Date: Wed, 26 Jun 2002 18:39:59 -0700 (PDT) From: Julian Elischer <julian@elischer.org> To: Lars Eggert <larse@ISI.EDU> Cc: Matt Impett <M.Impett@flarion.com>, "'freebsd-net@freebsd.org'" <freebsd-net@freebsd.org>, "'freebsd-questions@freebsd.org'" <freebsd-questions@freebsd.org> Subject: Re: source address based routing Message-ID: <Pine.BSF.4.21.0206261834480.65890-100000@InterJet.elischer.org> In-Reply-To: <3D1A3294.6010205@isi.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 26 Jun 2002, Lars Eggert wrote: > Matt Impett wrote: > > gladly.. I am trying to implement reverse tunneling for mobile-IP. The > > basic idea is that packets must be reverse tunneled to different IP > > addresses depending on the source address of the packet. The reason the > > tunnel does not have an IP address associated with it is that I don't want > > to forward traffic down the tunnel for any other reason besides source > > addresses. As soon as I assign the tunnel interface an address, traffic > > sent to that address will be tunneled. Surely 10.200.x.x is unlikely to be used.. it gives you 64000 possible tunnels. What I am having trouble with is that the tunnel to use depends on the SOURCE? That seems a little unusual.. Obviously I'm missing something in the words "reverse tunnelling". > > Thanks, that was really helpful to get an idea of what your scenario is! > > >> route add DUMMY_NEXT_HOP -interface GIF > >> ipfw add fwd DUMMY_NEXT_HOP all from SOURCE to any > > > > > > I have thought about doing this, but am a little concerned about assigning > > DUMMY_NEXT_HOP. As soon as I issue "route add DUMMY_NEXT_HOP -interface > > GIF", that DUMMY_NEXT_HOP address is now unusable by anyone else. > > Therefore, I guess it would have to be private, but then this would stop > > anyone from actually using this private address in the local domain. ability to forward to an interface would be kind of cool.. > > Well, nobody should be using a private address in any domain that's > connected to the Internet, so you may be safe there. > > If not, then you could do either > > (1) modify ipfw to allow specification of a local interface (as > opposed to a gateway IP adress) in the fwd rule this would be cool but I'm not sure how feasible.. I have not looked at Luigi's new ipfw implementation yet. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0206261834480.65890-100000>