<!-- #### usually, need not to modify following parameters #### -->\r
\r
<!-- Available HTML languages -->\r
- <HtmlLangs>ja en</HtmlLangs>\r
+ <HtmlLangs>en ja</HtmlLangs>\r
\r
<!-- Path to Apache Contents -->\r
<DocumentRoot>/usr/local/www/data</DocumentRoot>\r
<AuthDoc>index.html</AuthDoc>\r
<AuthDocSsl>index-ssl.html</AuthDocSsl>\r
<FwdDoc>topindex.html</FwdDoc>\r
+ <RetryDoc>retry.html</RetryDoc>\r
\r
<!-- CGI programs -->\r
<AuthCgi>opengateauth.cgi</AuthCgi>\r
<MainCgi>opengatesrv.cgi</MainCgi>\r
\r
<!-- URL used to retry -->\r
- <RetryUrl>http://www.google.com/</RetryUrl>\r
+ <ExternalUrl>http://www.google.com/</ExternalUrl>\r
\r
<!-- Url to start browsing after authentication -->\r
<!-- if type=0, use acceptdoc2. if type=1, use below url -->\r
<!-- Lock file for exclusive exec to prevent overlapped rule number -->\r
<LockFile>/tmp/opengate.lock</LockFile>\r
\r
- <!-- Syslog -->\r
- <Syslog>\r
- <Enable>1</Enable>\r
- <Facility>local1</facility>\r
- </Syslog>\r
- \r
<!-- Set 1 to write function call info to syslog -->\r
<!-- Set 0 to write only error message to syslog -->\r
<Debug>0</Debug>\r
<!-- #### extra settings overlayed on previous settings #### -->\r
\r
<!-- if you want to switch plural setting\r
- by ID added to userid input as [userid@ID],\r
+ by extraID added to userid input as [userID@extraID],\r
set following. \r
- if entered as [userid], above default set is used.\r
- if entered as [iserid@ID], matched set is used. \r
- (first extraset is used when [userid@guest]\r
- and second one when [userid@local])\r
+ if entered as [userID], above default set is used.\r
+ if entered as [iserID@extraID], matched set is used. \r
+ (first extraset is used when [userxx@guest]\r
+ and second one when [userxx@local])\r
\r
if other value(such as duration) is set in extraset\r
it overlays the default \r
-->\r
<!--\r
- <ExtraSet Id="guest">\r
+ <ExtraSet ExtraId="guest">\r
<AuthServer>\r
<Address>192.168.0.2</Address>\r
<Protocol>pop3s</Protocol>\r
</Duration>\r
</ExtraSet>\r
\r
- <ExtraSet Id="local">\r
+ <ExtraSet ExtraId="local">\r
<AuthServer>\r
<Protocol>pam</Protocol>\r
</AuthServer>\r
</ExtraSet>\r
+\r
-->\r
</Opengate> \r
\r
<DD>\r
Change accept page description.\r
</DD>\r
+<DT>\r
+Ver.1.3.5 at 2006.4.13</DT>\r
+<DD>\r
+Modify the errcheck and qa documentations. Add time information in address encoding. Add retry information page.\r
+</DD>\r
</DL>\r
<b>Please see CVS in SourceForge.net to check the file difference between versions.</b>\r
</BODY>\r
-<HTML>
-<head>
-<title>Opengate Error Check</title>
-</head>
-
-
-<body bgcolor=#fafff0>
-
-<H3>Opengate Error Check</H3>
-
-<P>
-As opengate interacts with many software, it is diffcult
-to recognize
-the behavior. Then this memo is prepared to assist debug. At now, this document describes for the system in version 1.1.x.
-<P>
-When error occured, check the stand alone action of each related software. Especially setting of ipfw is difficult and affects to many sides. At first, debug with ipfw fully open state. Then close it little by little.
-<P>
-Opengate uses following files, where the directorys are default. Is these files correctly settled.
-
-<PRE> /usr/local/www/cgi-bin/opengate/opengatesrv.cgi
- /usr/local/www/data/index.html.*
- /usr/local/www/data/opengate/Opengate.class
- /usr/local/www/data/opengate/OpengateClient.class
- /usr/local/www/data/opengate/*/index.html
- /usr/local/www/data/opengate/*/index-ssl.html
- /usr/local/www/data/opengate/*/accept.html
- /usr/local/www/data/opengate/*/accept2.html
- /usr/local/www/data/opengate/*/deny.html
- /etc/opengatesrv.conf
- /etc/opengatefw.pl
- /var/log/opengate.log
-</PRE>
-And Opengate creates a lock file [/tmp/opengate.lock] at execution.
-It can be removed.
-<P>
-Please understand the basic flow of the system by reading <A href="../progflow.html" >the description of system flow</A>.
-<P>
-Test programs are prepared as opengatesrv/test-*.
-<P>
-
-Following are the checking list for debugging.
-<UL>
-<LI>Japanese characters in html and java files cannot be understood.
-<P>
-<UL>
-<LI>Html sample files in English are saved in sub
- directory. Java messages are described in program comments.</LI>
-</UL>
-<P></P>
-<LI>Compiler tells the lack of librarys or headers.
-<P>
-<UL>
-<LI>Opengate after Ver.0.56 can be compiled on FreeBSD
- Ver.4.1.</LI>
-</UL>
-<P></P>
-
-<LI>Cannot redirect web access to gateway machine.
-<P>
-<UL>
-<LI>Opengatesrv.cgi is not yet loaded in this moment.
-
-<LI>Try to access opengate URL directly. If no response is returned, check the setting of Apache and HTML document directory. Check the Apache access log and Apache error log.
-
-<LI>Check default directory of Apache document. It may be different to this document.
-
-<LI>Check ipfw setting. Rule number of foward command must be larger than opengate rule numbers.
-
-<LI>If error occurs only when accessing sub page(not top page), [PageNotFound] setting in Apache httpd.conf may not be correct.
-
-<LI> In Microsoft Internet Explorer 5 or later, redirection to a page at [PageNotFound] cannot be done, when the size of the page is less than 512Bytes. Try to increase the size of the top page file larger than 512Bytes by adding space chacters. Reference <a href="http://support.microsoft.com/default.aspx?scid=kb;EN-US;q218155"
- >http://support.microsoft.com/default.aspx?scid=kb;EN-US;q218155</a>.
-
-<LI>Does the web access pass through the gateway? Only the packet passing through the gateway is redirected.
-
-<LI>Try to access by IP address. If domain name is not recognized, check the DNS setting.
-
-<LI>The top page cannot be settled under SSL.</LI>
-</UL>
-<P></P>
-
-<LI>Cannot jump to authentication page.
-<P>
-<UL>
-<LI>Many ADDRESS descriptions in HTML files must be changed to your site.
-
-<LI>Try manual jump. If sccess, check jump description of html.
-
-<LI>Try non SSL setting. If success, check about SSL.
-
-<LI>URL in authentication page must be described with
- full/absolute pass.</LI>
-</UL>
-
-<P></P>
-<LI>No reply or error reply to posting userID and password.
-<P>
-<UL>
-<LI>At this moment, [opengatesrv.cgi] is loaded.
-
-<LI>The authentication page cannot be the top page. Set up some top page from which authentication page is jumped.
-
-<LI>Check processes by [ps ax]. If [opengatesrv.cgi] is not loaded, check the directory of CGI and URL description in html file. Check Apache setting about CGI enable and CGI directory.
-
-<LI>If [opengatesrv.cgi] is loaded, check [/var/log/opengate.log]. Set [#define DEBUG 1] in [opengatesrv.h] for debug output to syslog.
-
-<LI>Check the firewall rule for the accessed terminal by entering [ipfw list]. Ipfw command requires root permission. Check [opengatesrv.cgi] has root permission.
-
-<LI>Check [opengatesrv.h] and [Makefile]. Does the settings match to the positions of files?
-
-<LI>Check applet insertion mark in [accept.html]. Does it match to the [#DEFINE] in [opengatesrv.h]?
-
-<LI>Check setting of web browser. Is Java Enabled?
-
-<LI>Check with other web browsers or other OSs. Error may be caused by browser's bug.
-
-<LI>Check the directory of Java Applet. Does it recognized by web server? Does the Java Applet run normally.
-
-<LI>Change the host description in [opengatesrv.conf]
- from domain name to IP address. If success, an error may occur in the name
- resolution.</LI>
-</UL>
-
-<P></P>
-<LI>Access is rejected, even though I send correct password.
-<P>
-<UL>
-<LI>Check [/var/log/opengate.log].
-
-<LI>Check [opengatesrv.conf]. Is the setting correct? The file must ended with return key.
-
-<LI>Try to access from gateway console to the authentication server. Does the server reply normally?
-
-<LI>Opengate assumes that the welcome message of FTP server is only one line. If the server puts out multiple lines, change the server setting or the routine in opengatesrv. Opengate(Ver.0.90l) is modeified to communicate such servers.
-
-<LI>If the client is already opened, the request form
- same client is rejected. Check the firewall state by accessing outside. At
- mulfunction of JavaApplet, the server side program waits for Java Applet
- connection, and closes firewall after fixed duration.</LI>
-</UL>
-
-<P></P>
-<LI>The accept page is displayed and the network is opened. But the network is closed after a while.
-<P>
-<UL>
-<LI>If userID is not shown in the yellow frame layouted in the page, Java Applet loading might be failed. Check the setting relating Java. Standard instalation of Netscape6 and InternetExplorer6 does not include JavaVM. At accessing Java page, download of JavaVM is requested. Please follow the messages. If it does not work, try other browser or other version. Some browser in some version cannot run Java Applet well. It might work after installation of SunJava2.
-<LI>If userID is shown, check message displayed by Java Applet. It might be caused by following.
-(1)No connection request comes from Java Applet. (2)No reply to hello message comes from Java Applet. (3)No packet from/to the terminal is passed through the gateway for a while. (4) Java Applet is terminated by unknown cause. (5)Server process is terminated by unknown cause.
-<LI>At no connection from Java Applet, the network is closed in the following cases. (1)The duration entered in auth page is passed. (2)No packet from/to the terminal is passed through the gateway for a while. (3)Arp command replys the different MAC address. (4)The TERMINATE link in accept page is clicked.
-
-<LI>
-If internet connection firewall(ICF) in WindowsXP is enabled, the connection is closed in some condition, but we cannot identify the condition. If occured, disable the firewall.
-
-<LI>
-In some browser, the connection was closed when the java applet page is removed. The behavior is dissolved in version 0.90h.
-
-<LI>Check [/var/log/opengate.log].
-
-<LI> Check above notes relating Java. Check network state with [netstat] or other tools. Check message displayed on web browser.
-
-<LI>If address translation system such as NAT or Proxy
- is inserted between the terminal and the gateway, opengate cannot work
- normally.</LI>
-</UL>
-
-<P></P>
-<LI>Accept page may be not normal.
-<P>
-<UL>
-<LI>In normal state, 2pages are displayed. In the first page, java Applet layouts yellow frame and shows user ID. In the second page, some links and cautions are displayed.
-<LI>If the yellow frame is not shown, Java Applet might not work normally. Check the items above.
-<LI>Second page is started by JavaScript. Check the javaScript setting at mulfunction. The second page exists only for convenience and is not needed for network control. If the window.open is denied only by Internet Explorer, the setting of the browser might corrupt. Reffer <A HREF="http://support.microsoft.com/support/kb/articles/q180/1/76.asp"
- > http://support.microsoft.com/support/kb/articles/q180/1/76.asp </A>It is occured in IE6 also.</LI>
-</UL>
-
-<P></P>
-<LI>The network is opened without authentication.
-<P>
-<UL>
-<LI>Check the application in client(terminal) machine. Is the web browser really terminated? For example,in MacOS, application can be resident in hidden state. In some OS, the application is resident forever. In this case, Java Applet is needed to modify such as adding close button.
-
-<LI>When the network is cut off or the terminal system is suddenly terminated, TCP close signal cannot be sent to gateway. Thus detection is delayed until next message exchange.
-
-<LI>When ipfw rule is failed to be removed, permanently
- open state is occured. In such case, remove the rule manually or reboot the
- system. After Ver.0.90e, a script(tools/rulechk) can remove the rules failed
- to remove at terminating the process. Set this as cron.</LI>
-</UL>
-<P></P>
-
-<LI>Accept page is displayed, but the network is closed.
-<P>
-<UL>
-<LI>Check ipfw rule with command [ipfw list]. Is the rule sequence correct?
-
-<LI>Check [/var/log/opengate.log].
-
-<LI>If redirect page does not include [NoCache]
- setting, the cached page is loaded responding to the another access. For
- example, if yahoo access is redirected to the opengate page, another yahoo
- access loads the cached opengate page, even if the network is opened.</LI>
-</UL>
-
-<P></P>
-<LI>I sent correct password, but denied.
-<P>
-<UL>
-<LI>Check the authentication server by sending request from console.
-<LI>Check the description in opengatesrv.conf, radius.conf and pam.conf.
-<LI>Check [/var/log/opengate.log].</LI>
-</UL>
-
-<P></P>
-<LI>Displayed page is not my desired language.
-<P>
-<UL>
-<LI>Check index.html, its directory and Makefile. These language IDs must be same The ID is case sensitive and is two bytes length.
-<LI>If you want to add new language, add new directory
- and files. Then add its ID in makefile.</LI>
-</UL>
-
-<P></P>
-<LI>Network troubles increased after the installation of this soft.
-<P>
-<UL>
-Please use latter versions. Do not use before Ver.0.54 which includes a serious bug.
-</UL>
-
-<P></P>
-<LI>Sometimes, there are very long response time (60sec or more) for authentication request.
-<P>
-<UL>
-Please discover the part waisting long time. We experienced following case. The setting "HostnameLookups" in httpd.conf is "On", and DNS servers do not have sufficient informations about clients. Then, very long time is wasted in name lookup. The trouble is canceled by setting the above switch "Off".
-</UL>
-<P></P>
-<LI>All is checked. I cannot know what to do.
-<P>
-<UL>
-<LI>Set [#define DEBUG 1] in [opengatesrv.h]. Program tracing is put out in syslog.
-<LI>Insert [err_msg()] in proper place in the program to get debug print. The function put out message to syslog. The sample usage exists in the program. Format is same as [printf()].
