Date: Fri, 14 Jun 2002 13:07:58 -0600 From: "John Nielsen" <hackers@jnielsen.net> To: "Nielsen" <nielsen@memberwebs.com> Cc: <hackers@FreeBSD.ORG> Subject: Re: gif(4) tunnel through MSN DSL modem Message-ID: <08a101c213d6$cc3500f0$0900a8c0@max> References: <015301c2117d$0db539c0$0900a8c0@max> <20020614073101.13DA737B47A@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
----- Original Message -----
From: "Nielsen" <nielsen@memberwebs.com>
To: "John Nielsen" <hackers@jnielsen.net>
Cc: <hackers@FreeBSD.ORG>
Sent: Friday, June 14, 2002 1:31 AM
Subject: Re: gif(4) tunnel through MSN DSL modem
> I have this working fine. On the BSD machine behind NAT the tunnel looks
> like it's between a 192.168.x.x IP and the public IP of the machine across
> the internet. On the remote machine it looks like a normal tunnel between
> the two IPs. NAT takes care of the translation on the tunnel packets.
That's good news! However, I'm not sure I can do the same in this case.
> I've used gif tunnels, vtund, and even IPSEC in this configuration just
> fine. Of course holes have to punched in NAT (bimap, port mapping or
> whatever it's called on your DSL). That's for reliability and so that the
> tunnel can be "initiated" from either end.
Do you mean the NAT that the modem is doing? If so, that's a problem. I'm
using an Arescom NetDSL 800 series modem, which comes "pre-configured per
stringent specifications from MSN." And (as far as I know--and I've looked)
there is no way for me to do any kind of configuration on it at all. If
that weren't the case, I'd just put the thing in bridge mode and have done
with it.
If it were up to me, I'd switch to a sane ISP--but it's not up to me in this
case. If I've misunderstood and you think this will work without being able
to reconfigure the modem at all, then by all means please provide some more
detail. :)
JN
> ----- Original Message -----
> From: "John Nielsen" <hackers@jnielsen.net>
> To: <hackers@freebsd.org>
> Sent: Tuesday, June 11, 2002 13:20
> Subject: gif(4) tunnel through MSN DSL modem
>
>
> > Hi folks,
> >
> > I tried this on -questions without any luck, so I'm hoping for a better
> > response here . :)
> >
> > I remotely administer a FreeBSD 4.5 machine that is connected to the
> > internet through and MSN DSL modem. This modem does NAT (for a single
> > client) rather than bridging the connection. So the FreeBSD machine
> thinks
> > its public address is 192.168.1.2 (when in reality the modem is the only
> > device with a public address). This machine is itself doing NAT, acting
> as
> > a firewall and gateway for a private network.
> >
> > I would like to establish a gif(4) tunnel between this machine and my
> > firewall here in order to link the two private networks into one virtual
> > network. I have done this before with two machines that were directly
> > connected to the internet, but in this case the DSL modem on the far end
> > seems to be fouling things up. The modem seems to be passing everything
> > through, but I haven't gotten gif to work.
> >
> > Any ideas? Here's what I've tried--this is how I'd set it up if the DSL
> > modem weren't in the way.
> >
> > [excerpts from rc.conf on far (DSL) end]
> > # Private interface
> > ifconfig_xl0="inet 192.168.6.1 netmask 255.255.255.0"
> > # "Public" interface -- 192.168.1.2 netmask 255.255.255.252"
> > ifconfig_ed0="DHCP"
> > gif_interfaces="gif0"
> > gifconfig_gif0="DSL.public.ip myend.public.ip"
> > ifconfig_gif0="192.168.6.1 192.168.0.1"
> > static_routes="john"
> > route_john="-net 192.168.0 -interface gif0"
> >
> > [excerpts from rc.conf on this {my) end]
> > # Private interface
> > ifconfig_ep0="inet 192.168.0.1 netmask 255.255.255.0"
> > # Public interface
> > ifconfig_ed0="DHCP"
> > gif_interfaces="gif0"
> > gifconfig_gif0="myend.public.ip DSL.public.ip"
> > ifconfig_gif0="192.168.0.1 192.168.6.1"
> > static_routes="DSL"
> > route_DSL="-net 192.168.6 -interface gif0"
> >
> > I've tried both the modem's (real) public address and 192.168.1.1 (the
> > public interface's address) for DSL.public.ip, but neither seems to
work.
> > Can this be made to work? Can gif be hacked so it will work?
> >
> > I can't justify switching to a more expensive provider just so this
tunnel
> > will work, since it will mostly be a convenience for me and not the
> client.
> > As far as I know, there's no way to modify any settings on the DSL modem
> > itself. I do have full access to both FreeBSD machines. Again, any
> > suggestions or even a detailed description of why this won't work would
be
> > appreciated.
> >
> > Thanks,
> >
> > JN
> >
> >
> >
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-hackers" in the body of the message
> >
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-hackers" in the body of the message
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?08a101c213d6$cc3500f0$0900a8c0>