2 Jan
2021
2 Jan
'21
4:05 a.m.
On 1/2/21 4:08 AM, Steve L via 44Net wrote:
You are correct there are a number of gateways with errors
The most common logged error is "3 [19] dropped: non-44 inner source address"
A common problem is users sending tunneled packets with their public IP as the
source
address in the inner header. That often happens when routing and applications are done
on the same machine, applications are offered on the public IP, and a simple routing
table without policy routing is used.
I.e. there is no separate routing table for the tunnel traffic, but rather everything is
in a
single table. When a request is sent to the public IP from a net44 source (being routed
over the public internet), the reply is routed back via the IPIP tunnel mesh. Wrong.
One should use policy routing so that traffic from non-net44 addresses in the own network
is routed directly to the internet default gw, and only traffic with net44 source address
is
routed via the IPIP mesh.
The examples on www.ampr.org show how to do that in Linux.
(the "ip rule" stuff)
Rob