I'm also using a standard Ubuntu Linux Server 11.10 using rip44d and a Web Application providing a GUI named Webmin. This is a quick overview on setup. This setup can be done with telent and SSH; for simplicity of those who know the command line syntax, I will omit the necessaries. 1.) - with IP forwarding (Routing) enabled in /etc/sysctl.conf # Uncomment the next line to enable packet forwarding for IPv4 net.ipv4.ip_forward=1 2.) - I installed webmin (a Web GUI application for servers) package to better enable on the fly IPtables Firewall configurations, NAT, masquerade, etc. (these configurations allowed me to have this server as router for my 44.60.44/24 subnet over AMPR, while having the ability to also have a private 192.168/24 subnet that uses my standard non-tunneled gateway IP address from my ISP. PE1CHL recommended table-based policy routing; it configures any 44/8 address to use a routing tabled named "44," all other traffic is routed on main. If you setup this router to use NAT or Masquerade for a private network using your ISP's gateway, there will also be entries in the "nat" table. An edit to the rip44d script is necessary to place the 44/8 routes into a routing table named "table 44." 3.) - eth0 was configured at setup as the device connected to the Gateway address. 4.) - In this example, eth1 is the Ethernet interface that will be used as you LAN side providing your 44 Addresses (in this example 44.128.0.0/24) of the router connection (if you do not have access to another NIC, you may also want to set this up virtually to the address on your LAN if this is not the routing device for your physical network). Interface tunl0 is the default Linux IPIP encapsulation tunnel. The example/testing subnet 44.128.0.0/24 will be the subnet assigned to the gateway on tunl0 and eth1 used here. 5.) - with the help of Brian and PE1CHL, I then created a script named /usr/local/sbin/startampr to run on boot (it can be setup to run at boot in the webmin GUI under "Bootup and Shutdown" ### Enables AMPR IPIP Tunnel Interface modprobe ipip ip addr add 44.128.0.2/24 dev tunl0 # gives tunnel its own TTL enabling traceroute over tunnel ip tunnel change ttl 64 mode ipip tunl0 ip link set dev tunl0 up ### Creates AMPR Default Routes on main Route Table #route to 44.128.0.0/24 on main route table ip rule add to 44.128.0.0/24 table main priority 1 ### Specifies Routes to and from 44/8 are entered on Route Table 44 ip rule add from 44.0.0.0/8 table 44 priority 44 ip rule add to 44.0.0.0/8 table 44 priority 45 ### Creates Default Route to the AMPRGW and the ### Internet At-large, on the 44 Router ## Per PE1CHL: 'This is "required" to get routing of the net-44 traffic correct ## and have a default route for the tunneled traffic different from the default ## route of the system. It may be possible to get it working without this, ## but policy based routing is so much easier' # AMPRGW connects via eth0 ip route add 169.228.66.251 dev eth0 table 44 # Connection to 0/0 by 44/8 Hosts on AMPRGW, commenting disables Internet Access for your 44 subnet ip route add default dev tunl0 via 169.228.66.251 onlink table 44 ### this can be omitted if your device will not provide separate local traffic - KB3VWG - This adds a route to the local subnet on the 44 route table ip route add 192.168.0.0/24 dev eth0 table 44 ### Begins the rip44d Router ./usr/local/sbin/rip44d_table44 -a <my public gateway IP> -p <the password> < /dev/null & 6.) Table rip44d_table44 is a script editing the rip44d file to place the AMPR routing table into "Table 44": Line 201 - $cmd = "LANG=C $routebin route add $rkey via $nexthop dev $tunnel_if window $tcp_window onlink"; + $cmd = "LANG=C $routebin route add $rkey via $nexthop dev $tunnel_if window $tcp_window onlink table 44"; 7.) The routers 'main' Firewall Accept If state of connection is ESTABLISHED Accept If state of connection is RELATED * Accept If protocol is ICMP and ICMP type is echo-request * Accept If protocol is UDP and destination port is 33434:33534 + Accept If protocol is TCP and destination port is 10000 + Accept If protocol is UDP and source is 44.0.0.1 and input interface is tunl0 and source and destination ports are 520 + Accept If protocol is TCP and destination destination port is 22 (if you have other services on your Router machine, you would accept their IP's, source, destinations, etc. here) + - enables: webmin, rip44d and SSH respectively, you may further restrict this access to SSH or Webmin configuration by specifying allowed hosts, subnets, etc. 8.) IP Forwarding [the Router's] Firewall Accept If state of connection is ESTABLISHED Accept If state of connection is RELATED * Accept If protocol is ICMP and ICMP type is echo-request * Accept If protocol is UDP and destination port is 33434:33534 Accept If source is 44.128.0.0/24 Accept If source is 192.168.0.0/24 (if you have services on devices inside your subnet, you would accept their destination IP's ports, source, destination ports, etc.) 9.) Network Address Translation Firewall (only needed if routing traffic from a private network [eg 192.168.0.0/24] not carrying 44 Traffic) Accept If source is 192.168.0.0/24 and destination is 44.128.0.0/24 Masquerade If source is 192.168.0.0/24 and destination is 0.0.0.0/0 Accept If source is 44.128.0.0/24 Accept If destination is 44.128.0.0/24 10.) as you create AX.25 interfaces, etc, ensure you enable those protocols, etc in the firewalls. NOTE: Accepting echo-request and protocol is UDP ports 33434-33534 enable Unix and windows based ping and traceroutes from the Internet, you can also place further restrictions on those rules. 11.) Typing the command # ip route list table 44 default via 169.228.66.251 dev tunl0 onlink <between here should be many lines of 44.x.x.x direct IPIP Encapsulated routes that are populated by rip44d from 44.0.0.1 over the tunnel (e.g. '44.x.x.x/x via x.x.x.x dev tunl0 onlink window 840')> 169.228.66.251 dev eth0 scope link 192.168.0.0/24 dev eth0 scope link ~73, KB3VWG