I don't thing doing a src-nat will create any security breach, because NAT has this nice firewall side effect.
And you could do it only for a specific local machine, not for all.
If you use static address assignment, it is simple, if you use DHCP, then just reserve fixed addresses for 44net capable hosts, and mangle only those.
Myself, I use a VLAN for my machines, so basically they have dual connections. LAN and AMPR. But this option is not trivial since not network adapters support it, and not straight forward out of the box.
On 04.06.2017 03:59, lleachii--- via 44Net wrote:
Marius,
Fair enough, my friend. In the past I used ampr-ripd on a downstream Linux server. Since my GW/AMPR-Router is now on my border, it seems to be another anomaly that's the "nature of the beast".
As with all other system applications on a router, I'll have to brush up on my C (C++) to add an argument to specify SRC IP, if needed. I'll disable the discovery, it's not that major to me, until it enters DNS LOC.
Otherwise, I'll consider mangling all packets destined to 44/8 (that may cause another security issue) to use tunl0, even for those users at my QTH not possessing a Ham license.
Thanks and 73,
- Lynwood
KB3VWG
44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net