OSDN -- Développer et télécharger des logiciels Open Source
Traduction statut du Français translation status for fr
  • R/O
  • HTTP
  • SSH
  • HTTPS
Fork

Commit

Tags
Aucun tag

Frequently used words (click to add to your profile)

javac++androidlinuxc#windowsobjective-ccocoa誰得qtpythonphprubygameguibathyscaphec計画中(planning stage)翻訳omegatframeworktwitterdomtestvb.netdirectxゲームエンジンbtronarduinopreviewer

Opengate Source Repository


Commit MetaInfo

Révisionb909783a6ecf8aa1bf8d95334efb889d95943ead (tree)
l'heure2013-06-26 13:17:22
Auteurwatanaby <watanaby@user...>
Commiterwatanaby

Message de Log

Modified code for auth recheck when extraset exists

Change Summary

Modification

--- a/opengate/doc/Changes.html
+++ b/opengate/doc/Changes.html
@@ -761,6 +761,11 @@ Opengate History</H3>
761761 </DT><DD>
762762 Added code to remove cookie at deny [contributed by M.Tagawa].
763763 </DD>
764+ <DT>
765+ Ver.1.5.31 at 2013.6.26
766+ </DT><DD>
767+ Modified code for authentication recheck when extraset exists.
768+ </DD>
764769 </DL>
765770 <P>
766771 <B>Please see CVS on SourceForge.net to check the differences between
--- a/opengate/doc/en/qa.html
+++ b/opengate/doc/en/qa.html
@@ -1,212 +1,212 @@
1-<html>
2-<head>
3-<title>Opengate Q & A</title>
4-</head>
5-
6-
7-<body bgcolor=#fafff0>
8-
9-<H3>Opengate Q &amp; A</H3>
10-
11-Concept
12-<UL>
13-<LI>
14-Why is the authentication needed?
15-
16-<BLOCKQUOTE>
17-There are many incidents such as computer cracking or copyright infringement in the network. The organization might be caughted by many troubles caused by such incidents. In these cases, it is needed to identify the related person. The other reason is the restriction required by payment or aim of the network
18-</BLOCKQUOTE>
19-
20-<LI>Why don't you use the authentication function inherent in the terminal?
21-
22-<BLOCKQUOTE>
23-Unified system can depend on such function. But it cannot be applied to the open network envoronment where various hardwares and users are connected with various formats, such as wireless connection of his/her own portable PC.
24-</BLOCKQUOTE>
25-
26-<LI>
27-Why do you try to authenticate at client site? Is the authentication at server site essential?
28-
29-<BLOCKQUOTE>
30-Yes it is essential. But to prevent trouble occured by unknown user of your site, authentication and usage log systems are required.
31-</BLOCKQUOTE>
32-
33-<LI>
34-Why does the target include open-use terminal that is settled by the organization for open usage? It can be protected by the system software.
35-
36-<BLOCKQUOTE>
37-It is difficult for network control section to maintain many terminals distributed in wide campus. Moreover there are already various terminals settled by various sections. Some do not have such function and some are leaved with no control.
38-</BLOCKQUOTE>
39-
40-<LI>
41-Why don't you use the log obtained at gateway or firewall?
42-
43-<BLOCKQUOTE>
44-The log does not include user identification.
45-</BLOCKQUOTE>
46-
47-<LI>
48-What is the merit compared with the identification by MAC address.
49-
50-<BLOCKQUOTE>
51-The cost might be large to maitain the matching between user and MAC
52-address. <br> As a supplement system for Opengate, we released a MAC
53-address based user authentication system OpengateM, in which we take some
54-measures about MAC address registration/updating cost, router
55-insertion, and MAC address spoofing. </BLOCKQUOTE>
56-
57-<LI>
58-What is the merit compared with various authentication systems for network usage proposed recently.
59-<BLOCKQUOTE>
60-The merits of Opengate are as follows. Wide applicability about terminals, such as its hardware, software, management and connection. Minimum cost for user guidance and management. Easy implementation to existing network. Quick open at start usage and quick close at stop usage. IPv4/IPv6 dual stack support.
61-</BLOCKQUOTE>
62-
63-<LI>
64-Is there any other application of the system?
65-<BLOCKQUOTE>
66-For example, it might be used as the gateway from intra-net to extra-net or the contrary.
67-</BLOCKQUOTE>
68-
69-<LI>
70-What to do for No Java terminals?
71-<BLOCKQUOTE>
72-The no Java user can enters the usage duraion in auth page. To cope with hijacking and notting, the connection state is checked periodically by ARP command and packet count passing the firewall. The user can also close the network by clicking the TERMINATE link in accept page.
73-From Version 1.4, JavaScript is used instead of Java.
74-</BLOCKQUOTE></LI>
75-
76-
77-</UL>
78-
79-
80-Usage
81-<UL>
82-<LI>
83-Is the system compatible with wireless LAN?
84-
85-<BLOCKQUOTE>
86-Yes. But do not use the host station having NAT.
87-</BLOCKQUOTE>
88-
89-<LI>
90-Can the system coexists with NAT or DHCP.
91-
92-<BLOCKQUOTE>
93-Yes. But do not insert NAT between the server and client.
94-</BLOCKQUOTE>
95-
96-<LI>
97-Can the MAC address be obtained?
98-<BLOCKQUOTE>
99-Yes. But the address is restricted to the one aquired from server on ethernet.
100-</BLOCKQUOTE>
101-
102-<LI>
103-I want to supply some services without authentication, or I do not want to supply some services even after authentication.
104-
105-<BLOCKQUOTE>
106-The both can be realized by firewall rule set.
107-</BLOCKQUOTE>
108-
109-<LI>
110-I want to separate the commission range by the user rank.
111-
112-<BLOCKQUOTE>
113-Use ExrtaSet in configuration file. The paremeter in ExtraSet overrides the default setting, if ExtraSet attribute is matched.
114-Or enable perl script to open firewall and edit the script.
115-</BLOCKQUOTE>
116-
117-<LI>
118-I want manage temporal users.
119-
120-<BLOCKQUOTE>
121-It is needed to register to an authentication server. As the system comminucates with plural servers, you can make specific server for temporal users and maintain it.
122-</BLOCKQUOTE>
123-
124-<LI>
125-Can the password secret be maintained?
126-
127-<BLOCKQUOTE>
128-Yes. Communication between client and opengate server can be protected by SSL. Communication between opengate server and authentication server can be protected by secure auth protocol.We implement pop3s, ftps, radius, and pam(which supports many secure protocols).
129-</BLOCKQUOTE>
130-
131-<LI>
132-How are the scalability and performance?
133-
134-<BLOCKQUOTE>
135-We are using the system in environments including active 50 or above terminals.
136-</BLOCKQUOTE></LI>
137-
138-<LI>
139-Can I use protocols other than Web?
140-<BLOCKQUOTE>
141-Yes. You should authenticate by Web browser, and stay it on desktop (can iconize). Other protocols than Web can also be used until the browser is closed. If you insert firewall rules previous to opengate rules, any protocols can be fixed to deny or allow mode.
142-</BLOCKQUOTE></LI>
143-<LI>
144-Can I view the usage of many terminals.
145-<BLOCKQUOTE>
146-Log is stored in /var/log/opengate.log via syslog. A terminal is watched by a process. By entering 'ps -axww | grep opengate', you can view process id, userid, IP address, and firewall rule number corresponding to every process. If you kill a opengate process, corresponding firewall rules are removed. The firewall rules are shown by 'ipfw list' or 'ip6fw list'.
147-</BLOCKQUOTE></LI>
148-</UL>
149-Installation and Development
150-<UL>
151-<LI>
152-I meet bugs on installation.
153-
154-<BLOCKQUOTE>
155-See other document.
156-</BLOCKQUOTE>
157-
158-<LI>
159-Am I permited to use, modify or distribute the program?
160-
161-<BLOCKQUOTE>
162-Yes it is permitted under GPL.
163-</BLOCKQUOTE>
164-
165-<LI>
166-Can I modify the web page design.
167-
168-<BLOCKQUOTE>
169-As the web pages are described in html files, it is easy to modify the design.
170-</BLOCKQUOTE>
171-
172-<LI>
173-Can I display web pages with other language.
174-
175-<BLOCKQUOTE>
176-Directorys named en and ja are the html documentations in english and japanese. Same as the directory, make the new language documentations. And modify the language setting in configuration file and index.html.var.
177-</BLOCKQUOTE>
178-
179-<LI>
180-Can I avoid atacks such as IP spoofing or DoS(Denial of Service)?
181-
182-<BLOCKQUOTE>
183-IP spoofing has no merit, because the system permits the address from which user information sended. DoS can be avoided, because each client uses different port in the system.
184-</BLOCKQUOTE>
185-
186-
187-<LI>
188-Can the server run on other OSs than FreeBSD.
189-
190-<BLOCKQUOTE>
191-No. The system uses ipfw command which is specific to FreeBSD. The ipchains command in Linux can be used instead of ipwf.
192-</BLOCKQUOTE>
193-
194-<LI>
195-It is not smart that many processes resident. Can these be integrated to one process?
196-
197-<BLOCKQUOTE>
198-Yes. But in the present version, we take priority on simplicity of program.
199-</BLOCKQUOTE>
200-
201-
202-<LI>
203-Is the system compatible with IPv6?
204-
205-<BLOCKQUOTE>
206-
207-Yes. IPv6 support is added in Version 1.2.0.
208-</BLOCKQUOTE></LI>
209-
210-</UL>
211-</body>
212-</HTML>
1+<html>
2+<head>
3+<title>Opengate Q & A</title>
4+</head>
5+
6+
7+<body bgcolor=#fafff0>
8+
9+<H3>Opengate Q &amp; A</H3>
10+
11+Concept
12+<UL>
13+<LI>
14+Why is the authentication needed?
15+
16+<BLOCKQUOTE>
17+There are many incidents such as computer cracking or copyright infringement in the network. The organization might be caughted by many troubles caused by such incidents. In these cases, it is needed to identify the related person. The other reason is the restriction required by payment or aim of the network
18+</BLOCKQUOTE>
19+
20+<LI>Why don't you use the authentication function inherent in the terminal?
21+
22+<BLOCKQUOTE>
23+Unified system can depend on such function. But it cannot be applied to the open network envoronment where various hardwares and users are connected with various formats, such as wireless connection of his/her own portable PC.
24+</BLOCKQUOTE>
25+
26+<LI>
27+Why do you try to authenticate at client site? Is the authentication at server site essential?
28+
29+<BLOCKQUOTE>
30+Yes it is essential. But to prevent trouble occured by unknown user of your site, authentication and usage log systems are required.
31+</BLOCKQUOTE>
32+
33+<LI>
34+Why does the target include open-use terminal that is settled by the organization for open usage? It can be protected by the system software.
35+
36+<BLOCKQUOTE>
37+It is difficult for network control section to maintain many terminals distributed in wide campus. Moreover there are already various terminals settled by various sections. Some do not have such function and some are leaved with no control.
38+</BLOCKQUOTE>
39+
40+<LI>
41+Why don't you use the log obtained at gateway or firewall?
42+
43+<BLOCKQUOTE>
44+The log does not include user identification.
45+</BLOCKQUOTE>
46+
47+<LI>
48+What is the merit compared with the identification by MAC address.
49+
50+<BLOCKQUOTE>
51+The cost might be large to maitain the matching between user and MAC
52+address. <br> As a supplement system for Opengate, we released a MAC
53+address based user authentication system OpengateM, in which we take some
54+measures about MAC address registration/updating cost, router
55+insertion, and MAC address spoofing. </BLOCKQUOTE>
56+
57+<LI>
58+What is the merit compared with various authentication systems for network usage proposed recently.
59+<BLOCKQUOTE>
60+The merits of Opengate are as follows. Wide applicability about terminals, such as its hardware, software, management and connection. Minimum cost for user guidance and management. Easy implementation to existing network. Quick open at start usage and quick close at stop usage. IPv4/IPv6 dual stack support.
61+</BLOCKQUOTE>
62+
63+<LI>
64+Is there any other application of the system?
65+<BLOCKQUOTE>
66+For example, it might be used as the gateway from intra-net to extra-net or the contrary.
67+</BLOCKQUOTE>
68+
69+<LI>
70+What to do for No Java terminals?
71+<BLOCKQUOTE>
72+The no Java user can enters the usage duraion in auth page. To cope with hijacking and notting, the connection state is checked periodically by ARP command and packet count passing the firewall. The user can also close the network by clicking the TERMINATE link in accept page.
73+From Version 1.4, JavaScript is used instead of Java.
74+</BLOCKQUOTE></LI>
75+
76+
77+</UL>
78+
79+
80+Usage
81+<UL>
82+<LI>
83+Is the system compatible with wireless LAN?
84+
85+<BLOCKQUOTE>
86+Yes. But do not use the host station having NAT.
87+</BLOCKQUOTE>
88+
89+<LI>
90+Can the system coexists with NAT or DHCP.
91+
92+<BLOCKQUOTE>
93+Yes. But do not insert NAT between the server and client.
94+</BLOCKQUOTE>
95+
96+<LI>
97+Can the MAC address be obtained?
98+<BLOCKQUOTE>
99+Yes. But the address is restricted to the one aquired from server on ethernet.
100+</BLOCKQUOTE>
101+
102+<LI>
103+I want to supply some services without authentication, or I do not want to supply some services even after authentication.
104+
105+<BLOCKQUOTE>
106+The both can be realized by firewall rule set.
107+</BLOCKQUOTE>
108+
109+<LI>
110+I want to separate the commission range by the user rank.
111+
112+<BLOCKQUOTE>
113+Use ExrtaSet in configuration file. The paremeter in ExtraSet overrides the default setting, if ExtraSet attribute is matched.
114+Or enable perl script to open firewall and edit the script.
115+</BLOCKQUOTE>
116+
117+<LI>
118+I want manage temporal users.
119+
120+<BLOCKQUOTE>
121+It is needed to register to an authentication server. As the system comminucates with plural servers, you can make specific server for temporal users and maintain it.
122+</BLOCKQUOTE>
123+
124+<LI>
125+Can the password secret be maintained?
126+
127+<BLOCKQUOTE>
128+Yes. Communication between client and opengate server can be protected by SSL. Communication between opengate server and authentication server can be protected by secure auth protocol.We implement pop3s, ftps, radius, and pam(which supports many secure protocols).
129+</BLOCKQUOTE>
130+
131+<LI>
132+How are the scalability and performance?
133+
134+<BLOCKQUOTE>
135+We are using the system in environments including active 50 or above terminals.
136+</BLOCKQUOTE></LI>
137+
138+<LI>
139+Can I use protocols other than Web?
140+<BLOCKQUOTE>
141+Yes. You should authenticate by Web browser, and stay it on desktop (can iconize). Other protocols than Web can also be used until the browser is closed. If you insert firewall rules previous to opengate rules, any protocols can be fixed to deny or allow mode.
142+</BLOCKQUOTE></LI>
143+<LI>
144+Can I view the usage of many terminals.
145+<BLOCKQUOTE>
146+Log is stored in /var/log/opengate.log via syslog. A terminal is watched by a process. By entering 'ps -axww | grep opengate', you can view process id, userid, IP address, and firewall rule number corresponding to every process. If you kill a opengate process, corresponding firewall rules are removed. The firewall rules are shown by 'ipfw list' or 'ip6fw list'.
147+</BLOCKQUOTE></LI>
148+</UL>
149+Installation and Development
150+<UL>
151+<LI>
152+I meet bugs on installation.
153+
154+<BLOCKQUOTE>
155+See other document.
156+</BLOCKQUOTE>
157+
158+<LI>
159+Am I permited to use, modify or distribute the program?
160+
161+<BLOCKQUOTE>
162+Yes it is permitted under GPL.