-<P></P></LI>
-</UL></LI>
-</UL>
-</body>
-</HTML>
+<META HTTP-EQUIV="Content-Type" CONTENT="text/html">\r
+<html LANG="jp">\r
+<head>\r
+\r
+<title>Opengate Error Check</title>\r
+</head>\r
+\r
+\r
+<body bgcolor=#fafff0>\r
+\r
+<H3>Opengate Error Check</H3>\r
+\r
+<P>As opengate interacts with many software, it is diffcult to recognize the behavior. Thus this memo is prepared to assist debug. </P>\r
+<UL>\r
+<LI>\r
+When error occured, check the stand alone action of each related software. Especially setting of ipfw is difficult and affects to many sides. At first, debug with ipfw fully open state. Then close it little by little. \r
+</LI><P></P>\r
+\r
+<LI>\r
+Opengate uses following files, where the directorys are default. Is these files correctly settled.\r
+<br>\r
+ /usr/local/www/data/index.html.var<br>\r
+ /usr/local/www/cgi-bin/opengate/(opengatesrv.cgi, opengatefwd.cgi, opengateauth.cgi)<br>\r
+ /usr/local/www/data/opengate/(Opengate.jar, Opengate.class, OpengateOlient.class)<br>\r
+ /usr/local/www/data/opengate/(ja, en)/(topindex.html, index.html, index-ssl.html, accept.html, accept2.hmtl, deny.html, deny-ssl.html)<br>\r
+ /etc/opengate/(opengatesrv.conf, rc.firewall, rc.irewall6, ipfwctrl.pl): Copy from *.sample<br>\r
+ /var/log/opengate.log<br>\r
+And Opengate creates a lock file [/tmp/opengate.lock] at execution. \r
+It can be removed.\r
+</LI><P></P>\r
+ \r
+<LI>\r
+Please understand the basic flow of the system by reading <A href="../progflow.html" >the description of system flow</A> and <A href="../protocol.txt">Protocol between applications</A>.\r
+</LI><P></P>\r
+\r
+<LI>\r
+Test programs are prepared as opengatesrv/test-*. </LI><P></P>\r
+\r
+<LI>\r
+Opengate put out info and error log to /var/log/opengate.log.\r
+At error, see the log file. If you set Debug switch to 1 in /etc/opengate/opengatesrv.conf, many debug info is dumped to the log file. See also the Apache log and system log.\r
+</LI><P></P>\r
+</UL>\r
+<hr>\r
+Following is the list of errors and the descriptions at each execution step in the form as;\r
+<ol>\r
+<LI>Normal Action</LI>\r
+<UL>\r
+<LI>Error State</LI>\r
+ <UL>\r
+ <LI>Description</LI>\r
+ </UL>\r
+ </UL>\r
+ </ol>\r
+ <HR>\r
+ \r
+<ol>\r
+\r
+<!-- ******************** -->\r
+<LI>Opengate is installed successfully.</LI>\r
+<UL>\r
+<LI>Compiler tells the lack of librarys or headers.</LI>\r
+ <UL>\r
+ <LI>Opengate after Ver.0.56 can be compiled on FreeBSD4 or later.\r
+ </LI>\r
+ </UL>\r
+\r
+ \r
+<LI>Make is successed but 'make install' is failed.</LI>\r
+ <UL>\r
+ <LI>'make install' should be run by Root user.</LI>\r
+ <LI>'make install' is failed, when opengate process is exist. Check by ps and kill it. </LI>\r
+ </UL>\r
+</UL>\r
+<P></P>\r
+<!-- ******************** -->\r
+\r
+<LI>When you access to an external URL by a browser, the packet is forwarded to local Apache server by the ipfw's fwd rule.\r
+</LI>\r
+<UL>\r
+<LI>The external URL is displayed.</LI>\r
+<UL>\r
+<LI>The firewall is opened for the client IP address. Check the ipfw setting. </LI>\r
+<LI>If opengate process exists, the corresponding firewall open rule exists. Check by ps and 'ipfw list'.</LI>\r
+<LI>If NAT is inserted between the server and clients, all clients uses the same IP address in upper side of NAT. Thus a allow rule for one IP address becomes to allow the all clients. Especially, be care for the setting of wireless LAN access point gateway.</LI>\r
+</UL>\r
+</UL>\r
+<P></P>\r
+<!-- ******************** -->\r
+\r
+<LI>Opengatefwd.cgi runs and sends out <a href=../pict/fwd.jpg>Refresh Request Page</a>. The page is made from the topindex.html by replacing keywords. The page is displayed for a while and go to next.\r
+</LI>\r
+\r
+<ul>\r
+<LI>Apache server replys no responce.</LI>\r
+<UL>\r
+<LI>Check the Apache server setting.</LI>\r
+</UL>\r
+\r
+<LI>Apache server sends back the default installation page.</LI>\r
+<UL>\r
+<LI>Check DocumentRoot/index.html.var. The file should be fromed to call opengatefwd.cgi.</LI>\r
+<LI>Check httpd.conf. The index.html.var should be set to use as default index.</LI>\r
+</UL>\r
+\r
+<LI>Apache server sends back File Not Found error.</LI>\r
+<UL>\r
+<LI>Check the existence of the file. </LI>\r
+<LI>Check the setting of ErrorDocument404 in httpd.conf.</LI>\r
+<LI>Check the matching of Apache directory, opengatesrv.conf and Makefile.</LI>\r
+</UL>\r
+\r
+<LI>Apache server sends back Internal error.</LI>\r
+<UL>\r
+<LI>Some bug might occurs. See the opengate.log, httpd-error.log, and others.</LI> \r
+<LI>If Debug switch in opengatesrv.conf is 1, many debug info is dumped to opengate.log.</LI>\r
+</UL>\r
+\r
+<LI>Apache server sends back the topindexx.html, but the keywords are not replaced.</LI>\r
+<UL>\r
+<LI>Check opengatesrv.conf and the html file, not to modify the keyword strings.</LI>\r
+<LI>When one line in html file is too long, the keyword replacement might be failed. Insert Return code properly.</LI>\r
+</UL>\r
+<LI>Others</LI>\r
+<UL>\r
+<LI>If you skip the refresh page and access direct to auth page, the cgi cannot run normally.</LI>\r
+<LI>First access should be the external site mediated by the opengate server.</UL> \r
+<LI>Direct access to the openagte server is not preferable.</LI>\r
+</UL>\r
+\r
+</UL>\r
+<P></P>\r
+<!-- ******************** -->\r
+\r
+<LI>Opengateauth.cgi runs. It send out <a href=../pict/auth.jpg>Auth Request Page</a>. The page is made from the index.html by replacing keywords. </LI>\r
+<UL>\r
+<LI>The refresh page does not move to auth page.</LI>\r
+<UL>\r
+<LI>Check the page source. If the keyword replacement is failed, check the description above.</LI>\r
+<LI>This page is accessed on SSL. If the page is displayed when refresh URL in topindex.html is changed to Non-SSL,check the apache SSL setting.</LI>\r
+</UL>\r
+\r
+<LI>Apache sends back Internal error or FileNotFound error.</LI>\r
+<UL>\r
+<LI>See the description above.</LI>\r
+</UL>\r
+</UL>\r
+<P></P>\r
+<!-- ******************** -->\r
+\r
+<LI>At sending correct user ID and password, opengatesrv.cgi runs and sends back <a href=../pict/accept.jpg>Accept Page</a>. The page is made from the accept.html(or accept-ssl.hmtl) by replacing keywords. </LI>\r
+\r
+\r
+<UL>\r
+<LI>Apache server sends back Deny Page.</LI>\r
+<UL>\r
+<LI>Check the AuthServer setting in opengatesrv.conf. To divide the problem of the auth servers, firstly you should run Opengate in setting AuthServer/Protocol as 'accept'. The setting means that all users are accepted without auth server access.</LI>\r
+\r
+<LI>Check the AuthServer setting in opengatesrv.conf.</LI>\r
+<LI>Check the action of auth server independent to Opengate.</LI>\r
+<LI>Be care that the ExtraSet in opengatesrv.conf overrides the default setting.</LI>\r
+</UL>\r
+\r
+<LI>Apache server sends back EndWebAndRetry Page.</LI>\r
+<UL>\r
+<LI>Opengate denys the overlapped request from the client already opened. </LI>\r
+<LI>For no-java client, opengate cannot close the network immediately at browser closing. The network for the client is opened for a while.</LI>\r
+</UL>\r
+\r
+<LI>Apache sends back Internal error or FileNotFound error.</LI>\r
+<UL>\r
+<LI>See above description.</LI>\r
+</UL>\r
+</UL>\r
+<P></P>\r
+<!-- ******************** -->\r
+\r
+<LI>In accept page, yellow bar is displayed. And user-id and start message are displayed in the bar.</LI>\r
+\r
+<UL>\r
+<LI>Yellow bar is not displayed.</LI>\r
+<UL>\r
+<LI>Java Applet does not run. Set up Java VM.</LI>\r
+<LI>If ClassNotFound message is displayed, check the directory of Java-class/jar files and applet description in the page.</LI>\r
+<LI>In no-Java mode, the network is opened for a while. the closing occurs when (a)specified duration is passed, (b)terminate link is clicked, (c)correspondence between IP address and MAC address is changed, (d)no packet is passed during a specific time length.</LI>\r
+</UL>\r
+</UL>\r
+<P></P>\r
+<!-- ******************** -->\r
+\r
+<LI>Another window for <a href=../pict/accept2.jpg>Start Page</a> is displayed.</LI>\r
+\r
+<UL>\r
+<LI>Another window is not popped up.</LI>\r
+<UL>\r
+<LI>If JavaScript is disabled, the window is not popped up.</LI>\r
+<LI>If the browser does not permit popup, the window is not popped up.</LI>\r
+<LI>To cope with these client, the start page link is prepared. Another window is prepared to save the window that runs Java Applet.</LI>\r
+</UL>\r
+</UL>\r
+<P></P>\r
+<!-- ******************** -->\r
+\r
+<LI>From this moment to browser closing, communication with various protocol can be allowed.</LI>\r
+\r
+<UL>\r
+<LI>The communication is not allowed.</LI>\r
+<UL>\r
+<LI>Check the allow rules by using 'ipfw list'. The ipfw command should be run by Root user. Check the S bit of opengatesrv.cgi.</LI>\r
+<LI>Do not close the browser. When the browser is closed, the network is closed.</LI>\r
+</UL>\r
+\r
+<LI>The communication is permitted for a while, but is not after some duration.</LI>\r
+<UL>\r
+<LI>For no-Java mode, see above description.</LI>\r
+<LI>When Java runs, the network is closed in the following conditions, (a)Java Applet is terminated (includes browser or OS termination), (b)Java Applet returns no reply to hello, (c)no packet is passed during a specific time length.</LI>\r
+</UL>\r
+\r
+</UL>\r
+<P></P>\r
+\r
+<!-- ******************** -->\r
+\r
+<LI>The message in yellow bar is changed every 10 minutes.</LI>\r
+\r
+<UL>\r
+<LI>The message is not changed.</LI>\r
+<UL>\r
+<LI>This means the failure of Hello exchange.</LI>\r
+</UL>\r
+\r
+\r
+</UL>\r
+<P></P>\r
+<!-- ******************** -->\r
+\r
+<LI>When the browser is terminated and restarted, the authentication is requested again.</LI>\r
+\r
+<UL>\r
+<LI>The authetication is not requested and accessed external page is displayed.</LI>\r
+<UL>\r
+<LI>When JavaApplet is not active, closing the network is delayed for a while. </LI>\r
+<LI>The deletion of allow rule in ipfw might be skipped when the opengate process is terminated abnormally. A script is prepared in tools directory to cope with the mistake.</LI>\r
+<LI>In some OS, the close button might mean resident behind the display.</LI>\r
+</UL>\r
+\r
+</UL>\r
+</ol>\r
+<HR>\r
+\r
+\r
+\r
+</body>\r
+</HTML>\r
<html>\r
<head>\r
<title>Opegnate Install</title>\r
-<meta http-equiv="content-type" content="text/html;charset=Shift_JIS">\r
+<meta http-equiv="content-type" content="text/html">\r
<link rel="stylesheet" type="text/css" media="screen" href="style.css">\r
</head>\r
\r
<LI>
What is the merit compared with various authentication systems for network usage proposed recently.
<BLOCKQUOTE>
-The merits of Opengate are as follows. Wide applicability about terminals, such as its hardware, software, management and connection. Minimum cost for user guidance and management. Easy implementation to existing network. Quick open at start usage and quick close at stop usage.
+The merits of Opengate are as follows. Wide applicability about terminals, such as its hardware, software, management and connection. Minimum cost for user guidance and management. Easy implementation to existing network. Quick open at start usage and quick close at stop usage. IPv4/IPv6 dual stack support.
</BLOCKQUOTE>
<LI>
Can the password secret be maintained?
<BLOCKQUOTE>
-Yes. Communication between client and opengate server can be protected by SSL. Communication between opengate server and authentication server can be protected by secure auth protocol.We implement pop3s, radius, and pam(which supports many secure protocols).
