On Wed, 26 Jun 2002, Lars Eggert wrote:
> Matt Impett wrote:
> > gladly.. I am trying to implement reverse tunneling for mobile-IP. The
> > basic idea is that packets must be reverse tunneled to different IP
> > addresses depending on the source address of the packet. The reason the
> > tunnel does not have an IP address associated with it is that I don't want
> > to forward traffic down the tunnel for any other reason besides source
> > addresses. As soon as I assign the tunnel interface an address, traffic
> > sent to that address will be tunneled.
Surely 10.200.x.x is unlikely to be used.. it gives you 64000 possible
tunnels. What I am having trouble with is that the tunnel to use depends
on the SOURCE? That seems a little unusual.. Obviously I'm missing
something in the words "reverse tunnelling".
>
> Thanks, that was really helpful to get an idea of what your scenario is!
>
> >> route add DUMMY_NEXT_HOP -interface GIF
> >> ipfw add fwd DUMMY_NEXT_HOP all from SOURCE to any
> >
> >
> > I have thought about doing this, but am a little concerned about assigning
> > DUMMY_NEXT_HOP. As soon as I issue "route add DUMMY_NEXT_HOP -interface
> > GIF", that DUMMY_NEXT_HOP address is now unusable by anyone else.
> > Therefore, I guess it would have to be private, but then this would stop
> > anyone from actually using this private address in the local domain.
ability to forward to an interface would be kind of cool..
>
> Well, nobody should be using a private address in any domain that's
> connected to the Internet, so you may be safe there.
>
> If not, then you could do either
>
> (1) modify ipfw to allow specification of a local interface (as
> opposed to a gateway IP adress) in the fwd rule
this would be cool but I'm not sure how feasible.. I have not looked at
Luigi's new ipfw implementation yet.
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