163+</BLOCKQUOTE>
164+
165+<LI>
166+Can I modify the web page design.
167+
168+<BLOCKQUOTE>
169+As the web pages are described in html files, it is easy to modify the design.
170+</BLOCKQUOTE>
171+
172+<LI>
173+Can I display web pages with other language.
174+
175+<BLOCKQUOTE>
176+Directorys named en and ja are the html documentations in english and japanese. Same as the directory, make the new language documentations. And modify the language setting in configuration file and index.html.var.
177+</BLOCKQUOTE>
178+
179+<LI>
180+Can I avoid atacks such as IP spoofing or DoS(Denial of Service)?
181+
182+<BLOCKQUOTE>
183+IP spoofing has no merit, because the system permits the address from which user information sended. DoS can be avoided, because each client uses different port in the system.
184+</BLOCKQUOTE>
185+
186+
187+<LI>
188+Can the server run on other OSs than FreeBSD.
189+
190+<BLOCKQUOTE>
191+No. The system uses ipfw command which is specific to FreeBSD. The ipchains command in Linux can be used instead of ipwf.
192+</BLOCKQUOTE>
193+
194+<LI>
195+It is not smart that many processes resident. Can these be integrated to one process?
196+
197+<BLOCKQUOTE>
198+Yes. But in the present version, we take priority on simplicity of program.
199+</BLOCKQUOTE>
200+
201+
202+<LI>
203+Is the system compatible with IPv6?
204+
205+<BLOCKQUOTE>
206+
207+Yes. IPv6 support is added in Version 1.2.0.
208+</BLOCKQUOTE></LI>
209+
210+</UL>
211+</body>
212+</HTML>
--- a/opengate/doc/ja/qa.html
+++ b/opengate/doc/ja/qa.html
@@ -1,215 +1,215 @@
1-<html LANG="jp">
2-<head>
3-<META HTTP-EQUIV="Content-Type" CONTENT="text/html;charset=Shift_JIS">
4-
5-<title>Opengate Q & A</title>
6-</head>
7-
8-
9-<body bgcolor=#fafff0>
10-
11-<H3>Opengate Q &amp; A</H3>
12-
13-ˆÓ‹`
14-<UL>
15-<LI>
16-‚»‚à‚»‚à‰½ŒÌ”FØ‚È‚Ç‚ª•K—v‚È‚Ì‚Å‚·‚©B’N‚Å‚àƒlƒbƒgƒ[ƒN‚ªŽg‚¦‚Ä—Ç‚¢‚Å‚Í‚È‚¢‚Å‚·‚©B
17-
18-<BLOCKQUOTE>
19-Šeƒlƒbƒgƒ[ƒN‚́A‚»‚̐ݒuŽïŽ|‚ÆŒo”’S‚ɏ]‚Á‚½—˜—p‚ª‹‚ß‚ç‚ê‚Ü‚·BŒˆ‚µ‚ÄŽ©—R—˜—p‚ª‘O’ñ‚Å‚Í‚ ‚è‚Ü‚¹‚ñB‚³‚ç‚ɁAƒCƒ“ƒ^[ƒlƒbƒgã‚ł́A”î排†‚⍼‹\A•s³ƒAƒ^ƒbƒN“™‚Ì”½ŽÐ‰ï“Is“®‚ª”­¶‚µ‚Ä‚¢‚Ü‚·B‘gD‚Æ‚µ‚Ä‚Í‚»‚̂悤‚ȍs“®‚ð\¬ˆõ‚É‹N‚±‚µ‚Ä—~‚µ‚­‚ ‚è‚Ü‚¹‚ñBŠeŽ©‚ªÓ”C‚ðŽ‚Á‚čs“®‚µ‚Ä‚¢‚½‚¾‚­‚½‚߂̈ê‚‚̕û–@‚Æ‚µ‚Ä–{ƒVƒXƒeƒ€‚ª‚ ‚è‚Ü‚·B
20-</BLOCKQUOTE>
21-
22-<LI>
23-’[––‚ÌOS‚É•t‚·‚é”FØ‚ð—˜—p‚·‚é‚̂ł̓_ƒ‚È‚Ì‚Å‚·‚©B
24-
25-<BLOCKQUOTE>
26-“ˆê‚µ‚½PCŠÂ‹«‚̍\’z‚ƈێ‚ª‰Â”\‚ȃVƒXƒeƒ€‚̏ꍇ‚ɂ́A’[––OS‚Ì”FØƒVƒXƒeƒ€‚ð—˜—p‚µ‚½•û‚ª—Ç‚¢‚ÆŽv‚¢‚Ü‚·B‚µ‚©‚µ•s“Á’葽”‚ª•s“Á’è‹@Ší‚ðÚ‘±‚·‚é‚悤‚Ȋ‹«‚Å‚Í‹@”\‚µ‚Ü‚¹‚ñB
27-</BLOCKQUOTE>
28-
29-<LI>
30-ƒAƒNƒZƒX‚³‚ê‚鑤‚̃T[ƒo‚ªŠeŽ©‚Å”íŠQ‚ðŽó‚¯‚È‚¢‚悤‚ɁA”FØ‚»‚Ì‘¼‚̃ZƒLƒ…ƒŠƒeƒB•ÛŽ‚ðs‚¤‚±‚Æ‚ª–{—ˆ‚Å‚Í‚È‚¢‚Å‚·‚©B
31-
32-<BLOCKQUOTE>
33-‚»‚ê‚à•K—v‚Å‚µ‚傤B‚µ‚©‚µ‘åŠw‚̂悤‚É‘½”‚Ì‘½—l‚ȐlŠÔ‚ª”äŠr“IŽ©—R‚É—˜—p‚Å‚«‚éƒlƒbƒgƒ[ƒNŠÂ‹«‚ð’ñ‹Ÿ‚µ‚Ä‚¢‚é‘gD‚ł́AŠO•”‚ɑ΂µ‚Ä—lX‚ȃgƒ‰ƒuƒ‹‚ð‹N‚±‚µ‹êî‚ªŠñ‚¹‚ç‚ê‚é‰Â”\«‚ª‚‚­‚È‚è‚Ü‚·B‚»‚̐ӔC‚̓gƒ‰ƒuƒ‹Œ´ˆö‚ðì‚Á‚½–{l‚ÉŽæ‚Á‚Ä‚¢‚½‚¾‚­•K—v‚ª‚ ‚è‚Ü‚·B‚Ü‚½Aƒlƒbƒgƒ[ƒN—˜—p‚ɂ́A‚»‚Ì–Ú“I‚ɍ‡‚Á‚½—˜—pŽÒ‚̐§ŒÀ‚ª‚ ‚邱‚Æ‚ª’ʏ킾‚ÆŽv‚¢‚Ü‚·B‚æ‚Á‚ăAƒNƒZƒX‚·‚鑤‚Å‚Ì”FØ‚à•K—v‚ƍl‚¦‚Ü‚·B
34-</BLOCKQUOTE>
35-
36-<LI>
37-
38-‰½ŒÌAŒöŠJŒÅ’è’[––‚Əî•ñƒRƒ“ƒZƒ“ƒg‚Ì—¼•û‚ð‘ΏۂƂ·‚é•K—v‚ª‚ ‚é‚Ì‚Å‚·‚©BŒöŠJŒÅ’è’[––‚Í’[––OS‚Ì”FØ‚ª‰Â”\‚Å‚Í‚È‚¢‚Å‚·‚©B
39-
40-<BLOCKQUOTE>
41-‘S‚Ä‚ÌŒöŠJŒÅ’è’[––‚ðƒlƒbƒgƒ[ƒNŠÇ—•”–傪“ˆê“I‚É”z’u‚µA‚»‚̃n[ƒhƒEƒFƒA‚ð•s³‘€ì‚©‚çŽç‚ê‚éó‹µ‚ª‰Â”\‚Å‚ ‚ê‚΂»‚ê‚Å‚à—Ç‚¢‚ÆŽv‚¢‚Ü‚·B‚µ‚©‚µŒ»ŽÀ“I‚É‚ÍŠgŽU‚µ‚½ŒöŠJêŠ‚Ö‘½””z’u‚·‚邱‚Æ‚ª‘½‚­A—lX‚ȍ¢“”º‚¢‚Ü‚·B‚Ü‚½Šù‚É”z’u‚³‚ꂽ”FØ‹@”\‚Ì–³‚¢’[––‚â•s\•ª‚ÈŠÇ—‰º‚Ì’[––‚ª”‘½‚­‚ ‚è‚Ü‚·B‚±‚ê‚ç‚É‚à‘Ήž‚·‚é•K—v‚ª‚ ‚è‚Ü‚·B
42-</BLOCKQUOTE>
43-
44-<LI>
45-ƒ‹[ƒ^‚âƒtƒ@ƒCƒAƒEƒI[ƒ‹“™A’ʉߓ_‚Å‚Ì‹L˜^Žæ“¾‚Å‚Í‚¢‚¯‚È‚¢‚Ì‚Å‚·‚©B
46-<BLOCKQUOTE>
47-‚±‚Ì‹L˜^‚Å‚ÍIPƒAƒhƒŒƒX‚Í•ª‚©‚è‚Ü‚·B‚µ‚©‚µ•s“Á’葽”‚ªo“ü‚è‚·‚éêŠ‚̏ꍇ‚Í’N‚ª—˜—p‚µ‚½‚Ì‚©•ª‚©‚è‚Ü‚¹‚ñB—˜—pŽÒ‚ª“Á’è‚Å‚«‚é•”‰®‚̏ꍇ‚Í‚±‚̂悤‚È‹L˜^‚Å‚à—Ç‚¢‚Å‚µ‚傤B
48-</BLOCKQUOTE>
49-
50-<LI>
51-MACƒAƒhƒŒƒX‚ŌlŽ¯•Ê‚ð‚·‚é•ûŽ®‚à‚ ‚é‚悤‚Å‚·‚ªB
52-<BLOCKQUOTE>
53-Opengate‚͌lŽ¯•Ê‚ðƒ†[ƒUID‚ƃpƒXƒ[ƒh‚ōs‚Á‚Ä‚¢‚Ü‚·B‚±‚Ì”FØ“ü—Í‚Ì‘ã‚í‚è‚ÉMACƒAƒhƒŒƒX‚ðŽg‚¤‚±‚Ƃ͉”\‚Å‚µ‚傤B<BR>
54-‚µ‚©‚µMACƒAƒhƒŒƒX‚ð—˜—p‚·‚é•ûŽ®‚́AMACƒAƒhƒŒƒX‚Æ‚»‚̏Š—LŽÒ‚Æ‚ÌŠÖŒW‚ð‘O‚à‚Á‚Ä“o˜^‚·‚é•K—v‚ª‚ ‚è‚Ü‚·B‚Ü‚½‹@Ší÷“nE”pŠü‚̍ۂɓo˜^Á‹ŽA‹@ŠíXV‚̍ۂɓo˜^XV‚ðs‚¤•K—v‚ª‚ ‚è‚Ü‚·‚ªA—˜—pŽÒ‚É“o˜^Á‹Ž‚ð—ãs‚³‚¹‚é‚͓̂‚¢‚ÆŽv‚í‚ê‚Ü‚·B‚±‚ê‚ç‚̉^—pã‚Ì–â‘è“_‚ð‰ðŒˆ‚µ‚È‚¯‚ê‚΂Ȃè‚Ü‚¹‚ñB‚Ü‚½MACƒAƒhƒŒƒX‚̓C[ƒTƒlƒbƒgÚ‘±’[––‚Ì‚Ý‚É‘¶Ý‚·‚é“_Aƒ‹[ƒ^‚ð’´‚¦‚Ä“`‚í‚ç‚È‚¢“_A‹U‘•‚ª‰Â”\‚Å‚ ‚é“_‚È‚Ç‚à“ï“_‚ÆŒ¾‚¦‚Ü‚·B<BR>
55-’Ç‹LFOpengate‚Ì—˜—p‚ª¢“ï‚È’[––‚ɑ΂µ‚āAMACƒAƒhƒŒƒX‚ŌlŽ¯•Ê‚·‚éOpengate•âŠ®”FØƒVƒXƒeƒ€OpengateM‚ðŒöŠJ‚µ‚Ü‚µ‚½B‚±‚̃VƒXƒeƒ€‚ł́AMACƒAƒhƒŒƒX“o˜^^XV^ƒ‹[ƒ^‘}“ü^‹U‘•‚ɂ‚¢‚Ĉê’è‚̍l—¶‚ðs‚Á‚Ä‚¢‚Ü‚·B
56-</BLOCKQUOTE>
57-
58-<LI>
59-Å‹ßA‚³‚Ü‚´‚܂ȃlƒbƒgƒ[ƒN”FØƒVƒXƒeƒ€‚ª”­•\‚³‚ê‚Ä‚¢‚é‚悤‚Å‚·‚ªB
60-<BLOCKQUOTE>
