Date: Tue, 28 Jun 2011 17:52:00 +0200 From: Damien Fleuriot <ml@my.gd> To: Schmurfy <schmurfy@gmail.com> Cc: freebsd-pf@freebsd.org Subject: Re: PF + route-to + gif weird behavior (bug ?) Message-ID: <4E09F8A0.9070203@my.gd> In-Reply-To: <BANLkTiks7Yp7AtA-y_Svbye5ULHxHq5WTA@mail.gmail.com> References: <BANLkTi=shfdbhXBjdELc_mwBX1z6ZxHuYw@mail.gmail.com> <4E0897F9.30204@my.gd> <BANLkTiks7Yp7AtA-y_Svbye5ULHxHq5WTA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 6/27/11 8:51 PM, Schmurfy wrote: > On 27 June 2011 16:47, Damien Fleuriot <ml@my.gd <mailto:ml@my.gd>> wrote: > > On 6/27/11 12:50 PM, Schmurfy wrote: > > > > What I wanted to do is to redirect incoming connections on the > external > > interface (em0) on a specific address to a gif tunnel, my problem > is that > > the packet is redirected so that part works but the packet exiting > the em0 > > interfaces (the gif tunnel is also using em0) has a wrong ipip > header: the > > source address is the first address assigned to em0 instead of the > alias > > added for the gif tunnel. > > This looks like a case where you'd like to NAT then. > > Use PF to say you'll be NATing, so that you can force the correct IP ? > > > I am not sure I understand what you mean here, could you show me how you > would do this ? > You would NAT with the IPIP tunnel local address ? > The goal here is to force NATing the packets going through em0 to your tunnel. clientip -> em0 -> yourfirewall's_ip -> gif This way, you can force the firewall to present packets to the gif interface with a specific source IP from em0
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4E09F8A0.9070203>