23 Apr
2017
23 Apr
'17
11:38 a.m.
What I forgot to mention though - is that my firewall rules and instructions on the Wiki do not currently permit this for security and zoning reasons.
My understanding from the route table, that I would reach:
- BGPed IPs - and IPENCAPed subnets on BGPed 44 addresses
over my WAN interface.
I believe the following allow rule would be necessary:
iptables -I FORWARD -s <AMPRLAN> -d 44.0.0.0/8 -o eth0 -j ACCEPT
Those needing to block such access should make a similar rule to DROP. This still won't allow the BGP subnet to reach the 44 directly without a tunnel...but henc using the Public IP and going out the WAN...and we've discussed that in the past.
- Lynwood
PS: someone mentioned they cant reach me on aol.com, use gmail.