Re: ipip (gif) tunnels and npf

To: John Klos <john%ziaspace.com@localhost>
Subject: Re: ipip (gif) tunnels and npf
From: Robert Swindells <rjs%fdy2.co.uk@localhost>
Date: Mon, 19 Jun 2017 22:01:30 +0100

John Klos <john%ziaspace.com@localhost> wrote:
>>> SHOULD, yes. Although I didn't put my config in the original message, it's
>>> exactly what you put and what's in the example configuration. From npfctl
>>> show:
>>>
>>> map re0 dynamic any -> 76.169.240.26 pass family inet4 from 10.0.100.0/24
>>
>> Don't you want gif0 (or whatever) to be your external interface instead
>> of re0 ?
>
>Sorry - the context is in the original post. The gif tunnel is on a 
>machine which is behind NAT, and the npf machine doing NAT isn't rewriting 
>ipip.

You are correct, npf doesn't have support for encapsulated protocols
while ipf does. This will mean that gre(4) won't work either.

I guess one question is how far we should go to support this in 2017,
there is this thing called IPv6.

Follow-Ups:
- Re: ipip (gif) tunnels and npf
  - From: Michael van Elst

References:
- Re: ipip (gif) tunnels and npf
  - From: John Klos

Prev by Date: Re: ipip (gif) tunnels and npf
Next by Date: Re: ipip (gif) tunnels and npf
Previous by Thread: Re: ipip (gif) tunnels and npf
Next by Thread: Re: ipip (gif) tunnels and npf
Indexes:

Home | Main Index | Thread Index | Old Index