From owner-freebsd-hackers Sun Mar 28 6:30:50 1999 Delivered-To: freebsd-hackers@freebsd.org Received: from lily.ezo.net (lily.ezo.net [206.102.130.13]) by hub.freebsd.org (Postfix) with ESMTP id AE61E1500B for ; Sun, 28 Mar 1999 06:30:42 -0800 (PST) (envelope-from jflowers@ezo.net) Received: from crocus (c3-1d196.neo.rr.com [24.93.233.196]) by lily.ezo.net (8.8.7/8.8.7) with SMTP id JAA13599; Sun, 28 Mar 1999 09:30:22 -0500 (EST) Message-ID: <00c401be7927$838e5060$23b197ce@ezo.net> From: "Jim Flowers" To: , "Terry Glanfield" References: <9903091652.AA04146@ppsl.demon.co.uk> <36E57226.15FB7483@whistle.com> Subject: Re: Tunnel loopback Date: Sun, 28 Mar 1999 09:30:21 -0500 Organization: EZNets, Inc. MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2014.211 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2014.211 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Terry I'm still trying to figure out what you are doing and how you are doing it. It looks as if you have a fbsd box with an nic interface with SKIP attached to it. All outbound packets are routed (static/dynamic) first to the tun0 interface which is in turn diverted by an ipfw rule to natd where source address substitution is (possibly) performed before returning to ipfw and thence to SKIP where, if an ACL entry is matched, the packet is encrypted/authenticated/encapsulated and sent out the nic interface to a (perhaps) modified destination. Returning packets are deSKIPped and, due to the destination address now being the tun0 interface are processed by the same ipfw divert rule to restore the destination address to that of the connection originator. My interpretation sounds weak and incomplete. I am hoping that you will shed some light on the process or even provide a more complete example. Thanks. ----- Original Message ----- From: Terry Glanfield To: Julian Elischer ; Sent: Wednesday, March 10, 1999 5:11 PM Subject: Re: Tunnel loopback > > Terry Glanfield wrote: > > > I've been trying to use a FreeBSD (3.0-RELEASE and 3.1-RELEASE) tunnel > > > device (/dev/tunN) to push packets back onto the IP stack[1] with some > > > success. > > > > You might find that using ipfw and divert sockets is a much more natural > > fit to this problem. > > Indeed it was. I now have outbound packets pushed into tun0 then > diverted out and inbound SKIP packets diverted and shoved into tun0. > Works a treat - cheers Julian. > > Regards, > Terry. > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message