とりあえずやってみる

普通に生活していて、ちょっと気になったことなどを書いてみる予定。
リンクは自由にどうぞ。

ATOK2008(というかJUSTSYSTEM製品)は複数台のPCにインストールしていいらしい

2008年02月19日 | PC関連
ニコニコ動画より、ATOK2008が凄い件について
JUSTSYSTEM FAQより、2台のパソコンにインストールして使用したい

ATOK2008がすごそうなのでライセンスとかを調べてみたのですが、一人のユーザが同時に使用しないのであれば複数台のPCにインストールしていいようです。
価格はAmazonで8,087円、Just My Shopでのダウンロード販売なら6,615円。
使いやすそうだし買ってみるのもありかな。

価格.comの「激安!大幅値下げランキング」が復活したらしい

2008年02月19日 | ちょっと興味をひかれたもの
GIGAZINEより、価格.com、お得な品が一目瞭然の「大幅値下げランキング」開始

去年の年末に価格.comがやっていた大幅値下げランキングが復活したそうです。
こういうサービスが復活してくれるのはうれしいなぁ。

とりあえず、東芝のHDDVDレコーダが安売りされるのを待ってます。

IX2015買ってみました(2/2)

2008年02月08日 | PC関連
設定後のコンフィグはこんな感じになりました。
細かいパラメータはこれから少しずつつめていく予定です。

≪全コンフィグ≫
ix2015(config)# show run
Current configuration : 5621 bytes

! NEC Portable Internetwork Core Operating System Software
! IX Series IX2010 (magellan-sec) Software, Version 7.3.21, RELEASE SOFTWARE
! Compiled Nov 17-Thu-2005 11:45:52 JST #2
! Current time Feb 08-Fri-2008 23:14:35 JST
!
!
hostname ix2015
timezone +09 00
!
!
username admin password hash 00000000000000000000 administrator
!
!
!
!
ntp ip enable
ntp server 210.173.160.27
ntp server 210.173.160.57
ntp server 210.173.160.87
ntp interval 3600
!
!
!
!
syslog ip host 172.16.100.1
!
!
ip route default FastEthernet0/0.1
ip route 220.210.194.0/25 FastEthernet0/0.2
ip route 220.210.195.0/26 FastEthernet0/0.2
ip route 220.210.195.64/26 FastEthernet0/0.2
ip route 220.210.196.0/25 FastEthernet0/0.2
ip route 220.210.196.128/26 FastEthernet0/0.2
ip route 220.210.197.0/25 FastEthernet0/0.2
ip route 220.210.198.0/26 FastEthernet0/0.2
ip route 220.210.199.32/27 FastEthernet0/0.2
ip route 220.210.199.64/28 FastEthernet0/0.2
ip route 220.210.199.144/28 FastEthernet0/0.2
ip route 220.210.199.160/27 FastEthernet0/0.2
ip route 220.210.199.192/27 FastEthernet0/0.2
ip route 220.210.199.200/29 FastEthernet0/0.2
ip dhcp enable
ip access-list management permit ip src 172.16.100.0/24 dest any
ip access-list all-forward permit ip src any dest any
ip access-list nbt-block deny tcp src any sport any dest any dport range 137 139
ip access-list nbt-block deny udp src any sport any dest any dport range 137 139
ip access-list nbt-block deny tcp src any sport any dest any dport eq 445
ip access-list nbt-block deny udp src any sport any dest any dport eq 445
ip access-list specialuse deny ip src 0.0.0.0/8 dest any
ip access-list specialuse deny ip src 10.0.0.0/8 dest any
ip access-list specialuse deny ip src 172.16.0.0/12 dest any
ip access-list specialuse deny ip src 192.168.0.0/16 dest any
ip access-list specialuse deny ip src 127.0.0.0/8 dest any
ip access-list specialuse deny ip src 169.254.0.0/16 dest any
ip access-list specialuse deny ip src 192.0.2.0/24 dest any
ip access-list specialuse deny ip src 224.0.0.0/3 dest any
ip access-list drop_prxychk deny tcp src 218.41.48.139/32 sport any dest any dport eq 80
ip access-list guest-in deny ip src any dest 172.16.0.0/16
ip access-list guest-in permit ip src any dest any