61-Opengate‚͈ȉº‚Ì“_‚ð–ž‚½‚µ‚Ä‚¢‚é“_‚ª“Á’¥‚ƍl‚¦‚Ü‚·B’[––‚ɑ΂·‚éƒ\ƒtƒgAƒn[ƒhAÝ’uŒ`‘ԁAÚ‘±•û–@‚Ȃǂ̐§ŒÀ‚ª­‚È‚¢Ž–B—˜—pŽÒ‚ÌŽw“±‚âŠÇ—‚ªÅ¬ŒÀ‚ōςގ–Bˆê”Ê“I‚ȃ\ƒtƒg/ƒn[ƒh‚ō\¬‚³‚ê‚Ä‚¨‚èAŠù‘¶ƒlƒbƒgƒ[ƒN‚Ö‚Ì“±“ü‚ª—eˆÕ‚Å‚ ‚鎖B—˜—pŠJŽn/I—¹‚ɍۂµ‚Ä‘¦À‚Ƀlƒbƒgƒ[ƒN‚ÌŠJ•ú/•Â½‚ªs‚í‚ê‚鎖BIPv4‚ÆIPv6‚Ì—¼•û‚̒ʐM‚𓯎ž‚ÉŠJ•ú•Â½‚Å‚«‚邱‚ƁB
62-</BLOCKQUOTE>
63-
64-<LI>
65-‘¼‚Ì—p“r‚É‚Í—˜—p‚Å‚«‚Ü‚·‚©B
66-<BLOCKQUOTE>
67-–{ƒVƒXƒeƒ€‚́Aƒ†[ƒUID‚ƃpƒXƒ[ƒh‚ðWebŒo—R‚Ŏ󂯕t‚¯A‚»‚ÌIPƒAƒhƒŒƒX‚Ƃ̃pƒPƒbƒg‚Ì’Ê‰ß‚ð‹–‰Â‚·‚éƒVƒXƒeƒ€‚Å‚·B‚»‚̘g‘g‚݂̊‹«‚Å‚ ‚ê‚Η˜—p‚Å‚«‚é‚ÆŽv‚¢‚Ü‚·B—Ⴆ‚΁AƒGƒNƒXƒgƒ‰ƒlƒbƒg‚©‚çƒCƒ“ƒgƒ‰ƒlƒbƒg‚ɑ΂µ‚ăAƒNƒZƒX‚·‚邽‚߂̃oƒCƒpƒX‘‹Œû‚ðÝ’u‚·‚邱‚Æ‚É‚à—˜—p‚Å‚«‚é‚Å‚µ‚傤B“–‘R‚È‚ª‚ç‹É‚߂č‚“x‚ȃZƒLƒ…ƒŠƒeƒBƒŒƒxƒ‹‚ð•K—v‚Æ‚·‚éƒlƒbƒgƒ[ƒN‚Å‚È‚¢ê‡‚Å‚·‚ªB
68-</BLOCKQUOTE>
69-
70-<LI>
71-Java‚ª“®‚©‚È‚¢’[––‚à‚ ‚è‚Ü‚·‚ªB
72-<BLOCKQUOTE>
73-Java‚ª“®‚©‚È‚¢‚à‚µ‚­‚̓Cƒ“ƒXƒg[ƒ‹‚³‚ê‚Ä‚¢‚È‚¢’[––‚Å‚àA—˜—pŽÒ‚ª”FØƒy[ƒW‚É‚¨‚¢‚Ä—v‹‚µ‚½Ú‘±Œp‘±ŽžŠÔ‚¾‚¯ƒlƒbƒgƒ[ƒN‚ðŠJ•ú‚µ‚Ü‚·B‚½‚¾‚µAæ‚ÁŽæ‚è‚â•ú’u‚ɑΉž‚·‚邽‚߁Aˆê’莞ŠÔŠÔŠu‚ŁAARPƒRƒ}ƒ“ƒh‚ƃtƒ@ƒCƒAƒEƒH[ƒ‹’ʉ߃pƒPƒbƒg”‚Ń`ƒFƒbƒN‚µ‚Ü‚·B‚Ü‚½A‹–‰Âƒy[ƒW‚Ì—˜—p’†’f‚̃Šƒ“ƒN‚ðƒNƒŠƒbƒN‚·‚邱‚ƂŃlƒbƒgƒ[ƒN‚ð•Â½‚Å‚«‚Ü‚·B1.4”Å‚©‚çJava‚ð—p‚¢‚¸JavaScript‚ð—p‚¢‚é‚悤‚É‚µ‚Ü‚µ‚½B
74-</BLOCKQUOTE></LI>
75-
76-
77-</UL>
78-
79-
80-—˜—p
81-<UL>
82-<LI>
83-–³üLAN‚ÅŽg‚¦‚Ü‚·‚©B
84-
85-<BLOCKQUOTE>
86-Žg‚¦‚Ü‚·B‚½‚¾‚µAe‹Ç“à‚ÅNAT“™‚É‚æ‚éIPƒAƒhƒŒƒX•ÏŠ·‚ª‚È‚³‚ê‚Ä‚¢‚È‚¢‚±‚Æ‚ª•K—v‚Å‚·B
87-</BLOCKQUOTE>
88-
89-<LI>
90-DHCP‚âNAT‚Æ‚Ì‹¤—p‚Í‚Å‚«‚Ü‚·‚©B
91-
92-<BLOCKQUOTE>
93-‚Å‚«‚Ü‚·B‚»‚̂悤‚ÈŽg‚¢•û‚ª‘½‚¢‚ÆŽv‚¢‚Ü‚·B‚½‚¾‚µNAT‚Í“¯ˆêƒQ[ƒgƒEƒFƒCƒ}ƒVƒ“ã‚Å“®‚©‚·ê‡‚Å‚·B–{ƒQ[ƒgƒEƒFƒC‚Æ’[––ŒQ‚Æ‚ÌŠÔ‚ÉNAT‘•’u‚ð‹²‚Þ‚±‚Æ‚Í‚Å‚«‚Ü‚¹‚ñB“¯‚¶IPƒAƒhƒŒƒX‚𑽐l”‚ªŽg—p‚·‚éŒ`‚ɂȂ邽‚ß‚Å‚·B
94-</BLOCKQUOTE>
95-
96-<LI>
97-MACƒAƒhƒŒƒX‚͎擾‚Å‚«‚Ü‚·‚©B
98-<BLOCKQUOTE>
99-Ver0.53‚ɂđΉž‚µ‚Ü‚µ‚½B‚½‚¾‚µAƒT[ƒo‘¤‚ÅARP‚©‚çŽæ“¾‚·‚邽‚߁AƒT[ƒo‘¤‚©‚猩‚¦‚éƒAƒhƒŒƒX‚Ì‚Ý‚Å‚·B‘㗝ARP‚ª‚ ‚é‚Æ‚»‚Ì’†ŒpƒAƒhƒŒƒX‚Æ‚È‚è‚Ü‚·B‚Ü‚½A“–‘R‚È‚ª‚çAƒC[ƒTƒlƒbƒg‚Å‚Ì‚Ý—LŒø‚Å‚·B
100-</BLOCKQUOTE>
101-
102-<LI>
103-ˆê•”‚̃T[ƒrƒX‚Í”FØ–³‚µ‚É‚µ‚½‚¢‚Ì‚Å‚·‚ªB‚à‚µ‚­‚Í”FØŒã‚àˆê•”‚̃T[ƒrƒX‚𐧌À‚µ‚½‚¢‚Ì‚Å‚·‚ªB
104-
105-<BLOCKQUOTE>
106-‰Šúó‘Ԃ̃tƒ@ƒCƒAƒEƒI[ƒ‹ƒ‹[ƒ‹‚É•K—v‚È‚à‚Ì‚ð’ljÁ‚·‚ê‚Ή”\‚Å‚·BOpengate‚Í‚±‚̏‰Šúó‘ԂɃ‹[ƒ‹‚ð‘}“üEíœ‚µ‚Ü‚·B‚æ‚Á‚āA’ljÁˆÊ’u‚ðH•v‚·‚ê‚ΗlX‚Ȑ§Œä‚ª‰Â”\‚Å‚·B—Ⴆ‚΁A“Á’è‚̃TƒCƒg‚ðƒAƒNƒZƒX‹–‰Â‚à‚µ‚­‚Í•s‹–‰Â‚ɌŒ肷‚邱‚Æ‚à‚Å‚«‚Ü‚·B
107-</BLOCKQUOTE>
108-
109-<LI>
110-—˜—pŽÒ‚̃Œƒxƒ‹‚É‚æ‚Á‚ăT[ƒrƒX‚𐧌À‚µ‚½‚¢‚Ì‚Å‚·‚ªB
111-
112-<BLOCKQUOTE>
113-Ý’èƒtƒ@ƒCƒ‹‚É‚¨‚¢‚ÄExtraSet‚̐ݒè‚ð‚µ‚Ä‚­‚¾‚³‚¢BExtraSet‚ÌðŒ‚É‡‚¤ƒ†[ƒU‚ÍExtraSet‚ÅŽw’肵‚½Ý’è’l‚ðã‘‚«‚µ‚Ü‚·B
114-‚Ü‚½‚ÍPerlƒXƒNƒŠƒvƒg‚ÌŽg—p‚ð—LŒø‚É‚µ‚āAƒXƒNƒŠƒvƒg’†‚Ő§Œä‚­‚¾‚³‚¢B
115-</BLOCKQUOTE>
116-
117-<LI>
118-ˆêŽž“I—˜—pŽÒ‚ւ̑Ήž‚Í‚Ç‚¤‚µ‚Ü‚·‚©B
119-
120-<BLOCKQUOTE>
121-”FØƒT[ƒo‚ւ̈ꎞ“I‚È—˜—pŽÒ“o˜^‚ª•K—v‚Å‚·BOpengate‚́A•¡”‚Ì”FØƒT[ƒo‚Ƀ†[ƒU‚ðU‚蕪‚¯‚é‚悤‚ÉŽw’è‚Å‚«‚Ü‚·‚̂ŁA•Ê“r‚Ɉꎞ—˜—pŽÒ‚Ì‚½‚ß‚Ì”FØƒT[ƒo‚ðÝ’u‚·‚邱‚Æ‚à‚Å‚«‚Ü‚·BftpƒT[ƒo‚ª“®‚¯‚Ηǂ¢‚Ì‚ÅWindows‚Ȃǂ̊ȈՃT[ƒo‚Å‚à‰Â”\‚ƍl‚¦‚Ü‚·B
122-<BR>
123-“–‘åŠw‚ł́AŒ»Ý‚Ì‚Æ‚±‚ëA}‘ŠÙŠO•”—˜—pŽÒ‚âŠw‰ïŽQ‰ÁŽÒ‚Ȃǂ̈ꎞ“I—˜—pŽÒ‚ɑ΂µ‚Ĉȉº‚̉^—p‚ðs‚Á‚Ä‚¢‚Ü‚·BˆêŽž—˜—pŽÒ—p‚Ì”FØƒT[ƒo‚ð—pˆÓ‚·‚éB•K—v”‚Ì—˜—pŽÒID‚ð—˜—pŠúŒÀ•t‚«‚Å“o˜^‚µA“¯Žž‚É—˜—pŽÒID‚ƃpƒXƒ[ƒh‚¨‚æ‚Ñ—˜—pã‚Ì’ˆÓ‚ð‘‚¢‚½—pŽ†‚ð—˜—pŽÒID–ˆ‚Ɉóü‚·‚éB—˜—pŠó–]ŽÒ‚ª—ˆ–K‚·‚ê‚΁AgŒ³‚ðŠm”F‚µ‚Ä—pŽ†‚ð1–‡“n‚·B“–‘R‚È‚ª‚ç–{—˜—pŽÒID‚ÍŠw“à‚̃T[ƒo‚ւ̃ƒOƒCƒ““™‚É‚Í—˜—p‚Å‚«‚Ü‚¹‚ñB
124-</BLOCKQUOTE>
125-
126-<LI>
127-ƒpƒXƒ[ƒh‚ÌŽç”é‚Í•Û‚Ä‚Ü‚·‚©B
128-
129-<BLOCKQUOTE>
130-’[––‚ƃQ[ƒgƒEƒFƒCŠÔ‚ÍWeb’ʐM‚ŃpƒXƒ[ƒh‚ð‘—‚è‚Ü‚·B‚æ‚Á‚ÄWebƒT[ƒo‚ðSSL‰»‚·‚ê‚ÎŽç”邪•Û‚Ä‚Ü‚·BƒQ[ƒgƒEƒFƒC‚Æ”FØƒT[ƒo‚̊Ԃ́AŽç”é‹@”\‚Ì‚ ‚é”FØƒvƒƒgƒRƒ‹‚É‚æ‚ê‚Ή”\‚Å‚·BOpengate‚́Apop3s,ftps,Radius,PAM‚ɑΉž‚µ‚Ä‚¢‚Ü‚·BPAM‚Í‘½‚­‚Ì”FØƒvƒƒgƒRƒ‹‚ðƒTƒ|[ƒg‚µ‚Ü‚·B
131-</BLOCKQUOTE>
132-
133-<LI>
134-ƒXƒP[ƒ‰ƒrƒŠƒeƒB‚Í‚Ç‚¤‚Å‚·‚©BƒpƒtƒH[ƒ}ƒ“ƒX‚Í‚Ç‚¤‚Å‚·‚©B
135-
136-<BLOCKQUOTE>
137-”\‘ä‚ÌŽg—p‚Å‚Í–â‘è–³‚­Žg‚¦‚Ä‚¢‚Ü‚·BƒNƒ‰ƒXC’ö“x‚Ì—˜—p‚Í‚Å‚«‚é‚ÆŽv‚¢‚Ü‚·B–{ƒVƒXƒeƒ€‚́Aƒtƒ@ƒCƒAƒEƒI[ƒ‹ƒ\ƒtƒg‚̃pƒPƒbƒgƒtƒBƒ‹ƒ^ƒŠƒ“ƒO‹K‘¥‚ð’ljÁEíœ‚·‚é•ûŽ®‚Å‚ ‚èAŠeƒNƒ‰ƒCƒAƒ“ƒg‚©‚ç‚Ì—˜—pŠJŽn—v‹Žž‚ð•Ê‚É‚·‚ê‚Ζw‚Ç•‰‰×‚Æ‚È‚è‚Ü‚¹‚ñB—˜—p’†‚̃pƒtƒH[ƒ}ƒ“ƒX‚́AƒpƒPƒbƒgƒtƒBƒ‹ƒ^ƒŠƒ“ƒO‚âƒpƒPƒbƒg“]‘—‚̏ˆ—”\—͂Ɉˑ¶‚·‚é‚ÆŽv‚¢‚Ü‚·B‚È‚¨—Ê“I‚Ȑ§ŒÀ‚Æ‚µ‚ẮA—˜—pƒNƒ‰ƒCƒAƒ“ƒg–ˆ‚É‚PƒvƒƒZƒX‚ªí’“‚·‚邱‚Æ‚ª‚ ‚è‚Ü‚·B‚µ‚©‚µƒvƒƒZƒX”‚̍őå’l‚̓J[ƒlƒ‹‚Å’²®‚Å‚«‚Ü‚·‚µAƒNƒ‰ƒXC’ö“x–ˆ‚É•ªŠ„‚µ‚ăVƒXƒeƒ€‰^—p‚·‚é•û‚ªƒQ[ƒgƒEƒFƒC‚É‚¨‚¯‚éƒpƒPƒbƒgƒtƒBƒ‹ƒ^ƒŠƒ“ƒO“™‚Ì”\—Í‚©‚ç‚·‚é‚ÆŒ»ŽÀ“I‚Å‚µ‚傤B
138-</BLOCKQUOTE></LI>
139-
140-<LI>
141-WebˆÈŠO‚Ì—˜—p‚ɂ͑Ήž‚µ‚Ü‚·‚©B
142-<BLOCKQUOTE>
143-‚Ü‚¸Webƒuƒ‰ƒEƒU‚Å”FØ‚ðŽó‚¯‚āA‚»‚̃uƒ‰ƒEƒU‚ðÅ¬‰»‚µ‚Ä‚©‚çŽg‚¢‚Ü‚·B‚È‚¨Aƒtƒ@ƒCƒAƒEƒH[ƒ‹ƒ‹[ƒ‹ƒŠƒXƒg‚É‚¨‚¢‚āAOpengate‚ª‘}“ü‚·‚郋[ƒ‹”ԍ†‚æ‚è‘O‚Ƀ‹[ƒ‹‚ðÝ’è‚·‚ê‚΁Aˆê•”ƒvƒƒgƒRƒ‹‚ɑ΂·‚é–³ðŒ‹‘”Û‚â–³ðŒ‹–‰Â‚àÝ’è‰Â”\‚Å‚·B
144-</BLOCKQUOTE></LI>
145-
146-<LI>
147-’[––‚̐ڑ±ó‹µ‚𒲂ׂ邱‚Æ‚Í‚Å‚«‚Ü‚·‚©B
148-<BLOCKQUOTE>
