+ <ul>
+ <li>Opengate\82ÌFQDN\82Å\81AIPv4/6\97¼\95û\82Ì\83A\83h\83\8c\83X\82ª\93o\98^\82³\82ê\82Ä\82¢\82é\82à\82Ì\82ð\90Ý\92è\82·\82é\81B</li>
+ </ul>
+ <li class="list_none">HOSTNAME4</li>
+ <ul>
+ <li>Opengate\82ÌFQDN\82Å\81AIPv4\83A\83h\83\8c\83X\82Ì\82Ý\82ª\93o\98^\82³\82ê\82Ä\82¢\82é\82à\82Ì\82ð\90Ý\92è\82·\82é\81B</li>
+ </ul>
+ <li class="list_none">OPENGATEDIR</li>
+ <ul>
+ <li>Opengate\8aÖ\98A\83t\83@\83C\83\8b\82ð\83C\83\93\83X\83g\81[\83\8b\82·\82é\8fê\8f\8a\82ð\81AApache2\82ÌDocumnetRoot\82©\82ç\82Ì\91\8a\91Î\83p\83X\82Å\90Ý\92è\82·\82é\81B</li>
+ </ul>
+ <li class="list_none">HTMLTOP1,HTMLTOP2</li>
+ <ul>
+ <li>Apache2\82Ì\83C\83\93\83X\83g\81[\83\8b\8fó\8bµ\82É\82æ\82Á\82Ä\81AHTMLTOP1\82ÉHTTP\97p\82ÌDocumentRoot\82ð\90Ý\92è\82·\82é\81B</li>
+ <li>HTMLTOP1\82Æ\93¯\97l\82É\81AHTMLTOP2\82ÉHTTPS\97p\82ÌDocumentRoot\82ð\90Ý\92è\82·\82é\81B</li>
+ </ul>
+ <li class="list_none">CGIPATH,CGIPROG,CGIURL</li>
+ <ul>
+ <li>CGIPATH\82É\81A\83T\81[\83oCGI\82ð\83C\83\93\83X\83g\81[\83\8b\82·\82é\8fê\8f\8a\82Ì\90â\91Î\83p\83X\82ð\90Ý\92è\82·\82é\81B\82½\82¾\82µ\81AApache2\82Ì\83C\83\93\83X\83g\81[\83\8b\8fó\8bµ\82É\82æ\82Á\82Ä\81A
+ CGI\82ª\8eÀ\8ds\89Â\94\\82È\8fê\8f\8a\82Å\82 \82é\82±\82Æ\81B</li>
+ <li>CGIPROG\82É\81A\83T\81[\83oCGI\82Ì\96¼\91O\82ð\90Ý\92è\82·\82é\81B</li>
+ <li>CGIURL\82É\81A\83T\81[\83oCGI\82ð\8eÀ\8ds\82·\82é\82½\82ß\82ÌURL\82ð\90Ý\92è\82·\82é\81B</li>
+ </ul>
+ <li class="list_none">AUTHCGIPROG,AUTHCGIURL</li>
+ <ul>
+ <li>AUTHCGIPROG\82É\81A\94F\8fØ\89æ\96Ê\92ñ\8b\9fCGI\82Ì\96¼\91O\82ð\90Ý\92è\82·\82é\81B</li>
+ <li>AUTHCGIURL\82É\81A\83T\81[\83oCGI\82Æ\93¯\97l\82É\81A\94F\8fØ\89æ\96Ê\92ñ\8b\9fCGI\82ð\8eÀ\8ds\82·\82é\82½\82ß\82ÌURL\82ð\90Ý\92è\82·\82é\81B</li>
+ </ul>
+ <li class="list_none">CONFIGFILE</li>
+ <ul>
+ <li>Opengate\82Ì\90Ý\92è\83t\83@\83C\83\8b\96¼\82ð\90Ý\92è\82·\82é\81B</li>
+ </ul>
+ <li class="list_none">USEFWSCRIPT,FWSCRIPT,FWSCRIPTFILE</li>
+ <ul>
+ <li>USEFWSCRIPT\82É\81A\83t\83@\83C\83A\83E\83H\81[\83\8b\90§\8cä\83X\83N\83\8a\83v\83g\82ð\97\98\97p\82·\82é\82©\94Û\82©\82ð\90Ý\92è\82·\82é\81B\81i\82P\81F\97\98\97p\82·\82é\81B\82O\81F\97\98\97p\82µ\82È\82¢\81B\81j</li>
+ <li>FWSCRIPT\82É\81A\83t\83@\83C\83A\83E\83H\81[\83\8b\90§\8cä\83X\83N\83\8a\83v\83g\82Ì\83t\83@\83C\83\8b\96¼\82ð\90Ý\92è\82·\82é\81B</li>
+ <li>FWSCRIPTFILE\82É\81AFWSCRIPT\82É\90Ý\92è\82µ\82½\83t\83@\83C\83\8b\82Ö\82Ì\90â\91Î\83p\83X\82ð\90Ý\92è\82·\82é\81B</li>
+ </ul>
+ <li class="list_none">LOCKFILE</li>
+ <ul>
+ <li>\94r\91¼\90§\8cä\97p\83\8d\83b\83N\83t\83@\83C\83\8b\96¼\81A\90â\91Î\83p\83X\82ð\90Ý\92è\82·\82é\81B</li>
+ </ul>
+ <li class="list_none">HTMLDOCS,DENYDOC,DENYDOCSSL,ACCEPTDOC,ACCEPTDOC2</li>
+ <ul>
+ <li>HTMLDOCS\82É\81A\83T\81[\83oCGI\82Å\97p\82¢\82éHTML\83t\83@\83C\83\8b\96¼\91S\82Ä\82ð\90Ý\92è\82·\82é\81B</li>
+ <li>DENYDOC\82É\81A\94F\8fØ\8e¸\94s\8e\9e\82É\95\\8e¦\82·\82éHTML\83t\83@\83C\83\8b\82ð\90Ý\92è\82·\82é\81B</li>
+ <li>DENYDOCSSL\82É\81AHTTPS\82ð\97p\82¢\82Ä\94F\8fØ\82É\8e¸\94s\82µ\82½\8fê\8d\87\82ÌHTML\83t\83@\83C\83\8b\82ð\90Ý\92è\82·\82é\81B</li>
+ <li>ACCEPTDOC\82É\81A\94F\8fØ\90¬\8c÷\8e\9e\82É\95\\8e¦\82·\82éHTML\83t\83@\83C\83\8b\82ð\90Ý\92è\82·\82é\81B</li>
+ <li>ACCEPTDOC2\82É\81A\94F\8fØ\90¬\8c÷\8e\9e\82É\83|\83b\83v\83A\83b\83v\83E\83B\83\93\83h\83E\82Å\95\\8e¦\82³\82ê\82éHTML\83t\83@\83C\83\8b\82ð\90Ý\92è\82·\82é\81B
+ \81i\83|\83b\83v\83A\83b\83v\83E\83B\83\93\83h\83E\82ÌURL\82Í\95Ï\8dX\89Â\94\\81BINFOURL\8eQ\8fÆ\81j</li>
+ </ul>
+ <li class="list_none">INFOMATION</li>
+ <ul>
+ <li>ACCEPTDOC2\82Ì\91Ö\82í\82è\82É\81A\95ÊURL\82Ì\83y\81[\83W\82ð\95\\8e¦\82·\82é\82©\94Û\82©\82ð\90Ý\92è\82·\82é\81B\81i\82P\81F\97\98\97p\82·\82é\81B\82O\81F\97\98\97p\82µ\82È\82¢\81B\81j</li>
+ </ul>
+ <li class="list_none">INFOMATIONURL</li>
+ <ul>
+ <li>ACCEPTDOC2\82Ì\91Ö\82í\82è\82É\95\\8e¦\82³\82¹\82é\83y\81[\83W\82ÌURL\82ð\90Ý\92è\82·\82é\81B</li>
+ </ul>
+ <li class="list_none">AUTHHTMLJA,AUTHHTMLEN,AUTHHTMLJASSL,AUTHHTMLENSSL</li>
+ <ul>
+ <li>AUTHHTMLJA\82É\81A\93ú\96{\8cê\94F\8fØ\83y\81[\83W\82ÌHTML\83t\83@\83C\83\8b\82ð\90Ý\92è\82·\82é\81B</li>
+ <li>AUTHHTMLEN\82É\81A\89p\8cê\94F\8fØ\83y\81[\83W\82ÌHTML\83t\83@\83C\83\8b\82ð\90Ý\92è\82·\82é\81B</li>
+ <li>AUTHHTMLJASSL\82É\81AHTTPS\82ð\97p\82¢\82½\93ú\96{\8cê\94F\8fØ\83y\81[\83W\82ÌHTML\83t\83@\83C\83\8b\82ð\90Ý\92è\82·\82é\81B</li>
+ <li>AUTHHTMLENSSL\82É\81AHTTPS\82ð\97p\82¢\82½\89p\8cê\94F\8fØ\83y\81[\83W\82ÌHTML\83t\83@\83C\83\8b\82ð\90Ý\92è\82·\82é\81B</li>
+ <li>\93ú\96{\8cê\81A\89p\8cê\88È\8aO\82É\94F\8fØ\8c¾\8cê\82ð\92Ç\89Á\82·\82é\8fê\8d\87\82Í\81Ajavahtml\83f\83B\83\8c\83N\83g\83\8a\93à\82Ì\8c¾\8cê\83f\83B\83\8c\83N\83g\83\8a\82Ì\92Ç\89Á\81AHTMLDOCS,DENYDOC,
+ DENYDOCSSL,ACCESPTDOC,ACCEPTDOC2\82ð\95Ï\8dX\82µ\81A\82³\82ç\82Éopengateauth.h\93à\82Ì\90Ý\92è\82É\82 \82í\82¹\82ÄAUTHTHMLXX\82ð\92Ç\89Á\82·\82é\82±\82Æ\81B</li>
+ </ul>
+ <li class="list_none">ARPPATH</li>
+ <ul>
+ <li>ARP\83R\83}\83\93\83h\82Ì\83p\83X\82ð\90Ý\92è\82·\82é\81B</li>
+ </ul>
+ <li class="list_none">NDPPAHT</li>
+ <ul>
+ <li>NDP\83R\83}\83\93\83h\82Ì\83p\83X\82ð\90Ý\92è\82·\82é\81B</li>
+ </ul>
+ <li class="list_none">IPFW,IP6FW</li>
+ <ul>
+ <li>IPFW,IP6FW\83R\83}\83\93\83h\82Ì\82»\82ê\82¼\82ê\82Ì\83p\83X\82ð\90Ý\92è\82·\82é\81B</li>
+ </ul>
+</ul>
+
+<p>opengatesrv.h\82É\82¨\82¢\82Ä\81A\88È\89º\82Ì\8d\80\96Ú\82ð\90Ý\92è\82µ\82È\82¯\82ê\82Î\82È\82ç\82È\82¢\81B</p>
+
+<ul>
+ <li class="list_none">DEBUG</li>
+ <ul>
+ <li>\83f\83o\83b\83O\82ð\8ds\82È\82¤\82©\94Û\82©\82ð\90Ý\92è\82·\82é\81B\81i\82P\81F\83f\83o\83b\83O\83\8d\83O\82ð\8fo\97Í\82·\82é\81B\82O\81F\94F\8fØ\83\8d\83O\82Ì\82Ý\8fo\97Í\82·\82é\81B\81j</li>
+ </ul>
+ <li class="list_none">DURATIONDEFAULT</li>
+ <ul>
+ <li>Java Applet\82ð\91\97\90M\82µ\82Ä\82©\82ç\90Ú\91±\82µ\82Ä\82\82é\82Ü\82Å\82Ì\91Ò\82¿\8e\9e\8aÔ\81i\95b\81j\82ð\90Ý\92è\82·\82é\81B\90Ý\92è\92l\82Ì\8e\9e\8aÔ\82ª\8co\89ß\82·\82é\82Ü\82Å\82É\81A
+ Java Applet\82©\82ç\82Ì\90Ú\91±\82ª\96³\82¯\82ê\82Î\92Ê\90M\98H\82ð\95Â\8d½\82·\82é\81B\82±\82Ì\91Ò\82¿\8e\9e\8aÔ\82Í\94F\8fØ\83y\81[\83W\82æ\82è\81A\97\98\97p\8eÒ\82ª\95Ï\8dX\82·\82é\82±\82Æ\82ª\89Â\94\\81B
+ \82Ü\82½\81A\97\98\97p\8eÒ\82Ì\95Ï\8dX\82ð\8b\96\97e\82µ\82È\82¢\8fê\8d\87\82Í\81A\94F\8fØ\83y\81[\83W\82©\82ç\93ü\97Í\83t\83H\81[\83\80\82ð\8dí\8f\9c\82·\82é\82±\82Æ\81B</li>
+ </ul>
+ <li class="list_none">DURATIONMAX</li>
+ <ul>
+ <li>Java Applet\82©\82ç\82Ì\90Ú\91±\82ª\8am\94F\82Å\82«\82È\82¢\8fê\8d\87\82É\81A\97\98\97p\8eÒ\82ª\94F\8fØ\83y\81[\83W\82Å\8ew\92è\82µ\82½\97\98\97p\8cp\91±\8e\9e\8aÔ\81i\95b\81j\82Ì\8dÅ\91å\92l
+ \82ð\90Ý\92è\82·\82é\81B\97\98\97p\8eÒ\82Ì\95Ï\8dX\82ð\8b\96\97e\82µ\82È\82¢\8fê\8d\87\82Í\81ADURATIONDEFAULT\82Æ\93¯\82¶\92l\82É\82·\82é\95K\97v\82ª\82 \82é\81B</li>
+ </ul>
+ <li class="list_none">ACTIVECHECKINTERVAL</li>
+ <ul>
+ <li> \92[\96\96\82Ì\97\98\97p\8fó\8bµ\82ð\8am\94F\82·\82é\8aÔ\8au(\95b)\82ð\90Ý\92è\82·\82é\81BJava Applet\82©\82ç\82Ì\90Ú\91±\82ª\96³\82¢\8fê\8d\87\82Í\81A
+ \92Ê\89ß\83p\83P\83b\83g\90\94\82ÆMAC\83A\83h\83\8c\83X\82Ì\8am\94F\82ð\8ds\82È\82¤\81BJava Applet\82©\82ç\82Ì\92Ê\90M\82ª\82 \82é\8fê\8d\87\82Í\81AHELLO\83\81\83b\83Z\81[\83W\82Ì\8cð\8a·\82Æ
+ \92Ê\89ß\83p\83P\83b\83g\90\94\82Ì\8am\94F\82ð\8ds\82È\82¤\81B</li>
+ </ul>
+ <li class="list_none">COMMWAITTIMEOUT</li>
+ <ul>
+ <li>HELLO\83\81\83b\83Z\81[\83W\95Ô\93\9a\82Ü\82Å\82Ì\8dÅ\91å\91Ò\82¿\8e\9e\8aÔ\81i\95b\81j\82ð\90Ý\92è\82·\82é\81B</li>
+ </ul>
+ <li class="list_none">NOREPLYMAX</li>
+ <ul>
+ <li>HELLO\83\81\83b\83Z\81[\83W\82É\89\9e\93\9a\82µ\82È\82©\82Á\82½\8fê\8d\87\82ð\8b\96\97e\82·\82é\89ñ\90\94\82ð\90Ý\92è\82·\82é\81B</li>
+ </ul>
+ <li class="list_none">NOPAKETINTERVAL</li>
+ <ul>
+ <li>\92Ê\89ß\83p\83P\83b\83g\82ª\8am\94F\82Å\82«\82È\82©\82Á\82½\8fê\8d\87\82É\81A\92Ê\90M\98H\82ð\95Â\8d½\82·\82é\82Ü\82Å\82Ì\8e\9e\8aÔ\81B\8eÀ\8dÛ\82É\82Í\81A\92Ê\89ß\83p\83P\83b\83g\82Ì\8am\94F\82Í
+ ACTIVECHECKINTERVAL\82Ì\90Ý\92è\8e\9e\8aÔ\96\88\82É\8ds\82È\82í\82ê\82é\82Ì\82Å\81AACTIVECHECKINTERVAL\82Ì\90®\90\94\94{\82Ì\8e\9e\8aÔ\82É\90Ø\82è\8fã\82°\82ç\82ê\82é\81B</li>
+ </ul>
+ <li class="list_none">LOCKTIMEOUT</li>
+ <ul>
+ <li>ipfw,ip6fw\82Ì\94r\91¼\90§\8cä\82Ì\8dÅ\91å\91Ò\82¿\8e\9e\8aÔ\81i\95b\81j\82ð\90Ý\92è\82·\82é\81B</li>
+ </ul>
+ <li class="list_none">IPFWMIN</li>
+ <ul>
+ <li>Opengate\82Å\97\98\97p\82·\82éipfw\82à\82µ\82\82Íip6fw\82Ì\83\8b\81[\83\8b\94Ô\8d\86\94Í\88Í\82Ì\8dÅ\8f¬\92l\82ð\90Ý\92è\82·\82é\81B</li>
+ </ul>
+ <li class="list_none">IPFWMAX</li>
+ <ul>
+ <li>Opengate\82Å\97\98\97p\82·\82éipfw\82à\82µ\82\82Íip6fw\82Ì\83\8b\81[\83\8b\94Ô\8d\86\94Í\88Í\82Ì\8dÅ\91å\92l\82ð\90Ý\92è\82·\82é\81B</li>
+ </ul>
+ <li class="list_none">IPFWINTERVAL</li>
+ <ul>
+ <li>ipfw\82à\82µ\82\82Íip6fw\82Ì\83\8b\81[\83\8b\94Ô\8d\86\94Í\88Í\82É\82¨\82¢\82Ä\81A\97\98\97p\82·\82é\94Ô\8d\86\82Ì\94Í\88Í\82ð\90Ý\92è\82·\82é\81B
+ \83N\83\89\83C\83A\83\93\83g\82Ì\91ä\90\94\90§\8cÀ\82É\97p\82¢\82é\82±\82Æ\82ª\89Â\94\\82Å\82 \82é\81B</li>
+ </ul>
+ <li class="list_none">PORTMIN</li>
+ <ul>
+ <li>Java Applet\82Æ\82Ì\92Ê\90M\82É\97\98\97p\82·\82é\83|\81[\83g\82Ì\97\98\97p\94Í\88Í\82Ì\8dÅ\8f¬\92l\82ð\90Ý\92è\82·\82é\81B</li>
+ </ul>
+ <li class="list_none">PORTMAX</li>
+ <ul>
+ <li>Java Applet\82Æ\82Ì\92Ê\90M\82É\97\98\97p\82·\82é\83|\81[\83g\82Ì\97\98\97p\94Í\88Í\82Ì\8dÅ\91å\92l\82ð\90Ý\92è\82·\82é\81B</li>
+ </ul>
+ <li class="list_none">FACILITY</li>
+ <ul>
+ <li>SYSLOG\82É\83\8d\83O\82ð\8fo\97Í\82·\82é\8dÛ\82Ì\83t\83@\83V\83\8a\83e\83B\82ð\90Ý\92è\82·\82é\81B</li>
+ </ul>
+</ul>
+
+<p>\88È\8fã\82Ì\90Ý\92è\82ð\8fI\82¦\82Ä\82©\82ç\81A\83R\83\93\83p\83C\83\8b\82Æ\83C\83\93\83X\83g\81[\83\8b\82ð\8ds\82È\82¤\81B</p>
+
+<table><tr><td><pre>
+#make
+cc -DCONFIGFILE=\"/etc/opengatesrv.conf\"
+-DOPENGATEDIR=\"/opengate\" -DDENYDOC=\"deny.html\"
+-DDENYDOC=\"deny.html\" -DDENYDOCSSL=\"deny-ssl.html\"
+-----------------
+-----------------
+-----------------
+# make install
+</pre></td></tr></table>
+
+<h5>A.3.3
\94F
\8fØ
\83T
\81[
\83o
\82Ì
\90Ý
\92è<a name="opengate6" href="#opengate6" class="anchor">†</a></h5>
+
+<p>
\94F
\8fØ
\83T
\81[
\83o
\82Ì
\90Ý
\92è
\82É
\82Â
\82¢
\82Ä
\82Í
\81A<a href="#opengate5">A.3.2</a>
\82Å
\82 \82°
\82½
\81ACONFIGFILE
\82É
\82æ
\82Á
\82Ä
\90Ý
\92è
\82·
\82é
\82±
\82Æ
\82ª
+\89Â\94\\82Å\82 \82é\81B</p>
+<p>\90Ý\92è\82Ì\8fÚ\8d×\82É\82Â\82¢\82Ä\82Í\81A\90Ý\92è\83t\83@\83C\83\8b\81iopengatesrv.conf\81j\93à\82É\8bL\8fq\82³\82ê\82Ä\82¢\82é\81B</p>
+
+<div align="right"><a href="#opengate0">top</a></div>
+
+</body>
+</html>
\ No newline at end of file
--- /dev/null
+<html>\r
+<head>\r
+<title>Opegnate Install</title>\r
+<meta http-equiv="content-type" content="text/html;charset=Shift_JIS">\r
+<link rel="stylesheet" type="text/css" media="screen" href="style.css">\r
+</head>\r
+\r
+<body bgcolor="#BBEECC">\r
+\r
+<!-- Start:ipfw,ip6fw\82Ì\90Ý\92è -->\r
+<h3>B ipfw,ip6fw
\82Ì
\90Ý
\92è<a name="ipfw0" href="#ipfw0" class="anchor">†</a></h3>
\r+\r
+<ul>\r
+ <li class="list_num"><a href="#ipfw1">\83J\81[\83l\83\8b\82Ì\8dÄ\8d\\92z</a></li>\r
+ <li class="list_num"><a href="#ipfw2">ipfw\82Ì\90Ý\92è</a></li>\r
+ <li class="list_num"><a href="#ipfw3">ip6fw\82Ì\90Ý\92è</a></li>\r
+</ul>\r
+\r
+<!-- ************ 1 ************** -->\r
+<h4>B.1
\83J
\81[
\83l
\83\8b\82Ì
\8dÄ
\8d\
\92z<a name="ipfw1" href="#ipfw1" class="anchor">†</a></h4>
\r+\r
+<p>ipfw\82à\82µ\82\82Íip6fw\82ð\97\98\97p\82·\82é\82½\82ß\82É\82Í\81AFreeBSD\82Ì\83J\81[\83l\83\8b\82ð\8dÄ\8d\\92z\82·\82é\95K\97v\82ª\82 \82é\81BFreeBSD\83C\83\93\83X\83g\81[\83\8b\8e\9e\82É\r
+\83J\81[\83l\83\8b\93\99\82Ì\91S\82Ä\82Ì\83\\81[\83X\82ð\83C\83\93\83X\83g\81[\83\8b\82µ\82Ä\82¢\82È\82¯\82ê\82Î\82È\82ç\82È\82¢\81B</p>\r
+<p>\88È\89º\82Ì\83f\83B\83\8c\83N\83g\83\8a\82É\82¨\82¢\82Ä\81AOpengate\97p\82Ì\83J\81[\83l\83\8b\83I\83v\83V\83\87\83\93\82ð\8dì\90¬\82·\82é\81B</p>\r
+\r
+<table><tr><td><pre>\r
+# cd /usr/src/sys/i386/conf\r
+# cp GENERIC MYKERNEL\r
+</pre></td></tr></table>\r
+\r
+<p>\83R\83s\81[\82µ\82½\83J\81[\83l\83\8b\83I\83v\83V\83\87\83\93\82É\81A\8e\9f\82Ì\83I\83v\83V\83\87\83\93\82ð\92Ç\89Á\82·\82é\81B</p>\r
+\r
+<table><tr><td><pre>\r
+options IPDIVERT\r
+\r
+options IPFIREWALL\r
+options IPFIREWALL_FORWARD\r
+options IPFIREWALL_VERBOSE\r
+options IPFIREWALL_VERBOSE_LIMIT=100\r
+\r
+options IPV6FIREWALL\r
+options IPV6FIREWALL_VERBOSE\r
+options IPV6FIREWALL_VERBOSE_LIMIT=100\r
+\r
+options IPSEC\r
+options IPSEC_ESP\r
+options TCP_DROP_SYSFIN\r
+</pre></td></tr></table>\r
+\r
+<p>IPDIVERT\82É\82Â\82¢\82Ä\82Í\81AIPv4\82ÌNAT\82ð\97p\82¢\82é\8fê\8d\87\82É\95K\97v\82Å\82 \82é\81B\82Ü\82½\81A\83t\83@\83C\83A\83E\83H\81[\83\8b\82Ì\r
+\83\8d\83O\82ð\95K\97v\82Æ\82µ\82È\82¢\8fê\8d\87\82Í\81AVERBOSE\82Ì\8d\80\96Ú\82Í\95s\97v\82Å\82 \82é\81B\82³\82ç\82É\81AIPSEC\82ð\95K\97v\82Æ\82µ\82È\82¢\8fê\8d\87\82Í\81A\r
+IPSEC\82Ì\8d\80\96Ú\82Í\95s\97v\82Å\82 \82é\81B</p>\r
+<p>\82±\82ê\82ç\82Ì\83I\83v\83V\83\87\83\93\82ð\92Ç\89Á\82µ\82½\8cã\82É\81A\83J\81[\83l\83\8b\82Ì\83R\83\93\83p\83C\83\8b\82Æ\83C\83\93\83X\83g\81[\83\8b\82ð\8ds\82È\82¤\81B</p>\r
+\r
+<table><tr><td><pre>\r
+# config MYKERNEL\r
+# cd ../compile/MYKERNEL\r
+# make depend\r
+# make\r
+# make install\r
+</pre></td></tr></table>\r
+\r
+<p>FreeBSD 6.x\82Å\82Í\81A"make depend"\82ð\8eÀ\8ds\82·\82é\91O\82É\81A"make clean"\82ª\97v\8b\81\82³\82ê\82é\8fê\8d\87\82à\82 \82é\82Ì\82Å\81A\92\8d\88Ó\82·\82é\81B</p>\r
+\r
+<p>\8dÄ\8d\\92z\82µ\82½\83J\81[\83l\83\8b\82É\82æ\82Á\82Ä\81A\83t\83@\83C\83A\83E\83H\81[\83\8b\82ð\97L\8cø\82É\82·\82é\82½\82ß\82É/etc/rc.conf\82É\88È\89º\82Ì\83I\83v\83V\83\87\83\93\82ð\r
+\8bL\8fq\82·\82é\81B</p>\r
+\r
+<table><tr><td><pre>\r
+firewall_enable="YES"\r
+firewall_script="/etc/rc.firewall"\r
+\r
+ipv6_firewall_enable="YES"\r
+ipv6_firewall_script="/etc/rc.firewall6"\r
+\r
+natd_enable="YES"\r
+natd_interface="em0"\r
+</pre></td></tr></table>\r
+\r
+<p>IPv4/6\82»\82ê\82¼\82ê\82Ì\83t\83@\83C\83A\83E\83H\81[\83\8b\82ð\97L\8cø\82É\82µ\81A\82»\82ê\82¼\82ê\82Ì\83t\83@\83C\83A\83E\83H\81[\83\8b\82Ì\83\8b\81[\83\8b\82ð\8bL\8fq\82µ\82½\r
+\83X\83N\83\8a\83v\83g\82ð\8ew\92è\82·\82é\81B\82Ü\82½\81ANAT\82ª\95K\97v\82Å\82 \82é\8fê\8d\87\82Í\81Anatd\82ð\97L\8cø\82É\82µ\81A\83A\83h\83\8c\83X\95Ï\8a·\82ð\8ds\82¤\r
+\83C\83\93\83^\83t\83F\81[\83X\82ÌID\82ð\8ew\92è\82·\82é\81B</p>\r
+\r
+<div align="right"><a href="#ipfw0">top</a></div>\r
+\r
+<!-- ************ 2 ************** -->\r
+<h4>B.2 ipfw
\82Ì
\90Ý
\92è<a name="ipfw2" href="#ipfw2" class="anchor">†</a></h4>
\r+\r
+<p>Opengate\82Ì\93®\8dì\82Ì\82½\82ß\82É\93K\90Ø\82É\83t\83@\83C\83A\83E\83H\81[\83\8b\82Ì\83\8b\81[\83\8b\82ð\8bL\8fq\82µ\82È\82¯\82ê\82Î\82È\82ç\82È\82¢\81B\r
+\88È\89º\82É\8bL\8fq\82·\82×\82«\83\8b\81[\83\8b\82Ì\97á\81i/etc/rc.firewall\81j\82ð\8e¦\82·\81B</p>\r
+\r
+<table><tr><td><pre>\r
+### set these to your outside interface network and netmask and ip\r
+oif="em0"\r
+onet="192.168.0.0"\r
+omask="255.255.255.0"\r
+oip="192.168.0.34"\r
+\r
+### set these to your inside interface network and netmask and ip\r
+iif="bge0"\r
+inet="192.168.55.0"\r
+imask="255.255.255.0"\r
+iip="192.168.55.1"\r
+\r
+fwcmd="/sbin/ipfw"\r
+\r
+### divert packet to NATD \r
+$fwcmd add 1 divert natd ip from any to any via ${oif}\r
+\r
+### Stop spoofing\r
+$fwcmd add deny all from ${inet}:${imask} to any in via ${oif}\r
+$fwcmd add deny all from ${onet}:${omask} to any in via ${iif}\r
+\r
+### Stop http from softeather\r
+$fwcmd add deny tcp from 192.168.0.0:255.255.255.0 to ${oip} 80\r
+$fwcmd add deny tcp from 192.168.0.0:255.255.255.0 to ${oip} 443\r
+\r
+### Allow from / to myself\r
+$fwcmd add pass all from ${iip} to any via ${iif}\r
+$fwcmd add pass all from ${oip} to any via ${oif}\r
+$fwcmd add pass all from any to ${iip} via ${iif}\r
+$fwcmd add pass all from any to ${oip} via ${oif}\r
+\r
+### Allow DNS queries out in the world\r
+### (if DNS is on localhost, delete passDNS)\r
+$fwcmd add pass udp from any 53 to any\r
+$fwcmd add pass udp from any to any 53\r
+$fwcmd add pass tcp from any to any 53\r
+$fwcmd add pass tcp from any 53 to any\r
+\r
+### Forwarding http connection from unauth client \r
+$fwcmd add 60000 fwd localhost tcp from ${inet}:${imask} to any 80\r
+$fwcmd add 60010 fwd localhost tcp from ${inet}:${imask} to any 443\r
+\r
+### Allow TCP through if setup succeeded \r
+$fwcmd add 60100 pass tcp from any to any established\r
+</pre></td></tr></table>\r
+\r
+<p>Opengate\82ð\93®\8dì\82³\82¹\82é\8dÛ\81A\83\8b\81[\83\8b\94Ô\8d\8660000,60010,60100\82ª\8fd\97v\82Æ\82È\82é\81B\94F\8fØ\83y\81[\83W\82ð\r
+\95\\8e¦\82³\82¹\82é\82½\82ß\82É\81AHTTP,HTTPS\83\8a\83N\83G\83X\83g\82ÍOpengate\82ÌWeb\83T\81[\83o\82É\93]\91\97\82µ\82È\82¯\82ê\82Î\82È\82ç\82È\82¢\81B\r
+\82\8d\82½\81A\8aù\82É\8am\97§\82³\82ê\82Ä\82¢\82éTCP\90Ú\91±\82É\8aÖ\82µ\82Ä\82Í\81AOpengate\82É\82æ\82é\92Ê\90M\98H\95Â\8d½\8cã\82à\97\98\97p\89Â\94\\82Æ\82·\82é\82½\82ß\81A\r
+60100\82Ì\83\8b\81[\83\8b\82ð\92Ç\89Á\82·\82é\81B</p>\r
+\r
+<p>\88È\8fã\81A\8e¦\82µ\82½\97á\82ÍOpengate\82ð\93®\8dì\82³\82¹\82é\82½\82ß\82Ì\90Ý\92è\97á\82Å\82 \82é\81B\8eÀ\8dÛ\82ÉOpengate\82ð\93±\93ü\82·\82é\8dÛ\82É\82Í\81A\r
+ipfw\82Ì\93®\8dì\82ð\8fn\92m\82µ\82½\8fã\81A\8ae\8eí\83l\83b\83g\83\8f\81[\83N\82É\93K\82µ\82½\83t\83@\83C\83A\83E\83H\81[\83\8b\82ð\90Ý\92u\82·\82é\82±\82Æ\82ª\96]\82Ü\82µ\82¢\81B</p>\r
+\r
+<div align="right"><a href="#ipfw0">top</a></div>\r
+\r
+<!-- ************ 3 ************** -->\r
+<h4>B.3 ip6fw
\82Ì
\90Ý
\92è<a name="ipfw3" href="#ipfw3" class="anchor">†</a></h4>
\r+\r
+<p>Opengate\82Ì\93®\8dì\82Ì\82½\82ß\82É\93K\90Ø\82É\83t\83@\83C\83A\83E\83H\81[\83\8b\82Ì\83\8b\81[\83\8b\82ð\8bL\8fq\82µ\82È\82¯\82ê\82Î\82È\82ç\82È\82¢\81B\r
+\88È\89º\82É\8bL\8fq\82·\82×\82«\83\8b\81[\83\8b\82Ì\97á\81i/etc/rc.firewall6\81j\82ð\8e¦\82·\81B</p>\r
+\r
+<table><tr><td><pre>\r
+### set these to your outside interface network and prefixlen and ip\r
+oif="em0"\r
+onet="2001:e38:3661:1a0::"\r
+oprefixlen="64"\r
+oip="2001:e38:3661:1a0::34"\r
+\r
+### set these to your inside interface network and prefixlen and ip\r
+iif="bge0"\r
+inet="2001:e38:3661:1a5::"\r
+iprefixlen="64"\r
+iip="2001:e38:3661:1a5::1"\r
+\r
+### path to command "ip6fw"\r
+fw6cmd="/sbin/ip6fw"\r
+\r
+${fw6cmd} add pass all from ${iip} to any\r
+${fw6cmd} add pass all from any to ${iip}\r
+${fw6cmd} add pass all from ${oip} to any\r
+${fw6cmd} add pass all from any to ${oip}\r
+\r
+### Allow RA RS NS NA Redirect...\r
+${fw6cmd} add pass ipv6-icmp from any to any\r
+\r
+# Allow IP fragments to pass through\r
+${fw6cmd} add pass all from any to any frag\r
+\r
+# Allow RIPng\r
+${fw6cmd} add pass udp from fe80::/10 521 to ff02::9 521\r
+${fw6cmd} add pass udp from fe80::/10 521 to fe80::/10 521\r
+\r
+### Allow TCP through if setup succeeded\r
+${fw6cmd} add 60100 pass tcp from any to any established\r
+\r
+# TCP reset notice message\r
+${fw6cmd} add 60200 reset tcp from any to any 80\r
+${fw6cmd} add 60300 reset tcp from any to any 443\r
+</pre></td></tr></table>\r
+\r
+<p>ip6fw\82Í\81Aipfw\82Æ\82Í\88Ù\82È\82è\93]\91\97\82ð\8ds\82¤\82±\82Æ\82ª\82Å\82«\82È\82¢\81B\82»\82±\82Å\81AOpengate\82Å\82Í\r
+IPv6\82ÌHTTP\83\8a\83N\83G\83X\83g\82ª\83^\83C\83\80\83A\83E\83g\82µ\81AIPv4\82ÌHTTP\83\8a\83N\83G\83X\83g\82ð\93]\91\97\82µ\81A\94F\8fØ\r
+\82ð\8ds\82¤\8ed\91g\82Ý\82ð\82Æ\82Á\82Ä\82¢\82é\81B\82½\82¾\82µ\81AFreeBSD 5.2\88È\8d~\82Å\82Í\81Aip6fw\82ÅTCP reset\82ª\r
+\8eÀ\91\95\82³\82ê\82Ä\82¨\82è\81AIPv6 TCP\83p\83P\83b\83g\82É\91Î\82µ\82Ä\93\9e\92B\95s\94\\83\81\83b\83Z\81[\83W\82ð\95Ô\82·\82±\82Æ\82ª\89Â\94\\82Å\r
+\82 \82é\81B\83\8b\81[\83\8b\94Ô\8d\8660200,60300\82Ì\82æ\82¤\82É\81ATCP reset\82ð\97\98\97p\82·\82é\82±\82Æ\82É\82æ\82Á\82Ä\81AIPv6 HTTP\r
+\83\8a\83N\83G\83X\83g\82ª\83^\83C\83\80\83A\83E\83g\82·\82é\82Ü\82Å\82Ì\8e\9e\8aÔ\82ð\91Ò\82Â\95K\97v\82ª\82È\82\82È\82é\81B</p>\r
+\r
+<p>\82Ü\82½\81AIPv6\82Å\82ÍDHCP\82Ì\91Ö\82í\82è\82ÉRA\82É\82æ\82Á\82ÄIPv6\83A\83h\83\8c\83X\82ð\8e©\93®\90¶\90¬\82µ\81A\8co\98H\8fî\95ñ\r
+\92Ê\92m\83f\81[\83\82\83\93\82È\82Ç\81AICMP\82â\82»\82Ì\91¼\82Ì\83v\83\8d\83g\83R\83\8b\82Ì\88µ\82¢\82É\8bC\82ð\82Â\82¯\82È\82¯\82ê\82Î\82È\82ç\82È\82¢\81B\r
+ipfw\82Æ\93¯\97l\82É\81Aip6fw\82É\82Â\82¢\82Ä\82à\93®\8dì\82ð\8fn\92m\82µ\82½\8fã\82Å\81A\8ae\8eí\83l\83b\83g\83\8f\81[\83N\82É\93K\82µ\82½\r
+\83t\83@\83C\83A\83E\83H\81[\83\8b\82ð\90Ý\92u\82·\82é\82±\82Æ\82ª\96]\82Ü\82µ\82¢\81B</p>\r
+\r
+<div align="right"><a href="#ipfw0">top</a></div>\r
+\r
+</body>\r
+</html>
\ No newline at end of file
--- /dev/null
+<html>\r
+<head>\r
+<title>Opegnate Install</title>\r
+<meta http-equiv="Content-Type" content="text/html; charset=shift_jis">\r
+<link rel="stylesheet" type="text/css" media="screen" href="style.css">\r
+</head>\r
+\r
+<body bgcolor="#BBEECC">\r
+\r
+<!-- Start:Apache2\82Ì\83C\83\93\83X\83g\81[\83\8b -->\r
+<h3>C Apache2
\82Ì
\83C
\83\93\83X
\83g
\81[
\83\8b<a name="apache0" href="#apache0" class="anchor">†</a></h3>
\r+<ul>\r
+ <li class="list_num"><a href="#apache1">\83C\83\93\83X\83g\81[\83\8b\81iports\81j</a></li>\r
+ <li class="list_num"><a href="#apache2">\83C\83\93\83X\83g\81[\83\8b\81i\83\\81[\83X\81j</a></li>\r
+ <li class="list_num"><a href="#apache3">\94é\96§\8c®\81A\8fØ\96¾\8f\91\82Ì\8dì\90¬</a></li>\r
+ <li class="list_num"><a href="#apache4">\83o\81[\83`\83\83\83\8b\83z\83X\83g\82Ì\90Ý\92è</a></li>\r
+ <li class="list_num"><a href="#apache5">HTTP_ERROR 404\82Ö\82Ì\91Î\89\9e</a></li>\r
+</ul>\r
+\r
+<!-- ************ 1 ************** -->\r
+<h4>C.1
\83C
\83\93\83X
\83g
\81[
\83\8b\81iports
\81j<a name="apache1" href="#apache1" class="anchor">†</a></h4>
\r+\r
+<p>Opengate\82Å\82Í\81AIPv6\82ð\83T\83|\81[\83g\82µ\82½Apache2\82ª\95K\90{\82Å\82 \82é\81B\82Ü\82½\81A\94F\8fØ\82ð\8ds\82¤\82±\82Æ\82©\82ç\r
+SSL\82ð\83T\83|\81[\83g\82·\82é\82±\82Æ\82ª\96]\82Ü\82µ\82¢\81BApache2\82Í\95W\8f\80\82ÅSSL\82ð\83T\83|\81[\83g\82µ\82Ä\82¢\82é\82Ì\82Å\81Amod_ssl\r
+\82ð\95Ê\93r\83C\83\93\83X\83g\81[\83\8b\82·\82é\95K\97v\82Í\82È\82¢\81B</p>\r
+<p>\88È\89º\82É\81Aports\82ð\97\98\97p\82µ\82Ä\83C\83\93\83X\83g\81[\83\8b\82·\82é\8eè\8f\87\82ð\88È\89º\82É\8bL\82·\81B</p>\r
+\r
+<table><tr><td><pre>\r
+# cd /usr/ports/www/apache2\r
+# make clean\r
+===> Cleaning for autoconf-2.53_1\r
+===> Cleaning for libtool-1.3.5_1\r
+===> Cleaning for m4-1.4_1\r
+===> Cleaning for help2man-1.29\r
+===> Cleaning for expat-1.95.6_1\r
+===> Cleaning for apache-2.0.48_3\r
+# make install clean ; rehash\r
+</pre></td></tr></table>\r
+\r
+<p>\83C\83\93\83X\83g\81[\83\8b\8dì\8bÆ\82ª\8a®\97¹\82µ\82½\8cã\81AApache2\82Ì\8bN\93®\82ÆSSL\82ð\97L\8cø\82É\82·\82é\82½\82ß\82É\81A\r
+\88È\89º\82Ì\8d\80\96Ú\82ð/etc/rc.conf\82É\8bL\8fq\82·\82é\81B</p>\r
+\r
+<table><tr><td><pre>\r
+apache2_enable="YES"\r
+apache2ssl_enable="YES"\r
+</pre></td></tr></table>\r
+\r
+\r
+<div align="right"><a href="#apache0">top</a></div>\r
+\r
+<!-- ************ 2 ************** -->\r
+<h4>C.2
\83C
\83\93\83X
\83g
\81[
\83\8b\81i
\83\
\81[
\83X
\81j<a name="apache2" href="#apache2" class="anchor">†</a></h4>
\r+\r
+<p>Apache2\82ð\83\\81[\83X\82©\82ç\83C\83\93\83X\83g\81[\83\8b\82·\82é\8eè\8f\87\82ð\88È\89º\82É\8bL\82·\81B</p>\r
+<p>Apache2\82Ì\83\\81[\83X\82Í\81Aftp.apache.or.jp\93\99\82©\82ç\8eæ\93¾\82·\82é\82±\82Æ\82ª\89Â\94\\82Å\82 \82é\81B\82Ü\82½\81A\r
+Apache2\82ð\83R\83\93\83p\83C\83\8b\82·\82é\8dÛ\82É\81ASSL\83\82\83W\83\85\81[\83\8b\82ð\97L\8cø\82É\82·\82é\95K\97v\82ª\82 \82é\81B\82Ü\82½\81A\r
+\83\\81[\83X\82©\82ç\83C\83\93\83X\83g\81[\83\8b\82µ\82½\8dÛ\82Í\81A\95W\8f\80\82Å/usr/local/apache2\83f\83B\83\8c\83N\83g\83\8a\88È\89º\82É\83C\83\93\83X\83g\81[\83\8b\82³\82ê\82é\81B</p>\r
+\r
+<table><tr><td><pre>\r
+# tar xvfz httpd-2.0.55.tar.gz\r
+# cd httpd-2.0.55\r
+# ./configure --enable-modules="so ssl"\r
+# make\r
+# make install\r
+</pre></td></tr></table>\r
+\r
+<div align="right"><a href="#apache0">top</a></div>\r
+\r
+<!-- ************ 3 ************** -->\r
+<h4>C.3
\94é
\96§
\8c®
\81A
\8fØ
\96¾
\8f\91\82Ì
\8dì
\90¬<a name="apache3" href="#apache3" class="anchor">†</a></h4>
\r+\r
+<p>Apache2\82Å\81ASSL\82ð\97\98\97p\82·\82é\82½\82ß\82É\94é\96§\8c®\82Æ\8fØ\96¾\8f\91\82ð\97p\88Ó\82·\82é\95K\97v\82ª\82 \82é\81B\90³\8bK\82Ì\94F\8fØ\8bÇ\82©\82ç\r
+\94\8ds\82³\82ê\82½\8fØ\96¾\8f\91\82ð\97p\88Ó\82·\82é\82±\82Æ\82ª\96]\82Ü\82µ\82¢\82ª\81A\8e©\8cÈ\8f\90\96¼\82ð\8ds\82Á\82½\8fØ\96¾\8f\91\82Æ\94é\96§\8c®\82Å\82à\8f\\95ª\82É\r
+\83Z\83L\83\85\83\8a\83e\83B\82ð\8am\95Û\82·\82é\82±\82Æ\82ª\89Â\94\\82Å\82 \82é\81B</p>\r
+\r
+<p>Opengate\82Å\82Í\81A\93ñ\82Â\82ÌFQDN\82ð\97\98\97p\82·\82é\82±\82Æ\82©\82ç\81A\82»\82ê\82¼\82ê\82ÌFQDN\82É\91Î\89\9e\82·\82é\8fØ\96¾\8f\91\82Æ\r
+\94é\96§\8c®\82ª\95K\97v\82Æ\82È\82é\81B\88È\89º\82É\81A\94é\96§\8c®\82Æ\8fØ\96¾\8f\91\82ð\8dì\90¬\82·\82é\8eè\8f\87\82ð\8e¦\82·\81B</p>\r
+\r
+<table><tr><td><pre>\r
+# cd /usr/local/etc/apache2\r
+# mkdir ssl.key ssl.crt\r
+# chmod 700 ssl.key ssl.crt\r
+\r
+# /usr/bin/openssl genrsa -out /usr/local/etc/apache2/ssl.key/server1.key 1024\r
+# /usr/bin/openssl genrsa -out /usr/local/etc/apache2/ssl.key/server2.key 1024\r
+</pre></td></tr></table>\r
+\r
+<p>\8fã\8bL\82É\82¨\82¢\82Ä\8dì\90¬\82µ\82½\94é\96§\8c®\82ð\97p\82¢\82Ä\8f\90\96¼\82µ\82½\8fØ\96¾\8f\91\82ð\8dì\90¬\82·\82é\81B</p>\r
+\r
+<table><tr><td><pre>\r
+# /usr/bin/openssl req -new -x509 -days 365 \\r
+ -key /usr/local/etc/apache2/ssl.key/server1.key \\r
+ -out /usr/local/etc/apache2/ssl.crt/server1.crt\r
+\r
+You are about to be asked to enter information that will be incorporated\r
+into your certificate request.\r
+What you are about to enter is what is called a Distinguished Name or a DN.\r
+There are quite a few fields but you can leave some blank\r
+For some fields there will be a default value,\r
+If you enter '.', the field will be left blank.\r
+-----\r
+Country Name (2 letter code) [AU]:JP\r
+State or Province Name (full name) [Some-State]:Saga\r
+Locality Name (eg, city) []:Saga-city\r
+Organization Name (eg, company) [Internet Widgits Pty Ltd]:Saga-university\r
+Organizational Unit Name (eg, subsection) []:Information Science\r
+Common Name (eg, YOUR name) []:opengate.is.saga-u.ac.jp\r
+Email Address []:administrator@opengate.is.saga-u.ac.jp\r
+\r
+Please enter the following 'extra' attributes\r
+to be sent with your certificate request\r
+A challenge password []:\r
+An optional company name []:\r
+\r
+# /usr/bin/openssl req -new -x509 -days 365 \\r
+ -key /usr/local/etc/apache2/ssl.key/server2.key \\r
+ -out /usr/local/etc/apache2/ssl.crt/server2.crt\r
+\r
+You are about to be asked to enter information that will be incorporated\r
+into your certificate request.\r
+What you are about to enter is what is called a Distinguished Name or a DN.\r
+There are quite a few fields but you can leave some blank\r
+For some fields there will be a default value,\r
+If you enter '.', the field will be left blank.\r
+-----\r
+Country Name (2 letter code) [AU]:JP\r
+State or Province Name (full name) [Some-State]:Saga\r
+Locality Name (eg, city) []:Saga-city\r
+Organization Name (eg, company) [Internet Widgits Pty Ltd]:Saga-university\r
+Organizational Unit Name (eg, subsection) []:Information Science\r
+Common Name (eg, YOUR name) []:opengate4.is.saga-u.ac.jp\r
+Email Address []:administrator@opengate.is.saga-u.ac.jp\r
+\r
+Please enter the following 'extra' attributes\r
+to be sent with your certificate request\r
+A challenge password []:\r
+An optional company name []:\r
+</pre></td></tr></table>\r
+\r
+<div align="right"><a href="#apache0">top</a></div>\r
+\r
+<!-- ************ 4 ************** -->\r
+<h4>C.4
\83o
\81[
\83`
\83\83\83\8b\83z
\83X
\83g
\82Ì
\90Ý
\92è<a name="apache4" href="#apache4" class="anchor">†</a></h4>
\r+\r
+<p>Opengate\82Å\82Í\81A\93ñ\82Â\82ÌFQDN\82ð\97p\82¢\82é\81B\82±\82ê\82æ\82è\81AApache2\82Å\82Í\93ñ\82Â\82ÌFQDN\82É\91Î\89\9e\82·\82é\82½\82ß\82É\r
+\83o\81[\83`\83\83\83\8b\83z\83X\83g\82Ì\90Ý\92è\82ð\8ds\82¤\95K\97v\82ª\82 \82é\81B</p>\r
+<p>Apache2\82Ì\83o\81[\83`\83\83\83\8b\83z\83X\83g\82É\82Í\81AIP\83x\81[\83X\82Ì\83o\81[\83`\83\83\83\8b\83z\83X\83g\82Æ\81A\83l\81[\83\80\83x\81[\83X\82Ì\83o\81[\83`\83\83\83\8b\r
+\83z\83X\83g\82Ì\93ñ\8eí\97Þ\82ª\82 \82é\81B\82µ\82©\82µ\81A\83l\81[\83\80\83x\81[\83X\82Ì\83o\81[\83`\83\83\83\8b\83z\83X\83g\82ð\97p\82¢\82½\8fê\8d\87\81A\90æ\8fq\82µ\82½\r
+\83o\81[\83`\83\83\83\8b\83z\83X\83g\82É\82Â\82¢\82Ä\82µ\82©SSL\8f\88\97\9d\82ð\8ds\82¤\82±\82Æ\82ª\82Å\82«\82È\82¢\81B</p>\r
+<p>Opengate\82Í\81A\93ñ\82Â\88È\8fã\82ÌNIC\82ð\8f\8a\8e\9d\82µ\81A\93ñ\82Â\88È\8fã\82ÌIP\83A\83h\83\8c\83X\82ð\8f\8a\8e\9d\82µ\82Ä\82¢\82é\82Ì\82Í\82¸\82È\82Ì\82Å\81A\r
+IP\83x\81[\83X\82Ì\83o\81[\83`\83\83\83\8b\83z\83X\83g\82ª\93K\97p\89Â\94\\82Å\82 \82é\81B</p>\r
+\r
+<p>\88È\89º\82É\81AIP\83x\81[\83X\82Ì\83o\81[\83`\83\83\83\8b\83z\83X\83g\82ð\93K\97p\82µ\82½\8fê\8d\87\82Ì\90Ý\92è\97á\r
+\81i/usr/local/etc/httpd.conf,ssl.conf\81j</p>\r
+\r
+<table><tr><td>httpd.conf</td></tr><tr><td><pre>\r
+NameVirtualHost 192.168.55.1:80\r
+<VirtualHost 192.168.55.1:80>\r
+ ServerAdmin administrator@opengate.is.saga-u.ac.jp\r
+ DocumentRoot /usr/local/www\r
+ ServerName opengate.is.saga-u.ac.jp\r
+ ErrorLog "|/usr/bin/logger -p local6.info"\r
+ CustomLog "|/usr/bin/logger -p local5.info" combined\r
+</VirtualHost>\r
+\r
+NameVirtualHost [2001:e38:3661:1a5::1]:80\r
+<VirtualHost [2001:e38:3661:1a5::1]:80>\r
+ ServerAdmin administrator@opengate.is.saga-u.ac.jp\r
+ DocumentRoot /usr/local/www\r
+ ServerName opengate.is.saga-u.ac.jp\r
+ ErrorLog "|/usr/bin/logger -p local6.info"\r
+ CustomLog "|/usr/bin/logger -p local5.info" combined\r
+</VirtualHost>\r
+ \r
+NameVirtualHost 192.168.0.34:80\r
+<VirtualHost 192.168.0.34:80>\r
+ ServerAdmin administrator@opengate.is.saga-u.ac.jp\r
+ DocumentRoot /usr/local/www\r
+ ServerName opengate4.is.saga-u.ac.jp\r
+ ErrorLog "|/usr/bin/logger -p local6.info"\r
+ CustomLog "|/usr/bin/logger -p local5.info" combined\r
+</VirtualHost>\r
+</pre></td></tr></table>\r
+<br>\r
+<table><tr><td>ssl.conf</td></tr><tr><td><pre>\r
+NameVirtualHost 192.168.55.1:443\r
+<VirtualHost 192.168.55.1:443>\r
+ DocumentRoot "/usr/local/www"\r
+ ServerName opengate.is.saga-u.ac.jp:443\r
+ ServerAdmin administrator@opengate.is.saga-u.ac.jp\r
+ ErrorLog "|/usr/bin/logger -p local6.info"\r
+ CustomLog "|/usr/bin/logger -p local5.info" combined\r
+\r
+ SSLEngine on\r
+ SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL\r
+ SSLCertificateFile /usr/local/etc/apache2/ssl.crt/server1.crt\r
+ SSLCertificateKeyFile /usr/local/etc/apache2/ssl.key/server1.key\r
+</VirtualHost>\r
+\r
+NameVirtualHost [2001:e38:3661:1a5::1]:443\r
+<VirtualHost [2001:e38:3661:1a5::1]:443>\r
+ DocumentRoot "/usr/local/www"\r
+ ServerName opengate.is.saga-u.ac.jp:443\r
+ ServerAdmin administrator@opengate.is.saga-u.ac.jp\r
+ ErrorLog "|/usr/bin/logger -p local6.info"\r
+ CustomLog "|/usr/bin/logger -p local5.info" combined\r
+\r
+ SSLEngine on\r
+ SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL\r
+ SSLCertificateFile /usr/local/etc/apache2/ssl.crt/server1.crt\r
+ SSLCertificateKeyFile /usr/local/etc/apache2/ssl.key/server1.key\r
+</VirtualHost>\r
+\r
+NameVirtualHost 192.168.0.34:443\r
+<VirtualHost 192.168.0.34:443>\r
+ DocumentRoot "/usr/local/www"\r
+ ServerName opengate4.is.saga-u.ac.jp:443\r
+ ServerAdmin administrator@opengate.is.saga-u.ac.jp\r
+ ErrorLog "|/usr/bin/logger -p local6.info"\r
+ CustomLog "|/usr/bin/logger -p local5.info" combined\r
+\r
+ SSLEngine on\r
+ SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL\r
+ SSLCertificateFile /usr/local/etc/apache2/ssl.crt/server2.crt\r
+ SSLCertificateKeyFile /usr/local/etc/apache2/ssl.key/server2.key\r
+</VirtualHost>\r
+</pre></td></tr></table>\r
+\r
+<p>\8fã\8bL\82Ì\90Ý\92è\97á\82Í\81A\83o\81[\83`\83\83\83\8b\83z\83X\83g\82Ì\90Ý\92è\82Ì\82½\82ß\82Ì\83f\83B\83\8c\83N\83e\83B\83u\82Ì\82Ý\8bL\8fq\82µ\82Ä\82¢\82é\81B\r
+\82±\82Ì\91¼\82É\82à\91½\82\82Ì\8d\80\96Ú\82ð\90Ý\92è\82µ\82È\82¯\82ê\82Î\82È\82ç\82È\82¢\82Ì\82Å\81AApache2\82Ì\90Ý\92è\82ð\8fn\92m\82µ\82½\8fã\82Å\r
+\90Ý\92è\82·\82é\82±\82Æ\82ª\96]\82Ü\82µ\82¢\81B</p>\r
+\r
+<div align="right"><a href="#apache0">top</a></div>\r
+\r
+<!-- ************ 5 ************** -->\r
+<h4>C.5 HTTP_ERROR 404
\82Ö
\82Ì
\91Î
\89\9e<a name="apache5" href="#apache5" class="anchor">†</a></h4>
\r+\r
+<p>Opengate\82Å\82Í\81A\97\98\97p\8eÒ\92[\96\96\82©\82ç\91\97\90M\82³\82ê\82Ä\82\82éHTTP\83\8a\83N\83G\83X\83g\82ð\81AOpengate\82ª\8e\9d\82Â\r
+Web\83T\81[\83o\82É\93]\91\97\82·\82é\82±\82Æ\82É\82æ\82Á\82Ä\81A\94F\8fØ\83y\81[\83W\82ð\92ñ\8b\9f\82µ\82Ä\82¢\82é\81B\82±\82Ì\82½\82ß\81A\97\98\97p\8eÒ\92[\96\96\r
+\82©\82ç\91\97\90M\82³\82ê\82Ä\82\82éHTTP\83\8a\83N\83G\83X\83g\82Í\97\\8aú\82·\82é\82±\82Æ\82ª\82Å\82«\82È\82¢\81B\82æ\82Á\82Ä\81A\82Ç\82Ì\82æ\82¤\82È\r
+HTTP\83\8a\83N\83G\83X\83g\82É\91Î\82µ\82Ä\82à\81A\94F\8fØ\83y\81[\83W\82ð\95Ô\82·\82½\82ß\82É\81A/usr/local/etc/httpd.conf\82É\r
+HTTP_ERROR 404\82ª\94\90¶\82µ\82½\8fê\8d\87\82É\81ADocumentRoot\82ð\95Ô\82·\82æ\82¤\82É\90Ý\92è\82·\82é\81B</p>\r
+\r
+<table><tr><td><pre>\r
+ErrorDocument 404 /\r
+</pre></td></tr></table>\r
+\r
+<div align="right"><a href="#apache0">top</a></div>\r
+\r
+</body>\r
+</html>
\ No newline at end of file
--- /dev/null
+<html>\r
+<head>\r
+<title>Opegnate Install</title>\r
+<meta http-equiv="Content-Type" content="text/html; charset=shift_jis">\r
+<link rel="stylesheet" type="text/css" media="screen" href="style.css">\r
+</head>\r
+\r
+<body bgcolor="#BBEECC">\r
+\r
+<!-- Start:isc-dhcp3\82Ì\83C\83\93\83X\83g\81[\83\8b -->\r
+<h3>D isc-dhcp3
\82Ì
\83C
\83\93\83X
\83g
\81[
\83\8b<a name="dhcp0" href="#dhcp0" class="anchor">†</a></h3>
\r+\r
+<ul>\r
+ <li class="list_num"><a href="#dhcp1">\83C\83\93\83X\83g\81[\83\8b\81iports\81j</a></li>\r
+ <li class="list_num"><a href="#dhcp2">DHCP\82Ì\90Ý\92è</a></li>\r
+</ul>\r
+\r
+<!-- *********** 1 ************* -->\r
+<h4>D.1
\83C
\83\93\83X
\83g
\81[
\83\8b\81iports
\81j<a name="dhcp1" href="#dhcp1" class="anchor">†</a></h4>
\r+\r
+<p>Opengate\82ð\93±\93ü\82·\82é\83l\83b\83g\83\8f\81[\83N\82Å\82Í\81A\97\98\97p\8eÒ\92[\96\96\82ª\95p\94É\82É\93ü\82ê\91Ö\82í\82é\82±\82Æ\82ª\97\\91ª\82Å\82«\82é\81B\r
+\82»\82±\82Å\81A\97l\81X\82È\97\98\97p\8eÒ\92[\96\96\82É\91Î\82µ\82Ä\8e©\93®\93I\82ÉIPv4\83A\83h\83\8c\83X\82ð\8a\84\82è\93\96\82Ä\82é\82±\82Æ\82ª\82Å\82«\82éDHCP\83T\81[\83o\82ð\r
+\93±\93ü\82·\82é\82±\82Æ\82ª\96]\82Ü\82µ\82¢\81B</p>\r
+<p>\88È\89º\82Éisc-dhcp3\82Ì\83C\83\93\83X\83g\81[\83\8b\8eè\8f\87\82ð\8bL\82·\81B</p>\r
+\r
+<table><tr><td><pre>\r
+# cd /usr/ports/net/isc-dhcp3-server\r
+# make\r
+===> Cleaning for isc-dhcp3-server-3.0.1.r14_3\r
+# make install clean ; rehash\r
+</pre></td></tr></table>\r
+\r
+<div align="right"><a href="#dhcp0">top</a></div>\r
+\r
+<!-- ************ 2 ************** -->\r
+<h4>D.2 DHCP
\82Ì
\90Ý
\92è<a name="dhcp2" href="#dhcp2" class="anchor">†</a></h4>
\r+\r
+<p>\83C\83\93\83X\83g\81[\83\8b\8dì\8bÆ\82ª\8a®\97¹\82·\82é\82Æ\81A/usr/local/etc\88È\89º\82Édhcpd.conf.sample\82ª\90¶\90¬\82³\82ê\82Ä\82¢\82é\81B\r
+\93¯\83f\83B\83\8c\83N\83g\83\8a\82Édhcpd.conf\82Æ\82µ\82Ä\83R\83s\81[\82µ\81Adhcpd\97p\82Ì\90Ý\92è\83t\83@\83C\83\8b\82ð\8dì\90¬\82·\82é\81B</p>\r
+<p>\88È\89º\82É\81A\90Ý\92è\97á\82ð\8e¦\82·\81B</p>\r
+\r
+<table><tr><td><pre>\r
+option domain-name "ai.is.saga-u.ac.jp";\r
+option domain-name-servers 192.168.0.2;\r
+option subnet-mask 255.255.255.0;\r
+option broadcast-address 192.168.55.255;\r
+option routers 192.168.55.1;\r
+\r
+default-lease-time 600;\r
+max-lease-time 7200;\r
+ddns-update-style none;\r
+log-facility local7;\r
+\r
+subnet 192.168.55.0 netmask 255.255.255.0 {\r
+ range 192.168.55.100 192.168.55.200;\r
+}\r
+</pre></td></tr></table>\r
+\r
+<p>\82Ü\82½\81Adhcpd\82ð\8e©\93®\8bN\93®\82·\82é\82½\82ß\82É\81A/etc/rc.conf\82É\88È\89º\82Ì\8d\80\96Ú\82ð\8bL\8fq\82·\82é\81B</p>\r
+\r
+<table><tr><td><pre>\r
+dhcpd_enable="YES"\r
+dhcpd_ifaces="bge0"\r
+dhcpd_conf="/usr/local/etc/dhcpd.conf"\r
+</pre></td></tr></table>\r
+\r
+<p>dhcpd_ifaces\82É\82Â\82¢\82Ä\82Í\81Adhcp\82ð\91\97\90M\82·\82é\83C\83\93\83^\83t\83F\81[\83XID\82ð\8bL\8fq\82·\82é\81B</p>\r
+\r
+<div align="right"><a href="#dhcp0">top</a></div>\r
+\r
+</body>\r
+</html>
\ No newline at end of file
--- /dev/null
+<html>\r
+<head>\r
+<title>Opegnate Install</title>\r
+<meta http-equiv="Content-Type" content="text/html; charset=shift_jis">\r
+<link rel="stylesheet" type="text/css" media="screen" href="style.css">\r
+</head>\r
+\r
+<body bgcolor="#BBEECC">\r
+\r
+<!-- Start:BIND9\82Ì\83C\83\93\83X\83g\81[\83\8b -->\r
+<h3>E BIND9
\82Ì
\83C
\83\93\83X
\83g
\81[
\83\8b<a name="bind0" href="#bind0" class="anchor">†</a></h3>
\r+\r
+<ul>\r
+ <li class="list_num"><a href="#bind1">\83C\83\93\83X\83g\81[\83\8b\81iports\81j</a></li>\r
+ <li class="list_num"><a href="#bind2">\94F\8fØ\83L\81[\82Ì\8dì\90¬</a></li>\r
+ <li class="list_num"><a href="#bind3">named.conf\82Ì\90Ý\92è</a></li>\r
+ <li class="list_num"><a href="#bind4">zone\82Ì\90Ý\92è</a></li>\r
+ <li class="list_num"><a href="#bind5">\8bN\93®\8am\94F</a></li>\r
+</ul>\r
+\r
+<!-- ********** 1 *********** -->\r
+<h4>E.1
\83C
\83\93\83X
\83g
\81[
\83\8b\81iports
\81j<a name="bind1" href="#bind1" class="anchor">†</a></h4>
\r+\r
+<p>Opengate\82Ì\82½\82ß\82É\93ñ\82Â\82ÌFQDN\82ð\97p\88Ó\82µ\82È\82¯\82ê\82Î\82È\82ç\82È\82¢\81B\8aù\91¶\82ÌDNS\82ÉOpengate\97p\82Ì\r
+FQDN\82ð\93o\98^\82·\82é\82±\82Æ\82Å\82à\89ð\8c\88\82Å\82«\82é\81B\82µ\82©\82µ\81ANAT\82È\82Ç\82ð\97p\82¢\82Ä\83A\83h\83\8c\83X\95Ï\8a·\82ð\8ds\82¤\8fê\8d\87\82ð\r
+\8dl\82¦\82é\82Æ\81A\83v\83\89\83C\83x\81[\83g\83l\83b\83g\83\8f\81[\83N\82Ì\83A\83h\83\8c\83X\82ð\8aO\95\94\82ÌDNS\82É\93o\98^\82·\82é\82±\82Æ\82Í\96]\82Ü\82µ\82\82È\82¢\81B\r
+\82»\82±\82Å\81AOpengate\97p\82Ì\83}\83V\83\93\82ÉDNS\82ð\93±\93ü\82·\82é\82±\82Æ\82à\8dl\82¦\82ç\82ê\82é\81B</p>\r
+<p>\88È\89º\82É\81ABIDN9\82ð\83C\83\93\83X\83g\81[\83\8b\82·\82é\8eè\8f\87\82ð\8bL\82·\81B</p>\r
+\r
+<table><tr><td><pre>\r
+# cd /usr/ports/dns/bind9/\r
+# make clean\r
+===> Cleaning for bind9-9.3.1\r
+# make install clean ; rehash\r
+</pre></td></tr></table>\r
+\r
+<p>\83C\83\93\83X\83g\81[\83\8b\82ª\8a®\97¹\82·\82é\82Æ\81A/etc/namedb(/var/named/etc/namaedb)\88È\89º\82Ì\83f\83B\83\8c\83N\83g\83\8a\82É\r
+\8ae\8eí\90Ý\92è\83t\83@\83C\83\8b\82ª\90¶\90¬\82³\82ê\82é\81B</p>\r
+\r
+<div align="right"><a href="#bind0">top</a></div>\r
+\r
+<!-- ********** 2 ********** -->\r
+<h4>E.2
\94F
\8fØ
\83L
\81[
\82Ì
\8dì
\90¬<a name="bind2" href="#bind2" class="anchor">†</a></h4>
\r+\r
+<p>BIND9\82Å\82Í\81A\83Z\83L\83\85\83\8a\83e\83B\82ð\8am\95Û\82·\82é\82½\82ß\82É\94F\8fØ\83L\81[\82ð\90Ý\92è\82µ\81Arndc\83R\83}\83\93\83h\82ð\97p\82¢\82Änamed\82ð\90§\8cä\82·\82é\81B</p>\r
+<p>\82»\82±\82Å\81A\82Ü\82¸\94F\8fØ\83L\81[\82Ì\8dì\90¬\82ð\8ds\82¤\81B\94F\8fØ\8b@\81[\82Ì\8dì\90¬\8eè\8f\87\82ð\88È\89º\82É\8e¦\82·\81B</p>\r
+\r
+<table><tr><td><pre>\r
+# /usr/local/sbin/dnssec-keygen -a hmac-md5 -b 512 -n user rndc\r
+</pre></td></tr></table>\r
+\r
+<p>\88È\8fã\82Ì\8dì\8bÆ\82É\82¨\82¢\82Ä\81A"out of entropy"\82Æ\82¢\82¤\83G\83\89\81[\82ª\94\90¶\82·\82é\8fê\8d\87\82Í\81A\8e\9f\82Ì\95û\96@\82Å\r
+\94F\8fØ\83L\81[\82ð\8dì\90¬\82·\82é\81B</p>\r
+\r
+<table><tr><td><pre>\r
+# /usr/local/sbin/dnssec-keygen -r /dev/urandom -a hmac-md5 -b 512 -n user rndc\r
+</pre></td></tr></table>\r
+\r
+<p>\94F\8fØ\83L\81[\82Ì\8dì\90¬\82É\90¬\8c÷\82·\82é\82Æ\81A\8e\9f\82Ì\93ñ\82Â\82Ì\83t\83@\83C\83\8b\82ª\90¶\90¬\82³\82ê\82é\81B\82½\82¾\82µ\81A\83t\83@\83C\83\8b\96¼\82É\r
+\8aÜ\82Ü\82ê\82é\90\94\8e\9a\82Í\83\89\83\93\83_\83\80\82É\90¶\90¬\82³\82ê\82é\81B</p>\r
+\r
+<ul>\r
+ <li><pre>Krndc.+157+60849.key</pre></li>\r
+ <li><pre>Krndc.+157+60849.private</pre></li>\r
+</ul>\r
+\r
+<p>BIND9\82Ì\83C\83\93\83X\83g\81[\83\8b\8cã\82É\81A/usr/local/etc/rndc.conf.sample\82Æ\82¢\82¤\83t\83@\83C\83\8b\82ª\90¶\90¬\82³\82ê\82Ä\82¢\82é\81B\r
+\82±\82Ì\83t\83@\83C\83\8b\82ð\83R\83s\81[\82µ\82Ä\81A/usr/local/etc/rndc.conf\82ð\8dì\90¬\82·\82é\81B</p>\r
+<p>\82»\82µ\82Ä\81Arndc.conf\82Ìkey\83f\83B\83\8c\83N\83e\83B\83u\82ð\95Ò\8fW\82·\82é\81Bkey\83f\83B\83\8c\83N\83e\83B\83u\82Å\82Í\81A\94F\8fØ\83L\81[\82Ì\r
+\83A\83\8b\83S\83\8a\83Y\83\80\82Æ\90¶\90¬\82µ\82½\94F\8fØ\83L\81[\82ð\8ew\92è\82µ\82È\82¯\82ê\82Î\82È\82ç\82È\82¢\81B\94F\8fØ\83L\81[\82Ísecret\82Ì\8d\80\96Ú\82É\8ew\92è\82·\82é\81B\r
+
\82Ü
\82½
\81A
\94F
\8fØ
\83L
\81[
\82Æ
\8b¤
\82É
\8dì
\90¬
\82µ
\82½<pre>Krndc.+157+60849.private</pre>
\82Ìkey
\8d\80\96Ú
\82É
\95\
\8e¦
\82³
\82ê
\82Ä
\r+\82¢\82é\82à\82Ì\82ð\8ew\92è\82·\82é\81B</p>\r
+\r
+<table><tr><td><pre>\r
+options {\r
+ default-server localhost;\r
+ default-key "key";\r
+};\r
+\r
+server localhost {\r
+ key "key";\r
+};\r
+\r
+key "key" {\r
+ algorithm hmac-md5;\r
+ secret "...";\r
+};\r
+</pre></td></tr></table>\r
+\r
+<p>\8d¡\89ñ\82ÌDNS\83T\81[\83o\82Í\81AOpengate\82ð\93±\93ü\82·\82é\83l\83b\83g\83\8f\81[\83N\82Ì\82Ý\82É\83T\81[\83r\83X\82ð\8ds\82¤\82à\82Ì\82Å\82 \82é\81B\82µ\82©\82µ\81A\r
+\90Ý\92è\83t\83@\83C\83\8b\82Ì\83p\81[\83~\83b\83V\83\87\83\93\82É\8f\\95ª\92\8d\88Ó\82µ\81A\94F\8fØ\83L\81[\82Ì\83t\83@\83C\83\8b\82Í\83T\81[\83o\8fã\82É\95Û\91¶\82¹\82¸\82É\81A\r
+\8dí\8f\9c\82à\82µ\82\82Í\83v\83\8a\83\93\83g\83A\83E\83g\82µ\82Ä\8cµ\8fd\82É\95Û\91¶\82·\82é\82±\82Æ\82ª\96]\82Ü\82µ\82¢\81B</p>\r
+\r
+<div align="right"><a href="#bind0">top</a></div>\r
+\r
+<!-- ********* 3 ********* -->\r
+<h4>E.3 named.conf
\82Ì
\90Ý
\92è<a name="bind3" href="#bind3" class="anchor">†</a></h4>
\r+\r
+<p>named\82Ì\8eå\82È\93®\8dì\82ð\90§\8cä\82·\82é\82½\82ß\82Ì\90Ý\92è\83t\83@\83C\83\8b/etc/namedb/named.conf\82Ì\90Ý\92è\82ð\8ds\82¤\81B</p>\r
+<p>\82Ü\82¸\81A\94F\8fØ\83L\81[\82Ì\90Ý\92è\82Ì\82½\82ß\82Ékey\83f\83B\83\8c\83N\83e\83B\83u\82Ì\90Ý\92è\82ª\95K\97v\82Å\82 \82é\81B\91O\8fq\82µ\82½rndc.conf\82Ì\r
+key\83f\83B\83\8c\83N\83e\83B\83u\82Æ\93¯\97l\82Ì\90Ý\92è\82ð\82µ\82È\82¯\82ê\82Î\82È\82ç\82È\82¢\81B</p>\r
+\r
+<table><tr><td><pre>\r
+key "rndc_key" {\r
+ algorithm hmac-md5;\r
+ secret "...";\r
+};\r
+\r
+controls {\r
+ inet ::1 allow {\r
+ ::1;\r
+ }\r
+ keys {\r
+ "rndc_key";\r
+ };\r
+ inet 127.0.0.1 allow {\r
+ 127.0.0.1;\r
+ }\r
+ keys {\r
+ "rndc_key";\r
+ };\r
+};\r
+</pre></td></tr></table>\r
+\r
+<p>\82Ü\82½\81Akey\83f\83B\83\8c\83N\83e\83B\83u\82É\82Â\82¢\82Ä\82Í\95Ê\83t\83@\83C\83\8b\82É\8bL\8fq\82µ\81Anamed.conf\82Åinclude\r
+\82·\82é\82±\82Æ\82ª\96]\82Ü\82µ\82¢\81B\95Ê\83t\83@\83C\83\8b\82É\8bL\8fq\82·\82é\8fê\8d\87\82Í\81A\83p\81[\83~\83b\83V\83\87\83\93\82Ì\90Ý\92è\82æ\82Á\82Ä\82³\82ç\82É\r
+\83Z\83L\83\85\83\8a\83e\83B\82ð\8d\82\82ß\82é\82±\82Æ\82ª\89Â\94\\82Æ\82È\82é\81B</p>\r
+<p>\8e\9f\82É\81Aoptions\83f\83B\83\8c\83N\83e\83B\83u\82Ì\90Ý\92è\82ð\8ds\82¤\81B</p>\r
+\r
+<table><tr><td><pre>\r
+options {\r
+ directory "/etc/namedb";\r
+ pid-file "/var/run/named/named.pid";\r
+ auth-nxdomain yes;\r
+ listen-on-v6 { any; };\r
+};\r
+</pre></td></tr></table>\r
+\r
+<p>named.pid\83t\83@\83C\83\8b\82ð\92u\82\83f\83B\83\8c\83N\83g\83\8a\82Í\93K\93\96\82É\8dì\90¬\82·\82é\95K\97v\82ª\82 \82é\81B</p>\r
+\r
+<div align="right"><a href="#bind0">top</a></div>\r
+\r
+<!-- ******** 4 ********* -->\r
+<h4>E.4 zone
\82Ì
\90Ý
\92è<a name="bind4" href="#bind4" class="anchor">†</a></h4>
\r+\r
+<p>Opengate\82Å\8aÇ\97\9d\82·\82é\83h\83\81\83C\83\93\82É\82Â\82¢\82Ä\90Ý\92è\82ð\8ds\82¤\81B\8ae\83h\83\81\83C\83\93\82Ínamed.conf\82Ìzone\83f\83B\83\8c\83N\83e\83B\83u\82É\r
+\82æ\82Á\82Ä\8aÇ\97\9d\82³\82ê\82é\81B\82Ü\82½\81ABIND9\82Å\82Íview\82Æ\82¢\82¤\83f\83B\83\8c\83N\83e\83B\83u\82ª\8eÀ\91\95\82³\82ê\82Ä\82¨\82è\81A\82±\82Ì\8eq\83f\83B\83\8c\83N\83e\83B\83u\82É\r
+zone\82Æ\82µ\82Ä\90Ý\92è\82·\82é\82±\82Æ\82É\82æ\82Á\82Ä\81ADNS\96â\82¢\8d\87\82í\82¹\8c³\82ÌIP\83A\83h\83\8c\83X\82â\83h\83\81\83C\83\93\82É\82æ\82Á\82Ä\95Ô\93\9a\82·\82ézone\82ð\r
+\95Ï\8dX\82·\82é\82±\82Æ\82ª\89Â\94\\82Æ\82È\82é\81B</p>\r
+\r
+<table><tr><td><pre>\r
+view "og" {\r
+ match-clients\r
+ {\r
+ 10.0.0.0/16;\r
+ };\r
+\r
+ recursion yes;\r
+\r
+ zone "." {\r
+ type hint;\r
+ file "named.root";\r
+ };\r
+\r
+ zone "og.saga-u.ac.jp" {\r
+ type master;\r
+ file "og.saga-u.ac.jp";\r
+ };\r
+\r
+ zone "0.0.127.IN-ADDR.ARPA" {\r
+ type master;\r
+ file "master/localhost.rev";\r
+ };\r
+\r
+ // RFC 3152\r
+ zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.\\r
+ 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA" {\r
+ type master;\r
+ file "master/localhost-v6.rev";\r
+ };\r
+\r
+ // RFC 1886 -- deprecated\r
+ zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.\\r
+ 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.INT" {\r
+ type master;\r
+ file "master/localhost-v6.rev";\r
+ };\r
+};\r
+</pre></td></tr></table>\r
+\r
+<p>\88È\8fã\82Ì\90Ý\92è\82É\82¨\82¢\82Ä\81A"og.saga-u.ac.jp"\82Æ\82¢\82¤zone\82ð\90Ý\92è\82µ\82½\81B\82±\82Ì\90Ý\92è\82É\82¨\82¢\82Ä\81A\r
+\83h\83\81\83C\83\93"og.saga-u.ac.jp"\82É\91®\82·\82é\83z\83X\83g\82ð\90Ý\92è\82µ\82½og.saga-u.ac.jp\82Æ\82¢\82¤\83t\83@\83C\83\8b\82ð\r
+\93Ç\82Ý\8d\9e\82Þ\82æ\82¤\82É\90Ý\92è\82µ\82Ä\82¢\82é\81B\82»\82±\82Å\81Aog.saga-u.ac.jp\82Æ\82¢\82¤\81A\8e\9f\82Ì\82æ\82¤\82È\83t\83@\83C\83\8b\82ð\r
+\97p\88Ó\82·\82é\81B</p>\r
+\r
+<table><tr><td><pre>\r
+$TTL 3600\r
+$ORIGIN og.saga-u.ac.jp.\r
+\r
+@ IN SOA ns.og.saga-u.ac.jp. postmaster (\r
+ 2005051702 ;\r
+ 3600\r
+ 1200\r
+ 2419200\r
+ 86400 )\r
+ IN NS ns.og.saga-u.ac.jp.\r
+ IN A 10.0.0.2\r
+ IN MX 10 opengate.og.saga-u.ac.jp.\r
+\r
+ns IN A 10.0.0.2\r
+\r
+opengate IN A 10.0.0.2\r
+ AAAA 2001:2f8:10:1::1\r
+\r
+opengate4 IN A 133.49.1.2\r
+</pre></td></tr></table>\r
+\r
+<div align="right"><a href="#bind0">top</a></div>\r
+\r
+<!-- ********* 5 ********* -->\r
+<h4>E.5
\8bN
\93®
\8am
\94F<a name="bind5" href="#bind5" class="anchor">†</a></h4>
\r+\r
+<p>\88È\8fã\81A\91S\82Ä\82Ì\90Ý\92è\82ª\8a®\97¹\82µ\82½\8cã\82É\81A\8bN\93®\8am\94F\82ð\8ds\82¤\81B</p>\r
+\r
+<table><tr><td><pre>\r
+# /usr/local/sbin/named/ -u bind -c /etc/namedb/named.conf\r
+</pre></td></tr></table>\r
+\r
+<p>\88È\8fã\82ð\8eÀ\8ds\82µ\81A\96â\91è\82È\82named\82ª\8bN\93®\82µ\82Ä\82¢\82ê\82Î\90¬\8c÷\82Å\82 \82é\81B\8bN\93®\8am\94F\82Å\96â\91è\82ª\82È\82¯\82ê\82Î\81A\r
+/etc/rc.conf\82É\88È\89º\82Ì\8d\80\96Ú\82ð\8bL\8fq\82µ\81A\8e©\93®\8bN\93®\82·\82é\82æ\82¤\82É\90Ý\92è\82·\82é\81B</p>\r
+\r
+<table><tr><td><pre>\r
+named_enable="YES"\r
+named_program="/usr/local/sbin/named"\r
+named_flags="-u bind -c /etc/namedb/named.conf"\r
+</pre></td></tr></table>\r
+\r
+<p>DNS\83T\81[\83o\82Í\8aÇ\97\9d\82ª\95¡\8eG\82Å\82 \82é\82½\82ß\81A\82±\82Ì\91¼\82Ì\8e\91\97¿\82à\8eQ\8dl\82É\82µ\81A\83}\83j\83\85\83A\83\8b\82ð\r
+\8fn\93Ç\82µ\82½\8fã\82Å\90Ý\92è\82·\82é\82±\82Æ\82ª\96]\82Ü\82µ\82¢\81B</p>\r
+\r
+<div align="right"><a href="#bind0">top</a></div>\r
+\r
+</body>\r
+</html>
\ No newline at end of file
--- /dev/null
+<html>\r
+<head>\r
+<title>Opegnate Install</title>\r
+<meta http-equiv="content-type" content="text/html;charset=Shift_JIS">\r
+<link rel="stylesheet" type="text/css" media="screen" href="style.css">\r
+</head>\r
+\r
+<body bgcolor="#BBEECC">\r
+\r
+<h2>Opengate
\83C
\83\93\83X
\83g
\81[
\83\8b\8eè
\8f\87<a name="top" href="#top" class="anchor">†</a></h2>
\r+\r
+<!-- Start:\96Ú\8e\9f -->\r
+<ul>\r
+ <li class="list_alpha"><a href="#opengate0">Opengate \82Ì\83C\83\93\83X\83g\81[\83\8b</a></li>\r
+ <ul>\r
+ <li class="list_num"><a href="#opengate1">\83C\83\93\83X\83g\81[\83\8b\8eè\8f\87</a></li>\r
+ <li class="list_num"><a href="#opengate2">FreeBSD \82Ì\83C\83\93\83X\83g\81[\83\8b</a></li>\r
+ <li class="list_num"><a href="#opengate3">Opengate \82Ì\83C\83\93\83X\83g\81[\83\8b</a></li>\r
+ </ul>\r
+ <li class="list_alpha"><a href="#ipfw0">ipfw,ip6fw\82Ì\90Ý\92è</a></li>\r
+ <ul>\r
+ <li class="list_num"><a href="#ipfw1">\83J\81[\83l\83\8b\82Ì\8dÄ\8d\\92z</a></li>\r
+ <li class="list_num"><a href="#ipfw2">ipfw\82Ì\90Ý\92è</a></li>\r
+ <li class="list_num"><a href="#ipfw3">ip6fw\82Ì\90Ý\92è</a></li>\r
+ </ul>\r
+ <li class="list_alpha"><a href="#apache0">Apache2\82Ì\83C\83\93\83X\83g\81[\83\8b</a></li>\r
+ <ul>\r
+ <li class="list_num"><a href="#apache1">\83C\83\93\83X\83g\81[\83\8b\81iports\81j</a></li>\r
+ <li class="list_num"><a href="#apache2">\83C\83\93\83X\83g\81[\83\8b\81i\83\\81[\83X\81j</a></li>\r
+ <li class="list_num"><a href="#apache3">\94é\96§\8c®\81A\8fØ\96¾\8f\91\82Ì\8dì\90¬</a></li>\r
+ <li class="list_num"><a href="#apache4">\83o\81[\83`\83\83\83\8b\83z\83X\83g\82Ì\90Ý\92è</a></li>\r
+ <li class="list_num"><a href="#apache5">HTTP_ERROR 404\82Ö\82Ì\91Î\89\9e</a></li>\r
+ </ul>\r
+ <li class="list_alpha"><a href="#dhcp0">isc-dhcp3\82Ì\83C\83\93\83X\83g\81[\83\8b</a></li>\r
+ <ul>\r
+ <li class="list_num"><a href="#dhcp1">\83C\83\93\83X\83g\81[\83\8b\81iports\81j</a></li>\r
+ <li class="list_num"><a href="#dhcp2">DHCP\82Ì\90Ý\92è</a></li>\r
+ </ul>\r
+ <li class="list_alpha"><a href="#bind0">BIND9\82Ì\83C\83\93\83X\83g\81[\83\8b</a></li>\r
+ <ul>\r
+ <li class="list_num"><a href="#bind1">\83C\83\93\83X\83g\81[\83\8b\81iports\81j</a></li>\r
+ <li class="list_num"><a href="#bind2">\94F\8fØ\83L\81[\82Ì\8dì\90¬</a></li>\r
+ <li class="list_num"><a href="#bind3">named.conf\82Ì\90Ý\92è</a></li>\r
+ <li class="list_num"><a href="#bind4">zone\82Ì\90Ý\92è</a></li>\r
+ <li class="list_num"><a href="#bind5">\8bN\93®\8am\94F</a></li>\r
+ </ul>\r
+</ul>\r
+\r
+<!-- End:\96Ú\8e\9f -->\r
+<hr>\r
+\r
+<!-- Start:Opengate\82Ì\83C\83\93\83X\83g\81[\83\8b -->\r
+<h3>A Opegnate
\82Ì
\83C
\83\93\83X
\83g
\81[
\83\8b<a name="opengate0" href="#opengate0" class="anchor">†</a></h3>
\r+<ul>\r
+ <li class="list_num"><a href="#opengate1">\83C\83\93\83X\83g\81[\83\8b\8eè\8f\87</a></li>\r
+ <li class="list_num"><a href="#opengate2">FreeBSD \82Ì\83C\83\93\83X\83g\81[\83\8b</a></li>\r
+ <li class="list_num"><a href="#opengate3">Opengate \82Ì\83C\83\93\83X\83g\81[\83\8b</a></li>\r
+</ul>\r
+\r
+<!-- ************ 1 ************** -->\r
+<h4>A.1
\83C
\83\93\83X
\83g
\81[
\83\8b\8eè
\8f\87<a name="opengate1" href="#opengate1" class="anchor">†</a></h4>
\r+\r
+<p>Opengate\82Ì\83C\83\93\83X\83g\81[\83\8b\8eè\8f\87\82ð\88È\89º\82É\8e¦\82·\81B\82½\82¾\82µ\81A\81¦\82Í\95K\90{\8d\80\96Ú\82ð\8e¦\82µ\81A\82»\82ê\88È\8aO\82Ì\8eè\8f\87\82Í\95K\97v\82É\89\9e\82¶\82Ä\8ds\82È\82¤\81B</p>\r
+\r
+<ul>\r
+ <li class="list_num">\83Q\81[\83g\83E\83F\83C\83}\83V\83\93\82Ì\8f\80\94õ \81¦</li>\r
+ <li class="list_num">FreeBSD(OS)\82Ì\83C\83\93\83X\83g\81[\83\8b \81¦</li>\r
+ <li class="list_num">\83J\81[\83l\83\8b\82Ì\8dÄ\8d\\92z \81¦</li>\r
+ <li class="list_num">ipfw,ip6fw\82Ì\90Ý\92è \81¦</li>\r
+ <li class="list_num">NAT\82Ì\90Ý\92è</li>\r
+ <li class="list_num">Apache2\82Ì\83C\83\93\83X\83g\81[\83\8b\81A\90Ý\92è \81¦</li>\r
+ <li class="list_num">DHCP\82Ì\83C\83\93\83X\83g\81[\83\8b\81A\90Ý\92è</li>\r
+ <li class="list_num">BIND9\82Ì\83C\83\93\83X\83g\81[\83\8b\81A\90Ý\92è</li>\r
+</ul>\r
+\r
+<div align="right"><a href="#opengate0">back</a> <a href="#top">top</a></div>\r
+\r
+<!-- ************ 2 ************** -->\r
+<h4>A.2 FreeBSD
\82Ì
\83C
\83\93\83X
\83g
\81[
\83\8b<a name="opengate2" href="#opengate2" class="anchor">†</a></h4>
\r+\r
+<p>\83Q\81[\83g\83E\83F\83C\83}\83V\83\93\82Æ\82µ\82Ä\81ANIC\82ð\82Q\96\87\88È\8fã\8e\9d\82¿\81AFreeBSD\82ð\83C\83\93\83X\83g\81[\83\8b\82·\82é\82±\82Æ\82ª\89Â\94\\82È\82à\82Ì\82ð\97p\88Ó\82·\82é\81B</p>\r
+<p>FreeBSD 4.x,5.x,6.x\82Ì\89½\82ê\82©\82ð\83C\83\93\83X\83g\81[\83\8b\82·\82é\81B\8cã\82É\83J\81[\83l\83\8b\82ð\8dÄ\8d\\92z\82·\82é\95K\97v\82ª\82 \82é\82Ì\82Å\81A\83C\83\93\83X\83g\81[\83\8b\82·\82é\r
+Distributions\82ð\91I\91ð\82·\82é\8dÛ\82ÉDeveloper(Full sorces,binaries and doc)\82ð\91I\91ð\82µ\82È\82¯\82ê\82Î\82È\82ç\82È\82¢\81B</p>\r
+<p>FreeBSD\82ð\83C\83\93\83X\83g\81[\83\8b\82µ\82½\8cã\82É\81A\83Q\81[\83g\83E\83F\83C\82Æ\82µ\82Ä\82Ì\8b@\94\\82ð\97L\8cø\82É\82·\82é\82½\82ß\82É\81A/etc/rc.conf\82É\8e\9f\82Ì\90Ý\92è\82ð\8bL\8fq\82·\82é\r
+\81B\82à\82µ\82\82Í\81AFreeBSD\82ð\83C\83\93\83X\83g\81[\83\8b\82·\82é\8dÛ\82É\81A\83Q\81[\83g\83E\83F\83C\82Æ\82µ\82Ä\82Ì\8b@\94\\82ð\97L\8cø\82É\82·\82é\82©\94Û\82©\82ð\96â\82í\82ê\82é\82Ì\82Å\81A\82±\82±\82Å\r
+\83Q\81[\83g\83E\83F\83C\82Ì\8b@\94\\82ð\97L\8cø\82É\82µ\82Ä\82à\8d\\82í\82È\82¢\81B</p>\r
+\r
+<table>\r
+<td><code>gateway_enable="YES"</code></td>\r
+</table>\r
+\r
+<div align="right"><a href="#opengate0">back</a> <a href="#top">top</a></div>\r
+\r
+<!-- ************ 3 ************** -->\r
+<h4>A.3 Opengate
\82Ì
\83C
\83\93\83X
\83g
\81[
\83\8b<a name="opengate3" href="#opengate3" class="anchor">†</a></h4>
\r+\r
+<h5>A.3.1 Opengate
\83p
\83b
\83P
\81[
\83W<a name="opengate4" href="#opengate4" class="anchor">†</a></h5>
\r+\r
+<p>Opengate\82Ì\8dÅ\90V\82Ì\83p\83b\83P\81[\83W\82ð\93K\93\96\82È\83f\83B\83\8c\83N\83g\83\8a\82É\93W\8aJ\82·\82é\81B\83p\83b\83P\81[\83W\82É\82Í\88È\89º\82Ì\83f\83B\83\8c\83N\83g\83\8a\82ª\8aÜ\82Ü\82ê\82é\81B</p>\r
+\r
+<table>\r
+<tr><td>\r
+<pre>\r
+doc\81F\8ae\8eí\95¶\8f\91\r
+conf\81F\90Ý\92è\83t\83@\83C\83\8b\81A\83t\83@\83C\83A\83E\83H\81[\83\8b\83X\83N\83\8a\83v\83g\r
+javahtml\81F\83N\83\89\83C\83A\83\93\83gJava Applet\81AHTML\83t\83@\83C\83\8b\r
+opengatesrv\81F\83T\81[\83oCGI\83v\83\8d\83O\83\89\83\80\r
+</pre>\r
+</td></tr>\r
+</table>\r
+\r
+<h5>A.3.2
\83R
\83\93\83p
\83C
\83\8b<a name="opengate5" href="#opengate5" class="anchor">†</a></h5>
\r+\r
+<p>Opengate\83p\83b\83P\81[\83W\82É\8aÜ\82Ü\82ê\82éopengatesrv\83f\83B\83\8c\83N\83g\83\8a\82ÉMakefile\82ª\97p\88Ó\82³\82ê\82Ä\82¢\82é\81B\r
+\93¯\83f\83B\83\8c\83N\83g\83\8a\82É\82¨\82¢\82Ä\81AOpengate\82Ì\83R\83\93\83p\83C\83\8b\82Æ\83C\83\93\83X\83g\81[\83\8b\8dì\8bÆ\82ð\8ds\82È\82¤\82ª\81A\83R\83\93\83p\83C\83\8b\r
+\82ð\8ds\82È\82¤\91O\82É\81A\8ae\8eí\90Ý\92è\82ð\8ds\82È\82¤\95K\97v\82 \82ª\82é\81B</p>\r
+<p>Makefle\82É\82¨\82¢\82Ä\81A\88È\89º\82Ì\8d\80\96Ú\82ð\90Ý\92è\82µ\82È\82¯\82ê\82Î\82È\82ç\82È\82¢\81B</p>\r
+\r
+<ul>\r
+ <li class="list_none">HOSTNAME</li>\r
+ <ul>\r
+ <li>Opengate\82ÌFQDN\82Å\81AIPv4/6\97¼\95û\82Ì\83A\83h\83\8c\83X\82ª\93o\98^\82³\82ê\82Ä\82¢\82é\82à\82Ì\82ð\90Ý\92è\82·\82é\81B</li>\r
+ </ul>\r
+ <li class="list_none">HOSTNAME4</li>\r
+ <ul>\r
+ <li>Opengate\82ÌFQDN\82Å\81AIPv4\83A\83h\83\8c\83X\82Ì\82Ý\82ª\93o\98^\82³\82ê\82Ä\82¢\82é\82à\82Ì\82ð\90Ý\92è\82·\82é\81B</li>\r
+ </ul>\r
+ <li class="list_none">OPENGATEDIR</li>\r
+ <ul>\r
+ <li>Opengate\8aÖ\98A\83t\83@\83C\83\8b\82ð\83C\83\93\83X\83g\81[\83\8b\82·\82é\8fê\8f\8a\82ð\81AApache2\82ÌDocumnetRoot\82©\82ç\82Ì\91\8a\91Î\83p\83X\82Å\90Ý\92è\82·\82é\81B</li>\r
+ </ul>\r
+ <li class="list_none">HTMLTOP1,HTMLTOP2</li>\r
+ <ul>\r
+ <li>Apache2\82Ì\83C\83\93\83X\83g\81[\83\8b\8fó\8bµ\82É\82æ\82Á\82Ä\81AHTMLTOP1\82ÉHTTP\97p\82ÌDocumentRoot\82ð\90Ý\92è\82·\82é\81B</li>\r
+ <li>HTMLTOP1\82Æ\93¯\97l\82É\81AHTMLTOP2\82ÉHTTPS\97p\82ÌDocumentRoot\82ð\90Ý\92è\82·\82é\81B</li>\r
+ </ul>\r
+ <li class="list_none">CGIPATH,CGIPROG,CGIURL</li>\r
+ <ul>\r
+ <li>CGIPATH\82É\81A\83T\81[\83oCGI\82ð\83C\83\93\83X\83g\81[\83\8b\82·\82é\8fê\8f\8a\82Ì\90â\91Î\83p\83X\82ð\90Ý\92è\82·\82é\81B\82½\82¾\82µ\81AApache2\82Ì\83C\83\93\83X\83g\81[\83\8b\8fó\8bµ\82É\82æ\82Á\82Ä\81A\r
+ CGI\82ª\8eÀ\8ds\89Â\94\\82È\8fê\8f\8a\82Å\82 \82é\82±\82Æ\81B</li>\r
+ <li>CGIPROG\82É\81A\83T\81[\83oCGI\82Ì\96¼\91O\82ð\90Ý\92è\82·\82é\81B</li>\r
+ <li>CGIURL\82É\81A\83T\81[\83oCGI\82ð\8eÀ\8ds\82·\82é\82½\82ß\82ÌURL\82ð\90Ý\92è\82·\82é\81B</li>\r
+ </ul>\r
+ <li class="list_none">AUTHCGIPROG,AUTHCGIURL</li>\r
+ <ul>\r
+ <li>AUTHCGIPROG\82É\81A\94F\8fØ\89æ\96Ê\92ñ\8b\9fCGI\82Ì\96¼\91O\82ð\90Ý\92è\82·\82é\81B</li>\r
+ <li>AUTHCGIURL\82É\81A\83T\81[\83oCGI\82Æ\93¯\97l\82É\81A\94F\8fØ\89æ\96Ê\92ñ\8b\9fCGI\82ð\8eÀ\8ds\82·\82é\82½\82ß\82ÌURL\82ð\90Ý\92è\82·\82é\81B</li>\r
+ </ul>\r
+ <li class="list_none">CONFIGFILE</li>\r
+ <ul>\r
+ <li>Opengate\82Ì\90Ý\92è\83t\83@\83C\83\8b\96¼\82ð\90Ý\92è\82·\82é\81B</li>\r
+ </ul>\r
+ <li class="list_none">USEFWSCRIPT,FWSCRIPT,FWSCRIPTFILE</li>\r
+ <ul>\r
+ <li>USEFWSCRIPT\82É\81A\83t\83@\83C\83A\83E\83H\81[\83\8b\90§\8cä\83X\83N\83\8a\83v\83g\82ð\97\98\97p\82·\82é\82©\94Û\82©\82ð\90Ý\92è\82·\82é\81B\81i\82P\81F\97\98\97p\82·\82é\81B\82O\81F\97\98\97p\82µ\82È\82¢\81B\81j</li>\r
+ <li>FWSCRIPT\82É\81A\83t\83@\83C\83A\83E\83H\81[\83\8b\90§\8cä\83X\83N\83\8a\83v\83g\82Ì\83t\83@\83C\83\8b\96¼\82ð\90Ý\92è\82·\82é\81B</li>\r
+ <li>FWSCRIPTFILE\82É\81AFWSCRIPT\82É\90Ý\92è\82µ\82½\83t\83@\83C\83\8b\82Ö\82Ì\90â\91Î\83p\83X\82ð\90Ý\92è\82·\82é\81B</li>\r
+ </ul>\r
+ <li class="list_none">LOCKFILE</li>\r
+ <ul>\r
+ <li>\94r\91¼\90§\8cä\97p\83\8d\83b\83N\83t\83@\83C\83\8b\96¼\81A\90â\91Î\83p\83X\82ð\90Ý\92è\82·\82é\81B</li>\r
+ </ul>\r
+ <li class="list_none">HTMLDOCS,DENYDOC,DENYDOCSSL,ACCEPTDOC,ACCEPTDOC2</li>\r
+ <ul>\r
+ <li>HTMLDOCS\82É\81A\83T\81[\83oCGI\82Å\97p\82¢\82éHTML\83t\83@\83C\83\8b\96¼\91S\82Ä\82ð\90Ý\92è\82·\82é\81B</li>\r
+ <li>DENYDOC\82É\81A\94F\8fØ\8e¸\94s\8e\9e\82É\95\\8e¦\82·\82éHTML\83t\83@\83C\83\8b\82ð\90Ý\92è\82·\82é\81B</li>\r
+ <li>DENYDOCSSL\82É\81AHTTPS\82ð\97p\82¢\82Ä\94F\8fØ\82É\8e¸\94s\82µ\82½\8fê\8d\87\82ÌHTML\83t\83@\83C\83\8b\82ð\90Ý\92è\82·\82é\81B</li>\r
+ <li>ACCEPTDOC\82É\81A\94F\8fØ\90¬\8c÷\8e\9e\82É\95\\8e¦\82·\82éHTML\83t\83@\83C\83\8b\82ð\90Ý\92è\82·\82é\81B</li>\r
+ <li>ACCEPTDOC2\82É\81A\94F\8fØ\90¬\8c÷\8e\9e\82É\83|\83b\83v\83A\83b\83v\83E\83B\83\93\83h\83E\82Å\95\\8e¦\82³\82ê\82éHTML\83t\83@\83C\83\8b\82ð\90Ý\92è\82·\82é\81B\r
+ \81i\83|\83b\83v\83A\83b\83v\83E\83B\83\93\83h\83E\82ÌURL\82Í\95Ï\8dX\89Â\94\\81BINFOURL\8eQ\8fÆ\81j</li>\r
+ </ul>\r
+ <li class="list_none">INFOMATION</li>\r
+ <ul>\r
+ <li>ACCEPTDOC2\82Ì\91Ö\82í\82è\82É\81A\95ÊURL\82Ì\83y\81[\83W\82ð\95\\8e¦\82·\82é\82©\94Û\82©\82ð\90Ý\92è\82·\82é\81B\81i\82P\81F\97\98\97p\82·\82é\81B\82O\81F\97\98\97p\82µ\82È\82¢\81B\81j</li>\r
+ </ul>\r
+ <li class="list_none">INFOMATIONURL</li>\r
+ <ul>\r
+ <li>ACCEPTDOC2\82Ì\91Ö\82í\82è\82É\95\\8e¦\82³\82¹\82é\83y\81[\83W\82ÌURL\82ð\90Ý\92è\82·\82é\81B</li>\r
+ </ul>\r
+ <li class="list_none">AUTHHTMLJA,AUTHHTMLEN,AUTHHTMLJASSL,AUTHHTMLENSSL</li>\r
+ <ul>\r
+ <li>AUTHHTMLJA\82É\81A\93ú\96{\8cê\94F\8fØ\83y\81[\83W\82ÌHTML\83t\83@\83C\83\8b\82ð\90Ý\92è\82·\82é\81B</li>\r
+ <li>AUTHHTMLEN\82É\81A\89p\8cê\94F\8fØ\83y\81[\83W\82ÌHTML\83t\83@\83C\83\8b\82ð\90Ý\92è\82·\82é\81B</li>\r
+ <li>AUTHHTMLJASSL\82É\81AHTTPS\82ð\97p\82¢\82½\93ú\96{\8cê\94F\8fØ\83y\81[\83W\82ÌHTML\83t\83@\83C\83\8b\82ð\90Ý\92è\82·\82é\81B</li>\r
+ <li>AUTHHTMLENSSL\82É\81AHTTPS\82ð\97p\82¢\82½\89p\8cê\94F\8fØ\83y\81[\83W\82ÌHTML\83t\83@\83C\83\8b\82ð\90Ý\92è\82·\82é\81B</li>\r
+ <li>\93ú\96{\8cê\81A\89p\8cê\88È\8aO\82É\94F\8fØ\8c¾\8cê\82ð\92Ç\89Á\82·\82é\8fê\8d\87\82Í\81Ajavahtml\83f\83B\83\8c\83N\83g\83\8a\93à\82Ì\8c¾\8cê\83f\83B\83\8c\83N\83g\83\8a\82Ì\92Ç\89Á\81AHTMLDOCS,DENYDOC,\r
+ DENYDOCSSL,ACCESPTDOC,ACCEPTDOC2\82ð\95Ï\8dX\82µ\81A\82³\82ç\82Éopengateauth.h\93à\82Ì\90Ý\92è\82É\82 \82í\82¹\82ÄAUTHTHMLXX\82ð\92Ç\89Á\82·\82é\82±\82Æ\81B</li>\r
+ </ul>\r
+ <li class="list_none">ARPPATH</li>\r
+ <ul>\r
+ <li>ARP\83R\83}\83\93\83h\82Ì\83p\83X\82ð\90Ý\92è\82·\82é\81B</li>\r
+ </ul>\r
+ <li class="list_none">NDPPAHT</li>\r
+ <ul>\r
+ <li>NDP\83R\83}\83\93\83h\82Ì\83p\83X\82ð\90Ý\92è\82·\82é\81B</li>\r
+ </ul>\r
+ <li class="list_none">IPFW,IP6FW</li>\r
+ <ul>\r
+ <li>IPFW,IP6FW\83R\83}\83\93\83h\82Ì\82»\82ê\82¼\82ê\82Ì\83p\83X\82ð\90Ý\92è\82·\82é\81B</li>\r
+ </ul>\r
+ <li class="list_none">DEBUG</li>\r
+ <ul>\r
+ <li>\83f\83o\83b\83O\82ð\8ds\82È\82¤\82©\94Û\82©\82ð\90Ý\92è\82·\82é\81B\81i\82P\81F\83f\83o\83b\83O\83\8d\83O\82ð\8fo\97Í\82·\82é\81B\82O\81F\94F\8fØ\83\8d\83O\82Ì\82Ý\8fo\97Í\82·\82é\81B\81j</li>\r
+ </ul>\r
+ <li class="list_none">DURATIONDEFAULT</li>\r
+ <ul>\r
+ <li>Java Applet\82ð\91\97\90M\82µ\82Ä\82©\82ç\90Ú\91±\82µ\82Ä\82\82é\82Ü\82Å\82Ì\91Ò\82¿\8e\9e\8aÔ\81i\95b\81j\82ð\90Ý\92è\82·\82é\81B\90Ý\92è\92l\82Ì\8e\9e\8aÔ\82ª\8co\89ß\82·\82é\82Ü\82Å\82É\81A\r
+ Java Applet\82©\82ç\82Ì\90Ú\91±\82ª\96³\82¯\82ê\82Î\92Ê\90M\98H\82ð\95Â\8d½\82·\82é\81B\82±\82Ì\91Ò\82¿\8e\9e\8aÔ\82Í\94F\8fØ\83y\81[\83W\82æ\82è\81A\97\98\97p\8eÒ\82ª\95Ï\8dX\82·\82é\82±\82Æ\82ª\89Â\94\\81B\r
+ \82Ü\82½\81A\97\98\97p\8eÒ\82Ì\95Ï\8dX\82ð\8b\96\97e\82µ\82È\82¢\8fê\8d\87\82Í\81A\94F\8fØ\83y\81[\83W\82©\82ç\93ü\97Í\83t\83H\81[\83\80\82ð\8dí\8f\9c\82·\82é\82±\82Æ\81B</li>\r
+ </ul>\r
+ <li class="list_none">DURATIONMAX</li>\r
+ <ul>\r
+ <li>Java Applet\82©\82ç\82Ì\90Ú\91±\82ª\8am\94F\82Å\82«\82È\82¢\8fê\8d\87\82É\81A\97\98\97p\8eÒ\82ª\94F\8fØ\83y\81[\83W\82Å\8ew\92è\82µ\82½\97\98\97p\8cp\91±\8e\9e\8aÔ\81i\95b\81j\82Ì\8dÅ\91å\92l\r
+ \82ð\90Ý\92è\82·\82é\81B\97\98\97p\8eÒ\82Ì\95Ï\8dX\82ð\8b\96\97e\82µ\82È\82¢\8fê\8d\87\82Í\81ADURATIONDEFAULT\82Æ\93¯\82¶\92l\82É\82·\82é\95K\97v\82ª\82 \82é\81B</li>\r
