From a153b7aaadcc9290fe7ec8b37df20b290f75a9ad Mon Sep 17 00:00:00 2001 From: watanaby <> Date: Sat, 25 Feb 2006 06:21:25 +0000 Subject: [PATCH] reform directory --- opengate/conf/input.sh | 22 - opengate/conf/mrtg.en.cfg | 20 - opengate/conf/mrtg.ja.cfg | 29 - opengate/conf/output.sh | 45 -- opengate/conf/output2syslog.sh | 34 - opengate/conf/output2web.sh | 49 -- opengate/doc/Changes.html | 323 ---------- opengate/doc/GPL.txt | 341 ---------- opengate/doc/en/a.html | 258 -------- opengate/doc/en/b.html | 203 ------ opengate/doc/en/c.html | 232 ------- opengate/doc/en/d.html | 66 -- opengate/doc/en/e.html | 225 ------- opengate/doc/en/f.html | 269 -------- opengate/doc/en/install_en.html | 1264 ------------------------------------- opengate/doc/en/style.css | 35 -- opengate/doc/errcheck-e.html | 226 ------- opengate/doc/errcheck.html | 224 ------- opengate/doc/install-e.html | 420 ------------- opengate/doc/install.html | 439 ------------- opengate/doc/install_en.html | 57 -- opengate/doc/install_ja.html | 60 -- opengate/doc/ja/a.html | 252 -------- opengate/doc/ja/b.html | 208 ------- opengate/doc/ja/c.html | 251 -------- opengate/doc/ja/d.html | 72 --- opengate/doc/ja/e.html | 244 -------- opengate/doc/ja/f.html | 285 --------- opengate/doc/ja/install_ja.html | 1316 --------------------------------------- opengate/doc/ja/style.css | 35 -- opengate/doc/progflow.html | 139 ----- opengate/doc/protocol.txt | 76 --- opengate/doc/qa-e.html | 200 ------ opengate/doc/qa.html | 201 ------ opengate/doc/rulechk.txt | 40 -- 35 files changed, 8160 deletions(-) delete mode 100644 opengate/conf/input.sh delete mode 100644 opengate/conf/mrtg.en.cfg delete mode 100644 opengate/conf/mrtg.ja.cfg delete mode 100644 opengate/conf/output.sh delete mode 100644 opengate/conf/output2syslog.sh delete mode 100644 opengate/conf/output2web.sh delete mode 100644 opengate/doc/Changes.html delete mode 100644 opengate/doc/GPL.txt delete mode 100644 opengate/doc/en/a.html delete mode 100644 opengate/doc/en/b.html delete mode 100644 opengate/doc/en/c.html delete mode 100644 opengate/doc/en/d.html delete mode 100644 opengate/doc/en/e.html delete mode 100644 opengate/doc/en/f.html delete mode 100644 opengate/doc/en/install_en.html delete mode 100644 opengate/doc/en/style.css delete mode 100644 opengate/doc/errcheck-e.html delete mode 100644 opengate/doc/errcheck.html delete mode 100644 opengate/doc/install-e.html delete mode 100644 opengate/doc/install.html delete mode 100644 opengate/doc/install_en.html delete mode 100644 opengate/doc/install_ja.html delete mode 100644 opengate/doc/ja/a.html delete mode 100644 opengate/doc/ja/b.html delete mode 100644 opengate/doc/ja/c.html delete mode 100644 opengate/doc/ja/d.html delete mode 100644 opengate/doc/ja/e.html delete mode 100644 opengate/doc/ja/f.html delete mode 100644 opengate/doc/ja/install_ja.html delete mode 100644 opengate/doc/ja/style.css delete mode 100644 opengate/doc/progflow.html delete mode 100644 opengate/doc/protocol.txt delete mode 100644 opengate/doc/qa-e.html delete mode 100644 opengate/doc/qa.html delete mode 100755 opengate/doc/rulechk.txt diff --git a/opengate/conf/input.sh b/opengate/conf/input.sh deleted file mode 100644 index d936e43..0000000 --- a/opengate/conf/input.sh +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/sh - -####################################### -## -## input data for MRTG -## -## 1 line : IPv6 Users -## 2 line : Total Users -## 3 line : uptime -## 4 line : comment for data -## -####################################### - -# tmp file name -file="/tmp/opengate.tmp" - -# URL of output.sh at opengate -url="https://opengate12.edu.cc.saga-u.ac.jp/cgi-bin/output.sh" - -fetch -o $file $url &> /dev/null - -more $file diff --git a/opengate/conf/mrtg.en.cfg b/opengate/conf/mrtg.en.cfg deleted file mode 100644 index 1c73eed..0000000 --- a/opengate/conf/mrtg.en.cfg +++ /dev/null @@ -1,20 +0,0 @@ -################################################## -# opengate user counter - -WorkDir: /usr/local/www/mrtg/opengate/ - -Options[^]: growright,gauge,nopercent,integer - -Target[opengate]:`/usr/home/user/bin/input.sh` -Title[opengate]: Opengate user counter - -PageTop[opengate]:
Opengate12 ¤òÍøÍѤ·¤Æ¤¤¤ë¿Í¿ô¤òɽ¼¨¤·¤Æ¤¤¤Þ¤¹¡£
- -# Ãͤξå¸Â -MaxBytes[opengate]: 200 -# ³Æ¥°¥é¥Õ¤Ë¤ª¤¤¤Æ¡¢¥°¥é¥Õ¤Î¾å¸Â¤òÃͤκÇÂçÃͤǤʤ¯Ãͤξå¸Â¤Ë¤¹¤ë -#Unscaled[opengate]: ymwd - -# ¥°¥é¥Õ¤ÎY¼´¤Ë¤Ä¤¯¥¿¥¤¥È¥ë -YLegend[opengate]: Opengate User -# ÃͤÎñ°Ì -ShortLegend[opengate]: ¿Í -# ÃͤΥ¿¥¤¥È¥ë LegendI: 1ÈÖÌÜ LegendO: 2ÈÖÌÜ -LegendI[opengate]: IPv6 User -LegendO[opengate]: Total User diff --git a/opengate/conf/output.sh b/opengate/conf/output.sh deleted file mode 100644 index e8cbf28..0000000 --- a/opengate/conf/output.sh +++ /dev/null @@ -1,45 +0,0 @@ -#!/bin/sh - -####################################### -## -## shwo opengate status for MRTG -## -## 1 line : IPv6 Users -## 2 line : Total Users -## 3 line : uptime -## 4 line : comment for data -## -####################################### - -LANG=C -COLUMNS=256 - -export LANG -export COLUMNS - -### opengate process name -process="opengatesrv.cgi" - -### tmp file name -tmp_all="/tmp/og_count_all.tmp" -tmp_6="/tmp/og_count_6.tmp" - -###################################################### - -ps ax | grep $process > $tmp_all - -COUNT=`wc -l $tmp_all | awk '{print $1}'` - -grep "(useIPv6)" $tmp_all > $tmp_6 - -COUNT6=`wc -l $tmp_6 | awk '{print $1}'` - -UPTIME=`uptime | awk '{print $3$4}' | sed -e "s/,//g"` - -rm $tmp_all -rm $tmp_6 - -echo "$COUNT6" -echo "$COUNT" -echo "$UPTIME" -echo "Opengate User Counter" diff --git a/opengate/conf/output2syslog.sh b/opengate/conf/output2syslog.sh deleted file mode 100644 index 2349094..0000000 --- a/opengate/conf/output2syslog.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/sh - -####################################### -## -## shwo opengate status for syslog -## -####################################### - -LANG=C -COLUMNS=256 - -export LANG -export COLUMNS - -process="opengatesrv.cgi" -facility="local3.info" - -tmp_all="/tmp/og_count_all.tmp" -tmp_6="/tmp/og_count_6.tmp" - -###################################################### - -ps ax | grep $prosess > $tmp_all - -COUNT=`wc -l $tmp_all | awk '{print $1}'` - -grep "(useIPv6)" $tmp_all > $tmp_6 - -COUNT6=`wc -l $tmp_6 | awk '{print $1}'` - -rm $tmp_all -rm $tmp_6 - -echo "$COUNT $COUNT6" | /usr/bin/logger -p $facility diff --git a/opengate/conf/output2web.sh b/opengate/conf/output2web.sh deleted file mode 100644 index c25d2cf..0000000 --- a/opengate/conf/output2web.sh +++ /dev/null @@ -1,49 +0,0 @@ -#!/bin/sh - -####################################### -## -## shwo opengate status for MRTG -## -## 1 line : IPv6 Users -## 2 line : Total Users -## 3 line : uptime -## 4 line : comment for data -## -## -####################################### - - -LANG=C -COLUMNS=256 - -export LANG -export COLUMNS - -tmp_all="/tmp/og_count_all.tmp" -tmp_6="/tmp/og_count_6.tmp" - -process="opengatesrv.cgi" - - -######################################################3 - -ps ax | grep $process > $tmp_all - -COUNT=`wc -l $tmp_all | awk '{print $1}'` - -grep "(useIPv6)" $tmp_all > $tmp_6 - -COUNT6=`wc -l $tmp_6 | awk '{print $1}'` - -UPTIME=`uptime | awk '{print $3$4}' | sed -e "s/,//g"` - -rm $tmp_all -rm $tmp_6 - -echo "Content-type: text/plain; charset=iso-8859-1" -echo - -echo "$COUNT6" -echo "$COUNT" -echo "$UPTIME" -echo "Opengate User Counter" diff --git a/opengate/doc/Changes.html b/opengate/doc/Changes.html deleted file mode 100644 index caa34e7..0000000 --- a/opengate/doc/Changes.html +++ /dev/null @@ -1,323 +0,0 @@ - - - - - -List of Install Procedure.(*:Necessary by all means)
- -Choose distribution Developer(Full sorces, binaries and doc), because we have to prepare a kernel.
-Add next line to "/etc/rc.conf", because you validate a function of a gateway.
- -gateway_enable="YES" |
-
Unfolds the latest package of Opengate. It have next directory.
- -
--docFDocumentations -confFconfiguration file sample and firewall control perl script sample -javahtmlFClient Java Programs and HTML files -opengatesrvFServer CGI program -- |
Edit Makefile and opengatesrv.h in opengatesrv before carry out compile.
-Opengate needs tow FQDNs(FQDN_4 and FQDN_64). For example, FQDN_4 is "opengate.saga-u.ac.jp" -(IPv4 address: 133.49.31.1). FQDN_64 is "opengate.saga-u.ac.jp"(IPv4 address: 192.168.55.1, IPv6 address: 2001:e38:100:100::1).
- -Makefile
-opengatesrv.h
- -Compile and Install after finishing the above-mentioned setting.
- --#make -cc -DCONFIGFILE=\"/etc/opengatesrv.conf\" --DOPENGATEDIR=\"/opengate\" -DDENYDOC=\"deny.html\" --DDENYDOC=\"deny.html\" -DDENYDOCSSL=\"deny-ssl.html\" ------------------ ------------------ ------------------ -# make install - |
It is described the details of a setting method in a configuration file (opengatesrv.conf).
- - - - - \ No newline at end of file diff --git a/opengate/doc/en/b.html b/opengate/doc/en/b.html deleted file mode 100644 index 76b0842..0000000 --- a/opengate/doc/en/b.html +++ /dev/null @@ -1,203 +0,0 @@ - - -Prepare kernel having ipfw and ip6fw functions.
- -Copy kernel options file.
- --# cd /usr/src/sys/i386/conf -# cp GENERIC MYKERNEL - |
Add next lines.
- --options IPDIVERT - -options IPFIREWALL -options IPFIREWALL_FORWARD -options IPFIREWALL_VERBOSE -options IPFIREWALL_VERBOSE_LIMIT=100 - -options IPV6FIREWALL -options IPV6FIREWALL_VERBOSE -options IPV6FIREWALL_VERBOSE_LIMIT=100 - -options IPSEC -options IPSEC_ESP -options TCP_DROP_SYSFIN - |
compile and install kernel having ipfw and ip6fw functions.
- --# config MYKERNEL -# cd ../compile/MYKERNEL -# make depend -# make -# make install - |
Add next lines to "/etc/rc.conf".
- --firewall_enable="YES" -firewall_script="/etc/rc.firewall" - -ipv6_firewall_enable="YES" -ipv6_firewall_script="/etc/rc.firewall6" - -natd_enable="YES" -natd_interface="em0" - |
Validate a ipfw and ip6fw. And setup configuration script path. -When use NAT, Validate natd and setup natd interface.
- - - - -Write a rule of ipfw for Opengate. This is example "/etc/rc.firewall".
- --### set these to your outside interface network and netmask and ip -oif="em0" -onet="192.168.0.0" -omask="255.255.255.0" -oip="192.168.0.34" - -### set these to your inside interface network and netmask and ip -iif="bge0" -inet="192.168.55.0" -imask="255.255.255.0" -iip="192.168.55.1" - -fwcmd="/sbin/ipfw" - -### divert packet to NATD -$fwcmd add 1 divert natd ip from any to any via ${oif} - -### Stop spoofing -$fwcmd add deny all from ${inet}:${imask} to any in via ${oif} -$fwcmd add deny all from ${onet}:${omask} to any in via ${iif} - -### Stop http from softeather -$fwcmd add deny tcp from 192.168.0.0:255.255.255.0 to ${oip} 80 -$fwcmd add deny tcp from 192.168.0.0:255.255.255.0 to ${oip} 443 - -### Allow from / to myself -$fwcmd add pass all from ${iip} to any via ${iif} -$fwcmd add pass all from ${oip} to any via ${oif} -$fwcmd add pass all from any to ${iip} via ${iif} -$fwcmd add pass all from any to ${oip} via ${oif} - -### Allow DNS queries out in the world -### (if DNS is on localhost, delete passDNS) -$fwcmd add pass udp from any 53 to any -$fwcmd add pass udp from any to any 53 -$fwcmd add pass tcp from any to any 53 -$fwcmd add pass tcp from any 53 to any - -### Forwarding http connection from unauth client -$fwcmd add 60000 fwd localhost tcp from ${inet}:${imask} to any 80 -$fwcmd add 60010 fwd localhost tcp from ${inet}:${imask} to any 443 - -### Allow TCP through if setup succeeded -$fwcmd add 60100 pass tcp from any to any established - |
Rule number for [forward] Command must be larger than the rule numbers used in opengate(10000-40000). -Rule number for [divert to natd] must be smaller than most rules.
- -The file [conf/opengatefw.conf] is the script describing the above rules. - You can edit and use this script instead of rc.firewall.
- -Be falimiar with ipfw command. Opengate is a software to send out the ipfw command like above one.
- - - - -Write a rule of ip6fw for Opengate. This is example "/etc/rc.firewall6".
- --### set these to your outside interface network and prefixlen and ip -oif="em0" -onet="2001:e38:3661:1a0::" -oprefixlen="64" -oip="2001:e38:3661:1a0::34" - -### set these to your inside interface network and prefixlen and ip -iif="bge0" -inet="2001:e38:3661:1a5::" -iprefixlen="64" -iip="2001:e38:3661:1a5::1" - -### path to command "ip6fw" -fw6cmd="/sbin/ip6fw" - -${fw6cmd} add pass all from ${iip} to any -${fw6cmd} add pass all from any to ${iip} -${fw6cmd} add pass all from ${oip} to any -${fw6cmd} add pass all from any to ${oip} - -### Allow RA RS NS NA Redirect... -${fw6cmd} add pass ipv6-icmp from any to any - -# Allow IP fragments to pass through -${fw6cmd} add pass all from any to any frag - -# Allow RIPng -${fw6cmd} add pass udp from fe80::/10 521 to ff02::9 521 -${fw6cmd} add pass udp from fe80::/10 521 to fe80::/10 521 - -### Allow TCP through if setup succeeded -${fw6cmd} add 60100 pass tcp from any to any established - -# TCP reset notice message -${fw6cmd} add 60200 reset tcp from any to any 80 -${fw6cmd} add 60300 reset tcp from any to any 443 - |
ip6fw dose not have [forward] function. Threrfore Opengate waits for -timeout of IPv6 HTTP request. And uses [forward] function of ipfw.
- -When use FreeBSD 5.2 more, ip6fw has TCP reset function. -TCP reset try to send a TCP reset (RST) notice.
- -The file [conf/opengatefw6.conf] is the script describing the above rules. - You can edit and use this script instead of rc.firewall6.
- -Be falimiar with ip6fw command too.
- - - - - - \ No newline at end of file diff --git a/opengate/doc/en/c.html b/opengate/doc/en/c.html deleted file mode 100644 index 9e12532..0000000 --- a/opengate/doc/en/c.html +++ /dev/null @@ -1,232 +0,0 @@ - - -Opengate needs Apache2 supporting IPv6. Because Opengate does authentication, Apache2 -had better support SSL. But you don't have to install mod_ssl because -Apache2 support SSL with a standard.
- --# cd /usr/ports/www/apache2 -# make clean -===> Cleaning for autoconf-2.53_1 -===> Cleaning for libtool-1.3.5_1 -===> Cleaning for m4-1.4_1 -===> Cleaning for help2man-1.29 -===> Cleaning for expat-1.95.6_1 -===> Cleaning for apache-2.0.48_3 -# make install clean ; rehash - |
Add next lines to "/etc/rc.conf"
- --apache2_enable="YES" -apache2ssl_enable="YES" - |
You can get a source of Apache2 from "www.apache.org".
- -Validate a SSL module in configure.
- --# tar xvfz httpd-2.0.55.tar.gz -# cd httpd-2.0.55 -# ./configure --enable-modules="so ssl" -# make -# make install - |
Make two Private keys and Certificates for Apache2 because Opengate needs -two FQDNs.
- --# cd /usr/local/etc/apache2 -# mkdir ssl.key ssl.crt -# chmod 700 ssl.key ssl.crt - -# /usr/bin/openssl genrsa -out /usr/local/etc/apache2/ssl.key/server1.key 1024 -# /usr/bin/openssl genrsa -out /usr/local/etc/apache2/ssl.key/server2.key 1024 - |
-# /usr/bin/openssl req -new -x509 -days 365 \ - -key /usr/local/etc/apache2/ssl.key/server1.key \ - -out /usr/local/etc/apache2/ssl.crt/server1.crt - -You are about to be asked to enter information that will be incorporated -into your certificate request. -What you are about to enter is what is called a Distinguished Name or a DN. -There are quite a few fields but you can leave some blank -For some fields there will be a default value, -If you enter '.', the field will be left blank. ------ -Country Name (2 letter code) [AU]:JP -State or Province Name (full name) [Some-State]:Saga -Locality Name (eg, city) []:Saga-city -Organization Name (eg, company) [Internet Widgits Pty Ltd]:Saga-university -Organizational Unit Name (eg, subsection) []:Information Science -Common Name (eg, YOUR name) []:opengate.is.saga-u.ac.jp -Email Address []:administrator@opengate.is.saga-u.ac.jp - -Please enter the following 'extra' attributes -to be sent with your certificate request -A challenge password []: -An optional company name []: - -# /usr/bin/openssl req -new -x509 -days 365 \ - -key /usr/local/etc/apache2/ssl.key/server2.key \ - -out /usr/local/etc/apache2/ssl.crt/server2.crt - -You are about to be asked to enter information that will be incorporated -into your certificate request. -What you are about to enter is what is called a Distinguished Name or a DN. -There are quite a few fields but you can leave some blank -For some fields there will be a default value, -If you enter '.', the field will be left blank. ------ -Country Name (2 letter code) [AU]:JP -State or Province Name (full name) [Some-State]:Saga -Locality Name (eg, city) []:Saga-city -Organization Name (eg, company) [Internet Widgits Pty Ltd]:Saga-university -Organizational Unit Name (eg, subsection) []:Information Science -Common Name (eg, YOUR name) []:opengate4.is.saga-u.ac.jp -Email Address []:administrator@opengate.is.saga-u.ac.jp - -Please enter the following 'extra' attributes -to be sent with your certificate request -A challenge password []: -An optional company name []: - |
Name-based virtual hosting cannot be used with SSL secure servers -because of the nature of the SSL protocol. Therefore, use IP-based virtual host.
- -Edit httpd.conf and ssl.conf like an example.
- -httpd.conf |
-NameVirtualHost 192.168.55.1:80 -<VirtualHost 192.168.55.1:80> - ServerAdmin administrator@opengate.is.saga-u.ac.jp - DocumentRoot /usr/local/www - ServerName opengate.is.saga-u.ac.jp - ErrorLog "|/usr/bin/logger -p local6.info" - CustomLog "|/usr/bin/logger -p local5.info" combined -</VirtualHost> - -NameVirtualHost [2001:e38:3661:1a5::1]:80 -<VirtualHost [2001:e38:3661:1a5::1]:80> - ServerAdmin administrator@opengate.is.saga-u.ac.jp - DocumentRoot /usr/local/www - ServerName opengate.is.saga-u.ac.jp - ErrorLog "|/usr/bin/logger -p local6.info" - CustomLog "|/usr/bin/logger -p local5.info" combined -</VirtualHost> - -NameVirtualHost 192.168.0.34:80 -<VirtualHost 192.168.0.34:80> - ServerAdmin administrator@opengate.is.saga-u.ac.jp - DocumentRoot /usr/local/www - ServerName opengate4.is.saga-u.ac.jp - ErrorLog "|/usr/bin/logger -p local6.info" - CustomLog "|/usr/bin/logger -p local5.info" combined -</VirtualHost> - |
ssl.conf |
-NameVirtualHost 192.168.55.1:443 -<VirtualHost 192.168.55.1:443> - DocumentRoot "/usr/local/www" - ServerName opengate.is.saga-u.ac.jp:443 - ServerAdmin administrator@opengate.is.saga-u.ac.jp - ErrorLog "|/usr/bin/logger -p local6.info" - CustomLog "|/usr/bin/logger -p local5.info" combined - - SSLEngine on - SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL - SSLCertificateFile /usr/local/etc/apache2/ssl.crt/server1.crt - SSLCertificateKeyFile /usr/local/etc/apache2/ssl.key/server1.key -</VirtualHost> - -NameVirtualHost [2001:e38:3661:1a5::1]:443 -<VirtualHost [2001:e38:3661:1a5::1]:443> - DocumentRoot "/usr/local/www" - ServerName opengate.is.saga-u.ac.jp:443 - ServerAdmin administrator@opengate.is.saga-u.ac.jp - ErrorLog "|/usr/bin/logger -p local6.info" - CustomLog "|/usr/bin/logger -p local5.info" combined - - SSLEngine on - SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL - SSLCertificateFile /usr/local/etc/apache2/ssl.crt/server1.crt - SSLCertificateKeyFile /usr/local/etc/apache2/ssl.key/server1.key -</VirtualHost> - -NameVirtualHost 192.168.0.34:443 -<VirtualHost 192.168.0.34:443> - DocumentRoot "/usr/local/www" - ServerName opengate4.is.saga-u.ac.jp:443 - ServerAdmin administrator@opengate.is.saga-u.ac.jp - ErrorLog "|/usr/bin/logger -p local6.info" - CustomLog "|/usr/bin/logger -p local5.info" combined - - SSLEngine on - SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL - SSLCertificateFile /usr/local/etc/apache2/ssl.crt/server2.crt - SSLCertificateKeyFile /usr/local/etc/apache2/ssl.key/server2.key -</VirtualHost> - |
You have to edit other directive. Be familiar with apache2 configuration.
