From owner-freebsd-net Thu Oct 31 0:57: 2 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EBAAC37B66B for ; Thu, 31 Oct 2002 00:56:58 -0800 (PST) Received: from smtp030.tiscali.dk (smtp030.tiscali.dk [212.54.64.105]) by mx1.FreeBSD.org (Postfix) with ESMTP id B908243E75 for ; Thu, 31 Oct 2002 00:56:46 -0800 (PST) (envelope-from thomas@gielfeldt.dk) Received: from [10.0.0.127] (213.237.34.52.adsl.suoe.worldonline.dk [213.237.34.52]) by smtp030.tiscali.dk (8.12.5/8.12.5) with SMTP id g9V8uXp4000656 for ; Thu, 31 Oct 2002 09:56:33 +0100 (MET) From: Thomas Gielfeldt Subject: Connecting two LANs via VPN and Filtering To: freebsd-net@freebsd.org Date: Thu, 31 Oct 2002 09:52:11 +0100 Lines: 50 Message-ID: Mime-Version: 1.0 Content-Transfer-Encoding: 7bit X-Mailer: Kaufman Mail Warrior 3,61 Final Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Thomas Gielfeldt wrote on 26-10-02 20:22:15: Hi I have now finally bridged my two networks over the internet using vtun + netgraph. +--------------+ | Cisco Router | --------------- +--------------+ <172.16.0.1/16> | | | +--------------+ | Switch | +--------------+ / \ / \ / \ / \ <172.16.1.1/16> +-----------+ +-----------+ <172.16.2.1/16> ----------------- | Gateway A | | Gateway B | ----------------- <10.0.1.1/16> +-----------+ +-----------+ <10.0.2.1/16> | | | | | | +------------------------------+ +------------------------------+ | Network A | | Network B | | | | | | | | | | | | | | +---------+ +---------+ | | +---------+ +---------+ | | | Host A1 | | Host A2 | | | | Host B1 | | Host B2 | | | +---------+ +---------+ | | +---------+ +---------+ | | <10.0.1.2/16> <10.0.1.3/16> | | <10.0.2.2/16> <10.0.2.3/16> | +------------------------------+ +------------------------------+ The VTun creates the interface tap0 and I use the ether.bridge script (found in /usr/share/examples/netgraph/) to bridge the tap0 interface and the LAN interface. However, mow I'm faced with a new problem. Each net has its own DHCP-server, which causes the problem that hosts on e.g. Network B receives an IP from the DHCP-server on Network A. This not actually a problem, but I would still like to make the separation if the IP-ranges to each Network. I was thinking of something like filtering the tap0 on IP level. Ipfilter cannot be used though, as it thinks it receives all data from the LAN interface due to the bridge. So you probably have to filter via netgraph? Could somebody please help me on how to solve this. Examples will be appreciated. Thanks in advance. Best Regards Thomas Gielfeldt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message