Re: [44net] Linux tunnel gateway configuration?

Hello, I post my working setup () with step by step instructions... Could be wrong (but it works) Prerequisites and assumptions: - IPv4 network is working, usual routing is set up - external IP is in this example 89.122.215.236 please substitute with your real IP - local ampr address is 44.182.21.1, with a /24 local network, adjust as necessary - ampr tunneling interface is ampr0, rename if you like - my external netfork if is eth0, ip 89.122.215.236, use your proper one - default route of this machine is via 89.122.215.237 connected to eth0 - local ampr network is on eth1 1. add this to /etc/network/interfaces: # IPIP tunnel auto ampr0 iface ampr0 inet static address 44.182.21.1 netmask 255.0.0.0 pre-up ip tun add ampr0 mode ipip local 89.122.215.236 up ip route add default via 169.228.66.251 dev ampr0 onlink table default up ip rule add from 44.182.21.1 table default up ip rule add from 44.182.21.1 to 44.0.0.0/8 table main post-down ip tun del ampr0 2. bring up interface with "ifup ampr0" 3. create a script for starting the tunnel #accept ipencap traffic iptables -A INPUT -p 4 -j ACCEPT #to reduce traffic, drop neighbour discovery and smb on ampr0 iptables -A OUTPUT -o ampr0 -p udp --dport 10001 -j DROP iptables -A OUTPUT -o ampr0 -p udp --dport 137:139 -j DROP #drop all non-44net access if you like (I recommend this) #and accept 44net forwarding to local subnet iptables -A FORWARD -i ampr0 -p all ! -s 44.0.0.0/8 -j DROP #kill the rip44 daemon if allready running TST=`ps -A | grep rip44d` if [ "$TST" != "" ]; then killall -SIGKILL rip44d sleep 2 fi # This will take all ampr traffic via internet if not set up as a tunnel, including 44.0.0.1 ip route add 44.0.0.1 via 89.122.215.237 dev eth0 # start the rip44 daemon, excluding your local IP /etc/network/scripts/rip44d -i ampr0 -p pLaInTeXtpAsSwD -a 89.122.215.236 > /dev/null & 4. Run the script, wait about 10 min so that you get the routes from the 44net routing daemon 5. Check if the routes had been propagated, entering ip route. This should give you a long lists of 44.x.x.x routes (about 275) 6. try to ping some 44net hosts other than your own. e.g. 44.182.21.1 :-) 7. Set up your system so the startup script should be run automatically, e.g. call it in rc.local. This should do it. Please refine if you want. 73! Marius, YO2LOJ