149-ŠJ•ú‚ƕ½‚Ì—š—ð‚́AsyslogŒo—R‚Å/var/log/opengate.log‚É•Û‘¶‚³‚ê‚Ü‚·B’[––‚²‚ƂɈê‚‚̃vƒƒZƒX‚ÅŠÄŽ‹‚µ‚Ä‚¨‚èAŒ»ÝÚ‘±’†‚Ì’[––ó‹µ‚́Aups -axww | grep opengatev‚ÅŒ©‚邱‚Æ‚ªo—ˆ‚Ü‚·B‚±‚ÌPSƒRƒ}ƒ“ƒh‚̓vƒƒZƒXIDAƒ†[ƒUIDAIPƒAƒhƒŒƒXAƒtƒ@ƒCƒAƒEƒH[ƒ‹ƒ‹[ƒ‹”ԍ†‚ð•\Ž¦‚µ‚Ü‚·B‚à‚µA‚ ‚éOpengate‚̃vƒƒZƒX‚ðkill‚·‚ê‚΁A‘Ήžƒtƒ@ƒCƒAƒEƒH[ƒ‹ƒ‹[ƒ‹‚àíœ‚³‚ê‚Ü‚·Bƒtƒ@ƒCƒAƒEƒH[ƒ‹‚ÌŠJ•úó‹µ‚́uipfw listv‚Ɓuip6fw listv‚ÅŒ©‚邱‚Æ‚ªo—ˆ‚Ü‚·B
150-</BLOCKQUOTE></LI>
151-
152-</UL>
153-“±“üEŠJ”­
154-<UL>
155-<LI>
156-ƒCƒ“ƒXƒg[ƒ‹‚µ‚½‚ª“®‚«‚Ü‚¹‚ñB
157-
158-<BLOCKQUOTE>
159-‘½”‚̃\ƒtƒgƒEƒFƒA‚Ì’‡‰î‚ð‚·‚éƒVƒXƒeƒ€‚Å‚·‚̂ŃfƒoƒbƒO‚Í–Ê“|‚¾‚ÆŽv‚¢‚Ü‚·B•Ê“r‚É—pˆÓ‚µ‚½ƒ`ƒFƒbƒN€–Ú‹Lq‚̃tƒ@ƒCƒ‹‚ðŒ©‚Ä‚­‚¾‚³‚¢B
160-</BLOCKQUOTE>
161-
162-<LI>
163-—˜—pE‰ü•ÏE”z•z‚͉”\‚Å‚·‚©B
164-
165-<BLOCKQUOTE>
166-GPL‰º‚ʼn”\‚Å‚·B¡Œã‚ÌŠJ”­‚Ì‚½‚߂ɁAŠJ”­ŽÒ‚܂ŘA—’¸‚¯‚ê‚΍K‚¢‚Å‚·BƒoƒOE—v–]E‰ü•Ï•ñ‚ðŠ½Œ}‚µ‚Ü‚·B
167-</BLOCKQUOTE>
168-
169-<LI>
170-”FØWebƒy[ƒW‚̃fƒUƒCƒ“‚ð•Ï‚¦‚½‚¢‚Ì‚Å‚·‚ªB
171-
172-<BLOCKQUOTE>
173-ŠeWebƒy[ƒW‚ÍHTMLƒtƒ@ƒCƒ‹‚Æ‚µ‚Ä“Æ—§‚µ‚Ä‚¢‚Ü‚·B‚±‚ê‚ð‘‚«‚©‚¦‚邱‚Æ‚ÅŠÈ’P‚É‚Å‚«‚Ü‚·B
174-</BLOCKQUOTE>
175-
176-<LI>
177-‰pŒêA“ú–{ŒêˆÈŠO‚Ì•\Ž¦‚É‚µ‚½‚¢‚Ì‚Å‚·‚ªB
178-
179-<BLOCKQUOTE>
180-en,ja‚̃fƒBƒŒƒNƒgƒŠ‚ªA‰pŒê‚Æ“ú–{Œê‚Ì‹Lq‚Å‚·B‚±‚ê‚ðŽQl‚É‚µ‚Ä“¯‚¶ƒfƒBƒŒƒNƒgƒŠ\¬‚ÅHTMLƒtƒ@ƒCƒ‹‚ðì¬‚µ‚Ä‚­‚¾‚³‚¢B‚³‚ç‚ɁAÝ’èƒtƒ@ƒCƒ‹’†‚ÌŒ¾ŒêÝ’è‚Æindex.html.var‚ð’ljÁ•ÏX‚µ‚Ä‚­‚¾‚³‚¢B
181-</BLOCKQUOTE>
182-
183-<LI>
184-IPƒAƒhƒŒƒX‚É‚æ‚è‘ŠŽè‚ðŠm”F‚µ‚Ä‚¢‚é‚悤‚Å‚·‚ªAIPƒXƒv[ƒtƒBƒ“ƒO‚Í–â‘è‚Å‚Í‚È‚¢‚Å‚·‚©B‚Ü‚½ƒT[ƒrƒX–WŠQUŒ‚‚ɂ͑Ήž‚Å‚«‚Ü‚·‚©B‚»‚Ì‘¼‚̃Aƒ^ƒbƒN‚ɑ΂µ‚Ä‚Í‚Ç‚¤‚Å‚·‚©B
185-
186-<BLOCKQUOTE>
187-IPƒXƒv[ƒtƒBƒ“ƒO‚̓tƒ@ƒCƒAƒEƒI[ƒ‹‚Ì•û‚̐ݒè‚Å”ð‚¯‚ç‚ê‚é‚ÆŽv‚¢‚Ü‚·B‚Ü‚½Opengate‚́A³‚µ‚¢ƒpƒXƒ[ƒh‚ð‘—‚Á‚Ä‚«‚½ƒAƒhƒŒƒX‚ɑ΂µ‚ÄŒŠ‚ðŠJ‚¯‚é‚̂ŁAIPƒAƒhƒŒƒX‚ð‹U‚Á‚Ä‚à‚ ‚܂蓾‚É‚Í‚È‚è‚Ü‚¹‚ñB‘¼‚ª”FØ‚ðŽó‚¯‚ÄŽg‚Á‚Ä‚¢‚铯‚¶IPƒAƒhƒŒƒX‚ð¼Ì‚µ‚ăpƒPƒbƒg‚𗬂·‚±‚Ƃ͉”\‚Å‚µ‚傤‚ªAŒ»ŽÀ“I‚È—˜—p‚͓‚¢‚ÆŽv‚Á‚Ä‚¢‚Ü‚·BƒT[ƒrƒX–WŠQ‚ɂ‚¢‚ẮAŠeIPƒAƒhƒŒƒX‚ɑ΂µ‚Ä“ÆŽ©‚̃|[ƒg”ԍ†‚ðˆê‚‘—‚è‚‚¯ŒðM‚·‚éŒ`‘Ô‚Å‚·‚Ì‚Å”ð‚¯‚ç‚ê‚é‚ÆŽv‚¢‚Ü‚·B–WŠQ‚ðŠ®‘S‚ɏœ‹Ž‚·‚邱‚Ƃ͓‚¢‚Å‚·‚ªAƒZƒLƒ…ƒŠƒeƒBƒz[ƒ‹‚ª‚ ‚ê‚΂²‹³Ž¦‰º‚³‚¢Bˆ«ˆÓ‚ðŽ‚Á‚½—˜—p‚ɑ΂µ‚ẮA‘΍ô‚Æ‚µ‚čl‚¦‚ç‚ê‚Ä‚¢‚é‹@”\‚È‚Ç‚ð‘g‚ݍ‡‚킹‚邱‚Æ‚à‰Â”\‚Å‚ ‚낤‚ÆŽv‚¢‚Ü‚·B
188-</BLOCKQUOTE>
189-
190-
191-<LI>
192-ƒT[ƒo‚ÍFreeBSDˆÈŠO‚Å“®‚«‚Ü‚·‚©B
193-
194-<BLOCKQUOTE>
195-Œ»ó‚ł́AFreeBSDê—p‚̃tƒ@ƒCƒAƒEƒI[ƒ‹ƒc[ƒ‹ipfw‚ð—˜—p‚µ‚Ä‚¢‚é‚̂ŁA‘¼‚ÌOS‚Å‚Í“®‚«‚Ü‚¹‚ñB“¯“™‚Ì‹@”\‚ðŽ‚Âƒtƒ@ƒCƒAƒEƒI[ƒ‹ƒc[ƒ‹‚ª‚ ‚ê‚΁A‘Ήž‚·‚é‚悤‚ɏ‘‚«‚©‚¦‚邱‚Ƃ͉”\‚Å‚·B—Ⴆ‚ÎLinux‚Ìipchains‚ɏ‘‚«Š·‚¦‚邱‚Ƃ͉”\‚Å‚·B
196-</BLOCKQUOTE>
197-
198-<LI>
199-’[–––ˆ‚ɃvƒƒZƒX‚ª¶¬‚³‚ê‚Ä‘å—ʂɏ풓‚µ‹CŽ‚¿—Ç‚­‚ ‚è‚Ü‚¹‚ñBˆê‚‚ɂ܂Ƃ܂è‚Ü‚¹‚ñ‚©B
200-
201-<BLOCKQUOTE>
202-ƒAƒ‹ƒSƒŠƒYƒ€‚ðŠÈ’P‚É‚·‚邽‚߂ɍ¡‚Ì•ûŽ®‚ðŽæ‚è‚Ü‚µ‚½BŠÄŽ‹ƒvƒƒZƒX‚ðˆê‚‚ɂ܂Ƃ߂邱‚Æ‚à‰Â”\‚Å‚µ‚傤‚ªA‘½”‚ÌŽžŠÔ‘Ò‚¿‚ƃAƒNƒZƒX‘Ò‚¿‚𐧌䂷‚é‚̂́AƒT[ƒrƒX–WŠQ‚»‚Ì‘¼‚̍l—¶“_‚à‚ ‚èA‚©‚È‚è–Ê“|‚Å‚·BŠO•”ðŒ‚ðŠ¨ˆÄ‚·‚é‚ƈê‚‚ɂ܂Ƃ߂é‹Ù‹}“x‚ª’á‚¢‚ƍl‚¦‚ÄŒã‰ñ‚µ‚É‚µ‚Ä‚¢‚Ü‚·B
203-</BLOCKQUOTE>
204-
205-<LI>
206-IPv6‚ɑΉž‚Å‚«‚Ü‚·‚©B
207-
208-<BLOCKQUOTE>
209-Version
210-1.2.0‚É‚¨‚¢‚đΉž‚µ‚Ü‚µ‚½B
211-</BLOCKQUOTE></LI>
212-
213-</UL>
214-</body>
215-</HTML>
1+<html LANG="jp">
2+<head>
3+<META HTTP-EQUIV="Content-Type" CONTENT="text/html;charset=Shift_JIS">
4+
5+<title>Opengate Q & A</title>
6+</head>
7+
8+
9+<body bgcolor=#fafff0>
10+
11+<H3>Opengate Q &amp; A</H3>
12+
13+ˆÓ‹`
14+<UL>
15+<LI>
16+‚»‚à‚»‚à‰½ŒÌ”FØ‚È‚Ç‚ª•K—v‚È‚Ì‚Å‚·‚©B’N‚Å‚àƒlƒbƒgƒ[ƒN‚ªŽg‚¦‚Ä—Ç‚¢‚Å‚Í‚È‚¢‚Å‚·‚©B
17+
18+<BLOCKQUOTE>
19+Šeƒlƒbƒgƒ[ƒN‚́A‚»‚̐ݒuŽïŽ|‚ÆŒo”’S‚ɏ]‚Á‚½—˜—p‚ª‹‚ß‚ç‚ê‚Ü‚·BŒˆ‚µ‚ÄŽ©—R—˜—p‚ª‘O’ñ‚Å‚Í‚ ‚è‚Ü‚¹‚ñB‚³‚ç‚ɁAƒCƒ“ƒ^[ƒlƒbƒgã‚ł́A”î排†‚⍼‹\A•s³ƒAƒ^ƒbƒN“™‚Ì”½ŽÐ‰ï“Is“®‚ª”­¶‚µ‚Ä‚¢‚Ü‚·B‘gD‚Æ‚µ‚Ä‚Í‚»‚̂悤‚ȍs“®‚ð\¬ˆõ‚É‹N‚±‚µ‚Ä—~‚µ‚­‚ ‚è‚Ü‚¹‚ñBŠeŽ©‚ªÓ”C‚ðŽ‚Á‚čs“®‚µ‚Ä‚¢‚½‚¾‚­‚½‚߂̈ê‚‚̕û–@‚Æ‚µ‚Ä–{ƒVƒXƒeƒ€‚ª‚ ‚è‚Ü‚·B
20+</BLOCKQUOTE>
21+
22+<LI>
23+’[––‚ÌOS‚É•t‚·‚é”FØ‚ð—˜—p‚·‚é‚̂ł̓_ƒ‚È‚Ì‚Å‚·‚©B
24+
25+<BLOCKQUOTE>
26+“ˆê‚µ‚½PCŠÂ‹«‚̍\’z‚ƈێ‚ª‰Â”\‚ȃVƒXƒeƒ€‚̏ꍇ‚ɂ́A’[––OS‚Ì”FØƒVƒXƒeƒ€‚ð—˜—p‚µ‚½•û‚ª—Ç‚¢‚ÆŽv‚¢‚Ü‚·B‚µ‚©‚µ•s“Á’葽”‚ª•s“Á’è‹@Ší‚ðÚ‘±‚·‚é‚悤‚Ȋ‹«‚Å‚Í‹@”\‚µ‚Ü‚¹‚ñB
27+</BLOCKQUOTE>
28+
29+<LI>
30+ƒAƒNƒZƒX‚³‚ê‚鑤‚̃T[ƒo‚ªŠeŽ©‚Å”íŠQ‚ðŽó‚¯‚È‚¢‚悤‚ɁA”FØ‚»‚Ì‘¼‚̃ZƒLƒ…ƒŠƒeƒB•ÛŽ‚ðs‚¤‚±‚Æ‚ª–{—ˆ‚Å‚Í‚È‚¢‚Å‚·‚©B
31+
32+<BLOCKQUOTE>
33+‚»‚ê‚à•K—v‚Å‚µ‚傤B‚µ‚©‚µ‘åŠw‚̂悤‚É‘½”‚Ì‘½—l‚ȐlŠÔ‚ª”äŠr“IŽ©—R‚É—˜—p‚Å‚«‚éƒlƒbƒgƒ[ƒNŠÂ‹«‚ð’ñ‹Ÿ‚µ‚Ä‚¢‚é‘gD‚ł́AŠO•”‚ɑ΂µ‚Ä—lX‚ȃgƒ‰ƒuƒ‹‚ð‹N‚±‚µ‹êî‚ªŠñ‚¹‚ç‚ê‚é‰Â”\«‚ª‚‚­‚È‚è‚Ü‚·B‚»‚̐ӔC‚̓gƒ‰ƒuƒ‹Œ´ˆö‚ðì‚Á‚½–{l‚ÉŽæ‚Á‚Ä‚¢‚½‚¾‚­•K—v‚ª‚ ‚è‚Ü‚·B‚Ü‚½Aƒlƒbƒgƒ[ƒN—˜—p‚ɂ́A‚»‚Ì–Ú“I‚ɍ‡‚Á‚½—˜—pŽÒ‚̐§ŒÀ‚ª‚ ‚邱‚Æ‚ª’ʏ킾‚ÆŽv‚¢‚Ü‚·B‚æ‚Á‚ăAƒNƒZƒX‚·‚鑤‚Å‚Ì”FØ‚à•K—v‚ƍl‚¦‚Ü‚·B
34+</BLOCKQUOTE>
35+
36+<LI>
37+
38+‰½ŒÌAŒöŠJŒÅ’è’[––‚Əî•ñƒRƒ“ƒZƒ“ƒg‚Ì—¼•û‚ð‘ΏۂƂ·‚é•K—v‚ª‚ ‚é‚Ì‚Å‚·‚©BŒöŠJŒÅ’è’[––‚Í’[––OS‚Ì”FØ‚ª‰Â”\‚Å‚Í‚È‚¢‚Å‚·‚©B
39+
40+<BLOCKQUOTE>
41+‘S‚Ä‚ÌŒöŠJŒÅ’è’[––‚ðƒlƒbƒgƒ[ƒNŠÇ—•”–傪“ˆê“I‚É”z’u‚µA‚»‚̃n[ƒhƒEƒFƒA‚ð•s³‘€ì‚©‚çŽç‚ê‚éó‹µ‚ª‰Â”\‚Å‚ ‚ê‚΂»‚ê‚Å‚à—Ç‚¢‚ÆŽv‚¢‚Ü‚·B‚µ‚©‚µŒ»ŽÀ“I‚É‚ÍŠgŽU‚µ‚½ŒöŠJêŠ‚Ö‘½””z’u‚·‚邱‚Æ‚ª‘½‚­A—lX‚ȍ¢“”º‚¢‚Ü‚·B‚Ü‚½Šù‚É”z’u‚³‚ꂽ”FØ‹@”\‚Ì–³‚¢’[––‚â•s\•ª‚ÈŠÇ—‰º‚Ì’[––‚ª”‘½‚­‚ ‚è‚Ü‚·B‚±‚ê‚ç‚É‚à‘Ήž‚·‚é•K—v‚ª‚ ‚è‚Ü‚·B
