From owner-freebsd-pf@FreeBSD.ORG Mon Jun 27 14:47:25 2011 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 577E8106564A for ; Mon, 27 Jun 2011 14:47:25 +0000 (UTC) (envelope-from ml@my.gd) Received: from mail-wy0-f182.google.com (mail-wy0-f182.google.com [74.125.82.182]) by mx1.freebsd.org (Postfix) with ESMTP id EAAD28FC19 for ; Mon, 27 Jun 2011 14:47:24 +0000 (UTC) Received: by wyg24 with SMTP id 24so1972851wyg.13 for ; Mon, 27 Jun 2011 07:47:24 -0700 (PDT) Received: by 10.227.10.210 with SMTP id q18mr5594483wbq.44.1309186043951; Mon, 27 Jun 2011 07:47:23 -0700 (PDT) Received: from dfleuriot-at-hi-media.com ([83.167.62.196]) by mx.google.com with ESMTPS id fr17sm4145478wbb.6.2011.06.27.07.47.22 (version=SSLv3 cipher=OTHER); Mon, 27 Jun 2011 07:47:22 -0700 (PDT) Message-ID: <4E0897F9.30204@my.gd> Date: Mon, 27 Jun 2011 16:47:21 +0200 From: Damien Fleuriot User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.18) Gecko/20110616 Thunderbird/3.1.11 MIME-Version: 1.0 To: freebsd-pf@freebsd.org References: In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Subject: Re: PF + route-to + gif weird behavior (bug ?) X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Jun 2011 14:47:25 -0000 On 6/27/11 12:50 PM, Schmurfy wrote: > Hi, > I just came across a problem with route-to and gif interfaces. > First, here is my rc.conf: > > # Router > ifconfig_em0="inet 10.11.12.212/24" > defaultrouter="10.11.12.253" > gateway_enable="YES" > > static_routes="gif_endpoint" > route_visp="10.11.20.1/32 10.11.12.213" > I'd like to point out you declare a gif_endpoint static route, but it doesn't exist. Similarly a route called route_visp exists but is not declared as a static route. > pf_enable="YES" > pf_rules="/etc/pf.conf" > pflog_enable="YES" > > # IPIP tunnels > gif_interfaces="gif1001" > > ifconfig_em0_alias0="inet 10.11.20.2/32" > ifconfig_em0_alias1="inet 192.168.254.1/32" > gifconfig_gif1001="10.11.20.2 10.11.20.1" > ifconfig_gif1001="inet 1.2.3.1 1.2.3.2 netmask 255.255.255.252" > > > > > > What I wanted to do is to redirect incoming connections on the external > interface (em0) on a specific address to a gif tunnel, my problem is that > the packet is redirected so that part works but the packet exiting the em0 > interfaces (the gif tunnel is also using em0) has a wrong ipip header: the > source address is the first address assigned to em0 instead of the alias > added for the gif tunnel. This looks like a case where you'd like to NAT then. Use PF to say you'll be NATing, so that you can force the correct IP ?