Date: Mon, 27 Jun 2011 16:47:21 +0200 From: Damien Fleuriot <ml@my.gd> To: freebsd-pf@freebsd.org Subject: Re: PF + route-to + gif weird behavior (bug ?) Message-ID: <4E0897F9.30204@my.gd> In-Reply-To: <BANLkTi=shfdbhXBjdELc_mwBX1z6ZxHuYw@mail.gmail.com> References: <BANLkTi=shfdbhXBjdELc_mwBX1z6ZxHuYw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 6/27/11 12:50 PM, Schmurfy wrote: > Hi, > I just came across a problem with route-to and gif interfaces. > First, here is my rc.conf: > > # Router > ifconfig_em0="inet 10.11.12.212/24" > defaultrouter="10.11.12.253" > gateway_enable="YES" > > static_routes="gif_endpoint" > route_visp="10.11.20.1/32 10.11.12.213" > I'd like to point out you declare a gif_endpoint static route, but it doesn't exist. Similarly a route called route_visp exists but is not declared as a static route. > pf_enable="YES" > pf_rules="/etc/pf.conf" > pflog_enable="YES" > > # IPIP tunnels > gif_interfaces="gif1001" > > ifconfig_em0_alias0="inet 10.11.20.2/32" > ifconfig_em0_alias1="inet 192.168.254.1/32" > gifconfig_gif1001="10.11.20.2 10.11.20.1" > ifconfig_gif1001="inet 1.2.3.1 1.2.3.2 netmask 255.255.255.252" > > > > > > What I wanted to do is to redirect incoming connections on the external > interface (em0) on a specific address to a gif tunnel, my problem is that > the packet is redirected so that part works but the packet exiting the em0 > interfaces (the gif tunnel is also using em0) has a wrong ipip header: the > source address is the first address assigned to em0 instead of the alias > added for the gif tunnel. This looks like a case where you'd like to NAT then. Use PF to say you'll be NATing, so that you can force the correct IP ?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4E0897F9.30204>