routing gif0 ipsec

Jille jille at
Mon Apr 28 18:26:31 UTC 2008

Hello Nicolas,

Would you mind stopping to send your (same) email to all mailinglists, 
twice or more ?
I've seen your problem in 7 mails already,
I don't know a solution, but as you can see most people don't know it.
It doesn't help resending it each time.

I'm sorry for acting like a list-operator, but I think I speak for more 
people on the lists.

-- Jille

Nicolas de Bari Embriz Garcia Rojas schreef:
> Hi all, I am trying to all trafic from a gif0 interface used for a vpn 
> to an public IP on the same server that is like an alias
> I have the following schema (FreeBSD 6.3)
> gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
>      tunnel inet -->
>      inet --> netmask 0xffffffff
>      inet netmask 0xfffffff8 broadcast
>      inet netmask 0xffffffff broadcast
> The VPN from point --> works, I can ping/telnet 
> to and get a response.
> The jail is running on IP (same IP used for doing the 
> VPN/IPSEC) but if I log int to that jail (jexec 1 csh) I can not ping 
> currently I  am trying this with pf
> -- 
> nat pass on gif0 from to ->
> rdr pass on gif0 proto tcp from any to any port 80 ->
> pass in log from any to any keep state
> pass out log from any to any keep state
> -- 
> but is not working, from the jail ( I can not ping/telnet 
> the VPN
> there is a tool call jumpgate with the one I can redirect incoming tcp 
> to gif0 and forward trafic to em1 with out problems, but instead I would 
> like to use pf
> jumpgate -b -l 80 -r 80 -a
> with this i can telnet from the other end point to por 80 and i can 
> forward the connection to the public IP of the jail through the vpn tunnel.
> any ideas on how to solve this issue using pf or maybe some routing rules.
> regards.
> _______________________________________________
> freebsd-pf at mailing list
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe at"

More information about the freebsd-jail mailing list