ローカル側はepair0aとする
root@a:~ # cat /etc/rc.conf defaultrouter="xx.xx.xxx.6" hostname="a.xxxxxx.xxx" ifconfig_vtnet0="inet xx.xx.xxx.4 netmask 255.255.255.248" ifconfig_epair0a="inet 192.168.1.254 netmask 255.255.255.0" gateway_enable="YES" firewall_enable="YES" firewall_type="OPEN" firewall_nat_enable="YES" firewall_nat_interface="vtnet0" firewall_nat_flags="deny_in reset same_ports unreg_only" firewall_nat_rules="/etc/ipfw_nat.rules" sshd_enable="YES" ntpd_enable="YES" root@a:~ # cat /etc/ipfw_nat.rules redirect_port tcp 192.168.1.3:25 25 redirect_port tcp 192.168.1.4:80 80 redirect_port tcp 192.168.1.5:21 21 redirect_port tcp 192.168.1.254:22 22 redirect_port tcp 192.168.1.1:22 22932 redirect_port tcp 192.168.1.2:22 22053 redirect_port tcp 192.168.1.3:22 22025 redirect_port tcp 192.168.1.4:22 22080 redirect_port tcp 192.168.1.5:22 22401 root@a:~ #
ちなみに,こういう細工をしています
root@a:~ # diff -u /etc/defaults/rc.conf.org /etc/defaults/rc.conf
--- /etc/defaults/rc.conf.org 2023-02-28 16:50:40.143374000 +0900
+++ /etc/defaults/rc.conf 2023-02-28 16:50:53.177501000 +0900
@@ -194,6 +194,7 @@
firewall_nat_enable="NO" # Enable kernel NAT (if firewall_enable == YES)
firewall_nat_interface="" # Public interface or IPaddress to use
firewall_nat_flags="" # Additional configuration parameters
+firewall_nat_rules="" # File of parameters followed by firewall_nat_flags
firewall_nat64_enable="NO" # Enable kernel NAT64 module.
firewall_nptv6_enable="NO" # Enable kernel NPTv6 module.
firewall_pmod_enable="NO" # Enable kernel protocols modification module.
root@a:~ # diff -u /etc/rc.firewall.org /etc/rc.firewall
--- /etc/rc.firewall.org 2023-02-28 16:49:43.226066000 +0900
+++ /etc/rc.firewall 2023-02-28 16:50:03.103416000 +0900
@@ -170,6 +170,9 @@
case ${firewall_nat_enable} in
[Yy][Ee][Ss])
if [ -n "${firewall_nat_interface}" ]; then
+ if [ -n "${firewall_nat_rules}" -a -r ${firewall_nat_rules} ]; then
+ firewall_nat_flags="${firewall_nat_flags} $(cat ${firewall_nat_rules})"
+ fi
if echo "${firewall_nat_interface}" | \
grep -q -E '^[0-9]+(\.[0-9]+){0,3}$'; then
firewall_nat_flags="ip ${firewall_nat_interface} ${firewall_nat_flags}"
root@a:~ # epair0[a,b]を生成しepair0aに192.168.1.254を割り当てる
root@a:~ # ifconfig epair create up root@a:~ # ifconfig epair0a inet 192.168.1.254 netmask 255.255.255.0
すると,epair0a に 192.168.1.254 が割り当てられ
root@a:~ # ifconfig
vtnet0: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=80028<VLAN_MTU,JUMBO_MTU,LINKSTATE>
ether 58:9c:fc:04:86:9c
inet xx.xx.xxx.4 netmask 0xfffffff8 broadcast xx.xx.xxx.7
media: Ethernet autoselect (10Gbase-T <full-duplex>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
inet 127.0.0.1 netmask 0xff000000
groups: lo
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
epair0a: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8<VLAN_MTU>
ether 02:d2:06:07:3f:0a
inet 192.168.1.254 netmask 0xffffff00 broadcast 192.168.1.255
groups: epair
media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
epair0b: flags=8862<BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8<VLAN_MTU>
ether 02:d2:06:07:3f:0b
groups: epair
media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
root@a:~ #
ファイアウォール⇒外
admin@a:~ % ping ftp.freebsd.org PING ftp.geo.freebsd.org (192.50.199.248): 56 data bytes 64 bytes from 192.50.199.248: icmp_seq=0 ttl=49 time=21.755 ms 64 bytes from 192.50.199.248: icmp_seq=1 ttl=49 time=19.608 ms ^C --- ftp.geo.freebsd.org ping statistics --- 2 packets transmitted, 2 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 19.608/20.681/21.755/1.074 ms admin@a:~ %
外⇒ファイアウォール
kiri@smtp:~[1139]% slogin admin@a.xxxxxx.xxx
Last login: Mon Mar 6 11:00:46 2023 from 1.212.52.36.ap.yournet.ne.jp
FreeBSD 14.0-CURRENT #0 n259578-0393604aa86c: Fri Dec 9 00:26:37 JST 2022 root@tbedfc:/usr/obj/usr/src/amd64.amd64/sys/GENERIC
Welcome to FreeBSD!
Release Notes, Errata: https://www.FreeBSD.org/releases/
Security Advisories: https://www.FreeBSD.org/security/
FreeBSD Handbook: https://www.FreeBSD.org/handbook/
FreeBSD FAQ: https://www.FreeBSD.org/faq/
Questions List: https://www.FreeBSD.org/lists/questions/
FreeBSD Forums: https://forums.FreeBSD.org/
Documents installed with the system are in the /usr/local/share/doc/freebsd/
directory, or can be installed later with: pkg install en-freebsd-doc
For other languages, replace "en" with a language code like de or fr.
Show the version of FreeBSD installed: freebsd-version ; uname -a
Please include that output and any error messages when posting questions.
Introduction to manual pages: man man
FreeBSD directory layout: man hier
To change this login announcement, see motd(5).
You can prevent the removal of a ZFS snapshot by using the hold subcommand.
For example, to prevent the snapshot called milestone from deletion, run the
following command:
# zfs hold milestone_hold mypool/projects@my_milestone
The "zfs holds" command will list all current snapshots that are protected
this way (-r for a recursive list):
# zfs holds -r mypool
The TIMESTAMP column in the output of the above command is from when the
hold was created, not the snapshot it holds. The "zfs destroy" command will
echo a "dataset is busy" message on the console when it encounters a hold.
Use "zfs release" to release the hold on the snapshot:
# zfs release milestone_hold mypool/projects@my_milestone
-- Benedict Reuschling <bcr@FreeBSD.org>
admin@a:~ %
リモートから slogin することができました.めでたしめでたし :-)