PF + route-to + gif weird behavior (bug ?)
Damien Fleuriot
ml at my.gd
Mon Jun 27 14:47:25 UTC 2011
On 6/27/11 12:50 PM, Schmurfy wrote:
> Hi,
> I just came across a problem with route-to and gif interfaces.
> First, here is my rc.conf:
>
> # Router
> ifconfig_em0="inet 10.11.12.212/24"
> defaultrouter="10.11.12.253"
> gateway_enable="YES"
>
> static_routes="gif_endpoint"
> route_visp="10.11.20.1/32 10.11.12.213"
>
I'd like to point out you declare a gif_endpoint static route, but it
doesn't exist.
Similarly a route called route_visp exists but is not declared as a
static route.
> pf_enable="YES"
> pf_rules="/etc/pf.conf"
> pflog_enable="YES"
>
> # IPIP tunnels
> gif_interfaces="gif1001"
>
> ifconfig_em0_alias0="inet 10.11.20.2/32"
> ifconfig_em0_alias1="inet 192.168.254.1/32"
> gifconfig_gif1001="10.11.20.2 10.11.20.1"
> ifconfig_gif1001="inet 1.2.3.1 1.2.3.2 netmask 255.255.255.252"
>
>
>
>
>
> What I wanted to do is to redirect incoming connections on the external
> interface (em0) on a specific address to a gif tunnel, my problem is that
> the packet is redirected so that part works but the packet exiting the em0
> interfaces (the gif tunnel is also using em0) has a wrong ipip header: the
> source address is the first address assigned to em0 instead of the alias
> added for the gif tunnel.
This looks like a case where you'd like to NAT then.
Use PF to say you'll be NATing, so that you can force the correct IP ?
More information about the freebsd-pf
mailing list