From owner-FreeBSD-net-jp@jp.FreeBSD.org Fri Aug  2 23:29:47 2002
Received: (from daemon@localhost)
	by castle.jp.FreeBSD.org (8.11.6+3.4W/8.11.3) id g72ETlI22414;
	Fri, 2 Aug 2002 23:29:47 +0900 (JST)
	(envelope-from owner-FreeBSD-net-jp@jp.FreeBSD.org)
Received: from athena.ginganet.org (postfix@tk0008-202x210x243x26.ap-TK.usen.ad.jp [202.210.243.26])
	by castle.jp.FreeBSD.org (8.11.6+3.4W/8.11.3) with ESMTP/inet id g72ETln22409
	for <FreeBSD-net-jp@jp.FreeBSD.org>; Fri, 2 Aug 2002 23:29:47 +0900 (JST)
	(envelope-from ginga@ginganet.org)
Received: by athena.ginganet.org (Postfix, from userid 5003)
	id 121173E9F; Fri,  2 Aug 2002 23:29:47 +0900 (JST)
Date: Fri, 2 Aug 2002 23:29:47 +0900
From: Kawaguti Ginga <ginga-ginganet@ginganet.org>
To: FreeBSD-net-jp@jp.FreeBSD.org
Message-ID: <20020802142947.GC75523%ginga@ginganet.org>
References: <20020802194727.8E1C.UCHIYAMA@pp.iij4u.or.jp> <20020802113404.83223.qmail@maruma.net.dhis.org> <20020802040035.82494.qmail@maruma.net.dhis.org> <20020802090005.GA83381%ginga@ginganet.org> <20020802194727.8E1C.UCHIYAMA@pp.iij4u.or.jp> <sld6t64uk4.fsf@belldandy.vsp.cpg.sony.co.jp> <20020801140400.GB75523%ginga@ginganet.org> <20020802122729.8E0D.UCHIYAMA@pp.iij4u.or.jp> <20020802090005.GA83381%ginga@ginganet.org> <20020802103708.83119.qmail@maruma.net.dhis.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-2022-jp
Content-Disposition: inline
In-Reply-To: <20020802113404.83223.qmail@maruma.net.dhis.org> <20020802194727.8E1C.UCHIYAMA@pp.iij4u.or.jp> <20020802103708.83119.qmail@maruma.net.dhis.org>
User-Agent: Mutt/1.3.27i-ja.2
Reply-To: FreeBSD-net-jp@jp.FreeBSD.org
Precedence: list
X-Sequence: FreeBSD-net-jp 3779
Subject: [FreeBSD-net-jp 3779] Re: ipfw + vtun(Re: vtund
 =?ISO-2022-JP?B?GyRCJEdETD5vJE4bKEI=?= IP	address
 =?ISO-2022-JP?B?GyRCJEskaCRrQFxCMxsoQg==?=(unnumber
	e d routing?)	)
Errors-To: owner-FreeBSD-net-jp@jp.FreeBSD.org
Sender: owner-FreeBSD-net-jp@jp.FreeBSD.org
X-Originator: ginga-ginganet@ginganet.org
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+020727

$B@n8}$G$9(B

In Fri, Aug 02, 2002 at 07:37:08PM +0900,
Masashi WADA <wa_da_ma@ybb.ne.jp> wrote:
> nat$B$d(Bipfw$B$ONI$/$o$+$i$s$N$G$9$,!"5$$,IU$$$?$H$3$@$1!#(B
> 
> vtun$B$O(Budp$B$GDL?.$7$F$k$_$?$$$G$9$,!"(Bipfw$B$O(B
> > 03400 allow tcp from any to xx.xx.xx.26 5000 setup
> $B$H(Btcp$B$K$J$C$F$$$k!#(B

$B$&$C(B... $BA4$/;}$C$F$=$NDL$j$G$9$M!%(B
UDP$B;XDj$r<+J,$G=q$$$F$*$-$J$,$i!$(Bipfw $B$N@_Dj$N;~$K$O(B
$B@$$NCf$K$O(B tcp $B0J30B8:_$7$J$$(B(!)$B!$$H$$$&LQA[$G@_Dj$r(B
$B$7$F$*$j$^$7$?!%(B

