On Sun, 9 Jan 2005 00:23:55 +0000, Lewis Thompson <[EMAIL PROTECTED]> wrote: > Hi, > > I am wondering what sequence a packet goes through when it is passing > through a gif tunnel. I have the following interface and gif tunnel > (with the equivalent being on the same subnet at the other side): > > fxp0: a.a.a.a/24 > gif0: a.a.a.a -> a.a.a.b (192.168.0.1/32 -> 192.168.0.2/32) > > My question is really what order does the packet go pass through my > firewall (pf) in? i.e., is it: > > in on fxp0 from a.a.a.b to a.a.a.a > (unencapsulated) > in on gif0 from 192.168.0.2 to 192.168.0.1 > > or does it just magically ``appear'' on gif0 straight away? Now I write > it out I am assuiming that it passes through pf twice (first on fxp0 and > secondly on gif0); if this is in fact the case, what sensible rule might > I add to allow this encapsulated traffic from a.a.a.b? > > Currently I have pf configured as follows: > > pass all > > pass quick proto icmp > > block in on fxp0 > pass out on fxp0 keep state > pass in on fxp0 proto tcp from any to fxp0 port 22 keep state > > The reason I ask this question is that for my tunnel endpoints to ping > each other, a.a.a.a must be doing so (a.a.a.b has no firewall). > > Thank you, > > -Lewis Thompson.
For some debugging strategies in a similar case with IPSEC see http://www.bsdforums.org/forums/showthread.php?s=&threadid=18601 _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"