From owner-FreeBSD-users-jp@jp.FreeBSD.org Tue Aug 23 07:41:05 2011
Received: (from daemon@localhost)
	by castle.jp.FreeBSD.org (8.11.6p2+3.4W/8.11.3) id p7MMf5b13830;
	Tue, 23 Aug 2011 07:41:05 +0900 (JST)
	(envelope-from owner-FreeBSD-users-jp@jp.FreeBSD.org)
Received: from dns0.rodfbs.jp ([2001:3e0:71b:2::234])
	by castle.jp.FreeBSD.org (8.11.6p2+3.4W/8.11.3) with ESMTP/inet6 id p7MMf5K13825
	for <FreeBSD-users-jp@jp.FreeBSD.org>; Tue, 23 Aug 2011 07:41:05 +0900 (JST)
	(envelope-from eakasaka@rodfbs.jp)
Received: from ns0.rodfbs.jp (ns0i [IPv6:2001:3e0:71b:2::236])
	by dns0.rodfbs.jp (8.14.5/8.14.5) with ESMTP/inet6 id p7MMepkF027596
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Tue, 23 Aug 2011 07:40:52 +0900 (JST)
	(envelope-from eakasaka@rodfbs.jp)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.97 at dns0.rodfbs.jp
Received: from localhost ([192.168.0.2])
	(user=eakasaka@rodfbs.jp mech=PLAIN bits=0)
	by ns0.rodfbs.jp (8.14.5/8.14.5) with ESMTP/inet id p7MMeguN029743;
	Tue, 23 Aug 2011 07:40:50 +0900 (JST)
	(envelope-from eakasaka@rodfbs.jp)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.97 at ns0.rodfbs.jp
Message-Id: <20110823.074101.01373524.eakasaka@rodfbs.jp>
To: FreeBSD-users-jp@jp.FreeBSD.org, toshimasa.matsuoka@gmail.com
From: eakasaka@rodfbs.jp
In-Reply-To: <CAFpFMofs0iriff0T51HxU3oZun4LnFcCi_JJfnTuWapmnc-qZQ@mail.gmail.com>
References: <CAFpFMofs0iriff0T51HxU3oZun4LnFcCi_JJfnTuWapmnc-qZQ@mail.gmail.com>
X-Mailer: Mew version 6.2.51 on Emacs 22.2 / Mule 5.0 (SAKAKI)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Reply-To: FreeBSD-users-jp@jp.FreeBSD.org
Precedence: list
Date: Tue, 23 Aug 2011 07:41:01 +0900
X-Sequence: FreeBSD-users-jp 93502
Subject: [FreeBSD-users-jp 93502] Re: pf =?ISO-2022-JP?B?GyRCJE4bKEI=?=
 =?ISO-2022-JP?B?GyRCQF9EaiRLJEQkJCRGGyhC?= 
Sender: owner-FreeBSD-users-jp@jp.FreeBSD.org
X-Originator: eakasaka@rodfbs.jp
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+060209

$B$($j$j$s$G$9!#(B
$B$^$@$I$J$?$bJV?.$5$l$F$J$$$h$&$J$N$G!#(B

$BB?J,(B route-to $B$@$1$G$J$/(B reply-to $B$b;H$o$J$/$F$O$&$^$/$$$+$J$+$C$?$h$&$J5-21$,!#(B
7$B0L$^$G(BIPv6$B$G$7$+$d$C$F$J$$$N$G$9$,!":Q$_$^$;$s:#;~4V$J$$$N$G(B Google $B$J$I$G(B
$B!V(Bpf $B%^%k%A%[!<%`!W$J$I$G8!:w$5$l$?$i$I$&$G$7$g$&$+!#!V!W$O8!:w$G$O$H$C$F2<$5$$!#(B
$B<+J,$O2?G/$+A0$=$l$G=P$FMh$?%Z!<%8$r$$$/$D$+;29M$K$7$J$,$i$d$C$?5-21$,$"$j$^$9!#(B
NetBSD $B$d(B OpenBSD $B$N%Z!<%8$b;29M$K$J$k$H;W$$$^$9!#(B

