From owner-freebsd-net Mon Mar 11 4:21:44 2002 Delivered-To: freebsd-net@freebsd.org Received: from mail.flarion.com (mail.flarion.com [63.103.94.23]) by hub.freebsd.org (Postfix) with ESMTP id E3EE037B402 for ; Mon, 11 Mar 2002 04:21:39 -0800 (PST) Received: by rrmail01.lab.flarion.com with Internet Mail Service (5.5.2653.19) id ; Sun, 10 Mar 2002 14:40:52 -0500 Message-ID: <8C92E23A3E87FB479988285F9E22BE460235FB@ftmail> From: Matt Impett To: "'freebsd-net@freebsd.org'" Subject: FW: policy routing to tunnels.. Date: Sun, 10 Mar 2002 14:40:45 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > Hello.. I am working on a mobileIP implementation on freeBSD, and I have a > question about how to do something with the freeBSD IP networking stack. > This is the jist: > > Basically, what I want to be able to do is to add a policy route to a > freebsd router so that it will take packets with specific source addresses > and pass them to a tunnel. Now, I have seen examples of the ipfw command > that would handle this, but I don't think they apply to me. This is why: > > I have created a gif tunnel and have set the physsrc and physdest > addresses of the tunnel but I have not actually given the point to point > interface its addresses (ie, with the ifconfig command, or something > similar). The reason why is that for the majority of the tunnel lifetime, > I do not want to transmit any packets on it, but only receive. Therefore, > I want no route to the tunnel for any IP addresses. However, at some > point during the tunnel lifetime, I may want to redirect packets with > particular source addresses into the tunnel. > > Now, if I had a routing table entry which pointed to the tunnel, something > like this: > Destination Gateway Netif > a.b.c.d gif0 gif0 > > then I guess I could do something like this with ipfw: > ipfw add fwd a.b.c.d ip from to any > > However, I have no routes in my routing table for this tunnel. The reason > why is there is no destination address which I always want to tunnel for. > I really only want to tunnel based on source address. (As I side note, > would the above work?? I ask because I guess a hack to make this work > would be to make up a dummy private IP and put a route in for it using my > tunnel as outgoing interface, then I could use the firewalling code to > direct packets to that "fake route".. ugh..) > > My question then is it is possible to route packets with particular source > addresses directly to a particular interface?? Or, is there some other way > I could accomplish this same thing?? > > Now, for anyone familiar with mobileIP and wondering what exactly I am > trying to do with all this craziness, I am trying to implement mobileIP > reverse tunneling (RFC 2344). > > Also, I have never posted here before, so I don't really know the > protocol, but here is some (potentially) useful info: > FreeBSD version: 4.4-RC5 > > thanks for your time, > matt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message