+ </ul>\r
+ <li class="list_none">ACTIVECHECKINTERVAL</li>\r
+ <ul>\r
+ <li> \92[\96\96\82Ì\97\98\97p\8fó\8bµ\82ð\8am\94F\82·\82é\8aÔ\8au(\95b)\82ð\90Ý\92è\82·\82é\81BJava Applet\82©\82ç\82Ì\90Ú\91±\82ª\96³\82¢\8fê\8d\87\82Í\81A\r
+ \92Ê\89ß\83p\83P\83b\83g\90\94\82ÆMAC\83A\83h\83\8c\83X\82Ì\8am\94F\82ð\8ds\82È\82¤\81BJava Applet\82©\82ç\82Ì\92Ê\90M\82ª\82 \82é\8fê\8d\87\82Í\81AHELLO\83\81\83b\83Z\81[\83W\82Ì\8cð\8a·\82Æ\r
+ \92Ê\89ß\83p\83P\83b\83g\90\94\82Ì\8am\94F\82ð\8ds\82È\82¤\81B</li>\r
+ </ul>\r
+ <li class="list_none">COMMWAITTIMEOUT</li>\r
+ <ul>\r
+ <li>HELLO\83\81\83b\83Z\81[\83W\95Ô\93\9a\82Ü\82Å\82Ì\8dÅ\91å\91Ò\82¿\8e\9e\8aÔ\81i\95b\81j\82ð\90Ý\92è\82·\82é\81B</li>\r
+ </ul>\r
+ <li class="list_none">NOREPLYMAX</li>\r
+ <ul>\r
+ <li>HELLO\83\81\83b\83Z\81[\83W\82É\89\9e\93\9a\82µ\82È\82©\82Á\82½\8fê\8d\87\82ð\8b\96\97e\82·\82é\89ñ\90\94\82ð\90Ý\92è\82·\82é\81B</li>\r
+ </ul>\r
+ <li class="list_none">NOPAKETINTERVAL</li>\r
+ <ul>\r
+ <li>\92Ê\89ß\83p\83P\83b\83g\82ª\8am\94F\82Å\82«\82È\82©\82Á\82½\8fê\8d\87\82É\81A\92Ê\90M\98H\82ð\95Â\8d½\82·\82é\82Ü\82Å\82Ì\8e\9e\8aÔ\81B\8eÀ\8dÛ\82É\82Í\81A\92Ê\89ß\83p\83P\83b\83g\82Ì\8am\94F\82Í\r
+ ACTIVECHECKINTERVAL\82Ì\90Ý\92è\8e\9e\8aÔ\96\88\82É\8ds\82È\82í\82ê\82é\82Ì\82Å\81AACTIVECHECKINTERVAL\82Ì\90®\90\94\94{\82Ì\8e\9e\8aÔ\82É\90Ø\82è\8fã\82°\82ç\82ê\82é\81B</li>\r
+ </ul>\r
+ <li class="list_none">LOCKTIMEOUT</li>\r
+ <ul>\r
+ <li>ipfw,ip6fw\82Ì\94r\91¼\90§\8cä\82Ì\8dÅ\91å\91Ò\82¿\8e\9e\8aÔ\81i\95b\81j\82ð\90Ý\92è\82·\82é\81B</li>\r
+ </ul>\r
+ <li class="list_none">IPFWMIN</li>\r
+ <ul>\r
+ <li>Opengate\82Å\97\98\97p\82·\82éipfw\82à\82µ\82\82Íip6fw\82Ì\83\8b\81[\83\8b\94Ô\8d\86\94Í\88Í\82Ì\8dÅ\8f¬\92l\82ð\90Ý\92è\82·\82é\81B</li>\r
+ </ul>\r
+ <li class="list_none">IPFWMAX</li>\r
+ <ul>\r
+ <li>Opengate\82Å\97\98\97p\82·\82éipfw\82à\82µ\82\82Íip6fw\82Ì\83\8b\81[\83\8b\94Ô\8d\86\94Í\88Í\82Ì\8dÅ\91å\92l\82ð\90Ý\92è\82·\82é\81B</li>\r
+ </ul>\r
+ <li class="list_none">IPFWINTERVAL</li>\r
+ <ul>\r
+ <li>ipfw\82à\82µ\82\82Íip6fw\82Ì\83\8b\81[\83\8b\94Ô\8d\86\94Í\88Í\82É\82¨\82¢\82Ä\81A\97\98\97p\82·\82é\94Ô\8d\86\82Ì\94Í\88Í\82ð\90Ý\92è\82·\82é\81B\r
+ \83N\83\89\83C\83A\83\93\83g\82Ì\91ä\90\94\90§\8cÀ\82É\97p\82¢\82é\82±\82Æ\82ª\89Â\94\\82Å\82 \82é\81B</li>\r
+ </ul>\r
+ <li class="list_none">PORTMIN</li>\r
+ <ul>\r
+ <li>Java Applet\82Æ\82Ì\92Ê\90M\82É\97\98\97p\82·\82é\83|\81[\83g\82Ì\97\98\97p\94Í\88Í\82Ì\8dÅ\8f¬\92l\82ð\90Ý\92è\82·\82é\81B</li>\r
+ </ul>\r
+ <li class="list_none">PORTMAX</li>\r
+ <ul>\r
+ <li>Java Applet\82Æ\82Ì\92Ê\90M\82É\97\98\97p\82·\82é\83|\81[\83g\82Ì\97\98\97p\94Í\88Í\82Ì\8dÅ\91å\92l\82ð\90Ý\92è\82·\82é\81B</li>\r
+ </ul>\r
+ <li class="list_none">FACILITY</li>\r
+ <ul>\r
+ <li>SYSLOG\82É\83\8d\83O\82ð\8fo\97Í\82·\82é\8dÛ\82Ì\83t\83@\83V\83\8a\83e\83B\82ð\90Ý\92è\82·\82é\81B</li>\r
+ </ul>\r
+</ul>\r
+\r
+<p>\88È\8fã\82Ì\90Ý\92è\82ð\8fI\82¦\82Ä\82©\82ç\81A\83R\83\93\83p\83C\83\8b\82Æ\83C\83\93\83X\83g\81[\83\8b\82ð\8ds\82È\82¤\81B</p>\r
+\r
+<table><tr><td><pre>\r
+#make\r
+cc -DCONFIGFILE=\"/etc/opengatesrv.conf\" \r
+-DOPENGATEDIR=\"/opengate\" -DDENYDOC=\"deny.html\"\r
+-DDENYDOC=\"deny.html\" -DDENYDOCSSL=\"deny-ssl.html\"\r
+-----------------\r
+-----------------\r
+-----------------\r
+# make install\r
+</pre></td></tr></table>\r
+\r
+<h5>A.3.3
\94F
\8fØ
\83T
\81[
\83o
\82Ì
\90Ý
\92è<a name="opengate6" href="#opengate6" class="anchor">†</a></h5>
\r+\r
+<p>
\94F
\8fØ
\83T
\81[
\83o
\82Ì
\90Ý
\92è
\82É
\82Â
\82¢
\82Ä
\82Í
\81A<a href="#opengate5">A.3.2</a>
\82Å
\82 \82°
\82½
\81ACONFIGFILE
\82É
\82æ
\82Á
\82Ä
\90Ý
\92è
\82·
\82é
\82±
\82Æ
\82ª
\r+\89Â\94\\82Å\82 \82é\81B</p>\r
+<p>\90Ý\92è\82Ì\8fÚ\8d×\82É\82Â\82¢\82Ä\82Í\81A\90Ý\92è\83t\83@\83C\83\8b\81iopengatesrv.conf\81j\93à\82É\8bL\8fq\82³\82ê\82Ä\82¢\82é\81B</p>\r
+\r
+<div align="right"><a href="#opengate0">back</a> <a href="#top">top</a></div>\r
+\r
+<hr>\r
+<!-- Start:ipfw,ip6fw\82Ì\90Ý\92è -->\r
+<h3>B ipfw,ip6fw
\82Ì
\90Ý
\92è<a name="ipfw0" href="#ipfw0" class="anchor">†</a></h3>
\r+\r
+<ul>\r
+ <li class="list_num"><a href="#ipfw1">\83J\81[\83l\83\8b\82Ì\8dÄ\8d\\92z</a></li>\r
+ <li class="list_num"><a href="#ipfw2">ipfw\82Ì\90Ý\92è</a></li>\r
+ <li class="list_num"><a href="#ipfw3">ip6fw\82Ì\90Ý\92è</a></li>\r
+</ul>\r
+\r
+<!-- ************ 1 ************** -->\r
+<h4>B.1
\83J
\81[
\83l
\83\8b\82Ì
\8dÄ
\8d\
\92z<a name="ipfw1" href="#ipfw1" class="anchor">†</a></h4>
\r+\r
+<p>ipfw\82à\82µ\82\82Íip6fw\82ð\97\98\97p\82·\82é\82½\82ß\82É\82Í\81AFreeBSD\82Ì\83J\81[\83l\83\8b\82ð\8dÄ\8d\\92z\82·\82é\95K\97v\82ª\82 \82é\81BFreeBSD\83C\83\93\83X\83g\81[\83\8b\8e\9e\82É\r
+\83J\81[\83l\83\8b\93\99\82Ì\91S\82Ä\82Ì\83\\81[\83X\82ð\83C\83\93\83X\83g\81[\83\8b\82µ\82Ä\82¢\82È\82¯\82ê\82Î\82È\82ç\82È\82¢\81B</p>\r
+<p>\88È\89º\82Ì\83f\83B\83\8c\83N\83g\83\8a\82É\82¨\82¢\82Ä\81AOpengate\97p\82Ì\83J\81[\83l\83\8b\83I\83v\83V\83\87\83\93\82ð\8dì\90¬\82·\82é\81B</p>\r
+\r
+<table><tr><td><pre>\r
+# cd /usr/src/sys/i386/conf\r
+# cp GENERIC MYKERNEL\r
+</pre></td></tr></table>\r
+\r
+<p>\83R\83s\81[\82µ\82½\83J\81[\83l\83\8b\83I\83v\83V\83\87\83\93\82É\81A\8e\9f\82Ì\83I\83v\83V\83\87\83\93\82ð\92Ç\89Á\82·\82é\81B</p>\r
+\r
+<table><tr><td><pre>\r
+options IPDIVERT\r
+\r
+options IPFIREWALL\r
+options IPFIREWALL_FORWARD\r
+options IPFIREWALL_VERBOSE\r
+options IPFIREWALL_VERBOSE_LIMIT=100\r
+\r
+options IPV6FIREWALL\r
+options IPV6FIREWALL_VERBOSE\r
+options IPV6FIREWALL_VERBOSE_LIMIT=100\r
+\r
+options IPSEC\r
+options IPSEC_ESP\r
+options TCP_DROP_SYSFIN\r
+</pre></td></tr></table>\r
+\r
+<p>IPDIVERT\82É\82Â\82¢\82Ä\82Í\81AIPv4\82ÌNAT\82ð\97p\82¢\82é\8fê\8d\87\82É\95K\97v\82Å\82 \82é\81B\82Ü\82½\81A\83t\83@\83C\83A\83E\83H\81[\83\8b\82Ì\r
+\83\8d\83O\82ð\95K\97v\82Æ\82µ\82È\82¢\8fê\8d\87\82Í\81AVERBOSE\82Ì\8d\80\96Ú\82Í\95s\97v\82Å\82 \82é\81B\82³\82ç\82É\81AIPSEC\82ð\95K\97v\82Æ\82µ\82È\82¢\8fê\8d\87\82Í\81A\r
+IPSEC\82Ì\8d\80\96Ú\82Í\95s\97v\82Å\82 \82é\81B</p>\r
+<p>\82±\82ê\82ç\82Ì\83I\83v\83V\83\87\83\93\82ð\92Ç\89Á\82µ\82½\8cã\82É\81A\83J\81[\83l\83\8b\82Ì\83R\83\93\83p\83C\83\8b\82Æ\83C\83\93\83X\83g\81[\83\8b\82ð\8ds\82È\82¤\81B</p>\r
+\r
+<table><tr><td><pre>\r
+# config MYKERNEL\r
+# cd ../compile/MYKERNEL\r
+# make depend\r
+# make\r
+# make install\r
+</pre></td></tr></table>\r
+\r
+<p>FreeBSD 6.x\82Å\82Í\81A"make depend"\82ð\8eÀ\8ds\82·\82é\91O\82É\81A"make clean"\82ª\97v\8b\81\82³\82ê\82é\8fê\8d\87\82à\82 \82é\82Ì\82Å\81A\92\8d\88Ó\82·\82é\81B</p>\r
+\r
+<p>\8dÄ\8d\\92z\82µ\82½\83J\81[\83l\83\8b\82É\82æ\82Á\82Ä\81A\83t\83@\83C\83A\83E\83H\81[\83\8b\82ð\97L\8cø\82É\82·\82é\82½\82ß\82É/etc/rc.conf\82É\88È\89º\82Ì\83I\83v\83V\83\87\83\93\82ð\r
+\8bL\8fq\82·\82é\81B</p>\r
+\r
+<table><tr><td><pre>\r
+firewall_enable="YES"\r
+firewall_script="/etc/rc.firewall"\r
+\r
+ipv6_firewall_enable="YES"\r
+ipv6_firewall_script="/etc/rc.firewall6"\r
+\r
+natd_enable="YES"\r
+natd_interface="em0"\r
+</pre></td></tr></table>\r
+\r
+<p>IPv4/6\82»\82ê\82¼\82ê\82Ì\83t\83@\83C\83A\83E\83H\81[\83\8b\82ð\97L\8cø\82É\82µ\81A\82»\82ê\82¼\82ê\82Ì\83t\83@\83C\83A\83E\83H\81[\83\8b\82Ì\83\8b\81[\83\8b\82ð\8bL\8fq\82µ\82½\r
+\83X\83N\83\8a\83v\83g\82ð\8ew\92è\82·\82é\81B\82Ü\82½\81ANAT\82ª\95K\97v\82Å\82 \82é\8fê\8d\87\82Í\81Anatd\82ð\97L\8cø\82É\82µ\81A\83A\83h\83\8c\83X\95Ï\8a·\82ð\8ds\82¤\r
+\83C\83\93\83^\83t\83F\81[\83X\82ÌID\82ð\8ew\92è\82·\82é\81B</p>\r
+\r
+<div align="right"><a href="#ipfw0">back</a> <a href="#top">top</a></div>\r
+\r
+<!-- ************ 2 ************** -->\r
+<h4>B.2 ipfw
\82Ì
\90Ý
\92è<a name="ipfw2" href="#ipfw2" class="anchor">†</a></h4>
\r+\r
+<p>Opengate\82Ì\93®\8dì\82Ì\82½\82ß\82É\93K\90Ø\82É\83t\83@\83C\83A\83E\83H\81[\83\8b\82Ì\83\8b\81[\83\8b\82ð\8bL\8fq\82µ\82È\82¯\82ê\82Î\82È\82ç\82È\82¢\81B\r
+\88È\89º\82É\8bL\8fq\82·\82×\82«\83\8b\81[\83\8b\82Ì\97á\81i/etc/rc.firewall\81j\82ð\8e¦\82·\81B</p>\r
+\r
+<table><tr><td><pre>\r
+### set these to your outside interface network and netmask and ip\r
+oif="em0"\r
+onet="192.168.0.0"\r
+omask="255.255.255.0"\r
+oip="192.168.0.34"\r
+\r
+### set these to your inside interface network and netmask and ip\r
+iif="bge0"\r
+inet="192.168.55.0"\r
+imask="255.255.255.0"\r
+iip="192.168.55.1"\r
+\r
+fwcmd="/sbin/ipfw"\r
+\r
+### divert packet to NATD \r
+$fwcmd add 1 divert natd ip from any to any via ${oif}\r
+\r
+### Stop spoofing\r
+$fwcmd add deny all from ${inet}:${imask} to any in via ${oif}\r
+$fwcmd add deny all from ${onet}:${omask} to any in via ${iif}\r
+\r
+### Stop http from softeather\r
+$fwcmd add deny tcp from 192.168.0.0:255.255.255.0 to ${oip} 80\r
+$fwcmd add deny tcp from 192.168.0.0:255.255.255.0 to ${oip} 443\r
+\r
+### Allow from / to myself\r
+$fwcmd add pass all from ${iip} to any via ${iif}\r
+$fwcmd add pass all from ${oip} to any via ${oif}\r
+$fwcmd add pass all from any to ${iip} via ${iif}\r
+$fwcmd add pass all from any to ${oip} via ${oif}\r
+\r
+### Allow DNS queries out in the world\r
+### (if DNS is on localhost, delete passDNS)\r
+$fwcmd add pass udp from any 53 to any\r
+$fwcmd add pass udp from any to any 53\r
+$fwcmd add pass tcp from any to any 53\r
+$fwcmd add pass tcp from any 53 to any\r
+\r
+### Forwarding http connection from unauth client \r
+$fwcmd add 60000 fwd localhost tcp from ${inet}:${imask} to any 80\r
+$fwcmd add 60010 fwd localhost tcp from ${inet}:${imask} to any 443\r
+\r
+### Allow TCP through if setup succeeded \r
+$fwcmd add 60100 pass tcp from any to any established\r
+</pre></td></tr></table>\r
+\r
+<p>Opengate\82ð\93®\8dì\82³\82¹\82é\8dÛ\81A\83\8b\81[\83\8b\94Ô\8d\8660000,60010,60100\82ª\8fd\97v\82Æ\82È\82é\81B\94F\8fØ\83y\81[\83W\82ð\r
+\95\\8e¦\82³\82¹\82é\82½\82ß\82É\81AHTTP,HTTPS\83\8a\83N\83G\83X\83g\82ÍOpengate\82ÌWeb\83T\81[\83o\82É\93]\91\97\82µ\82È\82¯\82ê\82Î\82È\82ç\82È\82¢\81B\r
+\82\8d\82½\81A\8aù\82É\8am\97§\82³\82ê\82Ä\82¢\82éTCP\90Ú\91±\82É\8aÖ\82µ\82Ä\82Í\81AOpengate\82É\82æ\82é\92Ê\90M\98H\95Â\8d½\8cã\82à\97\98\97p\89Â\94\\82Æ\82·\82é\82½\82ß\81A\r
+60100\82Ì\83\8b\81[\83\8b\82ð\92Ç\89Á\82·\82é\81B</p>\r
+\r
+<p>\88È\8fã\81A\8e¦\82µ\82½\97á\82ÍOpengate\82ð\93®\8dì\82³\82¹\82é\82½\82ß\82Ì\90Ý\92è\97á\82Å\82 \82é\81B\8eÀ\8dÛ\82ÉOpengate\82ð\93±\93ü\82·\82é\8dÛ\82É\82Í\81A\r
+ipfw\82Ì\93®\8dì\82ð\8fn\92m\82µ\82½\8fã\81A\8ae\8eí\83l\83b\83g\83\8f\81[\83N\82É\93K\82µ\82½\83t\83@\83C\83A\83E\83H\81[\83\8b\82ð\90Ý\92u\82·\82é\82±\82Æ\82ª\96]\82Ü\82µ\82¢\81B</p>\r
+\r
+<div align="right"><a href="#ipfw0">back</a> <a href="#top">top</a></div>\r
+\r
+<!-- ************ 3 ************** -->\r
+<h4>B.3 ip6fw
\82Ì
\90Ý
\92è<a name="ipfw3" href="#ipfw3" class="anchor">†</a></h4>
\r+\r
+<p>Opengate\82Ì\93®\8dì\82Ì\82½\82ß\82É\93K\90Ø\82É\83t\83@\83C\83A\83E\83H\81[\83\8b\82Ì\83\8b\81[\83\8b\82ð\8bL\8fq\82µ\82È\82¯\82ê\82Î\82È\82ç\82È\82¢\81B\r
+\88È\89º\82É\8bL\8fq\82·\82×\82«\83\8b\81[\83\8b\82Ì\97á\81i/etc/rc.firewall6\81j\82ð\8e¦\82·\81B</p>\r
+\r
+<table><tr><td><pre>\r
+### set these to your outside interface network and prefixlen and ip\r
+oif="em0"\r
+onet="2001:e38:3661:1a0::"\r
+oprefixlen="64"\r
+oip="2001:e38:3661:1a0::34"\r
+\r
+### set these to your inside interface network and prefixlen and ip\r
+iif="bge0"\r
+inet="2001:e38:3661:1a5::"\r
+iprefixlen="64"\r
+iip="2001:e38:3661:1a5::1"\r
+\r
+### path to command "ip6fw"\r
+fw6cmd="/sbin/ip6fw"\r
+\r
+${fw6cmd} add pass all from ${iip} to any\r
+${fw6cmd} add pass all from any to ${iip}\r
+${fw6cmd} add pass all from ${oip} to any\r
+${fw6cmd} add pass all from any to ${oip}\r
+\r
+### Allow RA RS NS NA Redirect...\r
+${fw6cmd} add pass ipv6-icmp from any to any\r
+\r
+# Allow IP fragments to pass through\r
+${fw6cmd} add pass all from any to any frag\r
+\r
+# Allow RIPng\r
+${fw6cmd} add pass udp from fe80::/10 521 to ff02::9 521\r
+${fw6cmd} add pass udp from fe80::/10 521 to fe80::/10 521\r
+\r
+### Allow TCP through if setup succeeded\r
+${fw6cmd} add 60100 pass tcp from any to any established\r
+\r
+# TCP reset notice message\r
+${fw6cmd} add 60200 reset tcp from any to any 80\r
+${fw6cmd} add 60300 reset tcp from any to any 443\r
+</pre></td></tr></table>\r
+\r
+<p>ip6fw\82Í\81Aipfw\82Æ\82Í\88Ù\82È\82è\93]\91\97\82ð\8ds\82¤\82±\82Æ\82ª\82Å\82«\82È\82¢\81B\82»\82±\82Å\81AOpengate\82Å\82Í\r
+IPv6\82ÌHTTP\83\8a\83N\83G\83X\83g\82ª\83^\83C\83\80\83A\83E\83g\82µ\81AIPv4\82ÌHTTP\83\8a\83N\83G\83X\83g\82ð\93]\91\97\82µ\81A\94F\8fØ\r
+\82ð\8ds\82¤\8ed\91g\82Ý\82ð\82Æ\82Á\82Ä\82¢\82é\81B\82½\82¾\82µ\81AFreeBSD 5.2\88È\8d~\82Å\82Í\81Aip6fw\82ÅTCP reset\82ª\r
+\8eÀ\91\95\82³\82ê\82Ä\82¨\82è\81AIPv6 TCP\83p\83P\83b\83g\82É\91Î\82µ\82Ä\93\9e\92B\95s\94\\83\81\83b\83Z\81[\83W\82ð\95Ô\82·\82±\82Æ\82ª\89Â\94\\82Å\r
+\82 \82é\81B\83\8b\81[\83\8b\94Ô\8d\8660200,60300\82Ì\82æ\82¤\82É\81ATCP reset\82ð\97\98\97p\82·\82é\82±\82Æ\82É\82æ\82Á\82Ä\81AIPv6 HTTP\r
+\83\8a\83N\83G\83X\83g\82ª\83^\83C\83\80\83A\83E\83g\82·\82é\82Ü\82Å\82Ì\8e\9e\8aÔ\82ð\91Ò\82Â\95K\97v\82ª\82È\82\82È\82é\81B</p>\r
+\r
+<p>\82Ü\82½\81AIPv6\82Å\82ÍDHCP\82Ì\91Ö\82í\82è\82ÉRA\82É\82æ\82Á\82ÄIPv6\83A\83h\83\8c\83X\82ð\8e©\93®\90¶\90¬\82µ\81A\8co\98H\8fî\95ñ\r
+\92Ê\92m\83f\81[\83\82\83\93\82È\82Ç\81AICMP\82â\82»\82Ì\91¼\82Ì\83v\83\8d\83g\83R\83\8b\82Ì\88µ\82¢\82É\8bC\82ð\82Â\82¯\82È\82¯\82ê\82Î\82È\82ç\82È\82¢\81B\r
+ipfw\82Æ\93¯\97l\82É\81Aip6fw\82É\82Â\82¢\82Ä\82à\93®\8dì\82ð\8fn\92m\82µ\82½\8fã\82Å\81A\8ae\8eí\83l\83b\83g\83\8f\81[\83N\82É\93K\82µ\82½\r
+\83t\83@\83C\83A\83E\83H\81[\83\8b\82ð\90Ý\92u\82·\82é\82±\82Æ\82ª\96]\82Ü\82µ\82¢\81B</p>\r
+\r
+<div align="right"><a href="#ipfw0">back</a> <a href="#top">top</a></div>\r
+\r
+<hr>\r
+<!-- Start:Apache2\82Ì\83C\83\93\83X\83g\81[\83\8b -->\r
+<h3>C Apache2
\82Ì
\83C
\83\93\83X
\83g
\81[
\83\8b<a name="apache0" href="#apache0" class="anchor">†</a></h3>
\r+<ul>\r
+ <li class="list_num"><a href="#apache1">\83C\83\93\83X\83g\81[\83\8b\81iports\81j</a></li>\r
+ <li class="list_num"><a href="#apache2">\83C\83\93\83X\83g\81[\83\8b\81i\83\\81[\83X\81j</a></li>\r
+ <li class="list_num"><a href="#apache3">\94é\96§\8c®\81A\8fØ\96¾\8f\91\82Ì\8dì\90¬</a></li>\r
+ <li class="list_num"><a href="#apache4">\83o\81[\83`\83\83\83\8b\83z\83X\83g\82Ì\90Ý\92è</a></li>\r
+ <li class="list_num"><a href="#apache5">HTTP_ERROR 404\82Ö\82Ì\91Î\89\9e</a></li>\r
+</ul>\r
+\r
+<!-- ************ 1 ************** -->\r
+<h4>C.1
\83C
\83\93\83X
\83g
\81[
\83\8b\81iports
\81j<a name="apache1" href="#apache1" class="anchor">†</a></h4>
\r+\r
+<p>Opengate\82Å\82Í\81AIPv6\82ð\83T\83|\81[\83g\82µ\82½Apache2\82ª\95K\90{\82Å\82 \82é\81B\82Ü\82½\81A\94F\8fØ\82ð\8ds\82¤\82±\82Æ\82©\82ç\r
+SSL\82ð\83T\83|\81[\83g\82·\82é\82±\82Æ\82ª\96]\82Ü\82µ\82¢\81BApache2\82Í\95W\8f\80\82ÅSSL\82ð\83T\83|\81[\83g\82µ\82Ä\82¢\82é\82Ì\82Å\81Amod_ssl\r
+\82ð\95Ê\93r\83C\83\93\83X\83g\81[\83\8b\82·\82é\95K\97v\82Í\82È\82¢\81B</p>\r
+<p>\88È\89º\82É\81Aports\82ð\97\98\97p\82µ\82Ä\83C\83\93\83X\83g\81[\83\8b\82·\82é\8eè\8f\87\82ð\88È\89º\82É\8bL\82·\81B</p>\r
+\r
+<table><tr><td><pre>\r
+# cd /usr/ports/www/apache2\r
+# make clean\r
+===> Cleaning for autoconf-2.53_1\r
+===> Cleaning for libtool-1.3.5_1\r
+===> Cleaning for m4-1.4_1\r
+===> Cleaning for help2man-1.29\r
+===> Cleaning for expat-1.95.6_1\r
+===> Cleaning for apache-2.0.48_3\r
+# make install clean ; rehash\r
+</pre></td></tr></table>\r
+\r
+<p>\83C\83\93\83X\83g\81[\83\8b\8dì\8bÆ\82ª\8a®\97¹\82µ\82½\8cã\81AApache2\82Ì\8bN\93®\82ÆSSL\82ð\97L\8cø\82É\82·\82é\82½\82ß\82É\81A\r
+\88È\89º\82Ì\8d\80\96Ú\82ð/etc/rc.conf\82É\8bL\8fq\82·\82é\81B</p>\r
+\r
+<table><tr><td><pre>\r
+apache2_enable="YES"\r
+apache2ssl_enable="YES"\r
+</pre></td></tr></table>\r
+\r
+\r
+<div align="right"><a href="#apache0">back</a> <a href="#top">top</a></div>\r
+\r
+<!-- ************ 2 ************** -->\r
+<h4>C.2
\83C
\83\93\83X
\83g
\81[
\83\8b\81i
\83\
\81[
\83X
\81j<a name="apache2" href="#apache2" class="anchor">†</a></h4>
\r+\r
+<p>Apache2\82ð\83\\81[\83X\82©\82ç\83C\83\93\83X\83g\81[\83\8b\82·\82é\8eè\8f\87\82ð\88È\89º\82É\8bL\82·\81B</p>\r
+<p>Apache2\82Ì\83\\81[\83X\82Í\81Aftp.apache.or.jp\93\99\82©\82ç\8eæ\93¾\82·\82é\82±\82Æ\82ª\89Â\94\\82Å\82 \82é\81B\82Ü\82½\81A\r
+Apache2\82ð\83R\83\93\83p\83C\83\8b\82·\82é\8dÛ\82É\81ASSL\83\82\83W\83\85\81[\83\8b\82ð\97L\8cø\82É\82·\82é\95K\97v\82ª\82 \82é\81B\82Ü\82½\81A\r
+\83\\81[\83X\82©\82ç\83C\83\93\83X\83g\81[\83\8b\82µ\82½\8dÛ\82Í\81A\95W\8f\80\82Å/usr/local/apache2\83f\83B\83\8c\83N\83g\83\8a\88È\89º\82É\83C\83\93\83X\83g\81[\83\8b\82³\82ê\82é\81B</p>\r
+\r
+<table><tr><td><pre>\r
+# tar xvfz httpd-2.0.55.tar.gz\r
+# cd httpd-2.0.55\r
+# ./configure --enable-modules="so ssl"\r
+# make\r
+# make install\r
+</pre></td></tr></table>\r
+\r
+<div align="right"><a href="#apache0">back</a> <a href="#top">top</a></div>\r
+\r
+<!-- ************ 3 ************** -->\r
+<h4>C.3
\94é
\96§
\8c®
\81A
\8fØ
\96¾
\8f\91\82Ì
\8dì
\90¬<a name="apache3" href="#apache3" class="anchor">†</a></h4>
\r+\r
+<p>Apache2\82Å\81ASSL\82ð\97\98\97p\82·\82é\82½\82ß\82É\94é\96§\8c®\82Æ\8fØ\96¾\8f\91\82ð\97p\88Ó\82·\82é\95K\97v\82ª\82 \82é\81B\90³\8bK\82Ì\94F\8fØ\8bÇ\82©\82ç\r
+\94\8ds\82³\82ê\82½\8fØ\96¾\8f\91\82ð\97p\88Ó\82·\82é\82±\82Æ\82ª\96]\82Ü\82µ\82¢\82ª\81A\8e©\8cÈ\8f\90\96¼\82ð\8ds\82Á\82½\8fØ\96¾\8f\91\82Æ\94é\96§\8c®\82Å\82à\8f\\95ª\82É\r
+\83Z\83L\83\85\83\8a\83e\83B\82ð\8am\95Û\82·\82é\82±\82Æ\82ª\89Â\94\\82Å\82 \82é\81B</p>\r
+\r
+<p>Opengate\82Å\82Í\81A\93ñ\82Â\82ÌFQDN\82ð\97\98\97p\82·\82é\82±\82Æ\82©\82ç\81A\82»\82ê\82¼\82ê\82ÌFQDN\82É\91Î\89\9e\82·\82é\8fØ\96¾\8f\91\82Æ\r
+\94é\96§\8c®\82ª\95K\97v\82Æ\82È\82é\81B\88È\89º\82É\81A\94é\96§\8c®\82Æ\8fØ\96¾\8f\91\82ð\8dì\90¬\82·\82é\8eè\8f\87\82ð\8e¦\82·\81B</p>\r
+\r
+<table><tr><td><pre>\r
+# cd /usr/local/etc/apache2\r
+# mkdir ssl.key ssl.crt\r
+# chmod 700 ssl.key ssl.crt\r
+\r
+# /usr/bin/openssl genrsa -out /usr/local/etc/apache2/ssl.key/server1.key 1024\r
+# /usr/bin/openssl genrsa -out /usr/local/etc/apache2/ssl.key/server2.key 1024\r
+</pre></td></tr></table>\r
+\r
+<p>\8fã\8bL\82É\82¨\82¢\82Ä\8dì\90¬\82µ\82½\94é\96§\8c®\82ð\97p\82¢\82Ä\8f\90\96¼\82µ\82½\8fØ\96¾\8f\91\82ð\8dì\90¬\82·\82é\81B</p>\r
+\r
+<table><tr><td><pre>\r
+# /usr/bin/openssl req -new -x509 -days 365 \\r
+ -key /usr/local/etc/apache2/ssl.key/server1.key \\r
+ -out /usr/local/etc/apache2/ssl.crt/server1.crt\r
+\r
+You are about to be asked to enter information that will be incorporated\r
+into your certificate request.\r
+What you are about to enter is what is called a Distinguished Name or a DN.\r
+There are quite a few fields but you can leave some blank\r
+For some fields there will be a default value,\r
+If you enter '.', the field will be left blank.\r
+-----\r
+Country Name (2 letter code) [AU]:JP\r
+State or Province Name (full name) [Some-State]:Saga\r
+Locality Name (eg, city) []:Saga-city\r
+Organization Name (eg, company) [Internet Widgits Pty Ltd]:Saga-university\r
+Organizational Unit Name (eg, subsection) []:Information Science\r
+Common Name (eg, YOUR name) []:opengate.is.saga-u.ac.jp\r
+Email Address []:administrator@opengate.is.saga-u.ac.jp\r
+\r
+Please enter the following 'extra' attributes\r
+to be sent with your certificate request\r
+A challenge password []:\r
+An optional company name []:\r
+\r
+# /usr/bin/openssl req -new -x509 -days 365 \\r
+ -key /usr/local/etc/apache2/ssl.key/server2.key \\r
+ -out /usr/local/etc/apache2/ssl.crt/server2.crt\r
+\r
+You are about to be asked to enter information that will be incorporated\r
+into your certificate request.\r
+What you are about to enter is what is called a Distinguished Name or a DN.\r
+There are quite a few fields but you can leave some blank\r
+For some fields there will be a default value,\r
+If you enter '.', the field will be left blank.\r
+-----\r
+Country Name (2 letter code) [AU]:JP\r
+State or Province Name (full name) [Some-State]:Saga\r
+Locality Name (eg, city) []:Saga-city\r
+Organization Name (eg, company) [Internet Widgits Pty Ltd]:Saga-university\r
+Organizational Unit Name (eg, subsection) []:Information Science\r
+Common Name (eg, YOUR name) []:opengate4.is.saga-u.ac.jp\r
+Email Address []:administrator@opengate.is.saga-u.ac.jp\r
+\r
+Please enter the following 'extra' attributes\r
+to be sent with your certificate request\r
+A challenge password []:\r
+An optional company name []:\r
+</pre></td></tr></table>\r
+\r
+<div align="right"><a href="#apache0">back</a> <a href="#top">top</a></div>\r
+\r
+<!-- ************ 4 ************** -->\r
+<h4>C.4
\83o
\81[
\83`
\83\83\83\8b\83z
\83X
\83g
\82Ì
\90Ý
\92è<a name="apache4" href="#apache4" class="anchor">†</a></h4>
\r+\r
+<p>Opengate\82Å\82Í\81A\93ñ\82Â\82ÌFQDN\82ð\97p\82¢\82é\81B\82±\82ê\82æ\82è\81AApache2\82Å\82Í\93ñ\82Â\82ÌFQDN\82É\91Î\89\9e\82·\82é\82½\82ß\82É\r
+\83o\81[\83`\83\83\83\8b\83z\83X\83g\82Ì\90Ý\92è\82ð\8ds\82¤\95K\97v\82ª\82 \82é\81B</p>\r
+<p>Apache2\82Ì\83o\81[\83`\83\83\83\8b\83z\83X\83g\82É\82Í\81AIP\83x\81[\83X\82Ì\83o\81[\83`\83\83\83\8b\83z\83X\83g\82Æ\81A\83l\81[\83\80\83x\81[\83X\82Ì\83o\81[\83`\83\83\83\8b\r
+\83z\83X\83g\82Ì\93ñ\8eí\97Þ\82ª\82 \82é\81B\82µ\82©\82µ\81A\83l\81[\83\80\83x\81[\83X\82Ì\83o\81[\83`\83\83\83\8b\83z\83X\83g\82ð\97p\82¢\82½\8fê\8d\87\81A\90æ\8fq\82µ\82½\r
+\83o\81[\83`\83\83\83\8b\83z\83X\83g\82É\82Â\82¢\82Ä\82µ\82©SSL\8f\88\97\9d\82ð\8ds\82¤\82±\82Æ\82ª\82Å\82«\82È\82¢\81B</p>\r
+<p>Opengate\82Í\81A\93ñ\82Â\88È\8fã\82ÌNIC\82ð\8f\8a\8e\9d\82µ\81A\93ñ\82Â\88È\8fã\82ÌIP\83A\83h\83\8c\83X\82ð\8f\8a\8e\9d\82µ\82Ä\82¢\82é\82Ì\82Í\82¸\82È\82Ì\82Å\81A\r
+IP\83x\81[\83X\82Ì\83o\81[\83`\83\83\83\8b\83z\83X\83g\82ª\93K\97p\89Â\94\\82Å\82 \82é\81B</p>\r
+\r
+<p>\88È\89º\82É\81AIP\83x\81[\83X\82Ì\83o\81[\83`\83\83\83\8b\83z\83X\83g\82ð\93K\97p\82µ\82½\8fê\8d\87\82Ì\90Ý\92è\97á\r
+\81i/usr/local/etc/httpd.conf,ssl.conf\81j</p>\r
+\r
+<table><tr><td>httpd.conf</td></tr><tr><td><pre>\r
+NameVirtualHost 192.168.55.1:80\r
+<VirtualHost 192.168.55.1:80>\r
+ ServerAdmin administrator@opengate.is.saga-u.ac.jp\r
+ DocumentRoot /usr/local/www\r
+ ServerName opengate.is.saga-u.ac.jp\r
+ ErrorLog "|/usr/bin/logger -p local6.info"\r
+ CustomLog "|/usr/bin/logger -p local5.info" combined\r
+</VirtualHost>\r
+\r
+NameVirtualHost [2001:e38:3661:1a5::1]:80\r
+<VirtualHost [2001:e38:3661:1a5::1]:80>\r
+ ServerAdmin administrator@opengate.is.saga-u.ac.jp\r
+ DocumentRoot /usr/local/www\r
+ ServerName opengate.is.saga-u.ac.jp\r
+ ErrorLog "|/usr/bin/logger -p local6.info"\r
+ CustomLog "|/usr/bin/logger -p local5.info" combined\r
+</VirtualHost>\r
+ \r
+NameVirtualHost 192.168.0.34:80\r
+<VirtualHost 192.168.0.34:80>\r
+ ServerAdmin administrator@opengate.is.saga-u.ac.jp\r
+ DocumentRoot /usr/local/www\r
+ ServerName opengate4.is.saga-u.ac.jp\r
+ ErrorLog "|/usr/bin/logger -p local6.info"\r
+ CustomLog "|/usr/bin/logger -p local5.info" combined\r
+</VirtualHost>\r
+</pre></td></tr></table>\r
+<br>\r
+<table><tr><td>ssl.conf</td></tr><tr><td><pre>\r
+NameVirtualHost 192.168.55.1:443\r
+<VirtualHost 192.168.55.1:443>\r
+ DocumentRoot "/usr/local/www"\r
+ ServerName opengate.is.saga-u.ac.jp:443\r
+ ServerAdmin administrator@opengate.is.saga-u.ac.jp\r
+ ErrorLog "|/usr/bin/logger -p local6.info"\r
+ CustomLog "|/usr/bin/logger -p local5.info" combined\r
+\r
+ SSLEngine on\r
+ SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL\r
+ SSLCertificateFile /usr/local/etc/apache2/ssl.crt/server1.crt\r
+ SSLCertificateKeyFile /usr/local/etc/apache2/ssl.key/server1.key\r
+</VirtualHost>\r
+\r
+NameVirtualHost [2001:e38:3661:1a5::1]:443\r
+<VirtualHost [2001:e38:3661:1a5::1]:443>\r
+ DocumentRoot "/usr/local/www"\r
+ ServerName opengate.is.saga-u.ac.jp:443\r
+ ServerAdmin administrator@opengate.is.saga-u.ac.jp\r
+ ErrorLog "|/usr/bin/logger -p local6.info"\r
+ CustomLog "|/usr/bin/logger -p local5.info" combined\r
+\r
+ SSLEngine on\r
+ SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL\r
+ SSLCertificateFile /usr/local/etc/apache2/ssl.crt/server1.crt\r
+ SSLCertificateKeyFile /usr/local/etc/apache2/ssl.key/server1.key\r
+</VirtualHost>\r
+\r
+NameVirtualHost 192.168.0.34:443\r
+<VirtualHost 192.168.0.34:443>\r
+ DocumentRoot "/usr/local/www"\r
+ ServerName opengate4.is.saga-u.ac.jp:443\r
+ ServerAdmin administrator@opengate.is.saga-u.ac.jp\r
+ ErrorLog "|/usr/bin/logger -p local6.info"\r
+ CustomLog "|/usr/bin/logger -p local5.info" combined\r
+\r
+ SSLEngine on\r
+ SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL\r
+ SSLCertificateFile /usr/local/etc/apache2/ssl.crt/server2.crt\r
+ SSLCertificateKeyFile /usr/local/etc/apache2/ssl.key/server2.key\r
+</VirtualHost>\r
+</pre></td></tr></table>\r
+\r
+<p>\8fã\8bL\82Ì\90Ý\92è\97á\82Í\81A\83o\81[\83`\83\83\83\8b\83z\83X\83g\82Ì\90Ý\92è\82Ì\82½\82ß\82Ì\83f\83B\83\8c\83N\83e\83B\83u\82Ì\82Ý\8bL\8fq\82µ\82Ä\82¢\82é\81B\r
+\82±\82Ì\91¼\82É\82à\91½\82\82Ì\8d\80\96Ú\82ð\90Ý\92è\82µ\82È\82¯\82ê\82Î\82È\82ç\82È\82¢\82Ì\82Å\81AApache2\82Ì\90Ý\92è\82ð\8fn\92m\82µ\82½\8fã\82Å\r
+\90Ý\92è\82·\82é\82±\82Æ\82ª\96]\82Ü\82µ\82¢\81B</p>\r
+\r
+<div align="right"><a href="#apache0">back</a> <a href="#top">top</a></div>\r
+\r
+<!-- ************ 5 ************** -->\r
+<h4>C.5 HTTP_ERROR 404
\82Ö
\82Ì
\91Î
\89\9e<a name="apache5" href="#apache5" class="anchor">†</a></h4>
\r+\r
+<p>Opengate\82Å\82Í\81A\97\98\97p\8eÒ\92[\96\96\82©\82ç\91\97\90M\82³\82ê\82Ä\82\82éHTTP\83\8a\83N\83G\83X\83g\82ð\81AOpengate\82ª\8e\9d\82Â\r
+Web\83T\81[\83o\82É\93]\91\97\82·\82é\82±\82Æ\82É\82æ\82Á\82Ä\81A\94F\8fØ\83y\81[\83W\82ð\92ñ\8b\9f\82µ\82Ä\82¢\82é\81B\82±\82Ì\82½\82ß\81A\97\98\97p\8eÒ\92[\96\96\r
+\82©\82ç\91\97\90M\82³\82ê\82Ä\82\82éHTTP\83\8a\83N\83G\83X\83g\82Í\97\\8aú\82·\82é\82±\82Æ\82ª\82Å\82«\82È\82¢\81B\82æ\82Á\82Ä\81A\82Ç\82Ì\82æ\82¤\82È\r
+HTTP\83\8a\83N\83G\83X\83g\82É\91Î\82µ\82Ä\82à\81A\94F\8fØ\83y\81[\83W\82ð\95Ô\82·\82½\82ß\82É\81A/usr/local/etc/httpd.conf\82É\r
+HTTP_ERROR 404\82ª\94\90¶\82µ\82½\8fê\8d\87\82É\81ADocumentRoot\82ð\95Ô\82·\82æ\82¤\82É\90Ý\92è\82·\82é\81B</p>\r
+\r
+<table><tr><td><pre>\r
+ErrorDocument 404 /\r
+</pre></td></tr></table>\r
+\r
+<div align="right"><a href="#apache0">back</a> <a href="#top">top</a></div>\r
+\r
+<hr>\r
+<!-- Start:isc-dhcp3\82Ì\83C\83\93\83X\83g\81[\83\8b -->\r
+<h3>D isc-dhcp3
\82Ì
\83C
\83\93\83X
\83g
\81[
\83\8b<a name="dhcp0" href="#dhcp0" class="anchor">†</a></h3>
\r+\r
+<ul>\r
+ <li class="list_num"><a href="#dhcp1">\83C\83\93\83X\83g\81[\83\8b\81iports\81j</a></li>\r
+ <li class="list_num"><a href="#dhcp2">DHCP\82Ì\90Ý\92è</a></li>\r
+</ul>\r
+\r
+<!-- *********** 1 ************* -->\r
+<h4>D.1
\83C
\83\93\83X
\83g
\81[
\83\8b\81iports
\81j<a name="dhcp1" href="#dhcp1" class="anchor">†</a></h4>
\r+\r
+<p>Opengate\82ð\93±\93ü\82·\82é\83l\83b\83g\83\8f\81[\83N\82Å\82Í\81A\97\98\97p\8eÒ\92[\96\96\82ª\95p\94É\82É\93ü\82ê\91Ö\82í\82é\82±\82Æ\82ª\97\\91ª\82Å\82«\82é\81B\r
+\82»\82±\82Å\81A\97l\81X\82È\97\98\97p\8eÒ\92[\96\96\82É\91Î\82µ\82Ä\8e©\93®\93I\82ÉIPv4\83A\83h\83\8c\83X\82ð\8a\84\82è\93\96\82Ä\82é\82±\82Æ\82ª\82Å\82«\82éDHCP\83T\81[\83o\82ð\r
+\93±\93ü\82·\82é\82±\82Æ\82ª\96]\82Ü\82µ\82¢\81B</p>\r
+<p>\88È\89º\82Éisc-dhcp3\82Ì\83C\83\93\83X\83g\81[\83\8b\8eè\8f\87\82ð\8bL\82·\81B</p>\r
+\r
+<table><tr><td><pre>\r
+# cd /usr/ports/net/isc-dhcp3-server\r
+# make\r
+===> Cleaning for isc-dhcp3-server-3.0.1.r14_3\r
+# make install clean ; rehash\r
+</pre></td></tr></table>\r
+\r
+<div align="right"><a href="#dhcp0">back</a> <a href="#top">top</a></div>\r
+\r
+<!-- ************ 2 ************** -->\r
+<h4>D.2 DHCP
\82Ì
\90Ý
\92è<a name="dhcp2" href="#dhcp2" class="anchor">†</a></h4>
\r+\r
+<p>\83C\83\93\83X\83g\81[\83\8b\8dì\8bÆ\82ª\8a®\97¹\82·\82é\82Æ\81A/usr/local/etc\88È\89º\82Édhcpd.conf.sample\82ª\90¶\90¬\82³\82ê\82Ä\82¢\82é\81B\r
+\93¯\83f\83B\83\8c\83N\83g\83\8a\82Édhcpd.conf\82Æ\82µ\82Ä\83R\83s\81[\82µ\81Adhcpd\97p\82Ì\90Ý\92è\83t\83@\83C\83\8b\82ð\8dì\90¬\82·\82é\81B</p>\r
+<p>\88È\89º\82É\81A\90Ý\92è\97á\82ð\8e¦\82·\81B</p>\r
+\r
+<table><tr><td><pre>\r
+option domain-name "ai.is.saga-u.ac.jp";\r
+option domain-name-servers 192.168.0.2;\r
+option subnet-mask 255.255.255.0;\r
+option broadcast-address 192.168.55.255;\r
+option routers 192.168.55.1;\r
+\r
+default-lease-time 600;\r
+max-lease-time 7200;\r
+ddns-update-style none;\r
+log-facility local7;\r
+\r
+subnet 192.168.55.0 netmask 255.255.255.0 {\r
+ range 192.168.55.100 192.168.55.200;\r
+}\r
+</pre></td></tr></table>\r
+\r
+<p>\82Ü\82½\81Adhcpd\82ð\8e©\93®\8bN\93®\82·\82é\82½\82ß\82É\81A/etc/rc.conf\82É\88È\89º\82Ì\8d\80\96Ú\82ð\8bL\8fq\82·\82é\81B</p>\r
+\r
+<table><tr><td><pre>\r
+dhcpd_enable="YES"\r
+dhcpd_ifaces="bge0"\r
+dhcpd_conf="/usr/local/etc/dhcpd.conf"\r
+</pre></td></tr></table>\r
+\r
+<p>dhcpd_ifaces\82É\82Â\82¢\82Ä\82Í\81Adhcp\82ð\91\97\90M\82·\82é\83C\83\93\83^\83t\83F\81[\83XID\82ð\8bL\8fq\82·\82é\81B</p>\r
+\r
+<div align="right"><a href="#dhcp0">back</a> <a href="#top">top</a></div>\r
+\r
+<hr>\r
+<!-- Start:BIND9\82Ì\83C\83\93\83X\83g\81[\83\8b -->\r
+<h3>E BIND9
\82Ì
\83C
\83\93\83X
\83g
\81[
\83\8b<a name="bind0" href="#bind0" class="anchor">†</a></h3>
\r+\r
+<ul>\r
+ <li class="list_num"><a href="#bind1">\83C\83\93\83X\83g\81[\83\8b\81iports\81j</a></li>\r
+ <li class="list_num"><a href="#bind2">\94F\8fØ\83L\81[\82Ì\8dì\90¬</a></li>\r
+ <li class="list_num"><a href="#bind3">named.conf\82Ì\90Ý\92è</a></li>\r
+ <li class="list_num"><a href="#bind4">zone\82Ì\90Ý\92è</a></li>\r
+ <li class="list_num"><a href="#bind5">\8bN\93®\8am\94F</a></li>\r
+</ul>\r
+\r
+<!-- ********** 1 *********** -->\r
+<h4>E.1
\83C
\83\93\83X
\83g
\81[
\83\8b\81iports
\81j<a name="bind1" href="#bind1" class="anchor">†</a></h4>
\r+\r
+<p>Opengate\82Ì\82½\82ß\82É\93ñ\82Â\82ÌFQDN\82ð\97p\88Ó\82µ\82È\82¯\82ê\82Î\82È\82ç\82È\82¢\81B\8aù\91¶\82ÌDNS\82ÉOpengate\97p\82Ì\r
+FQDN\82ð\93o\98^\82·\82é\82±\82Æ\82Å\82à\89ð\8c\88\82Å\82«\82é\81B\82µ\82©\82µ\81ANAT\82È\82Ç\82ð\97p\82¢\82Ä\83A\83h\83\8c\83X\95Ï\8a·\82ð\8ds\82¤\8fê\8d\87\82ð\r
+\8dl\82¦\82é\82Æ\81A\83v\83\89\83C\83x\81[\83g\83l\83b\83g\83\8f\81[\83N\82Ì\83A\83h\83\8c\83X\82ð\8aO\95\94\82ÌDNS\82É\93o\98^\82·\82é\82±\82Æ\82Í\96]\82Ü\82µ\82\82È\82¢\81B\r
+\82»\82±\82Å\81AOpengate\97p\82Ì\83}\83V\83\93\82ÉDNS\82ð\93±\93ü\82·\82é\82±\82Æ\82à\8dl\82¦\82ç\82ê\82é\81B</p>\r
