Re: ipip (gif) tunnels and npf

To: tech-net%netbsd.org@localhost
Subject: Re: ipip (gif) tunnels and npf
From: John Klos <john%ziaspace.com@localhost>
Date: Mon, 19 Jun 2017 17:32:48 +0000 (UTC)

> 01:20:16.772680 IP 10.0.100.97 > 74.118.183.200: IP 192.80.49.79 > 192.80.49.78: ICMP echo request, id 3384, seq 0, length 64 (ipip-proto-4)
> 01:20:17.777222 IP 10.0.100.97 > 74.118.183.200: IP 192.80.49.79 > 192.80.49.78: ICMP echo request, id 3384, seq 1, length 64 (ipip-proto-4)
>> They're clearly not rewritten.
NAT should look at packets on the outgoing interface and these should berewritten, wether they are e.g. IP+TCP or IP+IP packets shouldn'tmatter.

SHOULD, yes. Although I didn't put my config in the original message, it'sexactly what you put and what's in the example configuration. From npfctlshow:


map re0 dynamic any -> 76.169.240.26 pass family inet4 from 10.0.100.0/24

Should I create a PR?

John

Follow-Ups:
- Re: ipip (gif) tunnels and npf
  - From: Robert Swindells
- Re: ipip (gif) tunnels and npf
  - From: Michael van Elst

Prev by Date: Re: ipip (gif) tunnels and npf
Next by Date: Re: ipip (gif) tunnels and npf
Previous by Thread: Re: ipip (gif) tunnels and npf
Next by Thread: Re: ipip (gif) tunnels and npf
Indexes:

Home | Main Index | Thread Index | Old Index