Date: Sun, 28 Mar 1999 09:30:21 -0500 From: "Jim Flowers" <jflowers@ezo.net> To: <freebsd-hackers@FreeBSD.ORG>, "Terry Glanfield" <terry@ppsl.demon.co.uk> Subject: Re: Tunnel loopback Message-ID: <00c401be7927$838e5060$23b197ce@ezo.net> References: <9903091652.AA04146@ppsl.demon.co.uk> <36E57226.15FB7483@whistle.com> <elnh5gfkt.fsf@ppsl.demon.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
Terry I'm still trying to figure out what you are doing and how you are doing it. It looks as if you have a fbsd box with an nic interface with SKIP attached to it. All outbound packets are routed (static/dynamic) first to the tun0 interface which is in turn diverted by an ipfw rule to natd where source address substitution is (possibly) performed before returning to ipfw and thence to SKIP where, if an ACL entry is matched, the packet is encrypted/authenticated/encapsulated and sent out the nic interface to a (perhaps) modified destination. Returning packets are deSKIPped and, due to the destination address now being the tun0 interface are processed by the same ipfw divert rule to restore the destination address to that of the connection originator. My interpretation sounds weak and incomplete. I am hoping that you will shed some light on the process or even provide a more complete example. Thanks. ----- Original Message ----- From: Terry Glanfield <terry@ppsl.demon.co.uk> To: Julian Elischer <julian@whistle.com>; <freebsd-hackers@FreeBSD.ORG> Sent: Wednesday, March 10, 1999 5:11 PM Subject: Re: Tunnel loopback > > Terry Glanfield wrote: > > > I've been trying to use a FreeBSD (3.0-RELEASE and 3.1-RELEASE) tunnel > > > device (/dev/tunN) to push packets back onto the IP stack[1] with some > > > success. > > > > You might find that using ipfw and divert sockets is a much more natural > > fit to this problem. > > Indeed it was. I now have outbound packets pushed into tun0 then > diverted out and inbound SKIP packets diverted and shoved into tun0. > Works a treat - cheers Julian. > > Regards, > Terry. > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00c401be7927$838e5060$23b197ce>