Date: Wed, 26 Jun 2002 14:31:00 -0700 From: Lars Eggert <larse@ISI.EDU> To: Matt Impett <M.Impett@flarion.com> Cc: "'freebsd-net@freebsd.org'" <freebsd-net@freebsd.org>, "'freebsd-questions@freebsd.org'" <freebsd-questions@freebsd.org> Subject: Re: source address based routing Message-ID: <3D1A3294.6010205@isi.edu> References: <8C92E23A3E87FB479988285F9E22BE46FDE778@ftmail.lab.flarion.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
Matt Impett wrote:
> gladly.. I am trying to implement reverse tunneling for mobile-IP. The
> basic idea is that packets must be reverse tunneled to different IP
> addresses depending on the source address of the packet. The reason the
> tunnel does not have an IP address associated with it is that I don't want
> to forward traffic down the tunnel for any other reason besides source
> addresses. As soon as I assign the tunnel interface an address, traffic
> sent to that address will be tunneled.
Thanks, that was really helpful to get an idea of what your scenario is!
>> route add DUMMY_NEXT_HOP -interface GIF
>> ipfw add fwd DUMMY_NEXT_HOP all from SOURCE to any
>
>
> I have thought about doing this, but am a little concerned about assigning
> DUMMY_NEXT_HOP. As soon as I issue "route add DUMMY_NEXT_HOP -interface
> GIF", that DUMMY_NEXT_HOP address is now unusable by anyone else.
> Therefore, I guess it would have to be private, but then this would stop
> anyone from actually using this private address in the local domain.
Well, nobody should be using a private address in any domain that's
connected to the Internet, so you may be safe there.
If not, then you could do either
(1) modify ipfw to allow specification of a local interface (as
opposed to a gatway IP adress) in the fwd rule
or
(2) buy a large enough IP block so you can use your own
addresses for DUMMY_NEXT_HOP
> Plus,
> I don't know how many DUMMY_NEXT_HOPs to allocate, as I would need one for
> each tunnel I have set up, and the number of tunnels I set up is dependent
> on the number of mobile's that come into the system (which is somewhat of an
> unknown).
This makes (2) look infeasible, but (1) may still be an option.
Lars
--
Lars Eggert <larse@isi.edu> USC Information Sciences Institute
[-- Attachment #2 --]
0 *H
01
0 +�0 *H
��00
G0
*H
�01
0 UZA10U
Western Cape10U Cape Town10
U
Thawte1
0U
Certificate Services1(0&U Personal Freemail RSA 2000.8.300
010824164000Z
020824164000Z0T10
UEggert1
0
U*Lars10U
Lars Eggert1
0 *H
larse@isi.edu00
*H
��0�
|\Pw v~~
FDooӦA\- Cˀ4.)&{肋
,z
(ܷر߈T7_'txGH^tt/ҹB8%t<#ֲN�V0T0*+e!0 �00L2uMyffBNUbNJJcdZ2s0U
0
larse@isi.edu0
U
0�0
*H
��aJPMՒ�]cѭC+kS+wZ1gY",YT41
j
6:~℩
D~Kؚl=u(ՎM?cF7@}T00
G0
*H
�01
0 UZA10U
Western Cape10U Cape Town10
U
Thawte1
0U
Certificate Services1(0&U Personal Freemail RSA 2000.8.300
010824164000Z
020824164000Z0T10
UEggert1
0
U*Lars10U
Lars Eggert1
0 *H
larse@isi.edu00
*H
��0�
|\Pw v~~
FDooӦA\- Cˀ4.)&{肋
,z
(ܷر߈T7_'txGH^tt/ҹB8%t<#ֲN�V0T0*+e!0 �00L2uMyffBNUbNJJcdZ2s0U
0
larse@isi.edu0
U
0�0
*H
��aJPMՒ�]cѭC+kS+wZ1gY",YT41
j
6:~℩
D~Kؚl=u(ՎM?cF7@}T080fErtcvE.0
*H
�01
0 UZA10U
Western Cape10U Cape Town10U
Thawte Consulting1(0&U
Certification Services Division1$0"UThawte Personal Freemail CA1+0) *H
personal-freemail@thawte.com0
000830000000Z
040827235959Z01
0 UZA10U
Western Cape10U Cape Town10
U
Thawte1
0U
Certificate Services1(0&U Personal Freemail RSA 2000.8.3000
*H
��0�32c %E>nx'gڈD)c5*mp<ܮto034qmOe
KaU5u'rװ
|CBPQ<9TIf�- ki�N0L0)U
"0
0
10UPrivateLabel1-2970U
0�0
U
0
*H
��1KG]qSl]y=&b""I'{9$
*8PUl
LGl
X1B li+@]jy.%݊
Z<D&iHΥbb10001
0 UZA10U
Western Cape10U Cape Town10
U
Thawte1
0U
Certificate Services1(0&U Personal Freemail RSA 2000.8.30G0 +�a0 *H
1
*H
0
*H
1
020626213100Z0# *H
1u$
[v0R *H
1E0C0
*H
0*H
�0
*H
@0+0
*H
(0
*H
101
0 UZA10U
Western Cape10U Cape Town10
U
Thawte1
0U
Certificate Services1(0&U Personal Freemail RSA 2000.8.30G0
*H
�%sSyA7R{EzߐX#ze/)GiuWtF2CŁafyr_&wIA
.'uk6A0=ᑘR͵ίIv-
J,09������
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3D1A3294.6010205>