- - - - -Opengate must always send authentication page for any kind of HTTP request. Therefore -Add next line "to httpd.conf".
- --ErrorDocument 404 / - |
-# cd /usr/ports/net/isc-dhcp3-server -# make -===> Cleaning for isc-dhcp3-server-3.0.1.r14_3 -# make install clean ; rehash - |
There is "/usr/local/etc/dhcpd.conf.sample" as configuration file after instalation. -Copy dhcpd.conf.sample to dhcpd.conf and edit configuration file.
- --option domain-name "saga-u.ac.jp"; -option domain-name-servers 192.168.0.2; -option subnet-mask 255.255.255.0; -option broadcast-address 192.168.55.255; -option routers 192.168.55.1; - -default-lease-time 600; -max-lease-time 7200; -ddns-update-style none; -log-facility local7; - -subnet 192.168.55.0 netmask 255.255.255.0 { - range 192.168.55.100 192.168.55.200; -} - |
Add next lines to "/etc/rc.conf".
- --dhcpd_enable="YES" -dhcpd_ifaces="bge0" -dhcpd_conf="/usr/local/etc/dhcpd.conf" - |
dhcpd_ifaces : interfaces ID that send DHCP.
- - - - - \ No newline at end of file diff --git a/opengate/doc/en/e.html b/opengate/doc/en/e.html deleted file mode 100644 index 86724a9..0000000 --- a/opengate/doc/en/e.html +++ /dev/null @@ -1,225 +0,0 @@ - - -Opengate needs two FQDNs. It can be settled even to register FQDN for Opengate with -existing DNS. When use NAT, you had not better regist an address of IPv4 private network -with outside DNS.
- --# cd /usr/ports/dns/bind9/ -# make clean -===> Cleaning for bind9-9.3.1 -# make install clean ; rehash - |
There is "/etc/namedb(/var/named/etc/namedb)" after installation.
- - - - -BIND9 is controlled by rndc command for security.
- --# /usr/local/sbin/dnssec-keygen -a hmac-md5 -b 512 -n user rndc - |
When error "out of entropy", try with next method.
- --# /usr/local/sbin/dnssec-keygen -r /dev/urandom -a hmac-md5 -b 512 -n user rndc - |
Krndc.+157+60849.key
Krndc.+157+60849.private
There is "/usr/local/etc/rndc.conf.sample" after BIND9 installation. -And copy to "rndc.conf".
- -Edit "key" directive as like "key" directive of "Krndc.+xxxxxxxx.private.
- --options { - default-server localhost; - default-key "key"; -}; - -server localhost { - key "key"; -}; - -key "key" { - algorithm hmac-md5; - secret "..."; -}; - |
There is "/etc/namedb/named.conf" after installation.
- -Edit "key" directive as like "key" directive of "rndc.conf"
- --key "rndc_key" { - algorithm hmac-md5; - secret "..."; -}; - -controls { - inet ::1 allow { - ::1; - } - keys { - "rndc_key"; - }; - inet 127.0.0.1 allow { - 127.0.0.1; - } - keys { - "rndc_key"; - }; -}; - |
Write "key" directive in the other file. And you had better include it in "named.conf". -You can secure security more by setting a permission of the other file adequately.
- -Edit "options" directive.
- --options { - directory "/etc/namedb"; - pid-file "/var/run/named/named.pid"; - auth-nxdomain yes; - listen-on-v6 { any; }; -}; - |
Make a directory to put "named.pid" properly.
- - - - -Edit "view" and "zone" directive.
- -"view" directive is implemented in BIND9. "zone" is child directive of "view". -BIND9 can choose zone which answers client by a DNS inquiry IP address by setting "view" adequately.
- --view "og" { - match-clients - { - 10.0.0.0/16; - }; - - recursion yes; - - zone "." { - type hint; - file "named.root"; - }; - - zone "og.saga-u.ac.jp" { - type master; - file "og.saga-u.ac.jp"; - }; - - zone "0.0.127.IN-ADDR.ARPA" { - type master; - file "master/localhost.rev"; - }; - - // RFC 3152 - zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.\ - 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA" { - type master; - file "master/localhost-v6.rev"; - }; - - // RFC 1886 -- deprecated - zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.\ - 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.INT" { - type master; - file "master/localhost-v6.rev"; - }; -}; - |
Make a "zone" file of domain as "og.saga-u.ac.jp".
- --$TTL 3600 -$ORIGIN og.saga-u.ac.jp. - -@ IN SOA ns.og.saga-u.ac.jp. postmaster ( - 2005051702 ; - 3600 - 1200 - 2419200 - 86400 ) - IN NS ns.og.saga-u.ac.jp. - IN A 10.0.0.2 - IN MX 10 opengate.og.saga-u.ac.jp. - -ns IN A 10.0.0.2 - -opengate IN A 10.0.0.2 - AAAA 2001:2f8:10:1::1 - -opengate4 IN A 133.49.1.2 - |
Confirm starting "named" after setting was completed.
- --# /usr/local/sbin/named/ -u bind -c /etc/namedb/named.conf - |
If "named" starts without a problem, Add next lines to "/etc/rc.conf".
- --named_enable="YES" -named_program="/usr/local/sbin/named" -named_flags="-u bind -c /etc/namedb/named.conf" - |
Because management of a DNS server is too complicatedly, You had better read manual of BIND9 carefully, and -refer to other document.
- - - - - \ No newline at end of file diff --git a/opengate/doc/en/f.html b/opengate/doc/en/f.html deleted file mode 100644 index f58548e..0000000 --- a/opengate/doc/en/f.html +++ /dev/null @@ -1,269 +0,0 @@ - - -You can use MRTG to watch a state of Opengate. If you do not wath a state of Opengate, you -do not have to install MRTG.
- -MRTG(Multi Router Traffic Grapher) is system to watch network traffic. -MRTG makes graphic images and HTML files.
- -You can install MRTG to gateway server or another server. If you must watch plural Opengate, you -had better install MRTG to another server.
- --# cd /usr/ports/net-mgmt/mrtg/ -# make clean -===> Cleaning for mrtg-2.12.2,1 -# make install clean ; rehash - |
There is "/usr/local/etc/mrtg/mrtg.cfg.sample" as configuration file after instalation. -Copy mrtg.cfg.sample to opengate.cfg and edit configuration file.
- --################################################## -# opengate user counter - -WorkDir: /usr/home/user/public_html/mrtg/opengate/ - -##### Options -Options[^]: growright,gauge,nopercent,integer - -Target[opengate]:`/usr/home/user/bin/input.sh` -Title[opengate]: Opengate user counter - -PageTop[opengate]: <h1>Opengate user counter</h1> - <p>Show the number of people using Opengate</p> - -# Max Number -MaxBytes[opengate]: 200 - -# Title of Y axis -YLegend[opengate]: Opengate User -# unit -ShortLegend[opengate]: s -# Title of graph LegendI: first line LegendO: second line -LegendI[opengate]: IPv6 Users -LegendO[opengate]: Total Users - |
make a directory which you appointed in "WorkDir". MRTG makes graphic images and HTML files in WorkDir.
- -"Target[opengate]" is path to program to hand data to MRTG. explain below th details.
- - - -Put this shellscript as "/usr/home/user/bin/input.sh".
- --#!/bin/sh - -####################################### -## -## shwo opengate status for MRTG -## -## 1 line : IPv6 Users -## 2 line : Total Users -## 3 line : uptime -## 4 line : comment for data -## -####################################### - -LANG=C -COLUMNS=256 - -export LANG -export COLUMNS - -### IPv6 prefix -prefix="2001:2f8:22:801:" - -### opengate process name -process="opengatesrv.cgi" - -### tmp file name -tmp_all="/tmp/og_count_all.tmp" -tmp_6="/tmp/og_count_6.tmp" - -###################################################### - -ps ax | grep $process > $tmp_all -COUNT=`wc -l $tmp_all | awk '{print $1}'` -grep $prefix $tmp_all > $tmp_6 -COUNT6=`wc -l $tmp_6 | awk '{print $1}'` -UPTIME=`uptime | awk '{print $3$4}' | sed -e "s/,//g"` - -rm $tmp_all -rm $tmp_6 - -echo "$COUNT6" -echo "$COUNT" -echo "$UPTIME" -echo "Opengate User Counter" - |
carry out this shell script alone and confirm that you can acquire the following data.
- --5 -48 -10days -Opengate User Counter - |
Put this shellscript as "/usr/home/user/bin/input.sh" on another server.
- --#!/bin/sh - -####################################### -## -## input data for MRTG -## -## 1 line : IPv6 Users -## 2 line : Total Users -## 3 line : uptime -## 4 line : comment for data -## -####################################### - -# tmp file name -file="/tmp/opengate.tmp" - -# URL of output.sh at opengate -url="http://opengate.saga-u.ac.jp/cgi-bin/output.sh" - -fetch -o $file $url &> /dev/null - -more $file - |
Put this shell script as "/usr/local/apache2/cgi-bin/output.sh" on Opengate server. -And set this URL to $url in script explained by the above.
- --#!/bin/sh - -####################################### -## -## shwo opengate status for MRTG -## -## 1 line : IPv6 Users -## 2 line : Total Users -## 3 line : uptime -## 4 line : comment for data -## -####################################### - -LANG=C -COLUMNS=256 - -export LANG -export COLUMNS - -### IPv6 prefix -prefix="2001:2f8:22:801:" - -### opengate process name -process="opengatesrv.cgi" - -### tmp file name -tmp_all="/tmp/og_count_all.tmp" -tmp_6="/tmp/og_count_6.tmp" - -######################################################3 - -ps ax | grep $process > $tmp_all -COUNT=`wc -l $tmp_all | awk '{print $1}'` -grep $prefix $tmp_all > $tmp_6 -COUNT6=`wc -l $tmp_6 | awk '{print $1}'` -UPTIME=`uptime | awk '{print $3$4}' | sed -e "s/,//g"` -rm $tmp_all -rm $tmp_6 - -echo "Content-type: text/plain; charset=iso-8859-1" -echo - -echo "$COUNT6" -echo "$COUNT" -echo "$UPTIME" -echo "Opengate User Counter" - |
carry out "input.sh" shell script on another server and confirm that you can acquire the following data.
- --5 -48 -10days -Opengate User Counter - |
Confirm after setting was completed.
- --# /usr/local/bin/mrtg /usr/local/etc/mrtg/opengate.cfg - |
Various WARNING is output the first time and second.
- -There is some files in "WorkDir".
- --> ls -l --rw-r--r-- 1 root wheel 538 12 14 04:40 mrtg-l.png --rw-r--r-- 1 root wheel 414 12 14 04:40 mrtg-m.png --rw-r--r-- 1 root wheel 1759 12 14 04:40 mrtg-r.png --rw-r--r-- 1 root wheel 2941 12 20 15:15 opengate-day.png --rw-r--r-- 1 root wheel 2146 12 20 14:35 opengate-month.png --rw-r--r-- 1 root wheel 2867 12 20 14:55 opengate-week.png --rw-r--r-- 1 root wheel 1897 12 20 05:00 opengate-year.png --rw-r--r-- 1 root wheel 5961 12 20 15:15 opengate.html --rw-r--r-- 1 root wheel 48786 12 20 15:15 opengate.log --rw-r--r-- 1 root wheel 48784 12 20 15:10 opengate.old - |
Add next line to "/etc/crontab".
- --*/5 * * * * root /usr/local/bin/mrtg /usr/local/etc/mrtg/opengate.cfg - |
List of Install Procedure.(*:Necessary by all means)
- -Choose distribution Developer(Full sorces, binaries and doc), because we have to prepare a kernel.
-Add next line to "/etc/rc.conf", because you validate a function of a gateway.
- -gateway_enable="YES" |
-
Unfolds the latest package of Opengate. It have next directory.
- -
--docFDocumentations -confFconfiguration file sample and firewall control perl script sample -javahtmlFClient Java Programs and HTML files -opengatesrvFServer CGI program -- |
Edit Makefile and opengatesrv.h in opengatesrv before carry out compile.
-Opengate needs tow FQDNs(FQDN_4 and FQDN_64). For example, FQDN_4 is "opengate.saga-u.ac.jp" -(IPv4 address: 133.49.31.1). FQDN_64 is "opengate.saga-u.ac.jp"(IPv4 address: 192.168.55.1, IPv6 address: 2001:e38:100:100::1).
- -Makefile
-opengatesrv.h
- -Compile and Install after finishing the above-mentioned setting.
- --#make -cc -DCONFIGFILE=\"/etc/opengatesrv.conf\" --DOPENGATEDIR=\"/opengate\" -DDENYDOC=\"deny.html\" --DDENYDOC=\"deny.html\" -DDENYDOCSSL=\"deny-ssl.html\" ------------------ ------------------ ------------------ -# make install - |
It is described the details of a setting method in a configuration file (opengatesrv.conf).
- - - -Prepare kernel having ipfw and ip6fw functions.
- -Copy kernel options file.
- --# cd /usr/src/sys/i386/conf -# cp GENERIC MYKERNEL - |
Add next lines.
- --options IPDIVERT - -options IPFIREWALL -options IPFIREWALL_FORWARD -options IPFIREWALL_VERBOSE -options IPFIREWALL_VERBOSE_LIMIT=100 - -options IPV6FIREWALL -options IPV6FIREWALL_VERBOSE -options IPV6FIREWALL_VERBOSE_LIMIT=100 - -options IPSEC -options IPSEC_ESP -options TCP_DROP_SYSFIN - |
compile and install kernel having ipfw and ip6fw functions.
- --# config MYKERNEL -# cd ../compile/MYKERNEL -# make depend -# make -# make install - |
Add next lines to "/etc/rc.conf".
- --firewall_enable="YES" -firewall_script="/etc/rc.firewall" - -ipv6_firewall_enable="YES" -ipv6_firewall_script="/etc/rc.firewall6" - -natd_enable="YES" -natd_interface="em0" - |
Validate a ipfw and ip6fw. And setup configuration script path. -When use NAT, Validate natd and setup natd interface.
- - - - -Write a rule of ipfw for Opengate. This is example "/etc/rc.firewall".
- --### set these to your outside interface network and netmask and ip -oif="em0" -onet="192.168.0.0" -omask="255.255.255.0" -oip="192.168.0.34" - -### set these to your inside interface network and netmask and ip -iif="bge0" -inet="192.168.55.0" -imask="255.255.255.0" -iip="192.168.55.1" - -fwcmd="/sbin/ipfw" - -### divert packet to NATD -$fwcmd add 1 divert natd ip from any to any via ${oif} - -### Stop spoofing -$fwcmd add deny all from ${inet}:${imask} to any in via ${oif} -$fwcmd add deny all from ${onet}:${omask} to any in via ${iif} - -### Stop http from softeather -$fwcmd add deny tcp from 192.168.0.0:255.255.255.0 to ${oip} 80 -$fwcmd add deny tcp from 192.168.0.0:255.255.255.0 to ${oip} 443 - -### Allow from / to myself -$fwcmd add pass all from ${iip} to any via ${iif} -$fwcmd add pass all from ${oip} to any via ${oif} -$fwcmd add pass all from any to ${iip} via ${iif} -$fwcmd add pass all from any to ${oip} via ${oif} - -### Allow DNS queries out in the world -### (if DNS is on localhost, delete passDNS) -$fwcmd add pass udp from any 53 to any -$fwcmd add pass udp from any to any 53 -$fwcmd add pass tcp from any to any 53 -$fwcmd add pass tcp from any 53 to any - -### Forwarding http connection from unauth client -$fwcmd add 60000 fwd localhost tcp from ${inet}:${imask} to any 80 -$fwcmd add 60010 fwd localhost tcp from ${inet}:${imask} to any 443 - -### Allow TCP through if setup succeeded -$fwcmd add 60100 pass tcp from any to any established - |
Rule number for [forward] Command must be larger than the rule numbers used in opengate(10000-40000). -Rule number for [divert to natd] must be smaller than most rules.
- -The file [conf/opengatefw.conf] is the script describing the above rules. - You can edit and use this script instead of rc.firewall.
- -Be falimiar with ipfw command. Opengate is a software to send out the ipfw command like above one.
- - - - -Write a rule of ip6fw for Opengate. This is example "/etc/rc.firewall6".
- --### set these to your outside interface network and prefixlen and ip -oif="em0" -onet="2001:e38:3661:1a0::" -oprefixlen="64" -oip="2001:e38:3661:1a0::34" - -### set these to your inside interface network and prefixlen and ip -iif="bge0" -inet="2001:e38:3661:1a5::" -iprefixlen="64" -iip="2001:e38:3661:1a5::1" - -### path to command "ip6fw" -fw6cmd="/sbin/ip6fw" - -${fw6cmd} add pass all from ${iip} to any -${fw6cmd} add pass all from any to ${iip} -${fw6cmd} add pass all from ${oip} to any -${fw6cmd} add pass all from any to ${oip} - -### Allow RA RS NS NA Redirect... -${fw6cmd} add pass ipv6-icmp from any to any - -# Allow IP fragments to pass through -${fw6cmd} add pass all from any to any frag - -# Allow RIPng -${fw6cmd} add pass udp from fe80::/10 521 to ff02::9 521 -${fw6cmd} add pass udp from fe80::/10 521 to fe80::/10 521 - -### Allow TCP through if setup succeeded -${fw6cmd} add 60100 pass tcp from any to any established - -# TCP reset notice message -${fw6cmd} add 60200 reset tcp from any to any 80 -${fw6cmd} add 60300 reset tcp from any to any 443 - |
ip6fw dose not have [forward] function. Threrfore Opengate waits for -timeout of IPv6 HTTP request. And uses [forward] function of ipfw.
- -When use FreeBSD 5.2 more, ip6fw has TCP reset function. -TCP reset try to send a TCP reset (RST) notice.
- -The file [conf/opengatefw6.conf] is the script describing the above rules. - You can edit and use this script instead of rc.firewall6.
- -Be falimiar with ip6fw command too.
- - - -Opengate needs Apache2 supporting IPv6. Because Opengate does authentication, Apache2 -had better support SSL. But you don't have to install mod_ssl because -Apache2 support SSL with a standard.
- --# cd /usr/ports/www/apache2 -# make clean -===> Cleaning for autoconf-2.53_1 -===> Cleaning for libtool-1.3.5_1 -===> Cleaning for m4-1.4_1 -===> Cleaning for help2man-1.29 -===> Cleaning for expat-1.95.6_1 -===> Cleaning for apache-2.0.48_3 -# make install clean ; rehash - |
Add next lines to "/etc/rc.conf"
- --apache2_enable="YES" -apache2ssl_enable="YES" - |
You can get a source of Apache2 from "www.apache.org".
- -Validate a SSL module in configure.
- --# tar xvfz httpd-2.0.55.tar.gz -# cd httpd-2.0.55 -# ./configure --enable-modules="so ssl" -# make -# make install - |
Make two Private keys and Certificates for Apache2 because Opengate needs -two FQDNs.
- --# cd /usr/local/etc/apache2 -# mkdir ssl.key ssl.crt -# chmod 700 ssl.key ssl.crt - -# /usr/bin/openssl genrsa -out /usr/local/etc/apache2/ssl.key/server1.key 1024 -# /usr/bin/openssl genrsa -out /usr/local/etc/apache2/ssl.key/server2.key 1024 - |
-# /usr/bin/openssl req -new -x509 -days 365 \ - -key /usr/local/etc/apache2/ssl.key/server1.key \ - -out /usr/local/etc/apache2/ssl.crt/server1.crt - -You are about to be asked to enter information that will be incorporated -into your certificate request. -What you are about to enter is what is called a Distinguished Name or a DN. -There are quite a few fields but you can leave some blank -For some fields there will be a default value, -If you enter '.', the field will be left blank. ------ -Country Name (2 letter code) [AU]:JP -State or Province Name (full name) [Some-State]:Saga -Locality Name (eg, city) []:Saga-city -Organization Name (eg, company) [Internet Widgits Pty Ltd]:Saga-university -Organizational Unit Name (eg, subsection) []:Information Science -Common Name (eg, YOUR name) []:opengate.is.saga-u.ac.jp -Email Address []:administrator@opengate.is.saga-u.ac.jp - -Please enter the following 'extra' attributes -to be sent with your certificate request -A challenge password []: -An optional company name []: - -# /usr/bin/openssl req -new -x509 -days 365 \ - -key /usr/local/etc/apache2/ssl.key/server2.key \ - -out /usr/local/etc/apache2/ssl.crt/server2.crt - -You are about to be asked to enter information that will be incorporated -into your certificate request. -What you are about to enter is what is called a Distinguished Name or a DN. -There are quite a few fields but you can leave some blank -For some fields there will be a default value, -If you enter '.', the field will be left blank. ------ -Country Name (2 letter code) [AU]:JP -State or Province Name (full name) [Some-State]:Saga -Locality Name (eg, city) []:Saga-city -Organization Name (eg, company) [Internet Widgits Pty Ltd]:Saga-university -Organizational Unit Name (eg, subsection) []:Information Science -Common Name (eg, YOUR name) []:opengate4.is.saga-u.ac.jp -Email Address []:administrator@opengate.is.saga-u.ac.jp - -Please enter the following 'extra' attributes -to be sent with your certificate request -A challenge password []: -An optional company name []: - |
Name-based virtual hosting cannot be used with SSL secure servers -because of the nature of the SSL protocol. Therefore, use IP-based virtual host.
