firewall redirection to tap interface

B

bbzz

I'm running a virtual network connected to a tap0 interface (169.254.0.0/24). A virtual router running on dynamips is connected to 169.254.0.2.

I am able to connect to it from the host server itself, even with different local IP addresses. What I can't do is redirect outside connected with pf to the tap0 interface.

tcpdump shows redirection to 169.254.0.2:22 ssh on the virtual router, but tcpdump running on tap0 doesn't show anything.

What am I missing?
 
Avoid using the 169.254.0.0/16 netblock for anything like this, it is reserved for IPv4 link local addresses and addresses from that block may not work outside the intended application. Use a /24 address block out of 10.0.0.0/8, something like 10.x.y.0/24 where x and y are random numbers of your choise.
 
Thanks,

I'm pretty sure that's not the issue here, I've chosen that range purposely. The problem arises with pf redirection to the virtual interface, and it works with other firewalls.
 
I too personally don't like when somebody answers me with a question, so sorry for that :)

But is there a specific reason why you use tap device for that? Why don't you create a custom loopback interface on host and connect all devices through that ? If needed you can NAT on loN, or you can attach dynamips to a physical egress interface on host.
 
You must log in or register to reply here.
Back
Top