I've recently installed Marius YO2LOJ's RIPv2 AMPR Gateway Setup Script
2.2 on a Mikrotik RB450G. RouterOS is version 6.37.3, I have
44.131.56.241 configured on the ucsd-gw interface and 44.131.56.9/29 on
ether5 for my LAN. It seems to work well and I can access 44net hosts
from a 44net machine on the LAN.
I'm filtering traffic on the WAN interface of the router to only permit
ipip traffic, however I still see traffic from outside 44/8 - mainly tcp
syn packets to port 23 appearing on the LAN. These must be coming down
via a tunnel and I'd like to filter them out. I've implemented an output
rule to permit traffic from 44/8 to 44/8 and drop everything else,
applied this to ether5. Is there a better way to implement this? I
would like to filter on the WAN side but that would mean a firewall
input rule on every tunnel.
Thanks,
--
Nick G4IRX