Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 28 Aug 2001 21:48:15 +1000
From:      Robert Moss <rmoss@bigpond.net.au>
To:        "Gelu G. Lupas" <gelu@kolozsvar.ro>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: ipnat and gif tunnels
Message-ID:  <5.0.2.1.0.20010828214440.024f9740@localhost>
In-Reply-To: <200108280827.LAA23133@zerg.codec.ro>
next in thread | previous in thread | raw e-mail | index | archive | help 
Hi,
    Im not all that farmilliar with the GIF / FAITH interfaces (ipv6 
stuff), but i would guess that IPFilter treats them like any other 
interface when it comes to ipaddresses and things.

I have had similar problems with ppp / tun devices changing ipaddresses, 
and running 'ipf -y' would update the internal tables with the new IP 
addresses.  Try that.

Also, when using the MAP statement you can use the shortcut 0.0.0.0/32 or 
0/0 which will be replaced by the IP address of the interface you are 
using.  Example

map rl1 192.168.0.0/16 -> 0.0.0.0/32 proxy port ftp ftp/tcp
map rl1 192.168.0.0/16 -> 0.0.0.0/32 portmap tcp/udp 2000:65500
map rl1 192.168.0.0/16 -> 0.0.0.0/32
rdr rl1 0/0 port 5000 -> 192.168.1.10 port 5000 tcp/udp

Cheers
rob.

At 11:27 AM 28/08/2001 +0300, Gelu G. Lupas wrote:
>I'm using ipnat and have added NAT rules on a gif device. However, NAT does
>not seem to work on that device unless I ipnat -C and the ipnat -f
>/etc/ipnat.rules again. This happened after the gif device mangle in 
>STABLE,
>worked fine in 4.3-RELEASE. My guess is that the gif device is created 
>*after*
>the ipnat rules are set on it (ipnat starts from rc.network and gif tunnels
>from rc.network6). Is there any way to fix this decently? (like no ugly rc.d
>script to ipnat -C and then ipnat -f /etc/ipnat.rules again).
>
>Also if I want to tunnel IPv4 in IPv4 and use rc.conf to do that, I have to
>compile my kernel with IPv6 support and enable_ipv6="YES" in rc.conf. I think
>this is total bullshit, why would I want to bloat my kernel with IPv6 if I 
>just
>want to use IPv4 in IPv4 tunneling? Is there any chance this will get fixed in
>the future? 4.4-RELEASE?
>
>
>______________________________________________________________________
>Do you want a free e-mail for life ? Get it at http://www.kolozsvar.ro/
>
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-questions" in the body of the message



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.0.2.1.0.20010828214440.024f9740>