+Yes. Communication between client and opengate server can be protected by SSL. Communication between opengate server and authentication server can be protected by secure auth protocol.We implement pop3s, ftps, radius, and pam(which supports many secure protocols).
</BLOCKQUOTE>
<LI>
As the web pages are described in html files, it is easy to modify the design.
</BLOCKQUOTE>
+<LI>
+Can I display web pages with other language.
+
+<BLOCKQUOTE>
+Directorys named en and ja are the html documentations in english and japanese. Same as the directory, make the new language documentations. And modify the language setting in configuration file and index.html.var. To change the Java Applet message, modify the source of Java.
+</BLOCKQUOTE>
<LI>
Can I avoid atacks such as IP spoofing or DoS(Denial of Service)?
-<META HTTP-EQUIV="Content-Type" CONTENT="text/html;charset=Shift_JIS">
-<html LANG="jp">
-<head>
-
-<title>Opengate Error Check</title>
-</head>
-
-
-<body bgcolor=#fafff0>
-
-<H3>Opengate \83G\83\89\81[\83`\83F\83b\83N\8d\80\96Ú</H3>
-
-<P>
-Opengate
-\82Í\91½\82\82Ì\83\\83t\83g\83E\83F\83A\82Ì\8aÔ\82Ì\92\87\89î\82ð\8ds\82¤\82à\82Ì\82Å\82·\82Ì\82Å\81A\89½\82ª\8bN\82«\82Ä\82¢\82é\82Ì\82©\94»\92f\82ª\93ï\82µ\82¢\82Å\82·\81B\82Ü\82½\8c»\8fó\82Å\82Í\83f\83o\83b\83O\82Ì\82½\82ß\82É\90ê\97p\82Ì\8b@\94\\82Í\90Ý\92è\82µ\82Ä\82 \82è\82Ü\82¹\82ñ\81B\82»\82±\82Å\81A\82±\82Ì\83\81\83\82\82Í\81A\83C\83\93\83X\83g\81[\83\8b\82µ\82Ä\82à
-Opengate \82ª\93®\82©\82È\82¢\8e\9e\82Ì\8eQ\8dl\82Ì\82½\82ß\82É\8bL\82µ\82Ü\82·\81B \8c»\8dÝ\81A\82±\82Ì\83h\83L\83\85\83\81\83\93\83g\82ÍVersion 1.1.x\97p\82Å\82·\81B
-<P>
-\82¤\82Ü\82\93®\82©\82È\82¢\8fê\8d\87\81A\82Ü\82¸\81A\8aÖ\98A\82·\82é\83\\83t\83g\83E\83F\83A\82ª\8ae\81X\92P\93Æ\82Å\90³\8fí\93®\8dì\82·\82é\82©\8am\94F\82µ\82Ä\82\82¾\82³\82¢\81B\93Á\82É ipfw \82Ì\90Ý\92è\82Í\82 \82¿\82±\82¿\82É\89e\8b¿\82µ\82Ü\82·\82Ì\82Å\8f\\95ª\92\8d\88Ó\82ª\95K\97v\82Å\82·\81B\8dÅ\8f\89\82Íipfw\82ð\91S\8aJ\95ú\82É\8bß\82\90Ý\92è\82µ\82Ä\82¤\82Ü\82\93®\82\82Ì\82ð\8am\94F\82µ\82Ä\82©\82ç\95Â\82¶\82Ä\82\82¾\82³\82¢\81B
-<P>
-Opengate\82Í\88È\89º\82Ì\83t\83@\83C\83\8b\82ð\97\98\97p\82µ\82Ü\82·\81B\82±\82ê\82ç\82Í\90³\82µ\82\94z\92u\82³\82ê\82Ä\82¢\82Ü\82·\82©\81B\83f\83B\83\8c\83N\83g\83\8a\82Ídefault\88Ê\92u\82Å\82·\81B
-<PRE> /usr/local/www/cgi-bin/opengate/opengatesrv.cgi
- /usr/local/www/data/index.html.*
- /usr/local/www/data/opengate/Opengate.class
- /usr/local/www/data/opengate/OpengateClient.class
- /usr/local/www/data/opengate/*/index.html
- /usr/local/www/data/opengate/*/index-ssl.html
- /usr/local/www/data/opengate/*/accept.html
- /usr/local/www/data/opengate/*/accept2.html
- /usr/local/www/data/opengate/*/deny.html
- /etc/opengatesrv.conf
- /etc/opengatefw.pl
- /var/log/opengate.log
-</PRE>
- \82³\82ç\82É\81A\83\8d\83b\83N\83t\83@\83C\83\8b\82Æ\82µ\82Ä
-/tmp/opengate.lock\82ð\8eg\97p\82µ\82Ü\82·\82ª\81A\8dì\90¬\82Í\95s\97v\82Å\82·\81B\8fÁ\82µ\82Ä\82à\8d\\82¢\82Ü\82¹\82ñ\81B
-<P>
-
\95Ê
\82É
\81A<A href="../progflow.html" >
\83v
\83\8d\83O
\83\89\83\80\83t
\83\8d\81[
\89ð
\90à</A>
\82ð
\97p
\88Ó
\82µ
\82Ä
\82¢
\82Ü
\82·
\81B
\83v
\83\8d\83O
\83\89\83\80\82Ì
\8aî
\96{
\93I
\82È
\93®
\82«
\82ð
\94c
\88¬
\82µ
\82Ä
\82
\82¾
\82³
\82¢
\81B
-<P>
-\93®\82«\83`\83F\83b\83N\82Ì\82½\82ß\82É\83e\83X\83g\83v\83\8d\83O\83\89\83\80\82ð\97p\88Ó\82µ\82Ü\82µ\82½\81Bopengatesrv\92\86\82Étest-*\82Æ\82µ\82Ä\92u\82¢\82Ä\82¢\82Ü\82·\81B
-<P>
-
-\88È\89º\81A\8fÇ\8fó\96\88\82É\97ñ\8b\93\82µ\82Ü\82·\81B
-<UL>
-<LI>\83\89\83C\83u\83\89\83\8a\93\99\82ª\95s\91«\82µ\82Ä\82¢\82é\82Æ\82Ì\83R\83\93\83p\83C\83\8b\83G\83\89\81[\82ª\8fo\82Ü\82·\81B
-<P>
-<UL>
-<LI>Ver.0.56\88È\8d~\82Í\81AFreeBSDv4\82É\82Ä\93®\8dì\8am\94F\82µ\82Ä\82¢\82Ü\82·\81BFreeBSD3\82Å\82Í\83R\83\93\83p\83C\83\8b\83G\83\89\81[\82ª\94\90¶\82µ\82Ü\82·\81B</LI>
-</UL>
-<P></P>
-
-<LI>\83Q\81[\83g\83E\83F\83C\82Ì\83z\81[\83\80\83y\81[\83W\82Ö\83\8a\83_\83C\83\8c\83N\83g\82µ\82È\82¢\81B
-<P>
-<UL>
-<LI>\82±\82Ì\92i\8aK\82Å\82ÍOpengatesrv.cgi\82Ì\96{\91Ì\82Í\96³\8aÖ\8cW\82Å\82·\81B
-
-<LI>\93\96\83z\81[\83\80\83y\81[\83W\82ð\8ew\92è\82µ\82½\82Æ\82«\82Í\90³\8fí\82É\95\\8e¦\82³\82ê\82Ü\82·\82©\81B\82»\82¤\82Å\82È\82¢\82Æ\82«\82Í Apache \82Ì\90Ý\92è\82Ü\82½\82Í\83h\83L\83\85\83\81\83\93\83g\83t\83@\83C\83\8b\82Ì\88Ê\92u\90Ý\92è\82ð\8am\94F\82\82¾\82³\82¢\81B\82Ü\82½Apache\82Ì\83A\83N\83Z\83X\83\8d\83O\82¨\82æ\82Ñ\83G\83\89\81[\83\8d\83O\82ð\8am\94F\89º\82³\82¢\81B
-
-<LI>Apache\82Í\83o\81[\83W\83\87\83\93\82É\82æ\82Á\82Ä\83f\83B\83\8c\83N\83g\83\8a\82Ì\88Ê\92u\82ª\95Ï\82í\82Á\82Ä\82¢\82Ü\82·\81B\83C\83\93\83X\83g\81[\83\8b\83\81\83\82\82Æ\82Í\88Ù\82È\82é\82©\82à\92m\82ê\82Ü\82¹\82ñ\81B
-
-<LI>ipfw \82Ì\90Ý\92è\82Í\90³\82µ\82¢\82Å\82·\82©\81B\93Á\82Éfwd\82Ì\88Ê\92u\82ª\92Ç\89Á\83\8b\81[\83\8b\82æ\82è\97D\90æ\8f\87\88Ê\82ª\92á\82\82È\82Á\82Ä\82¢\82é\82©\8am\94F\82\82¾\82³\82¢\81B
-
-<LI>\90Ú\91±\82µ\82æ\82¤\82Æ\82µ\82½\82Ì\82ª\83T\83C\83g\82Ì\83g\83b\83v\83y\81[\83W\88È\8aO\82Ì\8fê\8d\87\81A\83g\83b\83v\83y\81[\83W\82Å\8e\8e\82µ\82Ä\82\82¾\82³\82¢\81B\82±\82ê\82Å\82¤\82Ü\82\82¢\82\82Ì\82Å\82 \82ê\82Î\81AApache httpd.conf\82É\82¨\82¢\82Ä PageNotFound \83G\83\89\81[\82Ì\82Æ\82«\82É\83g\83b\83v\83y\81[\83W\82ð\95\\8e¦\82·\82é\82æ\82¤\90Ý\92è\82³\82ê\82Ä\82¢\82é\82©\8am\94F\82\82¾\82³\82¢\81B
-
-<LI>Microsoft Internet Explorer 5
\88È
\8d~
\82Í
\81A
\83\8a\83_
\83C
\83\8c\83N
\83g
\90æ
\82Ì
\83y
\81[
\83W
\82ª512
\83o
\83C
\83g
\88È
\8fã
\82Å
\82È
\82¢
\82Æ
\81APageNotFound
\8e\9e\82Ì
\83\8a\83_
\83C
\83\8c\83N
\83g
\95\
\8e¦
\82ª
\82¤
\82Ü
\82
\82¢
\82«
\82Ü
\82¹
\82ñ
\81B
\83g
\83b
\83v
\83y
\81[
\83W
\82É
\8bó
\94\92\82ð
\90\94\95S
\83o
\83C
\83g
\92Ç
\89Á
\82µ
\82Ä
\82Ý
\82Ä
\82
\82¾
\82³
\82¢
\81B
\8eQ
\8dl
\8fî
\95ñ
\82Í<a href="http://www.microsoft.com/japan/support/kb/articles/JP218/1/55.asp"
- >http://www.microsoft.com/japan/support/kb/articles/JP218/1/55.asp</a>\82Å\82·\81B
-
-<LI>\90Ú\91±\82µ\82æ\82¤\82Æ\82µ\82½\83T\83C\83g\82Í\93\96\83Q\81[\83g\83E\83F\83C\82ð\92Ê\82Á\82½\90æ\82É\90Ý\92è\82³\82ê\82Ä\82¢\82Ü\82·\82©\81B\83Q\81[\83g\83E\83F\83C\82ð\92Ê\82é\92Ê\90M\82µ\82©\83\8a\83_\83C\83\8c\83N\83g\82Å\82«\82Ü\82¹\82ñ\81B
-
-<LI>\96¼\91O\82ª\89ð\8eß\82Å\82«\82È\82¢\82Ì\82È\82ç\81ADNS\82Ì\90Ý\92è\82ð\8am\94F\82\82¾\82³\82¢\81B
-
-<LI>\8dÅ\8f\89\82Ì\89æ\96Ê\82ÍSSL\89»\82µ\82È\82¢\82Å\82\82¾\82³\82¢\81B</LI>
-</UL>
-<P></P>
-
-<LI>\83\86\81[\83UID\82Æ\83p\83X\83\8f\81[\83h\82Ì\93ü\97Í\89æ\96Ê\82Ö\88Ú\8ds\82µ\82È\82¢\81B
-<P>
-<UL>
-<LI>HTML\83t\83@\83C\83\8b\82Ì\82 \82¿\82±\82¿\82É\83A\83h\83\8c\83X\82ª\8f\91\82©\82ê\82Ä\82¢\82Ü\82·\81B\82à\82ê\82È\82\8e©\95ª\82Ì\82Æ\82±\82ë\82Ì\83A\83h\83\8c\83X\82É\8f\91\82«\8a·\82¦\82Ä\82\82¾\82³\82¢\81B
-
-<LI>\8e©\93®\88Ú\93®\82ð\90Ý\92è\82µ\82Ä\82¢\82é\8fê\8d\87\82Í\8eè\93®\88Ú\93®\82Å\82Í\82Ç\82¤\82©\8am\94F\82\82¾\82³\82¢\81B
-
-<LI>\82r\82r\82k\89»\82µ\82Ä\82 \82ê\82Î\81A\82Ü\82¸\82Í\82r\82r\82k\96³\82µ\82Å\93®\82\82±\82Æ\82ð\8am\94F\82\82¾\82³\82¢\81B
-
-<LI>\88Ú\8ds\90æ\83A\83h\83\8c\83X\82Ì\8bL\8fq\82Í\81A\91\8a\91Î\83p\83X\82Å\82Í\82È\82\83t\83\8b\83p\83X\82Å\8ew\92è\82\82¾\82³\82¢\81B</LI>
-</UL>
-<P></P>
-<LI>\83\86\81[\83U ID \82Æ\83p\83X\83\8f\81[\83h\82ð\91\97\82Á\82Ä\82à\95Ô\8e\96\82ª\82È\82¢\81B\82Ü\82½\82Í\81AWeb \82ª\83G\83\89\81[\82ð\8bA\82·\81B
-<P>
-<UL>
-<LI>\82±\82Ì\92i\8aK\82Å Opengatesrv.cgi \83v\83\8d\83O\83\89\83\80\82ª\8bN\93®\82µ\82Ü\82·\81B\82æ\82Á\82Ä\97l\81X\82È\83G\83\89\81[\82Ì\89Â\94\\90«\82ª\82 \82è\82Ü\82·\81B
-
-<LI>\83g\83b\83v\83y\81[\83W\82ð\8fÈ\97ª\82µ\82Ä\92¼\90Ú\82É\83p\83X\83\8f\81[\83h\93ü\97Í\89æ\96Ê\82Ö\83\8a\83_\83C\83\8c\83N\83g\82·\82é\82æ\82¤\82É\90Ý\92è\82µ\82Ä\82¢\82é\82Æ\93®\82«\82Ü\82¹\82ñ\81B\95K\82¸\82P\83y\81[\83W\8co\97R\82µ\82Ä\82\82¾\82³\82¢\81B
-
-<LI>\81ups ax\81v\82É\82Ä\83v\83\8d\83Z\83X\8fó\8bµ\82ð\8am\94F\82\82¾\82³\82¢\81Bopengatesrv.cgi \82ª\8bN\93®\82³\82ê\82Ä\82¢\82Ü\82·\82©\81B\8bN\93®\82³\82ê\82Ä\82¢\82È\82¢\82È\82ç\81Acgi \82Ì\92u\82«\8fê\8f\8a\82ª\81A\83p\83X\83\8f\81[\83h\93ü\97Í\89æ\96Ê\93à\82Ì\8ew\92è\82Æ\8b¶\82Á\82Ä\82¢\82È\82¢\82©\8am\94F\82\82¾\82³\82¢\81B\82³\82ç\82É Apache \82Ì\90Ý\92è\82É\82¨\82¢\82Ä\81Acgi \82Ì\8fê\8f\8a\82â\89Ò\93®\8b\96\89Â\82Ì\90Ý\92è\82ª\8aÔ\88á\82Á\82Ä\82¢\82È\82¢\82©\8am\94F\82\82¾\82³\82¢\81B
-
-<LI>opengatesrv.cgi \82Ì\83v\83\8d\83Z\83X\82ª\8bN\93®\82³\82ê\82Ä\82¢\82é\82È\82ç /var/log/opengate.log \82ð\8am\94F\82\82¾\82³\82¢\81B\83G\83\89\81[\82ª\8fo\82Ä\82¢\82ê\82Î\82»\82ê\82É\91Î\89\9e\82\82¾\82³\82¢\81B\82Ü\82½\81Aopengatesrv.h\92\86\82Å\81u#define DEBUG 1\81v\82ð\8ew\92è\82·\82é\82Æ\81A\8dì\90¬\8aÖ\90\94\8aÔ\82Ì\8cÄ\82Ñ\8fo\82µ\82ªlog\82É\8bL\98^\82³\82ê\82Ü\82·\82Ì\82Å\81A\96â\91è\82Ì\90Ø\82è\95ª\82¯\82É\97\98\97p\82Å\82«\82Ü\82·\81B
-
-<LI>\81uipfw list\81v\82É\82Ä\81A\83A\83N\83Z\83X\82µ\82½\92[\96\96\82É\91Î\82·\82é\83\8b\81[\83\8b\82ª\92Ç\89Á\82³\82ê\82Ä\82¢\82é\82©\8am\94F\82\82¾\82³\82¢\81Bipfw \82Í root \8c \8cÀ\82ª\95K\97v\82Å\82·\81B\82à\82µ\92Ç\89Á\82³\82ê\82Ä\82¢\82È\82¢\8fê\8d\87\82É\82Í\81Aopengatesrv.cgi \82ª root \8c \8cÀ\82Å\93®\82\82æ\82¤\82É\82È\82Á\82Ä\82¢\82é\82©\8am\94F\82\82¾\82³\82¢\81B
-
-<LI>\83w\83b\83_\81[\83t\83@\83C\83\8b opengatesrv.h \81AMakefile\93à\82Ì\90Ý\92è\82ð\8am\94F\82\82¾\82³\82¢\81B\82»\82ê\82Æ Web \83h\83L\83\85\83\81\83\93\83g\93\99\82Ì\83t\83@\83C\83\8b\88Ê\92u\82Í\8d\87\92v\82µ\82Ä\82¢\82Ü\82·\82©\81B
-
-<LI>accept.html \82Ì\92\86\82É\81AApplet \91}\93ü\88Ê\92u\8ew\92è\82ª\90³\82µ\82\8ew\92è\82³\82ê\82Ä\82¢\82Ü\82·\82©\81B
-
-<LI>Web\83u\83\89\83E\83U\82ÍJava\82ª\89Ò\93®\89Â\94\\82Ì\90Ý\92è\82É\82È\82Á\82Ä\82¢\82Ü\82·\82©\81B
-
-<LI>\91¼\82ÌWeb\83u\83\89\83E\83U\82âOS\82Å\8am\94F\82\82¾\82³\82¢\81B
-
-<LI>Java \82Í\90³\82µ\82¢\88Ê\92u\82É\95Û\91¶\82µ\82Ä\82¢\82Ü\82·\82©\81B\82»\82Ì Java \82Í\90³\8fí\82É\93®\82\83v\83\8d\83O\83\89\83\80\82Å\82·\82©\81B
-
-<LI>conf\83t\83@\83C\83\8b\92\86\82Ì\83T\81[\83o\83A\83h\83\8c\83X\82ð\96¼\91O\82Å\82Í\82È\82\81A\90\94\8e\9a\95\\8bL\82É\82µ\82Ä\82Ý\82Ä\82\82¾\82³\82¢\81B</LI>
-</UL>
-<P></P>
-<LI>\90³\82µ\82\83p\83X\83\8f\81[\83h\82ð\93ü\82ê\82Ä\82¢\82é\82Í\82¸\82È\82Ì\82É\8b\91\94Û\82³\82ê\82é\81B
-<P>
-<UL>
-<LI>/var/log/opengate.log\82ð\92²\82×\82Ä\82\82¾\82³\82¢\81B
-
-<LI>server\96¼\82ªconf\83t\83@\83C\83\8b\82É\82 \82é\82Ì\82É\96³\82¢\82Ælog\83\81\83b\83Z\81[\83W\82ª\8fo\82é\82Æ\82«\81Aconf\83t\83@\83C\83\8b\82Ì\96\96\94ö\82É\89ü\8ds\82ª\94²\82¯\82Ä\82¢\82é\82±\82Æ\82ª\82 \82è\82Ü\82µ\82½\81B
-
-<LI>\83R\83\93\83\\81[\83\8b\82©\82ç\94F\8fØ\83T\81[\83o\82Ö\83A\83N\83Z\83X\82µ\82Ä\82Ý\82Ä\90³\82µ\82\93®\82\82©\8am\94F\89º\82³\82¢\81B
-
-<LI>
-FTP\83T\81[\83o\82É\82æ\82Á\82Ä\82Í\81AWelcome\83\81\83b\83Z\81[\83W\82È\82Ç\82ª\95¡\90\94\8ds\82É\82È\82Á\82Ä\82¢\82é\82±\82Æ\82ª\82 \82è\82Ü\82·\82ª\81AOpengate\82Í\88ê\8ds\82ð\89¼\92è\82µ\82Ä\93®\8dì\82µ\82Ü\82·\81BFTP\83T\81[\83o\82Ì\90Ý\92è\82ð\95Ï\8dX\82µ\82Ä\82\82¾\82³\82¢\81B\95Ï\8dX\95s\89Â\82È\82çOpengate\82Ì\89ï\98b\95\94\95ª\83\\81[\83X\82Ì\95Ï\8dX\82Å\91Î\89\9e\89º\82³\82¢\81BVer.0.90l\82Å\95¡\90\94\8ds\82É\91Î\89\9e\82µ\82Ü\82µ\82½\81B
-
-<LI>\8aJ\95ú\8dÏ\82Ì\92[\96\96\82©\82ç\8fd\95¡\82µ\82Ä\97v\8b\81\82ª\97\88\82é\82Æ\8b\91\94Û\82µ\82Ü\82·\81B\82»\82Ì\82Ü\82Ü\8aO\82Ì\83T\83C\83g\82ª\8c©\82¦\82é\82È\82ç\8aJ\95ú\82³\82ê\82Ä\82¢\82Ü\82·\81BJavaApplet\82ª\8bN\93®\82É\8e¸\94s\82µ\82½\8fê\8d\87\82Í\81A\83T\81[\83o\91¤\83v\83\8d\83Z\83X\82ÍJavaApplet\82ª\90Ú\91±\82µ\82Ä\82\82é\82Ì\82ðfirewall\82ð\8aJ\95ú\82µ\82Ä\88ê\92è\8e\9e\8aÔ\91Ò\82¿\81A\95Â\8d½\82µ\82Ä\8fI\97¹\82µ\82Ü\82·\81B</LI>
