From owner-freebsd-questions Wed Jun 26 18:48:50 2002 Delivered-To: freebsd-questions@freebsd.org Received: from sccrmhc01.attbi.com (sccrmhc01.attbi.com [204.127.202.61]) by hub.freebsd.org (Postfix) with ESMTP id 3AF4137E4C1; Wed, 26 Jun 2002 18:40:15 -0700 (PDT) Received: from InterJet.elischer.org ([12.232.206.8]) by sccrmhc01.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020627014014.KVP29588.sccrmhc01.attbi.com@InterJet.elischer.org>; Thu, 27 Jun 2002 01:40:14 +0000 Received: from localhost (localhost.elischer.org [127.0.0.1]) by InterJet.elischer.org (8.9.1a/8.9.1) with ESMTP id SAA66124; Wed, 26 Jun 2002 18:40:00 -0700 (PDT) Date: Wed, 26 Jun 2002 18:39:59 -0700 (PDT) From: Julian Elischer To: Lars Eggert Cc: Matt Impett , "'freebsd-net@freebsd.org'" , "'freebsd-questions@freebsd.org'" Subject: Re: source address based routing In-Reply-To: <3D1A3294.6010205@isi.edu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wed, 26 Jun 2002, Lars Eggert wrote: > Matt Impett wrote: > > gladly.. I am trying to implement reverse tunneling for mobile-IP. The > > basic idea is that packets must be reverse tunneled to different IP > > addresses depending on the source address of the packet. The reason the > > tunnel does not have an IP address associated with it is that I don't want > > to forward traffic down the tunnel for any other reason besides source > > addresses. As soon as I assign the tunnel interface an address, traffic > > sent to that address will be tunneled. Surely 10.200.x.x is unlikely to be used.. it gives you 64000 possible tunnels. What I am having trouble with is that the tunnel to use depends on the SOURCE? That seems a little unusual.. Obviously I'm missing something in the words "reverse tunnelling". > > Thanks, that was really helpful to get an idea of what your scenario is! > > >> route add DUMMY_NEXT_HOP -interface GIF > >> ipfw add fwd DUMMY_NEXT_HOP all from SOURCE to any > > > > > > I have thought about doing this, but am a little concerned about assigning > > DUMMY_NEXT_HOP. As soon as I issue "route add DUMMY_NEXT_HOP -interface > > GIF", that DUMMY_NEXT_HOP address is now unusable by anyone else. > > Therefore, I guess it would have to be private, but then this would stop > > anyone from actually using this private address in the local domain. ability to forward to an interface would be kind of cool.. > > Well, nobody should be using a private address in any domain that's > connected to the Internet, so you may be safe there. > > If not, then you could do either > > (1) modify ipfw to allow specification of a local interface (as > opposed to a gateway IP adress) in the fwd rule this would be cool but I'm not sure how feasible.. I have not looked at Luigi's new ipfw implementation yet. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message