You don’t have any IP addresses assigned so you need to get that fixed first.

Once you have a suitable block you need to add them to your gateway on the portal.

Then you can put your own, assigned block, into the script rather than just picking any block.

73,
Chris - G1FEF

ARDC Administrator

Web: https://www.ardc.net


On 16 Feb 2024, at 19:58, lu3vea--- via 44net <44net@mailman.ampr.org> wrote:

I have tried it but I don't get a response either.
I see the outbound traffic in the interface but nothing comes back.

I also tried this script with the same results:

#!/bin/bash

#####
# Variables
#
my_ampr_network="44.153.0.0/16"      # This is your CIDR AMPRNet Network segment
my_ampr_tunnel_ip="44.153.160.32/32" # This is your Tunnel IP Address
ampr_ripd_password="thePassword"     # Enter the RIPD AMPRNet password
external_interface="bridge0"         # External interface address
internal_interface="bridge0:44"      # Internal interface address

echo "#### VARIABLES ####"
echo "my_ampr_network= $my_ampr_network"
echo "my_ampr_tunnel_ip=$my_ampr_tunnel_ip"
echo "ampr_ripd_password=$ampr_ripd_password"
echo "external_interface=$external_interface"
echo "internal_interface=$internal_interface"

###################################################################
echo "##    PART I  -- Enable IPIP Tunnel, Forwarding and Routing      ##"
###################################################################
echo "# Internal interface"
ifconfig $internal_interface $my_ampr_network up
wireshark -i $internal_interface &

echo "# Enable IP Forwarding"
sysctl -w net.ipv4.ip_forward=1

echo "# Enable IPIP tunnel and interface"
modprobe ipip
ip addr add $my_ampr_tunnel_ip dev tunl0

echo "# Set some tunnel interface options"
#    * Give the tunnel its own TTL of 64 hops enabling traceroute over the tunnel
#    * Bring up the interface
#    * Set the tunnel MTU
ip tunnel change ttl 64 mode ipip tunl0
ip link set dev tunl0 up
ifconfig tunl0 mtu 1480

echo "# Set AMPRNet routing table rules"
#    * Any packets from any AMPRNet space use routing table 44
#    * Any packets from my AMPRNet space use routing table 44
ip rule add to 44.0.0.0/9 table 44 priority 44
ip rule add to 44.128.0.0/10 table 44 priority 44
ip rule add from $my_ampr_network table 44 priority 45

echo "# Set AMPRNet routes"
#   * Default route out of AMPRNet is 169.228.34.84 (The Central AMPR Gateway)
#   * Set local route for AMPRNet on local AMPRNet interface
ip route add default dev tunl0 via 169.228.34.84 onlink table 44
ip route add $my_ampr_network dev $internal_interface table 44

echo "# Rest of the routes are added dynamically by the AMPR-RIPD routing Daemon."
echo "----------- START ampr-ripd -----------"
/usr/sbin/ampr-ripd -s -r -t 44 -i tunl0 -a $my_ampr_network -p $ampr_ripd_password -d &

###############################################################
echo "##    PART II  -- Enable Firewall and configure ruleset      ##"
###############################################################

echo "# Start Fresh - Flush all rules"
iptables -F
iptables -X

echo "# Setting default filter policy"
iptables -P INPUT DROP          # By default drop all incoming connections
iptables -P FORWARD DROP        # by default drop all forwarding connections
iptables -P OUTPUT ACCEPT       # By default allow outgoing connections


echo "# This prevents nested ipencap (if its coming from the tunnel, dont allow protocol 4)"
iptables -t raw -I PREROUTING -p 4 -i tunl0 -j DROP

####################################################################
echo "## Rules for traffic leaving this gateway node, AKA OUTPUT chain. ##"
##       That is, any traffic leaving from any local IP           ##
####################################################################
echo "# Drops destination unreachable replies to various probe responses"
iptables -A OUTPUT -p icmp --icmp-type destination-unreachable -j DROP

echo "# Allow rest outgoing traffic from this gw"
iptables -A OUTPUT -j ACCEPT


###################################################################
echo "## Rules for traffic leaving this gateway node, AKA INPUT chain. ##"
##        That is, any traffic destined to any local IP          ##
###################################################################

echo "# Allow tunnel traffic (ip proto 4) on external interface"
iptables -p 4 -A INPUT -i $external_interface -j ACCEPT

echo "# Allow unlimited traffic on loopback and local eth 44 Net adapters"
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i $internal_interface -j ACCEPT

echo "# Allow established sessions to receive traffic back"
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

echo "# Allow incoming ssh/icmp/ampr-ripd"
iptables -A INPUT -p tcp --sport 1024:65535 --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p icmp -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p udp --dport 520 -j ACCEPT

echo "# drop the rest"
iptables -A INPUT -j DROP


#####################################################################
echo "##      Forwarding for traffic passing though this gateway         ##"
## That is, any traffic going to or from the local AmprNet segment ##
#####################################################################
echo "# This prevents a general loop - If the traffic comes in the tunnel, dont send it back out the same way"
iptables -I FORWARD -i tunl0 -o tunl0 -j DROP

echo "# Drop any traffic leaving via the tunnel that is not from the local AmprNet"
iptables -I FORWARD ! -s $my_ampr_network -o tunl0 -j DROP

echo "# Allow established sessions to receive traffic"
iptables -A FORWARD -m conntrack -d $my_ampr_network --ctstate ESTABLISHED,RELATED -j ACCEPT

echo "# Allow ssh/icmp connections to my AmprNet"
iptables -A FORWARD -p tcp --sport 1024:65535 -d $my_ampr_network --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A FORWARD -p icmp -d $my_ampr_network -m state --state NEW,ESTABLISHED -j ACCEPT

echo "#Drop unwanted traffic from leaking out-or coming in (smb discovery, etc)"
iptables -A FORWARD -p udp --dport 10001 -j DROP
iptables -A FORWARD -p udp --dport 137:139 -j DROP
iptables -A FORWARD -p udp --dport 5678 -j DROP

echo "# Drops destination unreachable replies to various probe responses"
iptables -A FORWARD -p icmp --icmp-type destination-unreachable -j DROP

echo "# Finally, allow outgoing connections from the local AmprNet"
iptables -A FORWARD -s $my_ampr_network -j ACCEPT

echo "# Anything else, drop it"
iptables -A FORWARD -j DROP
_______________________________________________
44net mailing list -- 44net@mailman.ampr.org
To unsubscribe send an email to 44net-leave@mailman.ampr.org