On Thu, Oct 23, 2003 at 03:36:22PM +0200, Mark Bojara wrote: > rdr on ! tun1 inet from 192.168.0.2 to any -> 192.168.0.1
rdr and route-to do two different things in your setup, it's not clear yet what you really want: a) route-to will not modify the IP layer, it will just cause the packets to get sent to the MAC address of 192.168.0.1 on ethernet layer. Run tcpdump with -e on tun1 and check the destination MAC address of outgoing packets. Without the route-to rule, everything should go to the default route's MAC address. With the route-to rule, packets from 192.168.0.0/30 should go to 192.168.0.1's MAC address. The IP destination addresses should be the same, as route-to doesn't change them. And the packet will end up at the same IP endpoint, as the destination IP address wasn't modified. b) rdr (on the interface where the packets come in, tun0) can replace the IP destination address of packets. This redirects the packets to another endpoint (not just through other routes). Of course, a different destination IP address might cause the intermediate routers to chose different paths, so a redirection will affect routing in that sense. For example, redirecting a HTTP query (port 80) with rdr to a router not running a web server would be wrong. If you just want to route through that router (reaching the original web server), use route-to. So, do you want a) or b) or something else? Daniel