+<p>\88È\89º\82É\81ABIDN9\82ð\83C\83\93\83X\83g\81[\83\8b\82·\82é\8eè\8f\87\82ð\8bL\82·\81B</p>\r
+\r
+<table><tr><td><pre>\r
+# cd /usr/ports/dns/bind9/\r
+# make clean\r
+===> Cleaning for bind9-9.3.1\r
+# make install clean ; rehash\r
+</pre></td></tr></table>\r
+\r
+<p>\83C\83\93\83X\83g\81[\83\8b\82ª\8a®\97¹\82·\82é\82Æ\81A/etc/namedb(/var/named/etc/namaedb)\88È\89º\82Ì\83f\83B\83\8c\83N\83g\83\8a\82É\r
+\8ae\8eí\90Ý\92è\83t\83@\83C\83\8b\82ª\90¶\90¬\82³\82ê\82é\81B</p>\r
+\r
+<div align="right"><a href="#bind0">back</a> <a href="#top">top</a></div>\r
+\r
+<!-- ********** 2 ********** -->\r
+<h4>E.2
\94F
\8fØ
\83L
\81[
\82Ì
\8dì
\90¬<a name="bind2" href="#bind2" class="anchor">†</a></h4>
\r+\r
+<p>BIND9\82Å\82Í\81A\83Z\83L\83\85\83\8a\83e\83B\82ð\8am\95Û\82·\82é\82½\82ß\82É\94F\8fØ\83L\81[\82ð\90Ý\92è\82µ\81Arndc\83R\83}\83\93\83h\82ð\97p\82¢\82Änamed\82ð\90§\8cä\82·\82é\81B</p>\r
+<p>\82»\82±\82Å\81A\82Ü\82¸\94F\8fØ\83L\81[\82Ì\8dì\90¬\82ð\8ds\82¤\81B\94F\8fØ\8b@\81[\82Ì\8dì\90¬\8eè\8f\87\82ð\88È\89º\82É\8e¦\82·\81B</p>\r
+\r
+<table><tr><td><pre>\r
+# /usr/local/sbin/dnssec-keygen -a hmac-md5 -b 512 -n user rndc\r
+</pre></td></tr></table>\r
+\r
+<p>\88È\8fã\82Ì\8dì\8bÆ\82É\82¨\82¢\82Ä\81A"out of entropy"\82Æ\82¢\82¤\83G\83\89\81[\82ª\94\90¶\82·\82é\8fê\8d\87\82Í\81A\8e\9f\82Ì\95û\96@\82Å\r
+\94F\8fØ\83L\81[\82ð\8dì\90¬\82·\82é\81B</p>\r
+\r
+<table><tr><td><pre>\r
+# /usr/local/sbin/dnssec-keygen -r /dev/urandom -a hmac-md5 -b 512 -n user rndc\r
+</pre></td></tr></table>\r
+\r
+<p>\94F\8fØ\83L\81[\82Ì\8dì\90¬\82É\90¬\8c÷\82·\82é\82Æ\81A\8e\9f\82Ì\93ñ\82Â\82Ì\83t\83@\83C\83\8b\82ª\90¶\90¬\82³\82ê\82é\81B\82½\82¾\82µ\81A\83t\83@\83C\83\8b\96¼\82É\r
+\8aÜ\82Ü\82ê\82é\90\94\8e\9a\82Í\83\89\83\93\83_\83\80\82É\90¶\90¬\82³\82ê\82é\81B</p>\r
+\r
+<ul>\r
+ <li><pre>Krndc.+157+60849.key</pre></li>\r
+ <li><pre>Krndc.+157+60849.private</pre></li>\r
+</ul>\r
+\r
+<p>BIND9\82Ì\83C\83\93\83X\83g\81[\83\8b\8cã\82É\81A/usr/local/etc/rndc.conf.sample\82Æ\82¢\82¤\83t\83@\83C\83\8b\82ª\90¶\90¬\82³\82ê\82Ä\82¢\82é\81B\r
+\82±\82Ì\83t\83@\83C\83\8b\82ð\83R\83s\81[\82µ\82Ä\81A/usr/local/etc/rndc.conf\82ð\8dì\90¬\82·\82é\81B</p>\r
+<p>\82»\82µ\82Ä\81Arndc.conf\82Ìkey\83f\83B\83\8c\83N\83e\83B\83u\82ð\95Ò\8fW\82·\82é\81Bkey\83f\83B\83\8c\83N\83e\83B\83u\82Å\82Í\81A\94F\8fØ\83L\81[\82Ì\r
+\83A\83\8b\83S\83\8a\83Y\83\80\82Æ\90¶\90¬\82µ\82½\94F\8fØ\83L\81[\82ð\8ew\92è\82µ\82È\82¯\82ê\82Î\82È\82ç\82È\82¢\81B\94F\8fØ\83L\81[\82Ísecret\82Ì\8d\80\96Ú\82É\8ew\92è\82·\82é\81B\r
+
\82Ü
\82½
\81A
\94F
\8fØ
\83L
\81[
\82Æ
\8b¤
\82É
\8dì
\90¬
\82µ
\82½<pre>Krndc.+157+60849.private</pre>
\82Ìkey
\8d\80\96Ú
\82É
\95\
\8e¦
\82³
\82ê
\82Ä
\r+\82¢\82é\82à\82Ì\82ð\8ew\92è\82·\82é\81B</p>\r
+\r
+<table><tr><td><pre>\r
+options {\r
+ default-server localhost;\r
+ default-key "key";\r
+};\r
+\r
+server localhost {\r
+ key "key";\r
+};\r
+\r
+key "key" {\r
+ algorithm hmac-md5;\r
+ secret "...";\r
+};\r
+</pre></td></tr></table>\r
+\r
+<p>\8d¡\89ñ\82ÌDNS\83T\81[\83o\82Í\81AOpengate\82ð\93±\93ü\82·\82é\83l\83b\83g\83\8f\81[\83N\82Ì\82Ý\82É\83T\81[\83r\83X\82ð\8ds\82¤\82à\82Ì\82Å\82 \82é\81B\82µ\82©\82µ\81A\r
+\90Ý\92è\83t\83@\83C\83\8b\82Ì\83p\81[\83~\83b\83V\83\87\83\93\82É\8f\\95ª\92\8d\88Ó\82µ\81A\94F\8fØ\83L\81[\82Ì\83t\83@\83C\83\8b\82Í\83T\81[\83o\8fã\82É\95Û\91¶\82¹\82¸\82É\81A\r
+\8dí\8f\9c\82à\82µ\82\82Í\83v\83\8a\83\93\83g\83A\83E\83g\82µ\82Ä\8cµ\8fd\82É\95Û\91¶\82·\82é\82±\82Æ\82ª\96]\82Ü\82µ\82¢\81B</p>\r
+\r
+<div align="right"><a href="#bind0">back</a> <a href="#top">top</a></div>\r
+\r
+<!-- ********* 3 ********* -->\r
+<h4>E.3 named.conf
\82Ì
\90Ý
\92è<a name="bind3" href="#bind3" class="anchor">†</a></h4>
\r+\r
+<p>named\82Ì\8eå\82È\93®\8dì\82ð\90§\8cä\82·\82é\82½\82ß\82Ì\90Ý\92è\83t\83@\83C\83\8b/etc/namedb/named.conf\82Ì\90Ý\92è\82ð\8ds\82¤\81B</p>\r
+<p>\82Ü\82¸\81A\94F\8fØ\83L\81[\82Ì\90Ý\92è\82Ì\82½\82ß\82Ékey\83f\83B\83\8c\83N\83e\83B\83u\82Ì\90Ý\92è\82ª\95K\97v\82Å\82 \82é\81B\91O\8fq\82µ\82½rndc.conf\82Ì\r
+key\83f\83B\83\8c\83N\83e\83B\83u\82Æ\93¯\97l\82Ì\90Ý\92è\82ð\82µ\82È\82¯\82ê\82Î\82È\82ç\82È\82¢\81B</p>\r
+\r
+<table><tr><td><pre>\r
+key "rndc_key" {\r
+ algorithm hmac-md5;\r
+ secret "...";\r
+};\r
+\r
+controls {\r
+ inet ::1 allow {\r
+ ::1;\r
+ }\r
+ keys {\r
+ "rndc_key";\r
+ };\r
+ inet 127.0.0.1 allow {\r
+ 127.0.0.1;\r
+ }\r
+ keys {\r
+ "rndc_key";\r
+ };\r
+};\r
+</pre></td></tr></table>\r
+\r
+<p>\82Ü\82½\81Akey\83f\83B\83\8c\83N\83e\83B\83u\82É\82Â\82¢\82Ä\82Í\95Ê\83t\83@\83C\83\8b\82É\8bL\8fq\82µ\81Anamed.conf\82Åinclude\r
+\82·\82é\82±\82Æ\82ª\96]\82Ü\82µ\82¢\81B\95Ê\83t\83@\83C\83\8b\82É\8bL\8fq\82·\82é\8fê\8d\87\82Í\81A\83p\81[\83~\83b\83V\83\87\83\93\82Ì\90Ý\92è\82æ\82Á\82Ä\82³\82ç\82É\r
+\83Z\83L\83\85\83\8a\83e\83B\82ð\8d\82\82ß\82é\82±\82Æ\82ª\89Â\94\\82Æ\82È\82é\81B</p>\r
+<p>\8e\9f\82É\81Aoptions\83f\83B\83\8c\83N\83e\83B\83u\82Ì\90Ý\92è\82ð\8ds\82¤\81B</p>\r
+\r
+<table><tr><td><pre>\r
+options {\r
+ directory "/etc/namedb";\r
+ pid-file "/var/run/named/named.pid";\r
+ auth-nxdomain yes;\r
+ listen-on-v6 { any; };\r
+};\r
+</pre></td></tr></table>\r
+\r
+<p>named.pid\83t\83@\83C\83\8b\82ð\92u\82\83f\83B\83\8c\83N\83g\83\8a\82Í\93K\93\96\82É\8dì\90¬\82·\82é\95K\97v\82ª\82 \82é\81B</p>\r
+\r
+<div align="right"><a href="#bind0">back</a> <a href="#top">top</a></div>\r
+\r
+<!-- ******** 4 ********* -->\r
+<h4>E.4 zone
\82Ì
\90Ý
\92è<a name="bind4" href="#bind4" class="anchor">†</a></h4>
\r+\r
+<p>Opengate\82Å\8aÇ\97\9d\82·\82é\83h\83\81\83C\83\93\82É\82Â\82¢\82Ä\90Ý\92è\82ð\8ds\82¤\81B\8ae\83h\83\81\83C\83\93\82Ínamed.conf\82Ìzone\83f\83B\83\8c\83N\83e\83B\83u\82É\r
+\82æ\82Á\82Ä\8aÇ\97\9d\82³\82ê\82é\81B\82Ü\82½\81ABIND9\82Å\82Íview\82Æ\82¢\82¤\83f\83B\83\8c\83N\83e\83B\83u\82ª\8eÀ\91\95\82³\82ê\82Ä\82¨\82è\81A\82±\82Ì\8eq\83f\83B\83\8c\83N\83e\83B\83u\82É\r
+zone\82Æ\82µ\82Ä\90Ý\92è\82·\82é\82±\82Æ\82É\82æ\82Á\82Ä\81ADNS\96â\82¢\8d\87\82í\82¹\8c³\82ÌIP\83A\83h\83\8c\83X\82â\83h\83\81\83C\83\93\82É\82æ\82Á\82Ä\95Ô\93\9a\82·\82ézone\82ð\r
+\95Ï\8dX\82·\82é\82±\82Æ\82ª\89Â\94\\82Æ\82È\82é\81B</p>\r
+\r
+<table><tr><td><pre>\r
+view "og" {\r
+ match-clients\r
+ {\r
+ 10.0.0.0/16;\r
+ };\r
+\r
+ recursion yes;\r
+\r
+ zone "." {\r
+ type hint;\r
+ file "named.root";\r
+ };\r
+\r
+ zone "og.saga-u.ac.jp" {\r
+ type master;\r
+ file "og.saga-u.ac.jp";\r
+ };\r
+\r
+ zone "0.0.127.IN-ADDR.ARPA" {\r
+ type master;\r
+ file "master/localhost.rev";\r
+ };\r
+\r
+ // RFC 3152\r
+ zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.\\r
+ 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA" {\r
+ type master;\r
+ file "master/localhost-v6.rev";\r
+ };\r
+\r
+ // RFC 1886 -- deprecated\r
+ zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.\\r
+ 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.INT" {\r
+ type master;\r
+ file "master/localhost-v6.rev";\r
+ };\r
+};\r
+</pre></td></tr></table>\r
+\r
+<p>\88È\8fã\82Ì\90Ý\92è\82É\82¨\82¢\82Ä\81A"og.saga-u.ac.jp"\82Æ\82¢\82¤zone\82ð\90Ý\92è\82µ\82½\81B\82±\82Ì\90Ý\92è\82É\82¨\82¢\82Ä\81A\r
+\83h\83\81\83C\83\93"og.saga-u.ac.jp"\82É\91®\82·\82é\83z\83X\83g\82ð\90Ý\92è\82µ\82½og.saga-u.ac.jp\82Æ\82¢\82¤\83t\83@\83C\83\8b\82ð\r
+\93Ç\82Ý\8d\9e\82Þ\82æ\82¤\82É\90Ý\92è\82µ\82Ä\82¢\82é\81B\82»\82±\82Å\81Aog.saga-u.ac.jp\82Æ\82¢\82¤\81A\8e\9f\82Ì\82æ\82¤\82È\83t\83@\83C\83\8b\82ð\r
+\97p\88Ó\82·\82é\81B</p>\r
+\r
+<table><tr><td><pre>\r
+$TTL 3600\r
+$ORIGIN og.saga-u.ac.jp.\r
+\r
+@ IN SOA ns.og.saga-u.ac.jp. postmaster (\r
+ 2005051702 ;\r
+ 3600\r
+ 1200\r
+ 2419200\r
+ 86400 )\r
+ IN NS ns.og.saga-u.ac.jp.\r
+ IN A 10.0.0.2\r
+ IN MX 10 opengate.og.saga-u.ac.jp.\r
+\r
+ns IN A 10.0.0.2\r
+\r
+opengate IN A 10.0.0.2\r
+ AAAA 2001:2f8:10:1::1\r
+\r
+opengate4 IN A 133.49.1.2\r
+</pre></td></tr></table>\r
+\r
+<div align="right"><a href="#bind0">back</a> <a href="#top">top</a></div>\r
+\r
+<!-- ********* 5 ********* -->\r
+<h4>E.5
\8bN
\93®
\8am
\94F<a name="bind5" href="#bind5" class="anchor">†</a></h4>
\r+\r
+<p>\88È\8fã\81A\91S\82Ä\82Ì\90Ý\92è\82ª\8a®\97¹\82µ\82½\8cã\82É\81A\8bN\93®\8am\94F\82ð\8ds\82¤\81B</p>\r
+\r
+<table><tr><td><pre>\r
+# /usr/local/sbin/named/ -u bind -c /etc/namedb/named.conf\r
+</pre></td></tr></table>\r
+\r
+<p>\88È\8fã\82ð\8eÀ\8ds\82µ\81A\96â\91è\82È\82named\82ª\8bN\93®\82µ\82Ä\82¢\82ê\82Î\90¬\8c÷\82Å\82 \82é\81B\8bN\93®\8am\94F\82Å\96â\91è\82ª\82È\82¯\82ê\82Î\81A\r
+/etc/rc.conf\82É\88È\89º\82Ì\8d\80\96Ú\82ð\8bL\8fq\82µ\81A\8e©\93®\8bN\93®\82·\82é\82æ\82¤\82É\90Ý\92è\82·\82é\81B</p>\r
+\r
+<table><tr><td><pre>\r
+named_enable="YES"\r
+named_program="/usr/local/sbin/named"\r
+named_flags="-u bind -c /etc/namedb/named.conf"\r
+</pre></td></tr></table>\r
+\r
+<p>DNS\83T\81[\83o\82Í\8aÇ\97\9d\82ª\95¡\8eG\82Å\82 \82é\82½\82ß\81A\82±\82Ì\91¼\82Ì\8e\91\97¿\82à\8eQ\8dl\82É\82µ\81A\83}\83j\83\85\83A\83\8b\82ð\r
+\8fn\93Ç\82µ\82½\8fã\82Å\90Ý\92è\82·\82é\82±\82Æ\82ª\96]\82Ü\82µ\82¢\81B</p>\r
+\r
+<div align="right"><a href="#bind0">back</a> <a href="#top">top</a></div>\r
+<hr>\r
+</body>\r
+</html>
\ No newline at end of file
--- /dev/null
+\r
+body {\r
+ width : 800px;\r
+ margin-left:30px;\r
+}\r
+\r
+p {\r
+ text-indent : 10px;\r
+}\r
+\r
+table {\r
+ border-style : solid;\r
+ border-bottom-color : #CCCCCC;\r
+ border-width : thin;\r
+ width : 90%;\r
+ border-spacing : 10px;\r
+}\r
+\r
+.anchor {\r
+ font-size : xx-small;\r
+ vertical-align : super;\r
+}\r
+\r
+.list_alpha {\r
+ list-style-type : upper-alpha;\r
+}\r
+.list_num {\r
+ list-style : decimal;\r
+}\r
+\r
+.list_none {\r
+ list-style : none;\r
+ font-weight : bold;\r
+}\r
+\r
<title>Flow of Opengate</title>
</head>
-<body bgcolor=#FAFFF0>
+<BODY>
+
+<body bgcolor=#BBEECC>
<H3>Flow of Opengate</H3>
<LI>
An user on the client machine accesses to some URL such as
- [eg., http://www.some.site/ or http://www.some.site/some/path]
+ [eg., http://www.some.site/ or http://www.some.site/some/path].
+(Suppose that some URL has an IPv6 address and an IPv4 address.)
+
+<LI>
+The client machine gives priority to IPv6 HTTP and use it. But
+ip6fw is all clesed. IPv6 HTTP is timeout.
+
+<LI>
+The client machine retry to access with IPv4 HTTP.
<LI>
Ipfw in gateway checks the packet passing though the gateway. For
<LI>
To remove the misunderstanding, the /index.html jumps to full URL
description of gateway as [META HTTP-EQUIV="Refresh" CONTENT="0;
-URL=http://192.168.0.1/opengate/en/index.html"]
+URL=http://opengate4.saga-u.ac.jp/cgi-bin/opengateauth.cgi?en"] with IPv4 HTTP.
+
+<P>("opengate4.saga-u.ac.jp" has only IPv4 address. "opengate.saga-u.ac.jp" has both
+an IPv6 address and an IPv4 address.)</P>
<LI>
-The returned page /opengate/en/index.html is the authentication request page.
+The returned page is the authentication request page.
The browser understands the site of this page correctly.
+Then authentiaction CGI put IPv4 address with hidden tag in authentication request page.
<LI>
The user enters userid and password to this page, and clicks button to
call Opengate CGI [FORM METHOD="POST"
-ACTION="/cgi-bin/opengate/opengatesrv.cgi"].
+ACTION="http://opengate.saga-u.ac.jp/cgi-bin/opengate/opengatesrv.cgi"] with IPv6 HTTP.
<LI>
The CGI starts and processes the following.
<LI>
-CGI gets the userid[eg., user1 or user1@id1], password, IP
-address[eg., 192.168.0.111], and MAC address.
+CGI gets the userid[eg., user1 or user1@id1], password, IPv4 address[eg., 192.168.0.111]
+from POST data, and gets IPv6 address[eg., 2001:e38:10::111] from "REMOTE_ADDR".
+And CGI gets MAC address from NDP or ARP.
<LI>
CGI reads configuration file[opengatesrv.conf] and gets the
CGI sends userid[user1] and password to the authentication server.
<LI>
-After passing the authentication, CGI inserts firewall rule before the
+After passing the authentication, CGI inserts IPv4 firewall rule before the
forward rule [ipfw add 10000 allow ip from 192.168.0.111 to any] and
-[ipfw add 10000 allow ip from any to 192.168.0.111]. The rules
+[ipfw add 10000 allow ip from any to 192.168.0.111], and inserts IPv6 firewall
+rule [ip6fw add 10000 allow ipv6 from 2001:e38:10::111 to any] and
+[ip6fw add 10000 allow ipv6 from any to 2001:e38:10::111]. The rules
indicate the pass of packet to/from the client. At the insertion, CGI
searchs an unused rule number[eg., 10000] and uses. The perl script
can be modified, if more flexible ipfw control is desired.
<LI>
CGI reports to syslog that the firewall is opened
-[Jun 16 19:14:11 ... OPEN: user user1 from 192.168.0.111...].
+[Jun 16 19:14:11 ... START: user user1 use IPv6 and IPv4 at 00:00:00:00:00:00],
+[Jun 16 19:14:11 ... OPEN: user user1 from 192.168.0.111...] and
+[Jun 16 19:14:11 ... OPEN: user user1 from 2001:e38:10::111].
<LI>
CGI reads reply page file [accept.html], inserts specific information
If no reply in HELLOWAITTIMEOUT seconds, CGI removes the firewall rule and terminates.
<LI>
-CGI gets number of passed packets for inserted rule from firewall
-[ipfw -a list 10000] every ACTIVECHECKINTERVAL seconds. If the packet
+CGI gets number of passed packets for inserted rule from IPv4 and IPv6 firewall
+[ipfw -a list 10000], [ip6fw -a list 10000] every ACTIVECHECKINTERVAL seconds. If the packet
count does not increase in NOPACKETINTERVAL seconds, CGI removes the
firewall rule and terminates.
<LI>
-At termination, CGI reports to syslog the filewall close [Jun 16
-22:11:55 ... CLOS: user user1 from 192.168.0.111...].
+At termination, CGI reports to syslog the filewall close
+[Jun 16 22:11:55 ... CLOS: user user1 from 192.168.0.111...],
+[Jun 16 22:11:55 ... CLOS: user user1 from 2001:e38:10::111...] and
+[Jun 16 22:11:55 ... END: user user1 at 00:00:00:00:00:00].
</OL>
Authentication Protocol
-User--|--userTerminal--|------GatewayMachine -------------------|Authentication|
- server
+User--|--userTerminal--|------GatewayMachine --------------------------|Authentication|
+ server
- (WWWbrowser) (ipfw)
- ------->|--------------------------------------------->|
- AnyURL | connect (WWWserver) |
- |<----------------------|<---------------------|
- | WebPage | IP Forward :
+ (WWWbrowser) (ipfw) (ip6fw)
+ AnyURL IPv6 HTTP Timeout
+ ------->|-----------------------------------------------------|------->|
+ | IPv4 HTTP (Retry) | |
+ |---------------------------------------------------->| |
+ | connect (WWWserver) | |
+ |<----------------------|<----------------------------| |
+ | WebPage | IP Forward : :
+ | HTML Refresh(IPv4) |
+ --------|---------------------->| Authentication CGI
+ | IPv4 Address in | put IPv4 address in hidden tag
+ | Authentication HTML |
+ |<----------------------|
| |
---->| |
userID | |
---->| |
passwd | |
- ---->| |
-SendBtn |---------------------->| (CGI)
- |<userID>,<passwd> |-------->| request (arp)
- | |<userID> |--------->|
- | |<passwd> |<---------|
- | |<address>| reply
- | | | (Auth server)
- | | | AuthRequest :
- | | |---------------------->|
- | | |<----------------------|
- | | | AuthReply :
- | | | (ipfw)
- | | | :
- | | |------------->|
- | | | add rule |
- | | (fork) |
- | | | | |
- | | |(set timer) |
- | | |(listen) |
- |<----------------------|<--------| | |
- | WebPage (include JavaApplet) # | |
- | : | |
- | (Applet) | |
- |--->| <userID> | |
- : |----------------------------->| |
- |<-----------------------------| |
- | "accept" | |
- | | |
- | "hello" | request log|
- Network |<---------------------------- |----------->| (Periodic Check)
- Use |----------------------------->|<-----------|
- | "hello" | log list |
- | | |
- ---------->|----------------------------->|----------->|
- Kill Web | close | del rule |
- # # :
+ ---->| POST(IPv6) |
+SendBtn |---------------------->|
+ |<userID>,<passwd> | (CGI)
+ |<IPv4 address>(hidden) |------------->| request (arp or ndp)
+ | | <userID>|--------->|
+ | | <passwd>|<---------|
+ | | <MAC address>| reply :
+ | |<IPv6 address>|IPv6 address form "REMOTE_ADDR"
+ | |<IPv4 address>|IPv4 address form POST data
+ | | | (Auth server)
+ | | | AuthRequest :
+ | | |---------------------------->|
+ | | |<----------------------------|
+ | | | AuthReply :
+ | | | (ipfw) (ip6fw)
+ | | | : :
+ | | |------------->| |
+ | | | add rule | |
+ | | |---------------------->|
+ | | | add rule | |
+ | | (fork) | |
+ | | | | | |
+ | | |(set timer) | |
+ | | |(listen) | |
+ |<----------------------|<-------------| | | |
+ | WebPage (include JavaApplet) # | | |
+ | : | | |
+ | (Applet) | | |
+ |--->| <userID> | | |
+ : |---------------------------------->| | |
+ |<----------------------------------| | |
+ | "accept" | | |
+ | | | |
+ | "hello" | request log| |
+ Network |<--------------------------------- |----------->| |
+ Use | (Priodec Check) | | |
+ |---------------------------------->|<-----------| |
+ | "hello" | log list | |
+ | | (ndp) | |
+ | IPv6 address check |---->| | |
+ | |<----| | |
+ | Add new IPv6 address|-------------------->|
+ | | add rule | |
+ | Del expired IPv6 address|-------------------->|
+ | | del rule | |
+ ---------->|---------------------------------->|----------->| |
+ Kill Web | close | del rule | |
+ | |-------------------->|
+ | | del rule | |
+ # # : :
-<html>\r
-<head>\r
-<title>Opengate Q & A</title>\r
-</head>\r
-\r
-<body bgcolor=#FAFFF0>\r
-\r
-<H3>Opengate Q & A</H3>\r
-\r
-Concept\r
-<UL>\r
-<LI>\r
-Why is the authentication needed?\r
-\r
-<BLOCKQUOTE>\r
-There are many incidents such as computer cracking or copyright infringement in the network. The organization might be caughted by many troubles caused by such incidents. In these cases, it is needed to identify the related person. The other reason is the restriction required by payment or aim of the network\r
-</BLOCKQUOTE>\r
-\r
-<LI>Why don't you use the authentication function inherent in the terminal?\r
-\r
-<BLOCKQUOTE>\r
-Unified system can depend on such function. But it cannot be applied to the open network envoronment where various hardwares and users are connected with various formats, such as wireless connection of his/her own portable PC.\r
-</BLOCKQUOTE>\r
-\r
-<LI>\r
-Why do you try to authenticate at client site? Is the authentication at server site essential? \r
-\r
-<BLOCKQUOTE>\r
-Yes it is essential. But to prevent trouble occured by unknown user of your site, authentication and usage log systems are required.\r
-</BLOCKQUOTE>\r
-\r
-<LI>\r
-Why does the target include open-use terminal that is settled by the organization for open usage? It can be protected by the system software.\r
-\r
-<BLOCKQUOTE>\r
-It is difficult for network control section to maintain many terminals distributed in wide campus. Moreover there are already various terminals settled by various sections. Some do not have such function and some are leaved with no control.\r
-</BLOCKQUOTE>\r
-\r
-<LI>\r
-Why don't you use the log obtained at gateway or firewall?\r
-\r
-<BLOCKQUOTE>\r
-The log does not include user identification.\r
-</BLOCKQUOTE>\r
-\r
-<LI>\r
-What is the merit compared with the identification by MAC address.\r
-\r
-<BLOCKQUOTE>\r
-The cost might be large to maitain the matching between user and MAC address.\r
-</BLOCKQUOTE>\r
-\r
-<LI>\r
-What is the merit compared with various authentication systems for network usage proposed recently.\r
-<BLOCKQUOTE>\r
-The merits of Opengate are as follows. Wide applicability about terminals, such as its hardware, software, management and connection. Minimum cost for user guidance and management. Easy implementation to existing network. Quick open at start usage and quick close at stop usage.\r
-</BLOCKQUOTE>\r
-\r
-<LI>\r
-Is there any other application of the system?\r
-<BLOCKQUOTE>\r
-For example, it might be used as the gateway from intra-net to extra-net or the contrary.\r
-</BLOCKQUOTE>\r
-\r
-<LI>\r
-What to do for No Java terminals?\r
-<BLOCKQUOTE>\r
-The no Java user can enters the usage duraion in auth page. To cope with hijacking and notting, the connection state is checked periodically by ARP command and packet count passing the firewall. The user can also close the network by clicking the TERMINATE link in accept page.\r
-\r
-</BLOCKQUOTE>\r
-\r
-\r
-</UL>\r
-\r
-\r
-Usage\r
-<UL>\r
-<LI>\r
-Is the system compatible with wireless LAN?\r
-\r
-<BLOCKQUOTE>\r
-Yes. But do not use the host station having NAT.\r
-</BLOCKQUOTE>\r
-\r
-<LI>\r
-Can the system coexists with NAT or DHCP.\r
-\r
-<BLOCKQUOTE>\r
-Yes. But do not insert NAT between the server and client.\r
-</BLOCKQUOTE>\r
-\r
-<LI>\r
-Can the MAC address be obtained? \r
-<BLOCKQUOTE>\r
-Yes. But the address is restricted to the one aquired from server on ethernet.\r
-</BLOCKQUOTE>\r
-\r
-<LI>\r
-I want to supply some services without authentication, or I do not want to supply some services even after authentication.\r
-\r
-<BLOCKQUOTE>\r
-The both can be realized by firewall rule set.\r
-</BLOCKQUOTE>\r
-\r
-<LI>\r
-I want to separate the commission range by the user rank.\r
-\r
-<BLOCKQUOTE>\r
-Firewall can be controled by Perl script. If the user rank is discriminated with userID pattern, authentication server, or IP address, it might be done. The function is added in Ver.0.80.\r
-</BLOCKQUOTE>\r
-\r
-<LI>\r
-I want manage temporal users.\r
-\r
-<BLOCKQUOTE>\r
-It is needed to register to an authentication server. As the system comminucates with plural servers, you can make specific server for temporal users and maintain it.\r
-</BLOCKQUOTE>\r
-\r
-<LI>\r
-Can the password secret be maintained?\r
-\r
-<BLOCKQUOTE>\r
-Yes. Communication between client and opengate server can be protected by SSL. Communication between opengate server and authentication server can be protected by secure auth protocol.We implement pop3s, radius, and pam(which supports many secure protocols). \r
-</BLOCKQUOTE>\r
-\r
-<LI>\r
-How are the scalability and performance?\r
-\r
-<BLOCKQUOTE>\r
-We are using the system in environments including active 50 or above terminals. \r
-</BLOCKQUOTE>\r
-\r
-</UL>\r
-Installation and Development\r
-<UL>\r
-<LI>\r
-I meet bugs on installation.\r
-\r
-<BLOCKQUOTE>\r
-See other document.\r
-</BLOCKQUOTE>\r
-\r
-<LI>\r
-Am I permited to use, modify or distribute the program? \r
-\r
-<BLOCKQUOTE>\r
-Yes it is permitted under GPL.\r
-</BLOCKQUOTE>\r
-\r
-<LI>\r
-Can I modify the web page design.\r
-\r
-<BLOCKQUOTE>\r
-As the web pages are described in html files, it is easy to modify the design.\r
-</BLOCKQUOTE>\r
-\r
-\r
-<LI>\r
-Can I avoid atacks such as IP spoofing or DoS(Denial of Service)?\r
-\r
-<BLOCKQUOTE>\r
-IP spoofing has no merit, because the system permits the address from which user information sended. DoS can be avoided, because each client uses different port in the system. \r
-</BLOCKQUOTE>\r
-\r
-<LI>\r
-Why the archive file is disorder?\r
-\r
-<BLOCKQUOTE>\r
-Sorry. I am trying to order.\r
-</BLOCKQUOTE>\r
-\r
-<LI>\r
-Can the server run on other OSs than FreeBSD.\r
-\r
-<BLOCKQUOTE>\r
-No. The system uses ipfw command which is specific to FreeBSD. The ipchains command in Linux can be used instead of ipwf.\r
-</BLOCKQUOTE>\r
-\r
-<LI>\r
-It is not smart that many processes resident. Can these be integrated to one process?\r
-\r
-<BLOCKQUOTE>\r
-Yes. But in the present version, we take priority on simplicity of program. \r
-</BLOCKQUOTE>\r
-\r
-\r
-<LI>\r
-Is the system compatible with IPv6?\r
-\r
-<BLOCKQUOTE>\r
-It might be realized by controlling both ipfw and ip6fw. But, in ipv4/IPv6 dual stack state, it is not so easy to get all IP addresses for the requested terminal. Thus, it is not yet programmed.\r
-\r
-For the present, following method might be the solution, though there is a restriction. Modify the ipfw control script opengatefw.pl as to allow IPv6 packet from/to the requested terminal's MAC address. The method can be used when the gateway and the terminal stay in the same ethernet link.\r
-</BLOCKQUOTE>\r
-\r
-</UL>\r
-</BODY>\r
-</HTML>\r
+<html>
+<head>
+<title>Opengate Q & A</title>
+</head>
+
+<BODY>
+
+<body bgcolor=#BBEECC>
+
+<H3>Opengate Q & A</H3>
+
+Concept
+<UL>
+<LI>
+Why is the authentication needed?
+
+<BLOCKQUOTE>
+There are many incidents such as computer cracking or copyright infringement in the network. The organization might be caughted by many troubles caused by such incidents. In these cases, it is needed to identify the related person. The other reason is the restriction required by payment or aim of the network
+</BLOCKQUOTE>
+
+<LI>Why don't you use the authentication function inherent in the terminal?
+
+<BLOCKQUOTE>
+Unified system can depend on such function. But it cannot be applied to the open network envoronment where various hardwares and users are connected with various formats, such as wireless connection of his/her own portable PC.
+</BLOCKQUOTE>
+
+<LI>
+Why do you try to authenticate at client site? Is the authentication at server site essential?
+
+<BLOCKQUOTE>
+Yes it is essential. But to prevent trouble occured by unknown user of your site, authentication and usage log systems are required.
+</BLOCKQUOTE>
+
+<LI>
+Why does the target include open-use terminal that is settled by the organization for open usage? It can be protected by the system software.
+
+<BLOCKQUOTE>
+It is difficult for network control section to maintain many terminals distributed in wide campus. Moreover there are already various terminals settled by various sections. Some do not have such function and some are leaved with no control.
+</BLOCKQUOTE>
+
+<LI>
+Why don't you use the log obtained at gateway or firewall?
+
+<BLOCKQUOTE>
+The log does not include user identification.
+</BLOCKQUOTE>
+
+<LI>
+What is the merit compared with the identification by MAC address.
+
+<BLOCKQUOTE>
+The cost might be large to maitain the matching between user and MAC address.
+</BLOCKQUOTE>
+
+<LI>
+What is the merit compared with various authentication systems for network usage proposed recently.
+<BLOCKQUOTE>
+The merits of Opengate are as follows. Wide applicability about terminals, such as its hardware, software, management and connection. Minimum cost for user guidance and management. Easy implementation to existing network. Quick open at start usage and quick close at stop usage.
+</BLOCKQUOTE>
+
+<LI>
+Is there any other application of the system?
+<BLOCKQUOTE>
+For example, it might be used as the gateway from intra-net to extra-net or the contrary.
+</BLOCKQUOTE>
+
+<LI>
+What to do for No Java terminals?
+<BLOCKQUOTE>
+The no Java user can enters the usage duraion in auth page. To cope with hijacking and notting, the connection state is checked periodically by ARP command and packet count passing the firewall. The user can also close the network by clicking the TERMINATE link in accept page.
+
+</BLOCKQUOTE>
+
+
+</UL>
+
+
+Usage
+<UL>
+<LI>
+Is the system compatible with wireless LAN?
+
+<BLOCKQUOTE>
+Yes. But do not use the host station having NAT.
+</BLOCKQUOTE>
+
+<LI>
+Can the system coexists with NAT or DHCP.
+
+<BLOCKQUOTE>
+Yes. But do not insert NAT between the server and client.
+</BLOCKQUOTE>
+
+<LI>
+Can the MAC address be obtained?
+<BLOCKQUOTE>
+Yes. But the address is restricted to the one aquired from server on ethernet.
+</BLOCKQUOTE>
+
+<LI>
+I want to supply some services without authentication, or I do not want to supply some services even after authentication.
+
+<BLOCKQUOTE>
+The both can be realized by firewall rule set.
+</BLOCKQUOTE>
+
+<LI>
+I want to separate the commission range by the user rank.
+
+<BLOCKQUOTE>
+Firewall can be controled by Perl script. If the user rank is discriminated with userID pattern, authentication server, or IP address, it might be done. The function is added in Ver.0.80.
+</BLOCKQUOTE>
+
+<LI>
+I want manage temporal users.
+
+<BLOCKQUOTE>
+It is needed to register to an authentication server. As the system comminucates with plural servers, you can make specific server for temporal users and maintain it.
+</BLOCKQUOTE>
+
+<LI>
+Can the password secret be maintained?
+
+<BLOCKQUOTE>
+Yes. Communication between client and opengate server can be protected by SSL. Communication between opengate server and authentication server can be protected by secure auth protocol.We implement pop3s, radius, and pam(which supports many secure protocols).
+</BLOCKQUOTE>
+
+<LI>
+How are the scalability and performance?
+
+<BLOCKQUOTE>
+We are using the system in environments including active 50 or above terminals.
+</BLOCKQUOTE>
+
+</UL>
+Installation and Development
+<UL>
+<LI>
+I meet bugs on installation.
+
+<BLOCKQUOTE>
+See other document.
+</BLOCKQUOTE>
+
+<LI>
+Am I permited to use, modify or distribute the program?
+
+<BLOCKQUOTE>
+Yes it is permitted under GPL.
+</BLOCKQUOTE>
+
+<LI>
+Can I modify the web page design.
+
+<BLOCKQUOTE>
+As the web pages are described in html files, it is easy to modify the design.
+</BLOCKQUOTE>
+
+
+<LI>
+Can I avoid atacks such as IP spoofing or DoS(Denial of Service)?
+
+<BLOCKQUOTE>
+IP spoofing has no merit, because the system permits the address from which user information sended. DoS can be avoided, because each client uses different port in the system.
+</BLOCKQUOTE>
+
+<LI>
+Why the archive file is disorder?
+
+<BLOCKQUOTE>
+Sorry. I am trying to order.
+</BLOCKQUOTE>
+
+<LI>
+Can the server run on other OSs than FreeBSD.
+
+<BLOCKQUOTE>
+No. The system uses ipfw command which is specific to FreeBSD. The ipchains command in Linux can be used instead of ipwf.
+</BLOCKQUOTE>
+
+<LI>
+It is not smart that many processes resident. Can these be integrated to one process?
+
+<BLOCKQUOTE>
+Yes. But in the present version, we take priority on simplicity of program.
+</BLOCKQUOTE>
+
+
+<LI>
+Is the system compatible with IPv6?
+
+<BLOCKQUOTE>
+It might be realized by controlling both ipfw and ip6fw. But, in ipv4/IPv6 dual stack state, it is not so easy to get all IP addresses for the requested terminal. Thus, it is not yet programmed.
+
+For the present, following method might be the solution, though there is a restriction. Modify the ipfw control script opengatefw.pl as to allow IPv6 packet from/to the requested terminal's MAC address. The method can be used when the gateway and the terminal stay in the same ethernet link.