-
-</UL>
-
-<P></P>
-<LI>\97\98\97p\8b\96\89Â\82Ì\83y\81[\83W\82ª\95\\8e¦\82³\82ê\82é\82ª\82µ\82Î\82ç\82\8co\82Â\82Æ\83l\83b\83g\83\8f\81[\83N\82ª\90Ø\92f\82³\82ê\82é\81B
-<P>
-<UL>
-<LI>\97\98\97p\8b\96\89Â\82Ì\83y\81[\83W\82É\81A\89©\90F\82¢\83t\83\8c\81[\83\80\82Å\83\86\81[\83U\96¼\95\\8e¦\82ª\8fo\82Ä\82¢\82Ü\82·\82©\81B\8fo\82Ä\82¢\82È\82¯\82ê\82Î\81AJava\82Ì\8bN\93®\82É\8e¸\94s\82µ\82½\82æ\82¤\82Å\82·\81BJava\8aÖ\98A\82ð\8am\94F\82\82¾\82³\82¢\81B\82È\82¨Netscape6\81AInternetExplorer6\82Í\81A\95W\8f\80\83C\83\93\83X\83g\81[\83\8b\82Å\82ÍJava\82ª\93ü\82è\82Ü\82¹\82ñ\81B\8dÅ\8f\89\82ÌJava\83y\81[\83W\83A\83N\83Z\83X\8e\9e\82É\83_\83E\83\93\83\8d\81[\83h\82ª\97v\8b\81\82³\82ê\82Ü\82·\82Ì\82Å\83\81\83b\83Z\81[\83W\82É\8f]\82Á\82Ä\93±\93ü\82\82¾\82³\82¢\81B\82»\82ê\82Å\82à\93®\8dì\82ª\82¨\82©\82µ\82¢\8fê\8d\87\82Í\95Ê\82Ì\83u\83\89\83E\83U\82ð\8eg\82Á\82Ä\82Ý\82Ä\82\82¾\82³\82¢\81B\83o\81[\83W\83\87\83\93\82É\82æ\82Á\82Ä\82ÍJava\82ª\93®\82©\82È\82¢\8e\96\82ª\82 \82è\82Ü\82·\81BSunJava2\82ð\93±\93ü\82µ\82Ä\8c©\82Ä\82\82¾\82³\82¢\81B
-<LI>\8fo\82Ä\82¢\82ê\82Î\81AJavaApplet\82Ì\8fo\82·\83\81\83b\83Z\81[\83W\82ð\8am\94F\82\82¾\82³\82¢\81B\88È\89º\82Ì\8c´\88ö\82ª\8dl\82¦\82ç\82ê\82Ü\82·\81B(1)\83_\83E\83\93\83\8d\81[\83h\82µ\82½Java\82©\82ç\83T\81[\83o\82É\91Î\82µ\82Ä\83R\83l\83N\83g\82µ\82Ä\82±\82È\82¢\81B(2)Java\82ª\92è\8aú\92Ê\90M\82É\89\9e\93\9a\82µ\82È\82¢\81B(3)\93\96\92[\96\96\82Ì\83p\83P\83b\83g\82ª\88ê\92è\8aú\8aÔ\81A\83Q\81[\83g\83E\83F\83C\82ð\92Ê\89ß\82µ\82Ä\82¢\82È\82¢\81B(4)Java\8fI\97¹\82È\82Ç\82ÅTCP\83R\83l\83N\83V\83\87\83\93\82ª\95Â\82¶\82½\81B(5)\83T\81[\83o\83v\83\8d\83O\83\89\83\80\82ª\89½\82ç\82©\82Ì\8c´\88ö\82Å\8fI\97¹\82µ\82½\81B
-<LI>Java\82ª\83R\83l\83N\83g\82µ\82Ä\97\88\82È\82¢\8e\9e\82Í\81A\88È\89º\82Ì\8fê\8d\87\82É\95Â\8d½\82µ\82Ü\82·\81B(1)\94F\8fØ\83y\81[\83W\82Å\8ew\92è\82µ\82½\97\98\97p\8e\9e\8aÔ\82ª\8co\89ß\82µ\82½\81B(2)\93\96\92[\96\96\82Ì\83p\83P\83b\83g\82ª\88ê\92è\8aú\8aÔ\81A\83Q\81[\83g\83E\83F\83C\82ð\92Ê\89ß\82µ\82Ä\82¢\82È\82¢\81B(3)\94F\8fØ\8e\9e\82Æ\88Ù\82È\82éMAC\83A\83h\83\8c\83X\82ª\8c\9f\8fo\82³\82ê\82½\81B(4)\8b\96\89Â\83y\81[\83W\82Ì\97\98\97p\92\86\92f\83\8a\83\93\83N\82ª\89\9f\82³\82ê\82½\81B
-<LI>WindowsXP\82Ì\83C\83\93\83^\81[\83l\83b\83g\90Ú\91±\83t\83@\83C\83A\83E\83H\81[\83\8b(ICF)\82ª\90Ý\92è\82³\82ê\82Ä\82¢\82é\8fê\8d\87\82É\81A\90Ø\92f\82³\82ê\82é\82±\82Æ\82ª\82 \82è\82Ü\82·\81B\82µ\82©\82µ\81A\82Ç\82Ì\82æ\82¤\82È\8fð\8c\8f\89º\82Å\94\90¶\82·\82é\82©\82Í\94c\88¬\82Å\82«\82Ä\82¢\82Ü\82¹\82ñ\81B\94\90¶\82·\82é\8fê\8d\87\82Í\8aO\82µ\82Ä\82Ý\82Ä\82\82¾\82³\82¢\81B
-<LI>
-\83u\83\89\83E\83U\82É\82æ\82Á\82Ä\82Í\81AJavaApplet\95\\8e¦\83y\81[\83W\82©\82ç\83y\81[\83W\82ð\88Ú\93®\82·\82é\82Æ\90Ø\92f\82³\82ê\82é\82±\82Æ\82ª\82 \82è\82Ü\82µ\82½\82ª\81AVer0.90h\82Å\89ð\8fÁ\82µ\82Ü\82µ\82½\81B
-
-<LI>/var/log/opengate.log\82É\83G\83\89\81[\82ª\8fo\82Ä\82¢\82ê\82Î\82»\82ê\82ð\8eQ\8dl\82É\82µ\82Ä\82\82¾\82³\82¢\81B
-
-<LI>\8fã\8bL\8d\80\96Ú\82Ì Java \8aÖ\98A\82ð\8am\94F\82\82¾\82³\82¢\81B\82Ü\82½ netstat \93\99\82Å\83l\83b\83g\83\8f\81[\83N\8fó\8bµ\82ð\94c\88¬\82\82¾\82³\82¢\81BWeb\83u\83\89\83E\83U\89º\95\94\82Ì\83\81\83b\83Z\81[\83W\8ds\82É\89½\82©\8fo\82Ä\82È\82¢\82©\8am\94F\82\82¾\82³\82¢\81B
-
-<LI>\92[\96\96\82Æ\83Q\81[\83g\83E\83F\83C\83g\82Ì\8aÔ\82É\83L\83\83\83b\83V\83\85\83T\81[\83o\82âNAT\81CProxy\82È\82Ç\82ª\91¶\8dÝ\82·\82é\8fê\8d\87\81A\82»\82Ì\83T\81[\83o\82Ì IP
- \83A\83h\83\8c\83X\82ð\92[\96\96\83A\83h\83\8c\83X\82Æ\8cë\89ð\82·\82é\82½\82ß\81AApplet \82ª\90³\8fí\93®\8dì\82µ\82Ü\82¹\82ñ\81B\82±\82Ì\82æ\82¤\82È\8d\\90¬\82Í\94ð\82¯\82Ä\82\82¾\82³\82¢\81B</LI>
-
-</UL>
-<P></P>
-<LI>\97\98\97p\8b\96\89Â\83y\81[\83W\82Ì\95\\8e¦\82ª\82¨\82©\82µ\82¢\81B
-<P>
-<UL>
-<LI>\90³\8fí\82Å\82 \82ê\82Î\81A2\96\87\82Ì\83y\81[\83W\82ª\8fd\82È\82Á\82Ä\95\\8e¦\82³\82ê\82Ü\82·\81B\91æ1\83y\81[\83W\82É\82Í\81AJavaApplet\82ª\89©\90F\82Ì\98g\82Ì\92\86\82É\83\86\81[\83UID\93\99\82ð\95\\8e¦\82µ\82Ü\82·\81B\91æ2\83y\81[\83W\82É\82Í\81A\8ae\8eí\83\8a\83\93\83N\82Æ\97\98\97p\8fã\82Ì\92\8d\88Ó\82ª\92u\82©\82ê\82Ü\82·\81B
-<LI>\91æ1\83y\81[\83W\82É\89©\90F\82¢\98g\82ª\8fo\82È\82¢\8fê\8d\87\82Í\81AJavaApplet\82Ì\8bN\93®\82É\8e¸\94s\82µ\82½\82Æ\8dl\82¦\82ç\82ê\82Ü\82·\81B\8fã\8bL\82Ì\8d\80\96Ú\82ð\8eQ\8fÆ\82\82¾\82³\82¢\81B
-<LI>
\91æ2
\83y
\81[
\83W
\82ÍJavaScript
\82Å
\8fo
\82µ
\82Ä
\82¢
\82Ü
\82·
\81B
\8fo
\82È
\82¢
\8fê
\8d\87\82ÍJavaScript
\8aÖ
\98A
\82ª
\8b^
\82í
\82µ
\82¢
\82Å
\82·
\81B
\82½
\82¾
\82µ
\81A
\83y
\81[
\83W
\82ª
\8fo
\82È
\82
\82Ä
\82à
\97\98\97p
\82É
\8ex
\8fá
\82Í
\82 \82è
\82Ü
\82¹
\82ñ
\81B
\82È
\82¨
\81AInterner Explorer
\82Ì
\8fê
\8d\87\82Ì
\82Ý
\8bN
\82±
\82é
\82Ì
\82Å
\82 \82ê
\82Î
\81A
\83u
\83\89\83E
\83U
\82Ì
\90Ý
\92è
\82ª
\89ó
\82ê
\82Ä
\82¢
\82é
\82½
\82ß
\82©
\82à
\92m
\82ê
\82Ü
\82¹
\82ñ
\81B
\91¼
\82Ì
\83y
\81[
\83W
\82Å
\82à
\93¯
\8c»
\8fÛ
\82ª
\82 \82ê
\82Î
\88È
\89º
\82ð
\8c©
\82Ä
\82
\82¾
\82³
\82¢
\81B<A HREF="http://support.microsoft.com/support/kb/articles/q180/1/76.asp"
- > http://support.microsoft.com/support/kb/articles/q180/1/76.asp </A>\81BIE6\82Å\82à\8bN\82«\82Ü\82µ\82½\81B</LI>
-</UL>
-
-<P></P>
-<LI>\97\98\97p\94F\8fØ\82ð\92Ê\82ç\82È\82\82Ä\82à\8dÅ\8f\89\82©\82ç\83l\83b\83g\83\8f\81[\83N\82ª\97\98\97p\82Å\82«\82é\81B
-<P>
-<UL>
-<LI>\83N\83\89\83C\83A\83\93\83g\83}\83V\83\93\82ÉWeb\83u\83\89\83E\83U\82ª\8fí\92\93\82µ\82Ä\82¢\82Ü\82¹\82ñ\82©\81BMacintosh\82Å\82Í\81A\89æ\96Ê\8fã\82É\96³\82\82Ä\82à\89E\8fã\92[\82Ì\83A\83v\83\8a\83P\81[\83V\83\87\83\93\83\81\83j\83\85\81[\82É\8ec\82Á\82Ä\82¢\82é\82±\82Æ\82ª\82 \82è\82Ü\82·\81B\82Ü\82½\81A\82 \82é\8eí\82ÌOS\82Å\82Í\8fI\97¹\82Ì\8aT\94O\82Ì\82È\82¢\82à\82Ì\82ª\82 \82è\82Ü\82·\81B\82±\82Ì\8fê\8d\87\82Í\81Ajava\82É\8fI\97¹\83{\83^\83\93\82ð\95t\89Á\82·\82é\82È\82Ç\82Ì\83v\83\8d\83O\83\89\83\80\95Ï\8dX\82ª\95K\97v\82Å\82·\81B
-
-<LI>\83V\83X\83e\83\80\82Ì\93Ë\91R\92â\8e~\82â\83l\83b\83g\83\8f\81[\83N\82Ì\90Ø\92f\82Ì\82Æ\82«\82É\82Í\81A\83R\83l\83N\83V\83\87\83\93\82Ì\8fI\97¹\82ª\83T\81[\83o\82É\91Î\82µ\82Ä\91¦\8e\9e\82É\93`\82í\82è\82Ü\82¹\82ñ\81Bopengatesrv \82Í\81A\8e\9f\82Ì\92è\8aú\98A\97\8d\82Ì\8e\9e\82É\82»\82ê\82ð\8c\9f\8fo\82µ\82Ü\82·\82Ì\82Å\81A\82µ\82Î\82ç\82\91Ò\82Ä\82Î\95Â\8d½\82³\82ê\82é\82Í\82¸\82Å\82·\81B
-
-<LI>\82¢\82Â\82Ü\82Å\82à\95Â\8d½\82³\82ê\82È\82¢\8fê\8d\87\82Í\81A\89½\93\99\82©\82Ì\8c´\88ö\82Å ipfw
- \82Ì\83\8b\81[\83\8b\82ª\90¶\82«\8ec\82Á\82Ä\82µ\82Ü\82Á\82½\82à\82Ì\82Æ\8ev\82í\82ê\82Ü\82·\81B\8eè\93®\82Å\8dí\8f\9c\82·\82é\82©\83V\83X\83e\83\80\82ð\83\8a\83u\81[\83g\82µ\82Ä\82\82¾\82³\82¢\81BVer.0.90e\88È\8d~\82Å\82 \82ê\82Î\81A\83v\83\8d\83Z\83X\82Ì\88Ù\8fí\8fI\97¹\8e\9e\82É\90¶\82«\8ec\82Á\82½\83\8b\81[\83\8b\82ð\92T\82µ\82Ä\8dí\8f\9c\82·\82é\83X\83N\83\8a\83v\83g(tools/rulechk.sh)\82ª\97\98\97p\82Å\82«\82Ü\82·\81B
- \82±\82ê\82ðcron\8eÀ\8ds\82µ\82Ä\82\82¾\82³\82¢\81B
-
-<LI>\92[\96\96\82Æ\83Q\81[\83g\83E\83F\83C\83g\82Ì\8aÔ\82É NAT
- \82ª\91¶\8dÝ\82·\82é\8fê\8d\87\81A\93¯\88ê\83A\83h\83\8c\83X\82ð\8b¤\97L\82·\82é\82±\82Æ\82É\82È\82è\82Ü\82·\82Ì\82Å\81A\88ê\90l\82ª\8aJ\82¯\82ê\82Î\8b¤\97L\82³\82ê\82Ü\82·\81B\82±\82Ì\82æ\82¤\82È\8d\\90¬\82Í\94ð\82¯\82Ä\82\82¾\82³\82¢\81B</LI>
-</UL>
-<P></P>
-
-<LI>\97\98\97p\8b\96\89Â\82ð\92Ê\82Á\82½\82Ì\82É\83l\83b\83g\83\8f\81[\83N\82ª\97\98\97p\82Å\82«\82È\82¢\81B
-<P>
-<UL>
-<LI>\81uipfw list\81v\82Å ipfw \82Ì\83\8b\81[\83\8b\82ð\8am\94F\82\82¾\82³\82¢\81B\83\8b\81[\83\8b\82Ì\97D\90æ\8f\87\93\99\82Å\96µ\8f\82\82Í\82È\82¢\82Å\82·\82©\81B\83u\81[\83g\8e\9e\82Éipfw \8bN\93®\83G\83\89\81[\83\81\83b\83Z\81[\83W\82Í\8fo\82Ä\82È\82¢\82Å\82µ\82å\82¤\82©\81B
-
-<LI>/var/log/opengate.log\82É\83G\83\89\81[\82ª\8fo\82Ä\82¢\82ê\82Î\82»\82ê\82ð\8eQ\8dl\82É\82µ\82Ä\82\82¾\82³\82¢\81B
-
-<LI>Redirect\82³\82ê\82étoppage\82ª\81uNoCache\81v\82Ì\90Ý\92è\82ð\8e\9d\82Á\82Ä\82¢\82È\82¢\82Æ\81A\8dÄ\93x\82Ì\83A\83N\83Z\83X\82Å\82Í\83L\83\83\83b\83V\83\85\82ª\8eg\82í\82ê\82é\81B\97á\82¦\82Î\81AYahoo\83A\83N\83Z\83X\82ªOpengate\82ÖRedirect\82³\82ê\82½\82Æ\82«\82Í\81A\97á\82¦\83l\83b\83g\83\8f\81[\83N\82ª\8aJ\82¢\82Ä\82¢\82Ä\82à\81AYahoo\83A\83N\83Z\83X\82É\91Î\82µ\82ÄOpengate\82Ì\83y\81[\83W\82ª\83L\83\83\83b\83V\83\85\82©\82ç\8eæ\82è\8fo\82³\82ê\82é\81B</LI>
-</UL>
-<P></P>
-
-<LI>\90³\82µ\82¢\83p\83X\83\8f\81[\83h\82ð\91\97\82Á\82Ä\82¢\82é\82Í\82¸\82È\82Ì\82É\8b\91\94Û\82³\82ê\82é\81B
-<P>
-<UL>
-<LI>\97\98\97p\82µ\82Ä\82¢\82é\94F\8fØ\83T\81[\83o\82É\91Î\82µ\82Ä\92¼\90Ú\82É\83p\83X\83\8f\81[\83h\82ð\91\97\82Á\82Ä\94F\8fØ\83T\81[\83o\82Ì\8fó\91Ô\82ð\8am\94F\82\82¾\82³\82¢\81B
-
-<LI>/etc/opengatesrv.conf, radius.conf, pam.conf \82Ì\94F\8fØ\83T\81[\83o\90Ý\92è\82ª\82¨\82©\82µ\82\82È\82¢\82Å\82·\82©\81B
-
-<LI>/var/log/opengate.log\82É\83G\83\89\81[\82ª\8fo\82Ä\82¢\82ê\82Î\82»\82ê\82ð\8eQ\8dl\82É\82µ\82Ä\82\82¾\82³\82¢\81B</LI>
-</UL>
-
-<P></P>
-<LI>\83y\81[\83W\82ª\96]\82Þ\8c¾\8cê\88È\8aO\82Å\95\\8e¦\82³\82ê\82é\81B
-<P>
-<UL>
-<LI>index.html\93à\82Ì\8bL\8fq\81A \82»\82Ì\83f\83B\83\8c\83N\83g\83\8a\96¼\81A makefile\93à\82Ì\8bL\8fq\82ð\8am\82©\82ß\82Ä\82\82¾\82³\82¢\81B\8c¾\8cê\8ew\92è\82ÌID\82Í\88ê\92v\82·\82é\95K\97v\82ª\82 \82è\82Ü\82·\81BID\82Í\91å\95¶\8e\9a\81A\8f¬\95¶\8e\9a\82à\8bæ\95Ê\82µ\82Ü\82·\81BID\82Í2\95¶\8e\9a\82ð\8eg\97p\82µ\82Ü\82·\81B
-<LI>\90V\82µ\82¢\8c¾\8cê\82ð\92Ç\89Á\82·\82é\8e\9e\82Í\81A\93¯\97l\82È\8c`\8e®\82Å\83f\83B\83\8c\83N\83g\83\8a\82É\83t\83@\83C\83\8b\82ð\94z\92u\82µ\81AMakefile\82ÉID\82ð\92Ç\89Á\82\82¾\82³\82¢\81B</LI>
-</UL>
-
-<P></P>
-<LI>\93±\93ü\88È\8d~\81A\83T\81[\83o\82Ì\83l\83b\83g\83\8f\81[\83N\83g\83\89\83u\83\8b\82ª\91½\82¢\82æ\82¤\82¾\81B
-<P>
-<UL>
-<LI>
-\82Å\82«\82é\82¾\82¯\90V\82µ\82¢\82à\82Ì\82ð\97\98\97p\89º\82³\82¢\81B\93Á\82ÉVer.0.54\88È\91O\82É\82Í\81C\92·\8aú\89^\97p\82É\8dÛ\82µ\82Ä\92v\96½\93I\82È\83G\83\89\81[\82ð\8bN\82±\82·\83v\83\8d\83O\83\89\83\80\83~\83X\82ð\8aÜ\82ñ\82Å\82¢\82Ü\82µ\82½\81B</LI>
-
-</UL>
-<P></P>
-
-<LI>\94F\8fØ\92Ê\89ß\82É1\95ª\88È\8fã\82à\8a|\82©\82é\82±\82Æ\82ª\82 \82é\81B
-<P>
-<UL>
-<LI>
-\82Ü\82¸\82Í\82Ç\82±\82Å\8e\9e\8aÔ\82ð\97v\82µ\82Ä\82¢\82é\82©\82ð\90Ø\82è\95ª\82¯\82Ä\89º\82³\82¢\81B\93\96\95û\82Å\82Í\81AApache\82Ìhttpd.conf\82É\82¨\82¢\82Ä"HostnameLookups
- On"\82ª\90Ý\92è\82³\82ê\82Ä\82¢\82½\82½\82ß\81A\96¼\91O\89ð\8c\88\82É\8e\9e\8aÔ\82ð\97v\82µ\82½\82±\82Æ\82ª\82 \82è\82Ü\82·\81BOff\82É\90Ý\92è\82µ\82Ä\89ð\8c\88\82µ\82Ü\82µ\82½\81B</LI>
-
-</UL>
-<P></P>
-
-<LI>\82Ç\82¤\82µ\82æ\82¤\82à\82È\82\82È\82Á\82½\82Æ\82«
-<P>
-<UL>
-<LI>
-opengatesrv/opengatesrv.h\92\86\82É\81u#define
- DEBUG\81v\82Ì\92è\8b`\82ª\82 \82è\82Ü\82·\81B\82±\82ê\82ð\81u1\81v\82É\90Ý\92è\82·\82é\82Æ\81Aopengate.log\82É\83f\83o\83b\83O\8fo\97Í\82ª\8fo\82Ü\82·\81B\82Ü\82½\81Aerr_msg()\8aÖ\90\94\82Í\81A\8fo\97Í\82ðopengate.log\82É\8fo\82µ\82Ü\82·\81B\93K\93\96\82È\88Ê\92u\82É\91}\93ü\82µ\82Ä\89º\82³\82¢\81B\8eg\82¢\95û\82Í\81A\83v\83\8d\83O\83\89\83\80\92\86\82Ì\97á\82ð\8c©\82ê\82Î\95ª\82©\82é\82Æ\8ev\82¢\82Ü\82·\82ª\81Aprintf()\8aÖ\90\94\82Æ\93¯\82¶\95¶\96@\82Å\82·\81B</LI>
-
-</UL></LI>
-</UL>
-</body>
-</HTML>
+<META HTTP-EQUIV="Content-Type" CONTENT="text/html;charset=Shift_JIS">\r
+<html LANG="jp">\r
+<head>\r
+\r
+<title>Opengate Error Check</title>\r
+</head>\r
+\r
+\r
+<body bgcolor=#fafff0>\r
+\r
+<H3>Opengate \83G\83\89\81[\83`\83F\83b\83N\8d\80\96Ú</H3>\r
+\r
+<P>\r
+Opengate\82Í\91½\82\82Ì\83\\83t\83g\83E\83F\83A\82Ì\8aÔ\82Ì\92\87\89î\82ð\8ds\82¤\82à\82Ì\82Å\82·\82Ì\82Å\81A\89½\82ª\8bN\82«\82Ä\82¢\82é\82Ì\82©\94»\92f\82ª\93ï\82µ\82¢\82Å\82·\81B\82»\82±\82Å\81A\82±\82Ì\83\81\83\82\82Í\81A\83C\83\93\83X\83g\81[\83\8b\82µ\82Ä\82àOpengate \82ª\93®\82©\82È\82¢\8e\9e\82Ì\8eQ\8dl\82Ì\82½\82ß\82É\8bL\82µ\82Ü\82·\81B</P>\r
