Re: [44net] Tunnel setup help: Debian 11

I still can't ping my AMPR IP: I could receive RIPv2 password Here is a recap of all the configuration I did: /etc/network/interfaces # The loopback network interface auto lo iface lo inet loopback # The primary network interface allow-hotplug ens3 iface ens3 inet dhcp iface ens3 inet6 static address 2605:6400:20:1920:8af7:f451:cb26:a3f8 netmask 48 gateway 2605:6400:20::1 auto ampr0 iface ampr0 inet static address 44.26.0.168 netmask 255.255.255.248 /etc/rc.local iptables -A INPUT -p 4 -j ACCEPT ## Configure Tunnel (put your ISP you received from your ISP Here). ip tunnel add ampr0 mode ipip local 209.141.42.9 ttl 255 ## Bring it up ip link set dev ampr0 up ## Enable Multicast in order to receive routes ifconfig ampr0 multicast ## Configure Policy Based routing # Packets to 44/8 network use routing table 44 ip rule add to 44.0.0.0/8 table 44 priority 44 # Packets from our 44 subnet use table 44 (put your AMPRNet Subnet here) ip rule add from 44.26.0.168/29 table 44 priority 45 ip route add default dev ampr0 via 169.228.34.84 onlink table 45 ## Configure static routes # Default route for table 44 is to send traffic to amprnet gateway at

ip route add default dev ampr0 via 169.228.34.84 onlink table 44 # Route packets for our net to local interface (put your AMPRNet Subnet here) ip route add 44.26.0.168/29 dev ens3 table 44 ## Start ampr-ripd to learn rest of mesh routes # Be sure to substitute the password you found earlier for

# Put your static IP you received from your ISP here. /usr/bin/ampr-ripd -s -i ampr0 -a 209.141.42.9 -t 44 -p pLaInTeXtpAsSwD iptables -t mangle -A PREROUTING -i ampr0 -s 44.0.0.0/9 -j RETURN iptables -t mangle -A PREROUTING -i ampr0 -s 44.128.0.0/10 -j RETURN iptables -t mangle -A PREROUTING -i ampr0 -j CONNMARK --set-mark 45 iptables -t mangle -A OUTPUT -m connmark --mark 45 -j CONNMARK --restore-mark iptables -t mangle -A PREROUTING ! -i ampr0 -m connmark --mark 45 -j CONNMARK --restore-mark exit 0 ________________________________ From: 44Net <44net-bounces+dnwk=linkun.info(a)mailman.ampr.org> on behalf of Marius Petrescu via 44Net <44net(a)mailman.ampr.org> Sent: Thursday, November 4, 2021 14:45 To: 44net(a)mailman.ampr.org <44net(a)mailman.ampr.org> Cc: Marius Petrescu <marius(a)yo2loj.ro> Subject: Re: [44net] Tunnel setup help: Debian 11 That's because that setup does not allow that, because replies will go out your main default route, from table main. There should be another routing table, let's say 45, holding only a single default route: ip route add default dev ampr0 via 169.228.34.84 onlink table 45 And you need to connection mark any incoming new connection from ampr0 NOT in 44.0.0.0/9 or 44.128.0.0/10 with that connection mark, and then mark any packet with that connection mark with routing mark 45. This will ensure the replies coming from ampr0 go back the way they came in... So basically you need this: iptables -t mangle -A PREROUTING -i ampr0 -s 44.0.0.0/9 -j RETURN iptables -t mangle -A PREROUTING -i ampr0 -s 44.128.0.0/10 -j RETURN iptables -t mangle -A PREROUTING -i ampr0 -j CONNMARK --set-mark 45 iptables -t mangle -A OUTPUT -m connmark --mark 45 -j CONNMARK --restore-mark iptables -t mangle -A PREROUTING ! -i ampr0 -m connmark --mark 45 -j CONNMARK --restore-mark But be aware, this will get the door wide open from the internet to your internal network, so setting up some firewall rules would be useful... Marius, YO2LOJ On 04/11/2021 23:28, KUN LIN via 44Net wrote: found the password. > > And then I proceed to setup rc.local as documented in that wiki

However, I still can't ping my AMPR IP from Internet. > > -- rc.local > > ### > ## Create AMPRNet Tunnel and routing > ## > > ## Configure Tunnel (put your ISP you received from your ISP Here). > ip tunnel add ampr0 mode ipip local 209.141.42.9 ttl 255 > > ## Bring it up > ip link set dev ampr0 up > > ## Enable Multicast in order to receive routes > ifconfig ampr0 multicast > > ## Configure Policy Based routing > # Packets to 44/8 network use routing table 44 > ip rule add to 44.0.0.0/8 table 44 priority 44 > > # Packets from our 44 subnet use table 44 (put your AMPRNet Subnet

UCSD here) <SecretPassword> received> > > ________________________________ > From: 44Net &lt;44net-bounces+dnwk=linkun.info(a)mailman.ampr.org&gt; on

of Steve L via 44Net &lt;44net(a)mailman.ampr.org&gt; Waiting for RIPv2 broadcasts... and never retrieve a password. > You don't need to run the find password script or specify a password > if you are using ampr-ripd above version 1.14 (its hardcoded in the > program). But I do believe even if you run that, it should retrieve > it. > > I usually start off really stripped down, with all firewall stuff off > till I know I am receiving the protocol 4 rip broadcasts. > > Do you see anything with tcpdump ? > tcpdump -i eth0 -vvv host amprgw.ucsd.edu or ip proto \\icmp > > If not, then something upstream is blocking protocol 4 from reaching > you. Seems like it might be outside of your home if your configuring > the interface directly with a public IP > > In the iptables world, here is the ipencap (protocol 4) syntax: > iptables -A INPUT -p 4 -j ACCEPT > > On Wed, Nov 3, 2021 at 6:11 PM KUN LIN via 44Net <

wrote: success. Could someone please point me to the right direction. in the AMPR portal as gateway. https://wiki.ampr.org/wiki/Ubuntu_Linux_Gateway_Example Waiting for RIPv2 broadcasts... and never retrieve a password. plug into lat command Here is the logs for command ens3. _________________________________________ 44Net mailing list 44Net(a)mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net _________________________________________ 44Net mailing list 44Net(a)mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net