+</BLOCKQUOTE>
+
+</UL>
+</BODY>
+</HTML>
-<html LANG="jp">\r
-<head>\r
-<META HTTP-EQUIV="Content-Type" CONTENT="text/html;charset=Shift_JIS">\r
-\r
-<title>Opengate Q & A</title>\r
-</head>\r
-\r
-<body bgcolor=#FAFFF0>\r
-\r
-<H3>Opengate Q & A</H3>\r
-\r
-\88Ó\8b`\r
-<UL>\r
-<LI>\r
-\82»\82à\82»\82à\89½\8cÌ\94F\8fØ\82È\82Ç\82ª\95K\97v\82È\82Ì\82Å\82·\82©\81B\92N\82Å\82à\83l\83b\83g\83\8f\81[\83N\82ª\8eg\82¦\82Ä\97Ç\82¢\82Å\82Í\82È\82¢\82Å\82·\82©\81B\r
-\r
-<BLOCKQUOTE>\r
-\8ae\83l\83b\83g\83\8f\81[\83N\82Í\81A\82»\82Ì\90Ý\92u\8eï\8e|\82Æ\8co\94ï\95\89\92S\82É\8f]\82Á\82½\97\98\97p\82ª\8b\81\82ß\82ç\82ê\82Ü\82·\81B\8c\88\82µ\82Ä\8e©\97R\97\98\97p\82ª\91O\92ñ\82Å\82Í\82 \82è\82Ü\82¹\82ñ\81B\82³\82ç\82É\81A\83C\83\93\83^\81[\83l\83b\83g\8fã\82Å\82Í\81A\94îæ\8e\92\86\8f\9d\82â\8d¼\8b\\81A\95s\90³\83A\83^\83b\83N\93\99\82Ì\94½\8eÐ\89ï\93I\8ds\93®\82ª\94\90¶\82µ\82Ä\82¢\82Ü\82·\81B\91g\90D\82Æ\82µ\82Ä\82Í\82»\82Ì\82æ\82¤\82È\8ds\93®\82ð\8d\\90¬\88õ\82É\8bN\82±\82µ\82Ä\97~\82µ\82\82 \82è\82Ü\82¹\82ñ\81B\8ae\8e©\82ª\90Ó\94C\82ð\8e\9d\82Á\82Ä\8ds\93®\82µ\82Ä\82¢\82½\82¾\82\82½\82ß\82Ì\88ê\82Â\82Ì\95û\96@\82Æ\82µ\82Ä\96{\83V\83X\83e\83\80\82ª\82 \82è\82Ü\82·\81B\r
-</BLOCKQUOTE>\r
-\r
-<LI>\r
-\92[\96\96\82ÌOS\82É\95t\90\8f\82·\82é\94F\8fØ\82ð\97\98\97p\82·\82é\82Ì\82Å\82Í\83_\83\81\82È\82Ì\82Å\82·\82©\81B\r
-\r
-<BLOCKQUOTE>\r
-\93\9d\88ê\82µ\82½PC\8aÂ\8b«\82Ì\8d\\92z\82Æ\88Û\8e\9d\82ª\89Â\94\\82È\83V\83X\83e\83\80\82Ì\8fê\8d\87\82É\82Í\81A\92[\96\96OS\82Ì\94F\8fØ\83V\83X\83e\83\80\82ð\97\98\97p\82µ\82½\95û\82ª\97Ç\82¢\82Æ\8ev\82¢\82Ü\82·\81B\82µ\82©\82µ\95s\93Á\92è\91½\90\94\82ª\95s\93Á\92è\8b@\8aí\82ð\90Ú\91±\82·\82é\82æ\82¤\82È\8aÂ\8b«\82Å\82Í\8b@\94\\82µ\82Ü\82¹\82ñ\81B\r
-</BLOCKQUOTE>\r
-\r
-<LI>\r
-\83A\83N\83Z\83X\82³\82ê\82é\91¤\82Ì\83T\81[\83o\82ª\8ae\8e©\82Å\94í\8aQ\82ð\8eó\82¯\82È\82¢\82æ\82¤\82É\81A\94F\8fØ\82»\82Ì\91¼\82Ì\83Z\83L\83\85\83\8a\83e\83B\95Û\8e\9d\82ð\8ds\82¤\82±\82Æ\82ª\96{\97\88\82Å\82Í\82È\82¢\82Å\82·\82©\81B\r
-\r
-<BLOCKQUOTE>\r
-\82»\82ê\82à\95K\97v\82Å\82µ\82å\82¤\81B\82µ\82©\82µ\91å\8aw\82Ì\82æ\82¤\82É\91½\90\94\82Ì\91½\97l\82È\90l\8aÔ\82ª\94ä\8ar\93I\8e©\97R\82É\97\98\97p\82Å\82«\82é\83l\83b\83g\83\8f\81[\83N\8aÂ\8b«\82ð\92ñ\8b\9f\82µ\82Ä\82¢\82é\91g\90D\82Å\82Í\81A\8aO\95\94\82É\91Î\82µ\82Ä\97l\81X\82È\83g\83\89\83u\83\8b\82ð\8bN\82±\82µ\8bê\8fî\82ª\8añ\82¹\82ç\82ê\82é\89Â\94\\90«\82ª\8d\82\82\82È\82è\82Ü\82·\81B\82»\82Ì\90Ó\94C\82Í\83g\83\89\83u\83\8b\8c´\88ö\82ð\8dì\82Á\82½\96{\90l\82É\8eæ\82Á\82Ä\82¢\82½\82¾\82\95K\97v\82ª\82 \82è\82Ü\82·\81B\82Ü\82½\81A\83l\83b\83g\83\8f\81[\83N\97\98\97p\82É\82Í\81A\82»\82Ì\96Ú\93I\82É\8d\87\82Á\82½\97\98\97p\8eÒ\82Ì\90§\8cÀ\82ª\82 \82é\82±\82Æ\82ª\92Ê\8fí\82¾\82Æ\8ev\82¢\82Ü\82·\81B\82æ\82Á\82Ä\83A\83N\83Z\83X\82·\82é\91¤\82Å\82Ì\94F\8fØ\82à\95K\97v\82Æ\8dl\82¦\82Ü\82·\81B\r
-</BLOCKQUOTE>\r
-\r
-<LI>\r
-\89½\8cÌ\81A\8cö\8aJ\8cÅ\92è\92[\96\96\82Æ\8fî\95ñ\83R\83\93\83Z\83\93\83g\82Ì\97¼\95û\82ð\91Î\8fÛ\82Æ\82·\82é\95K\97v\82ª\82 \82é\82Ì\82Å\82·\82©\81B\r
-\8cö\8aJ\8cÅ\92è\92[\96\96\82Í\92[\96\96OS\82Ì\94F\8fØ\82ª\89Â\94\\82Å\82Í\82È\82¢\82Å\82·\82©\81B\r
-\r
-<BLOCKQUOTE>\r
-\91S\82Ä\82Ì\8cö\8aJ\8cÅ\92è\92[\96\96\82ð\83l\83b\83g\83\8f\81[\83N\8aÇ\97\9d\95\94\96å\82ª\93\9d\88ê\93I\82É\94z\92u\82µ\81A\82»\82Ì\83n\81[\83h\83E\83F\83A\82ð\95s\90³\91\80\8dì\82©\82ç\8eç\82ê\82é\8fó\8bµ\82ª\89Â\94\\82Å\82 \82ê\82Î\82»\82ê\82Å\82à\97Ç\82¢\82Æ\8ev\82¢\82Ü\82·\81B\82µ\82©\82µ\8c»\8eÀ\93I\82É\82Í\8ag\8eU\82µ\82½\8cö\8aJ\8fê\8f\8a\82Ö\91½\90\94\94z\92u\82·\82é\82±\82Æ\82ª\91½\82\81A\97l\81X\82È\8d¢\93ï\82ª\94º\82¢\82Ü\82·\81B\82Ü\82½\8aù\82É\94z\92u\82³\82ê\82½\94F\8fØ\8b@\94\\82Ì\96³\82¢\92[\96\96\82â\95s\8f\\95ª\82È\8aÇ\97\9d\89º\82Ì\92[\96\96\82ª\90\94\91½\82\82 \82è\82Ü\82·\81B\82±\82ê\82ç\82É\82à\91Î\89\9e\82·\82é\95K\97v\82ª\82 \82è\82Ü\82·\81B\r
-</BLOCKQUOTE>\r
-\r
-<LI>\r
-\83\8b\81[\83^\82â\83t\83@\83C\83A\83E\83I\81[\83\8b\93\99\81A\92Ê\89ß\93_\82Å\82Ì\8bL\98^\8eæ\93¾\82Å\82Í\82¢\82¯\82È\82¢\82Ì\82Å\82·\82©\81B\r
-<BLOCKQUOTE>\r
-\82±\82Ì\8bL\98^\82Å\82ÍIP\83A\83h\83\8c\83X\82Í\95ª\82©\82è\82Ü\82·\81B\82µ\82©\82µ\95s\93Á\92è\91½\90\94\82ª\8fo\93ü\82è\82·\82é\8fê\8f\8a\82Ì\8fê\8d\87\82Í\92N\82ª\97\98\97p\82µ\82½\82Ì\82©\95ª\82©\82è\82Ü\82¹\82ñ\81B\97\98\97p\8eÒ\82ª\93Á\92è\82Å\82«\82é\95\94\89®\82Ì\8fê\8d\87\82Í\82±\82Ì\82æ\82¤\82È\8bL\98^\82Å\82à\97Ç\82¢\82Å\82µ\82å\82¤\81B\r
-</BLOCKQUOTE>\r
-\r
-<LI>\r
-MAC\83A\83h\83\8c\83X\82Å\8cÂ\90l\8e¯\95Ê\82ð\82·\82é\95û\8e®\82à\82 \82é\82æ\82¤\82Å\82·\82ª\81B\r
-<BLOCKQUOTE>\r
-Opengate\82Í\8cÂ\90l\8e¯\95Ê\82ð\83\86\81[\83UID\82Æ\83p\83X\83\8f\81[\83h\82Å\8ds\82Á\82Ä\82¢\82Ü\82·\81B\82±\82Ì\94F\8fØ\93ü\97Í\82Ì\91ã\82í\82è\82ÉMAC\83A\83h\83\8c\83X\82ð\8eg\82¤\82±\82Æ\82Í\89Â\94\\82Å\82µ\82å\82¤\81B<BR>\r
-\82µ\82©\82µMAC\83A\83h\83\8c\83X\82ð\97\98\97p\82·\82é\95û\8e®\82Í\81AMAC\83A\83h\83\8c\83X\82Æ\82»\82Ì\8f\8a\97L\8eÒ\82Æ\82Ì\8aÖ\8cW\82ð\91O\82à\82Á\82Ä\93o\98^\82·\82é\95K\97v\82ª\82 \82è\82Ü\82·\81B\82Ü\82½\8b@\8aí\8f÷\93n\81E\94p\8aü\82Ì\8dÛ\82É\93o\98^\8fÁ\8b\8e\81A\8b@\8aí\8dX\90V\82Ì\8dÛ\82É\93o\98^\8dX\90V\82ð\8ds\82¤\95K\97v\82ª\82 \82è\82Ü\82·\82ª\81A\97\98\97p\8eÒ\82É\93o\98^\8fÁ\8b\8e\82ð\97ã\8ds\82³\82¹\82é\82Ì\82Í\93ï\82µ\82¢\82Æ\8ev\82í\82ê\82Ü\82·\81B\82±\82ê\82ç\82Ì\89^\97p\8fã\82Ì\96â\91è\93_\82ð\89ð\8c\88\82µ\82È\82¯\82ê\82Î\82È\82è\82Ü\82¹\82ñ\81B\82Ü\82½MAC\83A\83h\83\8c\83X\82Í\83C\81[\83T\83l\83b\83g\90Ú\91±\92[\96\96\82Ì\82Ý\82É\91¶\8dÝ\82·\82é\93_\81A\83\8b\81[\83^\82ð\92´\82¦\82Ä\93`\82í\82ç\82È\82¢\93_\81A\8bU\91\95\82ª\89Â\94\\82Å\82 \82é\93_\82È\82Ç\82à\93ï\93_\82Æ\8c¾\82¦\82Ü\82·\81B\r
-</BLOCKQUOTE>\r
-\r
-<LI>\r
-\8dÅ\8bß\81A\82³\82Ü\82´\82Ü\82È\83l\83b\83g\83\8f\81[\83N\94F\8fØ\83V\83X\83e\83\80\82ª\94\95\\82³\82ê\82Ä\82¢\82é\82æ\82¤\82Å\82·\82ª\81B\r
-<BLOCKQUOTE>\r
-Opengate\82Í\88È\89º\82Ì\93_\82ð\96\9e\82½\82µ\82Ä\82¢\82é\93_\82ª\93Á\92¥\82Æ\8dl\82¦\82Ü\82·\81B\92[\96\96\82É\91Î\82·\82é\83\\83t\83g\81A\83n\81[\83h\81A\90Ý\92u\8c`\91Ô\81A\90Ú\91±\95û\96@\82È\82Ç\82Ì\90§\8cÀ\82ª\8f\82È\82¢\8e\96\81B\97\98\97p\8eÒ\82Ì\8ew\93±\82â\8aÇ\97\9d\82ª\8dÅ\8f¬\8cÀ\82Å\8dÏ\82Þ\8e\96\81B\88ê\94Ê\93I\82È\83\\83t\83g/\83n\81[\83h\82Å\8d\\90¬\82³\82ê\82Ä\82¨\82è\81A\8aù\91¶\83l\83b\83g\83\8f\81[\83N\82Ö\82Ì\93±\93ü\82ª\97e\88Õ\82Å\82 \82é\8e\96\81B\97\98\97p\8aJ\8en/\8fI\97¹\82É\8dÛ\82µ\82Ä\91¦\8dÀ\82É\83l\83b\83g\83\8f\81[\83N\82Ì\8aJ\95ú/\95Â\8d½\82ª\8ds\82í\82ê\82é\8e\96\81B\r
-</BLOCKQUOTE>\r
-\r
-<LI>\r
-\91¼\82Ì\97p\93r\82É\82Í\97\98\97p\82Å\82«\82Ü\82·\82©\81B\r
-<BLOCKQUOTE>\r
-\96{\83V\83X\83e\83\80\82Í\81A\83\86\81[\83UID\82Æ\83p\83X\83\8f\81[\83h\82ðWeb\8co\97R\82Å\8eó\82¯\95t\82¯\81A\82»\82ÌIP\83A\83h\83\8c\83X\82Æ\82Ì\83p\83P\83b\83g\82Ì\92Ê\89ß\82ð\8b\96\89Â\82·\82é\83V\83X\83e\83\80\82Å\82·\81B\82»\82Ì\98g\91g\82Ý\82Ì\8aÂ\8b«\82Å\82 \82ê\82Î\97\98\97p\82Å\82«\82é\82Æ\8ev\82¢\82Ü\82·\81B\97á\82¦\82Î\81A\83G\83N\83X\83g\83\89\83l\83b\83g\82©\82ç\83C\83\93\83g\83\89\83l\83b\83g\82É\91Î\82µ\82Ä\83A\83N\83Z\83X\82·\82é\82½\82ß\82Ì\83o\83C\83p\83X\91\8b\8cû\82ð\90Ý\92u\82·\82é\82±\82Æ\82É\82à\97\98\97p\82Å\82«\82é\82Å\82µ\82å\82¤\81B\93\96\91R\82È\82ª\82ç\8bÉ\82ß\82Ä\8d\82\93x\82È\83Z\83L\83\85\83\8a\83e\83B\83\8c\83x\83\8b\82ð\95K\97v\82Æ\82·\82é\83l\83b\83g\83\8f\81[\83N\82Å\82È\82¢\8fê\8d\87\82Å\82·\82ª\81B\r
-</BLOCKQUOTE>\r
-\r
-<LI>\r
-Java\82ª\93®\82©\82È\82¢\92[\96\96\82à\82 \82è\82Ü\82·\82ª\81B\r
-<BLOCKQUOTE>\r
-Java\82ª\93®\82©\82È\82¢\82à\82µ\82\82Í\83C\83\93\83X\83g\81[\83\8b\82³\82ê\82Ä\82¢\82È\82¢\92[\96\96\82Å\82à\81A\97\98\97p\8eÒ\82ª\94F\8fØ\83y\81[\83W\82É\82¨\82¢\82Ä\97v\8b\81\82µ\82½\90Ú\91±\8cp\91±\8e\9e\8aÔ\82¾\82¯\83l\83b\83g\83\8f\81[\83N\82ð\8aJ\95ú\82µ\82Ü\82·\81B\82½\82¾\82µ\81A\8fæ\82Á\8eæ\82è\82â\95ú\92u\82É\91Î\89\9e\82·\82é\82½\82ß\81A\88ê\92è\8e\9e\8aÔ\8aÔ\8au\82Å\81AARP\83R\83}\83\93\83h\82Æ\83t\83@\83C\83A\83E\83H\81[\83\8b\92Ê\89ß\83p\83P\83b\83g\90\94\82Å\83`\83F\83b\83N\82µ\82Ü\82·\81B\82Ü\82½\81A\8b\96\89Â\83y\81[\83W\82Ì\97\98\97p\92\86\92f\82Ì\83\8a\83\93\83N\82ð\83N\83\8a\83b\83N\82·\82é\82±\82Æ\82Å\83l\83b\83g\83\8f\81[\83N\82ð\95Â\8d½\82Å\82«\82Ü\82·\81B\r
-</BLOCKQUOTE>\r
-\r
-\r
-</UL>\r
-\r
-\r
-\97\98\97p\r
-<UL>\r
-<LI>\r
-\96³\90üLAN\82Å\8eg\82¦\82Ü\82·\82©\81B\r
-\r
-<BLOCKQUOTE>\r
-\8eg\82¦\82Ü\82·\81B\82½\82¾\82µ\81A\90e\8bÇ\93à\82ÅNAT\93\99\82É\82æ\82éIP\83A\83h\83\8c\83X\95Ï\8a·\82ª\82È\82³\82ê\82Ä\82¢\82È\82¢\82±\82Æ\82ª\95K\97v\82Å\82·\81B\r
-</BLOCKQUOTE>\r
-\r
-<LI>\r
-DHCP\82âNAT\82Æ\82Ì\8b¤\97p\82Í\82Å\82«\82Ü\82·\82©\81B\r
-\r
-<BLOCKQUOTE>\r
-\82Å\82«\82Ü\82·\81B\82»\82Ì\82æ\82¤\82È\8eg\82¢\95û\82ª\91½\82¢\82Æ\8ev\82¢\82Ü\82·\81B\82½\82¾\82µNAT\82Í\93¯\88ê\83Q\81[\83g\83E\83F\83C\83}\83V\83\93\8fã\82Å\93®\82©\82·\8fê\8d\87\82Å\82·\81B\96{\83Q\81[\83g\83E\83F\83C\82Æ\92[\96\96\8cQ\82Æ\82Ì\8aÔ\82ÉNAT\91\95\92u\82ð\8b²\82Þ\82±\82Æ\82Í\82Å\82«\82Ü\82¹\82ñ\81B\93¯\82¶IP\83A\83h\83\8c\83X\82ð\91½\90l\90\94\82ª\8eg\97p\82·\82é\8c`\82É\82È\82é\82½\82ß\82Å\82·\81B\r
-</BLOCKQUOTE>\r
-\r
-<LI>\r
-MAC\83A\83h\83\8c\83X\82Í\8eæ\93¾\82Å\82«\82Ü\82·\82©\81B\r
-<BLOCKQUOTE>\r
-Ver0.53\82É\82Ä\91Î\89\9e\82µ\82Ü\82µ\82½\81B\82½\82¾\82µ\81A\83T\81[\83o\91¤\82ÅARP\82©\82ç\8eæ\93¾\82·\82é\82½\82ß\81A\83T\81[\83o\91¤\82©\82ç\8c©\82¦\82é\83A\83h\83\8c\83X\82Ì\82Ý\82Å\82·\81B\91ã\97\9dARP\82ª\82 \82é\82Æ\82»\82Ì\92\86\8cp\83A\83h\83\8c\83X\82Æ\82È\82è\82Ü\82·\81B\82Ü\82½\81A\93\96\91R\82È\82ª\82ç\81A\83C\81[\83T\83l\83b\83g\82Å\82Ì\82Ý\97L\8cø\82Å\82·\81B\r
-</BLOCKQUOTE>\r
-\r
-<LI>\r
-\88ê\95\94\82Ì\83T\81[\83r\83X\82Í\94F\8fØ\96³\82µ\82É\82µ\82½\82¢\82Ì\82Å\82·\82ª\81B\82à\82µ\82\82Í\94F\8fØ\8cã\82à\88ê\95\94\82Ì\83T\81[\83r\83X\82ð\90§\8cÀ\82µ\82½\82¢\82Ì\82Å\82·\82ª\81B\r
-\r
-<BLOCKQUOTE>\r
-\8f\89\8aú\8fó\91Ô\82Ì\83t\83@\83C\83A\83E\83I\81[\83\8b\83\8b\81[\83\8b\82É\95K\97v\82È\82à\82Ì\82ð\92Ç\89Á\82·\82ê\82Î\89Â\94\\82Å\82·\81BOpengate\82Í\82±\82Ì\8f\89\8aú\8fó\91Ô\82É\83\8b\81[\83\8b\82ð\91}\93ü\81E\8dí\8f\9c\82µ\82Ü\82·\81B\82æ\82Á\82Ä\81A\92Ç\89Á\88Ê\92u\82ð\8dH\95v\82·\82ê\82Î\97l\81X\82È\90§\8cä\82ª\89Â\94\\82Å\82·\81B\97á\82¦\82Î\81A\93Á\92è\82Ì\83T\83C\83g\82ð\83A\83N\83Z\83X\8b\96\89Â\82à\82µ\82\82Í\95s\8b\96\89Â\82É\8cÅ\92è\82·\82é\82±\82Æ\82à\82Å\82«\82Ü\82·\81B\r
-</BLOCKQUOTE>\r
-\r
-<LI>\r
-\97\98\97p\8eÒ\82Ì\83\8c\83x\83\8b\82É\82æ\82Á\82Ä\83T\81[\83r\83X\82ð\90§\8cÀ\82µ\82½\82¢\82Ì\82Å\82·\82ª\81B\r
-\r
-<BLOCKQUOTE>\r
-Firewall\90§\8cä\82ÉPerl\83X\83N\83\8a\83v\83g\82ª\97\98\97p\82Å\82«\82Ü\82·\81B\83\86\81[\83U\96¼\82â\94F\8fØ\83T\81[\83o\81AIP\83A\83h\83\8c\83X\82È\82Ç\82Å\8bæ\95Ê\82Å\82«\82é\82È\82ç\82Î\81A\83X\83N\83\8a\83v\83g\92\86\82É\8bL\8fq\89Â\94\\82Å\82·\81BVer.0.80\82Å\91Î\89\9e\82µ\82Ü\82µ\82½\81B\r
-</BLOCKQUOTE>\r
-\r
-<LI>\r
-\88ê\8e\9e\93I\97\98\97p\8eÒ\82Ö\82Ì\91Î\89\9e\82Í\82Ç\82¤\82µ\82Ü\82·\82©\81B\r
-\r
-<BLOCKQUOTE>\r
-\94F\8fØ\83T\81[\83o\82Ö\82Ì\88ê\8e\9e\93I\82È\97\98\97p\8eÒ\93o\98^\82ª\95K\97v\82Å\82·\81BOpengate\82Í\81A\95¡\90\94\82Ì\94F\8fØ\83T\81[\83o\82É\83\86\81[\83U\82ð\90U\82è\95ª\82¯\82é\82æ\82¤\82É\8ew\92è\82Å\82«\82Ü\82·\82Ì\82Å\81A\95Ê\93r\82É\88ê\8e\9e\97\98\97p\8eÒ\82Ì\82½\82ß\82Ì\94F\8fØ\83T\81[\83o\82ð\90Ý\92u\82·\82é\82±\82Æ\82à\82Å\82«\82Ü\82·\81Bftp\83T\81[\83o\82ª\93®\82¯\82Î\97Ç\82¢\82Ì\82ÅWindows\82È\82Ç\82Ì\8aÈ\88Õ\83T\81[\83o\82Å\82à\89Â\94\\82Æ\8dl\82¦\82Ü\82·\81B\r
-<BR>\r
-\93\96\91å\8aw\82Å\82Í\81A\8c»\8dÝ\82Ì\82Æ\82±\82ë\81A\90}\8f\91\8aÙ\8aO\95\94\97\98\97p\8eÒ\82â\8aw\89ï\8eQ\89Á\8eÒ\82È\82Ç\82Ì\88ê\8e\9e\93I\97\98\97p\8eÒ\82É\91Î\82µ\82Ä\88È\89º\82Ì\89^\97p\82ð\8ds\82Á\82Ä\82¢\82Ü\82·\81B\88ê\8e\9e\97\98\97p\8eÒ\97p\82Ì\94F\8fØ\83T\81[\83o\82ð\97p\88Ó\82·\82é\81B\95K\97v\90\94\82Ì\97\98\97p\8eÒID\82ð\97\98\97p\8aú\8cÀ\95t\82«\82Å\93o\98^\82µ\81A\93¯\8e\9e\82É\97\98\97p\8eÒID\82Æ\83p\83X\83\8f\81[\83h\82¨\82æ\82Ñ\97\98\97p\8fã\82Ì\92\8d\88Ó\82ð\8f\91\82¢\82½\97p\8e\86\82ð\97\98\97p\8eÒID\96\88\82É\88ó\8dü\82·\82é\81B\97\98\97p\8aó\96]\8eÒ\82ª\97\88\96K\82·\82ê\82Î\81A\90g\8c³\82ð\8am\94F\82µ\82Ä\97p\8e\86\82ð1\96\87\93n\82·\81B\93\96\91R\82È\82ª\82ç\96{\97\98\97p\8eÒID\82Í\8aw\93à\82Ì\83T\81[\83o\82Ö\82Ì\83\8d\83O\83C\83\93\93\99\82É\82Í\97\98\97p\82Å\82«\82Ü\82¹\82ñ\81B\r
-</BLOCKQUOTE>\r
-\r
-<LI>\r
-\83p\83X\83\8f\81[\83h\82Ì\8eç\94é\82Í\95Û\82Ä\82Ü\82·\82©\81B\r
-\r
-<BLOCKQUOTE>\r
-\92[\96\96\82Æ\83Q\81[\83g\83E\83F\83C\8aÔ\82ÍWeb\92Ê\90M\82Å\83p\83X\83\8f\81[\83h\82ð\91\97\82è\82Ü\82·\81B\82æ\82Á\82ÄWeb\83T\81[\83o\82ðSSL\89»\82·\82ê\82Î\8eç\94é\82ª\95Û\82Ä\82Ü\82·\81B\83Q\81[\83g\83E\83F\83C\82Æ\94F\8fØ\83T\81[\83o\82Ì\8aÔ\82Í\81A\8eç\94é\8b@\94\\82Ì\82 \82é\94F\8fØ\83v\83\8d\83g\83R\83\8b\82É\82æ\82ê\82Î\89Â\94\\82Å\82·\81BOpengate\82Í\81Apop3s,Radius,PAM\82É\91Î\89\9e\82µ\82Ä\82¢\82Ü\82·\81BPAM\82Í\91½\82\82Ì\94F\8fØ\83v\83\8d\83g\83R\83\8b\82ð\83T\83|\81[\83g\82µ\82Ü\82·\81B\r
-</BLOCKQUOTE>\r
-\r
-<LI>\r
-\83X\83P\81[\83\89\83r\83\8a\83e\83B\82Í\82Ç\82¤\82Å\82·\82©\81B\83p\83t\83H\81[\83}\83\93\83X\82Í\82Ç\82¤\82Å\82·\82©\81B\r
-\r
-<BLOCKQUOTE>\r
-\90\94\8f\\91ä\82Ì\8eg\97p\82Å\82Í\96â\91è\96³\82\8eg\82¦\82Ä\82¢\82Ü\82·\81B\83N\83\89\83XC\92ö\93x\82Ì\97\98\97p\82Í\82Å\82«\82é\82Æ\8ev\82¢\82Ü\82·\81B\96{\83V\83X\83e\83\80\82Í\81A\83t\83@\83C\83A\83E\83I\81[\83\8b\83\\83t\83g\82Ì\83p\83P\83b\83g\83t\83B\83\8b\83^\83\8a\83\93\83O\8bK\91¥\82ð\92Ç\89Á\81E\8dí\8f\9c\82·\82é\95û\8e®\82Å\82 \82è\81A\8ae\83N\83\89\83C\83A\83\93\83g\82©\82ç\82Ì\97\98\97p\8aJ\8en\97v\8b\81\8e\9e\82ð\95Ê\82É\82·\82ê\82Î\96w\82Ç\95\89\89×\82Æ\82È\82è\82Ü\82¹\82ñ\81B\97\98\97p\92\86\82Ì\83p\83t\83H\81[\83}\83\93\83X\82Í\81A\83p\83P\83b\83g\83t\83B\83\8b\83^\83\8a\83\93\83O\82â\83p\83P\83b\83g\93]\91\97\82Ì\8f\88\97\9d\94\\97Í\82É\88Ë\91¶\82·\82é\82Æ\8ev\82¢\82Ü\82·\81B\82È\82¨\97Ê\93I\82È\90§\8cÀ\82Æ\82µ\82Ä\82Í\81A\97\98\97p\83N\83\89\83C\83A\83\93\83g\96\88\82É\82P\83v\83\8d\83Z\83X\82ª\8fí\92\93\82·\82é\82±\82Æ\82ª\82 \82è\82Ü\82·\81B\82µ\82©\82µ\83v\83\8d\83Z\83X\90\94\82Ì\8dÅ\91å\92l\82Í\83J\81[\83l\83\8b\82Å\92²\90®\82Å\82«\82Ü\82·\82µ\81A\83N\83\89\83XC\92ö\93x\96\88\82É\95ª\8a\84\82µ\82Ä\83V\83X\83e\83\80\89^\97p\82·\82é\95û\82ª\83Q\81[\83g\83E\83F\83C\82É\82¨\82¯\82é\83p\83P\83b\83g\83t\83B\83\8b\83^\83\8a\83\93\83O\93\99\82Ì\94\\97Í\82©\82ç\82·\82é\82Æ\8c»\8eÀ\93I\82Å\82µ\82å\82¤\81B\r
-</BLOCKQUOTE>\r
-\r
-</UL>\r
-\93±\93ü\81E\8aJ\94\r
-<UL>\r
-<LI>\r
-\83C\83\93\83X\83g\81[\83\8b\82µ\82½\82ª\93®\82«\82Ü\82¹\82ñ\81B\r
-\r
-<BLOCKQUOTE>\r
-\91½\90\94\82Ì\83\\83t\83g\83E\83F\83A\82Ì\92\87\89î\82ð\82·\82é\83V\83X\83e\83\80\82Å\82·\82Ì\82Å\83f\83o\83b\83O\82Í\96Ê\93|\82¾\82Æ\8ev\82¢\82Ü\82·\81B\95Ê\93r\82É\97p\88Ó\82µ\82½\83`\83F\83b\83N\8d\80\96Ú\8bL\8fq\82Ì\83t\83@\83C\83\8b\82ð\8c©\82Ä\82\82¾\82³\82¢\81B\r
-</BLOCKQUOTE>\r
-\r
-<LI>\r
-\97\98\97p\81E\89ü\95Ï\81E\94z\95z\82Í\89Â\94\\82Å\82·\82©\81B\r
-\r
-<BLOCKQUOTE>\r
-GPL\89º\82Å\89Â\94\\82Å\82·\81B\8d¡\8cã\82Ì\8aJ\94\82Ì\82½\82ß\82É\81A\8aJ\94\8eÒ\82Ü\82Å\98A\97\8d\92¸\82¯\82ê\82Î\8dK\82¢\82Å\82·\81B\83o\83O\81E\97v\96]\81E\89ü\95Ï\95ñ\8d\90\82ð\8a½\8c}\82µ\82Ü\82·\81B\r
-</BLOCKQUOTE>\r
-\r
-<LI>\r
-\94F\8fØWeb\83y\81[\83W\82Ì\83f\83U\83C\83\93\82ð\95Ï\82¦\82½\82¢\82Ì\82Å\82·\82ª\81B\r
-\r
-<BLOCKQUOTE>\r
-\8aeWeb\83y\81[\83W\82ÍHTML\83t\83@\83C\83\8b\82Æ\82µ\82Ä\93Æ\97§\82µ\82Ä\82¢\82Ü\82·\81B\82±\82ê\82ð\8f\91\82«\82©\82¦\82é\82±\82Æ\82Å\8aÈ\92P\82É\82Å\82«\82Ü\82·\81B\r
-</BLOCKQUOTE>\r
-\r
-\r
-<LI>\r
-IP\83A\83h\83\8c\83X\82É\82æ\82è\91\8a\8eè\82ð\8am\94F\82µ\82Ä\82¢\82é\82æ\82¤\82Å\82·\82ª\81AIP\83X\83v\81[\83t\83B\83\93\83O\82Í\96â\91è\82Å\82Í\82È\82¢\82Å\82·\82©\81B\82Ü\82½\83T\81[\83r\83X\96W\8aQ\8dU\8c\82\82É\82Í\91Î\89\9e\82Å\82«\82Ü\82·\82©\81B\82»\82Ì\91¼\82Ì\83A\83^\83b\83N\82É\91Î\82µ\82Ä\82Í\82Ç\82¤\82Å\82·\82©\81B\r
-\r
-<BLOCKQUOTE>\r
-IP\83X\83v\81[\83t\83B\83\93\83O\82Í\83t\83@\83C\83A\83E\83I\81[\83\8b\82Ì\95û\82Ì\90Ý\92è\82Å\94ð\82¯\82ç\82ê\82é\82Æ\8ev\82¢\82Ü\82·\81B\82Ü\82½Opengate\82Í\81A\90³\82µ\82¢\83p\83X\83\8f\81[\83h\82ð\91\97\82Á\82Ä\82«\82½\83A\83h\83\8c\83X\82É\91Î\82µ\82Ä\8c\8a\82ð\8aJ\82¯\82é\82Ì\82Å\81AIP\83A\83h\83\8c\83X\82ð\8bU\82Á\82Ä\82à\82 \82Ü\82è\93¾\82É\82Í\82È\82è\82Ü\82¹\82ñ\81B\91¼\82ª\94F\8fØ\82ð\8eó\82¯\82Ä\8eg\82Á\82Ä\82¢\82é\93¯\82¶IP\83A\83h\83\8c\83X\82ð\8d¼\8fÌ\82µ\82Ä\83p\83P\83b\83g\82ð\97¬\82·\82±\82Æ\82Í\89Â\94\\82Å\82µ\82å\82¤\82ª\81A\8c»\8eÀ\93I\82È\97\98\97p\82Í\93ï\82µ\82¢\82Æ\8ev\82Á\82Ä\82¢\82Ü\82·\81B\83T\81[\83r\83X\96W\8aQ\82É\82Â\82¢\82Ä\82Í\81A\8aeIP\83A\83h\83\8c\83X\82É\91Î\82µ\82Ä\93Æ\8e©\82Ì\83|\81[\83g\94Ô\8d\86\82ð\88ê\82Â\91\97\82è\82Â\82¯\8cð\90M\82·\82é\8c`\91Ô\82Å\82·\82Ì\82Å\94ð\82¯\82ç\82ê\82é\82Æ\8ev\82¢\82Ü\82·\81B\96W\8aQ\82ð\8a®\91S\82É\8f\9c\8b\8e\82·\82é\82±\82Æ\82Í\93ï\82µ\82¢\82Å\82·\82ª\81A\83Z\83L\83\85\83\8a\83e\83B\83z\81[\83\8b\82ª\82 \82ê\82Î\82²\8b³\8e¦\89º\82³\82¢\81B\88«\88Ó\82ð\8e\9d\82Á\82½\97\98\97p\82É\91Î\82µ\82Ä\82Í\81A\91Î\8dô\82Æ\82µ\82Ä\8dl\82¦\82ç\82ê\82Ä\82¢\82é\8b@\94\\82È\82Ç\82ð\91g\82Ý\8d\87\82í\82¹\82é\82±\82Æ\82à\89Â\94\\82Å\82 \82ë\82¤\82Æ\8ev\82¢\82Ü\82·\81B\r
-</BLOCKQUOTE>\r
-\r
-<LI>\r
-\83_\83E\83\93\83\8d\81[\83h\83t\83@\83C\83\8b\82Ì\92\86\90g\82ª\97\90\8eG\82È\82Ü\82Ü\82Å\82·\82ª\81B\r
-\r
-<BLOCKQUOTE>\r
-\93Á\82É\90®\97\9d\82¹\82¸\82É\81A\93®\82\82æ\82¤\82É\82È\82Á\82½\8fó\91Ô\82ð\95Û\91¶\82µ\82Ä\82¢\82Ü\82·\81B\96µ\8f\82\82à\82 \82é\82Æ\8ev\82¢\82Ü\82·\81B\82«\82ê\82¢\82É\90®\97\9d\82µ\82Ä\8fo\82µ\82½\82¢\82Ì\82Å\82·\82ª\97]\97T\82ª\96³\82\82Ä\8dÏ\82Ý\82Ü\82¹\82ñ\81B\r
-</BLOCKQUOTE>\r
-\r
-<LI>\r
-\83T\81[\83o\82ÍFreeBSD\88È\8aO\82Å\93®\82«\82Ü\82·\82©\81B\r
-\r
-<BLOCKQUOTE>\r
-\8c»\8fó\82Å\82Í\81AFreeBSD\90ê\97p\82Ì\83t\83@\83C\83A\83E\83I\81[\83\8b\83c\81[\83\8bipfw\82ð\97\98\97p\82µ\82Ä\82¢\82é\82Ì\82Å\81A\91¼\82ÌOS\82Å\82Í\93®\82«\82Ü\82¹\82ñ\81B\93¯\93\99\82Ì\8b@\94\\82ð\8e\9d\82Â\83t\83@\83C\83A\83E\83I\81[\83\8b\83c\81[\83\8b\82ª\82 \82ê\82Î\81A\91Î\89\9e\82·\82é\82æ\82¤\82É\8f\91\82«\82©\82¦\82é\82±\82Æ\82Í\89Â\94\\82Å\82·\81B\97á\82¦\82ÎLinux\82Ìipchains\82É\8f\91\82«\8a·\82¦\82é\82±\82Æ\82Í\89Â\94\\82Å\82·\81B\r
-</BLOCKQUOTE>\r
-\r
-<LI>\r
-\92[\96\96\96\88\82É\83v\83\8d\83Z\83X\82ª\90¶\90¬\82³\82ê\82Ä\91å\97Ê\82É\8fí\92\93\82µ\8bC\8e\9d\82¿\97Ç\82\82 \82è\82Ü\82¹\82ñ\81B\88ê\82Â\82É\82Ü\82Æ\82Ü\82è\82Ü\82¹\82ñ\82©\81B\r
-\r
-<BLOCKQUOTE>\r
-\83A\83\8b\83S\83\8a\83Y\83\80\82ð\8aÈ\92P\82É\82·\82é\82½\82ß\82É\8d¡\82Ì\95û\8e®\82ð\8eæ\82è\82Ü\82µ\82½\81B\8aÄ\8e\8b\83v\83\8d\83Z\83X\82ð\88ê\82Â\82É\82Ü\82Æ\82ß\82é\82±\82Æ\82à\89Â\94\\82Å\82µ\82å\82¤\82ª\81A\91½\90\94\82Ì\8e\9e\8aÔ\91Ò\82¿\82Æ\83A\83N\83Z\83X\91Ò\82¿\82ð\90§\8cä\82·\82é\82Ì\82Í\81A\83T\81[\83r\83X\96W\8aQ\82»\82Ì\91¼\82Ì\8dl\97¶\93_\82à\82 \82è\81A\82©\82È\82è\96Ê\93|\82Å\82·\81B\8aO\95\94\8fð\8c\8f\82ð\8a¨\88Ä\82·\82é\82Æ\88ê\82Â\82É\82Ü\82Æ\82ß\82é\8bÙ\8b}\93x\82ª\92á\82¢\82Æ\8dl\82¦\82Ä\8cã\89ñ\82µ\82É\82µ\82Ä\82¢\82Ü\82·\81B\r
-</BLOCKQUOTE>\r
-\r
-<LI>\r
-IPv6\82É\91Î\89\9e\82Å\82«\82Ü\82·\82©\81B\r
-\r
-<BLOCKQUOTE>\r
-ipfw\82Æ\82Æ\82à\82Éip6fw\82ð\90§\8cä\82·\82é\82æ\82¤\82É\82·\82ê\82Î\89Â\94\\82Å\82µ\82å\82¤\81B\82µ\82©\82µ\81AIpv4/IPv6\83f\83\85\83A\83\8b\83X\83^\83b\83N\82É\82¨\82¢\82Ä\81A\97v\8b\81\92[\96\96\82Ì\95¡\90\94IP\83A\83h\83\8c\83X\82ð\81A\91S\82Ä\94c\88¬\82µ\82Ä\93¯\8e\9e\82É\8aJ\95ú/\95Â\8d½\82·\82é\8e\96\82Í\97e\88Õ\82Å\82Í\82È\82¢\82½\82ß\81A\8c»\8fó\82Å\82Í\8eÀ\91\95\82µ\82Ä\82¢\82Ü\82¹\82ñ\81B\8c»\83v\83\8d\83O\83\89\83\80\82É\82¨\82¢\82Ä\82Í\81A\8fð\8c\8f\95t\82Å\82·\82ª\88È\89º\82Ì\95û\96@\82Å\8eÀ\8c»\82Å\82«\82Ü\82·\81B\83t\83@\83C\83A\83E\83H\81[\83\8b\90§\8cä\83X\83N\83\8a\83v\83gopengatefw.pl\82É\82¨\82¢\82Ä\81A\97v\8b\81\92[\96\96\82ÌMAC\83A\83h\83\8c\83X\82ð\91\97\90M\8c³\82Ü\82½\82Í\91\97\90M\90æ\82Æ\82·\82éIPv6\83p\83P\83b\83g\82ð\8b\96\89Â\82·\82éipfw\83R\83}\83\93\83h\82ð\92Ç\89Á\82µ\82Ä\82\82¾\82³\82¢\81B\82½\82¾\82µ\81A\83C\81[\83T\83l\83b\83g\82Ì\93¯\88ê\83\8a\83\93\83N\93à\82É\92[\96\96\82ª\82 \82é\8fê\8d\87\82É\8cÀ\92è\82³\82ê\82Ü\82·\81B\r
-</BLOCKQUOTE>\r
-\r
-</UL>\r
-</BODY>\r
-</HTML>\r
+<html LANG="jp">
+<head>
+<META HTTP-EQUIV="Content-Type" CONTENT="text/html;charset=Shift_JIS">
+
+<title>Opengate Q & A</title>
+</head>
+
+<BODY>
+
+<body bgcolor=#BBEECC>
+
+<H3>Opengate Q & A</H3>
+
+\88Ó\8b`
+<UL>
+<LI>
+\82»\82à\82»\82à\89½\8cÌ\94F\8fØ\82È\82Ç\82ª\95K\97v\82È\82Ì\82Å\82·\82©\81B\92N\82Å\82à\83l\83b\83g\83\8f\81[\83N\82ª\8eg\82¦\82Ä\97Ç\82¢\82Å\82Í\82È\82¢\82Å\82·\82©\81B
+
+<BLOCKQUOTE>
+\8ae\83l\83b\83g\83\8f\81[\83N\82Í\81A\82»\82Ì\90Ý\92u\8eï\8e|\82Æ\8co\94ï\95\89\92S\82É\8f]\82Á\82½\97\98\97p\82ª\8b\81\82ß\82ç\82ê\82Ü\82·\81B\8c\88\82µ\82Ä\8e©\97R\97\98\97p\82ª\91O\92ñ\82Å\82Í\82 \82è\82Ü\82¹\82ñ\81B\82³\82ç\82É\81A\83C\83\93\83^\81[\83l\83b\83g\8fã\82Å\82Í\81A\94îæ\8e\92\86\8f\9d\82â\8d¼\8b\\81A\95s\90³\83A\83^\83b\83N\93\99\82Ì\94½\8eÐ\89ï\93I\8ds\93®\82ª\94\90¶\82µ\82Ä\82¢\82Ü\82·\81B\91g\90D\82Æ\82µ\82Ä\82Í\82»\82Ì\82æ\82¤\82È\8ds\93®\82ð\8d\\90¬\88õ\82É\8bN\82±\82µ\82Ä\97~\82µ\82\82 \82è\82Ü\82¹\82ñ\81B\8ae\8e©\82ª\90Ó\94C\82ð\8e\9d\82Á\82Ä\8ds\93®\82µ\82Ä\82¢\82½\82¾\82\82½\82ß\82Ì\88ê\82Â\82Ì\95û\96@\82Æ\82µ\82Ä\96{\83V\83X\83e\83\80\82ª\82 \82è\82Ü\82·\81B
+</BLOCKQUOTE>
+
+<LI>
+\92[\96\96\82ÌOS\82É\95t\90\8f\82·\82é\94F\8fØ\82ð\97\98\97p\82·\82é\82Ì\82Å\82Í\83_\83\81\82È\82Ì\82Å\82·\82©\81B
+
+<BLOCKQUOTE>
+\93\9d\88ê\82µ\82½PC\8aÂ\8b«\82Ì\8d\\92z\82Æ\88Û\8e\9d\82ª\89Â\94\\82È\83V\83X\83e\83\80\82Ì\8fê\8d\87\82É\82Í\81A\92[\96\96OS\82Ì\94F\8fØ\83V\83X\83e\83\80\82ð\97\98\97p\82µ\82½\95û\82ª\97Ç\82¢\82Æ\8ev\82¢\82Ü\82·\81B\82µ\82©\82µ\95s\93Á\92è\91½\90\94\82ª\95s\93Á\92è\8b@\8aí\82ð\90Ú\91±\82·\82é\82æ\82¤\82È\8aÂ\8b«\82Å\82Í\8b@\94\\82µ\82Ü\82¹\82ñ\81B
+</BLOCKQUOTE>
+
+<LI>
+\83A\83N\83Z\83X\82³\82ê\82é\91¤\82Ì\83T\81[\83o\82ª\8ae\8e©\82Å\94í\8aQ\82ð\8eó\82¯\82È\82¢\82æ\82¤\82É\81A\94F\8fØ\82»\82Ì\91¼\82Ì\83Z\83L\83\85\83\8a\83e\83B\95Û\8e\9d\82ð\8ds\82¤\82±\82Æ\82ª\96{\97\88\82Å\82Í\82È\82¢\82Å\82·\82©\81B
+
+<BLOCKQUOTE>
+\82»\82ê\82à\95K\97v\82Å\82µ\82å\82¤\81B\82µ\82©\82µ\91å\8aw\82Ì\82æ\82¤\82É\91½\90\94\82Ì\91½\97l\82È\90l\8aÔ\82ª\94ä\8ar\93I\8e©\97R\82É\97\98\97p\82Å\82«\82é\83l\83b\83g\83\8f\81[\83N\8aÂ\8b«\82ð\92ñ\8b\9f\82µ\82Ä\82¢\82é\91g\90D\82Å\82Í\81A\8aO\95\94\82É\91Î\82µ\82Ä\97l\81X\82È\83g\83\89\83u\83\8b\82ð\8bN\82±\82µ\8bê\8fî\82ª\8añ\82¹\82ç\82ê\82é\89Â\94\\90«\82ª\8d\82\82\82È\82è\82Ü\82·\81B\82»\82Ì\90Ó\94C\82Í\83g\83\89\83u\83\8b\8c´\88ö\82ð\8dì\82Á\82½\96{\90l\82É\8eæ\82Á\82Ä\82¢\82½\82¾\82\95K\97v\82ª\82 \82è\82Ü\82·\81B\82Ü\82½\81A\83l\83b\83g\83\8f\81[\83N\97\98\97p\82É\82Í\81A\82»\82Ì\96Ú\93I\82É\8d\87\82Á\82½\97\98\97p\8eÒ\82Ì\90§\8cÀ\82ª\82 \82é\82±\82Æ\82ª\92Ê\8fí\82¾\82Æ\8ev\82¢\82Ü\82·\81B\82æ\82Á\82Ä\83A\83N\83Z\83X\82·\82é\91¤\82Å\82Ì\94F\8fØ\82à\95K\97v\82Æ\8dl\82¦\82Ü\82·\81B
+</BLOCKQUOTE>
+
+<LI>
+\89½\8cÌ\81A\8cö\8aJ\8cÅ\92è\92[\96\96\82Æ\8fî\95ñ\83R\83\93\83Z\83\93\83g\82Ì\97¼\95û\82ð\91Î\8fÛ\82Æ\82·\82é\95K\97v\82ª\82 \82é\82Ì\82Å\82·\82©\81B
+\8cö\8aJ\8cÅ\92è\92[\96\96\82Í\92[\96\96OS\82Ì\94F\8fØ\82ª\89Â\94\\82Å\82Í\82È\82¢\82Å\82·\82©\81B
+
+<BLOCKQUOTE>
+\91S\82Ä\82Ì\8cö\8aJ\8cÅ\92è\92[\96\96\82ð\83l\83b\83g\83\8f\81[\83N\8aÇ\97\9d\95\94\96å\82ª\93\9d\88ê\93I\82É\94z\92u\82µ\81A\82»\82Ì\83n\81[\83h\83E\83F\83A\82ð\95s\90³\91\80\8dì\82©\82ç\8eç\82ê\82é\8fó\8bµ\82ª\89Â\94\\82Å\82 \82ê\82Î\82»\82ê\82Å\82à\97Ç\82¢\82Æ\8ev\82¢\82Ü\82·\81B\82µ\82©\82µ\8c»\8eÀ\93I\82É\82Í\8ag\8eU\82µ\82½\8cö\8aJ\8fê\8f\8a\82Ö\91½\90\94\94z\92u\82·\82é\82±\82Æ\82ª\91½\82\81A\97l\81X\82È\8d¢\93ï\82ª\94º\82¢\82Ü\82·\81B\82Ü\82½\8aù\82É\94z\92u\82³\82ê\82½\94F\8fØ\8b@\94\\82Ì\96³\82¢\92[\96\96\82â\95s\8f\\95ª\82È\8aÇ\97\9d\89º\82Ì\92[\96\96\82ª\90\94\91½\82\82 \82è\82Ü\82·\81B\82±\82ê\82ç\82É\82à\91Î\89\9e\82·\82é\95K\97v\82ª\82 \82è\82Ü\82·\81B
+</BLOCKQUOTE>
+
+<LI>
+\83\8b\81[\83^\82â\83t\83@\83C\83A\83E\83I\81[\83\8b\93\99\81A\92Ê\89ß\93_\82Å\82Ì\8bL\98^\8eæ\93¾\82Å\82Í\82¢\82¯\82È\82¢\82Ì\82Å\82·\82©\81B
+<BLOCKQUOTE>
+\82±\82Ì\8bL\98^\82Å\82ÍIP\83A\83h\83\8c\83X\82Í\95ª\82©\82è\82Ü\82·\81B\82µ\82©\82µ\95s\93Á\92è\91½\90\94\82ª\8fo\93ü\82è\82·\82é\8fê\8f\8a\82Ì\8fê\8d\87\82Í\92N\82ª\97\98\97p\82µ\82½\82Ì\82©\95ª\82©\82è\82Ü\82¹\82ñ\81B\97\98\97p\8eÒ\82ª\93Á\92è\82Å\82«\82é\95\94\89®\82Ì\8fê\8d\87\82Í\82±\82Ì\82æ\82¤\82È\8bL\98^\82Å\82à\97Ç\82¢\82Å\82µ\82å\82¤\81B
+</BLOCKQUOTE>
+
+<LI>
+MAC\83A\83h\83\8c\83X\82Å\8cÂ\90l\8e¯\95Ê\82ð\82·\82é\95û\8e®\82à\82 \82é\82æ\82¤\82Å\82·\82ª\81B
+<BLOCKQUOTE>
+Opengate\82Í\8cÂ\90l\8e¯\95Ê\82ð\83\86\81[\83UID\82Æ\83p\83X\83\8f\81[\83h\82Å\8ds\82Á\82Ä\82¢\82Ü\82·\81B\82±\82Ì\94F\8fØ\93ü\97Í\82Ì\91ã\82í\82è\82ÉMAC\83A\83h\83\8c\83X\82ð\8eg\82¤\82±\82Æ\82Í\89Â\94\\82Å\82µ\82å\82¤\81B<BR>
+\82µ\82©\82µMAC\83A\83h\83\8c\83X\82ð\97\98\97p\82·\82é\95û\8e®\82Í\81AMAC\83A\83h\83\8c\83X\82Æ\82»\82Ì\8f\8a\97L\8eÒ\82Æ\82Ì\8aÖ\8cW\82ð\91O\82à\82Á\82Ä\93o\98^\82·\82é\95K\97v\82ª\82 \82è\82Ü\82·\81B\82Ü\82½\8b@\8aí\8f÷\93n\81E\94p\8aü\82Ì\8dÛ\82É\93o\98^\8fÁ\8b\8e\81A\8b@\8aí\8dX\90V\82Ì\8dÛ\82É\93o\98^\8dX\90V\82ð\8ds\82¤\95K\97v\82ª\82 \82è\82Ü\82·\82ª\81A\97\98\97p\8eÒ\82É\93o\98^\8fÁ\8b\8e\82ð\97ã\8ds\82³\82¹\82é\82Ì\82Í\93ï\82µ\82¢\82Æ\8ev\82í\82ê\82Ü\82·\81B\82±\82ê\82ç\82Ì\89^\97p\8fã\82Ì\96â\91è\93_\82ð\89ð\8c\88\82µ\82È\82¯\82ê\82Î\82È\82è\82Ü\82¹\82ñ\81B\82Ü\82½MAC\83A\83h\83\8c\83X\82Í\83C\81[\83T\83l\83b\83g\90Ú\91±\92[\96\96\82Ì\82Ý\82É\91¶\8dÝ\82·\82é\93_\81A\83\8b\81[\83^\82ð\92´\82¦\82Ä\93`\82í\82ç\82È\82¢\93_\81A\8bU\91\95\82ª\89Â\94\\82Å\82 \82é\93_\82È\82Ç\82à\93ï\93_\82Æ\8c¾\82¦\82Ü\82·\81B
+</BLOCKQUOTE>
+
+<LI>
+\8dÅ\8bß\81A\82³\82Ü\82´\82Ü\82È\83l\83b\83g\83\8f\81[\83N\94F\8fØ\83V\83X\83e\83\80\82ª\94\95\\82³\82ê\82Ä\82¢\82é\82æ\82¤\82Å\82·\82ª\81B
+<BLOCKQUOTE>
+Opengate\82Í\88È\89º\82Ì\93_\82ð\96\9e\82½\82µ\82Ä\82¢\82é\93_\82ª\93Á\92¥\82Æ\8dl\82¦\82Ü\82·\81B\92[\96\96\82É\91Î\82·\82é\83\\83t\83g\81A\83n\81[\83h\81A\90Ý\92u\8c`\91Ô\81A\90Ú\91±\95û\96@\82È\82Ç\82Ì\90§\8cÀ\82ª\8f\82È\82¢\8e\96\81B\97\98\97p\8eÒ\82Ì\8ew\93±\82â\8aÇ\97\9d\82ª\8dÅ\8f¬\8cÀ\82Å\8dÏ\82Þ\8e\96\81B\88ê\94Ê\93I\82È\83\\83t\83g/\83n\81[\83h\82Å\8d\\90¬\82³\82ê\82Ä\82¨\82è\81A\8aù\91¶\83l\83b\83g\83\8f\81[\83N\82Ö\82Ì\93±\93ü\82ª\97e\88Õ\82Å\82 \82é\8e\96\81B\97\98\97p\8aJ\8en/\8fI\97¹\82É\8dÛ\82µ\82Ä\91¦\8dÀ\82É\83l\83b\83g\83\8f\81[\83N\82Ì\8aJ\95ú/\95Â\8d½\82ª\8ds\82í\82ê\82é\8e\96\81B
+</BLOCKQUOTE>
+
+<LI>
+\91¼\82Ì\97p\93r\82É\82Í\97\98\97p\82Å\82«\82Ü\82·\82©\81B
+<BLOCKQUOTE>
+\96{\83V\83X\83e\83\80\82Í\81A\83\86\81[\83UID\82Æ\83p\83X\83\8f\81[\83h\82ðWeb\8co\97R\82Å\8eó\82¯\95t\82¯\81A\82»\82ÌIP\83A\83h\83\8c\83X\82Æ\82Ì\83p\83P\83b\83g\82Ì\92Ê\89ß\82ð\8b\96\89Â\82·\82é\83V\83X\83e\83\80\82Å\82·\81B\82»\82Ì\98g\91g\82Ý\82Ì\8aÂ\8b«\82Å\82 \82ê\82Î\97\98\97p\82Å\82«\82é\82Æ\8ev\82¢\82Ü\82·\81B\97á\82¦\82Î\81A\83G\83N\83X\83g\83\89\83l\83b\83g\82©\82ç\83C\83\93\83g\83\89\83l\83b\83g\82É\91Î\82µ\82Ä\83A\83N\83Z\83X\82·\82é\82½\82ß\82Ì\83o\83C\83p\83X\91\8b\8cû\82ð\90Ý\92u\82·\82é\82±\82Æ\82É\82à\97\98\97p\82Å\82«\82é\82Å\82µ\82å\82¤\81B\93\96\91R\82È\82ª\82ç\8bÉ\82ß\82Ä\8d\82\93x\82È\83Z\83L\83\85\83\8a\83e\83B\83\8c\83x\83\8b\82ð\95K\97v\82Æ\82·\82é\83l\83b\83g\83\8f\81[\83N\82Å\82È\82¢\8fê\8d\87\82Å\82·\82ª\81B
+</BLOCKQUOTE>
+
+<LI>
+Java\82ª\93®\82©\82È\82¢\92[\96\96\82à\82 \82è\82Ü\82·\82ª\81B
+<BLOCKQUOTE>
+Java\82ª\93®\82©\82È\82¢\82à\82µ\82\82Í\83C\83\93\83X\83g\81[\83\8b\82³\82ê\82Ä\82¢\82È\82¢\92[\96\96\82Å\82à\81A\97\98\97p\8eÒ\82ª\94F\8fØ\83y\81[\83W\82É\82¨\82¢\82Ä\97v\8b\81\82µ\82½\90Ú\91±\8cp\91±\8e\9e\8aÔ\82¾\82¯\83l\83b\83g\83\8f\81[\83N\82ð\8aJ\95ú\82µ\82Ü\82·\81B\82½\82¾\82µ\81A\8fæ\82Á\8eæ\82è\82â\95ú\92u\82É\91Î\89\9e\82·\82é\82½\82ß\81A\88ê\92è\8e\9e\8aÔ\8aÔ\8au\82Å\81AARP\83R\83}\83\93\83h\82Æ\83t\83@\83C\83A\83E\83H\81[\83\8b\92Ê\89ß\83p\83P\83b\83g\90\94\82Å\83`\83F\83b\83N\82µ\82Ü\82·\81B\82Ü\82½\81A\8b\96\89Â\83y\81[\83W\82Ì\97\98\97p\92\86\92f\82Ì\83\8a\83\93\83N\82ð\83N\83\8a\83b\83N\82·\82é\82±\82Æ\82Å\83l\83b\83g\83\8f\81[\83N\82ð\95Â\8d½\82Å\82«\82Ü\82·\81B
+</BLOCKQUOTE>
+
+
+</UL>
+
+
+\97\98\97p
+<UL>
+<LI>
+\96³\90üLAN\82Å\8eg\82¦\82Ü\82·\82©\81B
+
+<BLOCKQUOTE>
+\8eg\82¦\82Ü\82·\81B\82½\82¾\82µ\81A\90e\8bÇ\93à\82ÅNAT\93\99\82É\82æ\82éIP\83A\83h\83\8c\83X\95Ï\8a·\82ª\82È\82³\82ê\82Ä\82¢\82È\82¢\82±\82Æ\82ª\95K\97v\82Å\82·\81B
+</BLOCKQUOTE>
+
+<LI>
+DHCP\82âNAT\82Æ\82Ì\8b¤\97p\82Í\82Å\82«\82Ü\82·\82©\81B
+
+<BLOCKQUOTE>