+<UL>\r
+<LI>\r
+\82¤\82Ü\82\93®\82©\82È\82¢\8fê\8d\87\81A\82Ü\82¸\81A\8aÖ\98A\82·\82é\83\\83t\83g\83E\83F\83A\82ª\8ae\81X\92P\93Æ\82Å\90³\8fí\93®\8dì\82·\82é\82©\8am\94F\82µ\82Ä\82\82¾\82³\82¢\81B\r
+
\8e\9e\82É
\81Aipfw
\82Ì
\90Ý
\92è
\82Í
\82 \82¿
\82±
\82¿
\82É
\89e
\8b¿
\82µ
\82Ü
\82·
\82Ì
\82Å
\8f\
\95ª
\92\8d\88Ó
\82ª
\95K
\97v
\82Å
\82·
\81B
\8dÅ
\8f\89\82Íipfw
\82ð
\91S
\8aJ
\95ú
\82É
\8bß
\82
\90Ý
\92è
\82µ
\82Ä
\82¤
\82Ü
\82
\93®
\82
\82Ì
\82ð
\8am
\94F
\82µ
\82Ä
\82©
\82ç
\95Â
\82¶
\82Ä
\82
\82¾
\82³
\82¢
\81B</LI><P></P>
\r+<LI>\r
+Opengate\82Í\88È\89º\82Ì\83t\83@\83C\83\8b\82ð\97\98\97p\82µ\82Ü\82·\81B\82±\82ê\82ç\82Í\90³\82µ\82\94z\92u\82³\82ê\82Ä\82¢\82Ü\82·\82©\81B\83f\83B\83\8c\83N\83g\83\8a\82Ídefault\88Ê\92u\82Å\82·\81B<br>\r
+ /usr/local/www/data/index.html.var<br>\r
+ /usr/local/www/cgi-bin/opengate/(opengatesrv.cgi, opengatefwd.cgi, opengateauth.cgi)<br>\r
+ /usr/local/www/data/opengate/(Opengate.jar, Opengate.class, OpengateOlient.class)<br>\r
+ /usr/local/www/data/opengate/(ja, en)/(topindex.html, index.html, index-ssl.html, accept.html, accept2.hmtl, deny.html, deny-ssl.html)<br>\r
+ /etc/opengate/(opengatesrv.conf, rc.firewall, rc.irewall6, ipfwctrl.pl): *.sample\82©\82ç\83R\83s\81[\81B<br>\r
+ /var/log/opengate.log<br>\r
+ \82³\82ç\82É\81A\83\8d\83b\83N\83t\83@\83C\83\8b\82Æ\82µ\82Ä/tmp/opengate.lock\82ð\8eg\97p\82µ\82Ü\82·\82ª\81A\8dì\90¬\82Í\95s\97v\82Å\82·\81B\8fÁ\82µ\82Ä\82à\8d\\82¢\82Ü\82¹\82ñ\81B\r
+ </LI><P></P>\r
+ \r
+<LI>\r
+
\95Ê
\82É
\81A<A href="../progflow.html" >
\83v
\83\8d\83O
\83\89\83\80\83t
\83\8d\81[
\89ð
\90à</A>
\82Æ<A href="../protocol.txt" >
\8aÖ
\98A
\83\
\83t
\83g
\8aÔ
\82Ì
\83v
\83\8d\83g
\83R
\83\8b</A>
\82ð
\97p
\88Ó
\82µ
\82Ä
\82¢
\82Ü
\82·
\81B
\83v
\83\8d\83O
\83\89\83\80\82Ì
\8aî
\96{
\93I
\82È
\93®
\82«
\82ð
\94c
\88¬
\82µ
\82Ä
\82
\82¾
\82³
\82¢
\81B</LI><P></P>
\r+\r
+<LI>\r
+
\82Ü
\82½
\81A
\83e
\83X
\83g
\83v
\83\8d\83O
\83\89\83\80\82ð
\97p
\88Ó
\82µ
\82Ü
\82µ
\82½
\81Bopengatesrv
\92\86\82Étest-*
\82Æ
\82µ
\82Ä
\92u
\82¢
\82Ä
\82¢
\82Ü
\82·
\82ª
\81A
\8eg
\82¢
\95û
\82Í
\83\
\81[
\83X
\82ð
\8c©
\82Ä
\82
\82¾
\82³
\82¢
\81B</LI><P></P>
\r+\r
+<LI>\r
+/var/log/opengate.log
\82É
\8aJ
\95ú
\81A
\95Â
\8d½
\82Ì
\83\8d\83O
\82¨
\82æ
\82Ñ
\83G
\83\89\81[
\83\8d\83O
\82ð
\8fo
\97Í
\82µ
\82Ü
\82·
\81B
\83G
\83\89\81[
\82Ì
\8fê
\8d\87\82Í
\82±
\82Ì
\83\8d\83O
\82ð
\8am
\94F
\82
\82¾
\82³
\82¢
\81B/etc/opengate/opengatesrv.conf
\93à
\82ÌDebug
\82ð1
\82É
\82·
\82é
\82Æ
\81A
\83f
\83o
\83b
\83O
\82Ì
\82½
\82ß
\82Ì
\8fî
\95ñ
\82ð
\91å
\97Ê
\82É
\8fo
\82·
\82æ
\82¤
\82É
\82È
\82è
\82Ü
\82·
\81B
\82Ü
\82½
\81AApache
\82Ì
\83\8d\83O
\82â
\83V
\83X
\83e
\83\80\83\8d\83O
\82ð
\8am
\94F
\82
\82¾
\82³
\82¢
\81B</LI><P></P>
\r+</UL>\r
+<hr>\r
+\88È\89º\81A\8ae\93®\8dì\82É\82Â\82¢\82Ä\81A\82»\82Ì\8e\9e\82Ì\83G\83\89\81[\8fó\8bµ\82Æ\91Î\89\9e\82ð\97ñ\8b\93\82µ\82Ü\82·\81B\r
+<ol>\r
+<LI>\90³\8fí\93®\8dì</LI>\r
+<UL>\r
+<LI>\83G\83\89\81[\8fó\91Ô</LI>\r
+ <UL>\r
+ <LI>\91Î\89\9e\90à\96¾</LI>\r
+ </UL>\r
+ </UL>\r
+ </ol>\r
+ <HR>\r
+ \r
+<ol>\r
+\r
+<!-- ******************** -->\r
+<LI>\83C\83\93\83X\83g\81[\83\8b\82·\82é\81B</LI>\r
+<UL>\r
+<LI>\83\89\83C\83u\83\89\83\8a\93\99\82ª\95s\91«\82µ\82Ä\82¢\82é\82Æ\82Ì\83R\83\93\83p\83C\83\8b\83G\83\89\81[\82ª\8fo\82é\81B</LI>\r
+ <UL>\r
+ <LI>Ver.0.56\88È\8d~\82Í\81AFreeBSDv4\82É\82Ä\93®\8dì\8am\94F\82µ\82Ä\82¢\82Ü\82·\81BFreeBSD3\82Å\82Í\83R\83\93\83p\83C\83\8b\83G\83\89\81[\82ª\94\90¶\82µ\82Ü\82·\81B\r
+ </LI>\r
+ </UL>\r
+\r
+ \r
+<LI>make\82Í\82Å\82«\82é\82ª\81Amake install\82ª\8e¸\94s\82·\82é\81B</LI>\r
+ <UL>\r
+ <LI>root\83\86\81[\83U\82Å\8ds\82¤\95K\97v\82ª\82 \82è\82Ü\82·\81B</LI>\r
+ <LI>opengate\82Ì\83v\83\8d\83Z\83X\82ª\8ec\97¯\82µ\82Ä\82¢\82é\82Æ\83C\83\93\83X\83g\81[\83\8b\82Å\82«\82Ü\82¹\82ñ\81Bps\82Å\8am\94F\82µ\82Äkill\82µ\82Ä\82\82¾\82³\82¢\81B</LI>\r
+ </UL>\r
+</UL>\r
+<P></P>\r
+<!-- ******************** -->\r
+\r
+<LI>\8aO\95\94URL\82ð\83A\83N\83Z\83X\82·\82é\82Æ\81Aipfw\82Ìfwd\83\8b\81[\83\8b\82É\82æ\82Á\82Äforward\82³\82ê\82Ä\81A\83p\83P\83b\83g\82Í\83\8d\81[\83J\83\8b\82ÌApache\83T\81[\83o\82É\8cü\82\81B</LI>\r
+<UL>\r
+<LI>\83A\83N\83Z\83X\82µ\82½\8aO\95\94URL\82Ì\83y\81[\83W\82ª\95\\8e¦\82³\82ê\82é\81B</LI>\r
+<UL>\r
+<LI>ipfw\82Ì\90Ý\92è\82ð\8am\94F\82\82¾\82³\82¢\81B\82Ü\82½\81Aopengate\83v\83\8d\83Z\83X\82ª\8ec\97¯\82µ\82Ä\82¢\82é\8fó\91Ô\82Å\82Í\83t\83@\83C\83A\83E\83H\81[\83\8b\82ª\8aJ\82¢\82Ä\82¢\82Ü\82·\81Bps\82âipfw list\82Å\8am\94F\82\82¾\82³\82¢\81B</LI>\r
+<LI>\83N\83\89\83C\83A\83\93\83g\82Æ\83T\81[\83o\8aÔ\82É\81AIP\83A\83h\83\8c\83X\82ð\8fW\96ñ\82·\82éNAT\82È\82Ç\82Ì\91\95\92u\82ª\82 \82é\82Æ\81A\94z\89º\82Ì\91S\83N\83\89\83C\83A\83\93\83g\82ª\93¯\88ê\82ÌIP\83A\83h\83\8c\83X\82Æ\82È\82é\82½\82ß\81A\88ê\82Â\82ª\8bó\82¯\82½\8c\8a\82ð\91¼\82Ì\91S\82Ä\82à\92Ê\89ß\82Æ\82È\82è\82Ü\82·\81B\93Á\82É\96³\90üLAN\91\95\92u\82Ì\90Ý\92è\82É\82Í\92\8d\88Ó\82\82¾\82³\82¢\81B</LI>\r
+</UL>\r
+</UL>\r
+<P></P>\r
+<!-- ******************** -->\r
+\r
+<LI>opengatefwd.cgi
\82ª
\93®
\8dì
\82µ
\82Ä
\81Atopindex.html
\82Ìkeyword
\82ð
\92u
\82«
\8a·
\82¦
\82½<a href=../pict/fwd.jpg>Refresh
\97v
\8b\81\83y
\81[
\83W</a>
\82ð
\91\97\82è
\8fo
\82·
\81B
\82±
\82Ì
\83y
\81[
\83W
\82Í
\92Z
\8e\9e\8aÔ
\82¾
\82¯
\95\
\8e¦
\82µ
\82Ä
\8e\9f\82É
\88Ú
\82é
\81B</LI>
\r+\r
+<ul>\r
+\r
+<LI>Apache\83T\81[\83o\82ª\94½\89\9e\82µ\82È\82¢\81B</LI>\r
+<UL>\r
+<LI>Apache\92P\93Æ\82Å\82Ì\93®\8dì\82ð\92²\8d¸\82\82¾\82³\82¢\81B</LI>\r
+</UL>\r
+\r
+<LI>Apache\83T\81[\83o\82ªdefault\83y\81[\83W\82ð\95Ô\82·\81B</LI>\r
+<UL>\r
+<LI>DocumentRoot\82Ìindex.html.var\82ª\81Aopengatefwd.cgi\82ð\8cÄ\82Ñ\8fo\82·\82æ\82¤\82É\82È\82Á\82Ä\82¢\82é\82©\82ð\8am\94F\82\82¾\82³\82¢\81B\82Ü\82½httpd.conf\82Å\82»\82Ìindex.html.var\82ª\8eg\82í\82ê\82é\82æ\82¤\82É\82È\82Á\82Ä\82¢\82é\82©\8am\94F\82\82¾\82³\82¢\81B</LI>\r
+</UL>\r
+\r
+<LI>Apache\83T\81[\83o\82ªFile Not Found\82Ì\83G\83\89\81[\82ð\95Ô\82·\81B</LI>\r
+<UL>\r
+<LI>\93\96\8aY\83t\83@\83C\83\8b\82Ì\91¶\8dÝ\82ð\8am\94F\82\82¾\82³\82¢\81B\82Ü\82½httpd.conf\82ÅErrorDocument404\82Ì\90Ý\92è\82ð\8am\94F\82\82¾\82³\82¢\81BApache\82ÌDocument\88Ê\92u\82Æopengatesrv.conf\81AMakefile\82Ì\8bL\8fq\82ª\88ê\92v\82µ\82Ä\82¢\82é\82©\8am\94F\82\82¾\82³\82¢\81B</LI>\r
+</UL>\r
+\r
+<LI>Apache\83T\81[\83o\82ªInternal\83G\83\89\81[\82ð\95Ô\82·\81B</LI>\r
+<UL>\r
+<LI>\89½\82ç\82©\82Ì\83o\83O\82ª\94\90¶\82µ\82Ä\82¢\82é\82Ì\82©\82à\92m\82ê\82Ü\82¹\82ñ\81Bopengate.log\81Ahttpd-error.log\82È\82Ç\82ð\8eQ\8fÆ\82µ\82Ä\82\82¾\82³\82¢\81Bopengatesrv.conf\82Ådebug\82ð1\82É\90Ý\92è\82·\82é\82Æopengate.log\82É\91å\97Ê\82Ì\8fî\95ñ\82ð\8fo\82µ\82Ü\82·\81B</LI>\r
+</UL>\r
+<LI>keyword\82ª\92u\82«\8a·\82¦\82ç\82ê\82¸\82É\82»\82Ì\82Ü\82Ü\82Ì\83y\81[\83W\82ª\95\\8e¦\82³\82ê\82é\81B</LI>\r
+<UL>\r
+<LI>opengate\82Ì\90Ý\92è\82ð\8am\94F\82\82¾\82³\82¢\81B\83y\81[\83W\82ð\95Ò\8fW\82µ\82½\8fê\8d\87\82Í\81A\83L\81[\83\8f\81[\83h\95¶\8e\9a\97ñ\82ð\8cë\82Á\82Ä\95Ï\8dX\82µ\82Ä\82¢\82È\82¢\82©\8am\94F\82\82¾\82³\82¢\81B\82Ü\82½\81AHTML\83t\83@\83C\83\8b\92\86\82Ì1\8ds\82ª\82 \82Ü\82è\82É\92·\82¢\82Æ\81A\95s\8bï\8d\87\82ð\8bN\82±\82µ\82Ü\82·\81B\93K\93x\82É\89ü\8ds\82ð\93ü\82ê\82Ä\82\82¾\82³\82¢\81B</LI>\r
+</UL>\r
+<LI>\82»\82Ì\91¼</LI>\r
+<UL>\r
+<LI>Refresh\97v\8b\81\83y\81[\83W\82ð\83X\83L\83b\83v\82·\82é\82Æ\90³\8fí\82É\93®\82«\82Ü\82¹\82ñ\81B</LI>\r
+<LI>\8dÅ\8f\89\82Ì\83A\83N\83Z\83X\82Í\81A\93\96\83}\83V\83\93\82ð\92Ê\89ß\82·\82é\82à\82Ì\82Å\82 \82é\95K\97v\82ª\82 \82è\82Ü\82·\81Bopengate\82Ì\83y\81[\83W\82ð\92¼\90Ú\8ew\92è\82µ\82Ä\82Ì\83A\83N\83Z\83X\82â\81A\83Q\81[\83g\83E\83F\83C\82ð\92Ê\82ç\82È\82¢\83A\83N\83Z\83X\82Í\96³\8cø\82Å\82·\81B</LI>\r
+</UL>\r
+\r
+</UL>\r
+<P></P>\r
+<!-- ******************** -->\r
+\r
+<LI>
\8e\9f\82Éopengateauth.cgi
\82ª
\93®
\8dì
\82µ
\82Ä
\81Aindex.html
\82Ìkeyword
\82ð
\92u
\82«
\8a·
\82¦
\82½<a href=../pict/auth.jpg>
\94F
\8fØ
\97v
\8b\81\83y
\81[
\83W</a>
\82ð
\91\97\82è
\8fo
\82·
\81B
\82±
\82Ì
\83y
\81[
\83W
\82Í
\94F
\8fØ
\97v
\8b\81\82ð
\95\
\8e¦
\82·
\82é
\81B</LI>
\r+<UL>\r
+<LI>Refresh\97v\8b\81\83y\81[\83W\82Å\92â\8e~\82µ\82Ä\81A\94F\8fØ\97v\8b\81\83y\81[\83W\82Ö\88Ú\8ds\82µ\82È\82¢\81B</LI>\r
+<UL>\r
+<LI>\83y\81[\83W\83\\81[\83X\82ð\8am\94F\82\82¾\82³\82¢\81Bkeyword\82ª\92u\82«\8a·\82¦\82ç\82ê\82Ä\91Ã\93\96\82ÈRefresh\8bL\8fq\82É\82È\82Á\82Ä\82¢\82È\82¯\82ê\82Î\8fã\8bL\82ð\8eQ\8fÆ\82\82¾\82³\82¢\81B</LI>\r
+<LI>\82±\82Ì\83y\81[\83W\82ÍSSL\82Å\82Ì\83A\83N\83Z\83X\82Æ\82È\82Á\82Ä\82¢\82Ü\82·\81Btopindex.html\93à\82ÌRefresh\8bL\8fq\82ðhttps\82©\82çhttp\82É\95Ï\8dX\82·\82é\82Æ\95\\8e¦\82³\82ê\82é\8fê\8d\87\82Í\81AApache\82ÌSSL\90Ý\92è\82ð\8am\94F\82\82¾\82³\82¢\81B</LI>\r
+</UL>\r
+\r
+<LI>Apache\82ªInternal\83G\83\89\81[\82âFileNotFound\83G\83\89\81[\82È\82Ç\82ð\8fo\82·\81B</LI>\r
+<UL>\r
+<LI>\8fã\8bL\82Ì\90à\96¾\82ð\8eQ\8fÆ\82\82¾\82³\82¢\81B</LI>\r
+</UL>\r
+</UL>\r
+<P></P>\r
+<!-- ******************** -->\r
+\r
+<LI>
\94F
\8fØ
\97v
\8b\81\83y
\81[
\83W
\82É
\83\86\81[
\83UID
\82Æ
\83p
\83X
\83\8f\81[
\83h
\82ð
\93ü
\82ê
\82Ä
\94F
\8fØ
\97v
\8b\81\82ð
\91\97\82é
\82Æ
\81Aopengatesrv.cgi
\82ª
\8bN
\93®
\82µ
\82Ä
\81Aaccept.html(
\82Ü
\82½
\82Íaccept-ssl.html)
\82Ìkeyword
\82ð
\92u
\82«
\8a·
\82¦
\82½<a href=../pict/accept.jpg>
\8b\96\89Â
\83y
\81[
\83W</a>
\82ð
\95\
\8e¦
\82·
\82é
\81B</LI>
\r+\r
+<UL>\r
+<LI>\94F\8fØ\8e¸\94s\82Ì\83y\81[\83W\82ª\95\\8e¦\82³\82ê\82é\81B</LI>\r
+<UL>\r
+<LI>opengatesrv.conf\82Ì\94F\8fØ\83T\81[\83o\90Ý\92è\82ð\8am\94F\82\82¾\82³\82¢\81B\8dÅ\8f\89\82ÍAuthServer/Protocol\82ðaccept\82É\82µ\82Ä\81Aopengate\92P\93Æ\82Å\82Ì\90³\8fí\93®\8dì\82ð\8am\94F\82µ\82Ä\82\82¾\82³\82¢\81B</LI>\r
+<LI>opengatesrv.conf\82Ì\94F\8fØ\83T\81[\83o\90Ý\92è\82â\94F\8fØ\83T\81[\83o\92P\93Æ\82Å\82Ì\93®\8dì\82ð\8am\94F\82\82¾\82³\82¢\81B</LI>\r
+<li>opengatesrv.conf\93à\82ÅExtraSet\82Ì\90Ý\92è\82ª\82 \82é\82Æ\81Adefault\90Ý\92è\82ð\8fã\8f\91\82«\82µ\82Ü\82·\81B</li>\r
+</UL>\r
+\r
+<LI>EndWebAndRetry\82Ì\83y\81[\83W\82ª\95\\8e¦\82³\82ê\82é\81B</LI>\r
+<UL>\r
+<LI>\8aù\82É\8aJ\95ú\82³\82ê\82Ä\82¢\82é\92[\96\96\82©\82ç\82Ì\97v\8b\81\82ð\8b\91\94Û\82µ\82Ä\82¢\82Ü\82·\81B\83u\83\89\83E\83U\82ÌBack\93\99\82ð\8eg\82Á\82Ä\8dÄ\93x\94F\8fØ\97v\8b\81\82ð\82µ\82½\82Æ\82«\82È\82Ç\82É\8bN\82«\82Ü\82·\81B\8dÄ\8e\8e\8ds\82·\82ê\82Î\81A\94F\8fØ\83y\81[\83W\82Å\82Í\82È\82\96Ú\93I\82Æ\82·\82é\8aO\95\94\83y\81[\83W\82ª\95\\8e¦\82³\82ê\82é\82Í\82¸\82Å\82·\81B</li>\r
+<LI>JavaApplet\82ª\93®\82©\82È\82¢\8fê\8d\87\82É\82Í\81A\83u\83\89\83E\83U\82ð\8fI\97¹\82µ\82Ä\82à\91¦\8e\9e\95Â\8d½\82Æ\82È\82ç\82¸\81A\82µ\82Î\82ç\82\82Í\8aJ\95ú\8fó\91Ô\82É\82 \82è\82Ü\82·\81B</li>\r
+</UL>\r
+\r
+<LI>Apache\82ªInternal\83G\83\89\81[\82âFileNotFound\83G\83\89\81[\82È\82Ç\82ð\8fo\82·\81B</LI>\r
+<UL>\r
+<LI>\8fã\8bL\82Ì\90à\96¾\82ð\8eQ\8fÆ\82\82¾\82³\82¢\81B</LI>\r
+</UL>\r
+</UL>\r
+<P></P>\r
+<!-- ******************** -->\r
+\r
+<LI>\8b\96\89Â\83y\81[\83W\82É\81A\89©\90F\82¢\83o\81[\82ª\95\\8e¦\82³\82ê\81A\82±\82±\82É\83\86\81[\83U\96¼\82Æ\90³\8fí\8bN\93®\82Ì\83\81\83b\83Z\81[\83W\82ª\8fo\82é\81B</LI>\r
+\r
+<UL>\r
+<LI>\89©\90F\82¢\83o\81[\82ª\95\\8e¦\82³\82ê\82È\82¢\81B</LI>\r
+<UL>\r
+<LI>JavaApplet\82ª\93®\8dì\82µ\82Ä\82¢\82Ü\82¹\82ñ\81B\83u\83\89\83E\83U\82ÅJavaVM\82ª\93®\8dì\82·\82é\82æ\82¤\82É\90Ý\92è\82µ\82Ä\82\82¾\82³\82¢\81B</LI>\r
+<LI>ClassNotFound\82Ì\83\81\83b\83Z\81[\83W\82ª\8fo\82é\82Æ\82«\82Í\81AJava\82Ìclass\83t\83@\83C\83\8b\82Ü\82½\82Íjar\83t\83@\83C\83\8b\82Ì\88Ê\92u\8ew\92è\82ð\8am\94F\82\82¾\82³\82¢\81B</LI>\r