- -Edit httpd.conf and ssl.conf like an example.
- -httpd.conf |
-NameVirtualHost 192.168.55.1:80 -<VirtualHost 192.168.55.1:80> - ServerAdmin administrator@opengate.is.saga-u.ac.jp - DocumentRoot /usr/local/www - ServerName opengate.is.saga-u.ac.jp - ErrorLog "|/usr/bin/logger -p local6.info" - CustomLog "|/usr/bin/logger -p local5.info" combined -</VirtualHost> - -NameVirtualHost [2001:e38:3661:1a5::1]:80 -<VirtualHost [2001:e38:3661:1a5::1]:80> - ServerAdmin administrator@opengate.is.saga-u.ac.jp - DocumentRoot /usr/local/www - ServerName opengate.is.saga-u.ac.jp - ErrorLog "|/usr/bin/logger -p local6.info" - CustomLog "|/usr/bin/logger -p local5.info" combined -</VirtualHost> - -NameVirtualHost 192.168.0.34:80 -<VirtualHost 192.168.0.34:80> - ServerAdmin administrator@opengate.is.saga-u.ac.jp - DocumentRoot /usr/local/www - ServerName opengate4.is.saga-u.ac.jp - ErrorLog "|/usr/bin/logger -p local6.info" - CustomLog "|/usr/bin/logger -p local5.info" combined -</VirtualHost> - |
ssl.conf |
-NameVirtualHost 192.168.55.1:443 -<VirtualHost 192.168.55.1:443> - DocumentRoot "/usr/local/www" - ServerName opengate.is.saga-u.ac.jp:443 - ServerAdmin administrator@opengate.is.saga-u.ac.jp - ErrorLog "|/usr/bin/logger -p local6.info" - CustomLog "|/usr/bin/logger -p local5.info" combined - - SSLEngine on - SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL - SSLCertificateFile /usr/local/etc/apache2/ssl.crt/server1.crt - SSLCertificateKeyFile /usr/local/etc/apache2/ssl.key/server1.key -</VirtualHost> - -NameVirtualHost [2001:e38:3661:1a5::1]:443 -<VirtualHost [2001:e38:3661:1a5::1]:443> - DocumentRoot "/usr/local/www" - ServerName opengate.is.saga-u.ac.jp:443 - ServerAdmin administrator@opengate.is.saga-u.ac.jp - ErrorLog "|/usr/bin/logger -p local6.info" - CustomLog "|/usr/bin/logger -p local5.info" combined - - SSLEngine on - SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL - SSLCertificateFile /usr/local/etc/apache2/ssl.crt/server1.crt - SSLCertificateKeyFile /usr/local/etc/apache2/ssl.key/server1.key -</VirtualHost> - -NameVirtualHost 192.168.0.34:443 -<VirtualHost 192.168.0.34:443> - DocumentRoot "/usr/local/www" - ServerName opengate4.is.saga-u.ac.jp:443 - ServerAdmin administrator@opengate.is.saga-u.ac.jp - ErrorLog "|/usr/bin/logger -p local6.info" - CustomLog "|/usr/bin/logger -p local5.info" combined - - SSLEngine on - SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL - SSLCertificateFile /usr/local/etc/apache2/ssl.crt/server2.crt - SSLCertificateKeyFile /usr/local/etc/apache2/ssl.key/server2.key -</VirtualHost> - |
You have to edit other directive. Be familiar with apache2 configuration.
- - - - -Opengate must always send authentication page for any kind of HTTP request. Therefore -Add next line "to httpd.conf".
- --ErrorDocument 404 / - |
-# cd /usr/ports/net/isc-dhcp3-server -# make -===> Cleaning for isc-dhcp3-server-3.0.1.r14_3 -# make install clean ; rehash - |
There is "/usr/local/etc/dhcpd.conf.sample" as configuration file after instalation. -Copy dhcpd.conf.sample to dhcpd.conf and edit configuration file.
- --option domain-name "saga-u.ac.jp"; -option domain-name-servers 192.168.0.2; -option subnet-mask 255.255.255.0; -option broadcast-address 192.168.55.255; -option routers 192.168.55.1; - -default-lease-time 600; -max-lease-time 7200; -ddns-update-style none; -log-facility local7; - -subnet 192.168.55.0 netmask 255.255.255.0 { - range 192.168.55.100 192.168.55.200; -} - |
Add next lines to "/etc/rc.conf".
- --dhcpd_enable="YES" -dhcpd_ifaces="bge0" -dhcpd_conf="/usr/local/etc/dhcpd.conf" - |
dhcpd_ifaces : interfaces ID that send DHCP.
- - - -Opengate needs two FQDNs. It can be settled even to register FQDN for Opengate with -existing DNS. When use NAT, you had not better regist an address of IPv4 private network -with outside DNS.
- --# cd /usr/ports/dns/bind9/ -# make clean -===> Cleaning for bind9-9.3.1 -# make install clean ; rehash - |
There is "/etc/namedb(/var/named/etc/namedb)" after installation.
- - - - -BIND9 is controlled by rndc command for security.
- --# /usr/local/sbin/dnssec-keygen -a hmac-md5 -b 512 -n user rndc - |
When error "out of entropy", try with next method.
- --# /usr/local/sbin/dnssec-keygen -r /dev/urandom -a hmac-md5 -b 512 -n user rndc - |
Krndc.+157+60849.key
Krndc.+157+60849.private
There is "/usr/local/etc/rndc.conf.sample" after BIND9 installation. -And copy to "rndc.conf".
- -Edit "key" directive as like "key" directive of "Krndc.+xxxxxxxx.private.
- --options { - default-server localhost; - default-key "key"; -}; - -server localhost { - key "key"; -}; - -key "key" { - algorithm hmac-md5; - secret "..."; -}; - |
There is "/etc/namedb/named.conf" after installation.
- -Edit "key" directive as like "key" directive of "rndc.conf"
- --key "rndc_key" { - algorithm hmac-md5; - secret "..."; -}; - -controls { - inet ::1 allow { - ::1; - } - keys { - "rndc_key"; - }; - inet 127.0.0.1 allow { - 127.0.0.1; - } - keys { - "rndc_key"; - }; -}; - |
Write "key" directive in the other file. And you had better include it in "named.conf". -You can secure security more by setting a permission of the other file adequately.
- -Edit "options" directive.
- --options { - directory "/etc/namedb"; - pid-file "/var/run/named/named.pid"; - auth-nxdomain yes; - listen-on-v6 { any; }; -}; - |
Make a directory to put "named.pid" properly.
- - - - -Edit "view" and "zone" directive.
- -"view" directive is implemented in BIND9. "zone" is child directive of "view". -BIND9 can choose zone which answers client by a DNS inquiry IP address by setting "view" adequately.
- --view "og" { - match-clients - { - 10.0.0.0/16; - }; - - recursion yes; - - zone "." { - type hint; - file "named.root"; - }; - - zone "og.saga-u.ac.jp" { - type master; - file "og.saga-u.ac.jp"; - }; - - zone "0.0.127.IN-ADDR.ARPA" { - type master; - file "master/localhost.rev"; - }; - - // RFC 3152 - zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.\ - 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA" { - type master; - file "master/localhost-v6.rev"; - }; - - // RFC 1886 -- deprecated - zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.\ - 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.INT" { - type master; - file "master/localhost-v6.rev"; - }; -}; - |
Make a "zone" file of domain as "og.saga-u.ac.jp".
- --$TTL 3600 -$ORIGIN og.saga-u.ac.jp. - -@ IN SOA ns.og.saga-u.ac.jp. postmaster ( - 2005051702 ; - 3600 - 1200 - 2419200 - 86400 ) - IN NS ns.og.saga-u.ac.jp. - IN A 10.0.0.2 - IN MX 10 opengate.og.saga-u.ac.jp. - -ns IN A 10.0.0.2 - -opengate IN A 10.0.0.2 - AAAA 2001:2f8:10:1::1 - -opengate4 IN A 133.49.1.2 - |
Confirm starting "named" after setting was completed.
- --# /usr/local/sbin/named/ -u bind -c /etc/namedb/named.conf - |
If "named" starts without a problem, Add next lines to "/etc/rc.conf".
- --named_enable="YES" -named_program="/usr/local/sbin/named" -named_flags="-u bind -c /etc/namedb/named.conf" - |
Because management of a DNS server is too complicatedly, You had better read manual of BIND9 carefully, and -refer to other document.
- - -You can use MRTG to watch a state of Opengate. If you do not wath a state of Opengate, you -do not have to install MRTG.
- -MRTG(Multi Router Traffic Grapher) is system to watch network traffic. -MRTG makes graphic images and HTML files.
- -You can install MRTG to gateway server or another server. If you must watch plural Opengate, you -had better install MRTG to another server.
- --# cd /usr/ports/net-mgmt/mrtg/ -# make clean -===> Cleaning for mrtg-2.12.2,1 -# make install clean ; rehash - |
There is "/usr/local/etc/mrtg/mrtg.cfg.sample" as configuration file after instalation. -Copy mrtg.cfg.sample to opengate.cfg and edit configuration file.
- --################################################## -# opengate user counter - -WorkDir: /usr/home/user/public_html/mrtg/opengate/ - -##### Options -Options[^]: growright,gauge,nopercent,integer - -Target[opengate]:`/usr/home/user/bin/input.sh` -Title[opengate]: Opengate user counter - -PageTop[opengate]: <h1>Opengate user counter</h1> - <p>Show the number of people using Opengate</p> - -# Max Number -MaxBytes[opengate]: 200 - -# Title of Y axis -YLegend[opengate]: Opengate User -# unit -ShortLegend[opengate]: s -# Title of graph LegendI: first line LegendO: second line -LegendI[opengate]: IPv6 Users -LegendO[opengate]: Total Users - |
make a directory which you appointed in "WorkDir". MRTG makes graphic images and HTML files in WorkDir.
- -"Target[opengate]" is path to program to hand data to MRTG. explain below th details.
- - - -Put this shellscript as "/usr/home/user/bin/input.sh".
- --#!/bin/sh - -####################################### -## -## shwo opengate status for MRTG -## -## 1 line : IPv6 Users -## 2 line : Total Users -## 3 line : uptime -## 4 line : comment for data -## -####################################### - -LANG=C -COLUMNS=256 - -export LANG -export COLUMNS - -### IPv6 prefix -prefix="2001:2f8:22:801:" - -### opengate process name -process="opengatesrv.cgi" - -### tmp file name -tmp_all="/tmp/og_count_all.tmp" -tmp_6="/tmp/og_count_6.tmp" - -###################################################### - -ps ax | grep $process > $tmp_all -COUNT=`wc -l $tmp_all | awk '{print $1}'` -grep $prefix $tmp_all > $tmp_6 -COUNT6=`wc -l $tmp_6 | awk '{print $1}'` -UPTIME=`uptime | awk '{print $3$4}' | sed -e "s/,//g"` - -rm $tmp_all -rm $tmp_6 - -echo "$COUNT6" -echo "$COUNT" -echo "$UPTIME" -echo "Opengate User Counter" - |
carry out this shell script alone and confirm that you can acquire the following data.
- --5 -48 -10days -Opengate User Counter - |
Put this shellscript as "/usr/home/user/bin/input.sh" on another server.
- --#!/bin/sh - -####################################### -## -## input data for MRTG -## -## 1 line : IPv6 Users -## 2 line : Total Users -## 3 line : uptime -## 4 line : comment for data -## -####################################### - -# tmp file name -file="/tmp/opengate.tmp" - -# URL of output.sh at opengate -url="http://opengate.saga-u.ac.jp/cgi-bin/output.sh" - -fetch -o $file $url &> /dev/null - -more $file - |
Put this shell script as "/usr/local/apache2/cgi-bin/output.sh" on Opengate server. -And set this URL to $url in script explained by the above.
- --#!/bin/sh - -####################################### -## -## shwo opengate status for MRTG -## -## 1 line : IPv6 Users -## 2 line : Total Users -## 3 line : uptime -## 4 line : comment for data -## -####################################### - -LANG=C -COLUMNS=256 - -export LANG -export COLUMNS - -### IPv6 prefix -prefix="2001:2f8:22:801:" - -### opengate process name -process="opengatesrv.cgi" - -### tmp file name -tmp_all="/tmp/og_count_all.tmp" -tmp_6="/tmp/og_count_6.tmp" - -######################################################3 - -ps ax | grep $process > $tmp_all -COUNT=`wc -l $tmp_all | awk '{print $1}'` -grep $prefix $tmp_all > $tmp_6 -COUNT6=`wc -l $tmp_6 | awk '{print $1}'` -UPTIME=`uptime | awk '{print $3$4}' | sed -e "s/,//g"` -rm $tmp_all -rm $tmp_6 - -echo "Content-type: text/plain; charset=iso-8859-1" -echo - -echo "$COUNT6" -echo "$COUNT" -echo "$UPTIME" -echo "Opengate User Counter" - |
carry out "input.sh" shell script on another server and confirm that you can acquire the following data.
- --5 -48 -10days -Opengate User Counter - |
Confirm after setting was completed.
- --# /usr/local/bin/mrtg /usr/local/etc/mrtg/opengate.cfg - |
Various WARNING is output the first time and second.
- -There is some files in "WorkDir".
- --> ls -l --rw-r--r-- 1 root wheel 538 12 14 04:40 mrtg-l.png --rw-r--r-- 1 root wheel 414 12 14 04:40 mrtg-m.png --rw-r--r-- 1 root wheel 1759 12 14 04:40 mrtg-r.png --rw-r--r-- 1 root wheel 2941 12 20 15:15 opengate-day.png --rw-r--r-- 1 root wheel 2146 12 20 14:35 opengate-month.png --rw-r--r-- 1 root wheel 2867 12 20 14:55 opengate-week.png --rw-r--r-- 1 root wheel 1897 12 20 05:00 opengate-year.png --rw-r--r-- 1 root wheel 5961 12 20 15:15 opengate.html --rw-r--r-- 1 root wheel 48786 12 20 15:15 opengate.log --rw-r--r-- 1 root wheel 48784 12 20 15:10 opengate.old - |
Add next line to "/etc/crontab".
- --*/5 * * * * root /usr/local/bin/mrtg /usr/local/etc/mrtg/opengate.cfg - |
-As opengate interacts with many software, it is diffcult to recognize the behavior. Then this memo is prepared to assist debug. -
-When error occured, check the stand alone action of each related software. Especially setting of ipfw is difficult and affects to many sides. At first, debug with ipfw fully open state. Then close it little by little. -
-Opengate uses following files, where the directorys are default. Is these files correctly settled. - -
- /usr/local/www/cgi-bin/opengate/opengatesrv.cgi - /usr/local/www/data/index.html.* - /usr/local/www/data/opengate/Opengate.class - /usr/local/www/data/opengate/OpengateClient.class - /usr/local/www/data/opengate/*/index.html - /usr/local/www/data/opengate/*/index-ssl.html - /usr/local/www/data/opengate/*/accept.html - /usr/local/www/data/opengate/*/accept2.html - /usr/local/www/data/opengate/*/deny.html - /etc/opengatesrv.conf - /etc/opengatefw.pl - /var/log/opengate.log --And Opengate creates a lock file [/tmp/opengate.lock] at execution. -It can be removed. -
-Please understand the basic flow of the system by reading the description of system flow. -
-Test programs are prepared as opengatesrv/test-*. -
- -Following are the checking list for debugging. -
-
-
-
- -
-
- -
-
-
-
-
-
-
-
-
-
-
-
- -
-
-
-
-
-
-
-
-
-
-
-
-
-Opengate ͽÌ\tgEFAÌÔÌîðs¤àÌÅ·ÌÅA½ªN«Ä¢éÌ©»fªïµ¢Å·Bܽ»óÅÍfobO̽ßÉêpÌ@\ÍÝèµÄ èܹñB»±ÅA±ÌÍACXg[µÄà Opengate ª®©È¢ÌQl̽ßÉLµÜ·B -
-¤Ü®©È¢êAܸAÖA·é\tgEFAªeXPÆųí®ì·é©mFµÄ¾³¢BÁÉ ipfw ÌÝèÍ ¿±¿Ée¿µÜ·ÌÅ\ªÓªKvÅ·BÅÍipfwðSJúÉßÝèµÄ¤Ü®ÌðmFµÄ©ç¶ľ³¢B -
-OpengateÍȺÌt@CðpµÜ·B±êçͳµzu³êĢܷ©B -fBNgÍdefaultÊuÅ·B -
- /usr/local/www/cgi-bin/opengate/opengatesrv.cgi - /usr/local/www/data/index.html.* - /usr/local/www/data/opengate/Opengate.class - /usr/local/www/data/opengate/OpengateClient.class - /usr/local/www/data/opengate/*/index.html - /usr/local/www/data/opengate/*/index-ssl.html - /usr/local/www/data/opengate/*/accept.html - /usr/local/www/data/opengate/*/accept2.html - /usr/local/www/data/opengate/*/deny.html - /etc/opengatesrv.conf - /etc/opengatefw.pl - /var/log/opengate.log --³çÉAbNt@CÆµÄ /tmp/opengate.lockðgpµÜ·ªAì¬Ísv -Å·BÁµÄà\¢Ü¹ñB -
-ÊÉAvOt[ðàðpӵĢܷBvOÌî{IÈ®«ðc¬µÄ¾³¢B -
-®«`FbN̽ßÉeXgvOðpӵܵ½BopengatesrvÉtest-*ƵÄu¢Ä¢Ü·B -
- -ȺAÇóÉñµÜ·B -
-
- -
-
- -
-
-
-
-
-
-
-
-
-
-
-
- -
-
- -
-
-
-
-
-
- -
-
- -
-
-
-
-
-cd /usr/src/sys/i386/conf -cp GENERIC MYKERNEL -edit MYKERNEL - insert following 3 lines - options IPFIREWALL - options IPFIREWALL_FORWARD - options IPDIVERT - -config MYKERNEL -cd ../compile/MYKERNEL -make depend -make -make install -- -
-kern.ipc.somaxconn - Maximum number of TCP connections(default=128). - As Opengate server keeps TCP connection with each terminal, - the number must be set larger than the number of terminals. - -kern.ipc.nmbclusters - Maximum number of mbuf clusters (1cluster=2KB). It needs "send/recv - buffer size(default=32KB)" x "number of connections". - The usage statistics is shown by "netstat -m". --For example, these values are set as follows. -Be care about the memory size for mbuf (following setting needs 128MB). -
-Add two lines in the file "/etc/sysctl.conf". - kern.ipc.somaxconn=4096 - kern.ipc.nmbclusters=65536 -- -
- Essential: Apache, ipfw - Optional: NATD, DHCP, SSL, Perl etc -- * Check the installation carefully and be familiar with these softwares. -Debugging is confused, if these softwares are incomplete. -
- -
-gateway_enable="YES" <==If NATD is not used -firewall_enable="YES" -firewall_type="simple" -natd_enable="YES" <==If NATD is used -natd_interface="fxp0" <== ", the name must be matched to your interface. -- -
-
-Example description in /etc/rc.firewall.
-Be care that rules matched to [simple] are distributed in the file.
-Check the real setting by the command [ipfw list].
-The sample setting is not the ideal.
-Refer to the default rc.firewall and edit it properly.
-
-[Ss][Ii][Mm][Pp][Ll][Ee]) - # set these to your outside interface network and netmask and ip - oif="fxp0" - onet="133.49.20.0" - omask="255.255.252.0" - oip="133.49.22.5" - - # set these to your inside interface network and netmask and ip - iif="fxp1" - inet="192.168.0.0" - imask="255.255.255.0" - iip="192.168.0.1" - - # divert packet to NATD ################################ - $fwcmd add 1 divert natd ip from any to any via ${oif} - - # Stop spoofing - $fwcmd add deny all from ${inet}:${imask} to any in via ${oif} - $fwcmd add deny all from ${onet}:${omask} to any in via ${iif} - - # Allow from / to myself - $fwcmd add pass all from ${iip} to any via ${iif} - $fwcmd add pass all from ${oip} to any via ${oif} - $fwcmd add pass all from any to ${iip} via ${iif} - $fwcmd add pass all from any to ${oip} via ${oif} - - # Allow DNS queries out in the world - # (if DNS is on localhost, delete passDNS) - $fwcmd add pass udp from any 53 to any - $fwcmd add pass udp from any to any 53 - - # Forwarding http connection from unauth client ############### - $fwcmd add 60000 fwd localhost tcp from ${inet}:${imask} to any http - - # Allow TCP through if setup succeeded ######################## - $fwcmd add 60100 pass tcp from any to any established -- -Caution -
-The file [conf/opengatefw.conf] is the script describing the above rules. -You can edit and use this script instead of rc.firewall. -
-
- ipfw add 10000 allow ip from xx.xx.xx.xx to any <===Open outgoing - ipfw add 10000 allow ip from any to xx.xx.xx.xx <===Open incoming - - ipfw del 10000 <===Close --Be falimiar with ipfw command. -Opengate is a software to send out the ipfw command like above one. -
-
-Web access control -
-order deny,allow -deny from all -allow from 133.49.0.0/255.255.0.0 (Example, need to change address) -allow from 192.168.0.0/255.255.0.0 -- -CGI enable -
-#ScriptAlias /cgi-bin/ "/usr/local/www/cgi-bin/" -| -V -ScriptAlias /cgi-bin/ "/usr/local/www/cgi-bin/" -- -Jump to Top at Page NotFound -
-#ErrorDocument 404 /missing.html -| -V -ErrorDocument 404 /index.html -- -
-local1.* /var/log/opengate.log - --Separated by TAB key -- -
-touch /var/log/opengate.log --
- tar zxvf opengatexxx.tar.gz - (where xxx is the version. Use latest one) --Then, the following directorys are created. Check the files. -Change the setting if you want(Most setting can be modified after installation). -
- doc: Documentations - conf: configuration file sample, firewall control perl script sample - javahtml: Client Java Programs and HTML files. - opengatesrv: Server CGI program -- -
- javac Opengate.java - jar cvf Opengate.jar *.class --
- cd opengatesrv : Move to opengatesrv directory - edit Makefile : Modify Makefile (parameters are described below) - **HOSTADDR must be changed to IP address of your - machine's client side interface.** - edit opengatesrv.h : Modify header file(parameters are described below) - make : Compile - su : Change to Root - make install : Install --
-ID:address=hostname|hostaddr:[port=portno:]protocol=ftp|pop3|pop3s: -ID:protocol=radius:[conffile=filepath:] -ID:protocol=pam:[servicename=name:] --where each term indicates following. - -
-ID:Identification keyword for the authentication server. -address: IP address(or domain name) of the authentication server. -protocol: protocol for authentication, - At present, ftp,pop3,pop3s,radius,pam are available. -port: port number for authentication. If ignored, follows to /etc/services. -conffile: path to config file at RADIUS. default is "/etc/radius.conf". -servicename: service name at PAM. default is "opengate". --Examples of opengatesrv.conf -
-*This is a simple example.
