Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 20 Aug 2007 04:46:07 -0500
From:      Eric Crist <mnslinky@gmail.com>
To:        Benjamin Close <Benjamin.Close@clearchain.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: IPv4 over IPV4 on the same network segment
Message-ID:  <7ABCB14C-5C6A-4091-B90F-59F16E5F7FAC@gmail.com>
In-Reply-To: <46C9423A.70101@clearchain.com>
References:  <46C9423A.70101@clearchain.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Aug 20, 2007, at 2:26 AMAug 20, 2007, Benjamin Close wrote:

>
> Hi Folks,
>   I've got to route a network over an ipv4 tunnel between to  
> machines which have their parent link on the same network segment.
> Everything works well except for people trying to access the  
> external address of one of the link machines: ie:
>
>
>  Physical   120.1.1.2 (xl0)---------------------------> 120.1.1.3  
> (sk0)
>       Tunnel
>       192.168.3.1(gif0) --------------> 192.168.0.1 (gif0)
>           |                                                    |
>        NET1 (xl1)                                  NET 2 (sk1)
>     192.168.3.0/24                         192.168.0/24
>
> Now anyone on net NET1 can talk to NET2 fine via a default route to  
> gif0. However anyone on NET1 can't talk to 120.1.1.3 as routing  
> tries to send via xl0 as it's on the same net and firewall rules  
> prevent it.The default route for xl0 is gif0 with a link level  
> route to the ip of sk0.
>
> Anyone got an idea how to fully route xl1 via gif0? Including the  
> parent physical address?
>

Benjamin,

I wouldn't use gif0 as the default route, but rather the physical  
interface.  Your system should automatically become aware of the new / 
24 networks when you create the gif tunnel.

I'm assuming, 120.1.1.2 can ping 120.1.1.3?  If so, can either  
machine ping 192.168.0.1 and 192.168.3.1?  If that's the case, simply  
setting gateway_enable="YES" in /etc/rc.conf should allow all the  
necessary packets to go to the correct destination.  FWIW, if you do  
want to set the default across the gif tunnel, the other end will  
have to be able to handle all the internet-bound traffic.

HTH
-----
Eric F Crist
Secure Computing Networks

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7ABCB14C-5C6A-4091-B90F-59F16E5F7FAC>