18 Jun
2015
18 Jun
'15
3:16 p.m.
On Wed, Jun 17, 2015 at 9:11 PM, Marius Petrescu <marius(a)yo2loj.ro> wrote:
Table 44, where all the tunnle routes reside, has to be used for ALL
outgoing 44net destinations, so that the proper tunnel gets selected.
So all packets 'to 44.0.0.0/8' have to go into table 44.
I'm still hoping you could explain the "why" of that statement. Even if a
specific 44 destination has a tunnel, it's only appropriate for your
gateway to use it if the source address is within your assigned subnet.
Unless I'm missing something, the only reason you should ever be forced to
use the tunnels for outbound packets is to prevent them from getting
filtered when using your assigned 44 source addresses on them.
using 'from 44.182.21.0/24' would direct all
packets generated by my
subnet to table 44. This would include internet traffic to non-ampr hosts
(e.g. 44.182.21.1 to www.google.com), which is not correct
Well, then I'm really confused as I thought that was intentional. Are you
trying to say that hosts on your assigned 44 net are only supposed to be
able to communicate with other 44 nets and not any other hosts on the
internet?
My understanding of the wiki doc is that it describes how to setup a
private network that NATs to the internet on your ISP's address and a
separate ham network that uses your assigned 44 IPs. Then the ham network
can tunnel traffic between you and other tunneled networks or the general
internet by tunneling to the ampr-gw.
Here's a matrix of how I think it's supposed to work:
- PrivateLAN -> InternetHosts = Uses default routing table and NAT
- PrivateLAN -> Assigned44LAN = Routes directly as both subnets direct
connected to gw
- PrivateLAN -> OtherIPIPLANs = Should use default routing table and NAT
(but likely doesn't due to what seems like a misconfiguration to me)
- Assigned44LAN -> PrivateLAN = Routes directly as both subnets direct
connected to gw
- Assigned44LAN -> OtherIPIPLANs = Uses 44 routing table and forwards
packets over IPIP tunnel
- Assigned44LAN -> InternetHosts = Uses default 0/0 route on 44 table and
IPIP tunnel to ampr-gw for forwarding to internet hosts
- OtherIPIPLANs -> Assigned44LAN = Packets appear on IPIP interface and
forwarded to directly connected subnet
- OtherIPIPLANs -> PrivateLAN = Not possible due to non-unique IP space on
private LAN
- InternetHosts -> Assigned44LAN = Packets appear on IPIP interface from
ampr-gw and forwarded to directly connected subnet
- InternetHosts -> PrivateLAN = Not possible due to non-unique IP space on
private LAN
- InternetHosts -> YourGWHost = Packets appear on ISP interface (can then
be configured to "port-forward" to LAN using NAT/PAT)
- YourGWHost -> Internet = Uses default route on default table and uses IP
of the egress interface (your ISP address)
- YourGWHost -> PrivateLAN = Packets egress on interface directly connected
to PrivateLAN with the source IP of that interface
- YourGWHost -> Assigned44LAN = Packets egress on interface directly
connected to your 44LAN with the source IP of that interface
- YourGWHost -> BGP-only44Net = Should be treated like any other internet
destination and egress the ISP interface; This doesn't work because of the
arbitrary "to 44/8 use table 44" rule that doesn't seem to have a valid
reason for existing.
If my logic is flawed somehow, please let me know which of the above cases
it relates to and hopefully we can clear this up once and for all. :)