Date: Thu, 11 Dec 2003 17:02:55 +0200 (EET) From: Dmitry Pryanishnikov <dmitry@atlantis.dp.ua> To: stable@freebsd.org Subject: Re: ipfw fwd to gif interface Message-ID: <20031211165422.D90261@atlantis.atlantis.dp.ua>
next in thread | raw e-mail | index | archive | help
Hello! > From: Andrey Lakhno <land@dnepr.net> > > I'v tried to forward all traffic incoming on the interface (tun0) to another > one (gif0). And got following kernel message: > gif_output: recursively called too many times(2) > > My configuration: > > # ifconfig gif0 > gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500 > tunnel inet x.x.x.x --> y.y.y.y > inet 10.249.1.5 --> 10.249.1.6 netmask 0xfffffffc > > x.x.x.x is on fxp0, y.y.y.y is on cisco router > > Traffic is forwarded by the following rule: > # ipfw add fwd 10.249.1.6 ip from any to any out recv tun0 > > Packets matched by this rule, but nothing was going out gif0. Of course, you've created forwarding loop. After getting encapsulated, packets travel through ipfw again, and they obviously have the same receive interface (tun0), so your rule forwarding them back to gif0. You should pass encapsulated traffic before forwarding non-encapsulated one: ipfw add 1010 pass ipencap from x.x.x.x to y.y.y.y ipfw add 1020 fwd 10.249.1.6 ip from any to any out recv tun0 You may want to replace "pass" with "skipto 1030" if you want to shape or count ipencap traffic after these rules. Sincerely, Dmitry -- Atlantis ISP, System Administrator e-mail: dmitry@atlantis.dp.ua nic-hdl: LYNX-RIPE
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031211165422.D90261>