I have tried it but I don't get a response either.
I see the outbound traffic in the interface but nothing comes back.
I also tried this script with the same results:
#!/bin/bash
#####
# Variables
#
my_ampr_network="44.153.0.0/16" # This is your CIDR AMPRNet Network segment
my_ampr_tunnel_ip="44.153.160.32/32" # This is your Tunnel IP Address
ampr_ripd_password="thePassword" # Enter the RIPD AMPRNet password
external_interface="bridge0" # External interface address
internal_interface="bridge0:44" # Internal interface address
echo "#### VARIABLES ####"
echo "my_ampr_network= $my_ampr_network"
echo "my_ampr_tunnel_ip=$my_ampr_tunnel_ip"
echo "ampr_ripd_password=$ampr_ripd_password"
echo "external_interface=$external_interface"
echo "internal_interface=$internal_interface"
###################################################################
echo "## PART I -- Enable IPIP Tunnel, Forwarding and Routing ##"
###################################################################
echo "# Internal interface"
ifconfig $internal_interface $my_ampr_network up
wireshark -i $internal_interface &
echo "# Enable IP Forwarding"
sysctl -w net.ipv4.ip_forward=1
echo "# Enable IPIP tunnel and interface"
modprobe ipip
ip addr add $my_ampr_tunnel_ip dev tunl0
echo "# Set some tunnel interface options"
# * Give the tunnel its own TTL of 64 hops enabling traceroute over the tunnel
# * Bring up the interface
# * Set the tunnel MTU
ip tunnel change ttl 64 mode ipip tunl0
ip link set dev tunl0 up
ifconfig tunl0 mtu 1480
echo "# Set AMPRNet routing table rules"
# * Any packets from any AMPRNet space use routing table 44
# * Any packets from my AMPRNet space use routing table 44
ip rule add to 44.0.0.0/9 table 44 priority 44
ip rule add to 44.128.0.0/10 table 44 priority 44
ip rule add from $my_ampr_network table 44 priority 45
echo "# Set AMPRNet routes"
# * Default route out of AMPRNet is 169.228.34.84 (The Central AMPR Gateway)
# * Set local route for AMPRNet on local AMPRNet interface
ip route add default dev tunl0 via 169.228.34.84 onlink table 44
ip route add $my_ampr_network dev $internal_interface table 44
echo "# Rest of the routes are added dynamically by the AMPR-RIPD routing Daemon."
echo "----------- START ampr-ripd -----------"
/usr/sbin/ampr-ripd -s -r -t 44 -i tunl0 -a $my_ampr_network -p $ampr_ripd_password -d &
###############################################################
echo "## PART II -- Enable Firewall and configure ruleset ##"
###############################################################
echo "# Start Fresh - Flush all rules"
iptables -F
iptables -X
echo "# Setting default filter policy"
iptables -P INPUT DROP # By default drop all incoming connections
iptables -P FORWARD DROP # by default drop all forwarding connections
iptables -P OUTPUT ACCEPT # By default allow outgoing connections
echo "# This prevents nested ipencap (if its coming from the tunnel, dont allow protocol 4)"
iptables -t raw -I PREROUTING -p 4 -i tunl0 -j DROP
####################################################################
echo "## Rules for traffic leaving this gateway node, AKA OUTPUT chain. ##"
## That is, any traffic leaving from any local IP ##
####################################################################
echo "# Drops destination unreachable replies to various probe responses"
iptables -A OUTPUT -p icmp --icmp-type destination-unreachable -j DROP
echo "# Allow rest outgoing traffic from this gw"
iptables -A OUTPUT -j ACCEPT
###################################################################
echo "## Rules for traffic leaving this gateway node, AKA INPUT chain. ##"
## That is, any traffic destined to any local IP ##
###################################################################
echo "# Allow tunnel traffic (ip proto 4) on external interface"
iptables -p 4 -A INPUT -i $external_interface -j ACCEPT
echo "# Allow unlimited traffic on loopback and local eth 44 Net adapters"
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i $internal_interface -j ACCEPT
echo "# Allow established sessions to receive traffic back"
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
echo "# Allow incoming ssh/icmp/ampr-ripd"
iptables -A INPUT -p tcp --sport 1024:65535 --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p icmp -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p udp --dport 520 -j ACCEPT
echo "# drop the rest"
iptables -A INPUT -j DROP
#####################################################################
echo "## Forwarding for traffic passing though this gateway ##"
## That is, any traffic going to or from the local AmprNet segment ##
#####################################################################
echo "# This prevents a general loop - If the traffic comes in the tunnel, dont send it back out the same way"
iptables -I FORWARD -i tunl0 -o tunl0 -j DROP
echo "# Drop any traffic leaving via the tunnel that is not from the local AmprNet"
iptables -I FORWARD ! -s $my_ampr_network -o tunl0 -j DROP
echo "# Allow established sessions to receive traffic"
iptables -A FORWARD -m conntrack -d $my_ampr_network --ctstate ESTABLISHED,RELATED -j ACCEPT
echo "# Allow ssh/icmp connections to my AmprNet"
iptables -A FORWARD -p tcp --sport 1024:65535 -d $my_ampr_network --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A FORWARD -p icmp -d $my_ampr_network -m state --state NEW,ESTABLISHED -j ACCEPT
echo "#Drop unwanted traffic from leaking out-or coming in (smb discovery, etc)"
iptables -A FORWARD -p udp --dport 10001 -j DROP
iptables -A FORWARD -p udp --dport 137:139 -j DROP
iptables -A FORWARD -p udp --dport 5678 -j DROP
echo "# Drops destination unreachable replies to various probe responses"
iptables -A FORWARD -p icmp --icmp-type destination-unreachable -j DROP
echo "# Finally, allow outgoing connections from the local AmprNet"
iptables -A FORWARD -s $my_ampr_network -j ACCEPT
echo "# Anything else, drop it"
iptables -A FORWARD -j DROP
_______________________________________________
44net mailing list -- 44net@mailman.ampr.org
To unsubscribe send an email to 44net-leave@mailman.ampr.org