-
-In this case, the user is checked by FTP accessing to the address xx.xx.xx.xx.
-At first, check the basic installation by the setting like this.
-
- default:tc=as - as:address=xx.xx.xx.xx:protocol=ftp: - (FTP access to address xx.xx.xx.xx must be checked in advance) -- - -*Following example sets four authentication servers.
- default:tc=cs - cs:address=noah.cs.is.saga-u.ac.jp:protocol=pop3: - cc:address=himiko.cc.saga-u.ac.jp:protocol=ftp:port=21: - pam:protocol=pam: - rad:protocol=radius: --*If protocol=pam is defined, you must setup [/etc/pam.conf] or [/etc/pam.d/opengate]. -Opengate checks auth and account. -
-opengate auth required pam_radius.so -opengate account required pam_permit.so --Following is an example of /etc/pam.d/opengate -
-auth required pam_radius.so -account required pam_permit.so --
-*If protocol=radius is defined, you must setup [/etc/radius.conf]. -Following is an example of radius.conf. - -
-auth radius1.foo.bar "password1" 5 6 -auth radius2.foo.bar "password2" 5 6 -- -
-
- topindex.html : first html which describe the auto-jump to Authentication page. - index.html : Authentication page - deny.html : page sent at authentication denyed. - accept.html,accept2.html : pages sent at authntication accepted. - Don't remove mark "**OpengateAppletHere**", where - Java Applet description is inserted. - %%HOSTADDR%% is replaced with address at installation. - %%OPENGATEDIR%% is replaced with install directory. --
-If USEFWSCRIPT=0, CGI execs ipfw command directly. In this case, the -all packets from/to the authenticated client is allowed. If 1, perl -script controls the ipfw command. By editting opengatefw.pl, flexible -control can be done. Be care to maintain it simple for better -performance and security. The script runs under exclusive mode. -Insertion of time comsuming logics may result in less performance. -
-If you want to control firewall state with some user property in a -database, edit the skeleton routine comm-userdb.c to send property to this script. -
-
-HOSTADDR = IP address of gateway interfaced to client network. -HTMLTOP1 = Web top directory -HTMLTOP2 = Web top directort (for SSL) -OPENGATEDIR = Opengate install directory (from Web top) -CGIPATH = CGI directory -CGIPROG = CGi program name -CONFIGFILE = Configuration file name -USEFWSCRIPT= Enable(1) or disable(0) Perl script to control firewall open -FWSCRIPT = Firewall control Perl script name -FWSCRIPTPATH = Perl script path -LOCKFILE= Lock file for exclusive execution -HTMLDOCS= HTML files listing -DENYDOC = HTML file sent at denying -ACCEPTDOC = HTML file sent at accepting -HTMLLANGS= Languages of HTML files -ARPPATH= Path to arp command -IPFWPATH= Path to ipfw command --
-
- DEBUG : If set to 1, function call trace log is put out to syslog. - - DURATIONDEFAULT : Default time duration to wait for Java Applet connect.(second) - If no connection in the duration, the network is closed. - The duration can be changed in auth page by the user. - - DURATIONMAX : Maximum duration to wait for Java Applet connect. (second) - Under this value, the Applet waiting duration (= duration of - network open without Java Applet) can be specified by the user - on the authentication page. - If user specified duration is not agreeable, set it the same - value as DURATIONDEFAULT and remove the field in auth page. - - ACTIVECHECKINTERVAL : Time interval of checking the terminal.(second) - In no java mode, check by MAC address and packet count for the - terminal's IP address. - In java mode, check by HELLO exchange and packet count. - - COMMWAITTIMEOUT : Server waiting time for communication reply.(second) - - NOREPLYMAX : Permitted count of no reply to HELLO. If the client does not - send back HELLO more than NOREPLYMAX times, then the network - is closed. - - NOPACKETINTERVAL : If no packet is passed for this time interval, then - the network is closed.(second) - - LOCKTIMEOUT : Maximum locking time for exclusive ipfw action.(second) - - IPFWMIN : Minimum ipfw rule number used by opengate. - IPFWMAX : Maximum ipfw rule number used by opengate. - IPFWINTERVAL : Rule number interval used by opengate. - The maximum terminals/processes can be controled by these value. - - PORTMIN : minimum port value used by opengate. - PORTMAX : maximum port value used by opengate. - Set unused port range. - - FACILITY : syslog facility - - PAMSERVICENAME : default service name at PAM. - RADIUSCONF : default path to radius.conf. - --
-
-
-
-
-cd /usr/src/sys/i386/conf -cp GENERIC MYKERNEL -edit MYKERNEL -@Ì3sðÇÁ·éB - options IPFIREWALL - options IPFIREWALL_FORWARD - options IPDIVERT - -config MYKERNEL -cd ../compile/MYKERNEL -make depend -make -make install -- -
-kern.ipc.somaxconn - @ó¯t¯éTCPÚ±ÌÅålidefault=128jBp[ÉTCPÚ±ªÛ³ê - éÌÅA[Éä×Ä\ªÉå«·éKvª éB - -kern.ipc.nmbclusters -@mbufi1cluster2KBjÌÅåBóMobt@TCY(default=32KB)xÚ± -@ªªKvB"netstat -m"ÅpóµmFÂ\B -- -±êçÌÝèÏXÍȺÅs¤BȺÌáÅÍmbufÌæÍ128MBÆÈéBKvÈ -eÊÉàÓð·é±ÆB -
-@/etc/sysctl.conf ÉȺðÇÁ -@@kern.ipc.somaxconn=4096 -@@kern.ipc.nmbclusters=65536 -- -
- K{FApacheAipfw - CÓFNATDADHCPASSLAperlÈÇ -- - Ó[CXg[Ì`FbNðs¢Ae\tgÌ®ìÉKn·é±ÆB -±êçÌ\tgÌ®ª\ªc¬³êĢȢÆãÌfobOªêJ·éB -
-
-gateway_enable="YES" <==NATDpsv -firewall_enable="YES" -firewall_type="simple" -natd_enable="YES" <==NATDp -natd_interface="fxp0" <==@hA¼OÍC^[tF[XÉí¹é±ÆB -- -
-/etc/rc.firewallÝèá
rc.firewallÅ[simple]É}b`·é[ÍA
-ªUµÄ¶Ý·éBÀÛÌÝèÍAuipfw listvR}hÅmF·é±ÆB
-ºÌTvÍzIÈÝè𦵽àÌÅÍÈ¢BWÌrc.firewallðQ
-lɵÄKØÉÒW·é±ÆB
-
-
-
-[Ss][Ii][Mm][Pp][Ll][Ee]) - # set these to your outside interface network and netmask and ip - oif="fxp0" - onet="133.49.20.0" - omask="255.255.252.0" - oip="133.49.22.5" - - # set these to your inside interface network and netmask and ip - iif="fxp1" - inet="192.168.0.0" - imask="255.255.255.0" - iip="192.168.0.1" - - # divert packet to NATD ################################ - $fwcmd add 1 divert natd ip from any to any via ${oif} - - # Stop spoofing - $fwcmd add deny all from ${inet}:${imask} to any in via ${oif} - $fwcmd add deny all from ${onet}:${omask} to any in via ${iif} - - # Allow from / to myself - $fwcmd add pass all from ${iip} to any via ${iif} - $fwcmd add pass all from ${oip} to any via ${oif} - $fwcmd add pass all from any to ${iip} via ${iif} - $fwcmd add pass all from any to ${oip} via ${oif} - - # Allow DNS queries out in the world - # (if DNS is on localhost, delete pass DNS) - $fwcmd add pass udp from any 53 to any - $fwcmd add pass udp from any to any 53 - - # Forwarding http connection from unauth client ############### - $fwcmd add 60000 fwd localhost tcp from ${inet}:${imask} to any http - $fwcmd add 60010 fwd localhost tcp from ${inet}:${imask} to any https - - # Allow TCP through if setup succeeded ######################## - $fwcmd add 60100 pass tcp from any to any established -- -ÝèãÌÓ -
-ãÌÝè𲫾µ½OpengateêpÌXNvgðconf/opengatefw.confÉ -pÓµ½B±êðÒWµÄp·é±ÆàÂ\Å éB -
-
- ipfw add 10000 allow ip from xx.xx.xx.xx to any <===MJú - ipfw add 10000 allow ip from any to xx.xx.xx.xx <===óMJú - - ipfw del 10000 <===½ --ipfwR}hÉÍ\ªÉ¸Ê·é±ÆB -OpengateÍAãLÌæ¤ÈR}hÌsðs¤\tgÅ éB -
-
-order deny,allow -deny from all -allow from 133.49.0.0/255.255.0.0 (ExampleFAhXÍÏXv) -allow from 192.168.0.0/255.255.0.0 -- -CGIÒðLøÉ -
-#ScriptAlias /cgi-bin/ "/usr/local/www/cgi-bin/" -« -ScriptAlias /cgi-bin/ "/usr/local/www/cgi-bin/" -- -FileNotFoundÉtopy[WÖ -
-#ErrorDocument 404 /missing.html -« -ErrorDocument 404 /index.html -- -
-local1.* /var/log/opengate.log - ª ±±ÍTABÅæØé±ÆB -- -
-touch /var/log/opengate.log --
- tar zxvf opengatexxx.tar.gz -@ixxxÍo[Wð¦·BÅVÌàÌðp·é±Æj --ȺÌfBNgªoéÌÅAàeðmF·éB -±±ÅÝèðÏX·é±ÆàÅ«éªCXg[ãÅàÇ¢B - -
- doc: eí¶ - conf: configuration file sample, firewall control perl script sample - javahtml: NCAg javaÆhtmlt@C - opengatesrv: T[o CGIvO -- -
- javac Opengate.java - jar cvf Opengate.jar *.class -- -
- opengatesrvÉÚ®·éB -@@opengatesrvºÌMakefileÆopengatesrv.hÌàeðmFµA - fBNg,AhXÝèðÝuÂ«É í¹ÄÏX·éiÚ×ͺLjB - ÆÉHOSTADDRÍACXg[}VÌ[¤C^[tF[XÉ - í¹é±ÆðYêÈ¢±ÆB - make@RpC·éB -@@su@@[gÉÈéB -@@make install@CXg[·éB -- -
-ID:address=hostname|hostaddr:[port=portno:]protocol=ftp|pop3|pop3s: -ID:protocol=radius:[conffile=filepath:] -ID:protocol=pam:[servicename=name:] --eÚÍȺðÓ¡·éB - -
-IDFFØT[o̯ÊqBCÓ·¶ñÅ·ªÖ«ðl¦éÆA1`3¶öxªK¾ë¤B -address: FØT[oÌIPaddressܽÍhC¼B¼OðªÅ«È¢Æ«ÍA - IPaddressÅ·±ÆB -port: FØNGXgðéæÌ|[gÔBȪÍ/etc/serviceso^|[gÔB -protocol: FØÉp¢évgRB - »ÝApop3,ftp,pop3s,pam,radiusðT|[gB -conffile:RADIUSÉÝèfile ÌpXðwèB - Ȫ·éÆu/etc/radius.confvB -servicename:PAMÉservicenameðwèB/etc/pam.confɨ¯é¯ÊqÅ éB - Ȫ·éÆuopengatevB -- -ȺÍopengatesrv.confÌáB -
-±ÌáÅÍAAhXxx.xx.xx.xxÖÌftpªÂ\©Û©ÅFØðs¤BÅÍA±Ìæ¤È -PÈÝèÅOpengateÌ®ìðmF·é±ÆB -
-default:tc=as -as:address=xx.xx.xx.xx:protocol=ftp: -@iAhXxx.xx.xx.xxÖÌFTPANZXðOàÁÄmF̱Æj -- -
-±ÌáÅÍA4ÂÌFØT[oªÝè³êĨèA -csðdefaultƵĢéB -pÒª[UIDÌtB[hÉ[userID]ÌÝðüÍ·éÆdefaultÌucsvT[oÉFØÉsB -[userID@cc]Ì`®ÅüÍ·éÆAuccvÅwè³ê½FØT[oÖFØðñ·B[userID@pam] ÆüêéÆupamvwèT[oÖA[userID@rad]ÆüêéÆuradvwèÌT[oÖñ·B - -
-default:tc=cs -cs:address=noah.cs.is.saga-u.ac.jp:protocol=pop3: -cc:address=himiko.cc.saga-u.ac.jp:protocol=ftp:port=21: -pam:protocol=pam: -rad:protocol=radius: --protocol=pamªÝè³êÄ¢éÆ«ÍA/etc/pam.confܽÍ/etc/pam.d/opengate -ðÝè·éKvª éB -opengateÍauthÆaccountÌ`FbNðs¤B -accountðpµÈ¢ÍApermitðwè·é±ÆB -
-opengate auth required pam_radius.so -opengate account required pam_permit.so --ȺÍA/etc/pam.d/opengateÌÝèá -
-auth required pam_radius.so -account required pam_permit.so --
-protocol=radiusªÝè³êÄ¢éÆ«ÍA/etc/radius.confðÝè·éKvª éB -ȺÍradius.confÌÝèáB - -
-auth radius1.somewhere.com "password1" 5 6 -auth radius2.somewhere.com "password2" 5 6 -- -
-1)[ÌuEU©çOURLÖANZX·é
-2)FØy[Wª\¦³ê½çA[UIDÆpX[hðüÍ·éB
-3)Ây[Wª\¦³ê½çAOURLÖANZX·é
-4)Oy[Wª\¦³ê½çAuEUðI¹·éB
-5)ÄxAuEUðN®µÄAOURLÖANZX·é
-6)FØy[Wª\¦³ê½çAî{CXg[ª®¹B
-
-G[
-At 2) OpengateT[oÌURLðwèµÄANZX·éB
-¬÷Èçipfw fwd ruleð^¤B¸sÈçwww/datafBNgÌÝèð^¤B
-At 3) FØT[oANZXðR}hCÅ·(eg. ftp xx.xx.xx.xx)B
-¬÷Èçopengatesrv.confð^¤B
-¸sÈçAFØT[oÌANZX§Àâ[Uo^ð^¤
-At 4)t@CAEI[Ýèð^¤B
-At 6)¼ÌVµ¢OURLðANZX·éB
-¬÷ÈçAuEUÌLbV
øÊÅ éB
-¸sÈçAt@CAEI[ÝèðipfwÅ`FbN·é
-*æèÚ×ÈfobOLqðÊt@CÉpÓµ½B
-
- -
- ¾êÉfBNgª é(en(english),ja(japanese)ÈÇ) - »ÌÌHTMLðÏXB -@@topindex.htmliÅÉçêéæÊBFØüÍÖ©®JUMP) -@@index.htmliFØüÍæÊj -@@deny.htmliFØÛÌæÊj -@@accept.html,accept2.htmliFØÂÌæÊj - ±êçÍAKvɶÄàeÌÏXðs¤±ÆB - accept.htmlÌ"**OpengateAppletHere**"ÍíµÄÍÈçÈ¢B - ±±ÉJavaAppletª}ü³êéB - ܽ%%HOSTADDR%%ÍACXg[ÉAhXÉu«·¦çêéB - %%OPENGATEDIR%%ÍACXg[fBNgÉu«·¦çêéB -- -
- -Makefileɨ¢ÄUSEFWSCRIPTª0Å êÎACGIª¼ÚÉipfwR}hðs -·éB±ÌÆ«ÍAÂãÍSÄÌoüèpPbgªÊßÂ\ÆÈéB1Å -êÎAperlXNvgðoRµÄipfwR}hðs·éBt@CAEI[ -JúpXNvgconf/opengatefw.plð«·¦éÉæèeí§äªÂ\Å - éB½¾µAptH[}X¨æÑZL eBðÛ½ßAÂ\ÈÀèV -vÈ\¬Æ·éB±ÌXNvgÍr¼§äºÅ®¢Ä¢éBÔÌ© -©éðüêéÆptH[}XÉå«e¿·éB -
-pÒf[^x[XðpµÄt@CAEH[JúÌöxðèµ½¢êA -±ÌSCRIPTÅs¤àÂ\Å éªAÊrpÓµ½comm-userdb.cÅpropertyð -ÝèµÄ±ÌSCRIPTÉéûªAptH[}Xã©ç]ܵ¢B - -
-
-KvɶÄMakefileÉÄȺÌÚªÝèÂ\B -
-HOSTADDR = Q[gEFCÌNCAg¤IPAhX -HTMLTOP1 = HTMLt@CðufBNgÌgbv -HTMLTOP2 = HTMLt@CðufBNgÌgbv(SSL¤) -OPENGATEDIR = OpengateÖAt@CðCXg[·éfBNgAWebgbvÎ -CGIPATH = CGIðufBNg -CGIPROG = CGIvO¼ -CONFIGFILE = Ýèt@C¼ -USEFWSCRIPT= PerlXNvg§ä©Û© -FWSCRIPT = PerlXNvg¼ -FWSCRIPTPATH = PerlXNvgpX -LOCKFILE= bNt@C¼ -HTMLDOCS= HTMLt@Cê -DENYDOC = ÛÌHTMLt@C -ACCEPTDOC = ÂÌHTMLt@C -HTMLLANGS= HTMLt@CƵÄõµ½¾êêAŪdefault -ARPPATH= arpR}hÌpX -IPFWPATH= ipfwR}hÌpX -- -
-
- DEBUG :@@@@@@ @PÉÝè·éÆfobObZ[WðOÉoÍ -@@@@@@@@@@ @ÖÔÌÄÑoµÆ»ÌÌølªoéB - - DURATIONDEFAULT : javaðÁÄ©çÚ±µÄéÜÅÌÒ¿Ô(b) - defaultlBªÈ¢Ælbg[Nð½·éB - Ò¿ÔÍFØy[WÅÏXÂ\B - - DURATIONMAX F javaªÚ±µÄÈ¢ÉÍApÒªFØy[WÅ - wèµ½pp±ÔÌÔðpÂ\Æ·éB - DURATIONMAXÍwèÂ\ÈÅål(b) - pÒÉæéwèªsvÅ êÎADURATIONDEFAULTƯêlɵÄA - FØy[W©çüÍðíé±ÆB - - ACTIVECHECKINTERVAL : [̶¶mF̽ßÌ`FbNÔu(b) - java³µÌÆ«ÍAÎIPAhXÉηéMACAhX - ¨æÑQ[gEFCÊßÌPacketÅ`FbNB - javaLèÌÆ«ÍAjavaÆÌHELLOð·¨æÑQ[gEFC - ÊßÌPacketÅ`FbNB - - COMMWAITTIMEOUT :@ @ÊMÔÜÅÌÅåÒ¿Ô(b) - - NOREPLYMAX : ãLAbZ[Wð·Å̳Ôð·ñ - - NOPACKETINTERVAL :@@úuÆ»f·éÊMpPbgÊß³µÔ(b)i½¾µA±Ì -@@@@@@@@@@@ `FbNÍAACTIVECHECKINTERVAL²ÆÉs¤ÌÅA -@@@@@@@@@@@ ÀÛÍØèã°ÄACTIVECHECKINTERVALÌ®{ÆÈéj - - LOCKTIMEOUT :@@@@ ipfwÌr¼§äÅåÒ¿ÔB - - IPFWMIN : @@@@@@OpengateÌp·éipfwÌ[ÔÍÍ - IPFWMAX :@@@@@@ ŬIPFWMIN©çÅåIPFWMAXÜÅÔuIPFWINTERVAL - IPFWINTERVAL : ²ÆÉp·éB±êðg¢«éÆ»êÈão^µÈ¢B - @@@@@@@@@@ æÁÄANCAg§ÀÉpÂ\B - - PORTMIN :@@@@@@ OpengateT[oÌp·é|[gÔÌÍÍiŬl|Åålj - PORTMAX :@@@@@ @¼ÌprÅpµÈ¢ÍÍðwèB¯p[ÈãKvB - - FACILITY :@@@@@@syslogÌoÍæ --
-
OpengateÌCXg[èðȺɦ·B½¾µA¦ÍK{Úð¦µA»êÈOÌèÍKvɶÄsȤB
- -Q[gEFC}VƵÄANICðQÈã¿AFreeBSDðCXg[·é±ÆªÂ\ÈàÌðpÓ·éB
-FreeBSD 4.x,5.x,6.x̽ê©ðCXg[·éBãÉJ[lðÄ\z·éKvª éÌÅACXg[·é -DistributionsðIð·éÛÉDeveloper(Full sorces,binaries and doc)ðIðµÈ¯êÎÈçÈ¢B
-FreeBSDðCXg[µ½ãÉAQ[gEFCƵÄÌ@\ðLøÉ·é½ßÉA/etc/rc.confÉÌÝèðLq·é -BàµÍAFreeBSDðCXg[·éÛÉAQ[gEFCƵÄÌ@\ðLøÉ·é©Û©ðâíêéÌÅA±±Å -Q[gEFCÌ@\ðLøɵÄà\íÈ¢B
- -gateway_enable="YES" |
-
OpengateÌÅVÌpbP[WðKÈfBNgÉWJ·éBpbP[WÉÍȺÌfBNgªÜÜêéB
- -
--docFeí¶ -confFÝèt@CAt@CAEH[XNvg -javahtmlFNCAgJava AppletAHTMLt@C -opengatesrvFT[oCGIvO -- |
OpengatepbP[WÉÜÜêéopengatesrvfBNgÉMakefileªpÓ³êÄ¢éB -¯fBNgɨ¢ÄAOpengateÌRpCÆCXg[ìÆðsȤªARpC -ðsȤOÉAeíÝèðsȤKv ªéBÝè̽ßÉÍAMakefileÆopengatesrv.hðÒW·éB
-Makefleɨ¢ÄAȺÌÚðÝèµÈ¯êÎÈçÈ¢B
- -opengatesrv.hɨ¢ÄAȺÌÚðÝèµÈ¯êÎÈçÈ¢B