+\82Å\82«\82Ü\82·\81B\82»\82Ì\82æ\82¤\82È\8eg\82¢\95û\82ª\91½\82¢\82Æ\8ev\82¢\82Ü\82·\81B\82½\82¾\82µNAT\82Í\93¯\88ê\83Q\81[\83g\83E\83F\83C\83}\83V\83\93\8fã\82Å\93®\82©\82·\8fê\8d\87\82Å\82·\81B\96{\83Q\81[\83g\83E\83F\83C\82Æ\92[\96\96\8cQ\82Æ\82Ì\8aÔ\82ÉNAT\91\95\92u\82ð\8b²\82Þ\82±\82Æ\82Í\82Å\82«\82Ü\82¹\82ñ\81B\93¯\82¶IP\83A\83h\83\8c\83X\82ð\91½\90l\90\94\82ª\8eg\97p\82·\82é\8c`\82É\82È\82é\82½\82ß\82Å\82·\81B
+</BLOCKQUOTE>
+
+<LI>
+MAC\83A\83h\83\8c\83X\82Í\8eæ\93¾\82Å\82«\82Ü\82·\82©\81B
+<BLOCKQUOTE>
+Ver0.53\82É\82Ä\91Î\89\9e\82µ\82Ü\82µ\82½\81B\82½\82¾\82µ\81A\83T\81[\83o\91¤\82ÅARP\82©\82ç\8eæ\93¾\82·\82é\82½\82ß\81A\83T\81[\83o\91¤\82©\82ç\8c©\82¦\82é\83A\83h\83\8c\83X\82Ì\82Ý\82Å\82·\81B\91ã\97\9dARP\82ª\82 \82é\82Æ\82»\82Ì\92\86\8cp\83A\83h\83\8c\83X\82Æ\82È\82è\82Ü\82·\81B\82Ü\82½\81A\93\96\91R\82È\82ª\82ç\81A\83C\81[\83T\83l\83b\83g\82Å\82Ì\82Ý\97L\8cø\82Å\82·\81B
+</BLOCKQUOTE>
+
+<LI>
+\88ê\95\94\82Ì\83T\81[\83r\83X\82Í\94F\8fØ\96³\82µ\82É\82µ\82½\82¢\82Ì\82Å\82·\82ª\81B\82à\82µ\82\82Í\94F\8fØ\8cã\82à\88ê\95\94\82Ì\83T\81[\83r\83X\82ð\90§\8cÀ\82µ\82½\82¢\82Ì\82Å\82·\82ª\81B
+
+<BLOCKQUOTE>
+\8f\89\8aú\8fó\91Ô\82Ì\83t\83@\83C\83A\83E\83I\81[\83\8b\83\8b\81[\83\8b\82É\95K\97v\82È\82à\82Ì\82ð\92Ç\89Á\82·\82ê\82Î\89Â\94\\82Å\82·\81BOpengate\82Í\82±\82Ì\8f\89\8aú\8fó\91Ô\82É\83\8b\81[\83\8b\82ð\91}\93ü\81E\8dí\8f\9c\82µ\82Ü\82·\81B\82æ\82Á\82Ä\81A\92Ç\89Á\88Ê\92u\82ð\8dH\95v\82·\82ê\82Î\97l\81X\82È\90§\8cä\82ª\89Â\94\\82Å\82·\81B\97á\82¦\82Î\81A\93Á\92è\82Ì\83T\83C\83g\82ð\83A\83N\83Z\83X\8b\96\89Â\82à\82µ\82\82Í\95s\8b\96\89Â\82É\8cÅ\92è\82·\82é\82±\82Æ\82à\82Å\82«\82Ü\82·\81B
+</BLOCKQUOTE>
+
+<LI>
+\97\98\97p\8eÒ\82Ì\83\8c\83x\83\8b\82É\82æ\82Á\82Ä\83T\81[\83r\83X\82ð\90§\8cÀ\82µ\82½\82¢\82Ì\82Å\82·\82ª\81B
+
+<BLOCKQUOTE>
+Firewall\90§\8cä\82ÉPerl\83X\83N\83\8a\83v\83g\82ª\97\98\97p\82Å\82«\82Ü\82·\81B\83\86\81[\83U\96¼\82â\94F\8fØ\83T\81[\83o\81AIP\83A\83h\83\8c\83X\82È\82Ç\82Å\8bæ\95Ê\82Å\82«\82é\82È\82ç\82Î\81A\83X\83N\83\8a\83v\83g\92\86\82É\8bL\8fq\89Â\94\\82Å\82·\81BVer.0.80\82Å\91Î\89\9e\82µ\82Ü\82µ\82½\81B
+</BLOCKQUOTE>
+
+<LI>
+\88ê\8e\9e\93I\97\98\97p\8eÒ\82Ö\82Ì\91Î\89\9e\82Í\82Ç\82¤\82µ\82Ü\82·\82©\81B
+
+<BLOCKQUOTE>
+\94F\8fØ\83T\81[\83o\82Ö\82Ì\88ê\8e\9e\93I\82È\97\98\97p\8eÒ\93o\98^\82ª\95K\97v\82Å\82·\81BOpengate\82Í\81A\95¡\90\94\82Ì\94F\8fØ\83T\81[\83o\82É\83\86\81[\83U\82ð\90U\82è\95ª\82¯\82é\82æ\82¤\82É\8ew\92è\82Å\82«\82Ü\82·\82Ì\82Å\81A\95Ê\93r\82É\88ê\8e\9e\97\98\97p\8eÒ\82Ì\82½\82ß\82Ì\94F\8fØ\83T\81[\83o\82ð\90Ý\92u\82·\82é\82±\82Æ\82à\82Å\82«\82Ü\82·\81Bftp\83T\81[\83o\82ª\93®\82¯\82Î\97Ç\82¢\82Ì\82ÅWindows\82È\82Ç\82Ì\8aÈ\88Õ\83T\81[\83o\82Å\82à\89Â\94\\82Æ\8dl\82¦\82Ü\82·\81B
+<BR>
+\93\96\91å\8aw\82Å\82Í\81A\8c»\8dÝ\82Ì\82Æ\82±\82ë\81A\90}\8f\91\8aÙ\8aO\95\94\97\98\97p\8eÒ\82â\8aw\89ï\8eQ\89Á\8eÒ\82È\82Ç\82Ì\88ê\8e\9e\93I\97\98\97p\8eÒ\82É\91Î\82µ\82Ä\88È\89º\82Ì\89^\97p\82ð\8ds\82Á\82Ä\82¢\82Ü\82·\81B\88ê\8e\9e\97\98\97p\8eÒ\97p\82Ì\94F\8fØ\83T\81[\83o\82ð\97p\88Ó\82·\82é\81B\95K\97v\90\94\82Ì\97\98\97p\8eÒID\82ð\97\98\97p\8aú\8cÀ\95t\82«\82Å\93o\98^\82µ\81A\93¯\8e\9e\82É\97\98\97p\8eÒID\82Æ\83p\83X\83\8f\81[\83h\82¨\82æ\82Ñ\97\98\97p\8fã\82Ì\92\8d\88Ó\82ð\8f\91\82¢\82½\97p\8e\86\82ð\97\98\97p\8eÒID\96\88\82É\88ó\8dü\82·\82é\81B\97\98\97p\8aó\96]\8eÒ\82ª\97\88\96K\82·\82ê\82Î\81A\90g\8c³\82ð\8am\94F\82µ\82Ä\97p\8e\86\82ð1\96\87\93n\82·\81B\93\96\91R\82È\82ª\82ç\96{\97\98\97p\8eÒID\82Í\8aw\93à\82Ì\83T\81[\83o\82Ö\82Ì\83\8d\83O\83C\83\93\93\99\82É\82Í\97\98\97p\82Å\82«\82Ü\82¹\82ñ\81B
+</BLOCKQUOTE>
+
+<LI>
+\83p\83X\83\8f\81[\83h\82Ì\8eç\94é\82Í\95Û\82Ä\82Ü\82·\82©\81B
+
+<BLOCKQUOTE>
+\92[\96\96\82Æ\83Q\81[\83g\83E\83F\83C\8aÔ\82ÍWeb\92Ê\90M\82Å\83p\83X\83\8f\81[\83h\82ð\91\97\82è\82Ü\82·\81B\82æ\82Á\82ÄWeb\83T\81[\83o\82ðSSL\89»\82·\82ê\82Î\8eç\94é\82ª\95Û\82Ä\82Ü\82·\81B\83Q\81[\83g\83E\83F\83C\82Æ\94F\8fØ\83T\81[\83o\82Ì\8aÔ\82Í\81A\8eç\94é\8b@\94\\82Ì\82 \82é\94F\8fØ\83v\83\8d\83g\83R\83\8b\82É\82æ\82ê\82Î\89Â\94\\82Å\82·\81BOpengate\82Í\81Apop3s,Radius,PAM\82É\91Î\89\9e\82µ\82Ä\82¢\82Ü\82·\81BPAM\82Í\91½\82\82Ì\94F\8fØ\83v\83\8d\83g\83R\83\8b\82ð\83T\83|\81[\83g\82µ\82Ü\82·\81B
+</BLOCKQUOTE>
+
+<LI>
+\83X\83P\81[\83\89\83r\83\8a\83e\83B\82Í\82Ç\82¤\82Å\82·\82©\81B\83p\83t\83H\81[\83}\83\93\83X\82Í\82Ç\82¤\82Å\82·\82©\81B
+
+<BLOCKQUOTE>
+\90\94\8f\\91ä\82Ì\8eg\97p\82Å\82Í\96â\91è\96³\82\8eg\82¦\82Ä\82¢\82Ü\82·\81B\83N\83\89\83XC\92ö\93x\82Ì\97\98\97p\82Í\82Å\82«\82é\82Æ\8ev\82¢\82Ü\82·\81B\96{\83V\83X\83e\83\80\82Í\81A\83t\83@\83C\83A\83E\83I\81[\83\8b\83\\83t\83g\82Ì\83p\83P\83b\83g\83t\83B\83\8b\83^\83\8a\83\93\83O\8bK\91¥\82ð\92Ç\89Á\81E\8dí\8f\9c\82·\82é\95û\8e®\82Å\82 \82è\81A\8ae\83N\83\89\83C\83A\83\93\83g\82©\82ç\82Ì\97\98\97p\8aJ\8en\97v\8b\81\8e\9e\82ð\95Ê\82É\82·\82ê\82Î\96w\82Ç\95\89\89×\82Æ\82È\82è\82Ü\82¹\82ñ\81B\97\98\97p\92\86\82Ì\83p\83t\83H\81[\83}\83\93\83X\82Í\81A\83p\83P\83b\83g\83t\83B\83\8b\83^\83\8a\83\93\83O\82â\83p\83P\83b\83g\93]\91\97\82Ì\8f\88\97\9d\94\\97Í\82É\88Ë\91¶\82·\82é\82Æ\8ev\82¢\82Ü\82·\81B\82È\82¨\97Ê\93I\82È\90§\8cÀ\82Æ\82µ\82Ä\82Í\81A\97\98\97p\83N\83\89\83C\83A\83\93\83g\96\88\82É\82P\83v\83\8d\83Z\83X\82ª\8fí\92\93\82·\82é\82±\82Æ\82ª\82 \82è\82Ü\82·\81B\82µ\82©\82µ\83v\83\8d\83Z\83X\90\94\82Ì\8dÅ\91å\92l\82Í\83J\81[\83l\83\8b\82Å\92²\90®\82Å\82«\82Ü\82·\82µ\81A\83N\83\89\83XC\92ö\93x\96\88\82É\95ª\8a\84\82µ\82Ä\83V\83X\83e\83\80\89^\97p\82·\82é\95û\82ª\83Q\81[\83g\83E\83F\83C\82É\82¨\82¯\82é\83p\83P\83b\83g\83t\83B\83\8b\83^\83\8a\83\93\83O\93\99\82Ì\94\\97Í\82©\82ç\82·\82é\82Æ\8c»\8eÀ\93I\82Å\82µ\82å\82¤\81B
+</BLOCKQUOTE>
+
+</UL>
+\93±\93ü\81E\8aJ\94
+<UL>
+<LI>
+\83C\83\93\83X\83g\81[\83\8b\82µ\82½\82ª\93®\82«\82Ü\82¹\82ñ\81B
+
+<BLOCKQUOTE>
+\91½\90\94\82Ì\83\\83t\83g\83E\83F\83A\82Ì\92\87\89î\82ð\82·\82é\83V\83X\83e\83\80\82Å\82·\82Ì\82Å\83f\83o\83b\83O\82Í\96Ê\93|\82¾\82Æ\8ev\82¢\82Ü\82·\81B\95Ê\93r\82É\97p\88Ó\82µ\82½\83`\83F\83b\83N\8d\80\96Ú\8bL\8fq\82Ì\83t\83@\83C\83\8b\82ð\8c©\82Ä\82\82¾\82³\82¢\81B
+</BLOCKQUOTE>
+
+<LI>
+\97\98\97p\81E\89ü\95Ï\81E\94z\95z\82Í\89Â\94\\82Å\82·\82©\81B
+
+<BLOCKQUOTE>
+GPL\89º\82Å\89Â\94\\82Å\82·\81B\8d¡\8cã\82Ì\8aJ\94\82Ì\82½\82ß\82É\81A\8aJ\94\8eÒ\82Ü\82Å\98A\97\8d\92¸\82¯\82ê\82Î\8dK\82¢\82Å\82·\81B\83o\83O\81E\97v\96]\81E\89ü\95Ï\95ñ\8d\90\82ð\8a½\8c}\82µ\82Ü\82·\81B
+</BLOCKQUOTE>
+
+<LI>
+\94F\8fØWeb\83y\81[\83W\82Ì\83f\83U\83C\83\93\82ð\95Ï\82¦\82½\82¢\82Ì\82Å\82·\82ª\81B
+
+<BLOCKQUOTE>
+\8aeWeb\83y\81[\83W\82ÍHTML\83t\83@\83C\83\8b\82Æ\82µ\82Ä\93Æ\97§\82µ\82Ä\82¢\82Ü\82·\81B\82±\82ê\82ð\8f\91\82«\82©\82¦\82é\82±\82Æ\82Å\8aÈ\92P\82É\82Å\82«\82Ü\82·\81B
+</BLOCKQUOTE>
+
+
+<LI>
+IP\83A\83h\83\8c\83X\82É\82æ\82è\91\8a\8eè\82ð\8am\94F\82µ\82Ä\82¢\82é\82æ\82¤\82Å\82·\82ª\81AIP\83X\83v\81[\83t\83B\83\93\83O\82Í\96â\91è\82Å\82Í\82È\82¢\82Å\82·\82©\81B\82Ü\82½\83T\81[\83r\83X\96W\8aQ\8dU\8c\82\82É\82Í\91Î\89\9e\82Å\82«\82Ü\82·\82©\81B\82»\82Ì\91¼\82Ì\83A\83^\83b\83N\82É\91Î\82µ\82Ä\82Í\82Ç\82¤\82Å\82·\82©\81B
+
+<BLOCKQUOTE>
+IP\83X\83v\81[\83t\83B\83\93\83O\82Í\83t\83@\83C\83A\83E\83I\81[\83\8b\82Ì\95û\82Ì\90Ý\92è\82Å\94ð\82¯\82ç\82ê\82é\82Æ\8ev\82¢\82Ü\82·\81B\82Ü\82½Opengate\82Í\81A\90³\82µ\82¢\83p\83X\83\8f\81[\83h\82ð\91\97\82Á\82Ä\82«\82½\83A\83h\83\8c\83X\82É\91Î\82µ\82Ä\8c\8a\82ð\8aJ\82¯\82é\82Ì\82Å\81AIP\83A\83h\83\8c\83X\82ð\8bU\82Á\82Ä\82à\82 \82Ü\82è\93¾\82É\82Í\82È\82è\82Ü\82¹\82ñ\81B\91¼\82ª\94F\8fØ\82ð\8eó\82¯\82Ä\8eg\82Á\82Ä\82¢\82é\93¯\82¶IP\83A\83h\83\8c\83X\82ð\8d¼\8fÌ\82µ\82Ä\83p\83P\83b\83g\82ð\97¬\82·\82±\82Æ\82Í\89Â\94\\82Å\82µ\82å\82¤\82ª\81A\8c»\8eÀ\93I\82È\97\98\97p\82Í\93ï\82µ\82¢\82Æ\8ev\82Á\82Ä\82¢\82Ü\82·\81B\83T\81[\83r\83X\96W\8aQ\82É\82Â\82¢\82Ä\82Í\81A\8aeIP\83A\83h\83\8c\83X\82É\91Î\82µ\82Ä\93Æ\8e©\82Ì\83|\81[\83g\94Ô\8d\86\82ð\88ê\82Â\91\97\82è\82Â\82¯\8cð\90M\82·\82é\8c`\91Ô\82Å\82·\82Ì\82Å\94ð\82¯\82ç\82ê\82é\82Æ\8ev\82¢\82Ü\82·\81B\96W\8aQ\82ð\8a®\91S\82É\8f\9c\8b\8e\82·\82é\82±\82Æ\82Í\93ï\82µ\82¢\82Å\82·\82ª\81A\83Z\83L\83\85\83\8a\83e\83B\83z\81[\83\8b\82ª\82 \82ê\82Î\82²\8b³\8e¦\89º\82³\82¢\81B\88«\88Ó\82ð\8e\9d\82Á\82½\97\98\97p\82É\91Î\82µ\82Ä\82Í\81A\91Î\8dô\82Æ\82µ\82Ä\8dl\82¦\82ç\82ê\82Ä\82¢\82é\8b@\94\\82È\82Ç\82ð\91g\82Ý\8d\87\82í\82¹\82é\82±\82Æ\82à\89Â\94\\82Å\82 \82ë\82¤\82Æ\8ev\82¢\82Ü\82·\81B
+</BLOCKQUOTE>
+
+<LI>
+\83_\83E\83\93\83\8d\81[\83h\83t\83@\83C\83\8b\82Ì\92\86\90g\82ª\97\90\8eG\82È\82Ü\82Ü\82Å\82·\82ª\81B
+
+<BLOCKQUOTE>
+\93Á\82É\90®\97\9d\82¹\82¸\82É\81A\93®\82\82æ\82¤\82É\82È\82Á\82½\8fó\91Ô\82ð\95Û\91¶\82µ\82Ä\82¢\82Ü\82·\81B\96µ\8f\82\82à\82 \82é\82Æ\8ev\82¢\82Ü\82·\81B\82«\82ê\82¢\82É\90®\97\9d\82µ\82Ä\8fo\82µ\82½\82¢\82Ì\82Å\82·\82ª\97]\97T\82ª\96³\82\82Ä\8dÏ\82Ý\82Ü\82¹\82ñ\81B
+</BLOCKQUOTE>
+
+<LI>
+\83T\81[\83o\82ÍFreeBSD\88È\8aO\82Å\93®\82«\82Ü\82·\82©\81B
+
+<BLOCKQUOTE>
+\8c»\8fó\82Å\82Í\81AFreeBSD\90ê\97p\82Ì\83t\83@\83C\83A\83E\83I\81[\83\8b\83c\81[\83\8bipfw\82ð\97\98\97p\82µ\82Ä\82¢\82é\82Ì\82Å\81A\91¼\82ÌOS\82Å\82Í\93®\82«\82Ü\82¹\82ñ\81B\93¯\93\99\82Ì\8b@\94\\82ð\8e\9d\82Â\83t\83@\83C\83A\83E\83I\81[\83\8b\83c\81[\83\8b\82ª\82 \82ê\82Î\81A\91Î\89\9e\82·\82é\82æ\82¤\82É\8f\91\82«\82©\82¦\82é\82±\82Æ\82Í\89Â\94\\82Å\82·\81B\97á\82¦\82ÎLinux\82Ìipchains\82É\8f\91\82«\8a·\82¦\82é\82±\82Æ\82Í\89Â\94\\82Å\82·\81B
+</BLOCKQUOTE>
+
+<LI>
+\92[\96\96\96\88\82É\83v\83\8d\83Z\83X\82ª\90¶\90¬\82³\82ê\82Ä\91å\97Ê\82É\8fí\92\93\82µ\8bC\8e\9d\82¿\97Ç\82\82 \82è\82Ü\82¹\82ñ\81B\88ê\82Â\82É\82Ü\82Æ\82Ü\82è\82Ü\82¹\82ñ\82©\81B
+
+<BLOCKQUOTE>
+\83A\83\8b\83S\83\8a\83Y\83\80\82ð\8aÈ\92P\82É\82·\82é\82½\82ß\82É\8d¡\82Ì\95û\8e®\82ð\8eæ\82è\82Ü\82µ\82½\81B\8aÄ\8e\8b\83v\83\8d\83Z\83X\82ð\88ê\82Â\82É\82Ü\82Æ\82ß\82é\82±\82Æ\82à\89Â\94\\82Å\82µ\82å\82¤\82ª\81A\91½\90\94\82Ì\8e\9e\8aÔ\91Ò\82¿\82Æ\83A\83N\83Z\83X\91Ò\82¿\82ð\90§\8cä\82·\82é\82Ì\82Í\81A\83T\81[\83r\83X\96W\8aQ\82»\82Ì\91¼\82Ì\8dl\97¶\93_\82à\82 \82è\81A\82©\82È\82è\96Ê\93|\82Å\82·\81B\8aO\95\94\8fð\8c\8f\82ð\8a¨\88Ä\82·\82é\82Æ\88ê\82Â\82É\82Ü\82Æ\82ß\82é\8bÙ\8b}\93x\82ª\92á\82¢\82Æ\8dl\82¦\82Ä\8cã\89ñ\82µ\82É\82µ\82Ä\82¢\82Ü\82·\81B
+</BLOCKQUOTE>
+
+<LI>
+IPv6\82É\91Î\89\9e\82Å\82«\82Ü\82·\82©\81B
+
+<BLOCKQUOTE>
+ipfw\82Æ\82Æ\82à\82Éip6fw\82ð\90§\8cä\82·\82é\82æ\82¤\82É\82·\82ê\82Î\89Â\94\\82Å\82µ\82å\82¤\81B\82µ\82©\82µ\81AIpv4/IPv6\83f\83\85\83A\83\8b\83X\83^\83b\83N\82É\82¨\82¢\82Ä\81A\97v\8b\81\92[\96\96\82Ì\95¡\90\94IP\83A\83h\83\8c\83X\82ð\81A\91S\82Ä\94c\88¬\82µ\82Ä\93¯\8e\9e\82É\8aJ\95ú/\95Â\8d½\82·\82é\8e\96\82Í\97e\88Õ\82Å\82Í\82È\82¢\82½\82ß\81A\8c»\8fó\82Å\82Í\8eÀ\91\95\82µ\82Ä\82¢\82Ü\82¹\82ñ\81B\8c»\83v\83\8d\83O\83\89\83\80\82É\82¨\82¢\82Ä\82Í\81A\8fð\8c\8f\95t\82Å\82·\82ª\88È\89º\82Ì\95û\96@\82Å\8eÀ\8c»\82Å\82«\82Ü\82·\81B\83t\83@\83C\83A\83E\83H\81[\83\8b\90§\8cä\83X\83N\83\8a\83v\83gopengatefw.pl\82É\82¨\82¢\82Ä\81A\97v\8b\81\92[\96\96\82ÌMAC\83A\83h\83\8c\83X\82ð\91\97\90M\8c³\82Ü\82½\82Í\91\97\90M\90æ\82Æ\82·\82éIPv6\83p\83P\83b\83g\82ð\8b\96\89Â\82·\82éipfw\83R\83}\83\93\83h\82ð\92Ç\89Á\82µ\82Ä\82\82¾\82³\82¢\81B\82½\82¾\82µ\81A\83C\81[\83T\83l\83b\83g\82Ì\93¯\88ê\83\8a\83\93\83N\93à\82É\92[\96\96\82ª\82 \82é\8fê\8d\87\82É\8cÀ\92è\82³\82ê\82Ü\82·\81B
+</BLOCKQUOTE>
+
+</UL>
+</BODY>
+</HTML>
<!--
if(!navigator.javaEnabled())
alert("Cannot run Java. You should click TERMINATE link in another page to close the network.");
-w=window.open("http://%%HOSTADDR%%%%OPENGATEDIR%%/en/accept2.html","window1");
+w=window.open("**InfomationUrlHere**","window1");
//-->
</SCRIPT>
<NOSCRIPT>
<table border="1">
<tr><td><font color=red">
If your browser denies to open the working window, click
-<a href="http://%%HOSTADDR%%%%OPENGATEDIR%%/en/accept2.html" target="_blank">
+<a href="**InfomationUrlHere**" target="_blank">
here</a> to opne it.</font>
</td></tr>
<tr><td>
--- /dev/null
+<HTML>
+<META HTTP-EQUIV="Content-Type" CONTENT="text/html;charset=iso-8859-1">
+<HEAD>
+<TITLE>Opengatedeny</TITLE>
+</HEAD>
+<BODY>
+<P>
+Network authentication failed. Please retry again.
+</P>
+<A HREF=https://%%AUTHCGIURL%%?en>BACK</A>
+</BODY>
+</HTML>
<P>
Network authentication failed. Please retry again.
</P>
-<A HREF=http://%%HOSTADDR%%%%OPENGATEDIR%%/en/index.html>BACK</A>
+<A HREF=http://%%AUTHCGIURL%%?en>BACK</A>
</BODY>
</HTML>
-<HTML>\r
-<META HTTP-EQUIV="Content-Type" CONTENT="text/html;charset=iso-8859-1">\r
-<META HTTP-EQUIV="Pragma" CONTENT="no-cache">\r
-<HEAD>\r
-<TITLE>OpengateStart</TITLE>\r
-</HEAD>\r
-\r
-<BODY>\r
-<center>\r
-\r
-<H2>Network Authentication</H2>\r
-\r
-<hr SIZE=4 WIDTH="100%">\r
-\r
-<P><font size=+1>You are requested to be authenticated before using network.\r
-</font></P>\r
-\r
-<P><font size=+1>You will be authenticated with your user ID and\r
-password for systems in Computer and Network Center (CNC). If you do\r
-not know your user ID and/or password, please consult CNC.\r
-</font></P>\r
-\r
-<P>\r
-Please enter your user ID and password in the box below, then press\r
-SEND.\r
-</P>\r
-\r
-<P>\r
-<FORM METHOD="POST" ACTION="/cgi-bin%%OPENGATEDIR%%/opengatesrv.cgi">\r
-<INPUT TYPE="HIDDEN" NAME="language" VALUE="en">\r
-\r
-<TABLE BORDER=0>\r
-<TR NOWRAP>\r
-<TD>User ID:</TD><TD><INPUT TYPE="TEXT" SIZE=15 NAME="userid"></TD>\r
-</TR><TR NOWRAP>\r
-<TD>Password:</TD><TD><INPUT TYPE="PASSWORD" SIZE=15 NAME="password"></TD>\r
-</TR><TR NOWRAP>\r
-<TD></TD><TD><INPUT TYPE="SUBMIT" VALUE=" SEND "></TD>\r
-</TR>\r
-</TABLE>\r
-\r
-<hr>\r
-Required Usage Duration: <INPUT TYPE="TEXT" SIZE=3 NAME="duration">minutes(Max 3 hours). The value is used only when Java Applet is not active. Click the TERMINATE link in the accept page at the end of usage. \r
-\r
-</FORM>\r
-</P>\r
-\r
-<hr WIDTH="100%">\r
-\r
-</center>\r
-\r
-<p><font size=+1>If you have some questions, please contact CNC.\r
-\r
-<div align=right>November 2000\r
-\r
-<br>CNC (Computer and Network Center)</div>\r
-\r
-</BODY>\r
-\r
-</HTML>\r
-\r
-\r
-\r
-\r
-\r
-\r
-\r
-\r
-\r
+<HTML>
+<META HTTP-EQUIV="Content-Type" CONTENT="text/html;charset=iso-8859-1">
+<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
+<HEAD>
+<TITLE>OpengateStart</TITLE>
+</HEAD>
+
+<BODY>
+<center>
+<img src="/ban.gif" border="0">
+<H2>Network Authentication</H2>
+<hr>
+[<a href="https://%%AUTHCGIURL%%?ja">Japanese version</a>]
+<hr SIZE=4 WIDTH="100%">
+
+<P><font size=+1>You are requested to be authenticated before using network.
+</font></P>
+
+<P><font size=+1>You will be authenticated with your user ID and
+password for systems in 5th group. If you do
+not know your user ID and/or password, please consult CNC.
+</font></P>
+
+<P>
+Please enter your user ID and password in the box below, then press
+SEND.
+</P>
+
+<P>
+<FORM METHOD="POST" ACTION="https://%%CGIURL%%">
+<INPUT TYPE="HIDDEN" NAME="language" VALUE="en">
+
+<TABLE BORDER=0>
+<TR NOWRAP>
+<TD>User ID:</TD><TD><INPUT TYPE="TEXT" SIZE=15 NAME="userid"></TD>
+</TR><TR NOWRAP>
+<TD>Password:</TD><TD><INPUT TYPE="PASSWORD" SIZE=15 NAME="password"></TD>
+</TR><TR NOWRAP>
+<TD><INPUT TYPE="HIDDEN" NAME="remote_addr" VALUE="%%REMOTE_ADDR%%"></TD>
+<TD><INPUT TYPE="SUBMIT" VALUE=" SEND "></TD>
+</TR>
+</TABLE>
+
+<hr>
+Required Usage Duration: <INPUT TYPE="TEXT" SIZE=3 NAME="duration">minutes(Max 3 hours). The value is used only when Java Applet is not active. Click the TERMINATE link in the accept page at the end of usage.
+
+</FORM>
+</P>
+
+<hr WIDTH="100%">
+
+</center>
+
+<p><font size=+1>If you have some questions, please contact CNC.
+
+<div align=right>July 2005
+
+<br>5th group, Infomation Science, Saga-u</div>
+
+</BODY>
+
+</HTML>
+
+
+
+
+
+
+
+
+
-<HTML>\r
-<META HTTP-EQUIV="Content-Type" CONTENT="text/html;charset=iso-8859-1">\r
-<META HTTP-EQUIV="Pragma" CONTENT="no-cache">\r
-<HEAD>\r
-<TITLE>OpengateStart</TITLE>\r
-</HEAD>\r
-\r
-<BODY>\r
-<H1 align=center>Network Authentication</H1>\r
-\r
-<hr>\r
-[<a href="../ja/index.html">Japanese version</a>]\r
-<hr>\r
-<div align=center>\r
-<P><font size=+1>You are requested to be authenticated before using network.\r
-</font></P>\r
-\r
-<P><font size=+1>You will be authenticated with your user ID and\r
-password for systems in Computer and Network Center (CNC). If you do\r
-not know your user ID and/or password, please consult CNC.\r
-</font></P>\r
-\r
-<P>\r
-Please enter your user ID and password in the box below, then press SEND.\r
-Please use SSL Authentication as far as possible to prevent wiretapping. \r
-</P>\r
-<P><A HREF="https://%%HOSTADDR%%%%OPENGATEDIR%%/en/index-ssl.html">SSL Authentication</A></P>\r
-\r
-<P>\r
-<FORM METHOD="POST" ACTION="/cgi-bin%%OPENGATEDIR%%/opengatesrv.cgi">\r
-<INPUT TYPE="HIDDEN" NAME="language" VALUE="en">\r
-\r
-<TABLE BORDER=0>\r
-<TR NOWRAP>\r
-<TD>User ID:</TD><TD><INPUT TYPE="TEXT" SIZE=15 NAME="userid"></TD>\r
-</TR><TR NOWRAP>\r
-<TD>Password:</TD><TD><INPUT TYPE="PASSWORD" SIZE=15 NAME="password"></TD>\r
-</TR><TR NOWRAP>\r
-<TD></TD><TD><INPUT TYPE="SUBMIT" VALUE=" SEND "></TD>\r
-</TR>\r
-</TABLE>\r
-\r
-<hr>\r
-Required Usage Duration: <INPUT TYPE="TEXT" SIZE=3 NAME="duration">minutes(Max 3 hours). The value is used only when Java Applet is not active. Click the TERMINATE link in the accept page at the end of usage. \r
-\r
-</FORM>\r
-</P>\r
-\r
-</div>\r
-<hr>\r
-\r
-<p><font size=+1>If you have some questions, please contact CNC.\r
-\r
-<div align=right>November 2000\r
-\r
-<br>CNC (Computer and Network Center)</div>\r
-\r
-</BODY>\r
-\r
-</HTML>\r
-\r
-\r
-\r
-\r
-\r
-\r
-\r
-\r
-\r
+<HTML>
+<META HTTP-EQUIV="Content-Type" CONTENT="text/html;charset=iso-8859-1">
+<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
+<HEAD>
+<TITLE>OpengateStart</TITLE>
+</HEAD>
+
+<BODY>
+<center>
+
+<img src="/ban.gif" border="0">
+<H1 align=center>Network Authentication</H1>
+
+<hr>
+[<a href="http://%%CGIURL%%?ja">Japanese version</a>]
+<hr>
+<div align=center>
+<P><font size=+1>You are requested to be authenticated before using network.
+</font></P>
+
+<P><font size=+1>You will be authenticated with your user ID and
+password for systems in 5th group. If you do
+not know your user ID and/or password, please consult CNC.
+</font></P>
+
+<P>
+Please enter your user ID and password in the box below, then press SEND.
+Please use SSL Authentication as far as possible to prevent wiretapping.
+</P>
+<P><A HREF="https://%%AUTHCGIURL%%?en">SSL Authentication</A></P>
+
+<P>
+<FORM METHOD="POST" ACTION="http://%%CGIURL%%">
+<INPUT TYPE="HIDDEN" NAME="language" VALUE="en">
+
+<TABLE BORDER=0>
+<TR NOWRAP>
+<TD>User ID:</TD><TD><INPUT TYPE="TEXT" SIZE=15 NAME="userid"></TD>
+</TR><TR NOWRAP>
+<TD>Password:</TD><TD><INPUT TYPE="PASSWORD" SIZE=15 NAME="password"></TD>
+</TR><TR NOWRAP>
+<TD><INPUT TYPE="HIDDEN" NAME="remote_addr" VALUE="%%REMOTE_ADDR%%"></TD>
+<TD><INPUT TYPE="SUBMIT" VALUE=" SEND "></TD>
+</TR>
+</TABLE>
+
+<hr>
+Required Usage Duration: <INPUT TYPE="TEXT" SIZE=3 NAME="duration">minutes(Max 3 hours). The value is used only when Java Applet is not active. Click the TERMINATE link in the accept page at the end of usage.
+
+</FORM>
+</P>
+
+</div>
+</center>
+<hr>
+
+<p><font size=+1>If you have some questions, please contact network administrator.
+
+<div align=right>July 2005
+
+<br>5th group, Infomation Science, Saga-u </div>
+
+
+</BODY>
+
+</HTML>
+
+
+
+
+
+
+
+
+
-<HTML>\r
-<META HTTP-EQUIV="Content-Type" CONTENT="text/html;charset=iso-8859-1">\r
-<META HTTP-EQUIV="Pragma" CONTENT="no-cache">\r
-<META HTTP-EQUIV="Refresh" CONTENT="1; URL=http://%%HOSTADDR%%%%OPENGATEDIR%%/en/index.html">\r
-<HEAD>\r
-<TITLE>OpengateStart</TITLE>\r
-</HEAD>\r
-<BODY>\r
-You will automatically enter to the page for <i>Network Authentication</i>\r
-by Opengate.\r
-<P>\r
-If you can not move to the page automatically, click the following.\r
-<P>\r
-<a href="http://%%HOSTADDR%%%%OPENGATEDIR%%/en/index.html">Network Authentication</a>\r
-<hr>\r
-Computer and Network Center, Saga University\r
-</BODY>\r
-</HTML>\r
+<HTML>
+<META HTTP-EQUIV="Content-Type" CONTENT="text/html;charset=iso-8859-1">
+<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
+<META HTTP-EQUIV="Refresh" CONTENT="1; URL=https://%%AUTHCGIURL%%?en">
+<HEAD>
+<TITLE>OpengateStart</TITLE>
+</HEAD>
+<BODY>
+You will automatically enter to the page for <i>Network Authentication</i>
+by Opengate.
+<P>
+If you can not move to the page automatically, click the following.
+<P>
+<a href="https://%%AUTHCGIURL%%?en">Network Authentication</a><br>
+<a href="http://%%AUTHCGIURL%%?en">Network Authentication(Unuse SSL)</a>
+<hr>
+5th group, Infomation Science, Saga-u
+</BODY>
+</HTML>
<!--
if(!navigator.javaEnabled())
alert("Java\e$B$,M-8z$K$J$C$F$$$^$;$s!#%M%C%H%o!<%/$rJD$8$k$K$O!"JL%Z!<%8$KI=<($5$l$F$$$kMxMQCfCG$N%j%s%/$r%/%j%C%/$7$F$/$@$5$$!#\e(B");
-w=window.open("http://%%HOSTADDR%%%%OPENGATEDIR%%/ja/accept2.html","window1");
+w=window.open("**InfomationUrlHere**","window1");
//-->
</SCRIPT>
<NOSCRIPT>
<table border="1">
<tr><td><font color=red">
\e$B$b$&0l$D$N:n6HMQ%&%#%s%I%&$,3+$+$J$$>l9g$K$O!"\e(B
-<a href="http://%%HOSTADDR%%%%OPENGATEDIR%%/ja/accept2.html"
-target="_blank">\e$B$3$A$i\e(B</a>\e$B$r%/%j%C%/$7$F$/$@$5$$!#\e(B</font>
+<a href="**InfomationUrlHere**" target="_blank">\e$B$3$A$i\e(B</a>\e$B$r%/%j%C%/$7$F$/$@$5$$!#\e(B</font>
</td></tr>
<tr><td>
\e$B$*;H$$$N%3%s%T%e!<%?$K\e(BJava\e$B$N<B9T4D6-$,L5$$>l9g$K$O!"\e(B
--- /dev/null
+<HTML>
+<META HTTP-EQUIV="Content-Type" CONTENT="text/html;charset=iso-2022-jp">
+<HEAD>
+<TITLE>Opengatedeny</TITLE>
+</HEAD>
+<BODY>
+<P>
+\e$B%M%C%H%o!<%/MxMQG'>Z$K<:GT$7$^$7$?!#$b$&0lEY$d$jD>$7$F2<$5$$!#\e(B
+</P>
+<A HREF=https://%%AUTHCGIURL%%?ja>\e$BLa$k\e(B</A>
+</BODY>
+</HTML>
<P>
\e$B%M%C%H%o!<%/MxMQG'>Z$K<:GT$7$^$7$?!#$b$&0lEY$d$jD>$7$F2<$5$$!#\e(B
</P>
-<A HREF=http://%%HOSTADDR%%%%OPENGATEDIR%%/ja/index.html>\e$BLa$k\e(B</A>
+<A HREF=http://%%AUTHCGIURL%%?ja>\e$BLa$k\e(B</A>
</BODY>
</HTML>
<TITLE>OpengateStart</TITLE>
</HEAD>
-<BODY>
+<BODY bgcolor="#FFFFCC">
<center>
+<img src="/ban.gif" border="0">
<H2>\e$B%M%C%H%o!<%/MxMQG'>Z\e(B</H2>
-
+<hr>
+[<a href="https://%%AUTHCGIURL%%?en">English version</a>]
<hr SIZE=4 WIDTH="100%">
<P><font size=+1>\e$B%M%C%H%o!<%/$NMxMQ$r;O$a$kA0$K!"\e(B \e$BMxMQ;q3J$N3NG'$r9T$C$F$/$@$5$$!#\e(B</font></P>
-<P><font size=+1>\e$BMxMQ;q3J$N3NG'$K$O!"3X=Q>pJs=hM}%;%s%?!<$N%f!<%6L>$H%Q%9%o!<%I$,I,MW$G$9!#<+J,$N%f!<%6L>$d%Q%9%o!<%I$,2r$i$J$$>l9g$O!"3X=Q>pJs=hM}%;%s%?!<$K?R$M$F$/$@$5$$!#\e(B</font></P>
+<P><font size=+1>\e$BMxMQ;q3J$N3NG'$K$O!"Bh8^8&5f<<$N%f!<%6L>$H%Q%9%o!<%I$,I,MW$G$9!#<+J,$N%f!<%6L>$d%Q%9%o!<%I$,2r$i$J$$>l9g$O!"3X=Q>pJs=hM}%;%s%?!<$K?R$M$F$/$@$5$$!#\e(B</font></P>
<P>
\e$B2<$NF~NOMs$K!"%f!<%6\e(BID\e$B$H%Q%9%o!<%I$rF~NO$7$F!"!VAw?.!W%\%?%s$r2!$7$F2<$5$$!#\e(B
</P>
<P>
-<FORM METHOD="POST" ACTION="/cgi-bin%%OPENGATEDIR%%/opengatesrv.cgi">
+<FORM METHOD="POST" ACTION="https://%%CGIURL%%">
<INPUT TYPE="HIDDEN" NAME="language" VALUE="ja">
<TABLE BORDER=0>
</TR><TR NOWRAP>
<TD>\e$B%Q%9%o!<%I\e(B:</TD><TD><INPUT TYPE="PASSWORD" SIZE=15 NAME="password"></TD>
</TR><TR NOWRAP>
-<TD></TD><TD><INPUT TYPE="SUBMIT" VALUE=" \e$BAw\e(B \e$B?.\e(B "></TD>
+<TD><INPUT TYPE="HIDDEN" NAME="remote_addr" VALUE="%%REMOTE_ADDR%%"></TD>
+<TD><INPUT TYPE="SUBMIT" VALUE=" \e$BAw\e(B \e$B?.\e(B "></TD>
</TR>
</TABLE>
</center>
-<p><font size=+1>\e$BITL@$JE@$J$I$,$"$j$^$7$?$i!"3X=Q>pJs=hM}%;%s%?!<$K$*?R$M$/$@$5$$!#\e(B
+<p><font size=+1>\e$BITL@$JE@$J$I$,$"$j$^$7$?$i!"Bh8^8&5f%0%k!<%W%M%C%H%o!<%/4IM}<T$K$*?R$M$/$@$5$$!#\e(B
-<div align=right>2000\e$BG/\e(B11\e$B7n\e(B
+<div align=right>2005\e$BG/\e(B7\e$B7n\e(B
-<br>\e$B3X=Q>pJs=hM}%;%s%?!<\e(B</div>
+<br>\e$B:42lBg3X\e(B \e$BM}9)3XIt\e(B \e$BCNG=>pJs%7%9%F%`3X2J\e(B \e$BBh8^8&5f%0%k!<%W\e(B</div>
</BODY>
<BODY>
<H1 align=center>\e$B%M%C%H%o!<%/MxMQG'>Z\e(B</H1>
-<H2 align=center>Network Authentication</H2>
<hr>
-[<a href="../en/index.html">English version</a>]
+[<a href="http://%%AUTHCGIURL%%?en">English version</a>]
<hr>
<div align=center>
<P><font size=+1>\e$B%M%C%H%o!<%/$NMxMQ$r;O$a$kA0$K!"\e(B \e$BMxMQ;q3J$N3NG'$r9T$C$F$/$@$5$$!#\e(B</font></P>
-<P><font size=+1>\e$BMxMQ;q3J$N3NG'$K$O!"3X=Q>pJs=hM}%;%s%?!<$N%f!<%6L>$H%Q%9%o!<%I$,I,MW$G$9!#<+J,$N%f!<%6L>$d%Q%9%o!<%I$,2r$i$J$$>l9g$O!"3X=Q>pJs=hM}%;%s%?!<$K?R$M$F$/$@$5$$!#\e(B</font></P>
+<P><font size=+1>\e$BMxMQ;q3J$N3NG'$K$O!"Bh8^8&5f<<$N%f!<%6L>$H%Q%9%o!<%I$,I,MW$G$9!#<+J,$N%f!<%6L>$d%Q%9%o!<%I$,2r$i$J$$>l9g$O!"3X=Q>pJs=hM}%;%s%?!<$K?R$M$F$/$@$5$$!#\e(B</font></P>
<P>
\e$B2<$NF~NOMs$K!"%f!<%6\e(BID\e$B$H%Q%9%o!<%I$rF~NO$7$F!"!VAw?.!W%\%?%s$r2!$7$F2<$5$$!#\e(B
\e$B%Q%9%o!<%I$NEpD0$rKI$0$?$a$K!"$G$-$k$@$1\e(BSSL\e$BBP1~G'>Z$rMxMQ$7$F2<$5$$!#\e(B
</P>
-<P><A HREF="https://%%HOSTADDR%%%%OPENGATEDIR%%/ja/index-ssl.html">SSL\e$BBP1~G'>Z\e(B</A></P>
+<P><A HREF="https://%%AUTHCGIURL%%">SSL\e$BBP1~G'>Z\e(B</A></P>
<P>
-<FORM METHOD="POST" ACTION="/cgi-bin%%OPENGATEDIR%%/opengatesrv.cgi">
+<FORM METHOD="POST" ACTION="http://%%CGIURL%%">
<INPUT TYPE="HIDDEN" NAME="language" VALUE="ja">
<TABLE BORDER=0>
</TR><TR NOWRAP>
<TD>\e$B%Q%9%o!<%I\e(B:</TD><TD><INPUT TYPE="PASSWORD" SIZE=15 NAME="password"></TD>
</TR><TR NOWRAP>
-<TD></TD><TD><INPUT TYPE="SUBMIT" VALUE=" \e$BAw\e(B \e$B?.\e(B "></TD>
+<TD><INPUT TYPE="HIDDEN" NAME="remote_addr" VALUE="%%REMOTE_ADDR%%"></TD>
+<TD><INPUT TYPE="SUBMIT" VALUE=" \e$BAw\e(B \e$B?.\e(B "></TD>
</TR>
</TABLE>
<hr>
-<p><font size=+1>\e$BITL@$JE@$J$I$,$"$j$^$7$?$i!"3X=Q>pJs=hM}%;%s%?!<$K$*?R$M$/$@$5$$!#\e(B
+<p><font size=+1>\e$BITL@$JE@$J$I$,$"$j$^$7$?$i!"Bh8^8&5f%0%k!<%W%M%C%H%o!<%/4IM}<T$K$*?R$M$/$@$5$$!#\e(B
-<div align=right>2000\e$BG/\e(B11\e$B7n\e(B
+<div align=right>2005\e$BG/\e(B7\e$B7n\e(B
-<br>\e$B3X=Q>pJs=hM}%;%s%?!<\e(B</div>
+<br>\e$B:42lBg3X\e(B \e$BM}9)3XIt\e(B \e$BCNG=>pJs%7%9%F%`3X2J\e(B \e$BBh8^8&5f%0%k!<%W\e(B</div>
</BODY>
-<HTML>\r
-<META HTTP-EQUIV="Content-Type" CONTENT="text/html;charset=iso-2022-jp">\r
-<META HTTP-EQUIV="Pragma" CONTENT="no-cache">\r
-<META HTTP-EQUIV="Refresh" CONTENT="1; URL=http://%%HOSTADDR%%%%OPENGATEDIR%%/ja/index.html">\r
-<HEAD>\r
-<TITLE>OpengateStart</TITLE>\r
-</HEAD>\r
-<BODY>\r
-Opengate\e$B$K$h$k!V%M%C%H%o!<%/MxMQG'>Z!W$N%Z!<%8$X<+F00\F0$7$^$9!#\e(B\r
-<P>\r
-\e$B<+F00\F0$G$-$J$$J}$O$3$A$i$r%/%j%C%/$7$F2<$5$$!#\e(B\r
-<P>\r
-<a href="http://%%HOSTADDR%%%%OPENGATEDIR%%/ja/index.html">\e$B%M%C%H%o!<%/MxMQ<TG'>Z\e(B</a>\r
-<HR>\r
-\e$B:42lBg3X3X=Q>pJs=hM}%;%s%?!<\e(B\r
-</BODY>\r
-</HTML>\r
+<HTML>
+<META HTTP-EQUIV="Content-Type" CONTENT="text/html;charset=iso-2022-jp">
+<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
+<META HTTP-EQUIV="Refresh" CONTENT="1; URL=https://%%AUTHCGIURL%%?ja">
+<HEAD>
+<TITLE>OpengateStart</TITLE>
+</HEAD>
+<BODY>
+Opengate\e$B$K$h$k!V%M%C%H%o!<%/MxMQG'>Z!W$N%Z!<%8$X<+F00\F0$7$^$9!#\e(B
+<P>
+\e$B<+F00\F0$G$-$J$$J}$O$3$A$i$r%/%j%C%/$7$F2<$5$$!#\e(B
+<P>
+<a href="https://%%AUTHCGIURL%%?ja">\e$B%M%C%H%o!<%/MxMQ<TG'>Z\e(B</a><br>
+<a href="http://%%AUTHCGIURL%%?ja">\e$B%M%C%H%o!<%/MxMQ<TG'>Z!J\e(BSSL\e$BHsBP1~!K\e(B</a>
+<HR>
+\e$B:42lBg3X\e(B \e$BM}9)3XIt\e(B \e$BCNG=>pJs%7%9%F%`3X2J\e(B \e$BBh8^8&5f<<\e(B
+</BODY>
+</HTML>
-##################### Change following ###################
-## must be matched to descriptions in html files ########
+################ Change following ########################
+## must be matched to descriptions in html files ########
## some other parameters exist in opengatesrv.h ########
+##########################################################
-# Change HOSTADDR to your gateway client side IP address#
-#########################################################
-HOSTADDR = 192.168.29.138
+### Opengate hostname for IPv4
+HOSTNAME4 = opengate4.ai.is.saga-u.ac.jp
+
+### Opengate hostname for IPv6 (ready IPv4)
+# HOSTNAME = ${HOSTNAME4}
+HOSTNAME = opengate.ai.is.saga-u.ac.jp
### first web access directory top entered by forwarding
# top dir (must be *NonSSL* page top)
-HTMLTOP1 = /usr/local/www/data
+HTMLTOP1 = /usr/local/apache2/htdocs
### subsequent web access directory and files
# top dir (can be SSL page top)
-HTMLTOP2 = /usr/local/www/data
+HTMLTOP2 = /usr/local/apache2/htdocs
# opengate documents directory relative to HTMLTOP2
OPENGATEDIR = /opengate
### opengate cgi program
-CGIPATH = /usr/local/www/cgi-bin${OPENGATEDIR}
+CGIPATH = /usr/local/apache2/cgi-bin${OPENGATEDIR}
CGIPROG = opengatesrv.cgi
+CGIURL = ${HOSTNAME}/cgi-bin${OPENGATEDIR}/${CGIPROG}
+
+### opengate authentication cgi program
+AUTHCGIPROG = opengateauth.cgi
+AUTHCGIURL = ${HOSTNAME4}/cgi-bin${OPENGATEDIR}/${AUTHCGIPROG}
+
+### use infomation. (1:use 0:not use)