From: $B>>2,Mx>;(B <toshimasa.matsuoka@gmail.com>
Subject: [FreeBSD-users-jp 93498] pf $B$N@_Dj$K$D$$$F(B 
Date: Fri, 19 Aug 2011 20:56:05 +0900

> $B>>2,$H?=$7$^$9!#(B
> 
> pf$B$N@_Dj$,$&$^$/$$$+$:!"G:$s$G$*$j$^$9!#(B
> 
> $BF1MM$NLdBj$r2r7h$5$l$?J}$,$$$i$C$7$c$$$^$7$?$i!"(B
> $B$b$7$/$O$4?F@Z$JJ}$,%"%I%P%$%9$$$?$@$1$k$H=u$+$j$^$9!#(B
> 
> $B!ZGX7J![(B
> 
> router(DC$BDs6!(B)     router(UCOM)
> 192.168.100.1     192.168.101.1
>         |                         |
>        +------------------------+
>                      |
>                  [HOST]
>      jail1:www.example.com 192.168.100.2
>      jail2:upload.example.com 192.168.101.2
> 
> 
> jail$B$G2<5-$N$h$&$K#2$D$N%5%$%H$r2>A[2=$7$F$$$^$9!#(B
> www.example.com 192.168.100.2/28
> upload.example.com 192.168.101.2/29
> 
> www.example.com(192.168.100.2)$B$O%G!<%?%;%s%?!<$NBS0hJ]>Z2s@~$G@\B3$7$?$$!#(B
> $B%2!<%H%&%'%$$O(B192.168.100.1$B$G$9!#(B
> 
> upload.example.com(192.168.101.2)$B$O0z$-9~$_$N2s@~(B(UCOM)$B$G@\B3$7$?$$!#(B
> $B%2!<%H%&%'%$$O(B192.168.101.1$B$G$9!#(B
> 
> $B%[%9%HB&(B(dom0$B$_$?$$$JJ}(B)$B$N@_Dj$H$7$F$O!"(B
> default gateway$B$G(B192.168.100.1$B$r@_Dj$7$F$$$^$9!#(B
> 
> 192.168.100.0/28$B!"(B192.168.101.0/29$B$O$=$l$>$l!"(BFirewall$B!"%V%m!<%I%P%s%I%k!<%?$G(B
> NAPT$B$5$l$F$$$^$9!#(B
> 
> $B!ZLdBj![(B
> 
> $B$3$N$^$^$@$H!"(B192.168.101.2$B$+$i$N1~Ez$,(B192.168.100.1$B$K9T$C$F$7$^$&$N$G!"(B
> $B30It$+$i$N1~Ez$,$G$-$^$;$s!#(B
> 
> $B$=$3$G!"(Bpf$B$r;H$$!"(B192.168.101.2$B$+$i$N1~Ez$O(B192.168.101.1$B$K%k!<%F%#%s%0$9$k$h$&$K@_Dj$7$^$7$?!#(B
> ($B$7$?$D$b$j$G$9(B)
> 
> ----- /etc/pf.conf
> pass out log quick on em0 from 192.168.101.2 to 192.168.101.0/29
> pass out log on em0 route-to (192.168.101.1 em0) from 192.168.101.2
> 
> -----/etc/rc.conf
> defaultrouter="192.168.100.1"
> ifconfig_em0="inet 192.168.100.2 netmask 255.255.255.224"
> ifconfig_em0_alias0="inet 192.168.101.2 netmask 255.255.255.248"
> -----
> 
> $B!Z8=:_$N8=>]![(B
> 
> $B%[%9%H>e$+$i(Bping$B$r$&$C$F$_$^$7$?!#(B
> $B!&(Bping -S 192.168.101.2 192.168.101.1
> $B"*1~Ez$9$k(B
> $B!&(Bping -S 192.168.101.2 8.8.8.8
> $B"*1~Ez$7$J$$"(LdBj(B
> $B!&(Bping -S 192.168.100.2 8.8.8.8
> $B"*1~Ez$9$k(B
> 
> $B$b$A$m$s30It$+$i$N(Bping$B$b1~Ez$7$^$;$s!#(B
> 
> $B%"%I%P%$%9!&%R%s%H$r$$$?$@$1$k$H9,$$$G$9!#(B
> 
> $B!Z4D6-![(B
> FreeBSD 8.2 (x86)
