IPFW How to use gif0 + ipfw_nat?

kohmas1

New Member


Messages: 1

hello.
openvpn + ipfw_nat works with the following simple rule, ipip + ipfw nat does not work.
Can I get help?

both system running at 12.0-ALPHA5.
Code:
##remote
ifconfig gif0 create
ifconfig gif0 10.0.0.1 netmask 255.255.255.252 10.0.0.2 tunnel 27.0.0.4 1.2.3.4
ipfw nat 1 config ip 27.0.0.4
ipfw add 100 nat 1 all from any to any
ipfw add 65534 allow all from any to any
$ ping 10.0.0.2
PING 10.0.0.2 (10.0.0.2): 56 data bytes
64 bytes from 10.0.0.2: icmp_seq=0 ttl=64 time=8.424 ms
64 bytes from 10.0.0.2: icmp_seq=1 ttl=64 time=8.470 ms
64 bytes from 10.0.0.2: icmp_seq=2 ttl=64 time=8.458 ms
$ cat /etc/rc.conf | grep gateway
gateway_enable="YES"
##client
Code:
ifconfig gif0 create
ifconfig gif0 10.0.0.2 netmask 255.255.255.252 10.0.0.1 tunnel 1.2.3.4 27.0.0.4
$ ping 10.0.0.1
PING 10.0.0.1 (10.0.0.1): 56 data bytes
64 bytes from 10.0.0.1: icmp_seq=0 ttl=64 time=8.528 ms
64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=8.454 ms
64 bytes from 10.0.0.1: icmp_seq=2 ttl=64 time=8.417 ms
64 bytes from 10.0.0.1: icmp_seq=3 ttl=64 time=8.424 ms

$  mtr -a 10.0.0.2 1.1.1.1
(blank)

$ wget --bind-address=10.0.0.2 google.com
failed: Operation timed out.
#--
https://ryanclouser.com/2017/10/22/Linux-IPIP-Tunnel/
Code:
iptables -A INPUT -p ipip -s $PUBLIC_IP -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.0.0/30 ! -o ipip+ -j SNAT --to-source $REMOTE_IP
iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o ipip+ -j TCPMSS --clamp-mss-to-pmtu
However, Linux works well with what is in this url.
I would appreciate it if someone could tell me what to do.
 
Top