+INFOMATION=1
+INFOMATIONURL = http://sadakari.ai.is.saga-u.ac.jp/
+
+### authentication html document & check opengateauth.h
+AUTHHTMLJA = ${HTMLTOP1}${OPENGATEDIR}/ja/index.html
+AUTHHTMLEN = ${HTMLTOP1}${OPENGATEDIR}/en/index.html
+AUTHHTMLJASSL = ${HTMLTOP1}${OPENGATEDIR}/ja/index-ssl.html
+AUTHHTMLENSSL = ${HTMLTOP1}${OPENGATEDIR}/en/index-ssl.html
+
+
### opengatesrv configuration file(copied from ../conf/opengatesrv.conf)
CONFIGFILE = /etc/opengatesrv.conf
### use perl script(=1) to add firewall rule or execl ipfw directly(=0)
# 1 is for flexible control and 0 is for simple control(full open).
-USEFWSCRIPT=1
+USEFWSCRIPT=0
### firewall control perl script (copied from ../conf/opengatefw.pl)
FWSCRIPT = opengatefw.pl
FWSCRIPTPATH = /etc/${FWSCRIPT}
### htmldocs and the languages (first one is the default language)
# store documents in each language directory under OPENGATEDIR
-HTMLDOCS=topindex.html index.html index-ssl.html accept.html accept2.html deny.html
-DENYDOC = deny.html
-ACCEPTDOC = accept.html
+HTMLDOCS=topindex.html index.html index-ssl.html accept.html accept2.html deny.html deny-ssl.html opengateauth.html
+DENYDOC = deny.html
+DENYDOCSSL = deny-ssl.html
+ACCEPTDOC = accept.html
+ACCEPTDOC2 = accept2.html
HTMLLANGS=ja en
# path to arp command
ARPPATH=/usr/sbin/arp
-# path to ipfw command
+
+# path to ndp command
+NDPPATH=/usr/sbin/ndp
+
+# path to ipfw & ip6fw command
IPFWPATH=/sbin/ipfw
+IP6FWPATH=/sbin/ip6fw
##########################################################
OGPATH=${HTMLTOP2}${OPENGATEDIR}
CFLAGS=-DCONFIGFILE=\"${CONFIGFILE}\" \
-DOPENGATEDIR=\"${OPENGATEDIR}\" \
-DDENYDOC=\"${DENYDOC}\" \
+ -DDENYDOCSSL=\"${DENYDOCSSL}\" \
-DOGPATH=\"${OGPATH}\" \
-DACCEPTDOC=\"${ACCEPTDOC}\" \
+ -DACCEPTDOC2=\"${ACCEPTDOC2}\" \
+ -DINFOMATION=\"${INFOMATION}\" \
+ -DINFOURL=\"${INFOMATIONURL}\" \
-DIPFWPATH=\"${IPFWPATH}\" \
+ -DIP6FWPATH=\"${IP6FWPATH}\" \
-DFWSCRIPTPATH=\"${FWSCRIPTPATH}\" \
-DFWSCRIPT=\"${FWSCRIPT}\" \
-DLOCKFILE=\"${LOCKFILE}\" \
-DUSEFWSCRIPT=${USEFWSCRIPT} \
-DARPPATH=\"${ARPPATH}\" \
+ -DNDPPATH=\"${NDPPATH}\" \
+ -DHOSTNAME4=\"${HOSTNAME4}\" \
+ -DHOSTNAME=\"${HOSTNAME}\" \
+ -DAUTHHTMLJA=\"${AUTHHTMLJA}\" \
+ -DAUTHHTMLEN=\"${AUTHHTMLEN}\" \
+ -DAUTHHTMLJASSL=\"${AUTHHTMLJASSL}\" \
+ -DAUTHHTMLENSSL=\"${AUTHHTMLENSSL}\" \
-DHTMLLANGS="\"${HTMLLANGS}\""
LIBS = -lssl -lcrypto -lradius -lpam
-OBJS = utilities.o comm-auth.o comm-cgi.o comm-java.o comm-ipfw.o comm-arp.o error.o tcp_connect.o sock_ntop_host.o wrapper.o signal.o auth-pam.o auth-rad.o auth-pop3s.o comm-userdb.o get-param.o
+OBJS = utilities.o comm-auth.o comm-cgi.o comm-java.o comm-ipfw.o comm-ip6fw.o comm-arp.o comm-ndp.o error.o tcp_connect.o sock_ntop_host.o wrapper.o signal.o auth-pam.o auth-rad.o auth-pop3s.o comm-userdb.o get-param.o
HDRS = opengatesrv.h
PROG = opengatesrv
+AUTHPROG = opengateauth
+AUTHOBJS = opengateauth.o htmltemplate.o
TESTPROGS = test-get-param test-comm-auth test-comm-ipfw test-comm-java
CLEANFILES = *.o *~ *.core
-all: ${PROG} ${TESTPROGS}
+all: ${PROG} ${AUTHPROG} ${TESTPROGS}
opengatesrv: ${OBJS} main.o
${CC} ${CFLAGS} -o $@ ${OBJS} main.o ${LIBS}
+opengateauth: ${AUTHOBJS}
+ ${CC} ${CFLAGS} -o $@ ${AUTHOBJS}
+
test-get-param: ${OBJS} test-get-param.o
${CC} ${CFLAGS} -o $@ ${OBJS} test-get-param.o ${LIBS}
clean:
- rm -f ${PROG} ${TESTPROGS} ${CLEANFILES}
+ rm -f ${PROG} ${AUTHPROG} ${TESTPROGS} ${CLEANFILES}
install: install-cgi install-java install-html install-conf install-fwscript
-install-cgi: ${PROG}
+install-cgi: ${PROG} ${AUTHPROG}
## Copy CGI program and Set S bit ##
.if !exists(${CGIPATH})
mkdir ${CGIPATH}
.endif
cp ${PROG} ${CGIPATH}/${CGIPROG}
- chmod 4755 ${CGIPATH}/${CGIPROG}
+ chmod 4755 ${CGIPATH}/${CGIPROG}
+ cp ${AUTHPROG} ${CGIPATH}/${AUTHCGIPROG}
+ chmod 4755 ${CGIPATH}/${AUTHCGIPROG}
#
.endif
.for DOC in ${HTMLDOCS}
.if exists(../javahtml/${LANG}/${DOC})
- sed -e 's/%%HOSTADDR%%/${HOSTADDR}/g' \
- -e 's!%%OPENGATEDIR%%!${OPENGATEDIR}!g' \
+ sed -e 's!%%CGIURL%%!${CGIURL}!g' \
+ -e 's!%%AUTHCGIURL%%!${AUTHCGIURL}!g' \
+ -e 's!%%AUTHCGIPROG%%!${AUTHCGIPROG}!g' \
+ -e 's!%%OPENGATEDIR%%!${OPENGATEDIR}!g' \
+ -e 's!%%HOSTNAME%%!${HOSTNAME}!g' \
<../javahtml/${LANG}/${DOC} >${OGPATH}/${LANG}/${DOC}
.endif
.endfor
comm-arp.o: ${HDRS}
+comm-ndp.o: ${HDRS}
+
comm-userdb.o: ${HDRS}
auth-pam.o: ${HDRS}
get-param.o: ${HDRS}
+opengateauth.o: ${HDRS}
+
+htmltemplate.o: ${HDRS}
+
test-get-param.o: ${HDRS}
test-comm-auth.o: ${HDRS}
return ret;
}
-
-
-
-
-
-
-
-
-
-
-
/*******************************************************************/
/* get MAC address for clientAddr (nnn.nnn.nnn.nnn) by arp request */
/*******************************************************************/
-int getMacAddr(char *clientAddr, char* macAddr)
+int getMacAddrFromArp(char *clientAddr4, char* macAddr4)
{
int fd[2];
int piperead_fd,pipewrite_fd;
char *startp;
char *endp;
- macAddr[0]='?';
- macAddr[1]='\0';
+ macAddr4[0]='?';
+ macAddr4[1]='\0';
/* create pipe */
if(pipe(fd)!=0){
Close(pipewrite_fd);
/* exec proc */
- if(execl(ARPPATH,"arp","-n",clientAddr,(char *)0) == -1){
+ if(execl(ARPPATH,"arp","-n",clientAddr4,(char *)0) == -1){
err_quit("ERR in comm-arp: execlp error no= %d", errno);
}
exit(1);
if((endp=strstr(startp, " "))==NULL) return -1;
*endp='\0';
- strncpy(macAddr, startp, ADDRMAXLN);
+ strncpy(macAddr4, startp, ADDRMAXLN);
Close(piperead_fd);
/****************************************/
/****************************************/
-int GetMacAddr(char *clientAddr, char* macAddr)
+int GetMacAddrFromArp(char *clientAddr4, char* macAddr4)
{
int ret;
- if(DEBUG) err_msg("DEBUG:=>getMacAddr(%s,)",clientAddr);
- ret=getMacAddr(clientAddr,macAddr);
- if(DEBUG) err_msg("DEBUG:(%d)<=getMacAddr(,%s)",ret,macAddr);
+ if(DEBUG) err_msg("DEBUG:=>getMacAddrFromArp(%s,)",clientAddr4);
+ ret=getMacAddrFromArp(clientAddr4,macAddr4);
+ if(DEBUG) err_msg("DEBUG:(%d)<=getMacAddrFromArp(,%s)",ret,macAddr4);
return ret;
}
module for Communication through CGI
Copyright (C) 1999 Yoshiaki Watanabe
+ Modfied 2005 Katsuhiko Eguchi
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
/********************************************/
/* get Post data from the client */
/********************************************/
-void getPostData(char *userid, char *password, int *durationPtr)
+void getPostData(char *userid, char *password, char *clientAddr4, int *durationPtr)
{
int contentLen;
char content[BUFFMAXLN];
/* get items from string */
userid[0]='\0';
password[0]='\0';
+ clientAddr4[0]='\0';
language[0]='\0';
durationStr[0]='\0';
strncpy(userid, value[0], USERMAXLN);
}else if(strstr(name[0], "password")!=NULL){
strncpy(password, value[0], PASSMAXLN);
+ }else if(strstr(name[0],"remote_addr")!=NULL){
+ strncpy(clientAddr4,value[0],ADDRMAXLN);
}else if(strstr(name[0], "language")!=NULL){
strncpy(language, value[0], WORDMAXLN);
}else if(strstr(name[0], "duration")!=NULL){
/* decode the values */
decode(userid);
decode(password);
+ decode(clientAddr4);
decode(language);
decode(durationStr);
/*********************************************/
/* put accept message and java to the client */
/*********************************************/
-void putJavaApplet(char *userid, int port, int pid)
+void putJavaApplet(char *userid, int port, int pid, char *clientAddr4, char *clientAddr6, int status)
{
FILE *fp;
char buff[BUFFMAXLN];
/* applet insert mark found */
markfound=1;
- printf("<applet code='Opengate.class' archive='Opengate.jar' ");
+ printf("<applet code='Opengate.class' archive='Opengate.jar' ");
printf("codebase='%s' width=600 height=30 > \r\n", OPENGATEDIR );
printf("<param name=port value='%d'>\r\n", port );
printf("<param name=user value='%s'>\r\n", userid );
printf("<param name=lang value='%s'>\r\n", language );
printf("</applet> \r\n");
+ if(status==IPV4ONLY){
+ printf("<table border=0>\r\n");
+ printf("<tr><td>\r\n");
+ printf("IPv4 address : [%s]\r\n",clientAddr4);
+ printf("</td></tr>\r\n");
+ printf("</table>\r\n");
+ }else if(status=IPV46DUAL){
+ printf("<table border=0>\r\n");
+ printf("<tr><td>\r\n");
+ printf("IPv4 address : [%s]\r\n",clientAddr4);
+ printf("</td></tr>\r\n");
+ printf("<tr><td>\r\n");
+ printf("IPv6 address : [%s]\r\n",clientAddr6);
+ printf("</td></tr>\r\n");
+ printf("</table>\r\n");
+ }else if(status==IPV6ONLY){
+ printf("<table border=0>\r\n");
+ printf("<tr><td>\r\n");
+ printf("IPv6 address : [%s]\r\n",clientAddr6);
+ printf("</td></tr>\r\n");
+ printf("</table>\r\n");
+ }
+
}else if((ptr=strstr(buff,TERMINATEMARK))!=NULL){
/* terminate URL insert mark found */
/* insert [http://<servaddr>:<port>/terminate<pid>] */
*ptr='\0'; printf("%s",buff);
printf("http://%s:%d/terminate%d",
- getenv("SERVER_ADDR"), port, pid);
+ getenv("SERVER_NAME"), port, pid);
ptr=ptr+strlen(TERMINATEMARK); printf("%s", ptr);
+ }else if((ptr=strstr(buff,INFOMATIONMARK))!=NULL){
+ /* infomation URL insert mark found */
+ if(INFOMATION){
+ *ptr='\0'; printf("%s",buff);
+ printf("%s",INFOURL);
+ ptr=ptr+strlen(INFOMATIONMARK); printf("%s",ptr);
+ }else{
+ *ptr='\0'; printf("%s",buff);
+ printf("http://%s%s/%s/%s",HOSTNAME,OPENGATEDIR,language,ACCEPTDOC2);
+ ptr=ptr+strlen(INFOMATIONMARK); printf("%s",ptr);
+ }
}else{
/* normal http text */
fputs(buff,stdout);
*pinsert=*pcheck;
}
+/***************************************/
+/* get HTTP_REFERER and check true url */
+/***************************************/
+int checkReferer(void)
+{
+ char url[BUFFMAXLN]="";
+ if(getenv("HTTP_REFERER")!=NULL){
+ strncpy(url,getenv("HTTP_REFERER"),BUFFMAXLN);
+ if(strstr(url,HOSTNAME4)==NULL && strstr(url,HOSTNAME)==NULL){
+ printf("location:http://%s/\r\n\r\n",HOSTNAME);
+ return FALSE;
+ }
+ }
+ return TRUE;
+}
+
/*******************************/
/*******************************/
void GetClientAddr(char *clientAddr)
}
-void GetPostData(char *userid, char *password, int *durationPtr)
+void GetPostData(char *userid, char *password, char *clientAddr4, int *durationPtr)
{
if(DEBUG) err_msg("DEBUG:=>getPostData( )");
- getPostData(userid,password,durationPtr);
- if(DEBUG) err_msg("DEBUG:<=getPostData(%s,passwd,%d)",userid,*durationPtr);
+ getPostData(userid,password,clientAddr4,durationPtr);
+ if(DEBUG) err_msg("DEBUG:<=getPostData(%s,passwd,%s,%d)",userid,clientAddr4,*durationPtr);
}
-void PutJavaApplet(char *userid, int port, int pid)
+void PutJavaApplet(char *userid, int port, int pid, char *clientAddr4, char *clientAddr6, int status)
{
- if(DEBUG) err_msg("DEBUG:=>putJavaApplet(%s,%d,%d)",userid,port,pid);
- putJavaApplet(userid,port,pid);
+ if(DEBUG) err_msg("DEBUG:=>putJavaApplet(%s,%d,%d,%s,%s,%d)",userid,port,pid,clientAddr4,clientAddr6,status);
+ putJavaApplet(userid,port,pid,clientAddr4,clientAddr6,status);
if(DEBUG) err_msg("DEBUG:<=putJavaApplet( )");
}
if(DEBUG) err_msg("DEBUG:<=putClientMsg( )");
}
+int CheckReferer(void)
+{
+ int ret;
+ if(DEBUG) err_msg("DEBUG:=>checkReferer( )");
+ ret = checkReferer();
+ if(DEBUG) err_msg("DEBUG:(%d)<=checkReferer( )",ret);
+ return ret;
+}
--- /dev/null
+/**************************************************\r
+opengate server\r
+ module for Controling ip6fw \r
+\r
+Copyright (C) 2005 Katsuhiko Eguchi\r
+\r
+This program is free software; you can redistribute it and/or\r
+modify it under the terms of the GNU General Public License\r
+as published by the Free Software Foundation; either version 2\r
+of the License, or (at your option) any later version.\r
+\r
+This program is distributed in the hope that it will be useful,\r
+but WITHOUT ANY WARRANTY; without even the implied warranty of\r
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\r
+GNU General Public License for more details.\r
+\r
+You should have received a copy of the GNU General Public License\r
+along with this program; if not, write to the Free Software\r
+Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.\r
+\r
+Email: watanaby@is.saga-u.ac.jp\r
+**************************************************/\r
+\r
+#include "opengatesrv.h"\r
+\r
+char ruleNumber6[WORDMAXLN]; /* ip6fw rule number in string form */\r
+\r
+int getRuleNumber6(char *clientAddr6);\r
+int GetRuleNumber6(char *clientAddr6);\r
+\r
+static void sigFunc(int signo);\r
+\r
+/******************************************************************/\r
+/* open gate for clientAddr6 (nnnn:nnnn::nnnn:nnnn) */\r
+/******************************************************************/\r
+int openClientGate6(char *clientAddr6, char *userid, char *macAddr6, char *userProperty)\r
+{\r
+ int st;\r
+ int fd;\r
+ int ret;\r
+ int retFork;\r
+ int retNum;\r
+\r
+ Sigfunc *defaultSigFunc;\r
+\r
+ /* exclusive exec of ipfw to avoid overlapped rule number */\r
+\r
+ /**** prepare ****/\r
+ /* open lockfile */\r
+ fd=Open(LOCKFILE, O_RDWR|O_CREAT, \r
+ S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH);\r
+ /* set timeout */\r
+ defaultSigFunc=Signal(SIGALRM, sigFunc);\r
+ alarm(LOCKTIMEOUT);\r
+ /* lock */\r
+ Lock(fd);\r
+ /* reset timeout */\r
+ Signal(SIGALRM, defaultSigFunc);\r
+ alarm(0);\r
+\r
+ /**** read rules ****/\r
+ if((retNum=GetRuleNumber6(clientAddr6))<0){\r
+ /* fail then unlock */\r
+ Unlock(fd);\r
+ Close(fd);\r
+ if(retNum==-3) return 1; /* ipfw returns abnormal response */\r
+ else return -1; /* already opened or rules are full */\r
+ }\r
+\r
+ /**** write rules ****/\r
+\r
+ if(GetUseFwScript()==1){\r
+ /********** use perl script to control firewall ************/\r
+\r
+ /* fork */\r
+ if((retFork=Fork())==0){\r
+ /* child proc */\r
+ if(execl(GetFwScriptPath(),GetFwScript(),IP6FWPATH,ruleNumber6,clientAddr6,\r
+ userid,macAddr6,userProperty,(char *)0)==-1){\r
+ err_quit("ERR in comm-ipfw: execl error no= %d", errno);\r
+ }\r
+ exit(1);\r
+ }\r
+ \r
+ /* parent process */\r
+ if(retFork==-1){\r
+ err_msg("ERR in comm-ipfw: fork error no= %d", errno);\r
+ }\r
+\r
+ /* wait child end */\r
+ wait(&st);\r
+ if(WIFEXITED(st)){\r
+ ret=WEXITSTATUS(st);\r
+ if(ret) err_msg("ERR in comm-ipfw: child process returns error %d", ret);\r
+ } else{\r
+ ret=1;\r
+ err_msg("ERR in comm-ipfw: child process does not exited by exit call");\r
+ }\r
+\r
+ Unlock(fd); /* lock is not necessary in following exec */\r
+ Close(fd); /* because reserved number is used */\r
+\r
+ }else{\r
+ /********** direct control of firewall **********************/\r
+ /********** add outgoing ipfw rule for the client *************/\r
+ /* fork */\r
+ if((retFork=Fork())==0){\r
+ /* child proc */\r
+ if(execl(IP6FWPATH,"ip6fw","-q","add",ruleNumber6,"allow","all",\r
+ "from",clientAddr6,"to","any",(char *)0)==-1){\r
+ err_quit("ERR in comm-ipfw: execl error no= %d", errno);\r
+ }\r
+ exit(1);\r
+ }\r
+\r
+ /* parent process */\r
+ if(retFork==-1){\r
+ err_msg("ERR in comm-ipfw: fork error no= %d", errno);\r
+ }\r
+\r
+ /* wait child end */\r
+ wait(&st);\r
+ if(WIFEXITED(st)){\r
+ ret=WEXITSTATUS(st);\r
+ if(ret) err_msg("ERR in comm-ipfw: child process returns error %d", ret);\r
+ } else{\r
+ ret=1;\r
+ err_msg("ERR in comm-ipfw: child process does not exited by exit call");\r
+ }\r
+\r
+ Unlock(fd); /* lock is not necessary in following exec */\r
+ Close(fd); /* because reserved number is used */\r
+ \r
+ /********** add incoming ipfw rule for the client *************/\r
+ /* fork */\r
+ if((retFork=Fork())==0){\r
+ /* child proc */\r
+ if(execl(IP6FWPATH,"ip6fw","-q","add",ruleNumber6,"allow","all",\r
+ "from","any","to",clientAddr6,(char *)0)==-1){\r
+ err_quit("ERR in comm-ipfw: execl error no= %d", errno);\r
+ }\r
+ exit(1);\r
+ }\r
+\r
+ /* parent process */\r
+ if(retFork==-1){\r
+ err_msg("ERR in comm-ipfw: fork error no= %d", errno);\r
+ }\r
+\r
+ /* wait child end */\r
+ wait(&st);\r
+ if(WIFEXITED(st)){\r
+ ret=WEXITSTATUS(st);\r
+ if(ret) err_msg("ERR in comm-ipfw: child process returns error %d", ret);\r
+ } else{\r
+ ret=1;\r
+ err_msg("ERR in comm-ipfw: child process does not exited by exit call");\r
+ }\r
+\r
+ }\r
+ return ret;\r
+}\r
+\r
+\r
+/******************************************************************/\r
+/* close gate for clientAddr (nnnn:nnnn:nnnn::nnnn:nnnn:nnnn) */\r
+/******************************************************************/\r
+void closeClientGate6(struct clientAddr *pClientAddr, char *userid, char *macAddr6)\r
+{\r
+ int st;\r
+ double time_l;\r
+ int hour, min, sec;\r
+ time_t timeOut;\r
+ int countRule;\r
+ \r
+ /********** del ipfw rule for the client *************/\r
+\r
+ countRule = CountRuleNumber(pClientAddr->ruleNumber);\r
+\r
+ while(countRule!=0){\r
+ /* fork */\r
+ if(Fork()==0){\r
+ /* child proc */\r
+ if(execl(IP6FWPATH,"ip6fw","del",pClientAddr->ruleNumber,(char *)0)==-1){\r
+ err_quit("ERR in comm-ipfw: execl error no= %d", errno);\r
+ }\r
+ exit(1);\r
+ }\r
+ /* wait child end */\r
+ wait(&st);\r
+ countRule--;\r
+ }\r
+\r
+ timeOut = time(NULL);\r
+ time_l=difftime(timeOut,pClientAddr->timeIn);\r
+ hour=time_l/60/60;\r
+ min=(time_l-hour*60*60)/60;\r
+ sec=(time_l-hour*60*60-min*60);\r
+ err_msg("CLOS: user %s from %s at %s ( %02d:%02d:%02d )",\r
+ userid, pClientAddr->IpAddr, macAddr6, hour,min,sec);\r
+\r
+ return;\r
+}\r
+\r
+/**************************************/\r
+/* get unused ipfw rule number */\r
+/* error if addr is already in rules */ \r
+/**************************************/\r
+int getRuleNumber6(char *clientAddr6)\r
+{\r
+ int fd[2];\r
+ int piperead_fd,pipewrite_fd;\r
+ int stdin_fd=0,stdout_fd=1,stderr_fd=2;\r
+ char buf[BUFFMAXLN];\r
+ int st;\r
+ int num,newNum,readinNum;\r
+ int eofFound;\r
+ int abnormalRes;\r
+ char *p;\r
+ int ipfwmin;\r
+ int ipfwmax;\r
+ int ipfwinterval;\r
+\r
+ /* create pipe */\r
+ if(pipe(fd)!=0){\r
+ err_msg("ERR in comm-ipfw: Cannot create pipe for ip6fw\n");\r
+ return -1;\r
+ }\r
+ piperead_fd=fd[0];\r
+ pipewrite_fd=fd[1];\r
+\r
+ /* fork */\r
+ if(Fork()==0){\r
+ /* child proc */\r
+\r
+ /* connect pipeout to stdout & strerr */\r
+ Close(stdout_fd);\r
+ Close(stderr_fd);\r
+ dup(pipewrite_fd);\r
+ dup(pipewrite_fd);\r
+\r
+ /* close other IO */\r
+ Close(stdin_fd);\r
+ Close(piperead_fd);\r
+ Close(pipewrite_fd);\r
+\r
+ /* exec proc */\r
+ if(execl(IP6FWPATH,"ip6fw","list",(char *)0) == -1){ \r
+ err_quit("ERR in comm-ipfw: execlp error no= %d", errno);\r
+ }\r
+ exit(1);\r
+ }\r
+ /* parent proc */\r
+ \r
+ /* close unuse IO */\r
+ Close(pipewrite_fd);\r
+ \r
+ /* search unused rule number in the list read from pipe */\r
+ /* check duplication of clientAddr to existing rules */\r
+ newNum=-1;\r
+ readinNum=0;\r
+ eofFound=0;\r
+ abnormalRes=0;\r
+\r
+ /* get rule range from config */\r
+ ipfwmin=GetIpfwMin();\r
+ ipfwmax=GetIpfwMax();\r
+ ipfwinterval=GetIpfwInterval();\r
+\r
+ for(num=ipfwmin;num<=ipfwmax;num+=ipfwinterval){\r
+\r
+ /* skip rules smaller than num */\r
+ while(readinNum<num){\r
+ if(Readln(piperead_fd, buf, BUFFMAXLN-1)==0){\r
+ /* EOF */\r
+ eofFound=1;\r
+ break;\r
+ }\r
+ if( sscanf(buf, "%d", &readinNum) !=1 ){\r
+ err_msg("ERR in comm-ipfw: abnormal ipfw response[ %s ]", buf);\r
+ abnormalRes=1;\r
+ }\r
+ }\r
+ \r
+ /* if get abnormal response, error is returned */ \r
+ if(abnormalRes){\r
+ newNum=-3;\r
+ break;\r
+ }\r
+\r
+ /* if no rules larger or equal to num, then search end */\r
+ if(eofFound){\r
+ if(newNum<0) newNum=num;\r
+ break;\r
+ }\r
+\r
+ /* if num is already used, then check dup and go to next search */\r
+ if(readinNum==num){\r
+ /* if clientAddr is found in rule, then err exit */\r
+ if(((p=(char*)strstr(buf+1,clientAddr6))!=NULL)\r
+ && isspace(*(p-1))\r
+ && !isalnum(*(p+strlen(clientAddr6)))){\r
+ err_msg("ERR in comm-ipfw: overlapped request from %s", clientAddr6);\r
+ newNum=-2;\r
+ break;\r
+ }\r
+ continue;\r
+ }\r
+\r
+ /* num is not used */\r
+ if(newNum<0)newNum=num;\r
+ if(readinNum>ipfwmax)break;\r
+ }\r
+ \r
+ /* close pipe */\r
+ Close(piperead_fd);\r
+ \r
+ /* wait child end */\r
+ wait(&st);\r
+\r
+ if(newNum==-1){\r
+ err_msg("ERR in comm-ipfw: cannot get unused ip6fw number");\r
+ }\r
+\r
+ snprintf(ruleNumber6, WORDMAXLN, "%d", newNum); /* to string */\r
+\r
+ return newNum;\r
+}\r
+\r
+/*******************************/\r
+/* get packet count from ip6fw */\r
+/*******************************/\r
+int getPacketCount6(char *ruleNumber)\r
+{\r
+ int fd[2];\r
+ int piperead_fd,pipewrite_fd;\r
+ int stdin_fd=0,stdout_fd=1;\r
+ char buf[BUFFMAXLN];\r
+ int st;\r
+ int rule;\r
+ int packets,packetsSum;\r
+\r
+ /* create pipe */\r
+ if(pipe(fd)!=0){\r
+ err_msg("ERR in comm-ipfw: Cannot create pipe for ip6fw\n");\r
+ return -1;\r
+ }\r
+ piperead_fd=fd[0];\r
+ pipewrite_fd=fd[1];\r
+\r
+ /* fork */\r
+ if(Fork()==0){\r
+ /* child proc */\r
+\r
+ /* connect pipeout to stdout */\r
+ Close(stdout_fd);\r
+ dup(pipewrite_fd);\r
+\r
+ /* close other IO */\r
+ Close(stdin_fd);\r
+ Close(piperead_fd);\r
+ Close(pipewrite_fd);\r
+\r
+ /* exec proc */\r
+ if(execl(IP6FWPATH,"ip6fw","-a","list",ruleNumber,(char *)0) == -1){ \r
+ err_quit("ERR in comm-ipfw: execl error no= %d", errno);\r
+ }\r
+ }\r
+ /* parent proc */\r
+ \r
+ /* close unuse IO */\r
+ Close(pipewrite_fd);\r
+ \r
+ /* search unused number in the list read from pipe */\r
+\r
+ packetsSum=0;\r
+ \r
+ while(Readln(piperead_fd, buf, BUFFMAXLN-1)!=0){\r
+ sscanf(buf, "%d %d", &rule, &packets); /* get packet count */\r
+ packetsSum+=packets;\r
+ }\r
+\r
+ /* close pipe */\r
+ Close(piperead_fd);\r
+ \r
+ /* wait child end */\r
+ wait(&st);\r
+\r
+ return packetsSum;\r
+}\r
+\r
+int countRuleNumber(char *ruleNumber)\r
+{\r
+ int fd[2];\r
+ int piperead_fd,pipewrite_fd;\r
+ int stdin_fd=0,stdout_fd=1;\r
+ char buf[BUFFMAXLN];\r
+ int st;\r
+ int rule;\r
+ int countRule;\r
+\r
+ /* create pipe */\r
+ if(pipe(fd)!=0){\r
+ err_msg("ERR in comm-ipfw: Cannot create pipe for ip6fw\n");\r
+ return -1;\r
+ }\r
+ piperead_fd=fd[0];\r
+ pipewrite_fd=fd[1];\r
+\r
+ /* fork */\r
+ if(Fork()==0){\r
+ /* child proc */\r
+\r
+ /* connect pipeout to stdout */\r
+ Close(stdout_fd);\r
+ dup(pipewrite_fd);\r
+\r
+ /* close other IO */\r
+ Close(stdin_fd);\r
+ Close(piperead_fd);\r
+ Close(pipewrite_fd);\r
+\r
+ /* exec proc */\r
+ if(execl(IP6FWPATH,"ip6fw","list",ruleNumber,(char *)0) == -1){ \r
+ err_quit("ERR in comm-ipfw: execl error no= %d", errno);\r
+ }\r
+ }\r
+ /* parent proc */\r
+ \r
+ /* close unuse IO */\r
+ Close(pipewrite_fd);\r
+ \r
+ /* search unused number in the list read from pipe */\r
+\r
+ countRule = 0;\r
+\r
+ while(Readln(piperead_fd, buf, BUFFMAXLN-1)!=0) countRule++;\r
+\r
+ /* close pipe */\r
+ Close(piperead_fd);\r
+ \r
+ /* wait child end */\r
+ wait(&st);\r
+\r
+ return countRule;\r
+}\r
+\r
+/**********************************************/\r
+/* function called by signal int */\r
+/**********************************************/\r
+static void sigFunc(int signo)\r
+{\r
+ return;\r
+}\r
+\r
+/**********************************************/\r
+/**********************************************/\r
+\r
+int GetRuleNumber6(char *clientAddr6)\r
+{\r
+ int ret;\r
+\r
+ if(DEBUG) err_msg("DEBUG:=>getRuleNumber6(%s)",clientAddr6);\r
+ ret=getRuleNumber6(clientAddr6);\r
+ if(DEBUG) err_msg("DEBUG:(%d)<=getRuleNumber6( )",ret);\r
+\r
+ return ret;\r
+}\r
+\r
+int OpenClientGate6(char *clientAddr6, char *userid, char *macAddr6, char *userProperty)\r
+{\r
+ int ret;\r
+\r
+ if(DEBUG) err_msg("DEBUG:=>openClientGate6(%s,%s,%s,%s)",clientAddr6,userid,macAddr6,userProperty);\r
+ ret=openClientGate6(clientAddr6, userid, macAddr6, userProperty);\r
+ if(DEBUG) err_msg("DEBUG:(%d)<=openClientGate6( )",ret);\r
+\r
+ return ret;\r
+}\r
+\r
+void CloseClientGate6(struct clientAddr *pClientAddr, char *userid, char *macAddr6)\r
+{\r
+ if(DEBUG) err_msg("DEBUG:=>closeClientGate6(%p,%s,%s)",pClientAddr,userid,macAddr6);\r
+ closeClientGate6(pClientAddr,userid,macAddr6);\r
+ if(DEBUG) err_msg("DEBUG:<=closeClientGate6( )");\r
+}\r
+\r
+int GetPacketCount6(char *ruleNumber)\r
+{\r
+ int ret;\r
+\r
+ if(DEBUG) err_msg("DEBUG:=>getPacketCount6(%s)",ruleNumber);\r
+ ret=getPacketCount6(ruleNumber);\r
+ if(DEBUG) err_msg("DEBUG:(%d)<=getPacketCount6( )",ret);\r
+\r
+ return ret;\r
+}\r
+\r
+int CountRuleNumber(char *ruleNumber)\r
+{\r
+ int ret;\r
+\r
+ if(DEBUG) err_msg("DEBUG:=>countRuleNumber(%s)", ruleNumber);\r
+ ret=countRuleNumber(ruleNumber);\r
+ if(DEBUG) err_msg("DEBUG:(%d)<=countRuleNumber( )",ret);\r
+\r
+ return ret;\r
+}\r
module for Controling ipfw
Copyright (C) 1999 Yoshiaki Watanabe
+ Modfied 2005 Katsuhiko Eguchi
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
Email: watanaby@is.saga-u.ac.jp
**************************************************/
-
#include "opengatesrv.h"
-char ruleNumber[WORDMAXLN]; /* ipfw rule number in string form */
+char ruleNumber4[WORDMAXLN]; /* ipfw rule number in string form */
+
+int getRuleNumber4(char *clientAddr4);
+int GetRuleNumber4(char *clientAddr4);
-int getRuleNumber(char *clientAddr);
-int GetRuleNumber(char *clientAddr);
static void sigFunc(int signo);
/******************************************************************/
-/* open gate for clientAddr (nnn.nnn.nnn.nnn) */
+/* open gate for clientAddr4 (nnn.nnn.nnn.nnn) */
/******************************************************************/
-int openClientGate(char *clientAddr, char *userid, char *macAddr, char *userProperty)
+int openClientGate4(char *clientAddr4, char *userid, char *macAddr4, char *userProperty)
{
int st;
int fd;
alarm(0);
/**** read rules ****/
- if((retNum=GetRuleNumber(clientAddr))<0){
+ if((retNum=GetRuleNumber4(clientAddr4))<0){
/* fail then unlock */
Unlock(fd);
Close(fd);
/* fork */
if((retFork=Fork())==0){
/* child proc */
- if(execl(GetFwScriptPath(),GetFwScript(),IPFWPATH,ruleNumber,clientAddr,
- userid,macAddr,userProperty,(char *)0)==-1){
+ if(execl(GetFwScriptPath(),GetFwScript(),IPFWPATH,ruleNumber4,clientAddr4,
+ userid,macAddr4,userProperty,(char *)0)==-1){
err_quit("ERR in comm-ipfw: execl error no= %d", errno);
}
exit(1);
/* fork */
if((retFork=Fork())==0){
/* child proc */
- if(execl(IPFWPATH,"ipfw","-q","add",ruleNumber,"allow","ip",
- "from",clientAddr,"to","any",(char *)0)==-1){
+ if(execl(IPFWPATH,"ipfw","-q","add",ruleNumber4,"allow","ip",
+ "from",clientAddr4,"to","any",(char *)0)==-1){
err_quit("ERR in comm-ipfw: execl error no= %d", errno);
}
exit(1);
/* fork */
if((retFork=Fork())==0){
/* child proc */
- if(execl(IPFWPATH,"ipfw","-q","add",ruleNumber,"allow","ip",
- "from","any","to",clientAddr,(char *)0)==-1){
+ if(execl(IPFWPATH,"ipfw","-q","add",ruleNumber4,"allow","ip",
+ "from","any","to",clientAddr4,(char *)0)==-1){
err_quit("ERR in comm-ipfw: execl error no= %d", errno);
}
exit(1);
return ret;
}
+
/******************************************************************/
/* close gate for clientAddr (nnn.nnn.nnn.nnn) */
/******************************************************************/
-void closeClientGate(void)
+void closeClientGate4(struct clientAddr *pClientAddr, char *userid, char *macAddr4)
{
int st;
+ double time_l;
+ int hour, min, sec;
+ time_t timeOut;
/********** del ipfw rule for the client *************/
/* fork */
if(Fork()==0){
/* child proc */
- if(execl(IPFWPATH,"ipfw","del",ruleNumber,(char *)0)==-1){
+ if(execl(IPFWPATH,"ipfw","del",pClientAddr->ruleNumber,(char *)0)==-1){
err_quit("ERR in comm-ipfw: execl error no= %d", errno);
}
exit(1);
/* wait child end */
wait(&st);
+ timeOut = time(NULL);
+ time_l=difftime(timeOut,pClientAddr->timeIn);
+ hour=time_l/60/60;
+ min=(time_l-hour*60*60)/60;
+ sec=(time_l-hour*60*60-min*60);
+ err_msg("CLOS: user %s from %s at %s ( %02d:%02d:%02d )",
+ userid, pClientAddr->IpAddr, macAddr4, hour,min,sec);
+
return;
}
-
-
/**************************************/
/* get unused ipfw rule number */
/* error if addr is already in rules */
/**************************************/
-int getRuleNumber(char *clientAddr)
+int getRuleNumber4(char *clientAddr4)
{
int fd[2];
int piperead_fd,pipewrite_fd;
/* if num is already used, then check dup and go to next search */
if(readinNum==num){
/* if clientAddr is found in rule, then err exit */
- if(((p=(char*)strstr(buf+1,clientAddr))!=NULL)
+ if(((p=(char*)strstr(buf+1,clientAddr4))!=NULL)
&& isspace(*(p-1))
- && !isalnum(*(p+strlen(clientAddr)))){
- err_msg("ERR in comm-ipfw: overlapped request from %s", clientAddr);
+ && !isalnum(*(p+strlen(clientAddr4)))){
+ err_msg("ERR in comm-ipfw: overlapped request from %s", clientAddr4);
newNum=-2;
break;
}
err_msg("ERR in comm-ipfw: cannot get unused ipfw number");
}
- snprintf(ruleNumber, WORDMAXLN, "%d", newNum); /* to string */
+ snprintf(ruleNumber4, WORDMAXLN, "%d", newNum); /* to string */
return newNum;
}
+/****************************************/
+/* get packet count from ipfw and ip6fw */
+/****************************************/
+int getPacketCount(struct clientAddr *pClientAddr)
+{
+ int packets=0;
+ struct clientAddr *pNow;
+ pNow=pClientAddr;
+
+ while(pNow!=NULL){
+ if(pNow->type==4){
+ packets+=GetPacketCount4(pNow->ruleNumber);
+ }else if(pNow->type==6){
+ packets+=GetPacketCount6(pNow->ruleNumber);
+ }
+ pNow=pNow->next;
+ }
+
+ return packets;
+}
+
/*******************************/
/* get packet count from ipfw */
/*******************************/
-int getPacketCount(void)
+int getPacketCount4(char *ruleNumber)
{
int fd[2];
int piperead_fd,pipewrite_fd;
return packetsSum;
}
+
/**********************************************/
/* function called by signal int */
/**********************************************/
/**********************************************/
/**********************************************/
-int GetRuleNumber(char *clientAddr)
+int GetRuleNumber4(char *clientAddr4)
{
int ret;
- if(DEBUG) err_msg("DEBUG:=>getRuleNumber(%s)",clientAddr);
- ret=getRuleNumber(clientAddr);
- if(DEBUG) err_msg("DEBUG:(%d)<=getRuleNumber( )",ret);
+ if(DEBUG) err_msg("DEBUG:=>getRuleNumber4(%s)",clientAddr4);
+ ret=getRuleNumber4(clientAddr4);
+ if(DEBUG) err_msg("DEBUG:(%d)<=getRuleNumber4( )",ret);
return ret;
}
-int OpenClientGate(char *clientAddr, char *userid, char *macAddr, char *userProperty)
+int OpenClientGate4(char *clientAddr4, char *userid, char *macAddr4, char *userProperty)
{
int ret;
- if(DEBUG) err_msg("DEBUG:=>openClientGate(%s,%s,%s,%s)",clientAddr,userid,macAddr,userProperty);
- ret=openClientGate(clientAddr, userid, macAddr, userProperty);
- if(DEBUG) err_msg("DEBUG:(%d)<=openClientGate( )",ret);
+ if(DEBUG) err_msg("DEBUG:=>openClientGate(%s,%s,%s,%s)",clientAddr4,userid,macAddr4,userProperty);
+ ret=openClientGate4(clientAddr4, userid, macAddr4, userProperty);
+ if(DEBUG) err_msg("DEBUG:(%d)<=openClientGate4( )",ret);
return ret;
}
-void CloseClientGate(void)
+void CloseClientGate4(struct clientAddr *pClientAddr, char *userid, char *macAddr4)
{
- if(DEBUG) err_msg("DEBUG:=>closeClientGate( )");
- closeClientGate();
- if(DEBUG) err_msg("DEBUG:<=closeClientGate( )");
+ if(DEBUG) err_msg("DEBUG:=>closeClientGate4(%p,%s,%s)",pClientAddr,userid,macAddr4);
+ closeClientGate4(pClientAddr,userid,macAddr4);
+ if(DEBUG) err_msg("DEBUG:<=closeClientGate4( )");
}
-
-int GetPacketCount(void)
+int GetPacketCount(struct clientAddr *pClientAddr)
{
int ret;
- if(DEBUG) err_msg("DEBUG:=>getPacketCount( )");
- ret=getPacketCount();
+ if(DEBUG) err_msg("DEBUG:=>getPacketCount(%p)",pClientAddr);
+ ret=getPacketCount(pClientAddr);
if(DEBUG) err_msg("DEBUG:(%d)<=getPacketCount( )",ret);
return ret;
}
+int GetPacketCount4(char *ruleNumber)
+{
+ int ret;
+
+ if(DEBUG) err_msg("DEBUG:=>getPacketCount4(%s)",ruleNumber);
+ ret=getPacketCount4(ruleNumber);
+ if(DEBUG) err_msg("DEBUG:(%d)<=getPacketCount4( )",ret);
+
+ return ret;
+}
module for communication with java
Copyright (C) 1999 Yoshiaki Watanabe
+ Modfied 2005 Katsuhiko Eguchi
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
void sendTerminateReply(void);
void SendTerminateReply(void);
-int listenfd; /* file descriptor for listen port */
+extern char ruleNumber4[WORDMAXLN]; /* ipfw rule number in string form */
+extern char ruleNumber6[WORDMAXLN]; /* ip6fw rule number in string form */
+
+int listenfd[2]; /* file descriptor for listen port */
int connfd; /* file descriptor for connection port */
int intervalAlarmRinged=0; /* interval alarm ringed */
int timeoutAlarmRinged=0; /* timeout alarm ringed */
/***************************************/
int getListenPort(void)
{
- struct sockaddr_in servaddr;
+ struct sockaddr_in servaddr4;
+ struct sockaddr_in6 servaddr6;
+ extern const struct in6_addr in6addr_any;
+
int portNo;
int portmin;
int portmax;
+
+ listenfd[0]=Socket(AF_INET, SOCK_STREAM, 0);
+ listenfd[1]=Socket(AF_INET6, SOCK_STREAM, 0);
+
+ if(listenfd[0]>=FD_SETSIZE && listenfd[1]>=FD_SETSIZE){
+ return -1;
+ }
- listenfd=Socket(AF_INET, SOCK_STREAM, 0);
+ bzero(&servaddr4, sizeof(servaddr4));
+ bzero(&servaddr6, sizeof(servaddr6));
- bzero(&servaddr, sizeof(servaddr));
- servaddr.sin_family=AF_INET;
- servaddr.sin_addr.s_addr=htonl(INADDR_ANY);
+ servaddr4.sin_family=AF_INET;
+ servaddr4.sin_addr.s_addr=htonl(INADDR_ANY);
+
+ servaddr6.sin6_family=AF_INET6;
+ servaddr6.sin6_addr=in6addr_any;
/* get port range from config file */
portmin=GetPortMin();
portmax=GetPortMax();
-
+
/* search unused port between PORTMIN and PORTMAX */
for(portNo=portmin; portNo<=portmax; portNo++){
- servaddr.sin_port=htons(portNo);
- if(bind(listenfd, (SA *)&servaddr, sizeof(servaddr))==0)break;
+ servaddr4.sin_port=htons(portNo);
+ if(bind(listenfd[0], (SA *)&servaddr4, sizeof(servaddr4))==0){
+ servaddr6.sin6_port=htons(portNo);
+ if(bind(listenfd[1], (struct sockaddr *)&servaddr6, sizeof(servaddr6))==0){
+ break;
+ }else{
+ portNo=-1;
+ break;
+ }
+ }
}
if(portNo>portmax)portNo=-1; /* cannot get unused port */
-
- Listen(listenfd, LISTENQ);
-
+
+ Listen(listenfd[0], LISTENQ);
+ Listen(listenfd[1], LISTENQ);
+
return portNo;
}
/************************************/
/* wait applet connection */
/************************************/
-int waitAppletConnect(char *userid, char *clientAddr, int duration, char *macAddr)
+int waitAppletConnect(char *userid, char *clientAddr4, char *clientAddr6, int duration, char *macAddr4, int status, struct clientAddr *pClientAddr)
{
socklen_t len;
- struct sockaddr_in cliaddr; /* client IP adddress */
- char buff[BUFFMAXLN]; /* read in buffer */
- Sigfunc *sigfunc; /* signal function save */
- int connect; /* java cconnect success(1) or not */
- char connectAddr[ADDRMAXLN]; /* connected client address */
- char httpStr[BUFFMAXLN]; /* HTTP GET string at terminate */
- int checkInterval; /* terminal check interval */
- char macAddrNow[ADDRMAXLN]; /* MAC address at now */
- int packetCountPrev=0; /* packet count at previous check */
- int packetCountNow=0; /* packet count at now */
- int noPacketPeriod=0; /* no packet period count in check loop */
- time_t endTime; /* the absolute time to exit */
- int leftTime; /* the left time length to exit */
-
-
+ fd_set rfd, rfd0; /* fd_set for select */
+ int n,i; /* counter */
+ int smax; /* select max descliptor */
+ int type; /* using IP type */
+ struct sockaddr_storage cliaddr; /* client IP adddress */
+ struct timeval timeout; /* select timeout */
+ char buff[BUFFMAXLN]; /* read in buffer */
+ Sigfunc *sigfunc; /* signal function save */
+ int connect; /* java cconnect success(1) or not */
+ char connectAddr[ADDRMAXLN]; /* connected client address */
+ char httpStr[BUFFMAXLN]; /* HTTP GET string at terminate */
+ int checkInterval; /* terminal check interval */
+ char macAddrNow[ADDRMAXLN]; /* MAC address at now */
+ int packetCountPrev=0; /* packet count at previous check */
+ int packetCountNow=0; /* packet count at now */
+ int noPacketPeriod=0; /* no packet period count in check loop */
+ time_t endTime; /* the absolute time to exit */
+ int leftTime; /* the left time length to exit */
+
checkInterval=GetActiveCheckInterval();
-
+
+ /* set select timeout */
+ timeout.tv_sec = 1;
+ timeout.tv_usec = 0;
+
/* get the time to exit */
endTime=time(NULL)+duration;
/* loop until accepting correct user */
len=sizeof(cliaddr);
while(1){
-
/* alarm setting */
/* recalculate left time */
leftTime = endTime - time(NULL);
}else{
sigfunc=Signal(SIGALRM, intervalAlarm);
alarm(checkInterval);
- }
+ }
- /* wait connection */
- if((connfd=accept(listenfd, (SA *)&cliaddr, &len)) < 0){
-
+ connfd = -1;
+
+ /* select socket */
+ FD_ZERO(&rfd0);
+ FD_SET(listenfd[0], &rfd0);
+ FD_SET(listenfd[1], &rfd0);
+
+ if(listenfd[0]>listenfd[1]) smax=listenfd[0]+1;
+ else smax=listenfd[1]+1;
+
+ if((n = select(smax, &rfd0, NULL, NULL, &timeout))<=0){
+ if(DEBUG) err_msg("DEBUG: Select error or timeout in comm-java");
+ }else{
+ /* wait connection */
+ if(FD_ISSET(listenfd[0], &rfd0)){
+ if((connfd=accept(listenfd[0], (struct sockaddr *)&cliaddr, &len)) < 0){
+ }else{
+ type=IPV4;
+ }
+ }
+ if(FD_ISSET(listenfd[1], &rfd0)){
+ if((connfd=accept(listenfd[1], (struct sockaddr *)&cliaddr, &len)) < 0){
+ }else{
+ type=IPV6;
+ }
+ }
+ }
+
+ if(connfd < 0){
/* if usage timeout is reached, end the process */
if(timeoutAlarmRinged){
- timeoutAlarmRinged=FALSE;
- err_msg("ERR in comm-java: no connection from applet");
- connect=0;
- break;
+ timeoutAlarmRinged=FALSE;
+ err_msg("ERR in comm-java: no connection from applet");
+ connect=0;
+ break;
}
/* if check interval is reached, do some checking */
if(intervalAlarmRinged){
- intervalAlarmRinged=FALSE;
-
- /* packet flow check */
- packetCountNow=GetPacketCount();
- if(packetCountNow==packetCountPrev){ /* no packet between checks */
- noPacketPeriod++;
- }else{
- noPacketPeriod=0;
- packetCountPrev=packetCountNow;
- }
- if(noPacketPeriod*GetActiveCheckInterval() >= GetNoPacketInterval()){
- err_msg("ERR in comm-java: no packet passed for the client");
- connect=0;
- break;
- }
-
- /* mac address check */
- if(GetEnableMacAddr()==1){
- GetMacAddr(clientAddr, macAddrNow);
- if(strcmp(macAddr, macAddrNow)!=0){
- err_msg("ERR in comm-java: mac address is changed");
- connect=0;
- break;
- }
- }
- /* return to connection wait */
- continue;
+ intervalAlarmRinged=FALSE;
+
+ /* packet flow check */
+ packetCountNow=GetPacketCount(pClientAddr);
+ if(packetCountNow==packetCountPrev){ /* no packet between checks */
+ noPacketPeriod++;
+ }else{
+ noPacketPeriod=0;
+ packetCountPrev=packetCountNow;
+ }
+ if(noPacketPeriod*GetActiveCheckInterval() >= GetNoPacketInterval()){
+ err_msg("ERR in comm-java: no packet passed for the client");
+ connect=0;
+ break;
+ }
+
+ /* mac address check */
+ if(GetEnableMacAddr()==1 && status!=IPV6ONLY){
+ GetMacAddrFromArp(clientAddr4, macAddrNow);
+ if(strcmp(macAddr4, macAddrNow)!=0){
+ err_msg("ERR in comm-java: mac address is changed");
+ connect=0;
+ break;
+ }
+ }
}
+ /* return to connection wait */
+ continue;
}
+
/* someone is connected */
/* reset alarm */
alarm(0);
Signal(SIGALRM, sigfunc);
-
+
/* is it from the correct client addr */
GetPeerAddr(connfd, connectAddr);
- if(strcmp(connectAddr, clientAddr)!=0){
- close(connfd);
- continue;
+ if(type==IPV4){
+ if(strcmp(connectAddr, clientAddr4)!=0){
+ close(connfd);
+ continue;
+ }
+ }else{
+ if(strcmp(connectAddr, clientAddr6)!=0){
+ close(connfd);
+ continue;
+ }
}
/* set short delay alarm for read in */
sigfunc=Signal(SIGALRM, delayAlarm);
alarm(COMMWAITTIMEOUT);
- /* get string from connection */
+ /* get strinxg from connection */
if(readln(connfd, buff, BUFFMAXLN) <=0){
if(delayAlarmRinged)delayAlarmRinged=FALSE;
err_msg("ERR in comm-java: cannot get userid from applet");
connect=1;
break;
}
-
+
/* is it the terminate request from accept.html */
/* the request is [GET /terminate<pid> ....] */
snprintf(httpStr, BUFFMAXLN, "GET /terminate%d", getpid());
connect=0;
break;
}
-
+
err_msg("ERR in comm-java: unknown user or address send from applet");
-
+
/* wait new connection */
close(connfd);
}
+
/* reset timeout signal */
alarm(0);
Signal(SIGALRM, sigfunc);
+
+ Close(listenfd[0]);
+ Close(listenfd[1]);
- Close(listenfd);
return connect;
}
Getpeername(sockfd, cliaddr, &len);
strncpy(peerAddr, Sock_ntop_host(cliaddr, len), ADDRMAXLN);
free(cliaddr);
-
+
return;
}
/***************************************************/
/* wait for close connection */
/***************************************************/
-void waitClientClose(void)