- -ÈãÌÝèðI¦Ä©çARpCÆCXg[ðsȤB
- --#make -cc -DCONFIGFILE=\"/etc/opengatesrv.conf\" --DOPENGATEDIR=\"/opengate\" -DDENYDOC=\"deny.html\" --DDENYDOC=\"deny.html\" -DDENYDOCSSL=\"deny-ssl.html\" ------------------ ------------------ ------------------ -# make install - |
FØT[oÌÝèÉ¢ÄÍAA.3.2Å °½ACONFIGFILEÉæÁÄÝè·é±Æª -Â\Å éB
-ÝèÌÚ×É¢ÄÍAÝèt@Ciopengatesrv.confjàÉLq³êÄ¢éB
- - - - - \ No newline at end of file diff --git a/opengate/doc/ja/b.html b/opengate/doc/ja/b.html deleted file mode 100644 index 0832b5d..0000000 --- a/opengate/doc/ja/b.html +++ /dev/null @@ -1,208 +0,0 @@ - - -ipfwàµÍip6fwðp·é½ßÉÍAFreeBSDÌJ[lðÄ\z·éKvª éBFreeBSDCXg[É -J[lÌSÄÌ\[XðCXg[µÄ¢È¯êÎÈçÈ¢B
-ȺÌfBNgɨ¢ÄAOpengatepÌJ[lIvVð쬷éB
- --# cd /usr/src/sys/i386/conf -# cp GENERIC MYKERNEL - |
Rs[µ½J[lIvVÉAÌIvVðÇÁ·éB
- --options IPDIVERT - -options IPFIREWALL -options IPFIREWALL_FORWARD -options IPFIREWALL_VERBOSE -options IPFIREWALL_VERBOSE_LIMIT=100 - -options IPV6FIREWALL -options IPV6FIREWALL_VERBOSE -options IPV6FIREWALL_VERBOSE_LIMIT=100 - -options IPSEC -options IPSEC_ESP -options TCP_DROP_SYSFIN - |
IPDIVERTÉ¢ÄÍAIPv4ÌNATðp¢éêÉKvÅ éBܽAt@CAEH[Ì -OðKvƵȢêÍAVERBOSEÌÚÍsvÅ éB³çÉAIPSECðKvƵȢêÍA -IPSECÌÚÍsvÅ éB
-±êçÌIvVðÇÁµ½ãÉAJ[lÌRpCÆCXg[ðsȤB
- --# config MYKERNEL -# cd ../compile/MYKERNEL -# make depend -# make -# make install - |
FreeBSD 6.xÅÍA"make depend"ðÀs·éOÉA"make clean"ªv³êéêà éÌÅAÓ·éB
- -Ä\zµ½J[lÉæÁÄAt@CAEH[ðLøÉ·é½ßÉ/etc/rc.confÉȺÌIvVð -Lq·éB
- --firewall_enable="YES" -firewall_script="/etc/rc.firewall" - -ipv6_firewall_enable="YES" -ipv6_firewall_script="/etc/rc.firewall6" - -natd_enable="YES" -natd_interface="em0" - |
IPv4/6»ê¼êÌt@CAEH[ðLøɵA»ê¼êÌt@CAEH[Ì[ðLqµ½ -XNvgðwè·éBܽANATªKvÅ éêÍAnatdðLøɵAAhXÏ·ðs¤ -C^tF[XÌIDðwè·éB
- - - - -OpengateÌ®ì̽ßÉKØÉt@CAEH[Ì[ðLqµÈ¯êÎÈçÈ¢B -ȺÉLq·×«[Ìái/etc/rc.firewalljð¦·B
- --### set these to your outside interface network and netmask and ip -oif="em0" -onet="192.168.0.0" -omask="255.255.255.0" -oip="192.168.0.34" - -### set these to your inside interface network and netmask and ip -iif="bge0" -inet="192.168.55.0" -imask="255.255.255.0" -iip="192.168.55.1" - -fwcmd="/sbin/ipfw" - -### divert packet to NATD -$fwcmd add 1 divert natd ip from any to any via ${oif} - -### Stop spoofing -$fwcmd add deny all from ${inet}:${imask} to any in via ${oif} -$fwcmd add deny all from ${onet}:${omask} to any in via ${iif} - -### Stop http from softeather -$fwcmd add deny tcp from 192.168.0.0:255.255.255.0 to ${oip} 80 -$fwcmd add deny tcp from 192.168.0.0:255.255.255.0 to ${oip} 443 - -### Allow from / to myself -$fwcmd add pass all from ${iip} to any via ${iif} -$fwcmd add pass all from ${oip} to any via ${oif} -$fwcmd add pass all from any to ${iip} via ${iif} -$fwcmd add pass all from any to ${oip} via ${oif} - -### Allow DNS queries out in the world -### (if DNS is on localhost, delete passDNS) -$fwcmd add pass udp from any 53 to any -$fwcmd add pass udp from any to any 53 -$fwcmd add pass tcp from any to any 53 -$fwcmd add pass tcp from any 53 to any - -### Forwarding http connection from unauth client -$fwcmd add 60000 fwd localhost tcp from ${inet}:${imask} to any 80 -$fwcmd add 60010 fwd localhost tcp from ${inet}:${imask} to any 443 - -### Allow TCP through if setup succeeded -$fwcmd add 60100 pass tcp from any to any established - |
Opengateð®ì³¹éÛA[Ô60000,60010,60100ªdvÆÈéBFØy[Wð -\¦³¹é½ßÉAHTTP,HTTPSNGXgÍOpengateÌWebT[oÉ]µÈ¯êÎÈçÈ¢B -½AùÉm§³êÄ¢éTCPÚ±ÉÖµÄÍAOpengateÉæéÊMH½ãàpÂ\Æ·é½ßA -60100Ì[ðÇÁ·éB
- -ÈãA¦µ½áÍOpengateð®ì³¹é½ßÌÝèáÅ éBÀÛÉOpengateð±ü·éÛÉÍA -ipfwÌ®ìðnmµ½ãAeílbg[NÉKµ½t@CAEH[ðÝu·é±Æª]ܵ¢B
- - - - -OpengateÌ®ì̽ßÉKØÉt@CAEH[Ì[ðLqµÈ¯êÎÈçÈ¢B -ȺÉLq·×«[Ìái/etc/rc.firewall6jð¦·B
- --### set these to your outside interface network and prefixlen and ip -oif="em0" -onet="2001:e38:3661:1a0::" -oprefixlen="64" -oip="2001:e38:3661:1a0::34" - -### set these to your inside interface network and prefixlen and ip -iif="bge0" -inet="2001:e38:3661:1a5::" -iprefixlen="64" -iip="2001:e38:3661:1a5::1" - -### path to command "ip6fw" -fw6cmd="/sbin/ip6fw" - -${fw6cmd} add pass all from ${iip} to any -${fw6cmd} add pass all from any to ${iip} -${fw6cmd} add pass all from ${oip} to any -${fw6cmd} add pass all from any to ${oip} - -### Allow RA RS NS NA Redirect... -${fw6cmd} add pass ipv6-icmp from any to any - -# Allow IP fragments to pass through -${fw6cmd} add pass all from any to any frag - -# Allow RIPng -${fw6cmd} add pass udp from fe80::/10 521 to ff02::9 521 -${fw6cmd} add pass udp from fe80::/10 521 to fe80::/10 521 - -### Allow TCP through if setup succeeded -${fw6cmd} add 60100 pass tcp from any to any established - -# TCP reset notice message -${fw6cmd} add 60200 reset tcp from any to any 80 -${fw6cmd} add 60300 reset tcp from any to any 443 - |
ip6fwÍAipfwÆÍÙÈè]ðs¤±ÆªÅ«È¢B»±ÅAOpengateÅÍ -IPv6ÌHTTPNGXgª^CAEgµAIPv4ÌHTTPNGXgð]µAFØ -ðs¤dgÝðÆÁÄ¢éB½¾µAFreeBSD 5.2È~ÅÍAip6fwÅTCP resetª -À³êĨèAIPv6 TCPpPbgÉεÄBs\bZ[WðÔ·±ÆªÂ\Å - éB[Ô60200,60300Ìæ¤ÉATCP resetðp·é±ÆÉæÁÄAIPv6 HTTP -NGXgª^CAEg·éÜÅÌÔðÒÂKvªÈÈéB
- -ܽAIPv6ÅÍDHCPÌÖíèÉRAÉæÁÄIPv6AhX𩮶¬µAoHîñ -Êmf[ÈÇAICMPâ»Ì¼ÌvgR̵¢ÉCð¯ȯêÎÈçÈ¢B -ipfwƯlÉAip6fwÉ¢Äà®ìðnmµ½ãÅAeílbg[NÉKµ½ -t@CAEH[ðÝu·é±Æª]ܵ¢B
- - - - - \ No newline at end of file diff --git a/opengate/doc/ja/c.html b/opengate/doc/ja/c.html deleted file mode 100644 index a2221a7..0000000 --- a/opengate/doc/ja/c.html +++ /dev/null @@ -1,251 +0,0 @@ - - -OpengateÅÍAIPv6ðT|[gµ½Apache2ªK{Å éBܽAFØðs¤±Æ©ç -SSLðT|[g·é±Æª]ܵ¢BApache2ÍWÅSSLðT|[gµÄ¢éÌÅAmod_ssl -ðÊrCXg[·éKvÍÈ¢B
-ȺÉAportsðpµÄCXg[·éèðȺÉL·B
- --# cd /usr/ports/www/apache2 -# make clean -===> Cleaning for autoconf-2.53_1 -===> Cleaning for libtool-1.3.5_1 -===> Cleaning for m4-1.4_1 -===> Cleaning for help2man-1.29 -===> Cleaning for expat-1.95.6_1 -===> Cleaning for apache-2.0.48_3 -# make install clean ; rehash - |
CXg[ìƪ®¹µ½ãAApache2ÌN®ÆSSLðLøÉ·é½ßÉA -ȺÌÚð/etc/rc.confÉLq·éB
- --apache2_enable="YES" -apache2ssl_enable="YES" - |
Apache2ð\[X©çCXg[·éèðȺÉL·B
-Apache2Ì\[XÍAftp.apache.or.jp©çæ¾·é±ÆªÂ\Å éBܽA -Apache2ðRpC·éÛÉASSLW [ðLøÉ·éKvª éBܽA -\[X©çCXg[µ½ÛÍAWÅ/usr/local/apache2fBNgȺÉCXg[³êéB
- --# tar xvfz httpd-2.0.55.tar.gz -# cd httpd-2.0.55 -# ./configure --enable-modules="so ssl" -# make -# make install - |
Apache2ÅASSLðp·é½ßÉ駮ÆؾðpÓ·éKvª éB³KÌFØÇ©ç -s³ê½Ø¾ðpÓ·é±Æª]ܵ¢ªA©È¼ðsÁ½Ø¾Æ駮Åà\ªÉ -ZL eBðmÛ·é±ÆªÂ\Å éB
- -OpengateÅÍAñÂÌFQDNðp·é±Æ©çA»ê¼êÌFQDNÉηéØ¾Æ -駮ªKvÆÈéBȺÉA駮Æؾð쬷éèð¦·B
- --# cd /usr/local/etc/apache2 -# mkdir ssl.key ssl.crt -# chmod 700 ssl.key ssl.crt - -# /usr/bin/openssl genrsa -out /usr/local/etc/apache2/ssl.key/server1.key 1024 -# /usr/bin/openssl genrsa -out /usr/local/etc/apache2/ssl.key/server2.key 1024 - |
ãLɨ¢Ä쬵½é§®ðp¢Ä¼µ½Ø¾ð쬷éB
- --# /usr/bin/openssl req -new -x509 -days 365 \ - -key /usr/local/etc/apache2/ssl.key/server1.key \ - -out /usr/local/etc/apache2/ssl.crt/server1.crt - -You are about to be asked to enter information that will be incorporated -into your certificate request. -What you are about to enter is what is called a Distinguished Name or a DN. -There are quite a few fields but you can leave some blank -For some fields there will be a default value, -If you enter '.', the field will be left blank. ------ -Country Name (2 letter code) [AU]:JP -State or Province Name (full name) [Some-State]:Saga -Locality Name (eg, city) []:Saga-city -Organization Name (eg, company) [Internet Widgits Pty Ltd]:Saga-university -Organizational Unit Name (eg, subsection) []:Information Science -Common Name (eg, YOUR name) []:opengate.is.saga-u.ac.jp -Email Address []:administrator@opengate.is.saga-u.ac.jp - -Please enter the following 'extra' attributes -to be sent with your certificate request -A challenge password []: -An optional company name []: - -# /usr/bin/openssl req -new -x509 -days 365 \ - -key /usr/local/etc/apache2/ssl.key/server2.key \ - -out /usr/local/etc/apache2/ssl.crt/server2.crt - -You are about to be asked to enter information that will be incorporated -into your certificate request. -What you are about to enter is what is called a Distinguished Name or a DN. -There are quite a few fields but you can leave some blank -For some fields there will be a default value, -If you enter '.', the field will be left blank. ------ -Country Name (2 letter code) [AU]:JP -State or Province Name (full name) [Some-State]:Saga -Locality Name (eg, city) []:Saga-city -Organization Name (eg, company) [Internet Widgits Pty Ltd]:Saga-university -Organizational Unit Name (eg, subsection) []:Information Science -Common Name (eg, YOUR name) []:opengate4.is.saga-u.ac.jp -Email Address []:administrator@opengate.is.saga-u.ac.jp - -Please enter the following 'extra' attributes -to be sent with your certificate request -A challenge password []: -An optional company name []: - |
OpengateÅÍAñÂÌFQDNðp¢éB±êæèAApache2ÅÍñÂÌFQDNÉηé½ßÉ -o[`zXgÌÝèðs¤Kvª éB
-Apache2Ìo[`zXgÉÍAIPx[XÌo[`zXgÆAl[x[XÌo[` -zXgÌñíÞª éBµ©µAl[x[XÌo[`zXgðp¢½êAæqµ½ -o[`zXgÉ¢ĵ©SSLðs¤±ÆªÅ«È¢B
-OpengateÍAñÂÈãÌNICðµAñÂÈãÌIPAhXðµÄ¢éÌ͸ÈÌÅA -IPx[XÌo[`zXgªKpÂ\Å éB
- -ȺÉAIPx[XÌo[`zXgðKpµ½êÌÝèá -i/usr/local/etc/httpd.conf,ssl.confj
- -httpd.conf |
-NameVirtualHost 192.168.55.1:80 -<VirtualHost 192.168.55.1:80> - ServerAdmin administrator@opengate.is.saga-u.ac.jp - DocumentRoot /usr/local/www - ServerName opengate.is.saga-u.ac.jp - ErrorLog "|/usr/bin/logger -p local6.info" - CustomLog "|/usr/bin/logger -p local5.info" combined -</VirtualHost> - -NameVirtualHost [2001:e38:3661:1a5::1]:80 -<VirtualHost [2001:e38:3661:1a5::1]:80> - ServerAdmin administrator@opengate.is.saga-u.ac.jp - DocumentRoot /usr/local/www - ServerName opengate.is.saga-u.ac.jp - ErrorLog "|/usr/bin/logger -p local6.info" - CustomLog "|/usr/bin/logger -p local5.info" combined -</VirtualHost> - -NameVirtualHost 192.168.0.34:80 -<VirtualHost 192.168.0.34:80> - ServerAdmin administrator@opengate.is.saga-u.ac.jp - DocumentRoot /usr/local/www - ServerName opengate4.is.saga-u.ac.jp - ErrorLog "|/usr/bin/logger -p local6.info" - CustomLog "|/usr/bin/logger -p local5.info" combined -</VirtualHost> - |
ssl.conf |
-NameVirtualHost 192.168.55.1:443 -<VirtualHost 192.168.55.1:443> - DocumentRoot "/usr/local/www" - ServerName opengate.is.saga-u.ac.jp:443 - ServerAdmin administrator@opengate.is.saga-u.ac.jp - ErrorLog "|/usr/bin/logger -p local6.info" - CustomLog "|/usr/bin/logger -p local5.info" combined - - SSLEngine on - SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL - SSLCertificateFile /usr/local/etc/apache2/ssl.crt/server1.crt - SSLCertificateKeyFile /usr/local/etc/apache2/ssl.key/server1.key -</VirtualHost> - -NameVirtualHost [2001:e38:3661:1a5::1]:443 -<VirtualHost [2001:e38:3661:1a5::1]:443> - DocumentRoot "/usr/local/www" - ServerName opengate.is.saga-u.ac.jp:443 - ServerAdmin administrator@opengate.is.saga-u.ac.jp - ErrorLog "|/usr/bin/logger -p local6.info" - CustomLog "|/usr/bin/logger -p local5.info" combined - - SSLEngine on - SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL - SSLCertificateFile /usr/local/etc/apache2/ssl.crt/server1.crt - SSLCertificateKeyFile /usr/local/etc/apache2/ssl.key/server1.key -</VirtualHost> - -NameVirtualHost 192.168.0.34:443 -<VirtualHost 192.168.0.34:443> - DocumentRoot "/usr/local/www" - ServerName opengate4.is.saga-u.ac.jp:443 - ServerAdmin administrator@opengate.is.saga-u.ac.jp - ErrorLog "|/usr/bin/logger -p local6.info" - CustomLog "|/usr/bin/logger -p local5.info" combined - - SSLEngine on - SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL - SSLCertificateFile /usr/local/etc/apache2/ssl.crt/server2.crt - SSLCertificateKeyFile /usr/local/etc/apache2/ssl.key/server2.key -</VirtualHost> - |
ãLÌÝèáÍAo[`zXgÌÝè̽ßÌfBNeBuÌÝLqµÄ¢éB -±Ì¼Éà½ÌÚðÝèµÈ¯êÎÈçÈ¢ÌÅAApache2ÌÝèðnmµ½ãÅ -Ýè·é±Æª]ܵ¢B
- - - - -OpengateÅÍApÒ[©çM³êÄéHTTPNGXgðAOpengateªÂ -WebT[oÉ]·é±ÆÉæÁÄAFØy[WðñµÄ¢éB±Ì½ßApÒ[ -©çM³êÄéHTTPNGXgÍ\ú·é±ÆªÅ«È¢BæÁÄAÇÌæ¤È -HTTPNGXgÉεÄàAFØy[WðÔ·½ßÉA/usr/local/etc/httpd.confÉ -HTTP_ERROR 404ª¶µ½êÉADocumentRootðÔ·æ¤ÉÝè·éB
- --ErrorDocument 404 / - |
Opengateð±ü·élbg[NÅÍApÒ[ªpÉÉüêÖíé±Æª\ªÅ«éB -»±ÅAlXÈpÒ[Éεĩ®IÉIPv4AhXðèÄé±ÆªÅ«éDHCPT[oð -±ü·é±Æª]ܵ¢B
-ȺÉisc-dhcp3ÌCXg[èðL·B
- --# cd /usr/ports/net/isc-dhcp3-server -# make -===> Cleaning for isc-dhcp3-server-3.0.1.r14_3 -# make install clean ; rehash - |
CXg[ìƪ®¹·éÆA/usr/local/etcȺÉdhcpd.conf.sampleª¶¬³êÄ¢éB -¯fBNgÉdhcpd.confƵÄRs[µAdhcpdpÌÝèt@Cð쬷éB
-ȺÉAÝèáð¦·B
- --option domain-name "ai.is.saga-u.ac.jp"; -option domain-name-servers 192.168.0.2; -option subnet-mask 255.255.255.0; -option broadcast-address 192.168.55.255; -option routers 192.168.55.1; - -default-lease-time 600; -max-lease-time 7200; -ddns-update-style none; -log-facility local7; - -subnet 192.168.55.0 netmask 255.255.255.0 { - range 192.168.55.100 192.168.55.200; -} - |
ܽAdhcpdð©®N®·é½ßÉA/etc/rc.confÉȺÌÚðLq·éB
- --dhcpd_enable="YES" -dhcpd_ifaces="bge0" -dhcpd_conf="/usr/local/etc/dhcpd.conf" - |
dhcpd_ifacesÉ¢ÄÍAdhcpðM·éC^tF[XIDðLq·éB
- - - - - \ No newline at end of file diff --git a/opengate/doc/ja/e.html b/opengate/doc/ja/e.html deleted file mode 100644 index 784daf5..0000000 --- a/opengate/doc/ja/e.html +++ /dev/null @@ -1,244 +0,0 @@ - - -Opengate̽ßÉñÂÌFQDNðpӵȯêÎÈçÈ¢Bù¶ÌDNSÉOpengatepÌ -FQDNðo^·é±ÆÅàðÅ«éBµ©µANATÈÇðp¢ÄAhXÏ·ðs¤êð -l¦éÆAvCx[glbg[NÌAhXðOÌDNSÉo^·é±ÆÍ]ܵȢB -»±ÅAOpengatepÌ}VÉDNSð±ü·é±Æàl¦çêéB
