44net-request(a)hamradio.ucsd.edu wrote: I don't agree with you. There is a problem with routing inside UCSD in that case, but there are other reasons why that should not be done. When you run an IPIP gateway on a source-address-filtered system (and in my opinion, ALL user connections should be soirce-address-filtered!! ISP's that don't to that just suck!) you need to route back traffic from net-44 to internet via the gateway. The only viable way of setting up policy routing rules to do that falls apart when tunnel endpoints are inside 44.0.0.0/8. So that should just be prohibited. (As Marius also explained, it is even worse when tunnel endpoints exist within subnets that are also advertised as being gatewayed) Rob