From owner-freebsd-net@FreeBSD.ORG Wed Jan 25 15:24:17 2006 Return-Path: X-Original-To: freebsd-net@FreeBSD.org Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4969F16A41F for ; Wed, 25 Jan 2006 15:24:17 +0000 (GMT) (envelope-from subscriber@osk.com.ua) Received: from gandalf.osk.com.ua (osk.com.ua [195.5.17.76]) by mx1.FreeBSD.org (Postfix) with ESMTP id C467743D48 for ; Wed, 25 Jan 2006 15:24:15 +0000 (GMT) (envelope-from subscriber@osk.com.ua) Received: from localhost (localhost [127.0.0.1]) by gandalf.osk.com.ua (Postfix) with ESMTP id DADF778C21 for ; Wed, 25 Jan 2006 17:25:49 +0200 (EET) Received: from gandalf.osk.com.ua ([127.0.0.1]) by localhost (gandalf.osk.com.ua [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 45251-15 for ; Wed, 25 Jan 2006 17:25:49 +0200 (EET) Received: from OLEG (unknown [192.168.82.111]) by gandalf.osk.com.ua (Postfix) with ESMTP id 2DC7978C1D for ; Wed, 25 Jan 2006 17:25:49 +0200 (EET) Date: Wed, 25 Jan 2006 17:29:20 +0200 From: Oleg Tarasov X-Mailer: The Bat! (v3.64.01 Christmas Edition) Professional X-Priority: 3 (Normal) Message-ID: <1249572348.20060125172920@osk.com.ua> To: freebsd-net@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at osk.com.ua Cc: Subject: gif interface listener problem? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: FreeBSD MailList List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Jan 2006 15:24:17 -0000 Hello, One of my servers still runs FreeBSD 4.11. It has two internet connections from two different providers. First of them is used for common internet access and the second is dedicated for a tunnel between offices. Lets mark IPs in this way rl0 - main interface rl1 - tunnel interface xxx.xxx.xxx.xxx - IP of main internet interface XXX.XXX.XXX.XXX - IP of gateway for main interface yyy.yyy.yyy.yyy - IP of tunnel interface YYY.YYY.YYY.YYY - IP of gateway for tunnel interface zzz.zzz.zzz.zzz - IP of endpoint for tunnel I have configured policy routing using ipfw in a such way (simplifyed): add fwd YYY.YYY.YYY.YYY all from yyy.yyy.yyy.yyy out xmit rl0 add fwd XXX.XXX.XXX.XXX all from xxx.xxx.xxx.xxx out xmit rl1 add allow ipencap from any to any via rl1 add allow all from any to any via gif0 ... gif tunnel is configured in a such way: gif0: flags=8051 mtu 1280 tunnel inet yyy.yyy.yyy.yyy --> zzz.zzz.zzz.zzz inet 192.168.200.1 --> 192.168.201.1 netmask 0xffffffff The default route is to XXX.XXX.XXX.XXX if a route zzz.zzz.zzz.zzz -> YYY.YYY.YYY.YYY is manually created, everything works fine. But in this case ALL traffic to host zzz.zzz.zzz.zzz is routed through rl1 interface and this is unacceptable as all of rl1 bandwidth is reserved for tunneling important interactive data. If there is no manual route we have (dumping rl1 interface): - all outgoing ipencap traffic goes well - all incoming traffic comes in rl1 but is lost (gif0 interface is empty) It seems that gif interface listens for ipencap on the interface that is on route to destination but not at its source (yyy.yyy.yyy.yyy in my case). How can I force gif to listen on correct interface? Maybe this is corrected in later versions of FreeBSD? Should I upgrade that box? -- Best regards, Oleg Tarasov mailto:subscriber@osk.com.ua