-ȺÉABIDN9ðCXg[·éèðL·B
- --# cd /usr/ports/dns/bind9/ -# make clean -===> Cleaning for bind9-9.3.1 -# make install clean ; rehash - |
CXg[ª®¹·éÆA/etc/namedb(/var/named/etc/namaedb)ȺÌfBNgÉ -eíÝèt@Cª¶¬³êéB
- - - - -BIND9ÅÍAZL eBðmÛ·é½ßÉFØL[ðÝèµArndcR}hðp¢Änamedð§ä·éB
-»±ÅAܸFØL[Ìì¬ðs¤BFØ@[Ìì¬èðȺɦ·B
- --# /usr/local/sbin/dnssec-keygen -a hmac-md5 -b 512 -n user rndc - |
ÈãÌìÆɨ¢ÄA"out of entropy"Æ¢¤G[ª¶·éêÍAÌû@Å -FØL[ð쬷éB
- --# /usr/local/sbin/dnssec-keygen -r /dev/urandom -a hmac-md5 -b 512 -n user rndc - |
FØL[Ìì¬É¬÷·éÆAÌñÂÌt@Cª¶¬³êéB½¾µAt@C¼É -ÜÜêéÍ_ɶ¬³êéB
- -Krndc.+157+60849.key
Krndc.+157+60849.private
BIND9ÌCXg[ãÉA/usr/local/etc/rndc.conf.sampleÆ¢¤t@Cª¶¬³êÄ¢éB -±Ìt@CðRs[µÄA/usr/local/etc/rndc.confð쬷éB
-»µÄArndc.confÌkeyfBNeBuðÒW·éBkeyfBNeBuÅÍAFØL[Ì -ASYƶ¬µ½FØL[ðwèµÈ¯êÎÈçÈ¢BFØL[ÍsecretÌÚÉwè·éB -ܽAFØL[ƤÉ쬵½
Krndc.+157+60849.privateÌkeyÚÉ\¦³êÄ -¢éàÌðwè·éB - -
-options { - default-server localhost; - default-key "key"; -}; - -server localhost { - key "key"; -}; - -key "key" { - algorithm hmac-md5; - secret "..."; -}; - |
¡ñÌDNST[oÍAOpengateð±ü·élbg[NÌÝÉT[rXðs¤àÌÅ éBµ©µA -Ýèt@CÌp[~bVÉ\ªÓµAFØL[Ìt@CÍT[oãÉÛ¶¹¸ÉA -íàµÍvgAEgµÄµdÉÛ¶·é±Æª]ܵ¢B
- - - - -namedÌåÈ®ìð§ä·é½ßÌÝèt@C/etc/namedb/named.confÌÝèðs¤B
-ܸAFØL[ÌÝè̽ßÉkeyfBNeBuÌÝèªKvÅ éBOqµ½rndc.confÌ -keyfBNeBuƯlÌÝèðµÈ¯êÎÈçÈ¢B
- --key "rndc_key" { - algorithm hmac-md5; - secret "..."; -}; - -controls { - inet ::1 allow { - ::1; - } - keys { - "rndc_key"; - }; - inet 127.0.0.1 allow { - 127.0.0.1; - } - keys { - "rndc_key"; - }; -}; - |
ܽAkeyfBNeBuÉ¢ÄÍÊt@CÉLqµAnamed.confÅinclude -·é±Æª]ܵ¢BÊt@CÉLq·éêÍAp[~bVÌÝèæÁijçÉ -ZL eBðßé±ÆªÂ\ÆÈéB
-ÉAoptionsfBNeBuÌÝèðs¤B
- --options { - directory "/etc/namedb"; - pid-file "/var/run/named/named.pid"; - auth-nxdomain yes; - listen-on-v6 { any; }; -}; - |
named.pidt@CðufBNgÍKÉ쬷éKvª éB
- - - - -OpengateÅÇ·éhCÉ¢ÄÝèðs¤BehCÍnamed.confÌzonefBNeBuÉ -æÁÄdzêéBܽABIND9ÅÍviewÆ¢¤fBNeBuªÀ³êĨèA±ÌqfBNeBuÉ -zoneƵÄÝè·é±ÆÉæÁÄADNSâ¢í¹³ÌIPAhXâhCÉæÁÄÔ·ézoneð -ÏX·é±ÆªÂ\ÆÈéB
- --view "og" { - match-clients - { - 10.0.0.0/16; - }; - - recursion yes; - - zone "." { - type hint; - file "named.root"; - }; - - zone "og.saga-u.ac.jp" { - type master; - file "og.saga-u.ac.jp"; - }; - - zone "0.0.127.IN-ADDR.ARPA" { - type master; - file "master/localhost.rev"; - }; - - // RFC 3152 - zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.\ - 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA" { - type master; - file "master/localhost-v6.rev"; - }; - - // RFC 1886 -- deprecated - zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.\ - 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.INT" { - type master; - file "master/localhost-v6.rev"; - }; -}; - |
ÈãÌÝèɨ¢ÄA"og.saga-u.ac.jp"Æ¢¤zoneðÝèµ½B±ÌÝèɨ¢ÄA -hC"og.saga-u.ac.jp"É®·ézXgðÝèµ½og.saga-u.ac.jpÆ¢¤t@Cð -ÇÝÞæ¤ÉÝèµÄ¢éB»±ÅAog.saga-u.ac.jpÆ¢¤AÌæ¤Èt@Cð -pÓ·éB
- --$TTL 3600 -$ORIGIN og.saga-u.ac.jp. - -@ IN SOA ns.og.saga-u.ac.jp. postmaster ( - 2005051702 ; - 3600 - 1200 - 2419200 - 86400 ) - IN NS ns.og.saga-u.ac.jp. - IN A 10.0.0.2 - IN MX 10 opengate.og.saga-u.ac.jp. - -ns IN A 10.0.0.2 - -opengate IN A 10.0.0.2 - AAAA 2001:2f8:10:1::1 - -opengate4 IN A 133.49.1.2 - |
ÈãASÄÌÝ誮¹µ½ãÉAN®mFðs¤B
- --# /usr/local/sbin/named/ -u bind -c /etc/namedb/named.conf - |
ÈãðÀsµAâèÈnamedªN®µÄ¢êά÷Å éBN®mFÅâèªÈ¯êÎA -/etc/rc.confÉȺÌÚðLqµA©®N®·éæ¤ÉÝè·éB
- --named_enable="YES" -named_program="/usr/local/sbin/named" -named_flags="-u bind -c /etc/namedb/named.conf" - |
DNST[oÍǪ¡GÅ é½ßA±Ì¼Ì¿àQlɵA}j Að -nǵ½ãÅÝè·é±Æª]ܵ¢B
- - - - - \ No newline at end of file diff --git a/opengate/doc/ja/f.html b/opengate/doc/ja/f.html deleted file mode 100644 index 83ca3cc..0000000 --- a/opengate/doc/ja/f.html +++ /dev/null @@ -1,285 +0,0 @@ - - -Opengate ÌpóµðÄ·é½ßÉAMRTGðp¢é±ÆªÂ\Å éBpóµÌÄðsÈíÈ¢êÍA -MRTGÌCXg[ÍsvÅ éB
- -MRTG(Multi Router Traffic Grapher)ÆÍA{lbg[NÌ×ðÄ·éc[Å éB -SNMPG[WFgæègtBbNÌlðæ¾µAOtBbNC[WðÜÞHTMLy[W𶬷éB -Ú×
- -MRTGðp¢ÄAOpengateÌpóµðÄ·éÉ ½ÁÄÍAOpengateð±üµ½Q[gEFCɨ¢Ä -MRTGðCXg[µÄà\íÈ¢ªAÄpÌÊÌT[oÉCXg[µÄà\íÈ¢BܽA -OpengateðªUzu·éæ¤ÉÝv³êÄ¢é½ßA¡ÌOpengateðÇ·éÉ ½ÁÄÍÄpÌT[oÉ -¨¢ÄMRTGðCXg[·é±Æð§·éB
- -ȺÉAMRTGðportsðp¢ÄCXg[·éèð¦·B
- --# cd /usr/ports/net-mgmt/mrtg/ -# make clean -===> Cleaning for mrtg-2.12.2,1 -# make install clean ; rehash - |
MRTGÌCXg[ª®¹·éÆA/usr/local/etc/mrtg/ȺÉÝèt@CªpÓ³êÄ¢éB -¯fBNgÉAopengate.cfgƵÄV½ÉÝèt@CðpÓ·éB
- --################################################## -# opengate user counter - -WorkDir: /usr/home/user/public_html/mrtg/opengate/ -Language: euc-jp - -##### IvV -# growright: X²Ì´_ð¶É integer: ®\¦ info: 3,4ÔÚÌoÍÌñ\¦ -# gauge: »ÝÌl=üÍl-OñÌüÍlðµÈ¢ nopercent: p[Zgñ\¦ -Options[^]: growright,gauge,nopercent,integer - -Target[opengate]:`/usr/home/user/bin/input.sh` -Title[opengate]: Opengate user counter - -PageTop[opengate]: <h1>Opengate user counter</h1> - <p>Opengate12 ðpµÄ¢élð\¦µÄ¢Ü·B</p> - -# lÌãÀ -MaxBytes[opengate]: 200 -# eOtɨ¢ÄAOtÌãÀðlÌÅålÅÈlÌãÀÉ·é -#Unscaled[opengate]: ymwd - -# OtÌY²ÉÂ^Cg -YLegend[opengate]: Opengate User -# lÌPÊ -ShortLegend[opengate]: l -# lÌ^Cg LegendI: 1ÔÚ LegendO: 2ÔÚ -LegendI[opengate]: IPv6 Users -LegendO[opengate]: Total Users - |
WorkDirÉwèµ½fBNgð쬷éB¯fBNgÉAMRTGªeíHTMLt@CÆOtBbNC[Wð쬷éB
- -Target[opengate]ÉÍAMRTGÉf[^ðn·½ßÌvOðÝu·éBȺÉÚ×ðྷéB
- - - -ȺÉOpengateð±üµ½Q[gEFCɨ¢ÄpóµðÄ·éêÌVFXNvgðL·B
- --#!/bin/sh - -####################################### -## -## shwo opengate status for MRTG -## -## 1 line : IPv6 Users -## 2 line : Total Users -## 3 line : uptime -## 4 line : comment for data -## -####################################### - -LANG=C -COLUMNS=256 - -export LANG -export COLUMNS - -### IPv6 prefix -prefix="2001:2f8:22:801:" - -### opengate process name -process="opengatesrv.cgi" - -### tmp file name -tmp_all="/tmp/og_count_all.tmp" -tmp_6="/tmp/og_count_6.tmp" - -###################################################### - -ps ax | grep $process > $tmp_all -COUNT=`wc -l $tmp_all | awk '{print $1}'` -grep $prefix $tmp_all > $tmp_6 -COUNT6=`wc -l $tmp_6 | awk '{print $1}'` -UPTIME=`uptime | awk '{print $3$4}' | sed -e "s/,//g"` - -rm $tmp_all -rm $tmp_6 - -echo "$COUNT6" -echo "$COUNT" -echo "$UPTIME" -echo "Opengate User Counter" - |
³çÉA±ÌVFXNvgðPÆÅÀsµAȺÌæ¤Èf[^ªæ¾Å«Ä¢é±ÆðmF·éB
- --5 -48 -10days -Opengate User Counter - |
ȺÉOT[oɨ¢ÄpóµðÄ·éêÌVFXNvgð¦·B
- --#!/bin/sh - -####################################### -## -## input data for MRTG -## -## 1 line : IPv6 Users -## 2 line : Total Users -## 3 line : uptime -## 4 line : comment for data -## -####################################### - -# tmp file name -file="/tmp/opengate.tmp" - -# URL of output.sh at opengate -url="http://opengate.saga-u.ac.jp/cgi-bin/output.sh" - -fetch -o $file $url &> /dev/null - -more $file - |
³çÉAÄ·éOpengateT[oɨ¢ÄACGIªÀsÂ\ÈfBNgÉÌæ¤ÈVFXNvgð -pÓ·éB±êðAãLÌVFXNvgÌ"url"Éwè·éB
- --#!/bin/sh - -####################################### -## -## shwo opengate status for MRTG -## -## 1 line : IPv6 Users -## 2 line : Total Users -## 3 line : uptime -## 4 line : comment for data -## -####################################### - -LANG=C -COLUMNS=256 - -export LANG -export COLUMNS - -### IPv6 prefix -prefix="2001:2f8:22:801:" - -### opengate process name -process="opengatesrv.cgi" - -### tmp file name -tmp_all="/tmp/og_count_all.tmp" -tmp_6="/tmp/og_count_6.tmp" - -######################################################3 - -ps ax | grep $process > $tmp_all -COUNT=`wc -l $tmp_all | awk '{print $1}'` -grep $prefix $tmp_all > $tmp_6 -COUNT6=`wc -l $tmp_6 | awk '{print $1}'` -UPTIME=`uptime | awk '{print $3$4}' | sed -e "s/,//g"` -rm $tmp_all -rm $tmp_6 - -echo "Content-type: text/plain; charset=iso-8859-1" -echo - -echo "$COUNT6" -echo "$COUNT" -echo "$UPTIME" -echo "Opengate User Counter" - |
OpengateT[oÉAÈãÌVFXNvgðpÓµ½ãÉAÄpÌOT[oɨ¢ÄA -input.shðPÆÅÀsµ½ÛÉAȺÌæ¤Èf[^ªæ¾Å«Ä¢é±ÆðmF·éB
- --5 -48 -10days -Opengate User Counter - |
ÈãÌÝ誮¹µ½ãÉAmrtgðÀs·é±ÆªÂ\©mF·éB
- --# /usr/local/bin/mrtg /usr/local/etc/mrtg/opengate.cfg - |
ÈãðÀs·éÆAPñÚÆQñÚÍlXÈWARNINGªoͳêéB
- -mrtgð¡ñÀsµãÉAWorkDirÉwèµ½fBNgÉȺÌt@Cª¶¬³êÄ¢êά÷Å éB
- --> ls -l --rw-r--r-- 1 root wheel 538 12 14 04:40 mrtg-l.png --rw-r--r-- 1 root wheel 414 12 14 04:40 mrtg-m.png --rw-r--r-- 1 root wheel 1759 12 14 04:40 mrtg-r.png --rw-r--r-- 1 root wheel 2941 12 20 15:15 opengate-day.png --rw-r--r-- 1 root wheel 2146 12 20 14:35 opengate-month.png --rw-r--r-- 1 root wheel 2867 12 20 14:55 opengate-week.png --rw-r--r-- 1 root wheel 1897 12 20 05:00 opengate-year.png --rw-r--r-- 1 root wheel 5961 12 20 15:15 opengate.html --rw-r--r-- 1 root wheel 48786 12 20 15:15 opengate.log --rw-r--r-- 1 root wheel 48784 12 20 15:10 opengate.old - |
ÈãÌÝ誮¹µ½Ì¿ÉAmrtgðcrontabÉæÁÄèúIÉÀs·éB
- -/etc/crontabÉÌsðÇÁ·éB
- --*/5 * * * * root /usr/local/bin/mrtg /usr/local/etc/mrtg/opengate.cfg - |
OT[oɨ¢ÄA¡ÌOpengateðÇ·éêÍAÝèt@CðV½É쬷éßö©çsȤB
- - - - - - diff --git a/opengate/doc/ja/install_ja.html b/opengate/doc/ja/install_ja.html deleted file mode 100644 index 2d15de2..0000000 --- a/opengate/doc/ja/install_ja.html +++ /dev/null @@ -1,1316 +0,0 @@ - - -OpengateÌCXg[èðȺɦ·B½¾µA¦ÍK{Úð¦µA»êÈOÌèÍKvɶÄsȤB
- -Q[gEFC}VƵÄANICðQÈã¿AFreeBSDðCXg[·é±ÆªÂ\ÈàÌðpÓ·éB
-FreeBSD 4.x,5.x,6.x̽ê©ðCXg[·éBãÉJ[lðÄ\z·éKvª éÌÅACXg[·é -DistributionsðIð·éÛÉDeveloper(Full sorces,binaries and doc)ðIðµÈ¯êÎÈçÈ¢B
-FreeBSDðCXg[µ½ãÉAQ[gEFCƵÄÌ@\ðLøÉ·é½ßÉA/etc/rc.confÉÌÝèðLq·é -BàµÍAFreeBSDðCXg[·éÛÉAQ[gEFCƵÄÌ@\ðLøÉ·é©Û©ðâíêéÌÅA±±Å -Q[gEFCÌ@\ðLøɵÄà\íÈ¢B
- -gateway_enable="YES" |
-
OpengateÌÅVÌpbP[WðKÈfBNgÉWJ·éBpbP[WÉÍȺÌfBNgªÜÜêéB
- -
--docFeí¶ -confFÝèt@CAt@CAEH[XNvg -javahtmlFNCAgJava AppletAHTMLt@C -opengatesrvFT[oCGIvO -- |
OpengatepbP[WÉÜÜêéopengatesrvfBNgÉMakefileªpÓ³êÄ¢éB -¯fBNgɨ¢ÄAOpengateÌRpCÆCXg[ìÆðsȤªARpC -ðsȤOÉAeíÝèðsȤKv ªéB
-Makefleɨ¢ÄAȺÌÚðÝèµÈ¯êÎÈçÈ¢B
- -ÈãÌÝèðI¦Ä©çARpCÆCXg[ðsȤB
- --#make -cc -DCONFIGFILE=\"/etc/opengatesrv.conf\" --DOPENGATEDIR=\"/opengate\" -DDENYDOC=\"deny.html\" --DDENYDOC=\"deny.html\" -DDENYDOCSSL=\"deny-ssl.html\" ------------------ ------------------ ------------------ -# make install - |
FØT[oÌÝèÉ¢ÄÍAA.3.2Å °½ACONFIGFILEÉæÁÄÝè·é±Æª -Â\Å éB
-ÝèÌÚ×É¢ÄÍAÝèt@Ciopengatesrv.confjàÉLq³êÄ¢éB
- - - -ipfwàµÍip6fwðp·é½ßÉÍAFreeBSDÌJ[lðÄ\z·éKvª éBFreeBSDCXg[É -J[lÌSÄÌ\[XðCXg[µÄ¢È¯êÎÈçÈ¢B
-ȺÌfBNgɨ¢ÄAOpengatepÌJ[lIvVð쬷éB
- --# cd /usr/src/sys/i386/conf -# cp GENERIC MYKERNEL - |
Rs[µ½J[lIvVÉAÌIvVðÇÁ·éB
- --options IPDIVERT - -options IPFIREWALL -options IPFIREWALL_FORWARD -options IPFIREWALL_VERBOSE -options IPFIREWALL_VERBOSE_LIMIT=100 - -options IPV6FIREWALL -options IPV6FIREWALL_VERBOSE -options IPV6FIREWALL_VERBOSE_LIMIT=100 - -options IPSEC -options IPSEC_ESP -options TCP_DROP_SYSFIN - |
IPDIVERTÉ¢ÄÍAIPv4ÌNATðp¢éêÉKvÅ éBܽAt@CAEH[Ì -OðKvƵȢêÍAVERBOSEÌÚÍsvÅ éB³çÉAIPSECðKvƵȢêÍA -IPSECÌÚÍsvÅ éB
-±êçÌIvVðÇÁµ½ãÉAJ[lÌRpCÆCXg[ðsȤB
- --# config MYKERNEL -# cd ../compile/MYKERNEL -# make depend -# make -# make install - |
FreeBSD 6.xÅÍA"make depend"ðÀs·éOÉA"make clean"ªv³êéêà éÌÅAÓ·éB
- -Ä\zµ½J[lÉæÁÄAt@CAEH[ðLøÉ·é½ßÉ/etc/rc.confÉȺÌIvVð -Lq·éB
- --firewall_enable="YES" -firewall_script="/etc/rc.firewall" - -ipv6_firewall_enable="YES" -ipv6_firewall_script="/etc/rc.firewall6" - -natd_enable="YES" -natd_interface="em0" - |
IPv4/6»ê¼êÌt@CAEH[ðLøɵA»ê¼êÌt@CAEH[Ì[ðLqµ½ -XNvgðwè·éBܽANATªKvÅ éêÍAnatdðLøɵAAhXÏ·ðs¤ -C^tF[XÌIDðwè·éB
- - - - -OpengateÌ®ì̽ßÉKØÉt@CAEH[Ì[ðLqµÈ¯êÎÈçÈ¢B -ȺÉLq·×«[Ìái/etc/rc.firewalljð¦·B
- --### set these to your outside interface network and netmask and ip -oif="em0" -onet="192.168.0.0" -omask="255.255.255.0" -oip="192.168.0.34" - -### set these to your inside interface network and netmask and ip -iif="bge0" -inet="192.168.55.0" -imask="255.255.255.0" -iip="192.168.55.1" - -fwcmd="/sbin/ipfw" - -### divert packet to NATD -$fwcmd add 1 divert natd ip from any to any via ${oif} - -### Stop spoofing -$fwcmd add deny all from ${inet}:${imask} to any in via ${oif} -$fwcmd add deny all from ${onet}:${omask} to any in via ${iif} - -### Stop http from softeather -$fwcmd add deny tcp from 192.168.0.0:255.255.255.0 to ${oip} 80 -$fwcmd add deny tcp from 192.168.0.0:255.255.255.0 to ${oip} 443 - -### Allow from / to myself -$fwcmd add pass all from ${iip} to any via ${iif} -$fwcmd add pass all from ${oip} to any via ${oif} -$fwcmd add pass all from any to ${iip} via ${iif} -$fwcmd add pass all from any to ${oip} via ${oif} - -### Allow DNS queries out in the world -### (if DNS is on localhost, delete passDNS) -$fwcmd add pass udp from any 53 to any -$fwcmd add pass udp from any to any 53 -$fwcmd add pass tcp from any to any 53 -$fwcmd add pass tcp from any 53 to any - -### Forwarding http connection from unauth client -$fwcmd add 60000 fwd localhost tcp from ${inet}:${imask} to any 80 -$fwcmd add 60010 fwd localhost tcp from ${inet}:${imask} to any 443 - -### Allow TCP through if setup succeeded -$fwcmd add 60100 pass tcp from any to any established - |
Opengateð®ì³¹éÛA[Ô60000,60010,60100ªdvÆÈéBFØy[Wð -\¦³¹é½ßÉAHTTP,HTTPSNGXgÍOpengateÌWebT[oÉ]µÈ¯êÎÈçÈ¢B -ܽAùÉm§³êÄ¢éTCPÚ±ÉÖµÄÍAOpengateÉæéÊMH½ãàpÂ\Æ·é½ßA -60100Ì[ðÇÁ·éB
