From owner-FreeBSD-users-jp@jp.FreeBSD.org Tue Aug 23 16:13:40 2011
Received: (from daemon@localhost)
	by castle.jp.FreeBSD.org (8.11.6p2+3.4W/8.11.3) id p7N7DeZ46498;
	Tue, 23 Aug 2011 16:13:40 +0900 (JST)
	(envelope-from owner-FreeBSD-users-jp@jp.FreeBSD.org)
Received: from mail-qy0-f177.google.com (mail-qy0-f177.google.com [209.85.216.177])
	by castle.jp.FreeBSD.org (8.11.6p2+3.4W/8.11.3) with ESMTP/inet id p7N7DdK46493
	for <freebsd-users-jp@jp.freebsd.org>; Tue, 23 Aug 2011 16:13:40 +0900 (JST)
	(envelope-from toshimasa.matsuoka@gmail.com)
Received: by qyk2 with SMTP id 2so4540091qyk.1
        for <freebsd-users-jp@jp.freebsd.org>; Tue, 23 Aug 2011 00:13:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type:content-transfer-encoding;
        bh=0dO367OeFpi5EE0gXMTfFRS/YX17XZ+whikNkRHQ7j0=;
        b=PTe0erJaO/nwvPU5avOov6TX9qao0JHUI9qzeNaQm+f8MXi/95uoS7SXLiPTGNXzIG
         0tfGmoip9MuumNaKE/gKS7ImoMOPbchYvxv4D/MVzNVI5s1fEX8qD7Tb6T2Mluy7y1Bm
         z9z/jQ3K2PTQ5qPJnMvx1ABQFtu7nA0XhOkDQ=
MIME-Version: 1.0
Received: by 10.229.62.103 with SMTP id w39mr2042588qch.59.1314083612345; Tue,
 23 Aug 2011 00:13:32 -0700 (PDT)
Received: by 10.229.99.193 with HTTP; Tue, 23 Aug 2011 00:13:32 -0700 (PDT)
In-Reply-To: <20110823.074101.01373524.eakasaka@rodfbs.jp>
References: <CAFpFMofs0iriff0T51HxU3oZun4LnFcCi_JJfnTuWapmnc-qZQ@mail.gmail.com>
	<20110823.074101.01373524.eakasaka@rodfbs.jp>
Message-ID: <CAFpFMofjJqPDjLvpr0DWAhhCMSidK+K=GSJNYJmuh_hsrYgkSA@mail.gmail.com>
From: =?ISO-2022-JP?B?GyRCPj4yLE14PjsbKEI=?= <toshimasa.matsuoka@gmail.com>
To: freebsd-users-jp@jp.FreeBSD.org
Content-Type: text/plain; charset=ISO-2022-JP
Content-Transfer-Encoding: 7bit
Reply-To: FreeBSD-users-jp@jp.FreeBSD.org
Precedence: list
Date: Tue, 23 Aug 2011 16:13:32 +0900
X-Sequence: FreeBSD-users-jp 93503
Subject: [FreeBSD-users-jp 93503] Re: pf =?ISO-2022-JP?B?GyRCJE4bKEI=?=
 =?ISO-2022-JP?B?GyRCQF9EaiRLJEQkJCRGGyhC?= 
Sender: owner-FreeBSD-users-jp@jp.FreeBSD.org
X-Originator: toshimasa.matsuoka@gmail.com
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+060209

$B>>2,$G$9!#(B

$B$($j$j$s$5$^!"@?$K$"$j$,$H$&$4$6$$$^$9!*!*!*!*!*!*!*!*(B
$B!V(Bpf $B%^%k%A%U%)!<%`!W8!:w$7!"2r7hJ}K!$rM}2r$7$^$7$?!#(B
route-to$B$@$1$@$H!"30It$+$i$N@\B3$X$N1~Ez$O=hM}$7$F$/$l$J$$$N$G$9$M!#(B

$B2<5-$N%5%$%H$r;29M$K$7$^$7$F2r7h$7$^$7$?!#(B
http://www.gentei.org/~yuuji/rec/pc/memo/2009/03/07/index.html

>> ----- /etc/pf.conf
>> pass out log quick on em0 from 192.168.101.2 to 192.168.101.0/29
>> pass out log on em0 route-to (192.168.101.1 em0) from 192.168.101.2

$B$3$A$i$G$9$,!"2<5-$N$h$&$K=q$-49$($^$7$?!#(B

pass out quick on em0 from 192.168.101.2 to 192.168.101.0/29
pass in quick on em0 reply-to (em0 192.168.101.1) from any to 192.168.101.2
pass out on em0 route-to (em0 192.168.101.1) from 192.168.101.2