42+</BLOCKQUOTE>
43+
44+<LI>
45+ƒ‹[ƒ^‚âƒtƒ@ƒCƒAƒEƒI[ƒ‹“™A’ʉߓ_‚Å‚Ì‹L˜^Žæ“¾‚Å‚Í‚¢‚¯‚È‚¢‚Ì‚Å‚·‚©B
46+<BLOCKQUOTE>
47+‚±‚Ì‹L˜^‚Å‚ÍIPƒAƒhƒŒƒX‚Í•ª‚©‚è‚Ü‚·B‚µ‚©‚µ•s“Á’葽”‚ªo“ü‚è‚·‚éêŠ‚̏ꍇ‚Í’N‚ª—˜—p‚µ‚½‚Ì‚©•ª‚©‚è‚Ü‚¹‚ñB—˜—pŽÒ‚ª“Á’è‚Å‚«‚é•”‰®‚̏ꍇ‚Í‚±‚̂悤‚È‹L˜^‚Å‚à—Ç‚¢‚Å‚µ‚傤B
48+</BLOCKQUOTE>
49+
50+<LI>
51+MACƒAƒhƒŒƒX‚ŌlŽ¯•Ê‚ð‚·‚é•ûŽ®‚à‚ ‚é‚悤‚Å‚·‚ªB
52+<BLOCKQUOTE>
53+Opengate‚͌lŽ¯•Ê‚ðƒ†[ƒUID‚ƃpƒXƒ[ƒh‚ōs‚Á‚Ä‚¢‚Ü‚·B‚±‚Ì”FØ“ü—Í‚Ì‘ã‚í‚è‚ÉMACƒAƒhƒŒƒX‚ðŽg‚¤‚±‚Ƃ͉”\‚Å‚µ‚傤B<BR>
54+‚µ‚©‚µMACƒAƒhƒŒƒX‚ð—˜—p‚·‚é•ûŽ®‚́AMACƒAƒhƒŒƒX‚Æ‚»‚̏Š—LŽÒ‚Æ‚ÌŠÖŒW‚ð‘O‚à‚Á‚Ä“o˜^‚·‚é•K—v‚ª‚ ‚è‚Ü‚·B‚Ü‚½‹@Ší÷“nE”pŠü‚̍ۂɓo˜^Á‹ŽA‹@ŠíXV‚̍ۂɓo˜^XV‚ðs‚¤•K—v‚ª‚ ‚è‚Ü‚·‚ªA—˜—pŽÒ‚É“o˜^Á‹Ž‚ð—ãs‚³‚¹‚é‚͓̂‚¢‚ÆŽv‚í‚ê‚Ü‚·B‚±‚ê‚ç‚̉^—pã‚Ì–â‘è“_‚ð‰ðŒˆ‚µ‚È‚¯‚ê‚΂Ȃè‚Ü‚¹‚ñB‚Ü‚½MACƒAƒhƒŒƒX‚̓C[ƒTƒlƒbƒgÚ‘±’[––‚Ì‚Ý‚É‘¶Ý‚·‚é“_Aƒ‹[ƒ^‚ð’´‚¦‚Ä“`‚í‚ç‚È‚¢“_A‹U‘•‚ª‰Â”\‚Å‚ ‚é“_‚È‚Ç‚à“ï“_‚ÆŒ¾‚¦‚Ü‚·B<BR>
55+’Ç‹LFOpengate‚Ì—˜—p‚ª¢“ï‚È’[––‚ɑ΂µ‚āAMACƒAƒhƒŒƒX‚ŌlŽ¯•Ê‚·‚éOpengate•âŠ®”FØƒVƒXƒeƒ€OpengateM‚ðŒöŠJ‚µ‚Ü‚µ‚½B‚±‚̃VƒXƒeƒ€‚ł́AMACƒAƒhƒŒƒX“o˜^^XV^ƒ‹[ƒ^‘}“ü^‹U‘•‚ɂ‚¢‚Ĉê’è‚̍l—¶‚ðs‚Á‚Ä‚¢‚Ü‚·B
56+</BLOCKQUOTE>
57+
58+<LI>
59+Å‹ßA‚³‚Ü‚´‚܂ȃlƒbƒgƒ[ƒN”FØƒVƒXƒeƒ€‚ª”­•\‚³‚ê‚Ä‚¢‚é‚悤‚Å‚·‚ªB
60+<BLOCKQUOTE>
61+Opengate‚͈ȉº‚Ì“_‚ð–ž‚½‚µ‚Ä‚¢‚é“_‚ª“Á’¥‚ƍl‚¦‚Ü‚·B’[––‚ɑ΂·‚éƒ\ƒtƒgAƒn[ƒhAÝ’uŒ`‘ԁAÚ‘±•û–@‚Ȃǂ̐§ŒÀ‚ª­‚È‚¢Ž–B—˜—pŽÒ‚ÌŽw“±‚âŠÇ—‚ªÅ¬ŒÀ‚ōςގ–Bˆê”Ê“I‚ȃ\ƒtƒg/ƒn[ƒh‚ō\¬‚³‚ê‚Ä‚¨‚èAŠù‘¶ƒlƒbƒgƒ[ƒN‚Ö‚Ì“±“ü‚ª—eˆÕ‚Å‚ ‚鎖B—˜—pŠJŽn/I—¹‚ɍۂµ‚Ä‘¦À‚Ƀlƒbƒgƒ[ƒN‚ÌŠJ•ú/•Â½‚ªs‚í‚ê‚鎖BIPv4‚ÆIPv6‚Ì—¼•û‚̒ʐM‚𓯎ž‚ÉŠJ•ú•Â½‚Å‚«‚邱‚ƁB
62+</BLOCKQUOTE>
63+
64+<LI>
65+‘¼‚Ì—p“r‚É‚Í—˜—p‚Å‚«‚Ü‚·‚©B
66+<BLOCKQUOTE>
67+–{ƒVƒXƒeƒ€‚́Aƒ†[ƒUID‚ƃpƒXƒ[ƒh‚ðWebŒo—R‚Ŏ󂯕t‚¯A‚»‚ÌIPƒAƒhƒŒƒX‚Ƃ̃pƒPƒbƒg‚Ì’Ê‰ß‚ð‹–‰Â‚·‚éƒVƒXƒeƒ€‚Å‚·B‚»‚̘g‘g‚݂̊‹«‚Å‚ ‚ê‚Η˜—p‚Å‚«‚é‚ÆŽv‚¢‚Ü‚·B—Ⴆ‚΁AƒGƒNƒXƒgƒ‰ƒlƒbƒg‚©‚çƒCƒ“ƒgƒ‰ƒlƒbƒg‚ɑ΂µ‚ăAƒNƒZƒX‚·‚邽‚߂̃oƒCƒpƒX‘‹Œû‚ðÝ’u‚·‚邱‚Æ‚É‚à—˜—p‚Å‚«‚é‚Å‚µ‚傤B“–‘R‚È‚ª‚ç‹É‚߂č‚“x‚ȃZƒLƒ…ƒŠƒeƒBƒŒƒxƒ‹‚ð•K—v‚Æ‚·‚éƒlƒbƒgƒ[ƒN‚Å‚È‚¢ê‡‚Å‚·‚ªB
68+</BLOCKQUOTE>
69+
70+<LI>
71+Java‚ª“®‚©‚È‚¢’[––‚à‚ ‚è‚Ü‚·‚ªB
72+<BLOCKQUOTE>
73+Java‚ª“®‚©‚È‚¢‚à‚µ‚­‚̓Cƒ“ƒXƒg[ƒ‹‚³‚ê‚Ä‚¢‚È‚¢’[––‚Å‚àA—˜—pŽÒ‚ª”FØƒy[ƒW‚É‚¨‚¢‚Ä—v‹‚µ‚½Ú‘±Œp‘±ŽžŠÔ‚¾‚¯ƒlƒbƒgƒ[ƒN‚ðŠJ•ú‚µ‚Ü‚·B‚½‚¾‚µAæ‚ÁŽæ‚è‚â•ú’u‚ɑΉž‚·‚邽‚߁Aˆê’莞ŠÔŠÔŠu‚ŁAARPƒRƒ}ƒ“ƒh‚ƃtƒ@ƒCƒAƒEƒH[ƒ‹’ʉ߃pƒPƒbƒg”‚Ń`ƒFƒbƒN‚µ‚Ü‚·B‚Ü‚½A‹–‰Âƒy[ƒW‚Ì—˜—p’†’f‚̃Šƒ“ƒN‚ðƒNƒŠƒbƒN‚·‚邱‚ƂŃlƒbƒgƒ[ƒN‚ð•Â½‚Å‚«‚Ü‚·B1.4”Å‚©‚çJava‚ð—p‚¢‚¸JavaScript‚ð—p‚¢‚é‚悤‚É‚µ‚Ü‚µ‚½B
74+</BLOCKQUOTE></LI>
75+
76+
77+</UL>
78+
79+
80+—˜—p
81+<UL>
82+<LI>
83+–³üLAN‚ÅŽg‚¦‚Ü‚·‚©B
84+
85+<BLOCKQUOTE>
86+Žg‚¦‚Ü‚·B‚½‚¾‚µAe‹Ç“à‚ÅNAT“™‚É‚æ‚éIPƒAƒhƒŒƒX•ÏŠ·‚ª‚È‚³‚ê‚Ä‚¢‚È‚¢‚±‚Æ‚ª•K—v‚Å‚·B
87+</BLOCKQUOTE>
88+
89+<LI>
90+DHCP‚âNAT‚Æ‚Ì‹¤—p‚Í‚Å‚«‚Ü‚·‚©B
91+
92+<BLOCKQUOTE>
93+‚Å‚«‚Ü‚·B‚»‚̂悤‚ÈŽg‚¢•û‚ª‘½‚¢‚ÆŽv‚¢‚Ü‚·B‚½‚¾‚µNAT‚Í“¯ˆêƒQ[ƒgƒEƒFƒCƒ}ƒVƒ“ã‚Å“®‚©‚·ê‡‚Å‚·B–{ƒQ[ƒgƒEƒFƒC‚Æ’[––ŒQ‚Æ‚ÌŠÔ‚ÉNAT‘•’u‚ð‹²‚Þ‚±‚Æ‚Í‚Å‚«‚Ü‚¹‚ñB“¯‚¶IPƒAƒhƒŒƒX‚𑽐l”‚ªŽg—p‚·‚éŒ`‚ɂȂ邽‚ß‚Å‚·B
94+</BLOCKQUOTE>
95+
96+<LI>
97+MACƒAƒhƒŒƒX‚͎擾‚Å‚«‚Ü‚·‚©B
98+<BLOCKQUOTE>
99+Ver0.53‚ɂđΉž‚µ‚Ü‚µ‚½B‚½‚¾‚µAƒT[ƒo‘¤‚ÅARP‚©‚çŽæ“¾‚·‚邽‚߁AƒT[ƒo‘¤‚©‚猩‚¦‚éƒAƒhƒŒƒX‚Ì‚Ý‚Å‚·B‘㗝ARP‚ª‚ ‚é‚Æ‚»‚Ì’†ŒpƒAƒhƒŒƒX‚Æ‚È‚è‚Ü‚·B‚Ü‚½A“–‘R‚È‚ª‚çAƒC[ƒTƒlƒbƒg‚Å‚Ì‚Ý—LŒø‚Å‚·B
100+</BLOCKQUOTE>
101+
102+<LI>
103+ˆê•”‚̃T[ƒrƒX‚Í”FØ–³‚µ‚É‚µ‚½‚¢‚Ì‚Å‚·‚ªB‚à‚µ‚­‚Í”FØŒã‚àˆê•”‚̃T[ƒrƒX‚𐧌À‚µ‚½‚¢‚Ì‚Å‚·‚ªB
104+
105+<BLOCKQUOTE>
106+‰Šúó‘Ԃ̃tƒ@ƒCƒAƒEƒI[ƒ‹ƒ‹[ƒ‹‚É•K—v‚È‚à‚Ì‚ð’ljÁ‚·‚ê‚Ή”\‚Å‚·BOpengate‚Í‚±‚̏‰Šúó‘ԂɃ‹[ƒ‹‚ð‘}“üEíœ‚µ‚Ü‚·B‚æ‚Á‚āA’ljÁˆÊ’u‚ðH•v‚·‚ê‚ΗlX‚Ȑ§Œä‚ª‰Â”\‚Å‚·B—Ⴆ‚΁A“Á’è‚̃TƒCƒg‚ðƒAƒNƒZƒX‹–‰Â‚à‚µ‚­‚Í•s‹–‰Â‚ɌŒ肷‚邱‚Æ‚à‚Å‚«‚Ü‚·B
107+</BLOCKQUOTE>
108+
109+<LI>
110+—˜—pŽÒ‚̃Œƒxƒ‹‚É‚æ‚Á‚ăT[ƒrƒX‚𐧌À‚µ‚½‚¢‚Ì‚Å‚·‚ªB
111+
112+<BLOCKQUOTE>
113+Ý’èƒtƒ@ƒCƒ‹‚É‚¨‚¢‚ÄExtraSet‚̐ݒè‚ð‚µ‚Ä‚­‚¾‚³‚¢BExtraSet‚ÌðŒ‚É‡‚¤ƒ†[ƒU‚ÍExtraSet‚ÅŽw’肵‚½Ý’è’l‚ðã‘‚«‚µ‚Ü‚·B
114+‚Ü‚½‚ÍPerlƒXƒNƒŠƒvƒg‚ÌŽg—p‚ð—LŒø‚É‚µ‚āAƒXƒNƒŠƒvƒg’†‚Ő§Œä‚­‚¾‚³‚¢B
115+</BLOCKQUOTE>
116+
117+<LI>
118+ˆêŽž“I—˜—pŽÒ‚ւ̑Ήž‚Í‚Ç‚¤‚µ‚Ü‚·‚©B
119+
120+<BLOCKQUOTE>
121+”FØƒT[ƒo‚ւ̈ꎞ“I‚È—˜—pŽÒ“o˜^‚ª•K—v‚Å‚·BOpengate‚́A•¡”‚Ì”FØƒT[ƒo‚Ƀ†[ƒU‚ðU‚蕪‚¯‚é‚悤‚ÉŽw’è‚Å‚«‚Ü‚·‚̂ŁA•Ê“r‚Ɉꎞ—˜—pŽÒ‚Ì‚½‚ß‚Ì”FØƒT[ƒo‚ðÝ’u‚·‚邱‚Æ‚à‚Å‚«‚Ü‚·BftpƒT[ƒo‚ª“®‚¯‚Ηǂ¢‚Ì‚ÅWindows‚Ȃǂ̊ȈՃT[ƒo‚Å‚à‰Â”\‚ƍl‚¦‚Ü‚·B
122+<BR>
123+“–‘åŠw‚ł́AŒ»Ý‚Ì‚Æ‚±‚ëA}‘ŠÙŠO•”—˜—pŽÒ‚âŠw‰ïŽQ‰ÁŽÒ‚Ȃǂ̈ꎞ“I—˜—pŽÒ‚ɑ΂µ‚Ĉȉº‚̉^—p‚ðs‚Á‚Ä‚¢‚Ü‚·BˆêŽž—˜—pŽÒ—p‚Ì”FØƒT[ƒo‚ð—pˆÓ‚·‚éB•K—v”‚Ì—˜—pŽÒID‚ð—˜—pŠúŒÀ•t‚«‚Å“o˜^‚µA“¯Žž‚É—˜—pŽÒID‚ƃpƒXƒ[ƒh‚¨‚æ‚Ñ—˜—pã‚Ì’ˆÓ‚ð‘‚¢‚½—pŽ†‚ð—˜—pŽÒID–ˆ‚Ɉóü‚·‚éB—˜—pŠó–]ŽÒ‚ª—ˆ–K‚·‚ê‚΁AgŒ³‚ðŠm”F‚µ‚Ä—pŽ†‚ð1–‡“n‚·B“–‘R‚È‚ª‚ç–{—˜—pŽÒID‚ÍŠw“à‚̃T[ƒo‚ւ̃ƒOƒCƒ““™‚É‚Í—˜—p‚Å‚«‚Ü‚¹‚ñB
124+</BLOCKQUOTE>
125+
126+<LI>
127+ƒpƒXƒ[ƒh‚ÌŽç”é‚Í•Û‚Ä‚Ü‚·‚©B
128+
129+<BLOCKQUOTE>
130+’[––‚ƃQ[ƒgƒEƒFƒCŠÔ‚ÍWeb’ʐM‚ŃpƒXƒ[ƒh‚ð‘—‚è‚Ü‚·B‚æ‚Á‚ÄWebƒT[ƒo‚ðSSL‰»‚·‚ê‚ÎŽç”邪•Û‚Ä‚Ü‚·BƒQ[ƒgƒEƒFƒC‚Æ”FØƒT[ƒo‚̊Ԃ́AŽç”é‹@”\‚Ì‚ ‚é”FØƒvƒƒgƒRƒ‹‚É‚æ‚ê‚Ή”\‚Å‚·BOpengate‚́Apop3s,ftps,Radius,PAM‚ɑΉž‚µ‚Ä‚¢‚Ü‚·BPAM‚Í‘½‚­‚Ì”FØƒvƒƒgƒRƒ‹‚ðƒTƒ|[ƒg‚µ‚Ü‚·B
