From owner-IPv6-jp@jp.freebsd.org  Wed Jul 28 10:27:22 1999
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id KAA65060;
	Wed, 28 Jul 1999 10:27:22 +0900 (JST)
	(envelope-from owner-IPv6-jp@jp.FreeBSD.org)
Received: from manhattan-gw.iij-america.com (firewall-user@manhattan-gw.iij-america.com [202.232.14.178])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with ESMTP id KAA65055
	for <IPv6-jp@jp.freebsd.org>; Wed, 28 Jul 1999 10:27:21 +0900 (JST)
	(envelope-from koji@iij.com)
Received: by manhattan-gw.iij-america.com; id KAA17992; Wed, 28 Jul 1999 10:27:19 +0900 (JST)
Received: from fs.iij-america.com(192.168.241.2) by manhattan-gw.iij-america.com via smap (3.2)
	id xma017988; Wed, 28 Jul 99 10:26:59 +0900
Received: from localhost (koji@localhost [127.0.0.1])
	by fs.iij-america.com (8.8.5/3.6W-primary) with ESMTP id VAA15600
	for <IPv6-jp@jp.freebsd.org>; Tue, 27 Jul 1999 21:26:59 -0400 (EDT)
To: IPv6-jp@jp.freebsd.org
In-Reply-To: Your message of "Wed, 28 Jul 1999 09:30:51 +0900"
	<1689.933121851@coconut.itojun.org>
References: <1689.933121851@coconut.itojun.org>
X-Mailer: Mew version 1.93 on XEmacs 21.0 (Norwegian)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Message-Id: <19990727212659H.koji@iij.com>
Date: Tue, 27 Jul 1999 21:26:59 -0400
From: Koji Yamamoto <koji@iij.com>
X-Dispatcher: imput version 981019(IM102)
Lines: 46
Reply-To: IPv6-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+990727
X-Sequence: IPv6-jp 287
Subject: [IPv6-jp 287] Re: ipfw/natd (DIVERT) and gif 
Errors-To: owner-IPv6-jp@jp.freebsd.org
Sender: owner-IPv6-jp@jp.freebsd.org
X-Originator: koji@iij.com

From: Jun-ichiro itojun Hagino <itojun@itojun.org>
Subject: [IPv6-jp 286] Re: ipfw/natd (DIVERT) and gif 
Date: Wed, 28 Jul 1999 09:30:51 +0900
Message-ID: <1689.933121851@coconut.itojun.org>

> 	$B$I$&$b$G$9!#$H$j$"$($:(Bkame faq$B$"$?$j$KB-$7$F$*$-$^$9!#(B
> 
> >ipfw+natd $B$r;H$C$F$$$k4D6-$G!"(Bgif $B$,$&$^$/F0$+$J$$$3$H$,$"$j$^$7$?!#(B
> >$B:F8=>r7o$J$I$r$-$A$s$H3NG'$7$F$J$$$N$G$9$,!"$H$j$"$($:8=>]$H2sHrJ}K!$K$D(B
> >$B$$$F$o$+$C$?$3$H$r(B report $B$7$F$*$-$^$9!#(B
> >$B4D6-(B: FreeBSD 2.2.8 RELEASE + kame 19990705 snap
> 
> 	$B$3$l!"(Bexpected behavior$B$N$h$&$J5$$b$7$^$9!#(B
> 	divert socket$B9T$-$+$I$&$+H=Dj$9$k$N$O(Bgif$B$X$NF~NO$N<jA0$J$N$G(B
> 	ipfw rule$B$K$R$C$+$+$k@_Dj$@$H%Q%1%C%H$O(Bdivert socket$B$K(B
> 	$B?)$o$l$F$7$^$$$^$9!#(B

divert $B$+(B natd $B$,(B tcp $B$G$b(B udp $B$G$b(B icmp $B$G$b$J$$%Q%1%C%H(B
(IPv6 in IPv4)$B$r$&$^$/07$($F$J$$$s$G$7$g$&$+$M!#(B
$BDL>o$N(B IPv4 $B$N%Q%1%C%H(B(tcp, udp, icmp)$B$O!"(Bnatd $B$rDL$C$?8e!"$5$i$K(B
ipfw $B$N;D$j$N%7!<%1%s%9$rDL$C$F$/$l$^$9!#(B(*)
$B$G!"(Ballow ip from any to any $B$G(B ipfw $B$rH4$1$F9T$-$^$9!#(B
gif $B$N%Q%1%C%H$OL@<(E*$J6X;_(B rule $B$K$R$C$+$i$J$$$N$G(B divert/natd $B$rDL$C(B
$B$FLa$C$F$-$F!"(Ballow ip from any to any $B$GH4$1$F9T$C$F$/$l$k$H;W$C$F$$$?(B
$B$N$G$9$,!"(Bdivert/natd $B$G0.$j$D$V$5$l$F$$$k$H$$$&46$8$G$7$g$&$+!#(B

(*) $BKM$O(B divert $B$N9T$H(B allow ip from any to any $B$N9T$N4V$K!"Nc$($P(B
    $B$=$N%[%9%H$N(B global $BB&(B tcp/1080 $B08%Q%1%C%H$r(B log $B$7$FMn$H$9$h$&$J(B
    rule $B$r=q$$$F$$$^$9!#(Bnatd $B$rDL$9A0$K$3$l$rMn$H$9$H$^$:$$$G$9!#(B

v6 $B$H$"$s$^$j4X78$J$$$G$9$,!"<B$O$5$C$-$N(B ipfw $B$N(B rule $B$O$"$s$^$j$h$/(B
$B$J$/$F!"(Bdivert $B$@$1$r(B skip $B$7$J$$$H(B tunnel dst $B$+$i(B IPv4 $BE*$K$J$s$G$b$d(B
$B$jJ|Bj$K$J$C$F$7$^$$$^$9(B:-)

> >$B%H%s%M%k$,$&$^$/D%$l$F$$$J$$$3$H$K5$$,$D$+$:$K!"(Broute6d $B$rF0$+$7$?$H$3$m!"(B
> >reboot $B$7$F$7$^$$$^$7$?!#(B
> 
> 	$B$3$l$,$J$<$@$+$o$+$i$J$$$s$G$9$h$M!#(B

reboot $B$9$k$H;W$&$H!";n$9$N$K$A$g$C$H3P8g$,$$$k$s$G(B^^;
# fsck $B$7$?$i7k9=2u$l$F(B /usr/games $B$N2<$,>C$($F$7$^$C$?(B...


Koji Yamamoto
koji@iij.com / koji@iij.ad.jp
IIJ America, Inc.
