Ralf Weber writes:
> Moin!
>
> On 24.02.2009, at 07:28, Hao Wu wrote:
> > Anyone knows if we could redirect the packets to IP tunnel interface
> > using ipf. I wrote the below rule,
> >
> > pass out quick on bge0 to ip.tun0 from 192.168.1.16 to any.
> >
> > I hope that all the packets matching this rule could go through the
> > IPsec tunnel and be encapsulated via IP-IP. But it seems that it
> > didn't
> > work!
> IPF is a firewall. To direct the traffic there you need to put a route
> to that interface. You can also redirect traffic with IPFilter, but
> for that you need an redirection rule in ipnat.conf, but this usually
> is for specific services, e.g redirecting port 80 to a web server
> behind a firewall.
IPF is able to redirect traffic without the use of NAT. Note the use
of "to ip.tun0" in the expression above. This is documented on the
ipf(4) man page as:
to Causes the packet to be moved to the outbound
queue on the specified interface. This can be used
to circumvent kernel routing decisions, and, if
applied to an inbound rule, even to bypass the
rest of the kernel processing of the packet. It is
thus possible to construct a firewall that behaves
transparently, like a filtering hub or switch,
rather than a router. The fastroute keyword is a
synonym for this option.
--
James Carlson, Solaris Networking <[email protected]>
Sun Microsystems / 35 Network Drive 71.232W Vox +1 781 442 2084
MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677
_______________________________________________
networking-discuss mailing list
[email protected]