131+</BLOCKQUOTE>
132+
133+<LI>
134+ƒXƒP[ƒ‰ƒrƒŠƒeƒB‚Í‚Ç‚¤‚Å‚·‚©BƒpƒtƒH[ƒ}ƒ“ƒX‚Í‚Ç‚¤‚Å‚·‚©B
135+
136+<BLOCKQUOTE>
137+”\‘ä‚ÌŽg—p‚Å‚Í–â‘è–³‚­Žg‚¦‚Ä‚¢‚Ü‚·BƒNƒ‰ƒXC’ö“x‚Ì—˜—p‚Í‚Å‚«‚é‚ÆŽv‚¢‚Ü‚·B–{ƒVƒXƒeƒ€‚́Aƒtƒ@ƒCƒAƒEƒI[ƒ‹ƒ\ƒtƒg‚̃pƒPƒbƒgƒtƒBƒ‹ƒ^ƒŠƒ“ƒO‹K‘¥‚ð’ljÁEíœ‚·‚é•ûŽ®‚Å‚ ‚èAŠeƒNƒ‰ƒCƒAƒ“ƒg‚©‚ç‚Ì—˜—pŠJŽn—v‹Žž‚ð•Ê‚É‚·‚ê‚Ζw‚Ç•‰‰×‚Æ‚È‚è‚Ü‚¹‚ñB—˜—p’†‚̃pƒtƒH[ƒ}ƒ“ƒX‚́AƒpƒPƒbƒgƒtƒBƒ‹ƒ^ƒŠƒ“ƒO‚âƒpƒPƒbƒg“]‘—‚̏ˆ—”\—͂Ɉˑ¶‚·‚é‚ÆŽv‚¢‚Ü‚·B‚È‚¨—Ê“I‚Ȑ§ŒÀ‚Æ‚µ‚ẮA—˜—pƒNƒ‰ƒCƒAƒ“ƒg–ˆ‚É‚PƒvƒƒZƒX‚ªí’“‚·‚邱‚Æ‚ª‚ ‚è‚Ü‚·B‚µ‚©‚µƒvƒƒZƒX”‚̍őå’l‚̓J[ƒlƒ‹‚Å’²®‚Å‚«‚Ü‚·‚µAƒNƒ‰ƒXC’ö“x–ˆ‚É•ªŠ„‚µ‚ăVƒXƒeƒ€‰^—p‚·‚é•û‚ªƒQ[ƒgƒEƒFƒC‚É‚¨‚¯‚éƒpƒPƒbƒgƒtƒBƒ‹ƒ^ƒŠƒ“ƒO“™‚Ì”\—Í‚©‚ç‚·‚é‚ÆŒ»ŽÀ“I‚Å‚µ‚傤B
138+</BLOCKQUOTE></LI>
139+
140+<LI>
141+WebˆÈŠO‚Ì—˜—p‚ɂ͑Ήž‚µ‚Ü‚·‚©B
142+<BLOCKQUOTE>
143+‚Ü‚¸Webƒuƒ‰ƒEƒU‚Å”FØ‚ðŽó‚¯‚āA‚»‚̃uƒ‰ƒEƒU‚ðÅ¬‰»‚µ‚Ä‚©‚çŽg‚¢‚Ü‚·B‚È‚¨Aƒtƒ@ƒCƒAƒEƒH[ƒ‹ƒ‹[ƒ‹ƒŠƒXƒg‚É‚¨‚¢‚āAOpengate‚ª‘}“ü‚·‚郋[ƒ‹”ԍ†‚æ‚è‘O‚Ƀ‹[ƒ‹‚ðÝ’è‚·‚ê‚΁Aˆê•”ƒvƒƒgƒRƒ‹‚ɑ΂·‚é–³ðŒ‹‘”Û‚â–³ðŒ‹–‰Â‚àÝ’è‰Â”\‚Å‚·B
144+</BLOCKQUOTE></LI>
145+
146+<LI>
147+’[––‚̐ڑ±ó‹µ‚𒲂ׂ邱‚Æ‚Í‚Å‚«‚Ü‚·‚©B
148+<BLOCKQUOTE>
149+ŠJ•ú‚ƕ½‚Ì—š—ð‚́AsyslogŒo—R‚Å/var/log/opengate.log‚É•Û‘¶‚³‚ê‚Ü‚·B’[––‚²‚ƂɈê‚‚̃vƒƒZƒX‚ÅŠÄŽ‹‚µ‚Ä‚¨‚èAŒ»ÝÚ‘±’†‚Ì’[––ó‹µ‚́Aups -axww | grep opengatev‚ÅŒ©‚邱‚Æ‚ªo—ˆ‚Ü‚·B‚±‚ÌPSƒRƒ}ƒ“ƒh‚̓vƒƒZƒXIDAƒ†[ƒUIDAIPƒAƒhƒŒƒXAƒtƒ@ƒCƒAƒEƒH[ƒ‹ƒ‹[ƒ‹”ԍ†‚ð•\Ž¦‚µ‚Ü‚·B‚à‚µA‚ ‚éOpengate‚̃vƒƒZƒX‚ðkill‚·‚ê‚΁A‘Ήžƒtƒ@ƒCƒAƒEƒH[ƒ‹ƒ‹[ƒ‹‚àíœ‚³‚ê‚Ü‚·Bƒtƒ@ƒCƒAƒEƒH[ƒ‹‚ÌŠJ•úó‹µ‚́uipfw listv‚Ɓuip6fw listv‚ÅŒ©‚邱‚Æ‚ªo—ˆ‚Ü‚·B
150+</BLOCKQUOTE></LI>
151+
152+</UL>
153+“±“üEŠJ”­
154+<UL>
155+<LI>
156+ƒCƒ“ƒXƒg[ƒ‹‚µ‚½‚ª“®‚«‚Ü‚¹‚ñB
157+
158+<BLOCKQUOTE>
159+‘½”‚̃\ƒtƒgƒEƒFƒA‚Ì’‡‰î‚ð‚·‚éƒVƒXƒeƒ€‚Å‚·‚̂ŃfƒoƒbƒO‚Í–Ê“|‚¾‚ÆŽv‚¢‚Ü‚·B•Ê“r‚É—pˆÓ‚µ‚½ƒ`ƒFƒbƒN€–Ú‹Lq‚̃tƒ@ƒCƒ‹‚ðŒ©‚Ä‚­‚¾‚³‚¢B
160+</BLOCKQUOTE>
161+
162+<LI>
163+—˜—pE‰ü•ÏE”z•z‚͉”\‚Å‚·‚©B
164+
165+<BLOCKQUOTE>
166+GPL‰º‚ʼn”\‚Å‚·B¡Œã‚ÌŠJ”­‚Ì‚½‚߂ɁAŠJ”­ŽÒ‚܂ŘA—’¸‚¯‚ê‚΍K‚¢‚Å‚·BƒoƒOE—v–]E‰ü•Ï•ñ‚ðŠ½Œ}‚µ‚Ü‚·B
167+</BLOCKQUOTE>
168+
169+<LI>
170+”FØWebƒy[ƒW‚̃fƒUƒCƒ“‚ð•Ï‚¦‚½‚¢‚Ì‚Å‚·‚ªB
171+
172+<BLOCKQUOTE>
173+ŠeWebƒy[ƒW‚ÍHTMLƒtƒ@ƒCƒ‹‚Æ‚µ‚Ä“Æ—§‚µ‚Ä‚¢‚Ü‚·B‚±‚ê‚ð‘‚«‚©‚¦‚邱‚Æ‚ÅŠÈ’P‚É‚Å‚«‚Ü‚·B
174+</BLOCKQUOTE>
175+
176+<LI>
177+‰pŒêA“ú–{ŒêˆÈŠO‚Ì•\Ž¦‚É‚µ‚½‚¢‚Ì‚Å‚·‚ªB
178+
179+<BLOCKQUOTE>
180+en,ja‚̃fƒBƒŒƒNƒgƒŠ‚ªA‰pŒê‚Æ“ú–{Œê‚Ì‹Lq‚Å‚·B‚±‚ê‚ðŽQl‚É‚µ‚Ä“¯‚¶ƒfƒBƒŒƒNƒgƒŠ\¬‚ÅHTMLƒtƒ@ƒCƒ‹‚ðì¬‚µ‚Ä‚­‚¾‚³‚¢B‚³‚ç‚ɁAÝ’èƒtƒ@ƒCƒ‹’†‚ÌŒ¾ŒêÝ’è‚Æindex.html.var‚ð’ljÁ•ÏX‚µ‚Ä‚­‚¾‚³‚¢B
181+</BLOCKQUOTE>
182+
183+<LI>
184+IPƒAƒhƒŒƒX‚É‚æ‚è‘ŠŽè‚ðŠm”F‚µ‚Ä‚¢‚é‚悤‚Å‚·‚ªAIPƒXƒv[ƒtƒBƒ“ƒO‚Í–â‘è‚Å‚Í‚È‚¢‚Å‚·‚©B‚Ü‚½ƒT[ƒrƒX–WŠQUŒ‚‚ɂ͑Ήž‚Å‚«‚Ü‚·‚©B‚»‚Ì‘¼‚̃Aƒ^ƒbƒN‚ɑ΂µ‚Ä‚Í‚Ç‚¤‚Å‚·‚©B
185+
186+<BLOCKQUOTE>
187+IPƒXƒv[ƒtƒBƒ“ƒO‚̓tƒ@ƒCƒAƒEƒI[ƒ‹‚Ì•û‚̐ݒè‚Å”ð‚¯‚ç‚ê‚é‚ÆŽv‚¢‚Ü‚·B‚Ü‚½Opengate‚́A³‚µ‚¢ƒpƒXƒ[ƒh‚ð‘—‚Á‚Ä‚«‚½ƒAƒhƒŒƒX‚ɑ΂µ‚ÄŒŠ‚ðŠJ‚¯‚é‚̂ŁAIPƒAƒhƒŒƒX‚ð‹U‚Á‚Ä‚à‚ ‚܂蓾‚É‚Í‚È‚è‚Ü‚¹‚ñB‘¼‚ª”FØ‚ðŽó‚¯‚ÄŽg‚Á‚Ä‚¢‚铯‚¶IPƒAƒhƒŒƒX‚ð¼Ì‚µ‚ăpƒPƒbƒg‚𗬂·‚±‚Ƃ͉”\‚Å‚µ‚傤‚ªAŒ»ŽÀ“I‚È—˜—p‚͓‚¢‚ÆŽv‚Á‚Ä‚¢‚Ü‚·BƒT[ƒrƒX–WŠQ‚ɂ‚¢‚ẮAŠeIPƒAƒhƒŒƒX‚ɑ΂µ‚Ä“ÆŽ©‚̃|[ƒg”ԍ†‚ðˆê‚‘—‚è‚‚¯ŒðM‚·‚éŒ`‘Ô‚Å‚·‚Ì‚Å”ð‚¯‚ç‚ê‚é‚ÆŽv‚¢‚Ü‚·B–WŠQ‚ðŠ®‘S‚ɏœ‹Ž‚·‚邱‚Ƃ͓‚¢‚Å‚·‚ªAƒZƒLƒ…ƒŠƒeƒBƒz[ƒ‹‚ª‚ ‚ê‚΂²‹³Ž¦‰º‚³‚¢Bˆ«ˆÓ‚ðŽ‚Á‚½—˜—p‚ɑ΂µ‚ẮA‘΍ô‚Æ‚µ‚čl‚¦‚ç‚ê‚Ä‚¢‚é‹@”\‚È‚Ç‚ð‘g‚ݍ‡‚킹‚邱‚Æ‚à‰Â”\‚Å‚ ‚낤‚ÆŽv‚¢‚Ü‚·B
188+</BLOCKQUOTE>
189+
190+
191+<LI>
192+ƒT[ƒo‚ÍFreeBSDˆÈŠO‚Å“®‚«‚Ü‚·‚©B
193+
194+<BLOCKQUOTE>
195+Œ»ó‚ł́AFreeBSDê—p‚̃tƒ@ƒCƒAƒEƒI[ƒ‹ƒc[ƒ‹ipfw‚ð—˜—p‚µ‚Ä‚¢‚é‚̂ŁA‘¼‚ÌOS‚Å‚Í“®‚«‚Ü‚¹‚ñB“¯“™‚Ì‹@”\‚ðŽ‚Âƒtƒ@ƒCƒAƒEƒI[ƒ‹ƒc[ƒ‹‚ª‚ ‚ê‚΁A‘Ήž‚·‚é‚悤‚ɏ‘‚«‚©‚¦‚邱‚Ƃ͉”\‚Å‚·B—Ⴆ‚ÎLinux‚Ìipchains‚ɏ‘‚«Š·‚¦‚邱‚Ƃ͉”\‚Å‚·B
196+</BLOCKQUOTE>
197+
198+<LI>
199+’[–––ˆ‚ɃvƒƒZƒX‚ª¶¬‚³‚ê‚Ä‘å—ʂɏ풓‚µ‹CŽ‚¿—Ç‚­‚ ‚è‚Ü‚¹‚ñBˆê‚‚ɂ܂Ƃ܂è‚Ü‚¹‚ñ‚©B
200+
201+<BLOCKQUOTE>
202+ƒAƒ‹ƒSƒŠƒYƒ€‚ðŠÈ’P‚É‚·‚邽‚߂ɍ¡‚Ì•ûŽ®‚ðŽæ‚è‚Ü‚µ‚½BŠÄŽ‹ƒvƒƒZƒX‚ðˆê‚‚ɂ܂Ƃ߂邱‚Æ‚à‰Â”\‚Å‚µ‚傤‚ªA‘½”‚ÌŽžŠÔ‘Ò‚¿‚ƃAƒNƒZƒX‘Ò‚¿‚𐧌䂷‚é‚̂́AƒT[ƒrƒX–WŠQ‚»‚Ì‘¼‚̍l—¶“_‚à‚ ‚èA‚©‚È‚è–Ê“|‚Å‚·BŠO•”ðŒ‚ðŠ¨ˆÄ‚·‚é‚ƈê‚‚ɂ܂Ƃ߂é‹Ù‹}“x‚ª’á‚¢‚ƍl‚¦‚ÄŒã‰ñ‚µ‚É‚µ‚Ä‚¢‚Ü‚·B
203+</BLOCKQUOTE>
204+
205+<LI>
206+IPv6‚ɑΉž‚Å‚«‚Ü‚·‚©B
207+
208+<BLOCKQUOTE>
209+Version
210+1.2.0‚É‚¨‚¢‚đΉž‚µ‚Ü‚µ‚½B
211+</BLOCKQUOTE></LI>
212+
213+</UL>
214+</body>
215+</HTML>
--- a/opengate/opengatesrv/comm-ip6fw.c
+++ b/opengate/opengatesrv/comm-ip6fw.c
@@ -1,400 +1,400 @@
1-/**************************************************
2-opengate server
3- module for Controling ipfw for IPv6 address
4-
5-Copyright (C) 2005 Opengate Project Team
6-Written by Katsuhiko Eguchi, 2005
7-
8-This program is free software; you can redistribute it and/or
9-modify it under the terms of the GNU General Public License
10-as published by the Free Software Foundation; either version 2
11-of the License, or (at your option) any later version.