reply-to$B$r<+J,08$r>r7o$K@_Dj$9$k$3$H$G>e<j$/$$$-$^$7$?!#(B

$BE*3N$J%]%$%s%?BgJQ=u$+$j$^$7$?!#(B

$B$"$j$,$H$&$4$6$$$^$7$?!#(B

$B0J>e!"59$7$/$*4j$$CW$7$^$9!#(B



2011$BG/(B8$B7n(B23$BF|(B7:41  <eakasaka@rodfbs.jp>:
> $B$($j$j$s$G$9!#(B
> $B$^$@$I$J$?$bJV?.$5$l$F$J$$$h$&$J$N$G!#(B
>
> $BB?J,(B route-to $B$@$1$G$J$/(B reply-to $B$b;H$o$J$/$F$O$&$^$/$$$+$J$+$C$?$h$&$J5-21$,!#(B
> 7$B0L$^$G(BIPv6$B$G$7$+$d$C$F$J$$$N$G$9$,!":Q$_$^$;$s:#;~4V$J$$$N$G(B Google $B$J$I$G(B
> $B!V(Bpf $B%^%k%A%[!<%`!W$J$I$G8!:w$5$l$?$i$I$&$G$7$g$&$+!#!V!W$O8!:w$G$O$H$C$F2<$5$$!#(B
> $B<+J,$O2?G/$+A0$=$l$G=P$FMh$?%Z!<%8$r$$$/$D$+;29M$K$7$J$,$i$d$C$?5-21$,$"$j$^$9!#(B
> NetBSD $B$d(B OpenBSD $B$N%Z!<%8$b;29M$K$J$k$H;W$$$^$9!#(B
>
> From: $B>>2,Mx>;(B <toshimasa.matsuoka@gmail.com>
> Subject: [FreeBSD-users-jp 93498] pf $B$N@_Dj$K$D$$$F(B
> Date: Fri, 19 Aug 2011 20:56:05 +0900
>
>> $B>>2,$H?=$7$^$9!#(B
>>
>> pf$B$N@_Dj$,$&$^$/$$$+$:!"G:$s$G$*$j$^$9!#(B
>>
>> $BF1MM$NLdBj$r2r7h$5$l$?J}$,$$$i$C$7$c$$$^$7$?$i!"(B
>> $B$b$7$/$O$4?F@Z$JJ}$,%"%I%P%$%9$$$?$@$1$k$H=u$+$j$^$9!#(B
>>
>> $B!ZGX7J![(B
>>
>> router(DC$BDs6!(B)     router(UCOM)
>> 192.168.100.1     192.168.101.1
>>         |                         |
>>        +------------------------+
>>                      |
>>                  [HOST]
>>      jail1:www.example.com 192.168.100.2
>>      jail2:upload.example.com 192.168.101.2
>>
>>
>> jail$B$G2<5-$N$h$&$K#2$D$N%5%$%H$r2>A[2=$7$F$$$^$9!#(B
>> www.example.com 192.168.100.2/28
>> upload.example.com 192.168.101.2/29
>>
>> www.example.com(192.168.100.2)$B$O%G!<%?%;%s%?!<$NBS0hJ]>Z2s@~$G@\B3$7$?$$!#(B
>> $B%2!<%H%&%'%$$O(B192.168.100.1$B$G$9!#(B
>>
>> upload.example.com(192.168.101.2)$B$O0z$-9~$_$N2s@~(B(UCOM)$B$G@\B3$7$?$$!#(B
>> $B%2!<%H%&%'%$$O(B192.168.101.1$B$G$9!#(B
>>
>> $B%[%9%HB&(B(dom0$B$_$?$$$JJ}(B)$B$N@_Dj$H$7$F$O!"(B
>> default gateway$B$G(B192.168.100.1$B$r@_Dj$7$F$$$^$9!#(B
>>
>> 192.168.100.0/28$B!"(B192.168.101.0/29$B$O$=$l$>$l!"(BFirewall$B!"%V%m!<%I%P%s%I%k!<%?$G(B
>> NAPT$B$5$l$F$$$^$9!#(B
>>
>> $B!ZLdBj![(B
>>
>> $B$3$N$^$^$@$H!"(B192.168.101.2$B$+$i$N1~Ez$,(B192.168.100.1$B$K9T$C$F$7$^$&$N$G!"(B
>> $B30It$+$i$N1~Ez$,$G$-$^$;$s!#(B
>>
>> $B$=$3$G!"(Bpf$B$r;H$$!"(B192.168.101.2$B$+$i$N1~Ez$O(B192.168.101.1$B$K%k!<%F%#%s%0$9$k$h$&$K@_Dj$7$^$7$?!#(B
>> ($B$7$?$D$b$j$G$9(B)
>>
>> ----- /etc/pf.conf
>> pass out log quick on em0 from 192.168.101.2 to 192.168.101.0/29
>> pass out log on em0 route-to (192.168.101.1 em0) from 192.168.101.2
>>
>> -----/etc/rc.conf
>> defaultrouter="192.168.100.1"
>> ifconfig_em0="inet 192.168.100.2 netmask 255.255.255.224"
>> ifconfig_em0_alias0="inet 192.168.101.2 netmask 255.255.255.248"
>> -----
>>
>> $B!Z8=:_$N8=>]![(B
>>
>> $B%[%9%H>e$+$i(Bping$B$r$&$C$F$_$^$7$?!#(B
>> $B!&(Bping -S 192.168.101.2 192.168.101.1
>> $B"*1~Ez$9$k(B
>> $B!&(Bping -S 192.168.101.2 8.8.8.8
>> $B"*1~Ez$7$J$$"(LdBj(B
>> $B!&(Bping -S 192.168.100.2 8.8.8.8
>> $B"*1~Ez$9$k(B
>>
>> $B$b$A$m$s30It$+$i$N(Bping$B$b1~Ez$7$^$;$s!#(B
>>
>> $B%"%I%P%$%9!&%R%s%H$r$$$?$@$1$k$H9,$$$G$9!#(B
>>
>> $B!Z4D6-![(B
>> FreeBSD 8.2 (x86)
>
