All,
I have implemented the dynamic IPENCAP firewall script in OpenWRT; and it works!
I had to either:
- bootstrap AMPRGW's IPENCAP firewall rule (causing the router to receive AMPRGW's first route statement, causing execution of load_ipipfilter.sh) by ampr-ripd; or
- create symbolic links for the OpenWRT OS to save encap.txt into a persistent location /etc/config (and bootstrap by creating an empty encap.txt file there), then run load_ipipfilter.sh from Startup. In addition, it would of course load all other routes/firewall rules.
- Lastly, I had to discover why, after having ran the script, I was unable to add the IPENCAP firewall rule to the ipipfilter CHAIN via Custom Firewall Rules. I just explicitly created the CHAIN by adding this rule before:
iptables -N ipipfilter
I managed to make symbolic links for encap.txt, and save it to persistent storage at /etc/config/encap.txt
I opted for the symbolic link method, as this solved another issue of not being able to load routes on startup using OpenWRT devices (due to /var/lib/ampr-ripd not being a persistent storage location in that OS.
The information has been added to the OpenWRT and ipencap wikis.
73
- Lynwood KB3VWG
On 10/12/2016 03:00 PM, Rob wrote:
I have posted it before on this mailinglist: http://hamradio.ucsd.edu/mailman/private/44net/2014-November/003577.html