Also, those who for some reason DO NOT USE what's called 'NAT-MASQUERADE' on their outbound WAN by default will have to make an iptbales rule to masquerade the traffic for this to work.
-Lynwood
On 04/23/2017 06:38 AM, lleachii@aol.com wrote:
What I forgot to mention though - is that my firewall rules and instructions on the Wiki do not currently permit this for security and zoning reasons.
My understanding from the route table, that I would reach:
- BGPed IPs
- and IPENCAPed subnets on BGPed 44 addresses
over my WAN interface.
I believe the following allow rule would be necessary:
iptables -I FORWARD -s <AMPRLAN> -d 44.0.0.0/8 -o eth0 -j ACCEPT
Those needing to block such access should make a similar rule to DROP. This still won't allow the BGP subnet to reach the 44 directly without a tunnel...but henc using the Public IP and going out the WAN...and we've discussed that in the past.
- Lynwood
PS: someone mentioned they cant reach me on aol.com, use gmail.