NAT is NOT needed to go from 44 addresses to the internet using 44-net addresses..
You need to create proper routes and rules to direct any traffic originating from a 44 address to any routable IPs (except those for which you have direct tunnels - which happens by default if the routes are in the same routing table) to be sent via the ampr-gw. And if you want incoming traffic initiated from public IPs as well, you need to add proper settings to forward it to the proper 44-net hosts and, VERY IMPORTANT, to ensures the replies go out the same way they got in (via ampr-gw).
But there is a discussion about the fact if this is really needed and if there could be another solution which reduces the load on the ampr-gw.
If you access a public internet site, it actually does not matter to much if you access it using your public gateway address or your 44 address. Google and Youtube don't care about that. And the same goes for 99.99% of internet hosts.
So in my opinion the best approach would be to send only traffic with 44 origin and 44 destination not in other routes via ampr-gw, to preserve your original 44 IP. All the rest should be NAT-ed to your public gateway IP, not your gateway's 44 net, in order to circumvent the whole 44net completely. This will give you better speed, better response times and will ease the work of the ampr gateway.
So, to wrap up: - to your routing table holding all tunnel routes, add a route like <your subnet> to 44.0.0.0/0 via ampr-gw - to your routing table holding all tunnel routes, add a route like <your subnet> to 0.0.0.0/0 via your WAN (doing NAT)
To allow incoming connections (Only if you really need to - your exposing your hosts !!!): - mark incoming new connections from ampr-gw with a connection mark - mark connections originating from your local 44 hosts having the previous connection mark with a routing mark corresponding to a routing table having its default route via ampr-gw
Marius, YO2LOJ
On 2016-10-05 02:00, Leon Zetekoff wrote:
(Please trim inclusions from previous messages) _______________________________________________ if you want to go to the internet from 44net you need to NAT. you should also have a firewall to deal with those issues as well
also you want to NAT if you go from a non-routable to 44net
leon
On 10/4/2016 6:52 PM, Tom Hayward wrote:
(Please trim inclusions from previous messages) _______________________________________________ On Tue, Oct 4, 2016 at 3:16 PM, Leon Zetekoff wa4zlw@backwoodswireless.net wrote:
make sure any internet bound traffic is NATted (masquerade it)
Why? What's the point of 44net if you NAT?
Tom _________________________________________ 44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net