+<LI>\82±\82Ì\8fê\8d\87\82à\81A\82µ\82Î\82ç\82\82Í\83l\83b\83g\83\8f\81[\83N\82ª\97\98\97p\82Å\82«\82Ü\82·\81B\95Â\8d½\82Í\88È\89º\82Ì\8e\9e\82É\8bN\82«\82Ü\82·\81B\81u\8ew\92è\8e\9e\8aÔ\82ª\8co\89ß\81v\81u\8fI\97¹\83\8a\83\93\83N\82ð\83N\83\8a\83b\83N\81v\81uIP\83A\83h\83\8c\83X\82É\91Î\82·\82éMAC\83A\83h\83\8c\83X\82ª\95Ï\89»\81v\81u\88ê\92è\8e\9e\8aÔ\83p\83P\83b\83g\82ª\92Ê\82ç\82È\82¢\81v\81B</LI>\r
+</UL>\r
+</UL>\r
+<P></P>\r
+<!-- ******************** -->\r
+\r
+<LI>
\83l
\83b
\83g
\97\98\97p
\82Ì
\82½
\82ß
\82Ì<a href=../pict/accept2.jpg>
\83X
\83^
\81[
\83g
\83y
\81[
\83W</a>
\82ð
\95Ê
\83E
\83C
\83\93\83h
\83E
\82Æ
\82µ
\82Ä
\95\
\8e¦
\82·
\82é
\81B</LI>
\r+\r
+<UL>\r
+<LI>\95Ê\83E\83C\83\93\83h\83E\82ª\83|\83b\83v\83A\83b\83v\82µ\82È\82¢\81B</LI>\r
+<UL>\r
+<LI>JavaScript\82ª\97L\8cø\82É\82È\82Á\82Ä\82¢\82È\82¢\82Æ\83|\83b\83v\83A\83b\83v\82µ\82Ü\82¹\82ñ\81B</LI>\r
+<LI>\83u\83\89\83E\83U\82Å\83|\83b\83v\83A\83b\83v\8bÖ\8e~\82É\90Ý\92è\82³\82ê\82Ä\82¢\82é\82Æ\83|\83b\83v\83A\83b\83v\82µ\82Ü\82¹\82ñ\81B</LI>\r
+<LI>\82±\82ê\82ç\92[\96\96\82É\91Î\89\9e\82·\82é\82½\82ß\82É\95Ê\83E\83C\83\93\83h\83E\82ð\8aJ\82\82½\82ß\82Ì\83\8a\83\93\83N\82ð\95t\82¯\82Ä\82¢\82Ü\82·\81B\82È\82¨\81AJavaApplet\82Ì\83y\81[\83W\82ð\95Û\8e\9d\82Å\82«\82ê\82Î\81A\95Ê\83E\83C\83\93\83h\83E\82ª\8fo\82È\82\82Ä\82à\97\98\97p\82É\8ex\8fá\82Í\82 \82è\82Ü\82¹\82ñ\81B</LI>\r
+</UL>\r
+</UL>\r
+<P></P>\r
+<!-- ******************** -->\r
+\r
+<LI>\82±\82ê\88È\8d~\81A\83u\83\89\83E\83U\82ð\8fI\97¹\82·\82é\82Ü\82Å\81AWeb\83A\83N\83Z\83X\82ð\8aÜ\82Þ\97l\81X\82È\83v\83\8d\83g\83R\83\8b\82Ì\92Ê\90M\82ª\89Â\94\\82Æ\82È\82é\81B</LI>\r
+\r
+<UL>\r
+<LI>\8b\96\89Â\83y\81[\83W\82ª\95\\8e¦\82³\82ê\82½\82Ì\82É\81A\92Ê\90M\82ª\92Ê\82ç\82È\82¢\81B</LI>\r
+<UL>\r
+<LI>ipfw list\83R\83}\83\93\83h\82Å\81A\8b\96\89Â\83\8b\81[\83\8b\82ª\92Ç\89Á\82³\82ê\82Ä\82¢\82é\82±\82Æ\82ð\8am\94F\82\82¾\82³\82¢\81B\83\8b\81[\83g\8c \8cÀ\82Å\93®\82©\82È\82¢\82Æipfw\83R\83}\83\93\83h\82Í\94\8ds\82ª\8fo\97\88\82Ü\82¹\82ñ\81Bopengatesrv.cgi\83t\83@\83C\83\8b\82ÉS\83r\83b\83g\82ª\97§\82Á\82Ä\82¢\82é\82±\82Æ\82ð\8am\94F\82\82¾\82³\82¢\81B</LI>\r
+<LI>\83u\83\89\83E\83U\82ð\8fI\97¹\82µ\82È\82¢\82Å\82\82¾\82³\82¢\81B\8dÅ\8f¬\89»\8fó\91Ô\82Å\82à\82©\82Ü\82¢\82Ü\82¹\82ñ\81B\8fI\97¹\82·\82é\82ÆJavaApplet\82©\82ç\82Ì\98A\97\8d\82É\82æ\82è\83l\83b\83g\83\8f\81[\83N\82ª\95Â\8d½\82³\82ê\82Ü\82·\81B</LI>\r
+</UL>\r
+<LI>\8b\96\89Â\83y\81[\83W\82ª\95\\8e¦\82³\82ê\82Ä\82µ\82Î\82ç\82\82Í\92Ê\90M\82ª\8fo\97\88\82é\82ª\81A\89½\95ª\82©\8co\82Â\82Æ\92Ê\90M\82ª\92Ê\82ç\82È\82\82È\82é\81B</LI>\r
+<UL>\r
+<LI>JavaApplet\82ª\93®\82¢\82Ä\82¢\82È\82¢\8fê\8d\87\82Ì\90à\96¾\82Í\8fã\82ð\8eQ\8fÆ\82\82¾\82³\82¢\81B</LI>\r
+<LI>JavaApplet\89Ò\93®\8e\9e\82É\82Í\81A\88È\89º\82Ì\82¢\82¸\82ê\82©\82Å\95Â\8d½\82³\82ê\82Ü\82·\81B\81uJavaApplet\82ª\92â\8e~\82·\82é\81i\83u\83\89\83E\83U\92â\8e~\81AOS\92â\8e~\82É\94º\82¤\92â\8e~\82ð\8aÜ\82Þ)\81v\81u10\95ª\82²\82Æ\82ÌHello\83\81\83b\83Z\81[\83W\8cð\8a·\82ÉJavaApplet\82ª\88ê\92è\89ñ\90\94\95Ô\93\9a\82µ\82È\82¢\81v\81u\88ê\92è\8e\9e\8aÔ\83p\83P\83b\83g\82ª\92Ê\82ç\82È\82¢\81v\81B</LI>\r
+</UL>\r
+\r
+</UL>\r
+<P></P>\r
+\r
+<!-- ******************** -->\r
+\r
+<LI>10\95ª\82²\82Æ\82É\89©\90F\82¢\83o\81[\82Ì\92\86\82Ì\95\\8e¦\82ª\95Ï\82í\82é\81B</LI>\r
+\r
+<UL>\r
+<LI>\8dÅ\8f\89\82Ì\90³\8fí\8aJ\8en\82Ì\83\81\83b\83Z\81[\83W\82Ì\82Ü\82Ü\95Ï\82í\82ç\82È\82¢\81B</LI>\r
+<UL>\r
+<LI>Hello\83\81\83b\83Z\81[\83W\82Ì\8cð\8a·\82É\8e¸\94s\82µ\82Ä\82¢\82Ü\82·\81B</LI>\r
+</UL>\r
+\r
+\r
+</UL>\r
+<P></P>\r
+<!-- ******************** -->\r
+\r
+<LI>\83u\83\89\83E\83U\82ð\8fI\97¹\82µ\82½\8cã\82Å\81A\8dÄ\93x\8bN\93®\82µ\82Ä\8aO\95\94URL\82ð\83A\83N\83Z\83X\82·\82é\82Æ\81A\8dÄ\82Ñ\94F\8fØ\89æ\96Ê\95\\8e¦\82É\82È\82é\81B</LI>\r
+\r
+<UL>\r
+<LI>\8aO\95\94URL\82ª\95\\8e¦\82³\82ê\82é\81B</LI>\r
+<UL>\r
+<LI>JavaApplet\82ª\93®\82¢\82Ä\82¢\82È\82¢\8fê\8d\87\81A\92x\89\84\95Â\8d½\82Æ\82È\82è\82Ü\82·\81B\82È\82¨\81A\88Ù\8fí\8fI\97¹\82É\82æ\82Á\82Ä\81A\8b\96\89Â\83\8b\81[\83\8b\82Ì\8dí\8f\9c\82ª\8ds\82í\82ê\82È\82¢\82±\82Æ\82ª\82 \82é\82©\82à\92m\82ê\82Ü\82¹\82ñ\81B\82±\82ê\82ª\90¶\82¶\82é\82Æ\82«\82Í\81Atools\89º\82É\97p\88Ó\82µ\82½\96³\91Ê\83\8b\81[\83\8b\8dí\8f\9c\82Ì\83X\83N\83\8a\83v\83g\82ð\97\98\97p\82\82¾\82³\82¢\81B</LI>\r
+<LI>OS\82É\82æ\82Á\82Ä\82Í\81A\8fI\97¹\82Æ\8ev\82í\82ê\82é\8f\88\97\9d\82ª\8fI\97¹\82Å\82Í\82È\82\8fí\92\93\94ñ\95\\8e¦\82Å\82 \82é\82±\82Æ\82ª\82 \82è\82Ü\82·\81B</LI>\r
+</UL>\r
+\r
+</UL>\r
+</ol>\r
+<HR>\r
+\r
+\r
+\r
+</body>\r
+</HTML>\r
<LI>
\8dÅ\8bß\81A\82³\82Ü\82´\82Ü\82È\83l\83b\83g\83\8f\81[\83N\94F\8fØ\83V\83X\83e\83\80\82ª\94\95\\82³\82ê\82Ä\82¢\82é\82æ\82¤\82Å\82·\82ª\81B
<BLOCKQUOTE>
-Opengate\82Í\88È\89º\82Ì\93_\82ð\96\9e\82½\82µ\82Ä\82¢\82é\93_\82ª\93Á\92¥\82Æ\8dl\82¦\82Ü\82·\81B\92[\96\96\82É\91Î\82·\82é\83\\83t\83g\81A\83n\81[\83h\81A\90Ý\92u\8c`\91Ô\81A\90Ú\91±\95û\96@\82È\82Ç\82Ì\90§\8cÀ\82ª\8f\82È\82¢\8e\96\81B\97\98\97p\8eÒ\82Ì\8ew\93±\82â\8aÇ\97\9d\82ª\8dÅ\8f¬\8cÀ\82Å\8dÏ\82Þ\8e\96\81B\88ê\94Ê\93I\82È\83\\83t\83g/\83n\81[\83h\82Å\8d\\90¬\82³\82ê\82Ä\82¨\82è\81A\8aù\91¶\83l\83b\83g\83\8f\81[\83N\82Ö\82Ì\93±\93ü\82ª\97e\88Õ\82Å\82 \82é\8e\96\81B\97\98\97p\8aJ\8en/\8fI\97¹\82É\8dÛ\82µ\82Ä\91¦\8dÀ\82É\83l\83b\83g\83\8f\81[\83N\82Ì\8aJ\95ú/\95Â\8d½\82ª\8ds\82í\82ê\82é\8e\96\81B
+Opengate\82Í\88È\89º\82Ì\93_\82ð\96\9e\82½\82µ\82Ä\82¢\82é\93_\82ª\93Á\92¥\82Æ\8dl\82¦\82Ü\82·\81B\92[\96\96\82É\91Î\82·\82é\83\\83t\83g\81A\83n\81[\83h\81A\90Ý\92u\8c`\91Ô\81A\90Ú\91±\95û\96@\82È\82Ç\82Ì\90§\8cÀ\82ª\8f\82È\82¢\8e\96\81B\97\98\97p\8eÒ\82Ì\8ew\93±\82â\8aÇ\97\9d\82ª\8dÅ\8f¬\8cÀ\82Å\8dÏ\82Þ\8e\96\81B\88ê\94Ê\93I\82È\83\\83t\83g/\83n\81[\83h\82Å\8d\\90¬\82³\82ê\82Ä\82¨\82è\81A\8aù\91¶\83l\83b\83g\83\8f\81[\83N\82Ö\82Ì\93±\93ü\82ª\97e\88Õ\82Å\82 \82é\8e\96\81B\97\98\97p\8aJ\8en/\8fI\97¹\82É\8dÛ\82µ\82Ä\91¦\8dÀ\82É\83l\83b\83g\83\8f\81[\83N\82Ì\8aJ\95ú/\95Â\8d½\82ª\8ds\82í\82ê\82é\8e\96\81BIPv4\82ÆIPv6\82Ì\97¼\95û\82Ì\92Ê\90M\82ð\93¯\8e\9e\82É\8aJ\95ú\95Â\8d½\82Å\82«\82é\82±\82Æ\81B
</BLOCKQUOTE>
<LI>
\83p\83X\83\8f\81[\83h\82Ì\8eç\94é\82Í\95Û\82Ä\82Ü\82·\82©\81B
<BLOCKQUOTE>
-\92[\96\96\82Æ\83Q\81[\83g\83E\83F\83C\8aÔ\82ÍWeb\92Ê\90M\82Å\83p\83X\83\8f\81[\83h\82ð\91\97\82è\82Ü\82·\81B\82æ\82Á\82ÄWeb\83T\81[\83o\82ðSSL\89»\82·\82ê\82Î\8eç\94é\82ª\95Û\82Ä\82Ü\82·\81B\83Q\81[\83g\83E\83F\83C\82Æ\94F\8fØ\83T\81[\83o\82Ì\8aÔ\82Í\81A\8eç\94é\8b@\94\\82Ì\82 \82é\94F\8fØ\83v\83\8d\83g\83R\83\8b\82É\82æ\82ê\82Î\89Â\94\\82Å\82·\81BOpengate\82Í\81Apop3s,Radius,PAM\82É\91Î\89\9e\82µ\82Ä\82¢\82Ü\82·\81BPAM\82Í\91½\82\82Ì\94F\8fØ\83v\83\8d\83g\83R\83\8b\82ð\83T\83|\81[\83g\82µ\82Ü\82·\81B
+\92[\96\96\82Æ\83Q\81[\83g\83E\83F\83C\8aÔ\82ÍWeb\92Ê\90M\82Å\83p\83X\83\8f\81[\83h\82ð\91\97\82è\82Ü\82·\81B\82æ\82Á\82ÄWeb\83T\81[\83o\82ðSSL\89»\82·\82ê\82Î\8eç\94é\82ª\95Û\82Ä\82Ü\82·\81B\83Q\81[\83g\83E\83F\83C\82Æ\94F\8fØ\83T\81[\83o\82Ì\8aÔ\82Í\81A\8eç\94é\8b@\94\\82Ì\82 \82é\94F\8fØ\83v\83\8d\83g\83R\83\8b\82É\82æ\82ê\82Î\89Â\94\\82Å\82·\81BOpengate\82Í\81Apop3s,ftps,Radius,PAM\82É\91Î\89\9e\82µ\82Ä\82¢\82Ü\82·\81BPAM\82Í\91½\82\82Ì\94F\8fØ\83v\83\8d\83g\83R\83\8b\82ð\83T\83|\81[\83g\82µ\82Ü\82·\81B
</BLOCKQUOTE>
<LI>
\8aeWeb\83y\81[\83W\82ÍHTML\83t\83@\83C\83\8b\82Æ\82µ\82Ä\93Æ\97§\82µ\82Ä\82¢\82Ü\82·\81B\82±\82ê\82ð\8f\91\82«\82©\82¦\82é\82±\82Æ\82Å\8aÈ\92P\82É\82Å\82«\82Ü\82·\81B
</BLOCKQUOTE>
+<LI>
+\89p\8cê\81A\93ú\96{\8cê\88È\8aO\82Ì\95\\8e¦\82É\82µ\82½\82¢\82Ì\82Å\82·\82ª\81B
+
+<BLOCKQUOTE>
+en,ja\82Ì\83f\83B\83\8c\83N\83g\83\8a\82ª\81A\89p\8cê\82Æ\93ú\96{\8cê\82Ì\8bL\8fq\82Å\82·\81B\82±\82ê\82ð\8eQ\8dl\82É\82µ\82Ä\93¯\82¶\83f\83B\83\8c\83N\83g\83\8a\8d\\90¬\82ÅHTML\83t\83@\83C\83\8b\82ð\8dì\90¬\82µ\82Ä\82\82¾\82³\82¢\81B\82³\82ç\82É\81A\90Ý\92è\83t\83@\83C\83\8b\92\86\82Ì\8c¾\8cê\90Ý\92è\82Æindex.html.var\82ð\92Ç\89Á\95Ï\8dX\82µ\82Ä\82\82¾\82³\82¢\81B\82Ü\82½\81AJavaApplet\82Ì\95\\8e¦\82ð\95Ï\82¦\82é\82½\82ß\82É\83\\81[\83X\92\86\82Ì\83\81\83b\83Z\81[\83W\82ð\92Ç\89Á\95Ï\8dX\82\82¾\82³\82¢\81B
+</BLOCKQUOTE>
<LI>
IP\83A\83h\83\8c\83X\82É\82æ\82è\91\8a\8eè\82ð\8am\94F\82µ\82Ä\82¢\82é\82æ\82¤\82Å\82·\82ª\81AIP\83X\83v\81[\83t\83B\83\93\83O\82Í\96â\91è\82Å\82Í\82È\82¢\82Å\82·\82©\81B\82Ü\82½\83T\81[\83r\83X\96W\8aQ\8dU\8c\82\82É\82Í\91Î\89\9e\82Å\82«\82Ü\82·\82©\81B\82»\82Ì\91¼\82Ì\83A\83^\83b\83N\82É\91Î\82µ\82Ä\82Í\82Ç\82¤\82Å\82·\82©\81B
-<HTML>
-<head>
-<title>Flow of Opengate</title>
-</head>
-
-
-<body bgcolor=#fafff0>
-
-<H3>Flow of Opengate</H3>Following is the flow of the
-Opengate system.
-
-<OL>
-
-<LI>
-An user on the client machine accesses to some URL such as [eg., http://www.some.site/ or http://www.some.site/some/path].
-</LI>
-
-<LI>
-Suppose that some URL has an IPv6 address and an IPv4 address. The client machine gives priority to IPv6 HTTP and use it. But ip6fw is closed. IPv6 HTTP is timeout.
-</LI>
-
-<LI>
-The client machine retries to access with IPv4 HTTP.
-</LI>
-
-<LI>
-Ipfw checks the packet passing though the gateway. For packets from closed client, the forward rule as [ipfw add 60000 fwd localhost tcp from 192.168.1.0/16 to any http] is applied.
-</LI>
-
-<LI>
-The web server in localhost(gateway) receives the packet as [GET / or /some/path]
-</LI>
-
-<LI>
-The root index file [index.html.var] is accessed in both cases, because the httpd.conf
- is set as [ErrorDocument 404 /]
-</LI>
-
-<LI>The [index.html.var] file invokes a CGI program [opengatefwd.cgi?en] where the option is the language prefered by client[en].
-</LI>
-
-<LI>The CGI program [opengatefwd.cgi] gets client IPv4 address from [REMOTE_ADDR], encodes the address, reads in [topindex.html], replaces keywords(encoded IPv4 address and others) in the file, and sends back [topindex.html].
-</LI>
-
-<LI>
-The browser receives the reply [topindex.html]. But the browser misunderstands that the reply is returned from www.some.site.
-</LI>
-
-<LI>
-To remove this misunderstanding, the [topindex.html] is described to jump to gateway URL as [META HTTP-EQUIV="Refresh" CONTENT="1; URL=http://opengate.og.saga-u.ac.jp/cgi-bin/opengateauth.cgi?333333333-3&en"], where option [333333333-3] is the encoded IPv4 address and [en] is the prefered language. By [refresh] code, the browser accesses the URL automatically.
-</LI>
-
-<LI>The CGI program [opengateauth.cgi] gets the options, reads [index.html], replaces the keywords in the file, and send back [index.html].
-</LI>
-
-<LI>
-The browser receives the authentication request page[index.html]. The encoded IPv4 address and language are descibed with hidden tag in the page.
-</LI>
-
-<LI>
-The user enters userid and password to this page, and clicks button to call Opengate main CGI [FORM METHOD="POST" ACTION="http://opengate.saga-u.ac.jp/cgi-bin/opengate/opengatesrv.cgi"]. If IPv6 is enabled, the acess is done by IPv6. If not, done by IPv4.
-</LI>
-
-<LI>
-The Opengate main CGI[opengatesrv.cgi] starts and processes the following.
-</LI>
-
-<LI>
-The CGI gets the userid[eg., user1 or user1@id1], password, encoded IPv4 address[eg., 333333333-3] , and language from POST data. The CGI also gets IPv6 address[eg., 2001:e38:10::111] from [REMOTE_ADDR].
-CGI gets MAC address from NDP or ARP.
-</LI>
-
-<LI>
-CGI reads configuration file[opengatesrv.conf] and gets the information about the authentication server[default](at [user1]) or [id1](at [user1@id1]).
-</LI>
-
-<LI>
-CGI sends userid[user1] and password to the authentication server indexed as [default] (or [id1]).
