From owner-freebsd-questions Thu Mar 21 14:12:35 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mail.flarion.com (mail.flarion.com [63.103.94.23]) by hub.freebsd.org (Postfix) with ESMTP id E9AE637B486 for ; Thu, 21 Mar 2002 14:11:54 -0800 (PST) Received: by rrmail01.lab.flarion.com with Internet Mail Service (5.5.2653.19) id ; Thu, 21 Mar 2002 17:11:53 -0500 Message-ID: <8C92E23A3E87FB479988285F9E22BE46023613@ftmail> From: Matt Impett To: "'freebsd-questions@freebsd.org'" Subject: policy routing to tunnels.. Date: Thu, 21 Mar 2002 17:11:43 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hello.. I am working on a mobileIP implementation on freeBSD, and I have a question about how to do something with the freeBSD IP networking stack. This is the jist: Basically, what I want to be able to do is to add a policy route to a freebsd router so that it will take packets with specific source addresses and pass them to a tunnel. Now, I have seen examples of the ipfw command that would handle this, but I don't think they apply to me. This is why: I have created a gif tunnel and have set the physsrc and physdest addresses of the tunnel but I have not actually given the point to point interface its addresses (ie, with the ifconfig command, or something similar). The reason why is that for the majority of the tunnel lifetime, I do not want to transmit any packets on it, but only receive. Therefore, I want no route to the tunnel for any IP addresses. However, at some point during the tunnel lifetime, I may want to redirect packets with particular source addresses into the tunnel. Now, if I had a routing table entry which pointed to the tunnel, something like this: Destination Gateway Netif a.b.c.d gif0 gif0 then I guess I could do something like this with ipfw: ipfw add fwd a.b.c.d ip from to any However, I have no routes in my routing table for this tunnel. The reason why is there is no destination address which I always want to tunnel for. I really only want to tunnel based on source address. (As I side note, would the above work?? I ask because I guess a hack to make this work would be to make up a dummy private IP and put a route in for it using my tunnel as outgoing interface, then I could use the firewalling code to direct packets to that "fake route".. ugh..) My question then is it is possible to route packets with particular source addresses directly to a particular interface?? Or, is there some other way I could accomplish this same thing?? Now, for anyone familiar with mobileIP and wondering what exactly I am trying to do with all this craziness, I am trying to implement mobileIP reverse tunneling (RFC 2344). Also, I have never posted here before, so I don't really know the protocol, but here is some (potentially) useful info: FreeBSD version: 4.4-RC5 thanks for your time, matt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message