From owner-FreeBSD-users-jp@jp.FreeBSD.org Mon Sep 15 18:08:16 2008
Received: (from daemon@localhost)
	by castle.jp.FreeBSD.org (8.11.6p2+3.4W/8.11.3) id m8F98GH58450;
	Mon, 15 Sep 2008 18:08:16 +0900 (JST)
	(envelope-from owner-FreeBSD-users-jp@jp.FreeBSD.org)
Received: from po-out-1718.google.com (po-out-1718.google.com [72.14.252.154])
	by castle.jp.FreeBSD.org (8.11.6p2+3.4W/8.11.3) with ESMTP/inet id m8F98GJ58432
	for <FreeBSD-users-jp@jp.freebsd.org>; Mon, 15 Sep 2008 18:08:16 +0900 (JST)
	(envelope-from michio.jinbo@gmail.com)
Received: by po-out-1718.google.com with SMTP id y22so3453091pof.0
        for <FreeBSD-users-jp@jp.freebsd.org>; Mon, 15 Sep 2008 02:08:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:received:received:date:from:to:subject
         :message-id:mime-version:content-type:content-transfer-encoding
         :x-mailer;
        bh=ytxkf5DjX+G30vIFw8ljOIeFykNC6II8ABloVeQNjrA=;
        b=JREL7bKF6eDTf2zC48JT3CV0iX2ov40CXNJ3WPZkozWBxBayz1eA0nHbJoqmVbkNjX
         Nh3ZQm2fbKKkdKm9pR1kZALfedmYSquqE1+XwyvqEczhUxzNEnL21wksglKJjetvKeIB
         FTrjIJswtByasE2CJfwjfpp89zrpfOUflhRmE=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=date:from:to:subject:message-id:mime-version:content-type
         :content-transfer-encoding:x-mailer;
        b=GB1WFfl4Po3IcUcBT9HBK/TADBLkSqL4topUtq0z8d2somzpVmLZDg0Flw8t80vbEZ
         cztM7tsf0N9IfK89R4iIqd+BZnbg2m8sSeZ5wzCU8tMvQvSZpahteN9QKBz3xh5EE+lD
         d5t+/zMHiahv3r7AB/318/oJ9HfvOSyUiYqWI=
Received: by 10.140.164.6 with SMTP id m6mr4629854rve.210.1221469694005;
        Mon, 15 Sep 2008 02:08:14 -0700 (PDT)
Received: from ?127.0.0.1? ( [210.229.61.162])
        by mx.google.com with ESMTPS id b39sm22234884rvf.0.2008.09.15.02.08.12
        (version=SSLv3 cipher=RC4-MD5);
        Mon, 15 Sep 2008 02:08:13 -0700 (PDT)
From: "Michio \"Karl\" Jinbo" <michio.jinbo@gmail.com>
To: FreeBSD-users-jp@jp.FreeBSD.org
Message-Id: <20080915172326.EB71.22FF24F1@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-2022-JP"
Content-Transfer-Encoding: 7bit
X-Mailer: Becky! ver. 2.48 [ja]
Reply-To: FreeBSD-users-jp@jp.FreeBSD.org
Precedence: list
Date: Mon, 15 Sep 2008 18:08:13 +0900
X-Sequence: FreeBSD-users-jp 91826
Subject: [FreeBSD-users-jp 91826] pf+IPv6+bridge
 =?ISO-2022-JP?B?GyRCO34kTjVzRjAkSyREJCQkRhsoQg==?= 
Sender: owner-FreeBSD-users-jp@jp.FreeBSD.org
X-Originator: michio.jinbo@gmail.com
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+060209

$B?@J]$G$9!#(BSPAM$B$h$1$N$?$a$K(Bgmail$B$r;H$C$F$$$^$9!#(B

FreeBSD-users-jp $B$GJ,$+$kJ}$,$$$k$+$I$&$+<+?.$,$J$$$N$G$9$,!"(B
$B$o$+$kJ}$,$$$l$P65$($F$/$@$5$$!#(B

$B8=:_!"(BNTT$BEl$G!"(BB$B%U%l%C%D%O%$%Q!<%U%!%_%j(B+$B$R$+$jEEOC(B+16IP$B$N4D6-$G(B
$B%5!<%P!<$r9=C[$7$F$$$^$9!#(B

$B%5!<%P!<$K$O!"(B2$BKg$N(BNIC(re0,re1)$B$,IU$$$F$*$j!"99$K(Bgif0$B$H(Bgif1$B$G(BIPv6
$B$K$F5?;w%^%k%A%[!<%`$r9T$C$F$*$j$^$9!#(Bre0$B$H(Bre1$B$O(BIPv4$B$G(BNAT$B$r9T$C$F(B
$B$$$^$9!#(B

