23 Apr
2017
23 Apr
'17
10:04 a.m.
Also, those who for some reason DO NOT USE what's called
'NAT-MASQUERADE' on their outbound WAN by default will have to make an
iptbales rule to masquerade the traffic for this to work.
-Lynwood
On 04/23/2017 06:38 AM, lleachii(a)aol.com wrote:
What I forgot to mention though - is that my firewall
rules and
instructions on the Wiki do not currently permit this for security and
zoning reasons.
My understanding from the route table, that I would reach:
- BGPed IPs
- and IPENCAPed subnets on BGPed 44 addresses
over my WAN interface.
I believe the following allow rule would be necessary:
iptables -I FORWARD -s <AMPRLAN> -d 44.0.0.0/8 -o eth0 -j ACCEPT
Those needing to block such access should make a similar rule to DROP.
This still won't allow the BGP subnet to reach the 44 directly without
a tunnel...but henc using the Public IP and going out the WAN...and
we've discussed that in the past.
- Lynwood
PS: someone mentioned they cant reach me on aol.com, use gmail.