Date: Thu, 21 Mar 2002 17:47:36 -0600 (CST) From: Nick Rogness <nick@rogness.net> To: Matt Impett <M.Impett@flarion.com> Cc: "'freebsd-questions@freebsd.org'" <freebsd-questions@FreeBSD.ORG> Subject: Re: policy routing to tunnels.. Message-ID: <Pine.BSF.4.21.0203211736240.47206-100000@cody.jharris.com> In-Reply-To: <8C92E23A3E87FB479988285F9E22BE46023613@ftmail>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 21 Mar 2002, Matt Impett wrote: > Hello.. I am working on a mobileIP implementation on freeBSD, and I > have a question about how to do something with the freeBSD IP > networking stack. This is the jist: > > Basically, what I want to be able to do is to add a policy route to a > freebsd router so that it will take packets with specific source > addresses and pass them to a tunnel. Now, I have seen examples of the > ipfw command that would handle this, but I don't think they apply to > me. This is why: > > I have created a gif tunnel and have set the physsrc and physdest > addresses of the tunnel but I have not actually given the point to > point interface its addresses (ie, with the ifconfig command, or > something similar). The reason why is that for the majority of the > tunnel lifetime, I do not want to transmit any packets on it, but only > receive. Therefore, I want no route to the tunnel for any IP > addresses. However, at some point during the tunnel lifetime, I may > want to redirect packets with particular source addresses into the > tunnel. > You could block this in the firewall, yet still have have the ptp link IP defined. > Now, if I had a routing table entry which pointed to the tunnel, something > like this: > Destination Gateway Netif > a.b.c.d gif0 gif0 > > then I guess I could do something like this with ipfw: > ipfw add fwd a.b.c.d ip from <my src addr that I want tunnelled> to any > > However, I have no routes in my routing table for this tunnel. The reason > why is there is no destination address which I always want to tunnel for. > I really only want to tunnel based on source address. (As I side note, > would the above work?? Yes. > I ask because I guess a hack to make this work > would be to make up a dummy private IP and put a route in for it using my > tunnel as outgoing interface, then I could use the firewalling code to > direct packets to that "fake route".. ugh..) > Yes you could. > My question then is it is possible to route packets with particular > source addresses directly to a particular interface?? Or, is there > some other way I could accomplish this same thing?? Without a next hop it isn't possible (AFAIK). > > Now, for anyone familiar with mobileIP and wondering what exactly I am > trying to do with all this craziness, I am trying to implement > mobileIP reverse tunneling (RFC 2344). > Maybe a netgraph module would be better suited to do this? Nick Rogness <nick@rogness.net> - Don't mind me...I'm just sniffing your packets To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0203211736240.47206-100000>