On 6/27/11 8:51 PM, Schmurfy wrote: > On 27 June 2011 16:47, Damien Fleuriot <m...@my.gd <mailto:m...@my.gd>> wrote: > > On 6/27/11 12:50 PM, Schmurfy wrote: > > > > What I wanted to do is to redirect incoming connections on the > external > > interface (em0) on a specific address to a gif tunnel, my problem > is that > > the packet is redirected so that part works but the packet exiting > the em0 > > interfaces (the gif tunnel is also using em0) has a wrong ipip > header: the > > source address is the first address assigned to em0 instead of the > alias > > added for the gif tunnel. > > This looks like a case where you'd like to NAT then. > > Use PF to say you'll be NATing, so that you can force the correct IP ? > > > I am not sure I understand what you mean here, could you show me how you > would do this ? > You would NAT with the IPIP tunnel local address ? >
The goal here is to force NATing the packets going through em0 to your tunnel. clientip -> em0 -> yourfirewall's_ip -> gif This way, you can force the firewall to present packets to the gif interface with a specific source IP from em0 _______________________________________________ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
