On 27 June 2011 16:47, Damien Fleuriot <m...@my.gd> wrote: > On 6/27/11 12:50 PM, Schmurfy wrote: > > Hi, > > I just came across a problem with route-to and gif interfaces. > > First, here is my rc.conf: > > > > # Router > > ifconfig_em0="inet 10.11.12.212/24" > > defaultrouter="10.11.12.253" > > gateway_enable="YES" > > > > static_routes="gif_endpoint" > > route_visp="10.11.20.1/32 10.11.12.213" > > > > I'd like to point out you declare a gif_endpoint static route, but it > doesn't exist. > Similarly a route called route_visp exists but is not declared as a > static route. >
> > Sorry for that, in fact the real declaration was: static_routes="visp" not sure how I ended up with the wrong line in my first version xD > > > pf_enable="YES" > > pf_rules="/etc/pf.conf" > > pflog_enable="YES" > > > > # IPIP tunnels > > gif_interfaces="gif1001" > > > > ifconfig_em0_alias0="inet 10.11.20.2/32" > > ifconfig_em0_alias1="inet 192.168.254.1/32" > > gifconfig_gif1001="10.11.20.2 10.11.20.1" > > ifconfig_gif1001="inet 1.2.3.1 1.2.3.2 netmask 255.255.255.252" > > > > > > > > > > > > What I wanted to do is to redirect incoming connections on the external > > interface (em0) on a specific address to a gif tunnel, my problem is that > > the packet is redirected so that part works but the packet exiting the > em0 > > interfaces (the gif tunnel is also using em0) has a wrong ipip header: > the > > source address is the first address assigned to em0 instead of the alias > > added for the gif tunnel. > > This looks like a case where you'd like to NAT then. > > Use PF to say you'll be NATing, so that you can force the correct IP ? > > I am not sure I understand what you mean here, could you show me how you would do this ? You would NAT with the IPIP tunnel local address ? I did not said it in my first message but I tried the same ruleset on OpenBSD 4.9 (with the syntax changes) and everything works as expected there, the packets redirected into the gif tunnel (with route-to) exists on the physical network with the correct IPIP header. > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org" > _______________________________________________ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
