From owner-FreeBSD-users-jp@jp.freebsd.org  Tue Oct 30 11:50:37 2001
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id LAA62522;
	Tue, 30 Oct 2001 11:50:37 +0900 (JST)
	(envelope-from owner-FreeBSD-users-jp@jp.FreeBSD.org)
Received: from cicgw.cic-kk.co.jp (cicgw.cic-kk.co.jp [203.137.146.33])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with ESMTP id LAA62517
	for <FreeBSD-users-jp@jp.freebsd.org>; Tue, 30 Oct 2001 11:50:36 +0900 (JST)
	(envelope-from kgotoh@cic-kk.co.jp)
Received: from zeke.cic-kk.co.jp (zeke.cic-kk.co.jp [192.168.1.11])
	by cicgw.cic-kk.co.jp (8.9.3/3.7W-01060720) with ESMTP id LAA83066
	for <FreeBSD-users-jp@jp.freebsd.org>; Tue, 30 Oct 2001 11:50:35 +0900 (JST)
Received: from localhost (localhost.cic-kk.co.jp [127.0.0.1])
	by zeke.cic-kk.co.jp (8.9.3/3.6W 06/07/01) with ESMTP id LAA16161
	for <FreeBSD-users-jp@jp.freebsd.org>; Tue, 30 Oct 2001 11:50:35 +0900 (JST)
To: FreeBSD-users-jp@jp.freebsd.org
In-Reply-To: Your message of "Mon, 29 Oct 2001 20:36:00 +0900"
	<87y9luk7a7.wl@nabechan.org>
References: <87y9luk7a7.wl@nabechan.org>
X-Mailer: Mew version 1.93 on Emacs 19.34 / Mule 2.3 (SUETSUMUHANA)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Message-Id: <20011030115035N.kgotoh@cic-kk.co.jp>
Date: Tue, 30 Oct 2001 11:50:35 +0900
From: Kazumasa Gotoh <kgotoh@cic-kk.co.jp>
X-Dispatcher: imput version 980905(IM100)
Lines: 45
Reply-To: FreeBSD-users-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+010328
X-Sequence: FreeBSD-users-jp 65218
Subject: [FreeBSD-users-jp 65218] Re: FireWall
 =?ISO-2022-JP?B?GyRCTVElXiU3JXMkTiU9JVUlSDk9QC4kSyREJCQbKEI=?=
 =?ISO-2022-JP?B?GyRCJEYbKEI=?= 
Errors-To: owner-FreeBSD-users-jp@jp.freebsd.org
Sender: owner-FreeBSD-users-jp@jp.freebsd.org
X-Originator: kgotoh@cic-kk.co.jp


Reply $B$"$j$,$H$&$4$6$$$^$9!#(B

From: Shingo WATANABE / $BEOJU(B $B?-8c(B <nabe@nabechan.org>
Date: Mon, 29 Oct 2001 20:36:00 +0900

> $B!V(BFirewall $B$@$+$i$3$N%]!<%H$rJD$8$J$-$c$$$1$J$$!W$H$$$&$N$O$"$j$^$;$s!#(B
> $B$"$/$^$G$=$N%5%$%H(B/$B%5!<%P$K$*$1$k%;%-%e%j%F%#%]%j%7$KB'$C$?@_Dj$r9T$&$N(B
> $B$G!"0l35$K$I$&@_Dj$r$9$k$Y$-$+$O8@$($J$$$H;W$$$^$9!#(B
> $B2?$r<i$j$?$$$N$+!"$I$NDL?.$r5v2D$7$?$$$N$+$J$I!"$-$A$s$H7h$a$F!"$=$l$KL7(B
> $B=b$NL5$$@_Dj$r9T$&$3$H$K$J$k$H;W$$$^$9!#(B

$B$H$j$"$($:(B VPN Gateway $B$H$J$kN>C<$N(B FW, Web server $B%^%7%s<+?H$K(B
$BBP$9$k%"%/%;%9$O2?$bFC$K6X;_$;$:$K!"FbIt$N%W%i%$%Y!<%H%M%C%H%o!<%/$K(B
$B?/F~$5$l$k;v$@$1$r6X;_$7$?$$$H$7$?$i!"$"$i$f$k%=!<%9%"%I%l%9$+$i(B
$B%G%9%H%M!<%7%g%s$,%W%i%$%Y!<%H%M%C%H%o!<%/$K$J$C$F$$$k%Q%1%C%H$r(B
$BC!$-Mn$H$;$P$H$j$"$($:MQ$OB-$j$k$N$G$7$g$&$+!)(B $B$D$^$j!"(B

  deny all from any to 192.168.0.0/16

$B$H=q$1$P!"$^$:$O:GDc8B(B(?)$B$NL\E*$O%/%j%"$G$-$k$N$+$H$$$&;v$G$9!#(B

IP $B%H%s%M%k$C$F<B$O$^$@$h$/$o$+$C$F$$$J$$$N$G$9$,!"(BVtun $B$N%Q%1%C%H$,(B
$B$3$N>r7o$K0z$C3]$+$k$3$H$O$J$$$G$9$h$M!)(B (^^;

$BJL$NOC$G(B ipfw $B$N=q$-J}$N7o$K$J$C$F$7$^$&$N$G$9$,!">e5-$N$h$&$K=q$$$F(B
$BLdBj$J$/!"(B192.168.1.0/24, 192.168.2.0/24 ... $B$H$$$&$h$&$KNs5-$9$k(B
$BI,MW$O$J$$!D(B $B$HM}2r$7$F$h$m$7$$$N$G$7$g$&$+!)(B

> $B>e5-$N$h$&$KI,MW$H$5$l$kDL?.0J30$O86B'E*$K<WCG$9$k>l9g$K$O!"(BICMP $B$rA4It(B
> $B:I$,$J$$$h$&$K5$$r$D$1$?J}$,NI$$$H;W$$$^$9!#(BPath MTU Discovery $B$H$$$&;E(B
> $BAH$_$K(B ICMP $B$N%a%C%;!<%8$r;H$C$F$$$^$9!#$3$l$,DL$i$J$$$H!"7PO)>e$K>.$5$J(B
> MTU $B$,B8:_$9$k>l9g(B ($B:#2s$N$h$&$K%H%s%M%j%s%0$r$7$F$$$k;~$J$I(B) $B$J$I$K!"Bg(B
> $B$-$J%5%$%:$N(B IP $B%Q%1%C%H$,DL$i$:$K:$$k$3$H$,$"$k$G$7$g$&!#(B

Path MTU Discovery $B$G$O0JA0!"(BBSD/OS + Gauntlet + PacketShaper $B$H$$$&(B
$B%5%$%H$G%P!<%8%g%s%"%C%W:n6H$r9T$C$?;~$K!"(BBSD/OS $B$H(B PacketShaper $B$N(B
$BAj@-(B(?)$B$NLdBj$G!"(BSMTP $B$,DL$kAj<j%5%$%H$HHs>o$KDL$j$K$/$$Aj<j%5%$%H$,(B
$BH/@8$7$F$7$^$$!"Ev=i$O2?$,860x$+$o$+$i$:Bg%O%^%j$7$?;v$,$"$j$^$9!#(B(^^;

$B$3$NLdBj$G$O(B 3$BF|$bG:$_B3$1$F$7$^$$$^$7$?!D(B

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
($B3t(B) $B%;%s%H%i%k>pJs%;%s%?!<(B
                             $B8eF#OB@/(B    kgotoh@cic-kk.co.jp