$BFb;3$5$s$K$b(B
In Fri, Aug 02, 2002 at 07:49:15PM +0900,
Koji Uchiyama <uchiyama@pp.iij4u.or.jp> wrote:
> $B$?$7$+(B server $BB&$N(B vtund.conf $B$G$O(B proto udp $B$r;XDj$5$l$F$$$?$H;W$$$^$9$,!"(B
> server $BB&$N(B ipfw list $B$N7k2L$G(B
> 
> > 02300 allow tcp from any to any established
> > 03400 allow tcp from any to xx.xx.xx.26 5000 setup
> > 04000 allow udp from xx.xx.xx.26 to any
> 
> $B$J$N$G(B
> udp from xx.xx.xx.26 5000 to yy.yy.yy.121      $B$O(B 04000 $B$G(B allow $B$H;W$$$^$9$,!"(B
> udp from yyy.yyy.yyy.121  to xx.xx.xx.26 5000  $B$N<u$1$,L5$$$h$&$K8+$($^$9!#(B

$B$4;XE&$rD:$-$^$7$?!%40A4$K8+Mn$H$7$F$*$j$^$7$?!%(B


$B$G$b!$$J$^$8:G=i$N%;%C%H%"%C%W$r(B tcp $B$G(B
$B9T$C$F@\B3$,=PMh$F$$$k$h$&$K8+$($k$N$,6J<T(B...
$B$J$N$G!$(Budp $B$@$1$O$3$l$^$?BLL\$G!$(Bipfw $BE*$K$O(B tcp setup + udp 
$B$K$7$?$iK|;v$&$^$/9T$/$h$&$K$J$j$^$7$?!%(B

> setup$B$rL5$7$K$7$F!"(Btcp$B$r(Budp$B$K$9$k$H$h$$$N$G$O$J$$$+$J$!!#(B
> $B$"$H!"$D$$$G$K(Bfrom any$B$G$O$J$/$F!"(Bclient$B$OJ,$+$C$F$$$k(B
> $BLu$@$+$i!"L@<(E*$K;XDj$7$F$d$C$?J}$,0BA4@-$,>e$,$k$+$b!#(B

$B$G$9$M!%$H$$$&$3$H$G(B:
        ${fwcmd} add pass tcp from any to ${oip} 5000 setup
        ${fwcmd} add pass udp from any to ${oip} 5000

> # $B$A$J$_$KFb;3$N<j85$N(B vtun 2.5 $B$G$O(B
> #        proto tcp|udp
> #               protocol to use.  By default, vtund(8) will use TCP
> #               protocol.  UDP is recommended  for  ether  and  tun
> #               tunnels  only.   This  option  is  ignored  by  the
> #               client.
> # $B$@$=$&$G!"(Bproto $B$N;XDj$O(B client $BB&$G$OL5;k$5$l$k$H$N$3$H$G$9!#(B
> # $B%^%K%e%"%k$K$OL@5-$5$l$F$$$J$$$+$b$7$l$^$;$s$,!"(B
> # proto udp $B$N>l9g$O:G=i$N%M%4%7%(!<%7%g%s!)$@$1(B TCP $B$G9T$$(B
> # $B%G!<%?$NE>Aw<+BN$O(B UDP $B$G9T$C$F$$$?$H;W$$$^$9!#(B

In Fri, Aug 02, 2002 at 08:34:04PM +0900,
Masashi WADA <wa_da_ma@ybb.ne.jp> wrote:
> client$BB&$G(Bproto udp$B$r;XDj!"(Bserver$BB&$O;XDjL5$7$K$7$F$d$l$P!"A4$F$N(B
> $BDL?.$,(BUDP$B$K$J$k$C$FM}2r$7$FNI$$$s$G$7$g$&$+!#(B

$B:aLG$\$7(B($B$K$J$C$F$$$^$;$s$,(B)$B$K<B83$7$F$_$^$7$?$,!$(B
tcpdump $B$G8+D%$C$F$_$k$H$=$N@_Dj$G$b(B tcp $B%Q%1%C%HDIJ|!$(B
$B$O=PMh$J$$$h$&$G$9!%(B
-- 
       $B"J"J(B
Zzz.. (- - )$B"^"^"=!A(B           $B@n8}(B $B6d2O(B
      ##############   ginga-freebsd@ginganet.org
