From owner-FreeBSD-net-jp@jp.FreeBSD.org Wed May 21 16:39:56 2003
Received: (from daemon@localhost)
	by castle.jp.FreeBSD.org (8.11.6p2+3.4W/8.11.3) id h4L7duL25782;
	Wed, 21 May 2003 16:39:56 +0900 (JST)
	(envelope-from owner-FreeBSD-net-jp@jp.FreeBSD.org)
Received: from mgate15.so-net.ne.jp (mgate15.so-net.ne.jp [210.139.254.162])
	by castle.jp.FreeBSD.org (8.11.6p2+3.4W/8.11.3) with ESMTP/inet id h4L7dtY25777
	for <FreeBSD-net-jp@jp.FreeBSD.org>; Wed, 21 May 2003 16:39:55 +0900 (JST)
	(envelope-from mmasuda@ba2.so-net.ne.jp)
Received: from mail.ba2.so-net.ne.jp (mspool28.so-net.ne.jp [210.139.248.26])
	by mgate15.so-net.ne.jp  with ESMTP id h4L7dtL08509
	for <FreeBSD-net-jp@jp.FreeBSD.org>; Wed, 21 May 2003 16:39:55 +0900 (JST)
Received: from ba2.so-net.ne.jp (usen-219x120x137x242.ap-US.usen.ad.jp [219.120.137.242])
	by mail.ba2.so-net.ne.jp  with ESMTP id h4L7dtr08985;
	Wed, 21 May 2003 16:39:55 +0900 (JST)
Message-ID: <3ECB2D62.1010900@ba2.so-net.ne.jp>
From: "MASUDA,Masashi" <mmasuda@ba2.so-net.ne.jp>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4a) Gecko/20030401
X-Accept-Language: ja, en-us, en
MIME-Version: 1.0
To: FreeBSD-net-jp@jp.FreeBSD.org
References: <p05111001baf0af5402a0@[172.29.1.104]>
In-Reply-To: <p05111001baf0af5402a0@[172.29.1.104]>
Content-Type: text/plain; charset=ISO-2022-JP
Content-Transfer-Encoding: 7bit
Reply-To: FreeBSD-net-jp@jp.FreeBSD.org
Precedence: list
Date: Wed, 21 May 2003 16:40:18 +0900
X-Sequence: FreeBSD-net-jp 3944
Subject: [FreeBSD-net-jp 3944] Re: IPSec+ipfw+natd
 =?ISO-2022-JP?B?GyRCJEskRCQkJEYbKEI=?= 
Sender: owner-FreeBSD-net-jp@jp.FreeBSD.org
X-Originator: mmasuda@ba2.so-net.ne.jp
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+030514

$BA}ED!s;E;v$+$i8=<BF(Hr%b!<%I$G$9!#(B


$BLn8}!!7rB@(B wrote:

> $B=i$a$^$7$F!"Ln8}$H?=$7$^$9!#(B
> 
> $B8=:_#V#P#N$N;n831?MQ$r9T$*$&$H%F%9%H$7$F$$$k:GCf$J$N$G$9$,!"(B
> ipfw?natd?$B$GJI$K$"$?$C$F$$$^$9!#(B
> 
> IPSec$B$K$FAj8_DL?.$,$G$-$k$^$G$O!"%F%9%H$,$G$-$^$7$?!#(B
> $B$?$@!"%U%#%k%?%j%s%0$r$+$1$h$&$H$7$?$N$G$9$,!"%k!<%k$rE,MQ$9$k$H!"2?$b(B 
> $B<u$1IU$1$J$/$J$j$^$9!#(B
> $B2?$+8+Mn$H$7$F$$$k$N$+!"$=$l$H$b8+Ev0c$$$N$3$H$r$7$F$$$k$N$+$5$C$Q$jJ,(B 
> $B$+$j$^$;$s!#(B
> 
> $B$I$3$,$$$1$J$$$N$+$4;XE&$$$?$@$-$?$/%a!<%k$rAw$C$?<!Bh$G$9!#(B
> $B2<5-$K%U%#%k%?%j%s%0%k!<%k$r5-=R$7$F$*$-$^$7$?!#(B
> $B$h$m$7$/$*4j$$$7$^$9!#(B


$B%U%#%k%?%j%s%0$N%k!<%k$K$D$$$F$O$^$C$?$/8+$F$$$J$$$N$G$9$,!"(B
nat $B$J$j(Bpacket filtering $B$K$F(BIPSec $B$r%O%s%I%j%s%0$9$k$K$O(B

/etc/services
isakmp          500/udp

/etc/protocols
esp     50      ESP             # encapsulating security payload
ah      51      AH              # authentication header

$B$"$?$j$r%O%s%I%j%s%0$7$F$"$2$kI,MW$,$"$C$?$H;W$$$^$9!#(B

http://www.ietf.org/internet-drafts/draft-ietf-ipsec-nat-reqts-04.txt

$B$"$?$j$,;29M$K$J$k$N$G$O$J$$$+$H;W$$$^$9!#%Q%1%C%H$N5$;}$A$K$J$C$F9M$($F(B
$B$,$s$P$C$F$_$F$/$@$5$$!#(B:-)

# $B$b$7$&$^$/$$$C$?$i(BQ&A $B7A<0$K$^$H$a$FM_$7$$$J!<$HRl$$$F$_$k!#(B

-- 
MASUDA Masashi <mmasuda@ba2.so-net.ne.jp> <http://unixluser.org/>
$BF|K\(BTOUGHBOOK$B%f!<%62q(B <http://toughbook.jp/> $B2q0wHV9f(B:1
$B%Q%1%C%H$N5$;}$A$K$J$C$F9M$($h$&!#(B:-)

