I'm playing with a couple of boxes and doing gif tunneling...

+-----+
A     B --- C

For arguments sake, assume the following:

A:
   ex0 10.1.2.3
   lo0 172.16.3.1

B:
   ex0 10.1.2.4
   lo0 172.16.16.1
   ex1 172.16.17.1

C:
   ex1 172.16.17.200

I set up a gif tunnel between A and B.

A:
   gif0
     tunnel inet 10.1.2.3 -> 10.1.2.4
     inet 172.16.254.2 -> 172.16.254.3 netmask 0xfffffffe

B:
   gif0
     tunnel inet 10.1.2.4 -> 10.1.2.3
     inet 172.16.254.3 -> 172.16.254.2 netmask 0xfffffffe

And the routing tables:

A:
   172.16.16/22 172.16.254.2 gif0

B:
   172.16.3/22 172.16.254.3 gif0
   172.16.16/22 link ex1

C:
   default: 172.16.17.1

          10.1.2/24
    +-------------------+
    3                   4
    A                   B
   gif0: 172.16.254.2  gif0: 172.16.254.3
   lo0: 172.16.3.1     lo0: 172.16.16.1
                       ex0: 172.16.17.1
                        |
                        | 172.16.17/24
                        |
                       200
                        C

 From A, I can ping B on any address on B.  Traceroute on A:gif0 or 
B:gif0 reveals a source of 172.16.254.2

 From B, I can ping A on any address on A.  Traceroute on A:gif0 or 
B:gif0 reveals a source of 172.16.254.3

 From A, I can ping C (172.16.17.200).  Traceroute on A:gif0 or B:gif0 
reveals a source of 172.16.254.2.

 From C, I can ping A on 172.16.254.2.

 From C, I CANNOT ping A on any other address.  Nor can I ping any nodes 
on subnets of A.  The packets are received on A:gif0, but then vanish.

The gif logic appears to be discarding all packets that do not have 
either a source or destination address that matches one (or both) of 
the tunnel internal addresses.

IPSec and IPFilter are disabled.  tunneling and forwarding are enabled 
in sysctl.

Any ideas?

--
Andrew White
Andrew.E.White@motorola.com
+61 2 9666 0702