- -ÈãA¦µ½áÍOpengateð®ì³¹é½ßÌÝèáÅ éBÀÛÉOpengateð±ü·éÛÉÍA -ipfwÌ®ìðnmµ½ãAeílbg[NÉKµ½t@CAEH[ðÝu·é±Æª]ܵ¢B
- - - - -OpengateÌ®ì̽ßÉKØÉt@CAEH[Ì[ðLqµÈ¯êÎÈçÈ¢B -ȺÉLq·×«[Ìái/etc/rc.firewall6jð¦·B
- --### set these to your outside interface network and prefixlen and ip -oif="em0" -onet="2001:e38:3661:1a0::" -oprefixlen="64" -oip="2001:e38:3661:1a0::34" - -### set these to your inside interface network and prefixlen and ip -iif="bge0" -inet="2001:e38:3661:1a5::" -iprefixlen="64" -iip="2001:e38:3661:1a5::1" - -### path to command "ip6fw" -fw6cmd="/sbin/ip6fw" - -${fw6cmd} add pass all from ${iip} to any -${fw6cmd} add pass all from any to ${iip} -${fw6cmd} add pass all from ${oip} to any -${fw6cmd} add pass all from any to ${oip} - -### Allow RA RS NS NA Redirect... -${fw6cmd} add pass ipv6-icmp from any to any - -# Allow IP fragments to pass through -${fw6cmd} add pass all from any to any frag - -# Allow RIPng -${fw6cmd} add pass udp from fe80::/10 521 to ff02::9 521 -${fw6cmd} add pass udp from fe80::/10 521 to fe80::/10 521 - -### Allow TCP through if setup succeeded -${fw6cmd} add 60100 pass tcp from any to any established - -# TCP reset notice message -${fw6cmd} add 60200 reset tcp from any to any 80 -${fw6cmd} add 60300 reset tcp from any to any 443 - |
ip6fwÍAipfwÆÍÙÈè]ðs¤±ÆªÅ«È¢B»±ÅAOpengateÅÍ -IPv6ÌHTTPNGXgª^CAEgµAIPv4ÌHTTPNGXgð]µAFØ -ðs¤dgÝðÆÁÄ¢éB½¾µAFreeBSD 5.2È~ÅÍAip6fwÅTCP resetª -À³êĨèAIPv6 TCPpPbgÉεÄBs\bZ[WðÔ·±ÆªÂ\Å - éB[Ô60200,60300Ìæ¤ÉATCP resetðp·é±ÆÉæÁÄAIPv6 HTTP -NGXgª^CAEg·éÜÅÌÔðÒÂKvªÈÈéB
- -ܽAIPv6ÅÍDHCPÌÖíèÉRAÉæÁÄIPv6AhX𩮶¬µAoHîñ -Êmf[ÈÇAICMPâ»Ì¼ÌvgR̵¢ÉCð¯ȯêÎÈçÈ¢B -ipfwƯlÉAip6fwÉ¢Äà®ìðnmµ½ãÅAeílbg[NÉKµ½ -t@CAEH[ðÝu·é±Æª]ܵ¢B
- - - -OpengateÅÍAIPv6ðT|[gµ½Apache2ªK{Å éBܽAFØðs¤±Æ©ç -SSLðT|[g·é±Æª]ܵ¢BApache2ÍWÅSSLðT|[gµÄ¢éÌÅAmod_ssl -ðÊrCXg[·éKvÍÈ¢B
-ȺÉAportsðpµÄCXg[·éèðȺÉL·B
- --# cd /usr/ports/www/apache2 -# make clean -===> Cleaning for autoconf-2.53_1 -===> Cleaning for libtool-1.3.5_1 -===> Cleaning for m4-1.4_1 -===> Cleaning for help2man-1.29 -===> Cleaning for expat-1.95.6_1 -===> Cleaning for apache-2.0.48_3 -# make install clean ; rehash - |
CXg[ìƪ®¹µ½ãAApache2ÌN®ÆSSLðLøÉ·é½ßÉA -ȺÌÚð/etc/rc.confÉLq·éB
- --apache2_enable="YES" -apache2ssl_enable="YES" - |
Apache2ð\[X©çCXg[·éèðȺÉL·B
-Apache2Ì\[XÍAftp.apache.or.jp©çæ¾·é±ÆªÂ\Å éBܽA -Apache2ðRpC·éÛÉASSLW [ðLøÉ·éKvª éBܽA -\[X©çCXg[µ½ÛÍAWÅ/usr/local/apache2fBNgȺÉCXg[³êéB
- --# tar xvfz httpd-2.0.55.tar.gz -# cd httpd-2.0.55 -# ./configure --enable-modules="so ssl" -# make -# make install - |
Apache2ÅASSLðp·é½ßÉ駮ÆؾðpÓ·éKvª éB³KÌFØÇ©ç -s³ê½Ø¾ðpÓ·é±Æª]ܵ¢ªA©È¼ðsÁ½Ø¾Æ駮Åà\ªÉ -ZL eBðmÛ·é±ÆªÂ\Å éB
- -OpengateÅÍAñÂÌFQDNðp·é±Æ©çA»ê¼êÌFQDNÉηéØ¾Æ -駮ªKvÆÈéBȺÉA駮Æؾð쬷éèð¦·B
- --# cd /usr/local/etc/apache2 -# mkdir ssl.key ssl.crt -# chmod 700 ssl.key ssl.crt - -# /usr/bin/openssl genrsa -out /usr/local/etc/apache2/ssl.key/server1.key 1024 -# /usr/bin/openssl genrsa -out /usr/local/etc/apache2/ssl.key/server2.key 1024 - |
ãLɨ¢Ä쬵½é§®ðp¢Ä¼µ½Ø¾ð쬷éB
- --# /usr/bin/openssl req -new -x509 -days 365 \ - -key /usr/local/etc/apache2/ssl.key/server1.key \ - -out /usr/local/etc/apache2/ssl.crt/server1.crt - -You are about to be asked to enter information that will be incorporated -into your certificate request. -What you are about to enter is what is called a Distinguished Name or a DN. -There are quite a few fields but you can leave some blank -For some fields there will be a default value, -If you enter '.', the field will be left blank. ------ -Country Name (2 letter code) [AU]:JP -State or Province Name (full name) [Some-State]:Saga -Locality Name (eg, city) []:Saga-city -Organization Name (eg, company) [Internet Widgits Pty Ltd]:Saga-university -Organizational Unit Name (eg, subsection) []:Information Science -Common Name (eg, YOUR name) []:opengate.is.saga-u.ac.jp -Email Address []:administrator@opengate.is.saga-u.ac.jp - -Please enter the following 'extra' attributes -to be sent with your certificate request -A challenge password []: -An optional company name []: - -# /usr/bin/openssl req -new -x509 -days 365 \ - -key /usr/local/etc/apache2/ssl.key/server2.key \ - -out /usr/local/etc/apache2/ssl.crt/server2.crt - -You are about to be asked to enter information that will be incorporated -into your certificate request. -What you are about to enter is what is called a Distinguished Name or a DN. -There are quite a few fields but you can leave some blank -For some fields there will be a default value, -If you enter '.', the field will be left blank. ------ -Country Name (2 letter code) [AU]:JP -State or Province Name (full name) [Some-State]:Saga -Locality Name (eg, city) []:Saga-city -Organization Name (eg, company) [Internet Widgits Pty Ltd]:Saga-university -Organizational Unit Name (eg, subsection) []:Information Science -Common Name (eg, YOUR name) []:opengate4.is.saga-u.ac.jp -Email Address []:administrator@opengate.is.saga-u.ac.jp - -Please enter the following 'extra' attributes -to be sent with your certificate request -A challenge password []: -An optional company name []: - |
OpengateÅÍAñÂÌFQDNðp¢éB±êæèAApache2ÅÍñÂÌFQDNÉηé½ßÉ -o[`zXgÌÝèðs¤Kvª éB
-Apache2Ìo[`zXgÉÍAIPx[XÌo[`zXgÆAl[x[XÌo[` -zXgÌñíÞª éBµ©µAl[x[XÌo[`zXgðp¢½êAæqµ½ -o[`zXgÉ¢ĵ©SSLðs¤±ÆªÅ«È¢B
-OpengateÍAñÂÈãÌNICðµAñÂÈãÌIPAhXðµÄ¢éÌ͸ÈÌÅA -IPx[XÌo[`zXgªKpÂ\Å éB
- -ȺÉAIPx[XÌo[`zXgðKpµ½êÌÝèá -i/usr/local/etc/httpd.conf,ssl.confj
- -httpd.conf |
-NameVirtualHost 192.168.55.1:80 -<VirtualHost 192.168.55.1:80> - ServerAdmin administrator@opengate.is.saga-u.ac.jp - DocumentRoot /usr/local/www - ServerName opengate.is.saga-u.ac.jp - ErrorLog "|/usr/bin/logger -p local6.info" - CustomLog "|/usr/bin/logger -p local5.info" combined -</VirtualHost> - -NameVirtualHost [2001:e38:3661:1a5::1]:80 -<VirtualHost [2001:e38:3661:1a5::1]:80> - ServerAdmin administrator@opengate.is.saga-u.ac.jp - DocumentRoot /usr/local/www - ServerName opengate.is.saga-u.ac.jp - ErrorLog "|/usr/bin/logger -p local6.info" - CustomLog "|/usr/bin/logger -p local5.info" combined -</VirtualHost> - -NameVirtualHost 192.168.0.34:80 -<VirtualHost 192.168.0.34:80> - ServerAdmin administrator@opengate.is.saga-u.ac.jp - DocumentRoot /usr/local/www - ServerName opengate4.is.saga-u.ac.jp - ErrorLog "|/usr/bin/logger -p local6.info" - CustomLog "|/usr/bin/logger -p local5.info" combined -</VirtualHost> - |
ssl.conf |
-NameVirtualHost 192.168.55.1:443 -<VirtualHost 192.168.55.1:443> - DocumentRoot "/usr/local/www" - ServerName opengate.is.saga-u.ac.jp:443 - ServerAdmin administrator@opengate.is.saga-u.ac.jp - ErrorLog "|/usr/bin/logger -p local6.info" - CustomLog "|/usr/bin/logger -p local5.info" combined - - SSLEngine on - SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL - SSLCertificateFile /usr/local/etc/apache2/ssl.crt/server1.crt - SSLCertificateKeyFile /usr/local/etc/apache2/ssl.key/server1.key -</VirtualHost> - -NameVirtualHost [2001:e38:3661:1a5::1]:443 -<VirtualHost [2001:e38:3661:1a5::1]:443> - DocumentRoot "/usr/local/www" - ServerName opengate.is.saga-u.ac.jp:443 - ServerAdmin administrator@opengate.is.saga-u.ac.jp - ErrorLog "|/usr/bin/logger -p local6.info" - CustomLog "|/usr/bin/logger -p local5.info" combined - - SSLEngine on - SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL - SSLCertificateFile /usr/local/etc/apache2/ssl.crt/server1.crt - SSLCertificateKeyFile /usr/local/etc/apache2/ssl.key/server1.key -</VirtualHost> - -NameVirtualHost 192.168.0.34:443 -<VirtualHost 192.168.0.34:443> - DocumentRoot "/usr/local/www" - ServerName opengate4.is.saga-u.ac.jp:443 - ServerAdmin administrator@opengate.is.saga-u.ac.jp - ErrorLog "|/usr/bin/logger -p local6.info" - CustomLog "|/usr/bin/logger -p local5.info" combined - - SSLEngine on - SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL - SSLCertificateFile /usr/local/etc/apache2/ssl.crt/server2.crt - SSLCertificateKeyFile /usr/local/etc/apache2/ssl.key/server2.key -</VirtualHost> - |
ãLÌÝèáÍAo[`zXgÌÝè̽ßÌfBNeBuÌÝLqµÄ¢éB -±Ì¼Éà½ÌÚðÝèµÈ¯êÎÈçÈ¢ÌÅAApache2ÌÝèðnmµ½ãÅ -Ýè·é±Æª]ܵ¢B
- - - - -OpengateÅÍApÒ[©çM³êÄéHTTPNGXgðAOpengateªÂ -WebT[oÉ]·é±ÆÉæÁÄAFØy[WðñµÄ¢éB±Ì½ßApÒ[ -©çM³êÄéHTTPNGXgÍ\ú·é±ÆªÅ«È¢BæÁÄAÇÌæ¤È -HTTPNGXgÉεÄàAFØy[WðÔ·½ßÉA/usr/local/etc/httpd.confÉ -HTTP_ERROR 404ª¶µ½êÉADocumentRootðÔ·æ¤ÉÝè·éB
- --ErrorDocument 404 / - |
Opengateð±ü·élbg[NÅÍApÒ[ªpÉÉüêÖíé±Æª\ªÅ«éB -»±ÅAlXÈpÒ[Éεĩ®IÉIPv4AhXðèÄé±ÆªÅ«éDHCPT[oð -±ü·é±Æª]ܵ¢B
-ȺÉisc-dhcp3ÌCXg[èðL·B
- --# cd /usr/ports/net/isc-dhcp3-server -# make -===> Cleaning for isc-dhcp3-server-3.0.1.r14_3 -# make install clean ; rehash - |
CXg[ìƪ®¹·éÆA/usr/local/etcȺÉdhcpd.conf.sampleª¶¬³êÄ¢éB -¯fBNgÉdhcpd.confƵÄRs[µAdhcpdpÌÝèt@Cð쬷éB
-ȺÉAÝèáð¦·B
- --option domain-name "ai.is.saga-u.ac.jp"; -option domain-name-servers 192.168.0.2; -option subnet-mask 255.255.255.0; -option broadcast-address 192.168.55.255; -option routers 192.168.55.1; - -default-lease-time 600; -max-lease-time 7200; -ddns-update-style none; -log-facility local7; - -subnet 192.168.55.0 netmask 255.255.255.0 { - range 192.168.55.100 192.168.55.200; -} - |
ܽAdhcpdð©®N®·é½ßÉA/etc/rc.confÉȺÌÚðLq·éB
- --dhcpd_enable="YES" -dhcpd_ifaces="bge0" -dhcpd_conf="/usr/local/etc/dhcpd.conf" - |
dhcpd_ifacesÉ¢ÄÍAdhcpðM·éC^tF[XIDðLq·éB
- - - -Opengate̽ßÉñÂÌFQDNðpӵȯêÎÈçÈ¢Bù¶ÌDNSÉOpengatepÌ -FQDNðo^·é±ÆÅàðÅ«éBµ©µANATÈÇðp¢ÄAhXÏ·ðs¤êð -l¦éÆAvCx[glbg[NÌAhXðOÌDNSÉo^·é±ÆÍ]ܵȢB -»±ÅAOpengatepÌ}VÉDNSð±ü·é±Æàl¦çêéB
-ȺÉABIDN9ðCXg[·éèðL·B
- --# cd /usr/ports/dns/bind9/ -# make clean -===> Cleaning for bind9-9.3.1 -# make install clean ; rehash - |
CXg[ª®¹·éÆA/etc/namedb(/var/named/etc/namaedb)ȺÌfBNgÉ -eíÝèt@Cª¶¬³êéB
- - - - -BIND9ÅÍAZL eBðmÛ·é½ßÉFØL[ðÝèµArndcR}hðp¢Änamedð§ä·éB
-»±ÅAܸFØL[Ìì¬ðs¤BFØ@[Ìì¬èðȺɦ·B
- --# /usr/local/sbin/dnssec-keygen -a hmac-md5 -b 512 -n user rndc - |
ÈãÌìÆɨ¢ÄA"out of entropy"Æ¢¤G[ª¶·éêÍAÌû@Å -FØL[ð쬷éB
- --# /usr/local/sbin/dnssec-keygen -r /dev/urandom -a hmac-md5 -b 512 -n user rndc - |
FØL[Ìì¬É¬÷·éÆAÌñÂÌt@Cª¶¬³êéB½¾µAt@C¼É -ÜÜêéÍ_ɶ¬³êéB
- -Krndc.+157+60849.key
Krndc.+157+60849.private
BIND9ÌCXg[ãÉA/usr/local/etc/rndc.conf.sampleÆ¢¤t@Cª¶¬³êÄ¢éB -±Ìt@CðRs[µÄA/usr/local/etc/rndc.confð쬷éB
-»µÄArndc.confÌkeyfBNeBuðÒW·éBkeyfBNeBuÅÍAFØL[Ì -ASYƶ¬µ½FØL[ðwèµÈ¯êÎÈçÈ¢BFØL[ÍsecretÌÚÉwè·éB -ܽAFØL[ƤÉ쬵½
Krndc.+157+60849.privateÌkeyÚÉ\¦³êÄ -¢éàÌðwè·éB - -
-options { - default-server localhost; - default-key "key"; -}; - -server localhost { - key "key"; -}; - -key "key" { - algorithm hmac-md5; - secret "..."; -}; - |
¡ñÌDNST[oÍAOpengateð±ü·élbg[NÌÝÉT[rXðs¤àÌÅ éBµ©µA -Ýèt@CÌp[~bVÉ\ªÓµAFØL[Ìt@CÍT[oãÉÛ¶¹¸ÉA -íàµÍvgAEgµÄµdÉÛ¶·é±Æª]ܵ¢B
- - - - -namedÌåÈ®ìð§ä·é½ßÌÝèt@C/etc/namedb/named.confÌÝèðs¤B
-ܸAFØL[ÌÝè̽ßÉkeyfBNeBuÌÝèªKvÅ éBOqµ½rndc.confÌ -keyfBNeBuƯlÌÝèðµÈ¯êÎÈçÈ¢B
- --key "rndc_key" { - algorithm hmac-md5; - secret "..."; -}; - -controls { - inet ::1 allow { - ::1; - } - keys { - "rndc_key"; - }; - inet 127.0.0.1 allow { - 127.0.0.1; - } - keys { - "rndc_key"; - }; -}; - |
ܽAkeyfBNeBuÉ¢ÄÍÊt@CÉLqµAnamed.confÅinclude -·é±Æª]ܵ¢BÊt@CÉLq·éêÍAp[~bVÌÝèæÁijçÉ -ZL eBðßé±ÆªÂ\ÆÈéB
-ÉAoptionsfBNeBuÌÝèðs¤B
- --options { - directory "/etc/namedb"; - pid-file "/var/run/named/named.pid"; - auth-nxdomain yes; - listen-on-v6 { any; }; -}; - |
named.pidt@CðufBNgÍKÉ쬷éKvª éB
- - - - -OpengateÅÇ·éhCÉ¢ÄÝèðs¤BehCÍnamed.confÌzonefBNeBuÉ -æÁÄdzêéBܽABIND9ÅÍviewÆ¢¤fBNeBuªÀ³êĨèA±ÌqfBNeBuÉ -zoneƵÄÝè·é±ÆÉæÁÄADNSâ¢í¹³ÌIPAhXâhCÉæÁÄÔ·ézoneð -ÏX·é±ÆªÂ\ÆÈéB
- --view "og" { - match-clients - { - 10.0.0.0/16; - }; - - recursion yes; - - zone "." { - type hint; - file "named.root"; - }; - - zone "og.saga-u.ac.jp" { - type master; - file "og.saga-u.ac.jp"; - }; - - zone "0.0.127.IN-ADDR.ARPA" { - type master; - file "master/localhost.rev"; - }; - - // RFC 3152 - zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.\ - 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA" { - type master; - file "master/localhost-v6.rev"; - }; - - // RFC 1886 -- deprecated - zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.\ - 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.INT" { - type master; - file "master/localhost-v6.rev"; - }; -}; - |
ÈãÌÝèɨ¢ÄA"og.saga-u.ac.jp"Æ¢¤zoneðÝèµ½B±ÌÝèɨ¢ÄA -hC"og.saga-u.ac.jp"É®·ézXgðÝèµ½og.saga-u.ac.jpÆ¢¤t@Cð -ÇÝÞæ¤ÉÝèµÄ¢éB»±ÅAog.saga-u.ac.jpÆ¢¤AÌæ¤Èt@Cð -pÓ·éB
- --$TTL 3600 -$ORIGIN og.saga-u.ac.jp. - -@ IN SOA ns.og.saga-u.ac.jp. postmaster ( - 2005051702 ; - 3600 - 1200 - 2419200 - 86400 ) - IN NS ns.og.saga-u.ac.jp. - IN A 10.0.0.2 - IN MX 10 opengate.og.saga-u.ac.jp. - -ns IN A 10.0.0.2 - -opengate IN A 10.0.0.2 - AAAA 2001:2f8:10:1::1 - -opengate4 IN A 133.49.1.2 - |
ÈãASÄÌÝ誮¹µ½ãÉAN®mFðs¤B
- --# /usr/local/sbin/named/ -u bind -c /etc/namedb/named.conf - |
ÈãðÀsµAâèÈnamedªN®µÄ¢êά÷Å éBN®mFÅâèªÈ¯êÎA -/etc/rc.confÉȺÌÚðLqµA©®N®·éæ¤ÉÝè·éB
- --named_enable="YES" -named_program="/usr/local/sbin/named" -named_flags="-u bind -c /etc/namedb/named.conf" - |
DNST[oÍǪ¡GÅ é½ßA±Ì¼Ì¿àQlɵA}j Að -nǵ½ãÅÝè·é±Æª]ܵ¢B
- - -Opengate ÌpóµðÄ·é½ßÉAMRTGðp¢é±ÆªÂ\Å éBpóµÌÄðsÈíÈ¢êÍA -MRTGÌCXg[ÍsvÅ éB
- -MRTG(Multi Router Traffic Grapher)ÆÍA{lbg[NÌ×ðÄ·éc[Å éB -SNMPG[WFgæègtBbNÌlðæ¾µAOtBbNC[WðÜÞHTMLy[W𶬷éB -Ú×
