Ok, I've added this now:
/ip firewall mangle add action=mark-packet chain=prerouting in-interface=ampr-gw new-packet-mark=ampr-gw /ip firewall nat add action=masquerade chain=srcnat out-interface=ampr-gw /ip route add distance=1 gateway=ampr-gw routing-mark=ampr-gw
and I still have /interface ipip add local-address=99.173.137.24 name=ampr-gw remote-address=169.228.66.251
So, it seems that is a better setup to get replies sent out to amprgw, but the trouble remains that I still haven't been getting traffic in from the gw EXCEPT for rip multicast (Im rxing traffic for dst address 224.0.0.9). The address should be 44.34.128.1.
On Thu, Jan 30, 2014 at 1:08 AM, Ryan Elliott Turner ryan.e.t@gmail.comwrote:
Thanks for the tips, I'll add and change the routes. I'm still curious what else I'm missing though, since my address 44.34.128.1 is not pingable from the internet (but it was via the 44.24.240.0 net that I have an ipip setup for). On Jan 30, 2014 1:02 AM, "Marius Petrescu" marius@yo2loj.ro wrote:
(Please trim inclusions from previous messages) _______________________________________________ Ryan, the route there creates the problem...
/interface ipip add local-address=99.173.137.24 name=ampr-gw
remote-address=169.228.66.251
/ip route add distance=1 dst-address=44.0.0.0/8 gateway=ampr-gw
You try to push the 44.0.0.0/8 traffic to the tunnel. That traffic belongs elsewhere... The host you are pinging in 44 space expects you to do it via a direct tunnel, not via amprgw.
You need this kind of rules for outgoing traffic:
- For src 44.0.0.0/8 to 44.0.0.0/8 it has to go to your ipip tunnels
- For src 44.0.0.0/8 to any it is passed to amprgw if the connection
originated from the ampr tunnel (connection mark is your friend here).
- For src 44.0.0.0/8 to any it is passed to amprgw (I would masquerade
to the public IP to reduce de load on amprgw instead of this).
FYI: amprgw does not respond to ping if addressesd via the tunnel, only if pinged from the internet.
Maybe these ideas help.
MArius, YO2LOJ
44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net