From owner-freebsd-hackers Tue Jun 11 14:47: 7 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from cody.jharris.com (cody.jharris.com [205.238.128.83]) by hub.freebsd.org (Postfix) with ESMTP id 6D11837B407 for ; Tue, 11 Jun 2002 14:46:55 -0700 (PDT) Received: from localhost (nick@localhost) by cody.jharris.com (8.11.1/8.9.3) with ESMTP id g5BMA4k43264; Tue, 11 Jun 2002 17:10:08 -0500 (CDT) (envelope-from nick@rogness.net) Date: Tue, 11 Jun 2002 17:10:03 -0500 (CDT) From: Nick Rogness X-Sender: nick@cody.jharris.com To: John Nielsen Cc: hackers@FreeBSD.ORG Subject: Re: gif(4) tunnel through MSN DSL modem In-Reply-To: <019001c2118d$1a7ee560$0900a8c0@max> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue, 11 Jun 2002, John Nielsen wrote: > > On Tue, 11 Jun 2002, John Nielsen wrote: > > > > > > > > My best guess would be that the modem is doing some anti-spoofing > > between it's interfaces to prevent packets coming from the inside > > having it's outside IP. You will be able to tell if NO ipencap > > packets are received on the remote BSD machine. > > Could you elaborate on this? Since that does seem to be the problem (or at > least a strong candidate), what would I have to do to work around this? I > don't suppose it's possible to create a gif tunnel inside an ssh tunnel, is > it? Well it's simple. The modem has 2 interfaces, one with the public_ip and one with the private_ip (which connects to your network). To prevent spoofing, the modem could only allow traffic from certain private IP's and/or not allow packets with it's public address in/out via it's private interface. Nick Rogness - Don't mind me...I'm just sniffing your packets To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message