ip ufs-cache max-entries 20000
ip ufs-cache enable
!
!
!
!
snmp-agent ip enable
snmp-agent ip community public management
!
!
dns cache enable
!
proxy-dns ip enable
proxy-dns ip query-interval 1
proxy-dns interface FastEthernet0/0.1 priority 200
!
telnet-server ip enable
telnet-server ip access-list management
!
!
!
!
!
!
!
!
ppp profile flets-square
 authentication myname guest@flets
 authentication password guest@flets guest
!
ppp profile internet
 authentication myname hogehoge@hoge.ne.jp
 authentication password hogehoge@hoge.ne.jp ISP-Password
!
ip dhcp profile dhcp_guest
 assignable-range 192.168.10.201 192.168.10.220
 subnet-mask 255.255.255.0
 dns-server 192.168.10.254
!
ip dhcp profile dhcp_local
 assignable-range 172.16.100.201 172.16.100.220
 subnet-mask 255.255.255.0
 dns-server 172.16.100.254
!
class-map match-any ch_class1
 match input-interface FastEthernet0/1.0 high
 match local-generate-packet high
 match any low
!
policy-map qos-policy1
 class ch_class1
 class class-local
 class class-default
!
device FastEthernet0/0
!
device FastEthernet0/1
!
device FastEthernet1/0
!
device BRI1/0
 isdn switch-type hsd128k
!
interface FastEthernet0/0.0
 no ip address
 no shutdown
!
interface FastEthernet0/1.0
 description LOCAL-NET
 ip address 172.16.100.254/24
 ip dhcp binding dhcp_local
 no shutdown
!
interface FastEthernet1/0.0
 description GUEST
 ip address 192.168.10.254/24
 ip dhcp binding dhcp_guest
 ip filter guest-in 100 in
 no shutdown
!
interface BRI1/0.0
 encapsulation ppp
 no auto-connect
 no ip address
 shutdown
!
interface FastEthernet0/0.1
 description PPPoE_ISP
 encapsulation pppoe
 auto-connect
 ppp binding internet
 ip address ipcp
 ip mtu 1454
 ip tcp adjust-mss 1414
 ip napt enable
 ip napt translation max-entries 30000
 ip napt service http 172.16.100.1 none tcp 80
 ip napt service ping 172.16.100.1 none icmp any
 ip napt service SSH 172.16.100.1 none tcp 22
 ip napt service SMTP 172.16.100.1 none tcp 25
 ip napt service SMTP-587 172.16.100.1 none tcp 587
 ip napt service IMAP4-SSL 172.16.100.1 none tcp 993
 ip napt service LimeCHAT_FT 172.16.100.10 none tcp 1096
 ip napt service MSNMessenger_APWB 172.16.100.10 none tcp 1503
 ip napt service MSNMessenger_FT 172.16.100.10 none tcp 6891-6900
 ip filter nbt-block 10 in
 ip filter specialuse 20 in
 ip filter drop_proxychk 100 in
 ip filter all-forward 65000 in
 ip filter nbt-block 10 out
 ip filter all-forward 65000 out
 service-policy enable
 service-policy output qos-policy1
 no shutdown
!
interface FastEthernet0/0.2
 description PPPoE_FLETS-SQUARE
 encapsulation pppoe
 auto-connect
 ppp binding flets-square
 ip address ipcp
 ip mtu 1454
 ip tcp adjust-mss 1414
 ip napt enable
 ip filter nbt-block 10 in
 ip filter specialuse 20 in
 ip filter all-forward 65000 in
 ip filter nbt-block 10 out
 ip filter all-forward 65000 out
 no shutdown
!
interface Loopback0.0
 no ip address
!
interface Null0.0
 no ip address
ix2015(config)#

