3 Jun
2017
3 Jun
'17
8:16 p.m.
Marius,
I don't thing doing a src-nat will create any
security breach, because
NAT has this nice firewall side effect.
And you could do it only for a specific local machine, not for all.
If you use static address assignment, it is simple, if you use DHCP,
then just reserve fixed addresses for 44net capable hosts, and mangle
only those.
Myself, I use a VLAN for my machines, so basically they have dual
connections. LAN and AMPR. But this option is not trivial since not
network adapters support it, and not straight forward out of the box.
SNAT is
possible, and my machines are already on a VLAN, but no
"dual-connectivity" (I discovered another anomaly in the Linux Kernel
that makes ping-44.php fail). DHCP is not used on my 44LAN, but I could
implement it.
...but, this doesn't solve anything as you described, though, since (as
I noted) this only occurs because this is my REAL router. The only thing
I can do is make routes, mangles and policies specific to
44.60.44.1...or simply code an argument for SRC IP in ampr-ripd.
- Lynwood