ipfw fwd to gif interface
Dmitry Pryanishnikov
dmitry at atlantis.dp.ua
Thu Dec 11 07:03:05 PST 2003
Hello!
> From: Andrey Lakhno <land at dnepr.net>
>
> I'v tried to forward all traffic incoming on the interface (tun0) to another
> one (gif0). And got following kernel message:
> gif_output: recursively called too many times(2)
>
> My configuration:
>
> # ifconfig gif0
> gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
> tunnel inet x.x.x.x --> y.y.y.y
> inet 10.249.1.5 --> 10.249.1.6 netmask 0xfffffffc
>
> x.x.x.x is on fxp0, y.y.y.y is on cisco router
>
> Traffic is forwarded by the following rule:
> # ipfw add fwd 10.249.1.6 ip from any to any out recv tun0
>
> Packets matched by this rule, but nothing was going out gif0.
Of course, you've created forwarding loop. After getting encapsulated,
packets travel through ipfw again, and they obviously have the same receive
interface (tun0), so your rule forwarding them back to gif0. You should pass
encapsulated traffic before forwarding non-encapsulated one:
ipfw add 1010 pass ipencap from x.x.x.x to y.y.y.y
ipfw add 1020 fwd 10.249.1.6 ip from any to any out recv tun0
You may want to replace "pass" with "skipto 1030" if you want to shape or
count ipencap traffic after these rules.
Sincerely, Dmitry
--
Atlantis ISP, System Administrator
e-mail: dmitry at atlantis.dp.ua
nic-hdl: LYNX-RIPE
More information about the freebsd-stable
mailing list