packet processing order
Andrikó Tamás
at at sominfo.hu
Sun Dec 10 00:47:05 PST 2006
Hi list,
I wanted to set up a IPSec VPN Tunnel on one of my FreeBSD box.
I'm using pf for accomplish firewall.
To implement almost the whole task of VPN wasn't a big deal, but I get some
trouble adjusting pf.conf.
I think I don't understand exactly how the network packet are processed,
especially the order of processing of packets.
Somehow the tunneled packets don't even get into the gif interface from my
local lan.
My guess is the following:
the packet enter one of the interfaces => apply the incoming pf rules on the
appropriate interface (last match win)
nat-ing, redirect-ing the packets => apply rdr and nat rules (first
match win)
routing the packet (ip.forward=1) => if the packet destination cannot
be routed drop or dest unreachable
putting out the packet (based on routing decision) => apply the outgoing
rules on the appropriate interface(last match win)
Please correct me if I wrong, and if you could point me to a good tutorial
that would be best. (other than http://www.openbsd.org/faq/pf/)
Thanks for your help
Tom
More information about the freebsd-questions
mailing list