-</LI>
-
-<LI>
-After passing the authentication, CGI inserts IPv4 firewall rule [ipfw add 10000 allow ip from 192.168.1.111 to any] and [ipfw add 10000 allow ip from any to 192.168.1.111], and inserts IPv6 firewall rule [ip6fw add 10000 allow ipv6 from 2001:e38:10::111 to any] and [ip6fw add 10000 allow ipv6 from any to 2001:e38:10::111]. The rules indicate the pass of packet to/from the client. The perl script can be used for more flexible ipfw control.
-</LI>
-
-<LI>
-CGI reports to syslog that the firewall is opened
-[Jun 16 19:14:11 ... START: user user1 use IPv6 and IPv4 at 00:00:00:00:00:00],
-[Jun 16 19:14:11 ... OPEN: user user1 from 192.168.1.111...] and
-[Jun 16 19:14:11 ... OPEN: user user1 from 2001:e38:10::111].
-</LI>
-
-<LI>
-CGI reads reply page file [accept.html], replaces keywords, and sends it to the client. The page
-describes the dowloading of java applet [applet code='Opengate.class'...] and the opening of second page
-[window.open("http://.../accept2.html")].
-</LI>
-
-<LI>
-CGI generates a watch process and exits.
-</LI>
-
-<LI>
-The watch process waits for the java applet to connect.
-</LI>
-
-<LI>
-If no connection in DURATIONDEFAULT seconds, CGI removes the firewall rule {ipfw del 10000] and terminates. If duration is entered in auth page, the time is extended to the time. To cope with hijacking and notting, periodical execution of arp check and firewall packet inquiry.
-</LI>
-
-<LI>
-If connected, the watch process watchs the TCP connection linked to the client. When the TCP connection is closed, the watch process removes the firewall rule and terminates.
-</LI>
-
-<LI>
-The watch process sends 'hello' to the client every ACTIVECHECKINTERVAL seconds. If no reply in HELLOWAITTIMEOUT seconds, the watch process removes the firewall rule and terminates.
-</LI>
-
-<LI>
-The watch process gets number of passed packets matched to the inserted rule from IPv4 and IPv6 firewall
-[ipfw -a list 10000], [ip6fw -a list 10000] every ACTIVECHECKINTERVAL seconds. If the packet count does not increase in NOPACKETINTERVAL seconds, the watch process removes the firewall rule and terminates.
-</LI>
-
-<LI>
-At termination, the watch process reports the filewall close to syslog [Jun 16 22:11:55 ... CLOS: user user1 from 192.168.0.111...], [Jun 16 22:11:55 ... CLOS: user user1 from 2001:e38:10::111...] and [Jun 16 22:11:55 ... END: user user1 at 00:00:00:00:00:00].
- </LI>
-
-
-
-
-
-</OL>
-
-
-
-</body>
-</HTML>
-
-
-
-
+<HTML>\r
+<head>\r
+<title>Flow of Opengate</title>\r
+</head>\r
+\r
+\r
+<body bgcolor=#fafff0>\r
+\r
+<H3>Flow of Opengate</H3>Following is the flow of the \r
+Opengate system.\r
+\r
+<OL>\r
+\r
+<LI>\r
+An user on the client machine accesses to some URL such as [eg., http://www.some.site/ or http://www.some.site/some/path].\r
+</LI>\r
+\r
+<LI>\r
+Suppose that some URL has an IPv6 address and an IPv4 address. The client machine gives priority to IPv6 HTTP and use it. But ip6fw is closed. IPv6 HTTP is timeout.\r
+</LI>\r
+\r
+<LI>\r
+The client machine retries to access with IPv4 HTTP.\r
+</LI>\r
+\r
+<LI>\r
+Ipfw checks the packet passing though the gateway. For packets from closed client, the forward rule as [ipfw add 60000 fwd localhost tcp from 192.168.1.0/16 to any http] is applied.\r
+</LI>\r
+\r
+<LI>\r
+The web server in localhost(gateway) receives the packet as [GET / or /some/path]\r
+</LI>\r
+\r
+<LI>\r
+The root index file [index.html.var] is accessed in both cases, because the httpd.conf\r
+ is set as [ErrorDocument 404 /]\r
+</LI>\r
+\r
+<LI>The [index.html.var] file invokes a CGI program [opengatefwd.cgi?en] where the option is the language prefered by client[en].\r
+</LI>\r
+\r
+<LI>The CGI program [opengatefwd.cgi] gets client IPv4 address from [REMOTE_ADDR], encodes the address, reads in [topindex.html], replaces keywords(encoded IPv4 address and others) in the file, and sends back [topindex.html].\r
+</LI>\r
+\r
+<LI>\r
+The browser receives the reply [<a href=pict/fwd.jpg>topindex.html</a>]. But the browser misunderstands that the reply is returned from www.some.site. \r
+</LI>\r
+\r
+<LI>\r
+To remove this misunderstanding, the [topindex.html] is described to jump to gateway URL as [META HTTP-EQUIV="Refresh" CONTENT="1; URL=http://opengate.og.saga-u.ac.jp/cgi-bin/opengateauth.cgi?333333333-3-11111111&en"], where option [333333333-3-11111111] is the encoded IPv4 address(include check code) and [en] is the prefered language. By [refresh] code, the browser accesses the URL automatically. \r
+</LI>\r
+\r
+<LI>The CGI program [opengateauth.cgi] gets the options, reads [index.html], replaces the keywords in the file, and send back [index.html].\r
+</LI>\r
+\r
+<LI>\r
+The browser receives the authentication request page[<a href=pict/auth.jpg>index.html</a>]. The encoded IPv4 address and language are descibed with hidden tag in the page.\r
+</LI>\r
+\r
+<LI>\r
+The user enters userid and password to this page, and clicks button to call Opengate main CGI [FORM METHOD="POST" ACTION="http://opengate.saga-u.ac.jp/cgi-bin/opengate/opengatesrv.cgi"]. If IPv6 is enabled, the acess is done by IPv6. If not, done by IPv4. \r
+</LI>\r
+\r
+<LI>\r
+The Opengate main CGI[opengatesrv.cgi] starts and processes the following.\r
+</LI>\r
+\r
+<LI>\r
+The CGI gets the userid[eg., user1 or user1@id1], password, encoded IPv4 address[eg., 333333333-3] , and language from POST data. The CGI also gets IPv6 address[eg., 2001:e38:10::111] from [REMOTE_ADDR]. \r
+CGI gets MAC address from NDP or ARP.\r
+</LI>\r
+\r
+<LI>\r
+CGI reads configuration file[opengatesrv.conf] and gets the information about the authentication server[default](at [user1]) or [id1](at [user1@id1]).\r
+</LI>\r
+\r
+<LI>\r
+CGI sends userid[user1] and password to the authentication server indexed as [default] (or [id1]).\r
+</LI>\r
+\r
+<LI>\r
+After passing the authentication, CGI inserts IPv4 firewall rule [ipfw add 10000 allow ip from 192.168.1.111 to any] and [ipfw add 10000 allow ip from any to 192.168.1.111], and inserts IPv6 firewall rule [ip6fw add 10000 allow ipv6 from 2001:e38:10::111 to any] and [ip6fw add 10000 allow ipv6 from any to 2001:e38:10::111]. The rules indicate the pass of packet to/from the client. The perl script can be used for more flexible ipfw control.\r
+</LI>\r
+\r
+<LI>\r
+CGI reports to syslog that the firewall is opened\r
+[Jun 16 19:14:11 ... START: user user1 use IPv6 and IPv4 at 00:00:00:00:00:00], \r
+[Jun 16 19:14:11 ... OPEN: user user1 from 192.168.1.111...] and \r
+[Jun 16 19:14:11 ... OPEN: user user1 from 2001:e38:10::111].\r
+</LI>\r
+\r
+<LI>\r
+CGI reads reply page file [accept.html], replaces keywords, and sends it to the client. </LI>\r
+\r
+<LI>The browser receives the page [<a href=pict/accept.jpg>accept.html</a>] describing the dowloading of java applet [applet code='Opengate.class'...] and the opening of second page\r
+[window.open("http://.../accept2.html")].\r
+</LI>\r
+<li>The browser opens the second page [<a href=pict/accept2.jpg>accept2.html</a>] for browsing.\r
+</LI>\r
+<LI>\r
+CGI generates a watch process and exits. \r
+</LI>\r
+\r
+<LI>\r
+The watch process waits for the java applet to connect.\r
+</LI>\r
+\r
+<LI>\r
+If no connection in DURATIONDEFAULT seconds, CGI removes the firewall rule {ipfw del 10000] and terminates. If duration is entered in auth page, the time is extended to the time. To cope with hijacking and notting, periodical execution of arp check and firewall packet inquiry.\r
+</LI>\r
+\r
+<LI>\r
+If connected, the watch process watchs the TCP connection linked to the client. When the TCP connection is closed, the watch process removes the firewall rule and terminates.\r
+</LI>\r
+\r
+<LI>\r
+The watch process sends 'hello' to the client every ACTIVECHECKINTERVAL seconds. If no reply in HELLOWAITTIMEOUT seconds, the watch process removes the firewall rule and terminates.\r
+</LI>\r
+\r
+<LI>\r
+The watch process gets number of passed packets matched to the inserted rule from IPv4 and IPv6 firewall\r
+[ipfw -a list 10000], [ip6fw -a list 10000] every ACTIVECHECKINTERVAL seconds. If the packet count does not increase in NOPACKETINTERVAL seconds, the watch process removes the firewall rule and terminates.\r
+</LI>\r
+\r
+<LI>\r
+At termination, the watch process reports the filewall close to syslog [Jun 16 22:11:55 ... CLOS: user user1 from 192.168.0.111...], [Jun 16 22:11:55 ... CLOS: user user1 from 2001:e38:10::111...] and [Jun 16 22:11:55 ... END: user user1 at 00:00:00:00:00:00].\r
+ </LI>\r
+ \r
+\r
+</OL>\r
+\r
+\r
+\r
+</body>\r
+</HTML>\r
+\r
+\r
+\r
+ \r
<P>
Network authentication failed. Please retry again.
</P>
-<A HREF=https://%%AUTHCGIURL%%?%%ADDR4%%&en>BACK</A>
+<A HREF=https://%%EXTERNALURL%%>BACK</A>
</BODY>
</HTML>
<P>
Network authentication failed. Please retry again.
</P>
-<A HREF=http://%%AUTHCGIURL%%?%%ADDR4%%&en>BACK</A>
+<A HREF=http://%%EXTERNALURL%%>BACK</A>
</BODY>
</HTML>
--- /dev/null
+<HTML>
+<META HTTP-EQUIV="Content-Type" CONTENT="text/html;charset=iso-2022-jp">
+<HEAD>
+<TITLE>OpengateRetry</TITLE>
+</HEAD>
+<BODY>
+<P>
+The system cannot acquire client information. Please use as follows.
+<UL>
+<LI>Do not access by pointing this site manually.</LI>
+<LI>Do not access by the saved URL of this site.</LI>
+<LI>Do not change the string in URL</LI>
+</UL>
+</P>
+<P>Please access to any external site.
+Then the authentication page is displayed automatically.</P>
+<P>
+<A HREF=http://%%EXTERNALURL%%><H3>Retry from external site</H3></A>
+</P>
+</BODY>
+</HTML>
<P>
\e$B%M%C%H%o!<%/MxMQG'>Z$K<:GT$7$^$7$?!#$b$&0lEY$d$jD>$7$F2<$5$$!#\e(B
</P>
-<A HREF=https://%%AUTHCGIURL%%?%%ADDR4%%&ja>\e$BLa$k\e(B</A>
+<A HREF=https://%%EXTERNALURL%%>\e$BLa$k\e(B</A>
</BODY>
</HTML>
<P>
\e$B%M%C%H%o!<%/MxMQG'>Z$K<:GT$7$^$7$?!#$b$&0lEY$d$jD>$7$F2<$5$$!#\e(B
</P>
-<A HREF=http://%%AUTHCGIURL%%?%%ADDR4%%&ja>\e$BLa$k\e(B</A>
+<A HREF=http://%%EXTERNALURL%%>\e$BLa$k\e(B</A>
</BODY>
</HTML>
--- /dev/null
+<HTML>
+<META HTTP-EQUIV="Content-Type" CONTENT="text/html;charset=iso-2022-jp">
+<HEAD>
+<TITLE>OpengateRetry</TITLE>
+</HEAD>
+<BODY>
+<P>
+\e$B>pJs$N<hF@$K<:GT$7$^$7$?!#\e(B
+\e$B0J2<$r9T$o$J$$$G$/$@$5$$!#\e(B
+<UL>
+<LI>\e$B%V%i%&%6$KK\%5%$%H$N\e(BURL\e$B$r<jF~NO$7$F%"%/%;%9$9$k!#\e(B</LI>
+<LI>\e$B%V%i%&%6$KK\%5%$%H$N\e(BURL\e$B$rJ]B8$7$FMxMQ$9$k!#\e(B</LI>
+<LI>\e$B%V%i%&%6$,I=<($7$F$$$k\e(BURL\e$B$N>pJs$r=q$-49$($k!#\e(B</LI>
+</UL>
+</P>
+<P>\e$BG$0U$N%5%$%H$r%"%/%;%9$9$k$H!"<+F0E*$KG'>Z%Z!<%8$,I=<($5$l$^$9!#\e(B</P>
+<P>
+<A HREF=http://%%EXTERNALURL%%><H3>\e$B30It%5%$%H$+$i:F3+\e(B</H3></A>
+</P>
+</BODY>
+</HTML>
checkDigit = (ad[0]*7 + ad[1]*5 + ad[2]*3 + ad[3]) % 11;
/* convert from integer to string */
+ /* the string has the from as [encodeAddress-checkDigit-TimeNow] */
if(!illform){
- sprintf(encodeAddr, "%u-%d", address,checkDigit);
+ snprintf(encodeAddr, ADDRMAXLN,
+ "%u-%d-%d", address,checkDigit, time(NULL));
}else{
- sprintf(encodeAddr,"");
+ snprintf(encodeAddr, ADDRMAXLN, "");
}
return illform;
unsigned long address;
int illform=0;
int checkDigit;
+ time_t encodeTiming, diffTime;
/* convert string to integer */
- if(sscanf(encodeAddr, "%u-%d", &address, &checkDigit)!=2){
+ if(sscanf(encodeAddr, "%u-%d-%d", &address, &checkDigit, &encodeTiming)!=3){
illform=1;
}
+
+ /* if the time difference between encode and decode is too large, retry */
+ diffTime = time(NULL) - encodeTiming;
+ if(diffTime <0 || diffTime > MAXFWDDELAY){
+ illform = 1;
+ }
/* divide ineger to four 8bits decimals */
for(i=3;i>=0;i--){
/* convert to dot separated address string */
if(!illform){
- sprintf(dotSepAddr, "%d.%d.%d.%d", ad[3], ad[2], ad[1], ad[0]);
+ snprintf(dotSepAddr, ADDRMAXLN, "%d.%d.%d.%d", ad[3], ad[2], ad[1], ad[0]);
}else{
- sprintf(dotSepAddr, "");
+ snprintf(dotSepAddr, ADDRMAXLN, "");
}
return illform;
}
/*****************************/
-/* split userid and serverid */
+/* split userid and extraId */
/*****************************/
-void splitId(char* userid, char* useridshort, char* serverid)
+void splitId(char* userid, char* useridshort, char* extraId)
{
char useridSave[USERMAXLN];
strncpy(useridSave, userid, USERMAXLN);
- /* separate serverid from userid */
- markPnt=strchr(useridSave, '@');
+ /* separate extraId from userid */
+ markPnt=strchr(useridSave, ATMARK);
if(markPnt==NULL){
/* separator mark not found */
- strncpy(serverid,"default",USERMAXLN);
+ strncpy(extraId,"default",USERMAXLN);
strncpy(useridshort,useridSave,USERMAXLN);
}else{
- /* pick up serverid */
+ /* pick up extraId */
*markPnt='\0';
- strncpy(serverid,markPnt+1,USERMAXLN);
+ strncpy(extraId,markPnt+1,USERMAXLN);
strncpy(useridshort,useridSave,USERMAXLN);
}
}
return ret;
}
-void SplitId(char* userid, char* useridshort, char* serverid)
+void SplitId(char* userid, char* useridshort, char* extraId)
{
if(debug) err_msg("DEBUG:=>splitId(%s,,)",userid);
- splitId(userid,useridshort,serverid);
- if(debug) err_msg("DEBUG:<=splitId(%s,%s,%s)",userid,useridshort,serverid);
+ splitId(userid,useridshort,extraId);
+ if(debug) err_msg("DEBUG:<=splitId(%s,%s,%s)",userid,useridshort,extraId);
}
void split(char content[], char *name[], char *value[], char *next[]);
void decode(char *string);
-static char language[WORDMAXLN]; /* message language in java applet */
+char language[WORDMAXLN]; /* message language in java applet */
/*******************************/
/* get the client addr */
char encodeAddr4[ADDRMAXLN];
/* get content sent from web input */
+ if(getenv("CONTENT_LENGTH")==NULL)return FALSE;
+
contentLen=atoi(getenv("CONTENT_LENGTH"));
+ if(contentLen==0)return FALSE;
contentLen++; /* for terminate ch */
if(contentLen > BUFFMAXLN) contentLen=BUFFMAXLN;
/* decode client address to dot separated form */
if(AddrDecode(clientAddr4, encodeAddr4)==1){
-
/* if can't decode, retry */
- err_msg("ERR in comm-cgi: cannot decode address %s", encodeAddr4);
-
- printf("location:http://%s\r\n\r\n", GetConfValue("RetryUrl"));
return FALSE;
}
return TRUE;
}
-
+/*********************************************/
/* deny message to the client */
/*********************************************/
-void putClientDeny(char clientAddr4[])
+void putClientDeny(void)
{
FILE *fp;
char denydoc[BUFFMAXLN];
- char authCgiUrl[BUFFMAXLN];
+ char externalUrl[BUFFMAXLN];
/* keyword pairs */
/* the left key is replaced by the right value */
struct html_key keys[]=
{
- {"%%AUTHCGIURL%%", authCgiUrl},
- {"%%ADDR4%%", clientAddr4},
+ {"%%EXTERNALURL%%", externalUrl},
{"",""} /* DON'T REMOVE THIS LINE */
};
/* create URL string */
- snprintf(authCgiUrl, sizeof(authCgiUrl), "%s%s%s/%s",
- GetConfValue("OpengateServerName"),
- GetConfValue("CgiDir"),
- GetConfValue("OpengateDir"),
- GetConfValue("AuthCgi"));
+ strncpy(externalUrl, GetConfValue("ExternalUrl"), sizeof(externalUrl));
/* make path to the denydoc for ssl or non-ssl */
- if(strcmp(getenv("SERVER_PORT"),HTTPS)==0){
+ if(strcmp(getenv("SERVER_PORT"),GetServicePortStr("https"))==0){
sprintf(denydoc,"%s%s/%s/%s",GetConfValue("DocumentRoot"),
GetConfValue("OpengateDir"),language,GetConfValue("DenyDocSsl"));
}else{
return;
}
+/*********************************************/
+/* deny message to the client */
+/*********************************************/
+void putClientRetry(char *lang)
+{
+ FILE *fp;
+ char retrydoc[BUFFMAXLN];
+ char externalUrl[BUFFMAXLN];
+
+ /* keyword pairs */
+ /* the left key is replaced by the right value */
+ struct html_key keys[]=
+ {
+ {"%%EXTERNALURL%%", externalUrl},
+ {"",""} /* DON'T REMOVE THIS LINE */
+ };
+
+ /* create URL string */
+ strncpy(externalUrl, GetConfValue("ExternalUrl"), sizeof(externalUrl));
+
+ /* make path to the retry document */
+ sprintf(retrydoc,"%s%s/%s/%s",GetConfValue("DocumentRoot"),
+ GetConfValue("OpengateDir"),lang,GetConfValue("RetryDoc"));
+
+ /* replace keyword and send out the file */
+ printf("Content-type: text/html\r\n\r\n\r\n");
+ HtmlTemplate(retrydoc, keys);
+
+ return;
+}
