Dear Folks,
I'm trying to set up an AMPRnet gateway at home and am running into some problems. Has anyone successfully configured a BSD-based gateway that would be willing to give me some pointers?
Some details of my setup:
* I have a comcast business-class circuit with a static IP address that I've dedicated to 44net traffic (23.30.150.141). * I have an AMPRnet network allocation (44.44.107.0/24). * The Comcast router is configured as simply a router: all NATing and firewalling is disabled and I can see tunneled traffic arriving at the external NIC of my (non-comcast) router (specifically, I see RIPv2 packets with 44net routing information in them). * My "real" router is a Ubiquiti EdgeRouter Lite running OpenBSD 5.9. I have the three ethernet interfaces on the ERL configured as follows:
cnmac0: flags=8b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST> mtu 1500 lladdr 44:d9:e7:9f:a7:64 priority: 0 groups: egress media: Ethernet autoselect (1000baseT full-duplex) status: active inet 23.30.150.141 netmask 0xfffffff8 broadcast 23.30.150.143 cnmac1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 lladdr 44:d9:e7:9f:a7:65 priority: 0 media: Ethernet autoselect (1000baseT full-duplex) status: active inet 192.168.129.4 netmask 0xffffff00 broadcast 192.168.129.255 cnmac2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 lladdr 44:d9:e7:9f:a7:66 priority: 0 media: Ethernet autoselect (none) status: no carrier inet 44.44.107.1 netmask 0xffffff00 broadcast 44.44.107.255
Where I'm getting tripped up is in figuring out where to go from here.
It seems like what I want to do is configure a gif(4) interface for tunnel traffic, but my attempts at doing so all seem to fail, and documentation for setting up an IPENCAP tunnel is related to setting up IPsec gateways; my attempts at transliterating from the examples for e.g. Linux and Cisco et al have failed.
If someone has gone down this road before and has a working setup, that would be tremendously helpful. If someone could send me output from 'ifconfig -a' and/or 'netstat -rn -f inet' and possibly some 'tcpdump' output, I could probably muddle through the rest. If there are any caveats in setting up a 'pf' based firewall, that would be helpful as well. If not, I suppose my next step will be to reinstall RouterOS on the ERL, try and get everything configured, and then see if I can replicate under BSD.
Much thanks in advance! 73 de AC2OI,
- Dan C.