I have tried it but I don't get a response either. I see the outbound traffic in the interface but nothing comes back.
I also tried this script with the same results:
#!/bin/bash
##### # Variables # my_ampr_network="44.153.0.0/16" # This is your CIDR AMPRNet Network segment my_ampr_tunnel_ip="44.153.160.32/32" # This is your Tunnel IP Address ampr_ripd_password="thePassword" # Enter the RIPD AMPRNet password external_interface="bridge0" # External interface address internal_interface="bridge0:44" # Internal interface address
echo "#### VARIABLES ####" echo "my_ampr_network= $my_ampr_network" echo "my_ampr_tunnel_ip=$my_ampr_tunnel_ip" echo "ampr_ripd_password=$ampr_ripd_password" echo "external_interface=$external_interface" echo "internal_interface=$internal_interface"
################################################################### echo "## PART I -- Enable IPIP Tunnel, Forwarding and Routing ##" ################################################################### echo "# Internal interface" ifconfig $internal_interface $my_ampr_network up wireshark -i $internal_interface &
echo "# Enable IP Forwarding" sysctl -w net.ipv4.ip_forward=1
echo "# Enable IPIP tunnel and interface" modprobe ipip ip addr add $my_ampr_tunnel_ip dev tunl0
echo "# Set some tunnel interface options" # * Give the tunnel its own TTL of 64 hops enabling traceroute over the tunnel # * Bring up the interface # * Set the tunnel MTU ip tunnel change ttl 64 mode ipip tunl0 ip link set dev tunl0 up ifconfig tunl0 mtu 1480
echo "# Set AMPRNet routing table rules" # * Any packets from any AMPRNet space use routing table 44 # * Any packets from my AMPRNet space use routing table 44 ip rule add to 44.0.0.0/9 table 44 priority 44 ip rule add to 44.128.0.0/10 table 44 priority 44 ip rule add from $my_ampr_network table 44 priority 45
echo "# Set AMPRNet routes" # * Default route out of AMPRNet is 169.228.34.84 (The Central AMPR Gateway) # * Set local route for AMPRNet on local AMPRNet interface ip route add default dev tunl0 via 169.228.34.84 onlink table 44 ip route add $my_ampr_network dev $internal_interface table 44
echo "# Rest of the routes are added dynamically by the AMPR-RIPD routing Daemon." echo "----------- START ampr-ripd -----------" /usr/sbin/ampr-ripd -s -r -t 44 -i tunl0 -a $my_ampr_network -p $ampr_ripd_password -d &
############################################################### echo "## PART II -- Enable Firewall and configure ruleset ##" ###############################################################
echo "# Start Fresh - Flush all rules" iptables -F iptables -X
echo "# Setting default filter policy" iptables -P INPUT DROP # By default drop all incoming connections iptables -P FORWARD DROP # by default drop all forwarding connections iptables -P OUTPUT ACCEPT # By default allow outgoing connections
echo "# This prevents nested ipencap (if its coming from the tunnel, dont allow protocol 4)" iptables -t raw -I PREROUTING -p 4 -i tunl0 -j DROP
#################################################################### echo "## Rules for traffic leaving this gateway node, AKA OUTPUT chain. ##" ## That is, any traffic leaving from any local IP ## #################################################################### echo "# Drops destination unreachable replies to various probe responses" iptables -A OUTPUT -p icmp --icmp-type destination-unreachable -j DROP
echo "# Allow rest outgoing traffic from this gw" iptables -A OUTPUT -j ACCEPT
################################################################### echo "## Rules for traffic leaving this gateway node, AKA INPUT chain. ##" ## That is, any traffic destined to any local IP ## ###################################################################
echo "# Allow tunnel traffic (ip proto 4) on external interface" iptables -p 4 -A INPUT -i $external_interface -j ACCEPT
echo "# Allow unlimited traffic on loopback and local eth 44 Net adapters" iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -i $internal_interface -j ACCEPT
echo "# Allow established sessions to receive traffic back" iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
echo "# Allow incoming ssh/icmp/ampr-ripd" iptables -A INPUT -p tcp --sport 1024:65535 --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -p icmp -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -p udp --dport 520 -j ACCEPT
echo "# drop the rest" iptables -A INPUT -j DROP
##################################################################### echo "## Forwarding for traffic passing though this gateway ##" ## That is, any traffic going to or from the local AmprNet segment ## ##################################################################### echo "# This prevents a general loop - If the traffic comes in the tunnel, dont send it back out the same way" iptables -I FORWARD -i tunl0 -o tunl0 -j DROP
echo "# Drop any traffic leaving via the tunnel that is not from the local AmprNet" iptables -I FORWARD ! -s $my_ampr_network -o tunl0 -j DROP
echo "# Allow established sessions to receive traffic" iptables -A FORWARD -m conntrack -d $my_ampr_network --ctstate ESTABLISHED,RELATED -j ACCEPT
echo "# Allow ssh/icmp connections to my AmprNet" iptables -A FORWARD -p tcp --sport 1024:65535 -d $my_ampr_network --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A FORWARD -p icmp -d $my_ampr_network -m state --state NEW,ESTABLISHED -j ACCEPT
echo "#Drop unwanted traffic from leaking out-or coming in (smb discovery, etc)" iptables -A FORWARD -p udp --dport 10001 -j DROP iptables -A FORWARD -p udp --dport 137:139 -j DROP iptables -A FORWARD -p udp --dport 5678 -j DROP
echo "# Drops destination unreachable replies to various probe responses" iptables -A FORWARD -p icmp --icmp-type destination-unreachable -j DROP
echo "# Finally, allow outgoing connections from the local AmprNet" iptables -A FORWARD -s $my_ampr_network -j ACCEPT
echo "# Anything else, drop it" iptables -A FORWARD -j DROP