Date: Sun, 10 Mar 2002 14:40:45 -0500 From: Matt Impett <M.Impett@flarion.com> To: "'freebsd-net@freebsd.org'" <freebsd-net@freebsd.org> Subject: FW: policy routing to tunnels.. Message-ID: <8C92E23A3E87FB479988285F9E22BE460235FB@ftmail>
next in thread | raw e-mail | index | archive | help
> Hello.. I am working on a mobileIP implementation on freeBSD, and I have a > question about how to do something with the freeBSD IP networking stack. > This is the jist: > > Basically, what I want to be able to do is to add a policy route to a > freebsd router so that it will take packets with specific source addresses > and pass them to a tunnel. Now, I have seen examples of the ipfw command > that would handle this, but I don't think they apply to me. This is why: > > I have created a gif tunnel and have set the physsrc and physdest > addresses of the tunnel but I have not actually given the point to point > interface its addresses (ie, with the ifconfig command, or something > similar). The reason why is that for the majority of the tunnel lifetime, > I do not want to transmit any packets on it, but only receive. Therefore, > I want no route to the tunnel for any IP addresses. However, at some > point during the tunnel lifetime, I may want to redirect packets with > particular source addresses into the tunnel. > > Now, if I had a routing table entry which pointed to the tunnel, something > like this: > Destination Gateway Netif > a.b.c.d gif0 gif0 > > then I guess I could do something like this with ipfw: > ipfw add fwd a.b.c.d ip from <my src addr that I want tunnelled> to any > > However, I have no routes in my routing table for this tunnel. The reason > why is there is no destination address which I always want to tunnel for. > I really only want to tunnel based on source address. (As I side note, > would the above work?? I ask because I guess a hack to make this work > would be to make up a dummy private IP and put a route in for it using my > tunnel as outgoing interface, then I could use the firewalling code to > direct packets to that "fake route".. ugh..) > > My question then is it is possible to route packets with particular source > addresses directly to a particular interface?? Or, is there some other way > I could accomplish this same thing?? > > Now, for anyone familiar with mobileIP and wondering what exactly I am > trying to do with all this craziness, I am trying to implement mobileIP > reverse tunneling (RFC 2344). > > Also, I have never posted here before, so I don't really know the > protocol, but here is some (potentially) useful info: > FreeBSD version: 4.4-RC5 > > thanks for your time, > matt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8C92E23A3E87FB479988285F9E22BE460235FB>