From owner-freebsd-net@FreeBSD.ORG  Wed Mar 10 05:50:59 2004
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id CD84216A4CE
	for <freebsd-net@freebsd.org>; Wed, 10 Mar 2004 05:50:59 -0800 (PST)
Received: from fro.boniholding.com (fro.boniholding.com [62.176.87.138])
	by mx1.FreeBSD.org (Postfix) with SMTP id B671543D41
	for <freebsd-net@freebsd.org>; Wed, 10 Mar 2004 05:50:56 -0800 (PST)
	(envelope-from root@fro.boniholding.com)
Received: (qmail 16487 invoked by uid 0); 10 Mar 2004 13:52:45 -0000
Received: from localhost (sendmail-bs@127.0.0.1)
  by localhost with SMTP; 10 Mar 2004 13:52:45 -0000
Date: Wed, 10 Mar 2004 15:52:45 +0200 (EET)
From: Charlie ROOT <root@fro.boniholding.com>
To: freebsd-net@freebsd.org
Message-ID: <Pine.BSO.4.53.0403101242250.29144@fro.boniholding.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Subject: Re: One IP used on more than one interface (gif0 and lo0)
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Mar 2004 13:50:59 -0000



I was asking because of this:

"To make firewalling and managing traffic f lowing thru the ip tunnel
 a little easier I used virtual interfaces; I added aliases to the
 loopback interface(lo0) on both gateways to use as inside endpoints
 for the tunnel. That way I have a chance to control the traffic at the
 gateway before passing it on out the internal interface to it's local
 network. Useful for NAT situations, trouble-shooting and easier to setup
 firewall rules because it is easier to picture/diagram the network flow."

                "IPsec VPN using FreeBSD"
                 Greg Panula, 2001
                 GSEC Practical version 1.2e
                 / www.sans.org/rr/papers/21/795.pdf /


 "
  ...

  First setup the aliases
  On bert I added 5.5.5.1 as the alias

  ifconfig lo0 alias 5.5.5.1 netmask 255.255.255.252

  ...

  Next actually setup the tunnel
  On bert I did this:

  gifconfig gif0 2.2.2.2 3.3.3.3

  ifconfig gif0 inet 5.5.5.1 5.5.5.2 netmask 255.255.255.252 "


  Can somebody picture/diagram me the network flow..
  The incoming packets - what exactly happens with them?
  From which interface they came from - gif0? And if they
  did - what is the alias on lo0 for?


 Best regards,
 Fro