12-
13-This program is distributed in the hope that it will be useful,
14-but WITHOUT ANY WARRANTY; without even the implied warranty of
15-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16-GNU General Public License for more details.
17-
18-You should have received a copy of the GNU General Public License
19-along with this program; if not, write to the Free Software
20-Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
21-
22-Email: watanaby@is.saga-u.ac.jp
23-**************************************************/
24-
25-#include "opengatesrv.h"
26-
27-char ruleNumber6[WORDMAXLN]; /* ipfw rule number in string form */
28-
29-int getRuleNumber6(char *clientAddr6);
30-int GetRuleNumber6(char *clientAddr6);
31-
32-static void sigFunc(int signo);
33-
34-/******************************************************************/
35-/* open gate for clientAddr6 (nnnn:nnnn::nnnn:nnnn) */
36-/******************************************************************/
37-int openClientGate6(char *clientAddr6, char *userid, char *macAddr6, char *userProperty)
38-{
39- int fd;
40- int ret=0;
41- int retNum;
42-
43- Sigfunc *defaultSigFunc;
44-
45- /* exclusive exec of ipfw to avoid duplicated rule number */
46-
47- /**** prepare ****/
48- /* open lockfile */
49- fd=open(GetConfValue("LockFile"), O_RDWR|O_CREAT,
50- S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH);
51- if(fd==-1){
52- err_msg("ERR at %s#%d: lockfile open error",__FILE__,__LINE__);
53- return 1;
54- }
55-
56- /* set timeout */
57- if((defaultSigFunc=Signal(SIGALRM, sigFunc))==SIG_ERR) return 1;
58- alarm(atoi(GetConfValue("LockTimeout")));
59-
60- /* lock */
61- if(Lock(fd)<0){
62- err_msg("ERR at %s#%d: lock error",__FILE__,__LINE__);
63- return 1;
64- }
65-
66- /* reset timeout */
67- Signal(SIGALRM, defaultSigFunc);
68- alarm(0);
69-
70- /**** read rules ****/
71- if((retNum=GetRuleNumber6(clientAddr6))<0){
72- Unlock(fd);
73- Close(fd);
74- return retNum;
75- }
76-
77- /**** write rules ****/
78- if(atoi(GetConfValue("IpfwScript/Enable"))){
79- /********** use perl script to control firewall ************/
80-
81- if(Systeml(1, GetConfValue("IpfwScript/Path"),GetConfValue("IpfwPath"),
82- ruleNumber6,clientAddr6,
83- userid,macAddr6,userProperty,
84- GetConfValue("IpfwTagNumber"),(char *)0) != 0){
85- err_msg("ERR at %s#%d: exec ipfw script error",__FILE__,__LINE__);
86- ret=1; /* abmormal */
87- }
88- }
89- else{
90- /********** direct control of firewall **********************/
91- /********** add outgoing ipfw rule for the client *************/
92- if(Systeml(1, GetConfValue("IpfwPath"),"-q","add",ruleNumber6,
93- "count","tag",GetConfValue("IpfwTagNumber"),
94- "ip","from",clientAddr6,"to","any",
95- "//", userid, (char *)0) != 0){
96- err_msg("ERR at %s#%d: exec ipfw add error",__FILE__,__LINE__);
97- ret=1;
98- }
99-
100- /********** add incoming ipfw rule for the client *************/
101- if(Systeml(1, GetConfValue("IpfwPath"),"-q","add",ruleNumber6,
102- "count","tag",GetConfValue("IpfwTagNumber"),
103- "ip","from","any","to",clientAddr6,
104- "//", userid, (char *)0) != 0){
105- err_msg("ERR at %s#%d: exec ipfw add error",__FILE__,__LINE__);
106- ret=1; /* abnormal */
107- }
108- }
109-
110- /* uplock */
111- Unlock(fd);
112- Close(fd);
113-
114- return ret;
115-}
116-
117-
118-/******************************************************************/
119-/* close gate for clientAddr (nnnn:nnnn:nnnn::nnnn:nnnn:nnnn) */
120-/******************************************************************/
121-void closeClientGate6(struct clientAddr *pClientAddr, char *userid, char *macAddr6)
122-{
123- double time_l;
124- int hour, min, sec;
125- time_t timeOut;
126-
127- /********** del ipfw rule for the client *************/
128- DelIp6fwRule(pClientAddr->ruleNumber);
129-
130- timeOut = time(NULL);
131- time_l=difftime(timeOut,pClientAddr->timeIn);
132- hour=time_l/60/60;
133- min=(time_l-hour*60*60)/60;
134- sec=(time_l-hour*60*60-min*60);
135- err_msg("CLOS: user %s from %s at %s ( %02d:%02d:%02d )",
136- userid, pClientAddr->ipAddr, macAddr6, hour,min,sec);
137-
138- /* send message to opengatemd server to renew the info in md cache */
139- PutMacAddressToOpengateMd(macAddr6);
140-
141- return;
142-}
143-
144-
145-/***********************************************/
146-/* delete ipfw rule */
147-/***********************************************/
148-void delIp6fwRule(char *ruleNumber)
149-{
150- int ruleCount;
151-
152- /* get rule count */
153- ruleCount = CountRuleNumber6(ruleNumber);
154-
155- /* delete rule */
156- if(ruleCount>0){
157- if(Systeml(1, GetConfValue("IpfwPath"),"delete",ruleNumber,(char *)0) != 0){
158- err_msg("ERR at %s#%d: exec ipfw del error",__FILE__,__LINE__);
159- }
160- }
161-}
162-
163-/**************************************/
164-/* get unused ipfw rule number */
165-/* error if addr is already in rules */
166-/* return value ret>0: acquired rule number that can be used */
167-/* ret=-1: no rule number available */
168-/* ret=-2: some system error occured */
169-/* ret=-num: the ip address is already registered in rule 'num' */
170-/**************************************/
171-int getRuleNumber6(char *clientAddr6)
172-{
173- FILE *fpipe;
174- char buf[BUFFMAXLN];
175- int num,newNum,readinNum;
176- char *p;
177- int ip6fwmin;
178- int ip6fwmax;
179- int ip6fwinterval;
180- int portStatus;
181- int fileStatus;
182- enum status {NORMAL, ABNORMAL, FOUND, NOTFOUND, DUP};
183-
184- if((fpipe=Popenl(1, "r", GetConfValue("IpfwPath"),"list",(char *)0)) == NULL){
185- err_msg("ERR at %s#%d: exec ipfw list error",__FILE__,__LINE__);
186- }
187-
188- /* search unused rule number in the list read from pipe */
189- /* check duplication of clientAddr to existing rules */
190-
191- newNum=-1;
192- readinNum=0;
193- portStatus=NOTFOUND;
194- fileStatus=NORMAL;
195-
196- /* get rule range from config */
197- ip6fwmin=atoi(GetConfValue("IpfwRule/Min"));
198- ip6fwmax=atoi(GetConfValue("IpfwRule/Max"));
199- ip6fwinterval=atoi(GetConfValue("IpfwRule/Interval"));
200-
201- /* each port is checked whether it can be used for new rule or not */
202- for(num=ip6fwmin;num<=ip6fwmax;num+=ip6fwinterval){
203-
204- /* skip rules smaller than num */
205- while(readinNum<num){
206- if(fgets(buf, BUFFMAXLN, fpipe)==NULL){
207- if(feof(fpipe)==1) fileStatus=EOF;
208- else fileStatus=ABNORMAL;
209- break;
210- }
211- if( sscanf(buf, "%d", &readinNum) !=1 ){
212- err_msg("ERR at %s#%d: abnormal ipfw response[ %s ]",
213- __FILE__,__LINE__,buf);
214- fileStatus=ABNORMAL; /* abnormal responsem exit internal loop */
215- break;
216- }
217- }
218-
219- if(fileStatus==ABNORMAL){
220- /* abnormal file proc, exit external loop */
221- break;
222- }
223-
224- if(fileStatus==EOF){
225- /* EOF before reading a rule that is larger or equal to num */
226- /* it means that num can be used for new client */
227- portStatus=FOUND;
228- newNum=num;
229- break;
230- }
231-
232- /* at this point, readinNum is larger or equal to num */
233- /* check number duplication */
234- if(readinNum==num){
235-
236- /* if clientAddr is found in the existing rule, then err exit. */
237- if(((p=(char*)strstr(buf+1,clientAddr6))!=NULL)
238- && isspace(*(p-1))
239- && !isalnum(*(p+strlen(clientAddr6)))){
240- /* the clientAddr is found in the rule num */
241- newNum=num;
242- portStatus=DUP;
243- break;
244- }
245- /* the num is used for other client */
246- /* go to checking of next num */
247- else{
248- continue;
249- }
250- }
251-
252- /* at this point, readNum is larger than num */
253- /* it means that num can be used for new client */
254- newNum=num;
255- portStatus=FOUND;
256- break;
257- }
258-
259- /* close pipe */
260- Pclose(fpipe);
261-
262- if(fileStatus==ABNORMAL){
263- err_msg("ERR at %s#%d: abnormal ipfw response ",__FILE__,__LINE__);
264- return -2;
265- }
266- if(portStatus==NOTFOUND){
267- err_msg("ERR at %s#%d: cannot get unused ipfw number",__FILE__,__LINE__);
268- return -1;
269- }
270- if(portStatus==DUP){
271- snprintf(ruleNumber6, WORDMAXLN, "%d", newNum); /* to string */
272- return -newNum;
273- }
274-
275- snprintf(ruleNumber6, WORDMAXLN, "%d", newNum); /* to string */
276-
277- return newNum;
278-}
279-
280-/*******************************/
281-/* get packet count from ipfw */
282-/*******************************/
283-int getPacketCount6(char *ruleNumber)
284-{
285- FILE *fpipe;
286- char buf[BUFFMAXLN];
287- int rule;
288- int packets,packetsSum;
289-
290- /* exec proc */
291- if((fpipe=Popenl(1, "r", GetConfValue("IpfwPath"),"-a","list",ruleNumber,(char *)0)) == NULL){
292- err_msg("ERR at %s#%d: exec ipfw -a list error",__FILE__,__LINE__);
293- return 0; /* abnormal */
294- }
295-
296- /* search unused number in the list read from pipe */
297- packetsSum=0;
298-
299- while(fgets(buf, BUFFMAXLN, fpipe)!=NULL){
300- sscanf(buf, "%d %d", &rule, &packets); /* get packet count */
301- packetsSum+=packets;
302- }
303-
304- /* close pipe */
305- Pclose(fpipe);
306-
307- return packetsSum;
308-}
309-
310-/**********************************************/
311-/* get rule count registed to a rule number */
312-/**********************************************/
313-int countRuleNumber6(char *ruleNumber)
314-{
315- FILE *fpipe;
316- char buf[BUFFMAXLN];
317- int ruleCount;
318-
319- /* exec proc */
320- if((fpipe=Popenl(1, "r", GetConfValue("IpfwPath"),"list",ruleNumber,(char *)0)) == NULL){
321- err_msg("ERR at %s#%d: exec ipfw list error",__FILE__,__LINE__);
322- }
323-
324- /* count line read from pipe */
325- ruleCount = 0;
326- while(fgets(buf, BUFFMAXLN, fpipe)!=0) ruleCount++;
327-
328- /* close pipe */
329- Pclose(fpipe);
330-
331- return ruleCount;
332-}
333-
334-/**********************************************/
335-/* function called by signal int */
336-/**********************************************/
337-static void sigFunc(int signo)
338-{
339- return;
340-}
341-
342-/**********************************************/
343-/**********************************************/
344-
345-int GetRuleNumber6(char *clientAddr6)
346-{
347- int ret;
348-
349- if(debug>1) err_msg("DEBUG:=>getRuleNumber6(%s)",clientAddr6);
350- ret=getRuleNumber6(clientAddr6);
351- if(debug>1) err_msg("DEBUG:(%d)<=getRuleNumber6( )",ret);
352-
353- return ret;
354-}
355-
356-int OpenClientGate6(char *clientAddr6, char *userid, char *macAddr6, char *userProperty)
357-{
358- int ret;
359-
360- if(debug>1) err_msg("DEBUG:=>openClientGate6(%s,%s,%s,%s)",clientAddr6,userid,macAddr6,userProperty);
361- ret=openClientGate6(clientAddr6, userid, macAddr6, userProperty);
362- if(debug>1) err_msg("DEBUG:(%d)<=openClientGate6( )",ret);
363-
364- return ret;
365-}
366-
367-void CloseClientGate6(struct clientAddr *pClientAddr, char *userid, char *macAddr6)
368-{
369- if(debug>1) err_msg("DEBUG:=>closeClientGate6(%p,%s,%s)",pClientAddr,userid,macAddr6);
370- closeClientGate6(pClientAddr,userid,macAddr6);
371- if(debug>1) err_msg("DEBUG:<=closeClientGate6( )");
372-}
373-
374-int GetPacketCount6(char *ruleNumber)
375-{
376- int ret;
377-
378- if(debug>1) err_msg("DEBUG:=>getPacketCount6(%s)",ruleNumber);
379- ret=getPacketCount6(ruleNumber);
380- if(debug>1) err_msg("DEBUG:(%d)<=getPacketCount6( )",ret);
381-
382- return ret;
383-}
384-
385-int CountRuleNumber6(char *ruleNumber)
386-{
387- int ret;
388-
389- if(debug>1) err_msg("DEBUG:=>countRuleNumber6(%s)", ruleNumber);
390- ret=countRuleNumber6(ruleNumber);
391- if(debug>1) err_msg("DEBUG:(%d)<=countRuleNumber6( )",ret);
392-
393- return ret;
394-}
395-
396-void DelIp6fwRule(char *ruleNumber){
397- if(debug>1) err_msg("DEBUG:=>delIp6fwRule(%s)",ruleNumber);
398- delIp6fwRule(ruleNumber);
399- if(debug>1) err_msg("DEBUG:<=delIp6fwRule( )");
400-}
1+/**************************************************
2+opengate server
3+ module for Controling ipfw for IPv6 address
4+
5+Copyright (C) 2005 Opengate Project Team
6+Written by Katsuhiko Eguchi, 2005
7+
8+This program is free software; you can redistribute it and/or
9+modify it under the terms of the GNU General Public License
10+as published by the Free Software Foundation; either version 2
11+of the License, or (at your option) any later version.
12+
13+This program is distributed in the hope that it will be useful,
14+but WITHOUT ANY WARRANTY; without even the implied warranty of
15+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16+GNU General Public License for more details.