IX2015買ってみました(1/2)

2008年02月08日 | PC関連
お家で使ってるブロードバンドルータを変更してみようと思い、ヤフオクでIX2015を落札してみました。ちなみに2/4の夜中に銀行振り込み、2/7に不在通知、2/8の夜受け取り。消費税&送料込みで10,245円。
IX2015はNECが作った、CiscoっぽいCLIで設定を行う(というかWebブラウザからの設定ができない)ファンレス&省スペース&結構高性能なルータです。
個人で使うブロードバンドルータとしてはかなり役不足な感じだけど、安かったから我慢してもらいます。
今まで使っていたブロードバンドルータ(BBR-4HG)は予備として押入れ行き。

設定とかの覚書は以下の通り。NAPTだからこんなにフィルタを設定する必要はなさそうですが。。。

≪お家LANの設計について≫
・自宅鯖やメインPCは1000BASE-TのL2SW配下に設置
・NDSLやFONを接続するセグメントを隔離し、LAN内へのアクセスを遮断
・ISPとFlets Squareの両方と常時PPPoEセッションを張る(Flets ADSL)
・NAPTのテーブルサイズを多めに用意(とりあえず3万くらい?)
・したらば書き込み時にhttp鯖へ逆アクセスしてくる通信を遮断



≪構成図≫

[Flets ADSL]
 |
[modem]
 |
 |Fa0/0 Fa1/0[4portFE]
[IX2015]---------------[FON,DD-WRT]
 |Fa0/1         (FONとかNDSL接続用:192.168.10.0/24)
 |
[FXG-08IM(1000Base-T)](自宅鯖,PC:172.16.100.0/24)



≪参考URL≫
http://flets.com/square/routing.html
http://www.nec.co.jp/ixseries/ix2k3k/Support/flets/flets_square_e.html
http://www.nec.co.jp/ixseries/ix2k3k/Manual/index.html
http://www5d.biglobe.ne.jp/~stssk/rfc/rfc3330j.html
http://www.uinet.or.jp/~taka/network/ix2015.html
http://k-net.pinky.ne.jp/port.htm
http://www.microsoft.com/japan/technet/prodtechnol/winxppro/deploy/worki01.mspx



≪本体基本設定≫

hostname ix2015
username admin password plain adminpasswd administrator

ip access-list management permit ip src 172.16.100.0/24 dest any
ip access-list all-forward permit ip src any dest any
ip access-list nbt-block deny tcp src any sport any dest any dport range 137 139
ip access-list nbt-block deny udp src any sport any dest any dport range 137 139
ip access-list nbt-block deny tcp src any sport any dest any dport eq 445
ip access-list nbt-block deny udp src any sport any dest any dport eq 445
ip access-list specialuse deny ip src 0.0.0.0/8 dest any
ip access-list specialuse deny ip src 10.0.0.0/8 dest any
ip access-list specialuse deny ip src 172.16.0.0/12 dest any
ip access-list specialuse deny ip src 192.168.0.0/16 dest any
ip access-list specialuse deny ip src 127.0.0.0/8 dest any
ip access-list specialuse deny ip src 169.254.0.0/16 dest any
ip access-list specialuse deny ip src 192.0.2.0/24 dest any
ip access-list specialuse deny ip src 224.0.0.0/3 dest any
ip access-list drop_prxychk deny tcp src 218.41.48.139/32 sport any dest any dport eq 80
ip access-list guest-in deny ip src any dest 172.16.0.0/16
ip access-list guest-in permit ip src any dest any

telnet-server ip access-list management
telnet-server ip enable
snmp-agent ip community public management
snmp-agent ip enable
logging buffered 4096 cyclic
syslog ip host 172.16.100.1
ntp server 210.173.160.27
ntp server 210.173.160.57
ntp server 210.173.160.87
ntp interval 3600
ntp ip enable