+void waitClientClose(struct clientAddr *pClientAddr, char *userid, char *userProperty, char *macAddr6, int status)
{
char buff[BUFFMAXLN];
Sigfunc *defaultSigfunc;
int helloWait=FALSE;
int noPacketPeriod=0;
int noReplyCount=0;
-
+
Writefmt(connfd,"accept\r\n");
-
+
/* set interval alarm */
defaultSigfunc=Signal(SIGALRM, intervalAlarm);
alarm(GetActiveCheckInterval());
-
+
/* TCP read/write loop */
/* this loop implement following logic */
/* repeat until receiving 'quit' or EOF from client */
/* say 'hello' to client */
/* receive 'hello' from client. if no reply, then quit. */
- /* get packet count for client after short delay. */
+ /* get packet count for client after short delay. */
/* long interval */
/* get packet count again. if no packet, then quit. */
-
+
while(1){
+
if(readln(connfd, buff, BUFFMAXLN)>0){
/* normal read */
-
+
/* read quit, then quit */
if(strstr(buff,"quit") != NULL){
- break;
-
- /* read hello, then wait a while for packet log writing */
+ break;
+
+ /* read hello, then wait a while for packet log writing */
}else if((helloWait)&&(strstr(buff,"hello") !=NULL)){
- helloWait=FALSE;
- noReplyCount=0;
- Signal(SIGALRM, delayAlarm);
- alarm(PACKETLOGDELAY);
+ helloWait=FALSE;
+ noReplyCount=0;
+ Signal(SIGALRM, delayAlarm);
+ alarm(PACKETLOGDELAY);
- /* read any other strings, then do nothing */
+ /* read any other strings, then do nothing */
}else{
}
}else{
/* abnormal read */
-
+
/* Periodical client check */
if(intervalAlarmRinged){
- intervalAlarmRinged=FALSE;
-
- /* if no packet is passed in long time, then quit */
- if(GetPacketCount()==savePacketCount){
- noPacketPeriod++;
- if(noPacketPeriod*GetActiveCheckInterval() >= GetNoPacketInterval()){
- err_msg("ERR in comm-java: no packet passed for the client");
- break;
- }
- }else{
- noPacketPeriod=0;
- }
- /* send hello and wait reply */
- Writefmt(connfd,"hello\r\n");
- helloWait=TRUE;
- Signal(SIGALRM, timeoutAlarm);
- alarm(COMMWAITTIMEOUT);
-
- /* hello reply timeout */
+ intervalAlarmRinged=FALSE;
+
+ ScanNdpEntry(pClientAddr,userid,macAddr6,userProperty);
+
+ /* if no packet is passed in long time, then quit */
+ if(GetPacketCount(pClientAddr)==savePacketCount){
+ noPacketPeriod++;
+ if(noPacketPeriod*GetActiveCheckInterval() >= GetNoPacketInterval()){
+ err_msg("ERR in comm-java: no packet passed for the client");
+ break;
+ }
+ }else{
+ noPacketPeriod=0;
+ }
+
+ /* send hello and wait reply */
+ Writefmt(connfd,"hello\r\n");
+ helloWait=TRUE;
+ Signal(SIGALRM, timeoutAlarm);
+ alarm(COMMWAITTIMEOUT);
+
+ /* hello reply timeout */
}else if(timeoutAlarmRinged){
- timeoutAlarmRinged=FALSE;
-
- /* is the reply ignored many times */
- noReplyCount++;
- if(noReplyCount>=GetNoReplyMax()){
- /* many times, then quit */
- err_msg("ERR in comm-java: no reply to hello");
- break;
- }else{
- /* not so many times, then continue */
- helloWait=FALSE;
- savePacketCount=GetPacketCount();
- Signal(SIGALRM, intervalAlarm);
- alarm(GetActiveCheckInterval());
- }
+ timeoutAlarmRinged=FALSE;
+
+ /* is the reply ignored many times */
+ noReplyCount++;
+ if(noReplyCount>=GetNoReplyMax()){
+ /* many times, then quit */
+ err_msg("ERR in comm-java: no reply to hello");
+ break;
+ }else{
+ /* not so many times, then continue */
+ helloWait=FALSE;
+ savePacketCount=GetPacketCount(pClientAddr);
+ Signal(SIGALRM, intervalAlarm);
+ alarm(GetActiveCheckInterval());
+ }
/* pass the delay for firewall log renewal */
}else if(delayAlarmRinged){
- delayAlarmRinged=FALSE;
- savePacketCount=GetPacketCount();
- Signal(SIGALRM, intervalAlarm);
- alarm(GetActiveCheckInterval());
-
- /* other abnormal read, then quit */
+ delayAlarmRinged=FALSE;
+ savePacketCount=GetPacketCount(pClientAddr);
+ Signal(SIGALRM, intervalAlarm);
+ alarm(GetActiveCheckInterval());
+
+ /* other abnormal read, then quit */
}else{
- break;
+ break;
}
}
}
return ret;
}
-int WaitAppletConnect(char *userid, char *clientAddr, int duration, char *macAddr)
+int WaitAppletConnect(char *userid, char *clientAddr4, char *clientAddr6, int duration, char *macAddr4, int status, struct clientAddr *pClientAddr)
{
int ret;
- if(DEBUG) err_msg("DEBUG:=>waitAppletConnect(%s,%s,%d,%s)",userid,clientAddr,duration,macAddr);
- ret=waitAppletConnect(userid,clientAddr,duration,macAddr);
+ if(DEBUG) err_msg("DEBUG:=>waitAppletConnect(%s,%s,%s,%d,%s,%d)",userid,clientAddr4,clientAddr6,duration,macAddr4,status);
+ ret=waitAppletConnect(userid,clientAddr4,clientAddr6,duration,macAddr4,status,pClientAddr);
if(DEBUG) err_msg("DEBUG:(%d)<=waitAppletConnect( )",ret);
return ret;
}
-void WaitClientClose(void)
+void WaitClientClose(struct clientAddr *pClientAddr, char *userid, char *userProperty, char *macAddr6, int status)
{
- if(DEBUG) err_msg("DEBUG:=>waitClientClose( )");
- waitClientClose();
+ if(DEBUG) err_msg("DEBUG:=>waitClientClose(%p,%s,%s,userProperty,%d)",pClientAddr,userid,macAddr6,status);
+ waitClientClose(pClientAddr,userid,userProperty,macAddr6,status);
if(DEBUG) err_msg("DEBUG:<=waitClientClose( )");
}
--- /dev/null
+/**************************************************
+opengate server
+ module for communication with ndp
+
+Copyright (C) 2004-2005 Katsuhiko Eguchi
+
+This program is free software; you can redistribute it and/or
+modify it under the terms of the GNU General Public License
+as published by the Free Software Foundation; either version 2
+of the License, or (at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+Email: eguchi@ai.is.saga-u.ac.jp
+**************************************************/
+
+#include "opengatesrv.h"
+
+extern char ruleNumber6[WORDMAXLN]; /* ip6fw rule number in string form */
+
+/**************************************/
+/* scan client address form NDP entry */
+/**************************************/
+void scanNdpEntry(struct clientAddr *pClientAddr, char *userid, char *macAddr6, char *userProperty)
+{
+ int fd[2];
+ int piperead_fd,pipewrite_fd;
+ int stdin_fd=0,stdout_fd=1;
+ int st;
+ int ret;
+ int set;
+ char *startp;
+ char buf[BUFFMAXLN];
+ char tmpAddr[ADDRMAXLN]="";
+ int pid;
+ struct clientAddr *tmp1, *tmp2, *lastAddr;
+
+ /* create pipe */
+ if(pipe(fd)!=0){
+ err_msg("ERR in comm-ndp: Cannot create pipe for ndp\n");
+ return;
+ }
+ piperead_fd=fd[0];
+ pipewrite_fd=fd[1];
+
+ /* fork */
+ if( (pid=Fork()) == 0 ){
+ /* child proc */
+
+ /* connect pipeout to stdout */
+ Close(stdout_fd);
+ dup(pipewrite_fd);
+
+ /* close other IO */
+ Close(stdin_fd);
+ Close(piperead_fd);
+ Close(pipewrite_fd);
+
+ /* exec proc */
+ if(execl(NDPPATH,"ndp","-an",(char *)0) == -1){
+ err_quit("ERR in comm-ndp: execlp error no= %d", errno);
+ }
+ exit(1);
+ }
+
+ /* parent proc */
+
+ /* close unuse IO */
+ Close(pipewrite_fd);
+
+ /* get ndp response */
+ /* ndp response takes following format */
+ /* "[IPv6Addr] [MacAddr] [InterfaceID] [Expire] [State]" */
+ /* get IPv6 address from above string */
+
+ // active cheack
+ tmp1=pClientAddr;
+ while(tmp1!=NULL){
+ if(tmp1->type==6) tmp1->status=FALSE;
+ lastAddr=tmp1;
+ tmp1=tmp1->next;
+ }
+
+ // skip first line
+ if(Readln(piperead_fd, buf, BUFFMAXLN-1)==0){
+ err_msg("ERR in comm-ndp: readin error");
+ return;
+ }
+ while(Readln(piperead_fd, buf, BUFFMAXLN-1)!=0){
+ if((startp = strstr(buf," "))==NULL) break;
+ if(strstr(startp,macAddr6)==NULL) continue;
+ *startp = '\0';
+ if(strstr(buf,"fe80::")!=NULL) continue;
+ strncpy(tmpAddr,buf,ADDRMAXLN);
+ tmp1 = pClientAddr;
+ set = FALSE;
+ while(tmp1!=NULL){
+ if(tmp1->type==4){
+ tmp1=tmp1->next;
+ continue;
+ }
+ if(strstr(tmpAddr,tmp1->IpAddr)!=NULL){
+ tmp1->status=TRUE;
+ set = TRUE;
+ break;
+ }
+ tmp1=tmp1->next;
+ }
+ // ipfw add new client address
+ if(set==FALSE){
+ if((ret=OpenClientGate6(tmpAddr, userid, macAddr6, userProperty))<0){
+ err_msg("ERR in comm-ndp: error return form openClientGate6");
+ break;
+ }else if(ret>0){
+ err_msg("ERR in comm-ndp: max ruleNumber over in openClientGate6");
+ break;
+ }
+ err_msg("OPEN: user %s from %s at %s", userid, tmpAddr, macAddr6);
+ lastAddr->next = CreateAddrList(tmpAddr,ruleNumber6,6);
+ lastAddr=lastAddr->next;
+ }
+ }
+ Close(piperead_fd);
+
+ /* check deleted address from ndp entry */
+ tmp1 = pClientAddr;
+ while(tmp1!=NULL){
+ if(tmp1->status==FALSE){
+ CloseClientGate6(tmp1,userid,macAddr6);
+ tmp2=pClientAddr;
+ while(tmp2->next!=tmp1){
+ tmp2=tmp2->next;
+ }
+ tmp2->next=tmp1->next;
+ tmp2=tmp1;
+ tmp1=tmp1->next;
+ free(tmp2);
+ continue;
+ }
+ tmp1=tmp1->next;
+ }
+
+ /* wait child end */
+ wait(&st);
+ return;
+}
+
+/**********************************************************************/
+/* get MAC address for clientAddr (nnnn:nnnn::nnnn:nnnn) by ndp entry */
+/**********************************************************************/
+int getMacAddrFromNdp(char *clientAddr6, char* macAddr6)
+{
+ int fd[2];
+ int piperead_fd,pipewrite_fd;
+ int stdin_fd=0,stdout_fd=1;
+ char buf[BUFFMAXLN];
+ int st;
+ char *startp;
+ char *endp;
+
+ macAddr6[0]='?';
+ macAddr6[1]='\0';
+
+ /* create pipe */
+ if(pipe(fd)!=0){
+ err_msg("ERR in comm-ndp: Cannot create pipe for ndp\n");
+ return -1;
+ }
+ piperead_fd=fd[0];
+ pipewrite_fd=fd[1];
+
+ /* fork */
+ if(Fork()==0){
+ /* child proc */
+
+ /* connect pipeout to stdout */
+ Close(stdout_fd);
+ dup(pipewrite_fd);
+
+ /* close other IO */
+ Close(stdin_fd);
+ Close(piperead_fd);
+ Close(pipewrite_fd);
+
+ /* exec proc */
+ if(execl(NDPPATH,"ndp","-an",(char *)0) == -1){
+ err_quit("ERR in comm-ndp: execlp error no= %d", errno);
+ }
+ exit(1);
+ }
+ /* parent proc */
+
+ /* close unuse IO */
+ Close(pipewrite_fd);
+
+ /* get ndp response */
+ // skip first line
+ if(Readln(piperead_fd, buf, BUFFMAXLN-1)==0){
+ err_msg("ERR in comm-ndp: readin error");
+ return -1;
+ }
+
+ /* arp response takes following format */
+ /* "[IPv6 Addr] [Mac] [InterfaseID] [Expire] [Status] [Flags] [Prbs]" */
+ /* get MAC address from above string */
+ while(Readln(piperead_fd, buf, BUFFMAXLN-1)){
+ if(strstr(buf,clientAddr6)==NULL)continue;
+ startp = strtok(buf," ");
+ startp = strtok(NULL," ");
+ strcpy(macAddr6,startp);
+ }
+
+ Close(piperead_fd);
+
+ /* wait child end */
+ wait(&st);
+ return 0;
+}
+
+/********************************************/
+/* Delete NDP entry for closed IPv6 address */
+/********************************************/
+void deleteNdpEntry(char *clientAddr6)
+{
+ int st;
+
+ /********** del ipfw rule for the client *************/
+
+ /* fork */
+ if(Fork()==0){
+ /* child proc */
+ if(execl(NDPPATH,"ndp","-dn",clientAddr6,(char *)0)==-1){
+ err_quit("ERR in comm-ndp: execl error no= %d", errno);
+ }
+ exit(1);
+ }
+ /* wait child end */
+ wait(&st);
+
+ return;
+}
+
+int GetMacAddrFromNdp(char *clientAddr6, char* macAddr6)
+{
+ int ret;
+
+ if(DEBUG) err_msg("DEBUG:=>getMacAddrFromNdp(%s,)",clientAddr6);
+ ret=getMacAddrFromNdp(clientAddr6,macAddr6);
+ if(DEBUG) err_msg("DEBUG:(%d)<=getMacAddrFromNdp(,%s)",ret,macAddr6);
+
+ return ret;
+}
+
+void DeleteNdpEntry(char *clientAddr6)
+{
+ if(DEBUG) err_msg("DEBUG:=>deleteNdpEntry(%s)",clientAddr6);
+ deleteNdpEntry(clientAddr6);
+ if(DEBUG) err_msg("DEBUG:<=deleteNdpEntry( )");
+}
+
+void ScanNdpEntry(struct clientAddr *pClientAddr, char *userid, char *macAddr6, char *userProperty)
+{
+ if(DEBUG) err_msg("DEBUG:=>scanNdpEntry(%p,%s,%s,userProperty)",pClientAddr,userid,macAddr6);
+ scanNdpEntry(pClientAddr,userid,macAddr6,userProperty);
+ if(DEBUG) err_msg("DEBUG:<=scanNdpEntry( )");
+}
if(DEBUG) err_msg("DEBUG:(%d)<=getUseFwScript()",ret);
return ret;
}
-
--- /dev/null
+/**************************************************
+htmltemplate
+
+Copyright (C) 2005 Katsuhiko Eguchi
+
+This program is free software; you can redistribute it and/or
+modify it under the terms of the GNU General Public License
+as published by the Free Software Foundation; either version 2
+of the License, or (at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+Email: eguchi@ai.is.saga-u.ac.jp
+**************************************************/
+
+#include "htmltemplate.h"
+#include "opengatesrv.h"
+#include <regex.h>
+
+int htmltemplate(char* filename, struct html_key* key,int key_size)
+{
+ FILE *fp;
+ char buff[BUFFMAXLN];
+ int i;
+
+ if((fp=fopen(filename,"r"))==NULL){
+ printf("Cannot find html document.");
+ return 1;
+ }
+ while(fgets(buff,BUFFMAXLN,fp)!=NULL){
+ for(i=0;i<key_size;i++){
+ htmlReplace(buff,key[i].name,key[i].val);
+ }
+ printf("%s",buff);
+ }
+ fclose(fp);
+ return 0;
+}
+
+int htmlReplace(char* buff,char *before,char *after)
+{
+ char* wbuff;
+ char* rep_point;
+ char *form , *latt;
+ char* temp_buff = strmirror(buff);
+ int n = 0;
+
+
+ for(rep_point=buff;(rep_point=strstr(rep_point,before))!=NULL;){
+ size_t i;
+ n++;
+ for(i=0;i<strlen(before);i++)rep_point++;
+ }
+
+ if(n==0)return 0;
+
+ strcpy(buff,"");
+ for(form = temp_buff; (latt=strsplit(form,before)) != NULL; form = latt){
+ strcat(buff,form);
+ strcat(buff,after);
+ }
+ strcat(buff,form);
+ free(temp_buff);
+
+ return 0;
+}
+
+char* strsplit(char* str,const char* delimstr)
+{
+ char* delim_point = strstr(str,delimstr);
+ const size_t delim_len = strlen(delimstr);
+ size_t i;
+
+ if(delim_point == NULL) return NULL;
+ else{
+ *delim_point = '\0';
+ for(i=0;i<delim_len;i++) delim_point++;
+ }
+ return delim_point;
+}
+
+char* strmirror(const char* str)
+{
+ char* p = (char*)malloc(strlen(str)+1);
+ if(p == NULL) return NULL;
+
+ strcpy(p,str);
+ return p;
+}
--- /dev/null
+/**************************************************
+htmltemplate
+
+Copyright (C) 2005 Katsuhiko Eguchi
+
+This program is free software; you can redistribute it and/or
+modify it under the terms of the GNU General Public License
+as published by the Free Software Foundation; either version 2
+of the License, or (at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+Email: eguchi@ai.is.saga-u.ac.jp
+**************************************************/
+
+struct html_key{
+ char* name;
+ char* val;
+};
+
+int htmltemplate(char* filename,struct html_key* key,int key_size);
+int htmlReplace(char* buff,char *before,char *after);
+char* strsplit(char* str,const char* delimstr);
+char* strmirror(const char* str);
opengate server main
Copyright (C) 1999 Yoshiaki Watanabe
+ Modfied 2005 Katsuhiko Eguchi
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
#include "opengatesrv.h"
-void putCloseMsg(time_t timeOut, time_t timeIn);
-void PutCloseMsg(time_t timeOut, time_t timeIn);
-void closeExit(int signo);
+int status; /* flag for IPv4 or IPv6 */
+
+extern char ruleNumber4[WORDMAXLN]; /* ipfw rule number in string form */
+extern char ruleNumber6[WORDMAXLN]; /* ip6fw rule number in string form */
-extern char ruleNumber[WORDMAXLN]; /* ipfw rule number in string form */
+char clientAddr4[ADDRMAXLN]=""; /* client addr (nnn.nnn.nnn.nnn) */
+char clientAddr6[ADDRMAXLN]=""; /* client addr (nnnn:nnnn:xxxx::xxxx) 128bit */
-char clientAddr[ADDRMAXLN]=""; /* client addr (nnn.nnn.nnn.nnn) */
-char macAddr[ADDRMAXLN]="?"; /* client MAC address */
+struct clientAddr *pClientAddr = NULL;
+struct clientAddr *pLastClientAddr = NULL;
+
+char macAddr4[ADDRMAXLN]="?"; /* client MAC address (format for arp) */
+char macAddr6[ADDRMAXLN]="?"; /* client MAC address (format for ndp) */
char userid[USERMAXLN];
char useridshort[USERMAXLN];/* userID before @ mark(cut off serverID) */
char userProperty[BUFFMAXLN];
time_t timeIn, timeOut;
+void putCloseMsg(time_t timeOut, time_t timeIn);
+void PutCloseMsg(time_t timeOut, time_t timeIn);
+
+void reFormatMacAddr(char* macAddr4, char* macAddr6);
+void ReFormatMacAddr(char* macAddr4, char* macAddr6);
+
+void getMacAddr(void);
+void GetMacAddr(void);
+
+void closeExit(int signo);
+
/***************************************************/
/* main routine called as cgi from Web server */
/***************************************************/
int port;
int dummyfd[2];
int pid;
- int ret;
int duration; /* requested usage duration */
-
+
/* start log */
errToSyslog(ERRORTOSYSLOG); /* output of err_xxx() to syslogd */
openlog(argv[0], LOG_PID, FACILITY);
+ /* check referer */
+ if(CheckReferer()==FALSE) return 0;
+
/* get POST data */
- GetPostData(userid, password, &duration);
+ GetPostData(userid, password, clientAddr4, &duration);
/* split user@server to user and server */
SplitId(userid, useridshort, serverid);
CreateDbBuffer(serverid);
/* get information of client machine */
- GetClientAddr(clientAddr);
- if(GetEnableMacAddr()==1) GetMacAddr(clientAddr, macAddr);
+ GetClientAddr(clientAddr6);
+
+ /* get MAC address from arp and ndp */
+ GetMacAddr();
/* authenticate the user with authentication server */
if(!AuthenticateUser(useridshort, password)){
PutClientDeny();
- err_msg("DENY: user %s from %s at %s", userid, clientAddr, macAddr);
+ err_msg("DENY: user %s from %s at %s", userid, clientAddr4, macAddr4);
return 0;
}
if(!GetUserProperty(userid, userProperty)){
PutClientMsg("Error: You are denied.");
err_msg("DENY: user %s from %s at %s (ill-property)",
- userid, clientAddr, macAddr);
+ userid, clientAddr4, macAddr4);
return 0;
}
}
/* open firewall for the client */
- if((ret=OpenClientGate(clientAddr, userid, macAddr, userProperty))<0){
- PutClientMsg("Error: Please End Web and Retry");
- return 0;
- }else if(ret>0){
- PutClientMsg("Error: Please contact to the administrator");
- return 0;
- }
-
+ if(OpenClientGate()==FALSE) return 0;
timeIn=time(NULL);
- err_msg("OPEN: user %s from %s at %s", userid, clientAddr, macAddr);
/* set (ruleNumber,userid,clientAddr) in process title */
- setproctitle("%s,%s,%s", ruleNumber, userid, clientAddr);
-
+ if(status==IPV46DUAL){
+ setproctitle("%s,[%s(%s)],[%s(%s)]", useridshort, clientAddr4, ruleNumber4, clientAddr6, ruleNumber6);
+ }else if(status==IPV4ONLY){
+ setproctitle("%s,[%s(%s)]",useridshort, clientAddr4, ruleNumber4);
+ }else if(status==IPV6ONLY){
+ setproctitle("%s,[%s(%s)]",useridshort, clientAddr6, ruleNumber6);
+ }
+
/* set terminate signal handler */
Signal(SIGTERM, closeExit);
if((pid=Fork())!=0){
/** parent process **/
/* send java */
- PutJavaApplet(userid, port, pid);
+ PutJavaApplet(userid, port, pid, clientAddr4, clientAddr6, status);
/* detach from Web server */
return 0;
Pipe(dummyfd); /* connect dummy pipe for stdin and out */
/* connect to the java applet */
- if(WaitAppletConnect(userid, clientAddr, duration, macAddr)==1){
+ if(WaitAppletConnect(userid, clientAddr4, clientAddr6, duration, macAddr4, status, pClientAddr)==1){
/* wait until the user quit */
- WaitClientClose();
+ WaitClientClose(pClientAddr, userid, userProperty, macAddr6, status);
}
/* close firewall and exit */
closeExit(1);
}
-/* calc connection duration and put it out */
+/********************************************************************/
+/********************************************************************/
+
+int openClientGate(void)
+{
+ int ret;
+
+ /* client have IPv6 & IPv4 address */
+ if(status == IPV46DUAL){
+ /* open firewall for clientAddr4 */
+ err_msg("START: user %s use IPv6 and IPv4 at %s", userid, macAddr4);
+ if((ret=OpenClientGate4(clientAddr4, userid, macAddr4, userProperty))<0){
+ PutClientMsg("Error: Please End Web and Retry");
+ return FALSE;
+ }else if(ret>0){
+ PutClientMsg("Error: Please contact to the administrator");
+ return FALSE;
+ }
+ err_msg("OPEN: user %s from %s at %s", userid, clientAddr4, macAddr4);
+ pClientAddr = CreateAddrList(clientAddr4,ruleNumber4,IPV4);
+ pLastClientAddr = pClientAddr;
+
+ /* open firewall for clientAddr6 */
+ if((ret=OpenClientGate6(clientAddr6, userid, macAddr6, userProperty))<0){
+ PutClientMsg("Error: Please End Web and Retry");
+ if(pClientAddr!=NULL){
+ if(pClientAddr->type==4){
+ CloseClientGate4(pClientAddr,userid,macAddr4);
+ }
+ }
+ return FALSE;
+ }else if(ret>0){
+ PutClientMsg("Error: Please contact to the administrator");
+ return FALSE;
+ }
+ err_msg("OPEN: user %s from %s at %s", userid, clientAddr6, macAddr6);
+ pLastClientAddr->next = CreateAddrList(clientAddr6,ruleNumber6,IPV6);
+
+ /* client have IPv4 */
+ }else if(status==IPV4ONLY){
+ if((ret=OpenClientGate4(clientAddr4, userid, macAddr4, userProperty))<0){
+ PutClientMsg("Error: Please End Web and Retry");
+ return FALSE;
+ }else if(ret>0){
+ PutClientMsg("Error: Please contact to the administrator");
+ return FALSE;
+ }
+ err_msg("START: user %s use IPv4(IPv6) at %s", userid, macAddr4);
+ err_msg("OPEN: user %s from %s at %s", userid, clientAddr4, macAddr4);
+ pClientAddr = CreateAddrList(clientAddr4,ruleNumber4,IPV4);
+ pLastClientAddr = pClientAddr;
+
+ /* client have IPv6 */
+ }else if(status==IPV6ONLY){
+ if((ret=OpenClientGate6(clientAddr6, userid, macAddr6, userProperty))<0){
+ PutClientMsg("Error: Please End Web and Retry");
+ return FALSE;
+ }else if(ret>0){
+ PutClientMsg("Error: Please contact to the administrator");
+ return FALSE;
+ }
+ err_msg("START: user %s use IPv6 at %s", userid, macAddr6);
+ err_msg("OPEN: user %s from %s at %s", userid, clientAddr6, macAddr6);
+ pClientAddr = CreateAddrList(clientAddr4,ruleNumber4,IPV4);
+ pLastClientAddr = pClientAddr;
+ }
+ return TRUE;
+}
+
+/*******************************************/
+/* calc connection duration and put it out */
+/*******************************************/
void putCloseMsg(time_t timeOut, time_t timeIn)
{
double time;
hour=time/60/60;
min=(time-hour*60*60)/60;
sec=(time-hour*60*60-min*60);
- err_msg("CLOS: user %s from %s at %s ( %02d:%02d:%02d )",
- userid, clientAddr, macAddr, hour,min,sec);
+ err_msg("END: user %s at %s ( %02d:%02d:%02d )",
+ userid, macAddr4, hour,min,sec);
return;
}
+/********************/
+/* Get Mac Address */
+/********************/
+void getMacAddr(void)
+{
+ if(GetEnableMacAddr()==1){
+ if(strstr(clientAddr4,".")!=NULL){
+ GetMacAddrFromArp(clientAddr4, macAddr4);
+ if(strstr(clientAddr6,":")!=NULL){
+ GetMacAddrFromNdp(clientAddr6,macAddr6);
+ status = IPV46DUAL;
+ }else{
+ ReFormatMacAddr(macAddr4,macAddr6);
+ status = IPV4ONLY;
+ }
+ }else{
+ if(!strstr(clientAddr6,":")==NULL){
+ GetMacAddrFromNdp(clientAddr6, macAddr6);
+ status = IPV6ONLY;
+ }else{
+ err_msg("ERR: Can not get IP address from user %s", userid);
+ PutClientMsg("Error: Please Call Administrator");
+ exit(1);
+ }
+ }
+ /* not need MAC address */
+ }else{
+ if(strstr(clientAddr4,".")!=NULL){
+ if(strstr(clientAddr6,":")!=NULL){
+ status = IPV46DUAL;
+ }else{
+ status = IPV4ONLY;
+ }
+ }else{
+ if(!strstr(clientAddr6,":")==NULL){
+ status = IPV6ONLY;
+ }else{
+ err_msg("ERR: Can not get IP address from user %s", userid);
+ PutClientMsg("Error: Please Call Administrator");
+ exit(1);
+ }
+ }
+ }
+ return;
+}
+
+/*********************************/
+/* format macAddr for ndp or arp */
+/*********************************/
+void reFormatMacAddr(char* macAddr4, char* macAddr6)
+{
+ char *strp = NULL;
+ char delims[] = ":";
+ char buf[ADDRMAXLN] = "";
+ char nullstr[ADDRMAXLN] = "";
+
+ strcpy(macAddr6,nullstr);
+ strcpy(buf,macAddr4);
+ strp=strtok(buf,delims);
+
+ if(strncmp(strp,"0",1)==0){
+ strp++;
+ strcat(macAddr6,strp);
+ }else{
+ strcat(macAddr6,strp);
+ }
+ strp=strtok(NULL,delims);
+ while(strp!=NULL){
+ strcat(macAddr6,delims);
+ if(strncmp(strp,"0",1)==0){
+ strp++;
+ strcat(macAddr6,strp);
+ }else{
+ strcat(macAddr6,strp);
+ }
+ strp=strtok(NULL,delims);
+ }
+}
+
/*****************************/
/* At termination, call this */
/*****************************/
{
Signal(SIGTERM, SIG_DFL);
QuitClient();
- CloseClientGate();
+
+ while(pClientAddr!=NULL){
+ if(pClientAddr->type==4){
+ CloseClientGate4(pClientAddr,useridshort,macAddr4);
+ }else if(pClientAddr->type==6){
+ CloseClientGate6(pClientAddr,useridshort,macAddr6);
+ DeleteNdpEntry(pClientAddr->IpAddr);
+ }
+ pClientAddr = pClientAddr->next;
+ }
+
timeOut=time(NULL);
PutCloseMsg(timeOut,timeIn);
if(DEBUG) err_msg("DEBUG:terminated");
- exit(1);
+ exit(1);
}
/*****************************/
/*****************************/
+int OpenClientGate(void)
+{
+ int ret;
+ if(DEBUG) err_msg("DEBUG:=>openClientGate( )");
+ ret = openClientGate();
+ if(DEBUG) err_msg("DEBUG:(%d)<=openClientGate()",ret);
+ return ret;
+}
+
void PutCloseMsg(time_t timeOut, time_t timeIn)
{
if(DEBUG) err_msg("DEBUG:=>putCloseMsg( )");
if(DEBUG) err_msg("DEBUG:<=putCloseMsg( )");
}
+void ReFormatMacAddr(char* macAddr4, char* macAddr6)
+{
+ if(DEBUG) err_msg("DEBUG:=>reFormatMacAddr(%s)", macAddr4);
+ reFormatMacAddr(macAddr4, macAddr6);
+ if(DEBUG) err_msg("DEBUG:<=reFormatMacAddr(%s)", macAddr6);
+}
+
+void GetMacAddr(void)
+{
+ if(DEBUG) err_msg("DEBUG:=>getMacAddr( )");
+ getMacAddr();
+ if(DEBUG) err_msg("DEBUG:<=getMacAddr( )");
+}
--- /dev/null
+/**************************************************
+opengate autheintication CGI main
+
+Copyright (C) 2005 Katsuhiko Eguchi
+
+This program is free software; you can redistribute it and/or
+modify it under the terms of the GNU General Public License
+as published by the Free Software Foundation; either version 2
+of the License, or (at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+Email: eguchi@ai.is.saga-u.ac.jp
+**************************************************/
+
+#include "opengateauth.h"
+#include "htmltemplate.h"
+
+int main(){
+ struct html_key key[1];
+ char clientAddr[ADDRMAXLN]="";
+ int i = 0;
+
+ strncpy(clientAddr,getenv("REMOTE_ADDR"),ADDRMAXLN);
+
+ printf("Content-Type: text/html\r\n\r\n\r\n");
+
+ key[0].name = "%%REMOTE_ADDR%%";
+ key[0].val = clientAddr;
+
+ while(authLang[i].lang != ""){
+ if(strcmp(getenv("QUERY_STRING"), authLang[i].lang)==0 &&
+ strcmp(getenv("SERVER_PORT"), authLang[i].port)==0){
+ htmltemplate(authLang[i].content, key, 1);
+ return 0;
+ }
+ i++;
+ }
+
+ htmltemplate(authLang[i].content, key, 1);
+
+ return 0;
+}
--- /dev/null
+/**************************************************
+opengate autheintication CGI header file
+
+Copyright (C) 2005 Katsuhiko Eguchi
+
+This program is free software; you can redistribute it and/or
+modify it under the terms of the GNU General Public License
+as published by the Free Software Foundation; either version 2
+of the License, or (at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+Email: watanaby@is.saga-u.ac.jp
+**************************************************/
+
+#include "opengatesrv.h"
+
+#define HTTP "80"
+#define HTTPS "443"
+
+struct authLanguage{
+ char lang[WORDMAXLN];
+ char port[WORDMAXLN];
+ char content[BUFFMAXLN];
+};
+
+const struct authLanguage authLang[5] = {
+ {"ja", HTTP , AUTHHTMLJA },
+ {"ja", HTTPS, AUTHHTMLJASSL },
+ {"en", HTTP , AUTHHTMLEN },
+ {"en", HTTPS, AUTHHTMLENSSL },
+ {"" , "" , AUTHHTMLEN } //this is always necessary. default action.
+};
/**************************************************
opengate server header file
-Copyright (C) 1999 Yoshiaki Watanabe
+Copyright (C) 1999 Yoshiaki Watanabexs
+ Modfied 2005 Katsuhiko Eguchi
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
#include <sys/types.h> /* basic system data types */
#include <sys/socket.h> /* basic socket definitions */
#include <sys/time.h> /* timeval{} for select() */
-#include <time.h> /* timespec{} for pselect() */
+#include <time.h> /* timespec{} for pselect() */
#include <netinet/in.h> /* sockaddr_in{} and other Internet defns */
#include <arpa/inet.h> /* inet(3) functions */
#include <errno.h>
-#include <fcntl.h> /* for nonblocking */
+#include <fcntl.h> /* for nonblocking */
#include <netdb.h>
#include <signal.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
-#include <sys/stat.h> /* for S_xxx file mode constants */
-#include <sys/uio.h> /* for iovec{} and readv/writev */
+#include <sys/stat.h> /* for S_xxx file mode constants */
+#include <sys/uio.h> /* for iovec{} and readv/writev */
#include <unistd.h>
#include <sys/wait.h>
-#include <sys/un.h> /* for Unix domain sockets */
-# include <sys/select.h> /* for convenience */
-# include <poll.h> /* for convenience */
-# include <strings.h> /* for convenience */
+#include <sys/un.h> /* for Unix domain sockets */
+# include <sys/select.h> /* for convenience */
+# include <poll.h> /* for convenience */
+# include <strings.h> /* for convenience */
# include <sys/ioctl.h>
# include <sys/filio.h>
# include <sys/sockio.h>
/***** some parameters are overrided by the value in makefile. ****/
-#define DEBUG 0 /* if 1, dump many message to syslog */
+#define USEIPV6 1 /* if 1, enable IPv6 */
+#define DEBUG 1 /* if 1, dump many message to syslog */
#define ERRORTOSYSLOG 1 /* if 1, error message to syslog */
/* if 0, to stderr */
#define APPLETMARK "**OpengateAppletHere**" /* applet insert point mark */
#define TERMINATEMARK "**TerminateUrlHere**" /* terminate URL insert mark */
+#define INFOMATIONMARK "**InfomationUrlHere**" /* infomation URL insert mark */
#define DURATIONDEFAULT 1200 /* default timeout of java connect (second) */
-#define DURATIONMAX 10800 /* requested usage time without java */
- /* is limitted by this value(second) */
+#define DURATIONMAX 10800 /* requested usage time without java */
+ /* is limitted by this value(second) */
-#define ACTIVECHECKINTERVAL 600 /* client check interval(second) */
-#define COMMWAITTIMEOUT 60 /* communication reply timeout(second) */
+#define ACTIVECHECKINTERVAL 600
+#define COMMWAITTIMEOUT 60 /* communication reply timeout(second) */
#define NOREPLYMAX 1 /* permitted count of no reply to hello */
#define PACKETLOGDELAY 10 /* wait log writing time(second) */
#define NOPACKETINTERVAL 5400 /* no packet interval (second) */
#define LOCKTIMEOUT 10 /* ipfw exclusive exec lock timeout (second)*/
-#define IPFWMIN 10000 /* ipfw rule number minimum */
-#define IPFWMAX 40000 /* ipfw rule number maximum */
+#define IPFWMIN 10000 /* ipfw rule number minimum */
+#define IPFWMAX 40000 /* ipfw rule number maximum */
#define IPFWINTERVAL 2 /* ipfw rule number interval */
- /* listen a port between follows */
+ /* listen a port between follows */
#define PORTMIN 30000 /* minimum port number */
#define PORTMAX 60000 /* maximum port number */
#define FACILITY LOG_LOCAL1 /* syslog ID */
-#define DEFAULTPROTO "ftp" /* default authentication protocol */
+#define DEFAULTPROTO "ftp" /* default authentication protocol */
#define ADDRMAXLN 128 /* maximum address string length */
#define PASSMAXLN 128 /* maximum password string length */
#define DENY 0
#define ACCEPT 1
+#define IPV4ONLY 4
+#define IPV46DUAL 46
+#define IPV6ONLY 6
+#define IPV4 4
+#define IPV6 6
+
#define ENABLEMACADDR 1 /* if 0, ignore MAC addr routine */
#define PAMSERVICENAME "opengate" /* service name used in PAM */
#define RADIUSCONF "/etc/radius.conf" /* default path to radius.conf */
+struct clientAddr
+{
+ int type; /* IP type 4 or 6 */
+ char IpAddr[ADDRMAXLN]; /* client IP address */
+ char ruleNumber[WORDMAXLN]; /* rule number of ipfw or ip6fw */
+ time_t timeIn; /* start time */
+ int status; /* active check */
+ struct clientAddr * next; /* next struct */
+};
+
/**********prototypes***************************************/
int authenticateUser(char *userid, char *password);
int AuthenticateUser(char *userid, char *password);
-int openClientGate(char *clientAddr, char *userid, char *macAddr, char *userProperty);
-int OpenClientGate(char *clientAddr, char *userid, char *macAddr, char *userProperty);
+int openClientGate4(char *clientAddr4, char *userid, char *macAddr4, char *userProperty);
+int OpenClientGate4(char *clientAddr4, char *userid, char *macAddr4, char *userProperty);
+
+int openClientGate6(char *clientAddr6, char *userid, char *macAddr6, char *userProperty);
+int OpenClientGate6(char *clientAddr6, char *userid, char *macAddr6, char *userProperty);
+
+void closeClientGate4(struct clientAddr *pClientAddr, char *userid, char *macAddr4);
+void CloseClientGate4(struct clientAddr *pClientAddr, char *userid, char *macAddr4);
+
+void closeClientGate6(struct clientAddr *pClientAddr, char *userid, char *macAddr6);
+void CloseClientGate6(struct clientAddr *pClientAddr, char *userid, char *macAddr6);
+
+void deleteNdpEntry(char *clientAddr6);
+void DeleteNdpEntry(char *clientAddr6);
+
+void scanNdpEntry(struct clientAddr *pClientAddr, char *userid, char *macAddr6, char *userProperty);
+void ScanNdpEntry(struct clientAddr *pClientAddr, char *userid, char *macAddr6, char *userProperty);
+
+int getPacketCount(struct clientAddr *pClientAddr);
+int GetPacketCount(struct clientAddr *pClientAddr);
-void closeClientGate(void);
-void CloseClientGate(void);
+int getPacketCount4(char *ruleNumber);
+int GetPacketCount4(char *ruleNumber);
-int getPacketCount(void);
-int GetPacketCount(void);
+int getPacketCount6(char *ruleNumber);
+int GetPacketCount6(char *ruleNumber);
+
+int countRuleNumber(char *ruleNumber);
+int ConntRuleNumber(char *ruleNumber);
void getClientAddr(char *clientAddr);
void GetClientAddr(char *clientAddr);
-void getPostData(char *userid, char *password, int *durationPtr);
-void GetPostData(char *userid, char *password, int *durationPtr);
+void getPostData(char *userid, char *password, char *clientAddr4, int *durationPtr);
+void GetPostData(char *userid, char *password, char *clientAddr4, int *durationPtr);
int getUserProperty(char *userid, char *userProperty);
int GetUserProperty(char *userid, char *userProperty);
void splitId(char* userid, char* useridshort, char* serverid);
void SplitId(char* userid, char* useridshort, char* serverid);
-void waitClientClose(void);
-void WaitClientClose(void);
+void waitClientClose(struct clientAddr *pClientAddr, char *userid, char *userProperty, char *macAddr6, int status);
+void WaitClientClose(struct clientAddr *pClientAddr, char *userid, char *userProperty, char *macAddr6, int status);
void putClientDeny(void);
void PutClientDeny(void);
int getListenPort(void);
int GetListenPort(void);
-void putJavaApplet(char *userid, int port, int pid);
-void PutJavaApplet(char *userid, int port, int pid);
+void putJavaApplet(char *userid, int port, int pid, char *clientAddr4, char *clientAddr6, int status);
+void PutJavaApplet(char *userid, int port, int pid, char *clientAddr4, char *clientAddr6, int status);
+
+int waitAppletConnect(char *userid, char *clientAddr4, char *clientAddr6, int duration, char *macAddr4, int status, struct clientAddr *pClientAddr);
+int WaitAppletConnect(char *userid, char *clientAddr4, char *clientAddr6, int duration, char *macAddr4, int status, struct clientAddr *pClientAddr);
-int waitAppletConnect(char *userid, char *clientAddr, int duration, char *macAddr);
-int WaitAppletConnect(char *userid, char *clientAddr, int duration, char *macAddr);
+int checkReferer(void);
+int CheckReferer(void);
ssize_t readln(int fd, void *vptr, size_t maxlen);
ssize_t Readln(int fd, void *ptr, size_t maxlen);
int unlock(int fd);
int Unlock(int fd);
-int getMacAddr(char *clientAddr, char* macAddr);
-int GetMacAddr(char *clientAddr, char* macAddr);
+int getMacAddrFromArp(char *clientAddr4, char* macAddr4);
+int GetMacAddrFromArp(char *clientAddr4, char* macAddr4);
+
+int getMacAddrFromNdp(char *clientAddr6, char* macAddr6);
+int GetMacAddrFromNdp(char *clientAddr6, char* macAddr6);
void quitClient(void);
void QuitClient(void);
+struct clientAddr *createAddrList(char* IpAddr, char *ruleNumber, int type);
+struct clientAddr *CreateAddrList(char* IpAddr, char *ruleNumber, int type);
+
int tcp_connect(const char *host, const char *serv);
int Tcp_connect(const char *host, const char *serv);
Sigfunc * Signal(int signo, Sigfunc *func);
void * Malloc(size_t size);
-
int createDbBuffer(char* serverid);
int CreateDbBuffer(char* serverid);
int releaseDbBuffer(void);
char* GetFwScript(void);
int getUseFwScript(void);
int GetUseFwScript(void);
-
-
return(NULL);
return(str);
}
-
-#ifdef IPV6
+#ifdef AF_INET6
case AF_INET6: {
struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *) sa;
return(NULL);
return(str);
}
-#endif
+#endif AF_INET6
#ifdef AF_UNIX
case AF_UNIX: {
opengate server test program
Copyright (C) 2005 Yoshiaki Watanabe
+ Modfied 2005 Katsuhiko Eguchi
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
return 0;
}
-
-
opengate server test program
Copyright (C) 2005 Yoshiaki Watanabe
+ Modfied 2005 Katsuhiko Eguchi
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
char clientAddr[100];
char serverID[100]="default";
char dummy[100];
+ struct clientAddr ClientAddr;
+ struct clientAddr *pClientAddr;
+ pClientAddr = &ClientAddr;
/* start log */
errToSyslog(ERRORTOSYSLOG); /* set output of err_xxx() to syslogd */
if(CreateDbBuffer(serverID)!=0) return 0;
/* get client address to add */
- printf("Enter IP address to add rule in firewall=");
+ printf("Enter IPv4 address to add rule in firewall=");
scanf("%s",clientAddr);
/* open firewall */
- OpenClientGate(clientAddr,"user1",NULL,NULL);
+ OpenClientGate4(clientAddr,"user1",NULL,NULL);
+ strncpy(ClientAddr.IpAddr,clientAddr,ADDRMAXLN);
+ ClientAddr.type = 4;
+ ClientAddr.timeIn = time(NULL);
+ ClientAddr.next = NULL;
/* wait input */
printf("Check the addtion of firewall rules with ipfw command\n");
printf("This program and ipfw command be executed by root user\n\n");
printf("ENTER ANY charcter to remove the added rule\n\n");
scanf("%s",dummy);
+ strncpy(ClientAddr.ruleNumber,dummy,WORDMAXLN);
/* close firewall */
- CloseClientGate();
+ CloseClientGate4(pClientAddr,"user1",NULL);
printf("Check the removal of firewall rule with ipfw command\n");
/* get packet count */
- printf("Packet count for the rule is %d\n",GetPacketCount());
+ printf("Packet count for the rule is %d\n",GetPacketCount(pClientAddr));
return 0;
}
-
-
opengate server test program
Copyright (C) 2005 Yoshiaki Watanabe
+ Modfied 2005 Katsuhiko Eguchi
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
/*********************/
int main(int argc, char **argv)
{
- char clientAddr[100]="127.0.0.1";
+ char clientAddr4[100]="127.0.0.1";
+ char clientAddr6[100]="::1";
char userID[100]="user1";
char serverID[100]="default";
char dummy[100];
int duration=60;
+ struct clientAddr ClientAddr;
+ struct clientAddr *pClientAddr;
+ pClientAddr = &ClientAddr;
+ strncpy(ClientAddr.IpAddr,"127.0.0.1",ADDRMAXLN);
+ ClientAddr.next=NULL;
+ strncpy(ClientAddr.ruleNumber,"10000",WORDMAXLN);
+ ClientAddr.type=4;
+ ClientAddr.timeIn=time(NULL);
/* start log */
errToSyslog(ERRORTOSYSLOG); /* set output of err_xxx() to syslogd */
printf("Waiting connection for %d seconds\n",duration);
printf("\n");
printf("Try to connect from other window as\n");
- printf("> telnet %s %d\n", clientAddr, GetListenPort());
+ printf("> telnet %s %d\n", clientAddr4, GetListenPort());
printf("> %s\n",userID);
printf("\n");
printf("When %d seconds passed, hello is received\n",
printf("\n");
/* connection wait */
- WaitAppletConnect(userID, clientAddr, duration, "");
+ WaitAppletConnect(userID, clientAddr4,clientAddr6, duration, "",4,pClientAddr);
printf("Connected (or timeout)\n");
printf("Wait closing\n");
/* close wait */
- WaitClientClose();
+ WaitClientClose(pClientAddr,"user",NULL,NULL,4);
printf("Connection closed\n");
return 0;
}
-
-
ReleaseDbBuffer();
return 0;
}
-
-
utility routines
Copyright (C) 1999 Yoshiaki Watanabe
+ Modfied 2005 Katsuhiko Eguchi
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
#include "opengatesrv.h"
+
+/**************************/
+/* make address stack */
+/**************************/
+struct clientAddr *createAddrList(char* IpAddr, char *ruleNumber, int type)
+{
+ struct clientAddr *pNew;
+
+ if((pNew = (struct clientAddr *) malloc(sizeof(struct clientAddr))) == NULL){
+ PutClientMsg("Error: Please contact to the administrator");
+ exit(1);
+ }
+ strncpy(pNew->IpAddr,IpAddr,ADDRMAXLN);
+ strncpy(pNew->ruleNumber,ruleNumber,WORDMAXLN);
+ pNew->type = type;
+ pNew->timeIn = time(NULL);
+ pNew->status=TRUE;
+ pNew->next = NULL;
+ return pNew;
+}
+
+struct clientAddr *CreateAddrList(char* IpAddr, char *ruleNumber, int type)
+{
+ struct clientAddr *ret;
+ if(DEBUG) err_msg("DEBUG:=>createAddrList(%s,%s,%d)",IpAddr,ruleNumber,type);
+ ret = createAddrList(IpAddr, ruleNumber, type);
+ if(DEBUG) err_msg("DEBUG: [%p] <=createAddrList( )",ret);
+ return ret;
+}
+
/*************************************************/
/* formated write */
/* fd : file descriptor */
return ret;
}
-
err_sys("malloc error");
return(ptr);
}
-
OSDN Git Service