/*********************************************/
/* put some message to the client */
if(getenv("HTTP_REFERER")!=NULL){
strncpy(url,getenv("HTTP_REFERER"),BUFFMAXLN);
if(strstr(url,GetConfValue("OpengateServerName"))==NULL){
- err_msg("ERR in comm-cgi: abnormal HTTP referer, retry");
- printf("location:http://%s\r\n\r\n", GetConfValue("RetryUrl"));
-
return FALSE;
}
}
if(debug) err_msg("DEBUG:<=putJavaApplet( )");
}
-void PutClientDeny(char clientAddr4[])
+void PutClientDeny(void)
{
if(debug) err_msg("DEBUG:=>putClientDeny( )");
- putClientDeny(clientAddr4);
+ putClientDeny( );
if(debug) err_msg("DEBUG:<=putClientDeny( )");
}
+void PutClientRetry(char *lang)
+{
+ if(debug) err_msg("DEBUG:=>putClientRetry(%s)",lang);
+ putClientRetry(lang);
+ if(debug) err_msg("DEBUG:<=putClientRetry( )");
+}
+
void PutClientMsg(char *message)
{
if(debug) err_msg("DEBUG:=>putClientMsg( %s )",message);
/* get MAC address from above string */
while(fgets(buf, BUFFMAXLN, fpipe)!=NULL){
if(strstr(buf,clientAddr6)==NULL)continue;
- startp = strtok(buf," ");
- startp = strtok(NULL," ");
+ startp = strtok(buf," "); /* first token */
+ startp = strtok(NULL," "); /* second token */
strcpy(macAddr6,startp);
}
char *getConfValueExtra(char *name);
char *getConfValue(char *name);
-char *convertToFacilityRaw(char *pValue);
-
/**************************************************/
/* Prepare Conf file to use */
/* as debug flag is used many times, put it in gloval variable */
debug=atoi(getConfValue("Debug"));
- if(debug){
- /* to check error, convert to xml */
- s=ezxml_toxml(xmlRoot); free(s);
-
- /* if failed, show error message */
- errMsg=(char *)ezxml_error(xmlRoot);
- if(*errMsg!='\0'){
- err_msg("ERR in get-param: %s",errMsg);
- }
+ /* to check error, convert to xml */
+ s=ezxml_toxml(xmlRoot); free(s);
+
+ /* if failed, show error message */
+ errMsg=(char *)ezxml_error(xmlRoot);
+ if(*errMsg!='\0'){
+ err_msg("ERR in get-param: %s",errMsg);
}
+
return 0;
}
pValue=pValueExtra;
}
- /* if syslog facility, the id is converted to raw value */
- if(strcmp(name,"Syslog/Facility")==0){
- pValue=convertToFacilityRaw(pValue);
- }
-
/* return found value */
return pValue;
}
/* search the matching extra set (first match is employed) */
for(xml=ezxml_child(xmlRoot, "ExtraSet"); xml; xml=xml->next){
- if(strcmp(presentId, ezxml_attr(xml, "Id"))!=0) continue;
+ if(strcmp(presentId, ezxml_attr(xml, "ExtraId"))!=0) continue;
else break;
}
/* if no matching set, do nothing */
}
/***********************************************/
-/* Convart the syslog facility id to raw value */
-/***********************************************/
-char *convertToFacilityRaw(char *pValue)
-{
- static char facility[WORDMAXLN];
- int rawValue;
-
- if (strcmp(pValue, "local0")==0) rawValue=LOG_LOCAL0;
- else if(strcmp(pValue, "local1")==0) rawValue=LOG_LOCAL1;
- else if(strcmp(pValue, "local2")==0) rawValue=LOG_LOCAL2;
- else if(strcmp(pValue, "local3")==0) rawValue=LOG_LOCAL3;
- else if(strcmp(pValue, "local4")==0) rawValue=LOG_LOCAL4;
- else if(strcmp(pValue, "local5")==0) rawValue=LOG_LOCAL5;
- else if(strcmp(pValue, "local6")==0) rawValue=LOG_LOCAL6;
- else if(strcmp(pValue, "local7")==0) rawValue=LOG_LOCAL7;
- else rawValue=0;
-
- snprintf(facility, sizeof(facility), "%d", rawValue);
-
- return facility;
-}
-
-/***********************************************/
/***********************************************/
int OpenConfFile(void){
int ret;
extern char ruleNumber4[WORDMAXLN]; /* ipfw rule number in string form */
extern char ruleNumber6[WORDMAXLN]; /* ip6fw rule number in string form */
+extern char language[WORDMAXLN];
char clientAddr4[ADDRMAXLN]=""; /* client addr (nnn.nnn.nnn.nnn) */
char clientAddr6[ADDRMAXLN]=""; /* client addr (nnnn:nnnn:xxxx::xxxx) 128bit */
char macAddr6[ADDRMAXLN]="?"; /* client MAC address (format for ndp) */
char userid[USERMAXLN];
-char useridshort[USERMAXLN];/* userID before @ mark(cut off serverID) */
-char serverid[USERMAXLN];
+char useridshort[USERMAXLN];/* userID before @ mark(cut off extraID) */
+char extraId[USERMAXLN];
char userProperty[BUFFMAXLN];
time_t timeIn, timeOut;
int pid;
int duration; /* requested usage duration */
+ /* start log */
+ errToSyslog(ERRORTOSYSLOG); /* output of err_xxx() to syslogd */
+ openlog(argv[0], LOG_PID, FACILITY);
+
/* prepare config file */
OpenConfFile();
+
+ /* get default language at the top of lang list */
+ sscanf(GetConfValue("HtmlLangs"), "%s", language);
- /* start log */
- errToSyslog(atoi(GetConfValue("Syslog/Enable")));
- openlog(argv[0], LOG_PID, atoi(GetConfValue("Syslog/Facility")));
-
- /* check referer */
+ /* check referer */
if(CheckReferer()==FALSE){
+ PutClientRetry(language);
+ CloseConfFile();
return 0;
}
/* get POST data */
if(GetPostData(userid, password, clientAddr4, &duration)==FALSE){
+ PutClientRetry(language);
+ CloseConfFile();
return 0;
}
/* split user@server to user and server */
- SplitId(userid, useridshort, serverid);
+ SplitId(userid, useridshort, extraId);
/* setup ID for config file */
- SetupConfId(serverid);
+ SetupConfId(extraId);
/* get address of client from getenv. it might be IPv4 or IPv6. */
GetClientAddr(clientAddr6);
/* authenticate the user with authentication server */
if(!AuthenticateUser(useridshort, password)){
/* if not authenticate, send deny */
- PutClientDeny(clientAddr4);
+ PutClientDeny();
err_msg("DENY: user %s from %s at %s", userid, clientAddr4, macAddr4);
return 0;
}
return;
}
-/*********************************/
-/* format macAddr for ndp or arp */
-/*********************************/
+/**********************************/
+/* format macAddr for ndp or arp */
+/* match the form of two program */
+/* mac addr by arp 00:01:12:0b:.. */
+/* mac addr by ndp 0:1:12:b:.. */
+/**********************************/
void reFormatMacAddr(char* macAddr4, char* macAddr6)
{
char *strp = NULL;
char delims[] = ":";
char buf[ADDRMAXLN] = "";
- char nullstr[ADDRMAXLN] = "";
- strcpy(macAddr6,nullstr);
+ strcpy(macAddr6,"");
strcpy(buf,macAddr4);
strp=strtok(buf,delims);
}else{
strcat(macAddr6,strp);
}
+
strp=strtok(NULL,delims);
while(strp!=NULL){
strcat(macAddr6,delims);
{"",""} /* DON'T REMOVE THIS LINE */
};
+ /* start log */
+ errToSyslog(ERRORTOSYSLOG); /* output of err_xxx() to syslogd */
+ openlog(argv[0], LOG_PID, FACILITY);
+
/* prepare conf file */
OpenConfFile();
- /* start log */
- errToSyslog(atoi(GetConfValue("Syslog/Enable")));
- openlog(argv[0], LOG_PID, atoi(GetConfValue("Syslog/Facility")));
-
if(debug) err_msg("DEBUG: started");
/* create URL string */
GetConfValue("CgiDir"),
GetConfValue("OpengateDir"),
GetConfValue("MainCgi"));
+
+ /* get default language at the top of lang list */
+ sscanf(GetConfValue("HtmlLangs"), "%s", lang);
+
+ /* if cannot get parameters, retry */
+ if(getenv("QUERY_STRING")==NULL){
+ PutClientRetry(lang);
+ CloseConfFile();
+ return 0;
+ }
/* get html access parameter string (xx.cgi?addr4&lang) */
strncpy(paramString, getenv("QUERY_STRING"), BUFFMAXLN);
/* split language and address */
- pAddr4 = paramString;
- pLang = strtok(paramString, "&");
-
- /* if abnormal parameters, retry from external access */
- if(strlen(pAddr4)==0 || pLang==NULL){
- err_msg("ERR: access with abnormal parameters %s, retry",
- getenv("QUERY_STRING"));
-
- printf("location:http://%s\r\n\r\n", GetConfValue("RetryUrl"));
+ pAddr4 =strtok(paramString, "&");
+ pLang = strtok(NULL, "&");
+ /* if get abnormal parameters, retry */
+ if(isNull(pAddr4)||isNull(pLang)){
+ PutClientRetry(lang);
CloseConfFile();
return 0;
}
+
/* copy clientAddr(encoded) */
strncpy(clientAddr, pAddr4, ADDRMAXLN);
/* get language and check its correctness */
- if(strstr(GetConfValue("HtmlLangs"), pLang)!=NULL){
+ if(pLang!=NULL && strstr(GetConfValue("HtmlLangs"), pLang)!=NULL){
/* if corrrect, set it */
strncpy(lang, pLang, WORDMAXLN);
- }else{
- /* if not, set the first language in the list */
- sscanf(GetConfValue("HtmlLangs"), "%s", lang);
}
/* send out header */
printf("Content-Type: text/html\r\n\r\n\r\n");
/* construct html file path */
- sprintf(htmlFile, "%s%s/%s/", GetConfValue("DocumentRoot"), GetConfValue("OpengateDir"), lang);
+ sprintf(htmlFile, "%s%s/%s/", GetConfValue("DocumentRoot"),
+ GetConfValue("OpengateDir"), lang);
/* ssl or non-ssl file */
- if(strcmp(getenv("SERVER_PORT"),HTTPS)==0) {
+ if(strcmp(getenv("SERVER_PORT"),GetServicePortStr("https"))==0) {
strncat(htmlFile, GetConfValue("AuthDocSsl"), BUFFMAXLN);
}else{
strncat(htmlFile, GetConfValue("AuthDoc"), BUFFMAXLN);
{"",""} /* DON'T REMOVE THIS LINE */
};
+ /* start log */
+ errToSyslog(ERRORTOSYSLOG); /* output of err_xxx() to syslogd */
+ openlog(argv[0], LOG_PID, FACILITY);
+
/* prepare conf file */
OpenConfFile();
- /* start log */
- errToSyslog(atoi(GetConfValue("Syslog/Enable")));
- openlog(argv[0], LOG_PID, atoi(GetConfValue("Syslog/Facility")));
-
if(debug) err_msg("DEBUG: started");
/* create URL string */
GetConfValue("OpengateDir"),
GetConfValue("AuthCgi"));
- /* get client address */
- strncpy(clientAddr,getenv("REMOTE_ADDR"),ADDRMAXLN);
-
- /* encode the address */
- if(AddrEncode(encodeAddr, clientAddr)==1){
- /* if can't encode, retry */
- err_msg("ERR: first access must has IPv4 form now as %s, retry", clientAddr);
- printf("location:http://%s\r\n\r\n", getConfValue("RetryUrl"));
+ /* get default language at the top of language list */
+ sscanf(GetConfValue("HtmlLangs"), "%s", lang);
+ /* if no parameters, retry */
+ if(getenv("QUERY_STRING")==NULL){
+ PutClientRetry(lang);
CloseConfFile();
return 0;
- }
+ }
/* get language and check its correctness */
- if(strstr(GetConfValue("HtmlLangs"), getenv("QUERY_STRING"))){
+ if(strstr(GetConfValue("HtmlLangs"), getenv("QUERY_STRING"))!=NULL){
/* if corrrect, set it */
strncpy(lang,getenv("QUERY_STRING"),WORDMAXLN);
- }else{
- /* if not, set the first language in the list */
- sscanf(GetConfValue("HtmlLangs"), "%s", lang);
+ }
+
+ /* get client address */
+ strncpy(clientAddr,getenv("REMOTE_ADDR"),ADDRMAXLN);
+
+ /* encode the address */
+ if(AddrEncode(encodeAddr, clientAddr)==1){
+ /* if can't encode, retry */
+ PutClientRetry(lang);
+ CloseConfFile();
+ return 0;
}
/* construct html file path */
/* Configuration file for opengate */
#define CONFIGFILE "/etc/opengate/opengatesrv.conf"
+#define ERRORTOSYSLOG 1 /* if 1, error message to syslog */
+ /* if 0, to stderr */
+#define FACILITY LOG_LOCAL1 /* syslog ID */
+
#define COMMWAITTIMEOUT 60 /* communication reply timeout(second) */
#define PACKETLOGDELAY 10 /* wait log writing time(second) */
-#define LOCKTIMEOUT 10 /* ipfw exclusive exec lock timeout (second)*/
+#define LOCKTIMEOUT 10 /* ipfw exclusive exec lock timeout (second) */
+#define MAXFWDDELAY 300 /* max delay from fwd.cgi to auth.cgi (second) */
#define PAMSERVICENAME "opengate" /* default service name used in PAM */
#define RADIUSCONF "/etc/radius.conf" /* default path to radius.conf */
+#define ATMARK '@' /* separator between userID and extraID */
+ /* in user entry [userID@extraID] */
#define ADDRMAXLN 128 /* maximum address string length */
#define PASSMAXLN 128 /* maximum password string length */
#define IPV6ONLY 6
#define IPV4 4
#define IPV6 6
-#define HTTP "80"
-#define HTTPS "443"
struct clientAddr
{
void GetClientAddr(char *clientAddr);
int GetPostData(char *userid, char *password, char *clientAddr4, int *durationPtr);
int GetUserProperty(char *userid, char *userProperty);
-void SplitId(char* userid, char* useridshort, char* serverid);
+void SplitId(char* userid, char* useridshort, char* extraId);
int CheckReferer(void);
-void PutClientDeny(char clientAddr4[]);
+void PutClientDeny(void);
+void PutClientRetry(char *lang);
void PutClientMsg(char *message);
/* TCP communication with java applet */
int Systeml(const char *path, ...);
int Pclose(FILE *stream);
int isNull(char *pStr);
+char *GetServicePortStr(char *servName);
void err_ret(const char *fmt, ...);
void err_sys(const char *fmt, ...);
int main(int argc, char **argv)
{
- char serverID[100]="default";
+ char extraID[100]="default";
char userID[100];
char password[100];
+ /* start log */
+ errToSyslog(ERRORTOSYSLOG); /* output of err_xxx() to syslogd */
+ openlog(argv[0], LOG_PID, FACILITY);
+
+
/* prepare config file */
OpenConfFile();
- SetupConfId(serverID);
-
- /* start log */
- errToSyslog(atoi(GetConfValue("Syslog/Enable")));
- openlog(argv[0], LOG_PID, atoi(GetConfValue("Syslog/Facility")));
+ SetupConfId(extraID);
printf("Config file=[%s]\n",CONFIGFILE);
/* get serverid, userid and password */
- printf("Enter serverID=");
- scanf("%s", serverID);
+ printf("Enter extraID=");
+ scanf("%s", extraID);
printf("Enter userID=");
scanf("%s", userID);
printf("Enter password=");
int main(int argc, char **argv)
{
char clientAddr[100];
- char serverID[100]="default";
+ char extraID[100]="default";
char dummy[100];
struct clientAddr ClientAddr;
struct clientAddr *pClientAddr;
pClientAddr = &ClientAddr;
+ /* start log */
+ errToSyslog(ERRORTOSYSLOG); /* output of err_xxx() to syslogd */
+ openlog(argv[0], LOG_PID, FACILITY);
+
/* prepare config file */
OpenConfFile();
- SetupConfId(serverID);
+ SetupConfId(extraID);
- /* start log */
- errToSyslog(atoi(GetConfValue("Syslog/Enable")));
- openlog(argv[0], LOG_PID, atoi(GetConfValue("Syslog/Facility")));
printf("Config file=[%s]\n",CONFIGFILE);
- printf("ServerID=[%s]\n",serverID);
+ printf("ExtraID=[%s]\n",extraID);
/* get client address to add */
printf("Enter IPv4 address to add rule in firewall=");
char clientAddr4[100]="127.0.0.1";
char clientAddr6[100]="::1";
char userID[100]="user1";
- char serverID[100]="default";
+ char extraID[100]="default";
char dummy[100];
int duration=60;
struct clientAddr ClientAddr;
ClientAddr.ipType=IPV4;
ClientAddr.timeIn=time(NULL);
+ /* start log */
+ errToSyslog(ERRORTOSYSLOG); /* output of err_xxx() to syslogd */
+ openlog(argv[0], LOG_PID, FACILITY);
+
/* prepare conf file */
OpenConfFile();
- SetupConfId(serverID);
+ SetupConfId(extraID);
- /* start log */
- errToSyslog(atoi(GetConfValue("Syslog/Enable")));
- openlog(argv[0], LOG_PID, atoi(GetConfValue("Syslog/Facility")));
printf("Config file=[%s]\n",CONFIGFILE);
- printf("ServerID=[%s]\n",serverID);
+ printf("ExtraID=[%s]\n",extraID);
/* guide for connecting */
printf("Waiting connection for %d seconds\n",duration);
int main(int argc, char **argv)
{
char name[BUFFMAXLN];
- char serverID[WORDMAXLN];
+ char extraID[WORDMAXLN];
/* start log */
- errToSyslog(atoi(GetConfValue("Syslog/Enable")));
- openlog(argv[0], LOG_PID, atoi(GetConfValue("Syslog/Facility")));
+ errToSyslog(ERRORTOSYSLOG); /* output of err_xxx() to syslogd */
+ openlog(argv[0], LOG_PID, FACILITY);
printf("Config file=[%s]\n",CONFIGFILE);
openConfFile();
- printf("Enter serverID=");
- scanf("%s", serverID);
- setupConfId(serverID);
+ printf("Enter extraID=");
+ scanf("%s", extraID);
+ setupConfId(extraID);
printf("Enter Parameter name (eg, Authserver/protocol)=");
scanf("%s", name);
printf("%s\n", getConfValue(name));
return ret;
}
+/*******************************************/
+/* get port number string in /etc/services */
+/*******************************************/
+char *getServicePortStr(char *servName)
+{
+ struct servent *pServEnt;
+ static char portStr[WORDMAXLN];
+
+ /* get service info from service name */
+ pServEnt = getservbyname(servName, NULL);
+
+ /* convert service port number to string form */
+ snprintf(portStr, sizeof(portStr),"%d",ntohs(pServEnt->s_port));
+
+ return portStr;
+}
+
+
/****************************************/
/****************************************/
int Pclose(FILE *stream)
return ret;
}
+char *GetServicePortStr(char *servName)
+{
+ char *ret;
+
+ if(debug) err_msg("DEBUG:=>getServicePortStr(%s)", servName);
+ ret = getServicePortStr(servName);
+ if(debug) err_msg("DEBUG:(%s)<=getServicePortStr( )", ret);
+
+ return ret;
+}
+
ssize_t Readln(int fd, void *ptr, size_t maxlen)
{
ssize_t n;
OSDN Git Service
