Anyone have the commands for Cisco IOS? If not I will work on it tonight...
73 Phil Pacier - AD6NH
On 10/3/2013 3:07 PM, lleachii@aol.com wrote:
(Please trim inclusions from previous messages) _______________________________________________ All,
Many stations are suggesting that those with devices behind firewalls simply add the device to the DMZ. This is an unsafe suggestion. I worked on this issue for many months and discovered how to route traffic through Linux Kernel, DD-WRT, OpenWRT and most D-Link based routers. IP Protocol Number Four (4 - IPENCAP) must be allowed.
**In DD-WRT
1.) Browse to Administration > Commands 2.) Enter the commands either for either static or dynamic IP configuration 3.) Click "Save Firewall"
**OpenWRT CLI
1.) Edit firewall "vi /etc/firewall.user" 2.) Enter the commands either for either static or dynamic IP configuration 3.) Save file and quit vi editor 4.) Reboot Device
**OpenWRT LuCI GUI Option #1 (Recmmonded)
1.) Browse to: Network > Firewall > Port Forwards > New Port forward 2.) Enter the following information:
- Name:<enter name>
- Protocol:<select "other">
- External Port <leave blank, IPENCAP protocol does not use port numbers>
- Internal Zone <lan>
- Internal IP address <IP of you 44GW Device>
- Internal Port <leave blank, IPENCAP protocol does not use port numbers>
3.) Click "Add" 4.) Browse to: Network > Firewall > Port Forwards 5.) Click "edit" on the new entry 6.) Change "protocol" to --custom-- 7.) The protocol dropdown will change to a textbox, enter "4" in the box 8.) Click "Save & Apply"
**OpenWRT LuCI GUI Option #2
1.) Browse to: Network > Firewall > Custom Rules 2.) Enter the commands either for either static or dynamic IP configuration 3.) Click "Save & Apply"
**On D-Link
1.) Browse to Network Settings > Advanced > Virtual Server 2.) Add name and IP address of 44GW, or select IP from the list and click the "<<" button 3.) Change Protocol to "Other" and enter "4" in the box under Protocol 4.) Click "Save Settings"
**Command for Static IP (tested on DD-WRT and OpenWRT):
iptables -t nat -I PREROUTING -p ipencap -d <GW Public IP> -j DNAT --to-destination <GW LAN IP> iptables -t filter -I FORWARD -p ipencap -d <GW LAN IP> -j ACCEPT
**Command for Dynamic IP - (WAN is vlan1 in DD-WRT in OpenWRT it is usually eth0.1):
iptables -t nat -I PREROUTING -p ipencap -i vlan1 -j DNAT --to-destination <GW LAN IP> iptables -t filter -I FORWARD -p ipencap -d <GW LAN IP> -j ACCEPT
73,
Lynwood KB3VWG _________________________________________ 44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net http://www.ampr.org/donate.html