From owner-freebsd-hackers Tue Aug 13 13: 0:29 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8E2C837B400 for ; Tue, 13 Aug 2002 13:00:25 -0700 (PDT) Received: from sccrmhc02.attbi.com (sccrmhc02.attbi.com [204.127.202.62]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0958243E70 for ; Tue, 13 Aug 2002 13:00:25 -0700 (PDT) (envelope-from julian@elischer.org) Received: from InterJet.elischer.org ([12.232.206.8]) by sccrmhc02.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020813200024.LRFI13899.sccrmhc02.attbi.com@InterJet.elischer.org>; Tue, 13 Aug 2002 20:00:24 +0000 Received: from localhost (localhost.elischer.org [127.0.0.1]) by InterJet.elischer.org (8.9.1a/8.9.1) with ESMTP id MAA17963; Tue, 13 Aug 2002 12:51:32 -0700 (PDT) Date: Tue, 13 Aug 2002 12:51:31 -0700 (PDT) From: Julian Elischer To: Les Biffle Cc: hackers@freebsd.org Subject: Re: IP routing question In-Reply-To: <200208131434.g7DEY1205125@ns3.safety.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue, 13 Aug 2002, Les Biffle wrote: > Hi, > > I want to do the following: > > 1. Create "n" IPSEC VPN tunnels > 2. Create "n" VLAN pseudo interfaces > 3. Route IP Packets based on their arrival iface/tunnel out through > a corresponding tunnel/iface. > > For example, I want to route all packets received through VPN tunnel "2" > out through VLAN "2," and all packets received on VLAN "2" out through > VPN "2," without regard to source or destination IP Addresses. incoming packets should be selectabl in ipfw by using the clause "in recv gif0" or "in recv vlan0" then you should be able to redirec thtem using the 'fwd' command assuming gif0 has a remote end (of the tunnel) at 1.1.1.1 and a packet arrived on vlan0, and the machine you want to forward to on vlan0 is 2.2.2.2 the following ipfw commands should work (not tested).. fwd 1.1.1.1 ip from any to any in recv vlan0 the reverse packets should be redirected by: fwd 2.2.2.2 ip from any to any in recv gif0 As I say, this has not been tested.. let uis know what happens so that others can do this if it works.... > > I don't want to examine the IP Addresses of any of the routed packets, > but only want to make the routing decision based on arrival interface. > > Does anyone have any ideas or suggestions? Please? > > -Les > > -- > Les Biffle > (480) 585-4099 les@safety.net http://www.les.safety.net/ > Network Safety Corp., 5831 E. Dynamite Blvd., Cave Creek, AZ 85331 > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-hackers" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message