- -MRTGðp¢ÄAOpengateÌpóµðÄ·éÉ ½ÁÄÍAOpengateð±üµ½Q[gEFCɨ¢Ä -MRTGðCXg[µÄà\íÈ¢ªAÄpÌÊÌT[oÉCXg[µÄà\íÈ¢BܽA -OpengateðªUzu·éæ¤ÉÝv³êÄ¢é½ßA¡ÌOpengateðÇ·éÉ ½ÁÄÍÄpÌT[oÉ -¨¢ÄMRTGðCXg[·é±Æð§·éB
- -ȺÉAMRTGðportsðp¢ÄCXg[·éèð¦·B
- --# cd /usr/ports/net-mgmt/mrtg/ -# make clean -===> Cleaning for mrtg-2.12.2,1 -# make install clean ; rehash - |
MRTGÌCXg[ª®¹·éÆA/usr/local/etc/mrtg/ȺÉÝèt@CªpÓ³êÄ¢éB -¯fBNgÉAopengate.cfgƵÄV½ÉÝèt@CðpÓ·éB
- --################################################## -# opengate user counter - -WorkDir: /usr/home/user/public_html/mrtg/opengate/ -Language: euc-jp - -##### IvV -# growright: X²Ì´_ð¶É integer: ®\¦ info: 3,4ÔÚÌoÍÌñ\¦ -# gauge: »ÝÌl=üÍl-OñÌüÍlðµÈ¢ nopercent: p[Zgñ\¦ -Options[^]: growright,gauge,nopercent,integer - -Target[opengate]:`/usr/home/user/bin/input.sh` -Title[opengate]: Opengate user counter - -PageTop[opengate]: <h1>Opengate user counter</h1> - <p>Opengate12 ðpµÄ¢élð\¦µÄ¢Ü·B</p> - -# lÌãÀ -MaxBytes[opengate]: 200 -# eOtɨ¢ÄAOtÌãÀðlÌÅålÅÈlÌãÀÉ·é -#Unscaled[opengate]: ymwd - -# OtÌY²ÉÂ^Cg -YLegend[opengate]: Opengate User -# lÌPÊ -ShortLegend[opengate]: l -# lÌ^Cg LegendI: 1ÔÚ LegendO: 2ÔÚ -LegendI[opengate]: IPv6 Users -LegendO[opengate]: Total Users - |
WorkDirÉwèµ½fBNgð쬷éB¯fBNgÉAMRTGªeíHTMLt@CÆOtBbNC[Wð쬷éB
- -Target[opengate]ÉÍAMRTGÉf[^ðn·½ßÌvOðÝu·éBȺÉÚ×ðྷéB
- - - - -ȺÉOpengateð±üµ½Q[gEFCɨ¢ÄpóµðÄ·éêÌVFXNvgðL·B
- --#!/bin/sh - -####################################### -## -## shwo opengate status for MRTG -## -## 1 line : IPv6 Users -## 2 line : Total Users -## 3 line : uptime -## 4 line : comment for data -## -####################################### - -LANG=C -COLUMNS=256 - -export LANG -export COLUMNS - -### IPv6 prefix -prefix="2001:2f8:22:801:" - -### opengate process name -process="opengatesrv.cgi" - -### tmp file name -tmp_all="/tmp/og_count_all.tmp" -tmp_6="/tmp/og_count_6.tmp" - -###################################################### - -ps ax | grep $process > $tmp_all -COUNT=`wc -l $tmp_all | awk '{print $1}'` -grep $prefix $tmp_all > $tmp_6 -COUNT6=`wc -l $tmp_6 | awk '{print $1}'` -UPTIME=`uptime | awk '{print $3$4}' | sed -e "s/,//g"` - -rm $tmp_all -rm $tmp_6 - -echo "$COUNT6" -echo "$COUNT" -echo "$UPTIME" -echo "Opengate User Counter" - |
³çÉA±ÌVFXNvgðPÆÅÀsµAȺÌæ¤Èf[^ªæ¾Å«Ä¢é±ÆðmF·éB
- --5 -48 -10days -Opengate User Counter - |
ȺÉOT[oɨ¢ÄpóµðÄ·éêÌVFXNvgð¦·B
- --#!/bin/sh - -####################################### -## -## input data for MRTG -## -## 1 line : IPv6 Users -## 2 line : Total Users -## 3 line : uptime -## 4 line : comment for data -## -####################################### - -# tmp file name -file="/tmp/opengate.tmp" - -# URL of output.sh at opengate -url="http://opengate.saga-u.ac.jp/cgi-bin/output.sh" - -fetch -o $file $url &> /dev/null - -more $file - |
³çÉAÄ·éOpengateT[oɨ¢ÄACGIªÀsÂ\ÈfBNgÉÌæ¤ÈVFXNvgð -pÓ·éB±êðAãLÌVFXNvgÌ"url"Éwè·éB
- --#!/bin/sh - -####################################### -## -## shwo opengate status for MRTG -## -## 1 line : IPv6 Users -## 2 line : Total Users -## 3 line : uptime -## 4 line : comment for data -## -####################################### - -LANG=C -COLUMNS=256 - -export LANG -export COLUMNS - -### IPv6 prefix -prefix="2001:2f8:22:801:" - -### opengate process name -process="opengatesrv.cgi" - -### tmp file name -tmp_all="/tmp/og_count_all.tmp" -tmp_6="/tmp/og_count_6.tmp" - -######################################################3 - -ps ax | grep $process > $tmp_all -COUNT=`wc -l $tmp_all | awk '{print $1}'` -grep $prefix $tmp_all > $tmp_6 -COUNT6=`wc -l $tmp_6 | awk '{print $1}'` -UPTIME=`uptime | awk '{print $3$4}' | sed -e "s/,//g"` -rm $tmp_all -rm $tmp_6 - -echo "Content-type: text/plain; charset=iso-8859-1" -echo - -echo "$COUNT6" -echo "$COUNT" -echo "$UPTIME" -echo "Opengate User Counter" - |
OpengateT[oÉAÈãÌVFXNvgðpÓµ½ãÉAÄpÌOT[oɨ¢ÄA -input.shðPÆÅÀsµ½ÛÉAȺÌæ¤Èf[^ªæ¾Å«Ä¢é±ÆðmF·éB
- --5 -48 -10days -Opengate User Counter - |
ÈãÌÝ誮¹µ½ãÉAmrtgðÀs·é±ÆªÂ\©mF·éB
- --# /usr/local/bin/mrtg /usr/local/etc/mrtg/opengate.cfg - |
ÈãðÀs·éÆAPñÚÆQñÚÍlXÈWARNINGªoͳêéB
- -mrtgð¡ñÀsµãÉAWorkDirÉwèµ½fBNgÉȺÌt@Cª¶¬³êÄ¢êά÷Å éB
- --> ls -l --rw-r--r-- 1 root wheel 538 12 14 04:40 mrtg-l.png --rw-r--r-- 1 root wheel 414 12 14 04:40 mrtg-m.png --rw-r--r-- 1 root wheel 1759 12 14 04:40 mrtg-r.png --rw-r--r-- 1 root wheel 2941 12 20 15:15 opengate-day.png --rw-r--r-- 1 root wheel 2146 12 20 14:35 opengate-month.png --rw-r--r-- 1 root wheel 2867 12 20 14:55 opengate-week.png --rw-r--r-- 1 root wheel 1897 12 20 05:00 opengate-year.png --rw-r--r-- 1 root wheel 5961 12 20 15:15 opengate.html --rw-r--r-- 1 root wheel 48786 12 20 15:15 opengate.log --rw-r--r-- 1 root wheel 48784 12 20 15:10 opengate.old - |
ÈãÌÝ誮¹µ½Ì¿ÉAmrtgðcrontabÉæÁÄèúIÉÀs·éB
- -/etc/crontabÉÌsðÇÁ·éB
- --*/5 * * * * root /usr/local/bin/mrtg /usr/local/etc/mrtg/opengate.cfg - |
OT[oɨ¢ÄA¡ÌOpengateðÇ·éêÍAÝèt@CðV½É쬷éßö©çsȤB
- - - - - \ No newline at end of file diff --git a/opengate/doc/ja/style.css b/opengate/doc/ja/style.css deleted file mode 100644 index 50549bb..0000000 --- a/opengate/doc/ja/style.css +++ /dev/null @@ -1,35 +0,0 @@ - -body { - width : 800px; - margin-left:30px; -} - -p { - text-indent : 10px; -} - -table { - border-style : solid; - border-bottom-color : #CCCCCC; - border-width : thin; - width : 90%; - border-spacing : 10px; -} - -.anchor { - font-size : xx-small; - vertical-align : super; -} - -.list_alpha { - list-style-type : upper-alpha; -} -.list_num { - list-style : decimal; -} - -.list_none { - list-style : none; - font-weight : bold; -} - diff --git a/opengate/doc/progflow.html b/opengate/doc/progflow.html deleted file mode 100644 index 02be3da..0000000 --- a/opengate/doc/progflow.html +++ /dev/null @@ -1,139 +0,0 @@ - - -("opengate4.saga-u.ac.jp" has only IPv4 address. "opengate.saga-u.ac.jp" has both -an IPv6 address and an IPv4 address.)
- --There are many incidents such as computer cracking or copyright infringement in the network. The organization might be caughted by many troubles caused by such incidents. In these cases, it is needed to identify the related person. The other reason is the restriction required by payment or aim of the network -- -
-Unified system can depend on such function. But it cannot be applied to the open network envoronment where various hardwares and users are connected with various formats, such as wireless connection of his/her own portable PC. -- -
-Yes it is essential. But to prevent trouble occured by unknown user of your site, authentication and usage log systems are required. -- -
-It is difficult for network control section to maintain many terminals distributed in wide campus. Moreover there are already various terminals settled by various sections. Some do not have such function and some are leaved with no control. -- -
-The log does not include user identification. -- -
-The cost might be large to maitain the matching between user and MAC address. -- -
-The merits of Opengate are as follows. Wide applicability about terminals, such as its hardware, software, management and connection. Minimum cost for user guidance and management. Easy implementation to existing network. Quick open at start usage and quick close at stop usage. -- -
-For example, it might be used as the gateway from intra-net to extra-net or the contrary. -- -
-The no Java user can enters the usage duraion in auth page. To cope with hijacking and notting, the connection state is checked periodically by ARP command and packet count passing the firewall. The user can also close the network by clicking the TERMINATE link in accept page. - -- - -
-Yes. But do not use the host station having NAT. -- -
-Yes. But do not insert NAT between the server and client. -- -
-Yes. But the address is restricted to the one aquired from server on ethernet. -- -
-The both can be realized by firewall rule set. -- -
-Firewall can be controled by Perl script. If the user rank is discriminated with userID pattern, authentication server, or IP address, it might be done. The function is added in Ver.0.80. -- -
-It is needed to register to an authentication server. As the system comminucates with plural servers, you can make specific server for temporal users and maintain it. -- -
-Yes. Communication between client and opengate server can be protected by SSL. Communication between opengate server and authentication server can be protected by secure auth protocol.We implement pop3s, radius, and pam(which supports many secure protocols). -- -
-We are using the system in environments including active 50 or above terminals. -- -
-See other document. -- -
-Yes it is permitted under GPL. -- -
-As the web pages are described in html files, it is easy to modify the design. -- - -
-IP spoofing has no merit, because the system permits the address from which user information sended. DoS can be avoided, because each client uses different port in the system. -- -
-Sorry. I am trying to order. -- -
-No. The system uses ipfw command which is specific to FreeBSD. The ipchains command in Linux can be used instead of ipwf. -- -
-Yes. But in the present version, we take priority on simplicity of program. -- - -
-It might be realized by controlling both ipfw and ip6fw. But, in ipv4/IPv6 dual stack state, it is not so easy to get all IP addresses for the requested terminal. Thus, it is not yet programmed. - -For the present, following method might be the solution, though there is a restriction. Modify the ipfw control script opengatefw.pl as to allow IPv6 packet from/to the requested terminal's MAC address. The method can be used when the gateway and the terminal stay in the same ethernet link. -- -
-elbg[NÍA»ÌÝuï|ÆoïSÉ]Á½pªßçêÜ·BµÄ©RpªOñÅÍ èܹñB³çÉAC^[lbgãÅÍAîæâ¼\As³A^bN̽ÐïIs®ª¶µÄ¢Ü·BgDƵÄÍ»Ìæ¤Ès®ð\¬õÉN±µÄ~µ èܹñBe©ªÓCðÁÄs®µÄ¢½¾½ßÌêÂÌû@ƵÄ{VXeª èÜ·B -- -
-êµ½PC«Ì\zÆÛªÂ\ÈVXeÌêÉÍA[OSÌFØVXeðpµ½ûªÇ¢Æv¢Ü·Bµ©µsÁ轪sÁè@íðÚ±·éæ¤È«ÅÍ@\µÜ¹ñB -- -
-»êàKvŵå¤Bµ©µåwÌæ¤É½Ì½lÈlÔªärI©RÉpÅ«élbg[N«ðñµÄ¢égDÅÍAOÉεÄlXÈguðN±µêîªñ¹çêéÂ\«ªÈèÜ·B»ÌÓCÍgu´öðìÁ½{lÉæÁÄ¢½¾Kvª èÜ·BܽAlbg[NpÉÍA»ÌÚIÉÁ½pÒ̧Àª é±ÆªÊí¾Æv¢Ü·BæÁÄANZX·é¤ÅÌFØàKvÆl¦Ü·B -- -
-SÄÌöJÅè[ðlbg[NÇåªêIÉzuµA»Ìn[hEFAðs³ì©ççêéóµªÂ\Å êλêÅàÇ¢Æv¢Ü·Bµ©µ»ÀIÉÍgUµ½öJêÖ½zu·é±Æª½AlXȢ諸¢Ü·BܽùÉzu³ê½FØ@\̳¢[âs\ªÈǺÌ[ª½ èÜ·B±êçÉàηéKvª èÜ·B -- -
-±ÌL^ÅÍIPAhXͪ©èÜ·Bµ©µsÁ轪oüè·éêÌêÍNªpµ½Ì©ª©èܹñBpÒªÁèÅ«é®ÌêͱÌæ¤ÈL^ÅàǢŵå¤B -- -
-OpengateÍÂl¯Êð[UIDÆpX[hÅsÁĢܷB±ÌFØüÍÌãíèÉMACAhXðg¤±ÆÍÂ\ŵå¤B- -
-µ©µMACAhXðp·éû®ÍAMACAhXÆ»ÌLÒÆÌÖWðOàÁÄo^·éKvª èÜ·Bܽ@í÷nEpüÌÛÉo^ÁA@íXVÌÛÉo^XVðs¤Kvª èÜ·ªApÒÉo^Áðãs³¹éÌÍïµ¢ÆvíêÜ·B±êçÌ^pãÌâè_ððµÈ¯êÎÈèܹñBܽMACAhXÍC[TlbgÚ±[ÌÝɶݷé_A[^ð´¦Ä`íçÈ¢_AUªÂ\Å é_ÈÇàï_ƾ¦Ü·B -
-OpengateÍȺÌ_ð½µÄ¢é_ªÁ¥Æl¦Ü·B[Éηé\tgAn[hAÝu`ÔAÚ±û@ÈÇ̧ÀªÈ¢BpÒÌw±âǪŬÀÅÏÞBêÊIÈ\tg/n[hÅ\¬³êĨèAù¶lbg[NÖ̱üªeÕÅ éBpJn/I¹É۵ĦÀÉlbg[NÌJú/½ªsíêéB -- -
-{VXeÍA[UIDÆpX[hðWeboRÅó¯t¯A»ÌIPAhXÆÌpPbgÌÊßð·éVXeÅ·B»ÌggÝÌ«ŠêÎpÅ«éÆv¢Ü·Bá¦ÎAGNXglbg©çCglbgÉεÄANZX·é½ßÌoCpXûðÝu·é±ÆÉàpÅ«éŵå¤BRȪçÉßÄxÈZL eBxðKvÆ·élbg[NÅÈ¢êÅ·ªB -- -
-Javaª®©È¢àµÍCXg[³êĢȢ[ÅàApÒªFØy[Wɨ¢Ävµ½Ú±p±Ô¾¯lbg[NðJúµÜ·B½¾µAæÁæèâúuÉηé½ßAêèÔÔuÅAARPR}hÆt@CAEH[ÊßpPbgÅ`FbNµÜ·BܽAÂy[WÌpfÌNðNbN·é±ÆÅlbg[Nð½ūܷB -- - -
-g¦Ü·B½¾µAeÇàÅNATÉæéIPAhXÏ·ªÈ³êĢȢ±ÆªKvÅ·B -- -
-Å«Ü·B»Ìæ¤Èg¢ûª½¢Æv¢Ü·B½¾µNATͯêQ[gEFC}VãÅ®©·êÅ·B{Q[gEFCÆ[QÆÌÔÉNATuð²Þ±ÆÍūܹñB¯¶IPAhXð½lªgp·é`ÉÈé½ßÅ·B -- -
-Ver0.53ÉÄεܵ½B½¾µAT[o¤ÅARP©çæ¾·é½ßAT[o¤©ç©¦éAhXÌÝÅ·BãARPª éÆ»ÌpAhXÆÈèÜ·BܽARȪçAC[TlbgÅÌÝLøÅ·B -- -
-úóÔÌt@CAEI[[ÉKvÈàÌðÇÁ·êÎÂ\Å·BOpengateͱÌúóÔÉ[ð}üEíµÜ·BæÁÄAÇÁÊuðHv·êÎlXȧäªÂ\Å·Bá¦ÎAÁèÌTCgðANZXÂàµÍsÂÉÅè·é±ÆàÅ«Ü·B -- -
-Firewall§äÉPerlXNvgªpÅ«Ü·B[U¼âFØT[oAIPAhXÈÇÅæÊÅ«éÈçÎAXNvgÉLqÂ\Å·BVer.0.80Åεܵ½B -- -
-FØT[oÖÌêIÈpÒo^ªKvÅ·BOpengateÍA¡ÌFØT[oÉ[UðU誯éæ¤ÉwèÅ«Ü·ÌÅAÊrÉêpÒ̽ßÌFØT[oðÝu·é±ÆàÅ«Ü·BftpT[oª®¯ÎÇ¢ÌÅWindowsÈÇÌÈÕT[oÅàÂ\Æl¦Ü·B -- -
-åwÅÍA»ÝÌƱëA}ÙOpÒâwïQÁÒÈÇÌêIpÒÉεÄȺÌ^pðsÁĢܷBêpÒpÌFØT[oðpÓ·éBKvÌpÒIDðpúÀt«Åo^µA¯ÉpÒIDÆpX[h¨æÑpãÌÓð¢½pðpÒIDÉóü·éBpó]ÒªK·êÎAg³ðmFµÄpð1n·BRȪç{pÒIDÍwàÌT[oÖÌOCÉÍpūܹñB -
-[ÆQ[gEFCÔÍWebÊMÅpX[hðèÜ·BæÁÄWebT[oðSSL»·êÎçéªÛÄÜ·BQ[gEFCÆFØT[oÌÔÍAçé@\Ì éFØvgRÉæêÎÂ\Å·BOpengateÍApop3s,Radius,PAMÉεĢܷBPAMͽÌFØvgRðT|[gµÜ·B -- -
-\äÌgpÅÍâè³g¦Ä¢Ü·BNXCöxÌpÍÅ«éÆv¢Ü·B{VXeÍAt@CAEI[\tgÌpPbgtB^OK¥ðÇÁEí·éû®Å èAeNCAg©çÌpJnvðÊÉ·êÎwÇ×ÆÈèܹñBpÌptH[}XÍApPbgtB^OâpPbg]Ì\ÍÉ˶·éÆv¢Ü·BȨÊIȧÀƵÄÍApNCAgÉPvZXªí·é±Æª èÜ·Bµ©µvZXÌÅålÍJ[lŲ®Å«Ü·µANXCöxɪµÄVXe^p·éûªQ[gEFCɨ¯épPbgtB^OÌ\Í©ç·éÆ»ÀIŵå¤B -- -
-½Ì\tgEFAÌîð·éVXeÅ·ÌÅfobOÍÊ|¾Æv¢Ü·BÊrÉpÓµ½`FbNÚLqÌt@Cð©Ä¾³¢B -- -
-GPLºÅÂ\Å·B¡ãÌJ̽ßÉAJÒÜÅA¸¯êÎK¢Å·BoOEv]EüÏñð½}µÜ·B -- -
-eWeby[WÍHTMLt@CƵÄƧµÄ¢Ü·B±ê𫩦é±ÆÅÈPÉÅ«Ü·B -- - -
-IPXv[tBOÍt@CAEI[ÌûÌÝèÅð¯çêéÆv¢Ü·BܽOpengateÍA³µ¢pX[hðÁÄ«½AhXÉεÄðJ¯éÌÅAIPAhXðUÁÄà Üè¾ÉÍÈèܹñB¼ªFØðó¯ÄgÁĢ鯶IPAhXð¼ÌµÄpPbg𬷱ÆÍÂ\ŵ太A»ÀIÈpÍïµ¢ÆvÁĢܷBT[rXWQÉ¢ÄÍAeIPAhXÉεÄÆ©Ì|[gÔðêÂè¯ðM·é`ÔÅ·ÌÅð¯çêéÆv¢Ü·BWQð®SÉ·é±ÆÍﵢŷªAZL eBz[ª ê⳦º³¢B«ÓðÁ½pÉεÄÍAÎôƵÄl¦çêÄ¢é@\ÈÇðgÝí¹é±ÆàÂ\Å ë¤Æv¢Ü·B -- -
-ÁÉ®¹¸ÉA®æ¤ÉÈÁ½óÔðÛ¶µÄ¢Ü·Bµà éÆv¢Ü·B«ê¢É®µÄoµ½¢ÌÅ·ª]Tª³ÄÏÝܹñB -- -
-»óÅÍAFreeBSDêpÌt@CAEI[c[ipfwðpµÄ¢éÌÅA¼ÌOSÅÍ®«Ü¹ñB¯Ì@\ðÂt@CAEI[c[ª êÎAηéæ¤É«©¦é±ÆÍÂ\Å·Bá¦ÎLinuxÌipchainsÉ«·¦é±ÆÍÂ\Å·B -- -
-ASYðÈPÉ·é½ßÉ¡Ìû®ðæèܵ½BÄvZXðêÂÉÜÆßé±ÆàÂ\ŵ太A½ÌÔÒ¿ÆANZXÒ¿ð§ä·éÌÍAT[rXWQ»Ì¼Ìl¶_à èA©ÈèÊ|Å·BOðð¨Ä·éÆêÂÉÜÆßéÙ}xªá¢Æl¦ÄãñµÉµÄ¢Ü·B -- -
-ipfwÆÆàÉip6fwð§ä·éæ¤É·êÎÂ\ŵå¤Bµ©µAIpv4/IPv6f AX^bNɨ¢ÄAv[Ì¡IPAhXðASÄc¬µÄ¯ÉJú/½·éÍeÕÅÍÈ¢½ßA»óÅÍÀµÄ¢Ü¹ñB»vOɨ¢ÄÍAðtÅ·ªÈºÌû@ÅÀ»Å«Ü·Bt@CAEH[§äXNvgopengatefw.plɨ¢ÄAv[ÌMACAhXðM³Ü½ÍMæÆ·éIPv6pPbgð·éipfwR}hðÇÁµÄ¾³¢B½¾µAC[Tlbg̯êNàÉ[ª éêÉÀè³êÜ·B -- -