All,
I need to ask if any of the following have been noticed or by anyone before.
As I try to test a few things today, I:
- cannot forward IPENCAP traffic to another LAN destination while running ampr-ripd 1.16 on my router - cannot block IPENCAP traffic whatsoever at my WAN while running ampr-ripd 1.16 on my router - cannot block receipt of RIP44 packets from AMPRGW running ampr-ripd 1.16 on my router
Procedure:
When setting up LEDE:
-I observed that I no longer had firewall hits for RIP44 from AMPRGW - I removed the rule, and I still receive routes
Testing receipt of MACs on tunl0 today:
- I removed my rule allowing -p 4 from the IPSET of our GW IPs - I made a port forward rule for -p 4 to a LAN machine I setup with a tunl0 of 44.60.44.2 - I set up routes to use tunl0 - I pinged - Using Wireshark I never received traffic - My router saw no hits - I connected to http://44.60.44.10 to perform a traceroute to 8.8.8.8 - It still worked, even though I have no firewall rule! - the device is still in this configuration - and I noticed one 'leaked' packet that never made it to my test tunl0 interface - I notice that ampr-ripd 1.16 listens on protocol 4 instead of udp/520 as version 1.13 did
BUG:
It appears my firewall rules regarding IPENCAP/A.K.A. 'dev tunl0' packets - after upgrading from 1.13 to 1.16 are infective.
Need to test:
- If I configure a valid 44 IP on my router's tunl0, I assume ALL iptables rules for it COULD POSSIBLY be ineffective (since the RIP44 rule is) - If I can send routes in this configuration - If I can receive routes from someone else (with correct PW, of course) - If I receive IPENCAP packets from a non GW (since I have no method of it blocking, except if it exists ampr-ripd.c). Note - I'm not requesting this feature
I will test later today.
- Lynwood KB3VWG