Problems with gif tunnels
Greg 'groggy' Lehey
grog at FreeBSD.org
Tue Jun 7 08:26:18 GMT 2005
I've just installed an ADSL line, and I'm trying to route a class C
network. For some reason the ISP does this kind of routing via a GRE
tunnel, and I'm having the devil's own job getting it to work. Here's
the current situation:
1. ADSL line is up and running. I have a /30 with the following
addresses:
150.101.14.9 gateway address
150.101.14.10 local address
2. To this line, I want to install a tunnel for 192.109.197.0/24.
The ISP tells me to set up a tunnel between the local address
(150.101.14.10) and their tunnel address 203.16.215.227.
According to recent (5.x) documentation, this should be done with:
ifconfig gif0 tunnel 150.101.14.10 203.16.215.227 up
3. Obviously I also need to have IP forwarding enabled.
So I do all this and get:
xl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=9<RXCSUM,VLAN_MTU>
inet 192.109.197.143 netmask 0xffffff00 broadcast 192.109.197.255
inet6 fe80::204:75ff:fefa:a80%xl0 prefixlen 64 scopeid 0x1
ether 00:04:75:fa:0a:80
media: Ethernet autoselect (10baseT/UTP)
status: active
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=8<VLAN_MTU>
inet6 fe80::202:44ff:fe59:7076%rl0 prefixlen 64 scopeid 0x2
inet 150.101.14.10 netmask 0xfffffffc broadcast 150.101.14.11
ether 00:02:44:59:70:76
media: Ethernet autoselect (10baseT/UTP)
status: active
gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1452
tunnel inet 150.101.14.10 --> 203.16.215.227
inet6 fe80::204:75ff:fefa:a80%gif0 prefixlen 64 scopeid 0x5
Destination Gateway Flags Refs Use Netif Expire
default 150.101.14.9 UGS 0 7 rl0
150.101.14.8/30 link#2 UC 0 0 rl0
150.101.14.9 00:90:1a:40:09:98 UHLW 2 2 rl0 903
192.109.197 link#1 UC 0 0 xl0
192.109.197.135 00:10:4b:66:1e:e9 UHLW 0 6757 xl0 1056
192.109.197.137 00:50:da:cf:07:35 UHLW 0 99336 xl0 1188
192.109.197.255 ff:ff:ff:ff:ff:ff UHLWb 0 34521 xl0
203.16.215.227 150.101.14.9 UGHS 1 4 rl0
net.inet.ip.forwarding: 1
I then get somebody from the other end to ping me:
17:49:10.228597 IP 203.16.215.227 > 150.101.14.10: IP 192.83.231.16 > 192.109.197.145: icmp 64: echo request seq 6908
17:49:11.229188 IP 203.16.215.227 > 150.101.14.10: IP 192.83.231.16 > 192.109.197.145: icmp 64: echo request seq 6909
But that's all. Nothing goes out. I've tried this on different
systems, and I know somebody else who is using what looks like an
identical configuration with this ISP, and it works fine. I've tried
different systems, one and two NICs, 4.x and 5.x, all with the same
(non)result. What am I missing?
Greg
--
The virus contained in this message was not detected.
When replying to this message, please copy the original recipients.
If you don't, I may ignore the reply or reply to the original recipients.
For more information, see http://www.lemis.com/questions.html
Finger grog at FreeBSD.org for PGP public key.
See complete headers for address and phone numbers.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20050607/a3f429a6/attachment.bin
More information about the freebsd-questions
mailing list