Well, the ipip router at UCSD will drop encap'd packets whose inner source is not on network 44, and those with BOTH inner source and destination addresses on network 44. - Brian
On Thu, Apr 20, 2017 at 06:51:49PM +0200, Marco Di Martino wrote:
It seems that my gateway is the bad one. I have one rule that redirects the traffic from INET addresses to 44.134.x.x addresses back again into the tunnel to the amprgw router. It's an old configuration and I did that to make reachable from Internet a 44net host. It should work only when a hostname in the Ampr.org DNS is associated to those 44net IP address. For sure there's something that I did wrong. Is this a supported routing configuration? Or am I abusing some policies? Later this night I will look into that. My idea is to implement some iptables rules (thanks for sharing) in order to block unwanted traffic.
Sorry for causing this mess! Regards, Marco iw2ohx