[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: pf and gif interfaces
To answer my own question... it seems to be
proto ipencap and for a bridged lan it's etherip
Is there any way to predetermine or work out what encapsulation it's
going to use?
Also, shouldn't the gif(4) man page mention that you need
net.inet.etherip.allow=1 in sysctl.conf?
Graeme Lee wrote:
> Trying to use a basic gif tunnel across a network with the following
> source --> obsd1 (gif) --> network --> obsd2 (gif) --> destination
> Now if I have on obsd2
> block in on $ext_if all
> pass in on $ext_if inet proto etherip from $obsd1_ext_if to $ext_if
> keep state
> it doesn't work. I need the 2nd rule to be
> pass in on $ext_if from $obsd1_ext_if to $ext_if keep state
> I'm not using ipv6. It's just a boring ipv4 tunnel across a private
> network to hide some routing. What do I need to do to allow the
> incomming data?
> I've allowed proto encap too, but that also doesn't work (tcpdump
> lists the protocol as encap)
> What am I doing wrong?
[demime 0.98d removed an attachment of type application/x-pkcs7-signature which had a name of smime.p7s]