From owner-freebsd-questions Thu Mar 21 15:44:28 2002 Delivered-To: freebsd-questions@freebsd.org Received: from cody.jharris.com (cody.jharris.com [205.238.128.83]) by hub.freebsd.org (Postfix) with ESMTP id F1B7E37B400 for ; Thu, 21 Mar 2002 15:44:22 -0800 (PST) Received: from localhost (nick@localhost) by cody.jharris.com (8.11.1/8.9.3) with ESMTP id g2LNlaw50511; Thu, 21 Mar 2002 17:47:36 -0600 (CST) (envelope-from nick@rogness.net) Date: Thu, 21 Mar 2002 17:47:36 -0600 (CST) From: Nick Rogness X-Sender: nick@cody.jharris.com To: Matt Impett Cc: "'freebsd-questions@freebsd.org'" Subject: Re: policy routing to tunnels.. In-Reply-To: <8C92E23A3E87FB479988285F9E22BE46023613@ftmail> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Thu, 21 Mar 2002, Matt Impett wrote: > Hello.. I am working on a mobileIP implementation on freeBSD, and I > have a question about how to do something with the freeBSD IP > networking stack. This is the jist: > > Basically, what I want to be able to do is to add a policy route to a > freebsd router so that it will take packets with specific source > addresses and pass them to a tunnel. Now, I have seen examples of the > ipfw command that would handle this, but I don't think they apply to > me. This is why: > > I have created a gif tunnel and have set the physsrc and physdest > addresses of the tunnel but I have not actually given the point to > point interface its addresses (ie, with the ifconfig command, or > something similar). The reason why is that for the majority of the > tunnel lifetime, I do not want to transmit any packets on it, but only > receive. Therefore, I want no route to the tunnel for any IP > addresses. However, at some point during the tunnel lifetime, I may > want to redirect packets with particular source addresses into the > tunnel. > You could block this in the firewall, yet still have have the ptp link IP defined. > Now, if I had a routing table entry which pointed to the tunnel, something > like this: > Destination Gateway Netif > a.b.c.d gif0 gif0 > > then I guess I could do something like this with ipfw: > ipfw add fwd a.b.c.d ip from to any > > However, I have no routes in my routing table for this tunnel. The reason > why is there is no destination address which I always want to tunnel for. > I really only want to tunnel based on source address. (As I side note, > would the above work?? Yes. > I ask because I guess a hack to make this work > would be to make up a dummy private IP and put a route in for it using my > tunnel as outgoing interface, then I could use the firewalling code to > direct packets to that "fake route".. ugh..) > Yes you could. > My question then is it is possible to route packets with particular > source addresses directly to a particular interface?? Or, is there > some other way I could accomplish this same thing?? Without a next hop it isn't possible (AFAIK). > > Now, for anyone familiar with mobileIP and wondering what exactly I am > trying to do with all this craziness, I am trying to implement > mobileIP reverse tunneling (RFC 2344). > Maybe a netgraph module would be better suited to do this? Nick Rogness - Don't mind me...I'm just sniffing your packets To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message