From owner-FreeBSD-users-jp@jp.freebsd.org  Tue Oct 30 16:12:38 2001
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id QAA81731;
	Tue, 30 Oct 2001 16:12:38 +0900 (JST)
	(envelope-from owner-FreeBSD-users-jp@jp.FreeBSD.org)
Received: from ns.aruiru.com (ns.aruiru.com [61.121.211.114])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with SMTP id QAA81726
	for <FreeBSD-users-jp@jp.freebsd.org>; Tue, 30 Oct 2001 16:12:38 +0900 (JST)
	(envelope-from kajita@career-link.co.jp)
Received: (qmail 17081 invoked from network); 30 Oct 2001 07:12:41 -0000
Received: from dhcp-17.int.career-link.co.jp (HELO kajita) (192.168.1.17)
  by ns.int.career-link.co.jp with SMTP; 30 Oct 2001 07:12:41 -0000
Date: Tue, 30 Oct 2001 16:15:10 +0900
From: Nao KAJITA <kajita@career-link.co.jp>
To: FreeBSD-users-jp@jp.freebsd.org
Organization: Career-link,co.LTD
In-Reply-To: <20011030112237R.kgotoh@cic-kk.co.jp>
References: <20011029161543.548E.KAJITA@career-link.co.jp> <20011030112237R.kgotoh@cic-kk.co.jp>
Message-Id: <20011030154501.89BA.KAJITA@career-link.co.jp>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-2022-JP"
Content-Transfer-Encoding: 7bit
X-Mailer: Becky! ver. 2.00.07
Reply-To: FreeBSD-users-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+010328
X-Sequence: FreeBSD-users-jp 65228
Subject: [FreeBSD-users-jp 65228] Re: FireWall
 =?ISO-2022-JP?B?GyRCTVElXiU3JXMkTiU9JVUlSDk9QC4kSyREJCQbKEI=?=
 =?ISO-2022-JP?B?GyRCJEYbKEI=?=
Errors-To: owner-FreeBSD-users-jp@jp.freebsd.org
Sender: owner-FreeBSD-users-jp@jp.freebsd.org
X-Originator: kajita@career-link.co.jp

$B3aED$G$9!#(B

> > $B3NG'$G$9$,!"$3$N(BFW$B%^%7%s$,(Bvtun$B$G(BVPN$B%5!<%S%9$r$9$k$N$G$9$h$M!)(B
> $B$=$NDL$j$G$9!#(B

VPN$BMxMQ;~$N(Bipfw$B$N%k!<%k@_Dj$GG:$^$l$F$$$k$h$&$G$9$,!"(B
FW$B%^%7%s$H(BVPN$B%5!<%P$,$*$s$J$8$J$i$P0J2<$N$h$&$J2r<a$G(B
$BNI$$$H;W$$$^$9$h!#(B

VPN$B$N;OE@$H=*E@$O$*$N$*$N$N5rE@$N(BGateway$B%^%7%s$G$"$l$P(B
$B<B:]$K(BVPN$B%5!<%S%9$rDs6!$9$k%G!<%?%9%H%j!<%`$O(BGateway$B%^%7%s4V$@$1$GNI$$!#(B
$B$J$N$G(BVPN$B%5!<%S%9$,MxMQ$9$k(BPort$B$O:GDc8BF)2aE*$K(BFirewall$B$r@_Dj$9$k!#(B

$B$=$N$"$H$O(BVPN$B%5!<%S%9$G%+%W%;%k2=$5$l$?%Q%1%C%H$O%+%W%;%k2r=|$5$l!"(B
$B85$N%Q%1%C%H$KLa$k$N$G(BVPN$B=*E@!J$3$N>l9gE~Ce@h(BGateWay$B%^%7%s!K$+$iFbB&(B
$B%M%C%H%o!<%/$K;OE@%M%C%H%o!<%/%"%I%l%9$r;}$C$?%Q%1%C%H$,F)2a$G$-$k$h$&$K(B
$B@_Dj$9$k!#(B

> FW $B$K(B natd $B$rN)$F$F$*$1$P!D(B $B$H$$$&;v$G$9$M!#(B
> $B%W%i%$%Y!<%H%M%C%H%o!<%/$O(B 192.168.yyy.zzz $B$H$J$C$F$$$^$9!#(B

VTUN$B$rMxMQ$5$l$k$N$G$"$l$P2>A[E*$KJL%M%C%H%o!<%/%"%I%l%9$r;}$D(B
VPN$B%M%C%H%o!<%/$r:n$k$3$H$,?d>)$5$l$^$9$,!"(B

<IP addr>
xxx.xxx.xxx.1   xxx.xxx.yyy.1   xxx.xxx.yyy.2      xxx.xxx.zzz.1
client1--------->vtunSvr1--------->vtunSvr2------------->client2
    xxx.xxx.xxx.0/24         |           xxx.xxx.zzz.0/24
                      xxx.xxx.yyy.0/24
<Network>

$B$N>l9g!J$A$g$C$H$o$+$j$:$i$$$+$7$i!K!"(Bxxx.xxx.zzz.0/24$B8~$1$N(B
$B7PO)$O(Bxxx.xxx.yyy.1$B$K8~$1$F$d$l$P$h$$$@$1$G!"$3$l$O3N$+(B
Vtun$B$N(BConf$B%U%!%$%k$G@_Dj$G$-$^$9!#(B

$B$G!"(Bxxx.xxx.yyy.2$B$^$GE>Aw$5$l$?%Q%1%C%H$O(Bxxx.xxx.zzz.0/24$B$X(B
Forward$B$5$l$k$h$&$K$9$l$P$h$$$G$9!#(B

> $BJQ$J7j$,6u$$$F$$$J$$$h$&$K5$$r$D$1$l$P!D(B $B$H$$$&;v$G$9$M!#(B
> $B$=$l$r0lHV5$$K$7$F$$$k$N$G$9$,!"(B(^^; $BK\HV2TF/$^$G$K?'!9;n$7$F$_$h$&$H(B
> $B;W$C$F$O$$$^$9!#(B

VPN$B%5!<%S%90J30$N%Q%1%C%H$O%5%$%H%]%j%7!<$K$b$h$k$N$G(B
ipfw$B$N@_Dj$b$J$s$H$b1>$($J$$$G$9!#(B

$B$+$8$?(B
