From owner-freebsd-questions@FreeBSD.ORG  Tue Jun  7 08:26:18 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: questions@FreeBSD.org
Delivered-To: freebsd-questions@FreeBSD.ORG
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 812B516A41C
	for <questions@FreeBSD.org>; Tue,  7 Jun 2005 08:26:18 +0000 (GMT)
	(envelope-from grog@lemis.com)
Received: from blackwater.lemis.com (wantadilla.lemis.com [192.109.197.135])
	by mx1.FreeBSD.org (Postfix) with ESMTP id A403243D1D
	for <questions@FreeBSD.org>; Tue,  7 Jun 2005 08:26:16 +0000 (GMT)
	(envelope-from grog@lemis.com)
Received: by blackwater.lemis.com (Postfix, from userid 1004)
	id E0DEF8568E; Tue,  7 Jun 2005 17:56:14 +0930 (CST)
Date: Tue, 7 Jun 2005 17:56:14 +0930
From: Greg 'groggy' Lehey <grog@FreeBSD.org>
To: FreeBSD Questions <questions@FreeBSD.org>
Message-ID: <20050607082614.GA64194@wantadilla.lemis.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="Ul2mxMk0z4RYCW0d"
Content-Disposition: inline
User-Agent: Mutt/1.4.2.1i
Organization: The FreeBSD Project
Phone: +61-8-8388-8286
Fax: +61-8-8388-8725
Mobile: +61-418-838-708
WWW-Home-Page: http://www.FreeBSD.org/
X-PGP-Fingerprint: 9A1B 8202 BCCE B846 F92F  09AC 22E6 F290 507A 4223
Cc: 
Subject: Problems with gif tunnels
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Jun 2005 08:26:18 -0000


--Ul2mxMk0z4RYCW0d
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

I've just installed an ADSL line, and I'm trying to route a class C
network.  For some reason the ISP does this kind of routing via a GRE
tunnel, and I'm having the devil's own job getting it to work.  Here's
the current situation:

1.  ADSL line is up and running.  I have a /30 with the following
    addresses:

    150.101.14.9		gateway address
    150.101.14.10		local address

2.  To this line, I want to install a tunnel for 192.109.197.0/24.
    The ISP tells me to set up a tunnel between the local address
    (150.101.14.10) and their tunnel address 203.16.215.227.
    According to recent (5.x) documentation, this should be done with:

      ifconfig gif0 tunnel 150.101.14.10 203.16.215.227 up

3.  Obviously I also need to have IP forwarding enabled.

So I do all this and get:
   =20
  xl0: flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
          options=3D9<RXCSUM,VLAN_MTU>
          inet 192.109.197.143 netmask 0xffffff00 broadcast 192.109.197.255
          inet6 fe80::204:75ff:fefa:a80%xl0 prefixlen 64 scopeid 0x1=20
          ether 00:04:75:fa:0a:80
          media: Ethernet autoselect (10baseT/UTP)
          status: active
  rl0: flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
          options=3D8<VLAN_MTU>
          inet6 fe80::202:44ff:fe59:7076%rl0 prefixlen 64 scopeid 0x2=20
          inet 150.101.14.10 netmask 0xfffffffc broadcast 150.101.14.11
          ether 00:02:44:59:70:76
          media: Ethernet autoselect (10baseT/UTP)
          status: active
  gif0: flags=3D8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1452
          tunnel inet 150.101.14.10 --> 203.16.215.227
          inet6 fe80::204:75ff:fefa:a80%gif0 prefixlen 64 scopeid 0x5=20
 =20
  Destination        Gateway            Flags    Refs      Use  Netif Expire
  default            150.101.14.9       UGS         0        7    rl0
  150.101.14.8/30    link#2             UC          0        0    rl0
  150.101.14.9       00:90:1a:40:09:98  UHLW        2        2    rl0    903
  192.109.197        link#1             UC          0        0    xl0
  192.109.197.135    00:10:4b:66:1e:e9  UHLW        0     6757    xl0   1056
  192.109.197.137    00:50:da:cf:07:35  UHLW        0    99336    xl0   1188
  192.109.197.255    ff:ff:ff:ff:ff:ff  UHLWb       0    34521    xl0
  203.16.215.227     150.101.14.9       UGHS        1        4    rl0

  net.inet.ip.forwarding: 1

I then get somebody from the other end to ping me:

  17:49:10.228597 IP 203.16.215.227 > 150.101.14.10: IP 192.83.231.16 > 192=
.109.197.145: icmp 64: echo request seq 6908
  17:49:11.229188 IP 203.16.215.227 > 150.101.14.10: IP 192.83.231.16 > 192=
.109.197.145: icmp 64: echo request seq 6909

But that's all.  Nothing goes out.  I've tried this on different
systems, and I know somebody else who is using what looks like an
identical configuration with this ISP, and it works fine.  I've tried
different systems, one and two NICs, 4.x and 5.x, all with the same
(non)result.  What am I missing?

Greg
--
The virus contained in this message was not detected.

When replying to this message, please copy the original recipients.
If you don't, I may ignore the reply or reply to the original recipients.
For more information, see http://www.lemis.com/questions.html

Finger grog@FreeBSD.org for PGP public key.
See complete headers for address and phone numbers.

--Ul2mxMk0z4RYCW0d
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (FreeBSD)

iD8DBQFCpVomIubykFB6QiMRAqPDAJ0SKrg5JWZOqh0HamW3TqdeZLfdzQCglgt2
bWNrnaSt3U6HAirlm5Cgbyw=
=k7Hm
-----END PGP SIGNATURE-----

--Ul2mxMk0z4RYCW0d--