Just to clarify this: The unterstanding on how a full mesh works is wrong.
Now, suppose the public user connects to 44.44.44.44. His packet comes in via the UCSD gateway and over the AMPRnet link to that gateway to my
amprnet
interface, 44.44.44.44. The reply should go back out the 44.44.44.44 interface, via the AMPRnet, through the UCSD gateway, and back to the
user.
No. It doesn't. If the user connects from 44.44.44.44 his packet comes directly via the IPIP tunnel, not via the UCSD gateway. And that user will have an encap route set up by the routing daemon pointing back directly to his machine. The answer will be IPIP encapsulated end sent back directly. The UCSD gateway is not involved in this case.
But if the user connects to 101.102.103.104, the reply should go out my regular LAN interface to my local NAT/FW where it's public IP address is re-applied, and it goes direct to the user.
This is correct, as long as the user connects to the gateways public IP. And routing is correct in this case.
And the third case Arno was talking about: The user with a regular IP connects to an ampr IP address. Then it will be routed via UCSD gateway and sent IPIP encapsulated to the gateway IP. It is decapsulated and will contain packets from 1.2.3.4 (the users public ip) to let's say, 44.1.1.1 (our ampr address). The answer has to go back via that tunnel at UCSD, from 44.1.1.1 to 1.2.3.4, IPIP encapsulated from our public IP to the UCSD gateway.
Marius, YO2LOJ