Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 13 Aug 2002 12:51:31 -0700 (PDT)
From:      Julian Elischer <julian@elischer.org>
To:        Les Biffle <les@safety.net>
Cc:        hackers@freebsd.org
Subject:   Re: IP routing question
Message-ID:  <Pine.BSF.4.21.0208131245330.17577-100000@InterJet.elischer.org>
In-Reply-To: <200208131434.g7DEY1205125@ns3.safety.net>
next in thread | previous in thread | raw e-mail | index | archive | help 


On Tue, 13 Aug 2002, Les Biffle wrote:

> Hi,
> 
> I want to do the following:
> 
> 1.  Create "n" IPSEC VPN tunnels
> 2.  Create "n" VLAN pseudo interfaces
> 3.  Route IP Packets based on their arrival iface/tunnel out through
>     a corresponding tunnel/iface.
> 
> For example, I want to route all packets received through VPN tunnel "2"
> out through VLAN "2," and all packets received on VLAN "2" out through
> VPN "2," without regard to source or destination IP Addresses.

incoming packets should be selectabl in ipfw by using the 
clause 
"in recv gif0" 

or 

"in recv vlan0"


then you should be able to redirec thtem using the 'fwd' command



assuming gif0 has a remote end (of the tunnel) at 1.1.1.1
and a packet arrived on vlan0, and the machine you want to
forward to on vlan0 is 2.2.2.2

the following ipfw commands should work (not tested)..

fwd 1.1.1.1 ip from any to any in recv vlan0

the reverse packets should be redirected by:

fwd 2.2.2.2 ip from any to any in recv gif0


As I say, this has not been tested..
let uis know what happens so that others can do this if it works....



 
> 
> I don't want to examine the IP Addresses of any of the routed packets,
> but only want to make the routing decision based on arrival interface.
> 
> Does anyone have any ideas or suggestions?  Please?
> 
> -Les
> 
> -- 
> Les Biffle            
> (480) 585-4099    les@safety.net  http://www.les.safety.net/
> Network Safety Corp., 5831 E. Dynamite Blvd.,  Cave Creek, AZ 85331
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-hackers" in the body of the message
> 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0208131245330.17577-100000>