PF + route-to + gif weird behavior (bug ?)

[Damien Fleuriot]

On 6/27/11 8:51 PM, Schmurfy wrote:
> On 27 June 2011 16:47, Damien Fleuriot <ml at my.gd <mailto:ml at my.gd>> wrote:
> 
>     On 6/27/11 12:50 PM, Schmurfy wrote:
>     >
>     > What I wanted to do is to redirect incoming connections on the
>     external
>     > interface (em0) on a specific address to a gif tunnel, my problem
>     is that
>     > the packet is redirected so that part works but the packet exiting
>     the em0
>     > interfaces (the gif tunnel is also using em0) has a wrong ipip
>     header: the
>     > source address is the first address assigned to em0 instead of the
>     alias
>     > added for the gif tunnel.
> 
>     This looks like a case where you'd like to NAT then.
> 
>     Use PF to say you'll be NATing, so that you can force the correct IP ?
> 
> 
> I am not sure I understand what you mean here, could you show me how you
> would do this ?
> You would NAT with the IPIP tunnel local address ?
> 

The goal here is to force NATing the packets going through em0 to your
tunnel.

clientip -> em0 -> yourfirewall's_ip -> gif

This way, you can force the firewall to present packets to the gif
interface with a specific source IP from em0