Greetings Augustine,
On Fri, 24 Mar 2017, David Ranch wrote:
Further, what would the technical termanology be for " forwarding all IPIP traffic received by your brother's computer to your computer over the local network" ??
It would be called "forwarding" or "routing". Anyway, I was thinking about your problem last night and I have a question and a fifth option:
- WHY is your brother's computer on the DMZ segment? Is there a specific
reason? If his computer is serving standard traffic like HTTP/HTTPS, DNS, SMTP, whatever, all of those things can be forwarded via your ISP provided router using a technology called "port forwarding. At this point, you could put YOUR computer on the DMZ segment and make things simpler. The only reason I can think of that your brother would want to keep his machine on the DMZ port is for some other specific GAMING reason. PC computer games that aren't NAT friendly are pretty rare these days but they still exist
If you rather keep your brother's computer on the DMZ port, I would recommend the final option at the end of Rob's email to keep things simple. A few things are going to be required per the Ubuntu HOWTO at http://wiki.ampr.org/wiki/Ubuntu_Linux_Gateway_Example :
- You'll ideally want a static IP from your ISP - it's not absolutely
required and if you don't have one, you'll want to setup a DynamicDNS system on the router from your ISP. Setting that up is outside the scope of this AMPR list and will be specific to your particular ISP supported router
As for the actual IPENCAP forwarding on your brother's computer, it's mostly strait forward. To make your Internet searches more successful if you have initial questions, do a search for "iptables gre protocol forwarding". GRE is another IP protocol similar to IPIP but far more common and thus you'll get more hits. From that search list, you'll find posts like:
http://www.linuxquestions.org/questions/linux-networking-3/port-forward-gre-...
and more to the pointhttps://lists.debian.org/debian-firewall/2004/04/msg00103.html
In that second URL, you'll want to substitute protocol 47 for protocol 4.
--David KI6ZHD
o Are you just trying to reach the worldwide AMRnet? o Do you have an antenna in the air and radio on 144.93 MHz? o Do you have an AMPRnet IP address assigned to you from the 44.102.1/24 subnet for Washtenaw county?
--- If so, then why not just set the JNOS default route (44/8) via your RF port to 44.102.1.1 (Hamgate.Washtenaw.AMPR.org). Then ALL 44 traffic will flow to and from you via the county Hamgate.
--- Otherwise, you have to request an entry be placed in the worldwide IPENCAP route table and *everyone* you ever wish to communicate with will *HAVE* to load that new table into their boxes in order to have a route back to you. For just ONE home station, that kinda sucks!
You are just a few miles from me, and you should be part of the Washtenaw subnet. Nope, just checked and you never aquired an IP address from the Michigan IP Coordinator (assuming w8awt.ampr.org) or you used something other than your callsign as your Hostname.
--- Jay WB8TKL