25 Mar
2014
25 Mar
'14
9:24 a.m.
"Replace your router with a PFsense firewall (FREE) and all these
problems go away. Networking is NOT hard, it is only the "band aid"
solutions that cheap hardware has forced us into, that makes
networking difficult (NAT, DNAT, PnP, etc.)."
I run pFsense here at NI2O and whilst is runs flawlessly I would not
say that it was trivial to get it working for 44net IPENCAP. Indeed,
using its supplied GUI there was no way in which I could allow any of
our protocols to traverse the firewall. In the end I found a very
obscure mailing list posting from someone trying to do the exact same
thing as me back in 2004. The solution was to edit the /etc/protocols
file to enable the ones I wanted (IPENCAP/IPIP/AX.25) and then also
edit the GUI web pages so that one could select those protocols in the
drop down lists when making new rules. The end result is great but it
was a PITA getting there.
Should I write this up? Would it be useful to anyone other than me?
Mark
On Tue, Jan 28, 2014 at 8:48 AM, Jay Nugent <jjn(a)nuge.com> wrote:
(Please trim inclusions from previous messages)
_______________________________________________
Greetings,
On Tue, 28 Jan 2014, YT9TP - Pedja wrote:
(Please trim inclusions from previous messages)
_______________________________________________
On 28.01.14. 02:23, Jay Nugent wrote:
It takes NO hacking at all except to get around junk routers. Replace
your router with a PFsense firewall (FREE) and all these problems go away.
Networking is NOT hard, it is only the "band aid" solutions that cheap
hardware has forced us into, that makes networking difficult (NAT, DNAT,
PnP, etc.).
--- Jay WB8TKL
_________________________________________
44Net mailing list
44Net(a)hamradio.ucsd.edu
http://hamradio.ucsd.edu/mailman/listinfo/44net
I have never understood why so many people can't seem to wrap their
heads around IPIP Encap? It is SOOOOooooo easy to use. The drawback
seems to be *cheap junk* consumer gateway routers that have no
understanding of protocols other than TCP and UDP. IPIP-Encap is NOT
TCP and is a protocol unto itself, and so many cheap routers have no
idea how to just pass these packets.
As far as I recall, it not problem in cheap routers but expensive too, as
the only
platform that supports custom IPIP used for 44NET is linux box, and even
that
needs to be customized.
If IPIP is widely supported that would be ok solution. But this is custom
solution that needs hacking just to make it work.