routing gif0 ipsec

Nicolas de Bari Embriz Garcia Rojas nbari at
Mon Apr 28 15:56:50 UTC 2008

Hi all, I am trying to all trafic from a gif0 interface used for a vpn  
to an public IP on the same server that is like an alias

I have the following schema (FreeBSD 6.3)

gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
        tunnel inet -->
        inet --> netmask 0xffffffff

        inet netmask 0xfffffff8 broadcast
        inet netmask 0xffffffff broadcast

The VPN from point --> works, I can ping/ 
telnet to and get a response.

The jail is running on IP (same IP used for doing the  
VPN/IPSEC) but if I log int to that jail (jexec 1 csh) I can not ping

currently I  am trying this with pf
nat pass on gif0 from to ->
rdr pass on gif0 proto tcp from any to any port 80 ->

pass in log from any to any keep state
pass out log from any to any keep state
but is not working, from the jail ( I can not ping/ 
telnet the VPN

there is a tool call jumpgate with the one I can redirect incoming tcp  
to gif0 and forward trafic to em1 with out problems, but instead I  
would like to use pf

jumpgate -b -l 80 -r 80 -a

with this i can telnet from the other end point to por 80 and i can  
forward the connection to the public IP of the jail through the vpn  

any ideas on how to solve this issue using pf or maybe some routing  


More information about the freebsd-jail mailing list