From owner-FreeBSD-net-jp@jp.FreeBSD.org Fri Aug  2 19:49:48 2002
Received: (from daemon@localhost)
	by castle.jp.FreeBSD.org (8.11.6+3.4W/8.11.3) id g72Anm777407;
	Fri, 2 Aug 2002 19:49:48 +0900 (JST)
	(envelope-from owner-FreeBSD-net-jp@jp.FreeBSD.org)
Received: from mirror2.hitechs.co.jp (mirror2.hitechs.co.jp [211.6.230.248])
	by castle.jp.FreeBSD.org (8.11.6+3.4W/8.11.3) with SMTP/inet id g72Anin77397
	for <FreeBSD-net-jp@jp.FreeBSD.org>; Fri, 2 Aug 2002 19:49:44 +0900 (JST)
	(envelope-from uchiyama@hitechs.co.jp)
Received: (qmail 20995 invoked from network); 2 Aug 2002 10:49:22 -0000
Received: from lily.krb.hitechs.co.jp (@172.16.1.1)
  by mirror2.hitechs.co.jp with SMTP; 2 Aug 2002 10:49:22 -0000
Received: (qmail 65315 invoked from network); 2 Aug 2002 10:49:22 -0000
Received: from ac101555.dhcp.krb.hitechs.co.jp (HELO ?172.16.21.85?) (172.16.21.85)
  by lily.krb.hitechs.co.jp with SMTP; 2 Aug 2002 10:49:22 -0000
Date: Fri, 02 Aug 2002 19:49:15 +0900
From: Koji Uchiyama <uchiyama@pp.iij4u.or.jp>
To: FreeBSD-net-jp@jp.FreeBSD.org
In-Reply-To: <20020802090005.GA83381%ginga@ginganet.org>
References: <20020802040035.82494.qmail@maruma.net.dhis.org> <20020802090005.GA83381%ginga@ginganet.org>
Message-Id: <20020802194727.8E1C.UCHIYAMA@pp.iij4u.or.jp>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-2022-JP"
Content-Transfer-Encoding: 7bit
X-Mailer: Becky! ver. 2.05.03
Reply-To: FreeBSD-net-jp@jp.FreeBSD.org
Precedence: list
X-Sequence: FreeBSD-net-jp 3776
Subject: [FreeBSD-net-jp 3776] Re: ipfw + vtun(Re: vtund
 =?ISO-2022-JP?B?GyRCJEdETD5vJE4bKEI=?= IP address
 =?ISO-2022-JP?B?GyRCJEskaCRrQFxCMxsoQg==?=(unnumber
 e d routing?))
Errors-To: owner-FreeBSD-net-jp@jp.FreeBSD.org
Sender: owner-FreeBSD-net-jp@jp.FreeBSD.org
X-Originator: uchiyama@pp.iij4u.or.jp
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+020727


# $B6d2O$5$s$K$b$N?=$9$N$O6[D%$9$k$J$!(B

On Fri, 2 Aug 2002 18:00:05 +0900
Kawaguti Ginga <ginga@ginganet.org> wrote:

> $BOBED$5$s(B:
> > $B$b$A$m$s!!30(B=> 5000 $B$ODL$7$F$k$s$G$9$h$M!#(B
> 
> $B$O$$!$DL$7$F$$$^$9!%(B

$B$?$7$+(B server $BB&$N(B vtund.conf $B$G$O(B proto udp $B$r;XDj$5$l$F$$$?$H;W$$$^$9$,!"(B
server $BB&$N(B ipfw list $B$N7k2L$G(B

> 02300 allow tcp from any to any established
> 03400 allow tcp from any to xx.xx.xx.26 5000 setup
> 04000 allow udp from xx.xx.xx.26 to any

$B$J$N$G(B
udp from xx.xx.xx.26 5000 to yy.yy.yy.121      $B$O(B 04000 $B$G(B allow $B$H;W$$$^$9$,!"(B
udp from yyy.yyy.yyy.121  to xx.xx.xx.26 5000  $B$N<u$1$,L5$$$h$&$K8+$($^$9!#(B


| $B$H$$$&@_Dj$rF~$l$F$$$k$N$G$9$,!$$3$N(B via ${vtif} $B$K0z$C3]$+$i$:$K:G8e$N(B
| deny ip from any to any
| $B$K$h$C$FCF$+$l$F$7$^$&$h$&$G$9(B(ipfw show $B$G%+%&%s%?$r8+$F$$$k$H(B)$B!%(B
| 
| server => client $B$K(B ping $B$rBG$C$F(B tcpdump -i tun0 $B$r(B
| server/client $B$G9T$&$H(B server $B$O=P$F$$$/$N$_!$(B
| client $B$G$O<u$1<h$C$F(B reply $B$rAw$j=P$7$F$O$$$k!$(B
| $B$H$$$&46$8$G$7$?!%(B

$B$H$$$&8=>]$b!"(B
$B!V(Budp from yyy.yyy.yyy.121  to xx.xx.xx.26 5000 $B$N<u$1$,L5$$!W(B
$B$G$"$l$P@bL@$,$D$/$h$&$K;W$$$^$9!#(B

$B$H$j$"$($:!"(B

>65535 deny ip from any to any

$B$N%+%&%s%H$,A}2C$9$k$3$H$,J,$+$C$F$$$k$H$$$&$*OC$G$9$N$G(B

count tcp from any to any via xl0
count tcp from any to any via dc0
count tcp from any to any via lo0
count tcp from any to any via tun0
count udp from any to any via xl0
count udp from any to any via dc0
count udp from any to any via lo0
count udp from any to any via tun0
count icmp from any to any via xl0
count icmp from any to any via dc0
count icmp from any to any via lo0
count icmp from any to any via tun0

$B$H$+A^F~$7$F%+%&%s%H$rD4$Y$F$_$F$O$$$+$,$G$7$g$&$+!)(B


# $B$A$J$_$KFb;3$N<j85$N(B vtun 2.5 $B$G$O(B
#        proto tcp|udp
#               protocol to use.  By default, vtund(8) will use TCP
#               protocol.  UDP is recommended  for  ether  and  tun
#               tunnels  only.   This  option  is  ignored  by  the
#               client.
# $B$@$=$&$G!"(Bproto $B$N;XDj$O(B client $BB&$G$OL5;k$5$l$k$H$N$3$H$G$9!#(B
# $B%^%K%e%"%k$K$OL@5-$5$l$F$$$J$$$+$b$7$l$^$;$s$,!"(B
# proto udp $B$N>l9g$O:G=i$N%M%4%7%(!<%7%g%s!)$@$1(B TCP $B$G9T$$(B
# $B%G!<%?$NE>Aw<+BN$O(B UDP $B$G9T$C$F$$$?$H;W$$$^$9!#(B


$B$*Lr$KN)$F$l$P9,$$$G$9!#(B
# $B$O$:$7$F$J$1$l$P$$$$$s$@$1$I(B...

--
Koji Uchiyama <uchiyama@pp.iij4u.or.jp>

