From owner-freebsd-questions Tue Jan 15 5:10: 2 2002 Delivered-To: freebsd-questions@freebsd.org Received: from axl.seasidesoftware.co.za (axl.seasidesoftware.co.za [196.31.7.201]) by hub.freebsd.org (Postfix) with ESMTP id 018C037B405 for ; Tue, 15 Jan 2002 05:09:57 -0800 (PST) Received: from sheldonh (helo=axl.seasidesoftware.co.za) by axl.seasidesoftware.co.za with local-esmtp (Exim 3.33 #1) id 16QTNz-000ELu-00 for freebsd-questions@FreeBSD.org; Tue, 15 Jan 2002 15:12:19 +0200 From: Sheldon Hearn To: freebsd-questions@FreeBSD.org Subject: IPv4 tunnelling Date: Tue, 15 Jan 2002 15:12:19 +0200 Message-ID: <55173.1011100339@axl.seasidesoftware.co.za> Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi folks, We're planning to migrate our entire colocated site (mail and web servers) to a new provider. During the propogation period required for DNS updates, we'd like to leave the old firewall in place and have it tunnel packets to the new firewall, presumably using gif(4). However, I want to make sure that clients picking up the new DNS records will be able to connect directly to the new addresses of our hosts. When I set up the gif(4) tunnel between the two firewalls, will I be able to configure things such that: Client Client | | | Using stale DNS record: | Using new DNS record: | mail.example.com = 4.3.2.10 | mail.example.com = 7.6.5.10 v v Router (4.3.2.1) Router (7.6.5.1) | | v v Old FW ---------------------> New FW -------> Mail Server (4.3.2.2) gif(4) tunnel (7.6.5.2) (10.0.0.10) (4.3.2.2 <-> 7.6.5.2) Basically, I need to know what to do to make sure that replies to traffic that reaches the mail server via the tunnel don't go out through 7.6.5.1 and that traffic that arrives via 7.6.5.1 doesn't have its replies sent via the tunnel. TIA Sheldon. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message