$B$3$N4D6-$G!"(Bbridge$B$r;H$C$F!"(Bre1$BB&$N(BI/F$B$K$"$k%;%0%a%s%H$+$i!"(B
http://flets-v6.jp/ $B$H$+$,8+$l$l$P$$$$$J!"$H;W$$!"0J2<$N$h$&$K(B
$B@_Dj$r$7$^$7$?!#(B
re0: IPv4 $B%0%m!<%P%k%"%I%l%9(B(default route: $B$R$+$jEEOC%k!<%?!<(B)
     IPv6 $B%0%m!<%P%k%"%I%l%9(B(default route: gif0)
     IPv6 $B%0%m!<%P%k%"%I%l%9(B(feel6$BB&$N%k!<%H$N$_(Bgif1$B$K%k!<%F%#%s%0(B)
re1: IPv4 $B%W%i%$%Y!<%H%"%I%l%9(B
     IPv6$B%"%I%l%9$OIU2C$J$7(B($B%j%s%/%m!<%+%k%"%I%l%9$N$_(B)

$B$3$N>uBV$G!"%V%j%C%8$d(BWindows Vista$B$N@_Dj$7$?7k2L!"(B
$B!&%5!<%P!<B&$+$i$N(BIPv4/IPv6/flets-v6$B$X$N3+DL$O3NG'!#(B
$B!&(Bre1$BB&%M%C%H%o!<%/$+$i$N!"(Bpf$B$r;H$C$?(BNAT$B$G$N%$%s%?!<%M%C%H$X$N@\B3$O(BOK
$B!&(Bre1$BB&%M%C%H%o!<%/$+$i!"(B2001:c90::/32 $B$r$R$+$jEEOCB&%j%s%/%m!<%+%k%"%I%l%9(B
  $B$K%k!<%F%#%s%0$7$F$d$k$3$H$K$h$j!"(Bhttp://flets-v6.jp/ $B$N;kD0$O2DG=!#(B
$B$H$$$&$H$3$m$^$G$O9T$-$^$7$?!#(B
$B$7$+$7!"(Bre1$BB&(B(Windows Vista SP1)$B$+$i!"(Btracertoute$B$r$9$k$H!"(B

C:\Users\karl>tracert 2001:200:xxx:1::1

sv.example.jp [2001:200:xxx:1::1] $B$X$N%k!<%H$r%H%l!<%9$7$F$$$^$9(B
$B7PM3$9$k%[%C%W?t$O:GBg(B 30 $B$G$9(B:

  1  $B08@h%[%9%H$KE~C#$G$-$^$;$s!#(B

$B$H!"$?$I$jCe$1$^$;$s!#$7$+$7!"%5!<%P!<B&$+$i!"(Bping6 Windows$B%^%7%s(B
$B$r9T$&$H!"(B5$B%Q%1%C%H%m%9$7$?8e0L$+$i(Bping$B$,DL$k$h$&$K$J$j$^$9!#$=$&$9$k$H!"(Bre1$BB&$+$i$b(B

C:\Users\karl>tracert 2001:200:xxx:1::1

sv.example.jp [2001:200:xxx:1::1] $B$X$N%k!<%H$r%H%l!<%9$7$F$$$^$9(B
$B7PM3$9$k%[%C%W?t$O:GBg(B 30 $B$G$9(B:

  1    <1 ms    <1 ms    <1 ms  sv.jinbo.jp [2001:200:xxx:1::1]

$B%H%l!<%9$r40N;$7$^$7$?!#(B

$B$H!"@\B3$G$-$k$h$&$K$J$j$^$9!#(B($B$b$A$m$s(BVista$B%^%7%s$K$b8GDj$G(BIPv6$B%"%I%l%9$r(B
$B?6$j!"%G%U%)%k%H%k!<%H$rIz$;;~$N%^%7%s$K$7$F$"$j$^$9(B)$B!#$7$+$7!"$7$P$i$/(B
$B$9$k$H$^$?E~C#$G$-$J$/$J$j$^$9!#(B
$B0l1~Iz$;;z$K$O$7$F$"$j$^$9$,!"$+$J$j$N>pJs$r!";d$N%V%m%0$N!V%5!<%P!<9=C[!W$N(B
$B%+%F%4%j$K;/$7$F$$$k$N$G!"$=$A$i$b8+$F$b$i$&$H$h$m$7$$$+$b$7$l$^$;$s!#(B

