Craig,
I can run TCPDUMP on the firewall at the Unix command prompt which means that I am seeing raw packets BEFORE the firewall rules are applied. Again, no traffic at all from the 44 net side of the world.
Yes, but are you CERTAIN that you run tcpdump *before* your Kernel process a tunneled packet?!?
The bigger point I'm making here is that I ran TCPDUMP at the OS level which would show the packets before the firewall rules are applied.
Not necessarily, which is why I suggested disconnecting the router. You seem to have implemented IPENCAP tunnel (probably a working of kmod-ipip for Juniper), and we can't be quite certain of how that operates (unless we have a Juniper OS Development Engineer available).
From encap.txt:
'route addprivate 44.44.7.16/29 encap 96.86.86.53'
I'll ping/trace 44.44.7.17 and see where that takes us, you should see me at the border at the cable modem PHY, if they are not blocked thru the ISP.
Also, how did you implement RIP44 (not the same as RIPv2) into Juniper?
73,
- Lynwood KB3VWG