[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pf and gif interfaces

To: misc@openbsd.org
Subject: Re: pf and gif interfaces
From: Graeme Lee <graemel@omniconnect.com.au>
Date: Mon, 23 Feb 2004 15:25:04 +1100
References: <40397255.30204@omniconnect.com.au>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6a) Gecko/20031029

To answer my own question... it seems to be

proto ipencap and for a bridged lan it's etherip

Is there any way to predetermine or work out what encapsulation it's 
going to use?

Also, shouldn't the gif(4) man page mention that you need

net.inet.etherip.allow=1 in sysctl.conf?


Graeme Lee wrote:

> Trying to use a basic gif tunnel across a network with the following 
> config
>
> source --> obsd1 (gif) -->  network --> obsd2 (gif) --> destination
>
> Now if I have on obsd2
>
> block in on $ext_if all
> pass in on $ext_if inet proto etherip from $obsd1_ext_if to $ext_if 
> keep state
>
> it doesn't work.  I need the 2nd rule to be
>
> pass in on $ext_if from $obsd1_ext_if to $ext_if keep state
>
>
> I'm not using ipv6.  It's just a boring ipv4 tunnel across a private 
> network to hide some routing.  What do I need to do to allow the 
> incomming data?
>
> I've allowed proto encap too, but that also doesn't work  (tcpdump 
> lists the protocol as encap)
>
> What am I doing wrong?

[demime 0.98d removed an attachment of type application/x-pkcs7-signature which had a name of smime.p7s]

References:
- pf and gif interfaces
  - From: Graeme Lee <graemel@omniconnect.com.au>

Prev by Date: Re: PHP and fopen remote URL problems
Next by Date: Re: Installing Programs
Prev by thread: pf and gif interfaces
Next by thread: Installing Programs
Index(es):
- Date
- Thread