dns cache enable
proxy-dns ip enable
proxy-dns ip query-interval 1
ip ufs-cache enable
ip ufs-cache max-entries 20000

ip dhcp profile dhcp_guest
assignable-range 192.168.10.201 192.168.10.220
subnet-mask 255.255.255.0
dns-server 192.168.10.254


ip dhcp profile dhcp_local
assignable-range 172.16.100.201 172.16.100.220
subnet-mask 255.255.255.0
dns-server 172.16.100.254
exit

ip dhcp enable

interface FastEthernet1/0.0
description GUEST
ip filter guest-in 100 in
ip address 192.168.10.254/24
ip dhcp binding dhcp_guest
no shutdown

interface FastEthernet0/1.0
description LOCAL-NET
ip address 172.16.100.254/24
ip dhcp binding dhcp_local
no shutdown
exit



≪ISP設定等≫

ppp profile internet
authentication myname hogehoge@hoge.ne.jp
authentication password hogehoge@hoge.ne.jp ISP-Password

interface FastEthernet0/0.1
description PPPoE_ISP
encapsulation pppoe
auto-connect
ppp binding internet
ip address ipcp
ip mtu 1454
ip tcp adjust-mss 1414
ip napt enable
ip napt translation max-entries 30000
ip filter nbt-block 10 in
ip filter specialuse 20 in
ip filter drop_proxychk 100 in
ip filter all-forward 65000 in
ip filter nbt-block 10 out
ip filter all-forward 65000 out
no shutdown
exit

ip route default FastEthernet0/0.1




≪フレッツスクウェア設定≫

proxy-dns interface FastEthernet0/0.1 priority 200

ppp profile flets-square
authentication myname guest@flets
authentication password guest@flets guest

interface FastEthernet0/0.2
description PPPoE_FLETS-SQUARE
encapsulation pppoe
auto-connect
ppp binding flets-square
ip address ipcp
ip mtu 1454
ip tcp adjust-mss 1414
ip napt enable
ip filter nbt-block 10 in
ip filter specialuse 20 in
ip filter all-forward 65000 in
ip filter nbt-block 10 out
ip filter all-forward 65000 out
no shutdown
exit

ip route 220.210.194.0/25 FastEthernet0/0.2
ip route 220.210.195.0/26 FastEthernet0/0.2
ip route 220.210.195.64/26 FastEthernet0/0.2
ip route 220.210.197.0/25 FastEthernet0/0.2
ip route 220.210.199.32/27 FastEthernet0/0.2
ip route 220.210.199.200/29 FastEthernet0/0.2
ip route 220.210.199.160/27 FastEthernet0/0.2
ip route 220.210.199.192/27 FastEthernet0/0.2
ip route 220.210.196.0/25 FastEthernet0/0.2
ip route 220.210.196.128/26 FastEthernet0/0.2
ip route 220.210.199.64/28 FastEthernet0/0.2
ip route 220.210.198.0/26 FastEthernet0/0.2
ip route 220.210.199.144/28 FastEthernet0/0.2



≪Static NAPT≫
interface FastEthernet0/0.1
ip napt service http 172.16.100.1
ip napt service ping 172.16.100.1
ip napt service SSH 172.16.100.1 none tcp 22
ip napt service SMTP 172.16.100.1 none tcp 25
ip napt service SMTP-587 172.16.100.1 none tcp 587
ip napt service IMAP4-SSL 172.16.100.1 none tcp 993
ip napt service LimeCHAT_FT 172.16.100.10 none tcp 1096
ip napt service MSNMessenger_APWB 172.16.100.10 none tcp 1503
ip napt service MSNMessenger_FT 172.16.100.10 none tcp 6891-6900



≪QoS設定≫

class-map match-any ch_class1
match input-interface FastEthernet0/1.0 high
match local-generate-packet high
match any low

policy-map qos-policy1
class ch_class1

interface FastEthernet0/0.1
service-policy enable
service-policy output qos-policy1
exit

続き:IX2015買ってみました(2/2)へ