16 Mar
2020
16 Mar
'20
3:47 a.m.
* Some of you query the NTP with your Public IP thru
AMPRGW instead of directly to me thru the mesh (just a note to make your SRC IP an AMPR
address, not your Public IP - I may disable your access thru AMPGW in the future, as
it's announced as "AMPR-only")
Unfortunately it is quite common for gateway stations to send tunneled traffic towards
44net addresses (via IPIP) with a public IP as the source.
I normally block all such traffic, except when the public IP is the gateway public address
(as I got tired of trying to reach sysops where this error was present).
People *should really use* proper source address selection and policy routing and NOT send
tunnel traffic with other than 44net traffic (both source and destination) inside it to
any gateway station except by prior agreement.
(e.g. AMPRGW can send traffic from a 44net address to public destination addresses, and so
can some gateways)
To make life easier, DO NOT TRY to setup a gateway on the same system where your
applications are also running, unless you have good knowledge of networking configuration
and know about such concepts as policy routing (ip route rule, multiple route tables) and
setting a preferred source address in a route.
When you use a separate router and application machine, such errors are much less likely
to occur, and configuring the firewall is also much easier.
Get a separate Pi or MikroTik or whatever to run your gateway, and then have a PC or
another system to run your BBS or conference or whatever you want to run on AMPRnet!
Rob