3 Oct
2013
3 Oct
'13
6:43 p.m.
Anyone have the commands for Cisco IOS? If not I will work on it tonight...
73
Phil Pacier - AD6NH
On 10/3/2013 3:07 PM, lleachii(a)aol.com wrote:
(Please trim inclusions from previous messages)
_______________________________________________
All,
Many stations are suggesting that those with devices behind firewalls
simply add the device to the DMZ. This is an unsafe suggestion. I
worked on this issue for many months and discovered how to route
traffic through Linux Kernel, DD-WRT, OpenWRT and most D-Link based
routers. IP Protocol Number Four (4 - IPENCAP) must be allowed.
**In DD-WRT
1.) Browse to Administration > Commands
2.) Enter the commands either for either static or dynamic IP
configuration
3.) Click "Save Firewall"
**OpenWRT CLI
1.) Edit firewall "vi /etc/firewall.user"
2.) Enter the commands either for either static or dynamic IP
configuration
3.) Save file and quit vi editor
4.) Reboot Device
**OpenWRT LuCI GUI Option #1 (Recmmonded)
1.) Browse to: Network > Firewall > Port Forwards > New Port forward
2.) Enter the following information:
- Name:<enter name>
- Protocol:<select "other">
- External Port <leave blank, IPENCAP protocol does not use port numbers>
- Internal Zone <lan>
- Internal IP address <IP of you 44GW Device>
- Internal Port <leave blank, IPENCAP protocol does not use port numbers>
3.) Click "Add"
4.) Browse to: Network > Firewall > Port Forwards
5.) Click "edit" on the new entry
6.) Change "protocol" to --custom--
7.) The protocol dropdown will change to a textbox, enter "4" in the box
8.) Click "Save & Apply"
**OpenWRT LuCI GUI Option #2
1.) Browse to: Network > Firewall > Custom Rules
2.) Enter the commands either for either static or dynamic IP
configuration
3.) Click "Save & Apply"
**On D-Link
1.) Browse to Network Settings > Advanced > Virtual Server
2.) Add name and IP address of 44GW, or select IP from the list and
click the "<<" button
3.) Change Protocol to "Other" and enter "4" in the box under
Protocol
4.) Click "Save Settings"
**Command for Static IP (tested on DD-WRT and OpenWRT):
iptables -t nat -I PREROUTING -p ipencap -d <GW Public IP> -j DNAT
--to-destination <GW LAN IP>
iptables -t filter -I FORWARD -p ipencap -d <GW LAN IP> -j ACCEPT
**Command for Dynamic IP - (WAN is vlan1 in DD-WRT in OpenWRT it is
usually eth0.1):
iptables -t nat -I PREROUTING -p ipencap -i vlan1 -j DNAT
--to-destination <GW LAN IP>
iptables -t filter -I FORWARD -p ipencap -d <GW LAN IP> -j ACCEPT
73,
Lynwood
KB3VWG
_________________________________________
44Net mailing list
44Net(a)hamradio.ucsd.edu
http://hamradio.ucsd.edu/mailman/listinfo/44net
http://www.ampr.org/donate.html