$B$^$?!":#2s4X78$7$=$&$J!"@_Dj>pJs$r=q$$$F$*$-$^$9!#(B
/etc/rc.conf
pf_enable="YES"
pf_rules="/etc/pf.rules"
pf_flags=""
pflog_enable="YES"
pflog_logfile="/var/log/pflog"
pflog_program="/sbin/pflogd"
pflog_flags=""
network_interfaces="auto"
cloned_interfaces="gif0 gif1 bridge0"
ifconfig_re0="inet 210.229.xx.xxx netmask 255.255.255.240"
ifconfig_re1="inet 192.168.yy.yyy netmask 255.255.255.0"
gif_interfaces="gif0"
gifconfig_gif0="210.229.xx.xxx zzz.zz.zzz.zzz"
r.
autobridge_interfaces="bridge0"
autobridge_bridge0="re0 re1"
ifconfig_bridge0="up"
defaultrouter="210.229.aa.aaa"
gateway_enable="YES"
router_enable="YES"
router="/sbin/routed"
router_flags="-q"
ipv6_network_interfaces="auto"
ipv6_defaultrouter="-interface gif0"
ipv6_static_routes="flets"
ipv6_route_flets="2001:c90::/32 $B$R$+$jEEOC%k!<%?!<$N%j%s%/%m!<%+%k%"%I%l%9(B%re0"
ipv6_gateway_enable="YES"
ipv6_router_enable="YES"
ipv6_router="/usr/sbin/route6d"
ipv6_router_flags="-A 2001:200:xxx::/48,gif0 -O 2001:200:xxx::/48,gif0"
ipv6_ifconfig_re0="2001:200:xxx:1::1 prefixlen 64"
ipv6_ifconfig_re0_alias0="2001:3e0:yyy:1::1 prefixlen 64"
ipv6_ifconfig_re0_alias1="2001:c90:zzzz:zzzz:zzz:zzzz:zzzz:zzzz prefixlen 64"
ipv6_default_interface="NO"
rtadvd_enable="NO"

/etc/pf.rules($BLdBj$r%7%s%W%k$K$9$k$?$a$K!"%,%i%,%i$K3+$1$F$$$^$9(B)
int_if = "re1"
ext_if = "re0"
gif0_if = "gif0"
gif1_if = "gif1"
bridge_if = "bridge0"
priv_nets = "{ 192.168.4.0/24 }"

set block-policy return
#set loginterface $ext_if
set loginterface $bridge_if
nat on $ext_if from !($ext_if) to any -> ($ext_if)
pass quick log on $bridge_if all
block log all
pass quick on lo0 all
pass quick on $ext_if all
pass quick on $int_if all
pass quick on $gif0_if all
pass quick on $gif1_if all
block on $bridge_if all
pass quick on $bridge_if inet6 all

http://www.flets-v6.jp/ $B$OLdBj$J$/8+$l$k$3$H!"(Bping6$B$O0l2sDL$l$P(B
$B$7$P$i$/$OLdBj$J$$$3$H$+$i!"(Bpf$B$N@_Dj$G2?$+LdBj$,$"$k$N$+$J!"(B
$B$H;W$&$N$G$9$,!"(Bpf$B$O=i$a$F;H$&$N$G!"%^%K%e%"%k$rFI$s$G$b$J$+$J$+(B
$BM}2r$G$-$^$;$s!#$3$N$h$&$JLdBj$r$o$+$kJ}$O$$$i$C$7$c$$$^$9$+!)(B

$B$A$J$_$K4D6-$O!":rF|(Bcsup$B$7$?!"(B7-STABLE(PRERELEASE)$B$G$9!#(B
$B$h$m$7$/$*4j$$$$$?$7$^$9!#(B

-----
  $B?@J]F;IW!w8D?MB>(B
     e-mail: karl _at_ muc.biglobe.ne.jp: $B8x3+%a%$%s%"%I%l%9(B
     e-mail: karl _at_ ebug.jp: Echigo BSD Users Group(EBUG)$BMQ(B
     blog: http://karl0204.at.webry.info/

($B8fMQ$NJ}$O%a%$%s%"%I%l%9$KAw$C$F$/$@$5$$(Bm(__)m)
