[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freebsd-pf
Subject:    Re: PF + route-to + gif weird behavior (bug ?)
From:       Damien Fleuriot <ml () my ! gd>
Date:       2011-06-28 15:52:00
Message-ID: 4E09F8A0.9070203 () my ! gd
[Download RAW message or body]

On 6/27/11 8:51 PM, Schmurfy wrote:
> On 27 June 2011 16:47, Damien Fleuriot <ml@my.gd <mailto:ml@my.gd>> wrote:
> 
>     On 6/27/11 12:50 PM, Schmurfy wrote:
>     >
>     > What I wanted to do is to redirect incoming connections on the
>     external
>     > interface (em0) on a specific address to a gif tunnel, my problem
>     is that
>     > the packet is redirected so that part works but the packet exiting
>     the em0
>     > interfaces (the gif tunnel is also using em0) has a wrong ipip
>     header: the
>     > source address is the first address assigned to em0 instead of the
>     alias
>     > added for the gif tunnel.
> 
>     This looks like a case where you'd like to NAT then.
> 
>     Use PF to say you'll be NATing, so that you can force the correct IP ?
> 
> 
> I am not sure I understand what you mean here, could you show me how you
> would do this ?
> You would NAT with the IPIP tunnel local address ?
> 

The goal here is to force NATing the packets going through em0 to your
tunnel.

clientip -> em0 -> yourfirewall's_ip -> gif

This way, you can force the firewall to present packets to the gif
interface with a specific source IP from em0

[prev in list] [next in list] [prev in thread] [next in thread]