/sbin/natd -interface rl0 -s ipfw add 999 divert natd all from any to any via rl0 ipfw add pipe 1 ip from any to any in recv vr0 ipfw add pipe 2 ip from any to any out xmit vr0 ipfw pipe 1 config mask src-ip 0xffffffff bw 512kbits/s ipfw pipe 2 config mask dst-ip 0xffffffff bw 512kbits/s
And on this box I have some GRE tunnels:
ifconfig gre8 create ifconfig gre8 tunnel x.x.x.x y.y.y.y ifconfig gre8 inet 172.20.1.13 172.20.1.14 netmask 255.255.255.252 ifconfig gre8 up route add -net 10.0.100.0 -netmask 255.255.255.0 172.20.1.14
The tunnels terminate on a Cisco 1720 or a box running FreeBSD 4.8 or 4.9. (Same config as above reversed). The Cisco or the BSD box are running NAT on their side.
If I ping a box behind the remote side from my desktop which is behind the router1 box I drop 3 out of 5 packets. Now for the strange part - If I get a ping going to that same node from the router1 box and then ping from my desktop I drop no packets. If I kill the ping on the router1 box the pings from the desktop start dropping packets. This also works if I ping the external interface on the remote router.
BTW, I have just changed the router1 box from Gentoo Linux using the IPROTUE package for the tunnels to FreeBSD 4.9. It worked just fine with the router1 running Linux. I would hate to have to change back as I hate Linux and think IPTABLES was written as a replacement for pulling finger nails out with pliers.
Thanks! _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"