Date: Mon, 27 Jun 2011 16:47:21 +0200 From: Damien Fleuriot <ml@my.gd> To: freebsd-pf@freebsd.org Subject: Re: PF + route-to + gif weird behavior (bug ?) Message-ID: <4E0897F9.30204@my.gd> In-Reply-To: <BANLkTi=shfdbhXBjdELc_mwBX1z6ZxHuYw@mail.gmail.com>
index | next in thread | previous in thread | raw e-mail
On 6/27/11 12:50 PM, Schmurfy wrote: > Hi, > I just came across a problem with route-to and gif interfaces. > First, here is my rc.conf: > > # Router > ifconfig_em0="inet 10.11.12.212/24" > defaultrouter="10.11.12.253" > gateway_enable="YES" > > static_routes="gif_endpoint" > route_visp="10.11.20.1/32 10.11.12.213" > I'd like to point out you declare a gif_endpoint static route, but it doesn't exist. Similarly a route called route_visp exists but is not declared as a static route. > pf_enable="YES" > pf_rules="/etc/pf.conf" > pflog_enable="YES" > > # IPIP tunnels > gif_interfaces="gif1001" > > ifconfig_em0_alias0="inet 10.11.20.2/32" > ifconfig_em0_alias1="inet 192.168.254.1/32" > gifconfig_gif1001="10.11.20.2 10.11.20.1" > ifconfig_gif1001="inet 1.2.3.1 1.2.3.2 netmask 255.255.255.252" > > > > > > What I wanted to do is to redirect incoming connections on the external > interface (em0) on a specific address to a gif tunnel, my problem is that > the packet is redirected so that part works but the packet exiting the em0 > interfaces (the gif tunnel is also using em0) has a wrong ipip header: the > source address is the first address assigned to em0 instead of the alias > added for the gif tunnel. This looks like a case where you'd like to NAT then. Use PF to say you'll be NATing, so that you can force the correct IP ?help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4E0897F9.30204>