Date: Thu, 21 Mar 2002 17:11:43 -0500 From: Matt Impett <M.Impett@flarion.com> To: "'freebsd-questions@freebsd.org'" <freebsd-questions@freebsd.org> Subject: policy routing to tunnels.. Message-ID: <8C92E23A3E87FB479988285F9E22BE46023613@ftmail>
next in thread | raw e-mail | index | archive | help
Hello.. I am working on a mobileIP implementation on freeBSD, and I have a question about how to do something with the freeBSD IP networking stack. This is the jist: Basically, what I want to be able to do is to add a policy route to a freebsd router so that it will take packets with specific source addresses and pass them to a tunnel. Now, I have seen examples of the ipfw command that would handle this, but I don't think they apply to me. This is why: I have created a gif tunnel and have set the physsrc and physdest addresses of the tunnel but I have not actually given the point to point interface its addresses (ie, with the ifconfig command, or something similar). The reason why is that for the majority of the tunnel lifetime, I do not want to transmit any packets on it, but only receive. Therefore, I want no route to the tunnel for any IP addresses. However, at some point during the tunnel lifetime, I may want to redirect packets with particular source addresses into the tunnel. Now, if I had a routing table entry which pointed to the tunnel, something like this: Destination Gateway Netif a.b.c.d gif0 gif0 then I guess I could do something like this with ipfw: ipfw add fwd a.b.c.d ip from <my src addr that I want tunnelled> to any However, I have no routes in my routing table for this tunnel. The reason why is there is no destination address which I always want to tunnel for. I really only want to tunnel based on source address. (As I side note, would the above work?? I ask because I guess a hack to make this work would be to make up a dummy private IP and put a route in for it using my tunnel as outgoing interface, then I could use the firewalling code to direct packets to that "fake route".. ugh..) My question then is it is possible to route packets with particular source addresses directly to a particular interface?? Or, is there some other way I could accomplish this same thing?? Now, for anyone familiar with mobileIP and wondering what exactly I am trying to do with all this craziness, I am trying to implement mobileIP reverse tunneling (RFC 2344). Also, I have never posted here before, so I don't really know the protocol, but here is some (potentially) useful info: FreeBSD version: 4.4-RC5 thanks for your time, matt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8C92E23A3E87FB479988285F9E22BE46023613>