17+
18+You should have received a copy of the GNU General Public License
19+along with this program; if not, write to the Free Software
20+Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
21+
22+Email: watanaby@is.saga-u.ac.jp
23+**************************************************/
24+
25+#include "opengatesrv.h"
26+
27+char ruleNumber6[WORDMAXLN]; /* ipfw rule number in string form */
28+
29+int getRuleNumber6(char *clientAddr6);
30+int GetRuleNumber6(char *clientAddr6);
31+
32+static void sigFunc(int signo);
33+
34+/******************************************************************/
35+/* open gate for clientAddr6 (nnnn:nnnn::nnnn:nnnn) */
36+/******************************************************************/
37+int openClientGate6(char *clientAddr6, char *userid, char *macAddr6, char *userProperty)
38+{
39+ int fd;
40+ int ret=0;
41+ int retNum;
42+
43+ Sigfunc *defaultSigFunc;
44+
45+ /* exclusive exec of ipfw to avoid duplicated rule number */
46+
47+ /**** prepare ****/
48+ /* open lockfile */
49+ fd=open(GetConfValue("LockFile"), O_RDWR|O_CREAT,
50+ S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH);
51+ if(fd==-1){
52+ err_msg("ERR at %s#%d: lockfile open error",__FILE__,__LINE__);
53+ return 1;
54+ }
55+
56+ /* set timeout */
57+ if((defaultSigFunc=Signal(SIGALRM, sigFunc))==SIG_ERR) return 1;
58+ alarm(atoi(GetConfValue("LockTimeout")));
59+
60+ /* lock */
61+ if(Lock(fd)<0){
62+ err_msg("ERR at %s#%d: lock error",__FILE__,__LINE__);
63+ return 1;
64+ }
65+
66+ /* reset timeout */
67+ Signal(SIGALRM, defaultSigFunc);
68+ alarm(0);
69+
70+ /**** read rules ****/
71+ if((retNum=GetRuleNumber6(clientAddr6))<0){
72+ Unlock(fd);
73+ Close(fd);
74+ return retNum;
75+ }
76+
77+ /**** write rules ****/
78+ if(atoi(GetConfValue("IpfwScript/Enable"))){
79+ /********** use perl script to control firewall ************/
80+
81+ if(Systeml(1, GetConfValue("IpfwScript/Path"),GetConfValue("IpfwPath"),
82+ ruleNumber6,clientAddr6,
83+ userid,macAddr6,userProperty,
84+ GetConfValue("IpfwTagNumber"),(char *)0) != 0){
85+ err_msg("ERR at %s#%d: exec ipfw script error",__FILE__,__LINE__);
86+ ret=1; /* abmormal */
87+ }
88+ }
89+ else{
90+ /********** direct control of firewall **********************/
91+ /********** add outgoing ipfw rule for the client *************/
92+ if(Systeml(1, GetConfValue("IpfwPath"),"-q","add",ruleNumber6,
93+ "count","tag",GetConfValue("IpfwTagNumber"),
94+ "ip","from",clientAddr6,"to","any",
95+ "//", userid, (char *)0) != 0){
96+ err_msg("ERR at %s#%d: exec ipfw add error",__FILE__,__LINE__);
97+ ret=1;
98+ }
99+
100+ /********** add incoming ipfw rule for the client *************/
101+ if(Systeml(1, GetConfValue("IpfwPath"),"-q","add",ruleNumber6,
102+ "count","tag",GetConfValue("IpfwTagNumber"),
103+ "ip","from","any","to",clientAddr6,
104+ "//", userid, (char *)0) != 0){
105+ err_msg("ERR at %s#%d: exec ipfw add error",__FILE__,__LINE__);
106+ ret=1; /* abnormal */
107+ }
108+ }
109+
110+ /* uplock */
111+ Unlock(fd);
112+ Close(fd);
113+
114+ return ret;
115+}
116+
117+
118+/******************************************************************/
119+/* close gate for clientAddr (nnnn:nnnn:nnnn::nnnn:nnnn:nnnn) */
120+/******************************************************************/
121+void closeClientGate6(struct clientAddr *pClientAddr, char *userid, char *macAddr6)
122+{
123+ double time_l;
124+ int hour, min, sec;
125+ time_t timeOut;
126+
127+ /********** del ipfw rule for the client *************/
128+ DelIp6fwRule(pClientAddr->ruleNumber);
129+
130+ timeOut = time(NULL);
131+ time_l=difftime(timeOut,pClientAddr->timeIn);
132+ hour=time_l/60/60;
133+ min=(time_l-hour*60*60)/60;
134+ sec=(time_l-hour*60*60-min*60);
135+ err_msg("CLOS: user %s from %s at %s ( %02d:%02d:%02d )",
136+ userid, pClientAddr->ipAddr, macAddr6, hour,min,sec);
137+
138+ /* send message to opengatemd server to renew the info in md cache */
139+ PutMacAddressToOpengateMd(macAddr6);
140+
141+ return;
142+}
143+
144+
145+/***********************************************/
146+/* delete ipfw rule */
147+/***********************************************/
148+void delIp6fwRule(char *ruleNumber)
149+{
150+ int ruleCount;
151+
152+ /* get rule count */
153+ ruleCount = CountRuleNumber6(ruleNumber);
154+
155+ /* delete rule */
156+ if(ruleCount>0){
157+ if(Systeml(1, GetConfValue("IpfwPath"),"delete",ruleNumber,(char *)0) != 0){
158+ err_msg("ERR at %s#%d: exec ipfw del error",__FILE__,__LINE__);
159+ }
160+ }
161+}
162+
163+/**************************************/
164+/* get unused ipfw rule number */
165+/* error if addr is already in rules */
166+/* return value ret>0: acquired rule number that can be used */
167+/* ret=-1: no rule number available */
168+/* ret=-2: some system error occured */
169+/* ret=-num: the ip address is already registered in rule 'num' */
170+/**************************************/
171+int getRuleNumber6(char *clientAddr6)
172+{
173+ FILE *fpipe;
174+ char buf[BUFFMAXLN];
175+ int num,newNum,readinNum;
176+ char *p;
177+ int ip6fwmin;
178+ int ip6fwmax;
179+ int ip6fwinterval;
180+ int portStatus;
181+ int fileStatus;
182+ enum status {NORMAL, ABNORMAL, FOUND, NOTFOUND, DUP};
183+
184+ if((fpipe=Popenl(1, "r", GetConfValue("IpfwPath"),"list",(char *)0)) == NULL){
185+ err_msg("ERR at %s#%d: exec ipfw list error",__FILE__,__LINE__);
186+ }
187+
188+ /* search unused rule number in the list read from pipe */
189+ /* check duplication of clientAddr to existing rules */
190+
191+ newNum=-1;
192+ readinNum=0;
193+ portStatus=NOTFOUND;
194+ fileStatus=NORMAL;
195+
196+ /* get rule range from config */
197+ ip6fwmin=atoi(GetConfValue("IpfwRule/Min"));
198+ ip6fwmax=atoi(GetConfValue("IpfwRule/Max"));
199+ ip6fwinterval=atoi(GetConfValue("IpfwRule/Interval"));
200+
201+ /* each port is checked whether it can be used for new rule or not */
202+ for(num=ip6fwmin;num<=ip6fwmax;num+=ip6fwinterval){
203+
204+ /* skip rules smaller than num */
205+ while(readinNum<num){
206+ if(fgets(buf, BUFFMAXLN, fpipe)==NULL){
207+ if(feof(fpipe)==1) fileStatus=EOF;
208+ else fileStatus=ABNORMAL;
209+ break;
210+ }
211+ if( sscanf(buf, "%d", &readinNum) !=1 ){
212+ err_msg("ERR at %s#%d: abnormal ipfw response[ %s ]",
213+ __FILE__,__LINE__,buf);
214+ fileStatus=ABNORMAL; /* abnormal responsem exit internal loop */
215+ break;
216+ }
217+ }
218+
219+ if(fileStatus==ABNORMAL){
220+ /* abnormal file proc, exit external loop */
221+ break;
222+ }
223+
224+ if(fileStatus==EOF){
225+ /* EOF before reading a rule that is larger or equal to num */
226+ /* it means that num can be used for new client */
227+ portStatus=FOUND;
228+ newNum=num;
229+ break;
230+ }
231+
232+ /* at this point, readinNum is larger or equal to num */
233+ /* check number duplication */
234+ if(readinNum==num){
235+
236+ /* if clientAddr is found in the existing rule, then err exit. */
237+ if(((p=(char*)strstr(buf+1,clientAddr6))!=NULL)
238+ && isspace(*(p-1))
239+ && !isalnum(*(p+strlen(clientAddr6)))){
240+ /* the clientAddr is found in the rule num */
241+ newNum=num;
242+ portStatus=DUP;
243+ break;
244+ }
245+ /* the num is used for other client */
246+ /* go to checking of next num */
247+ else{
248+ continue;
249+ }
250+ }
251+
252+ /* at this point, readNum is larger than num */
253+ /* it means that num can be used for new client */
254+ newNum=num;
255+ portStatus=FOUND;
256+ break;
257+ }
258+
259+ /* close pipe */
260+ Pclose(fpipe);
261+
262+ if(fileStatus==ABNORMAL){
263+ err_msg("ERR at %s#%d: abnormal ipfw response ",__FILE__,__LINE__);
264+ return -2;
265+ }
266+ if(portStatus==NOTFOUND){
267+ err_msg("ERR at %s#%d: cannot get unused ipfw number",__FILE__,__LINE__);
268+ return -1;
269+ }
270+ if(portStatus==DUP){
271+ snprintf(ruleNumber6, WORDMAXLN, "%d", newNum); /* to string */
272+ return -newNum;
273+ }
274+
275+ snprintf(ruleNumber6, WORDMAXLN, "%d", newNum); /* to string */
276+
277+ return newNum;
278+}
279+
280+/*******************************/
281+/* get packet count from ipfw */
282+/*******************************/
283+int getPacketCount6(char *ruleNumber)
284+{
285+ FILE *fpipe;
286+ char buf[BUFFMAXLN];
287+ int rule;
288+ int packets,packetsSum;
289+
290+ /* exec proc */
291+ if((fpipe=Popenl(1, "r", GetConfValue("IpfwPath"),"-a","list",ruleNumber,(char *)0)) == NULL){
292+ err_msg("ERR at %s#%d: exec ipfw -a list error",__FILE__,__LINE__);
293+ return 0; /* abnormal */
294+ }
295+
296+ /* search unused number in the list read from pipe */
297+ packetsSum=0;
298+
299+ while(fgets(buf, BUFFMAXLN, fpipe)!=NULL){
300+ sscanf(buf, "%d %d", &rule, &packets); /* get packet count */
301+ packetsSum+=packets;
302+ }
303+
304+ /* close pipe */
305+ Pclose(fpipe);
306+
307+ return packetsSum;
308+}
309+
310+/**********************************************/
311+/* get rule count registed to a rule number */
312+/**********************************************/
313+int countRuleNumber6(char *ruleNumber)
314+{
315+ FILE *fpipe;
316+ char buf[BUFFMAXLN];
317+ int ruleCount;
318+
319+ /* exec proc */
320+ if((fpipe=Popenl(1, "r", GetConfValue("IpfwPath"),"list",ruleNumber,(char *)0)) == NULL){
321+ err_msg("ERR at %s#%d: exec ipfw list error",__FILE__,__LINE__);
322+ }
323+
324+ /* count line read from pipe */
325+ ruleCount = 0;
326+ while(fgets(buf, BUFFMAXLN, fpipe)!=0) ruleCount++;
327+
328+ /* close pipe */
329+ Pclose(fpipe);
330+
331+ return ruleCount;
332+}
333+
334+/**********************************************/
335+/* function called by signal int */
336+/**********************************************/
337+static void sigFunc(int signo)
338+{
339+ return;
340+}
341+
342+/**********************************************/
343+/**********************************************/
344+
345+int GetRuleNumber6(char *clientAddr6)
346+{
347+ int ret;
348+
349+ if(debug>1) err_msg("DEBUG:=>getRuleNumber6(%s)",clientAddr6);
350+ ret=getRuleNumber6(clientAddr6);
351+ if(debug>1) err_msg("DEBUG:(%d)<=getRuleNumber6( )",ret);
352+
353+ return ret;
354+}
355+
356+int OpenClientGate6(char *clientAddr6, char *userid, char *macAddr6, char *userProperty)
357+{
358+ int ret;
359+
360+ if(debug>1) err_msg("DEBUG:=>openClientGate6(%s,%s,%s,%s)",clientAddr6,userid,macAddr6,userProperty);
361+ ret=openClientGate6(clientAddr6, userid, macAddr6, userProperty);
362+ if(debug>1) err_msg("DEBUG:(%d)<=openClientGate6( )",ret);
363+
364+ return ret;
365+}
366+
367+void CloseClientGate6(struct clientAddr *pClientAddr, char *userid, char *macAddr6)
368+{
369+ if(debug>1) err_msg("DEBUG:=>closeClientGate6(%p,%s,%s)",pClientAddr,userid,macAddr6);
370+ closeClientGate6(pClientAddr,userid,macAddr6);
371+ if(debug>1) err_msg("DEBUG:<=closeClientGate6( )");
372+}
373+
374+int GetPacketCount6(char *ruleNumber)
375+{
376+ int ret;
377+
378+ if(debug>1) err_msg("DEBUG:=>getPacketCount6(%s)",ruleNumber);
379+ ret=getPacketCount6(ruleNumber);
380+ if(debug>1) err_msg("DEBUG:(%d)<=getPacketCount6( )",ret);
381+
382+ return ret;
383+}
384+
385+int CountRuleNumber6(char *ruleNumber)
386+{
387+ int ret;
388+
389+ if(debug>1) err_msg("DEBUG:=>countRuleNumber6(%s)", ruleNumber);
390+ ret=countRuleNumber6(ruleNumber);
391+ if(debug>1) err_msg("DEBUG:(%d)<=countRuleNumber6( )",ret);
392+
393+ return ret;
394+}
395+
396+void DelIp6fwRule(char *ruleNumber){
397+ if(debug>1) err_msg("DEBUG:=>delIp6fwRule(%s)",ruleNumber);
398+ delIp6fwRule(ruleNumber);
399+ if(debug>1) err_msg("DEBUG:<=delIp6fwRule( )");
400+}
--- a/opengate/opengatesrv/main.c
+++ b/opengate/opengatesrv/main.c
@@ -73,6 +73,7 @@ int main(int argc, char **argv)
7373 int cookieAuth=FALSE; /* Auth with HTTP-Cookie is passed */
7474 int isUidInEnv=FALSE; /* userid is included in environment (shibb/basic) */
7575 char closeTime[WORDMAXLN]; /* session closing time ('-'=not close) */
76+ char* proto=""; /* authentication protocol */
7677
7778 /* drop root privilege */
7879 seteuid(getuid());
@@ -149,9 +150,19 @@ int main(int argc, char **argv)
149150 /* get MAC address from arp and ndp */
150151 GetMacAddr(clientAddr4, macAddr4, clientAddr6, macAddr6,ipStatus);
151152
152- /* check user by authenticate servers */
153- if(cookieAuth||isUidInEnv) authResult=ACCEPT;
154- else{
153+ /* pass auth by cookie */
154+ if(cookieAuth) authResult=ACCEPT;
155+
156+ /* if exist userid in environment variable (set by shibboleth/httpbasic) */
157+ /* and the protocol setting is shibboleth/httpbasic, then pass */
158+ ResetAuthServerPointer();
159+ proto=GetConfValue("AuthServer/Protocol");
160+ if( isUidInEnv &&
161+ (strcmp(proto,"shibboleth")==0 || strcmp(proto,"httpbasic")==0)
162+ ) authResult=ACCEPT;
163+
164+ /* if not pass auth, check by auth servers */
165+ if(authResult!=ACCEPT){
155166 ResetAuthServerPointer();
156167 while(SelectNextAuthServer()){
157168