From owner-freebsd-questions@FreeBSD.ORG Mon Aug 20 09:46:15 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6D98A16A418 for ; Mon, 20 Aug 2007 09:46:15 +0000 (UTC) (envelope-from mnslinky@gmail.com) Received: from py-out-1112.google.com (py-out-1112.google.com [64.233.166.180]) by mx1.freebsd.org (Postfix) with ESMTP id 11B5B13C459 for ; Mon, 20 Aug 2007 09:46:14 +0000 (UTC) (envelope-from mnslinky@gmail.com) Received: by py-out-1112.google.com with SMTP id u77so1998579pyb for ; Mon, 20 Aug 2007 02:46:14 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:in-reply-to:references:mime-version:content-type:message-id:cc:content-transfer-encoding:from:subject:date:to:x-mailer; b=civ+4adoiUQtBVAnwJ+k1F/zo4CmBFnA6TcgGLy+/sPjuLxNeEtIppymwpeyvL5jVEfaXK3nVHUl5FYXVogG8HtNzxeLypdAR94dru7Ne0M1x5DIcLu+WFDMG5N3Tv+fZDYHNtne+95nYNH3TuiV9XLDVEnHAgPLh4DOs1gxm2I= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:in-reply-to:references:mime-version:content-type:message-id:cc:content-transfer-encoding:from:subject:date:to:x-mailer; b=RmI6Qw7HQEPXSxYmzk+INO7UNXLy0ASud/yPEHOU8DMGZHBTpjYFinQMldJpG3olhX/Rt9Geu9Jj4GxWOz+NtWQeLMz1vtCuEo4QquDJC8/pFJQZMcaAcZGlw+CokDf65buK71fHOzm7L0hHxJYZCD96FfrkSiOxXRUomfBBn9U= Received: by 10.35.45.14 with SMTP id x14mr7216889pyj.1187603173977; Mon, 20 Aug 2007 02:46:13 -0700 (PDT) Received: from ?192.168.1.3? ( [209.240.66.157]) by mx.google.com with ESMTPS id a70sm8382319pye.2007.08.20.02.46.11 (version=SSLv3 cipher=OTHER); Mon, 20 Aug 2007 02:46:13 -0700 (PDT) In-Reply-To: <46C9423A.70101@clearchain.com> References: <46C9423A.70101@clearchain.com> Mime-Version: 1.0 (Apple Message framework v752.3) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <7ABCB14C-5C6A-4091-B90F-59F16E5F7FAC@gmail.com> Content-Transfer-Encoding: 7bit From: Eric Crist Date: Mon, 20 Aug 2007 04:46:07 -0500 To: Benjamin Close X-Mailer: Apple Mail (2.752.3) Cc: freebsd-questions@freebsd.org Subject: Re: IPv4 over IPV4 on the same network segment X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Aug 2007 09:46:15 -0000 On Aug 20, 2007, at 2:26 AMAug 20, 2007, Benjamin Close wrote: > > Hi Folks, > I've got to route a network over an ipv4 tunnel between to > machines which have their parent link on the same network segment. > Everything works well except for people trying to access the > external address of one of the link machines: ie: > > > Physical 120.1.1.2 (xl0)---------------------------> 120.1.1.3 > (sk0) > Tunnel > 192.168.3.1(gif0) --------------> 192.168.0.1 (gif0) > | | > NET1 (xl1) NET 2 (sk1) > 192.168.3.0/24 192.168.0/24 > > Now anyone on net NET1 can talk to NET2 fine via a default route to > gif0. However anyone on NET1 can't talk to 120.1.1.3 as routing > tries to send via xl0 as it's on the same net and firewall rules > prevent it.The default route for xl0 is gif0 with a link level > route to the ip of sk0. > > Anyone got an idea how to fully route xl1 via gif0? Including the > parent physical address? > Benjamin, I wouldn't use gif0 as the default route, but rather the physical interface. Your system should automatically become aware of the new / 24 networks when you create the gif tunnel. I'm assuming, 120.1.1.2 can ping 120.1.1.3? If so, can either machine ping 192.168.0.1 and 192.168.3.1? If that's the case, simply setting gateway_enable="YES" in /etc/rc.conf should allow all the necessary packets to go to the correct destination. FWIW, if you do want to set the default across the gif tunnel, the other end will have to be able to handle all the internet-bound traffic. HTH ----- Eric F Crist Secure Computing Networks