3 Jun
2017
3 Jun
'17
8:07 p.m.
I don't thing doing a src-nat will create any security breach, because
NAT has this nice firewall side effect.
And you could do it only for a specific local machine, not for all.
If you use static address assignment, it is simple, if you use DHCP,
then just reserve fixed addresses for 44net capable hosts, and mangle
only those.
Myself, I use a VLAN for my machines, so basically they have dual
connections. LAN and AMPR. But this option is not trivial since not
network adapters support it, and not straight forward out of the box.
On 04.06.2017 03:59, lleachii--- via 44Net wrote:
Marius,
Fair enough, my friend. In the past I used ampr-ripd on a downstream
Linux server. Since my GW/AMPR-Router is now on my border, it seems to
be another anomaly that's the "nature of the beast".
As with all other system applications on a router, I'll have to brush
up on my C (C++) to add an argument to specify SRC IP, if needed. I'll
disable the discovery, it's not that major to me, until it enters DNS
LOC.
Otherwise, I'll consider mangling all packets destined to 44/8 (that
may cause another security issue) to use tunl0, even for those users
at my QTH not possessing a Ham license.
Thanks and 73,
- Lynwood
KB3VWG
_________________________________________
44Net mailing list
44Net(a)hamradio.ucsd.edu
http://hamradio.ucsd.edu/mailman/listinfo/44net