No Michael, it doesn't. It does exactly what Arno was asking. Returning answers to requests from the internet via tunnel back to the tunnel.
It will do the following: - regular traffic to the internet will go via the default interface as defined in the 'main' table - traffic from the ampr address to 44.0.0.0/8 will go via tunnel using routes instated there by the ampr-ripd. - traffic from your ampr address to anything else (meaning the internet) will go to the default route in the 'default' table, in this case the ampr-gw tunnel endpoint.
It works well on my server. Try to ping/traceroute yo2tm.ampr.org from a public IP and see for yourself. If you like I can activate external acces so you can check (I don't admit anything else except icmp and the moment).
Marius, YO2LOJ.
-----Original Message----- From: 44net-bounces+marius=yo2loj.ro@hamradio.ucsd.edu [mailto:44net-bounces+marius=yo2loj.ro@hamradio.ucsd.edu] On Behalf Of Michael E Fox - N6MEF Sent: Friday, December 26, 2014 20:56 To: 'AMPRNet working group' Subject: Re: [44net] How to make traffic coming in on the tunnel interface get answered from that interface?
(Please trim inclusions from previous messages) _______________________________________________ Mario,
That simply sends 44.x out the tunnel and everything else out the regular interface.
What I believe Arno was asking (and what I was interested in doing) was a different question. Suppose the following: -- Some user out on the public Internet with address 11.22.33.44 -- My system's 44-net address: 44.44.44.44 -- My system's NAT'd external address: 101.102.103.104
Now, suppose the public user connects to 44.44.44.44. His packet comes in via the UCSD gateway and over the AMPRnet link to that gateway to my amprnet interface, 44.44.44.44. The reply should go back out the 44.44.44.44 interface, via the AMPRnet, through the UCSD gateway, and back to the user.
But if the user connects to 101.102.103.104, the reply should go out my regular LAN interface to my local NAT/FW where it's public IP address is re-applied, and it goes direct to the user. So the routing cannot be based on the user's address, but on the interface on which we received the packets. Otherwise, the source address we respond with may be different from the address the user connected to.
Arno - please correct me if I mistook your question. But the above is still something I'd like to be able to do.
Michael N6MEF
-----Original Message----- From: 44net-bounces+n6mef=mefox.org@hamradio.ucsd.edu [mailto:44net- bounces+n6mef=mefox.org@hamradio.ucsd.edu] On Behalf Of Marius Petrescu Sent: Friday, December 26, 2014 10:39 AM To: 'AMPRNet working group' Subject: Re: [44net] How to make traffic coming in on the tunnel interface get answered from that interface?
(Please trim inclusions from previous messages) _______________________________________________ Hello Arno,
You need to do some source routing using ip rules... First, you need 2 ip tables for routing different traffic, and the easiest way is to use existent ones, in this case tables 'main' and 'default'. The main table is used by the normal routing (and make sure ampr-ripd is using that table, else you need to adapt). The default table will be used to route traffic from the internet via tunnel and back.
Let's assume your tunnel interface is called ampr0 and your ampr IP is 44.1.1.1 First you need to bring up the tunnel:
ip tun add ampr0 mode ipip ttl 64 local <your_public_interface_ip>
Then add the following route and rules:
ip route add default via 169.228.66.251 dev ampr0 onlink table default
ip rule add from 44.1.1.1 table default
ip rule add from 44.1.1.1 to 44.0.0.0/8 table main
Next bring up ampr-ripd:
ampr-ripd -s -i ampr0 -p ThePassword
This should do it...
Have fun, Marius, YO2LOJ
-----Original Message----- From: 44net-bounces+marius=yo2loj.ro@hamradio.ucsd.edu [mailto:44net-bounces+marius=yo2loj.ro@hamradio.ucsd.edu] On Behalf Of Arno Verhoeven Sent: Friday, December 26, 2014 18:58 To: 44net@hamradio.ucsd.edu Subject: [44net] How to make traffic coming in on the tunnel interface get answered from that interface?
(Please trim inclusions from previous messages) _______________________________________________ Hi,
I am looking for help setting up a conditional routing table.
I have my tunnel up and running. I can reach other 44-net host. amrp-ripd is used to fill the routing table.
So far so good, but I would like one of the web-sites (apache httpd vhost) to be reachable from both 44-net and non-44-net. If i check with tcpdump I see traffic coming in when I try to access the web-site (pi8zaa.ampr.org) via the Internet (I used my phone connected to t-mobile network). But it doesn't work because my server routes the replies to my ISP's Gw where they get source filtered.
Basically I want/need traffic that comes in via the tunnel to get answered from the tunnel interface.
I Googled for a solution. Found lots of variant of this http://tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.rpdb.multiple-links.html but if I understand what is described there correctly, then that is not exactly what I need. Maybe I don't understand iproute2 and its routing table concept correctly. They way I understand it, those examples assume destination routing based on provider subnet, while in my case the destination is on the Internet, and in normal cases should be routed via my ISP except if it came in via the tunnel.
Thanks for any help you can offer.
73 PE1ICQ // Arno _________________________________________ 44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
_________________________________________ 44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net