5 Aug
2015
5 Aug
'15
3:38 p.m.
Subject:
[44net] Scripts
From:
Steve L <kb9mwr(a)gmail.com>
Date:
08/05/2015 03:57 AM
To:
"44net(a)hamradio.ucsd.edu" <44net(a)hamradio.ucsd.edu>
So that got me thinking maybe this same concept could be applied to
the BGP'd subnets, forcing them to use masquerading. But rather a
rule on the source address, we set it for destinations.
Here is what I came up with. (Untested)
http://www.qsl.net/kb9mwr/wapr/tcpip/startampr-bgp
Basically I download a list of all the BGP'd subnets, and set a flag
like before and force them out as masqueraded.
I think it is preferable to IPIP encapsulate the traffic to a place where it can be sent
with its
original source address, over masquerading it to the public IP. When you have a default
route in table 44 pointing to AMPRGW it will work OK without requiring exceptions for BGP
routed subnets and it will also work to public internet. When you want to route only to
AMPRnet
you can use a 44.0.0.0/8 route to AMPRGW instead.
(instead of AMPRGW, you can also use a more specific gateway that is on a not
source-address
filtered host and is closer to you, when they want to provide that service. e.g. for
44.137.0.0/16
hosts our gateway can be used for that)
Unfortunately this still breaks in case an IPIP gateway is using an endpoint address
within
44.0.0.0/8
Rob