22 Feb
2012
22 Feb
'12
12:53 a.m.
Does anyone have a step-by-step set of instructions for configuring a
Linux host as a tunnel subnet gateway for AMPRNet?
I'd like to have a proven list of all the commands that have to be
entered to set one up.
I think it would be very helpful and I don't have such a document in
my archives.
Thank you!
- Brian
(PS: this is the first message through the new mailing list setup;
if you encounter any difficulties please let me know.)
22 Feb
22 Feb
1:12 a.m.
First of all, I agree with your decision to use mailman. Some of the
best list software I've ever used, and I've done a good deal of digging
through the python. They even said they'd take my contributions to the
as-yet-unfinished Administration manual:
http://www.gnu.org/software/mailman/mailman-admin/
Second, I'd be happy to review and contribute patches to such a list of
step-by-step instructions. I can contribute what few pieces I've got
experience working with. My area of expertise includes bringing up L2
segments via OpenVPN and bridging them together with the Linux kernel's
bridging hooks and the userspace tool, brctl.
http://linux.die.net/man/8/brctl
I've had good luck using bridged OpenVPN tunnels regionally here in
Western Washington. I have also had good luck using routed OpenVPN
tunnels with peers as far away as Europe, Japan and Australia back when
I was working for MySQL, AB.
Let me know if I can help.
C.J.
On Tue, 2012-02-21 at 21:53 -0800, Brian Kantor wrote:
Does anyone have a step-by-step set of instructions
for configuring a
Linux host as a tunnel subnet gateway for AMPRNet?
I'd like to have a proven list of all the commands that have to be
entered to set one up.
I think it would be very helpful and I don't have such a document in
my archives.
Thank you!
- Brian
(PS: this is the first message through the new mailing list setup;
if you encounter any difficulties please let me know.)
_________________________________________
44Net mailing list
44Net(a)hamradio.ucsd.edu
http://hamradio.ucsd.edu/mailman/listinfo/44net
2:03 a.m.
Hello,
I post my working setup () with step by step instructions... Could be wrong
(but it works)
Prerequisites and assumptions:
- IPv4 network is working, usual routing is set up
- external IP is in this example 89.122.215.236 please substitute with your
real IP
- local ampr address is 44.182.21.1, with a /24 local network, adjust as
necessary
- ampr tunneling interface is ampr0, rename if you like
- my external netfork if is eth0, ip 89.122.215.236, use your proper one
- default route of this machine is via 89.122.215.237 connected to eth0
- local ampr network is on eth1
1. add this to /etc/network/interfaces:
# IPIP tunnel
auto ampr0
iface ampr0 inet static
address 44.182.21.1
netmask 255.0.0.0
pre-up ip tun add ampr0 mode ipip local 89.122.215.236
up ip route add default via 169.228.66.251 dev ampr0 onlink table default
up ip rule add from 44.182.21.1 table default
up ip rule add from 44.182.21.1 to 44.0.0.0/8 table main
post-down ip tun del ampr0
2. bring up interface with "ifup ampr0"
3. create a script for starting the tunnel
#accept ipencap traffic
iptables -A INPUT -p 4 -j ACCEPT
#to reduce traffic, drop neighbour discovery and smb on ampr0
iptables -A OUTPUT -o ampr0 -p udp --dport 10001 -j DROP
iptables -A OUTPUT -o ampr0 -p udp --dport 137:139 -j DROP
#drop all non-44net access if you like (I recommend this)
#and accept 44net forwarding to local subnet
iptables -A FORWARD -i ampr0 -p all ! -s 44.0.0.0/8 -j DROP
#kill the rip44 daemon if allready running
TST=`ps -A | grep rip44d`
if [ "$TST" != "" ]; then
killall -SIGKILL rip44d
sleep 2
fi
# This will take all ampr traffic via internet if not set up as a tunnel,
including 44.0.0.1
ip route add 44.0.0.1 via 89.122.215.237 dev eth0
# start the rip44 daemon, excluding your local IP
/etc/network/scripts/rip44d -i ampr0 -p pLaInTeXtpAsSwD -a 89.122.215.236 >
/dev/null &
4. Run the script, wait about 10 min so that you get the routes from the
44net routing daemon
5. Check if the routes had been propagated, entering ip route. This should
give you a long lists of 44.x.x.x routes (about 275)
6. try to ping some 44net hosts other than your own. e.g. 44.182.21.1 :-)
7. Set up your system so the startup script should be run automatically,
e.g. call it in rc.local.
This should do it. Please refine if you want.
73! Marius, YO2LOJ
2:55 a.m.
On Wed, 22 Feb 2012, Marius Petrescu wrote:
I post my working setup () with step by step
instructions... Could be wrong
(but it works)
That's pretty good, especially how it uses the standard
/etc/network/interfaces file for configuration. Marius, do you mind if I
convert that to Wiki format on http://wiki.ampr-gateways.org/ ? I'd make a
separate page for the /etc/network/interfaces config and tune the Rip44d
install guide a bit based on that.
Brian, the rip44d guide currently does contain all of the necessary bits
to get amprnet routing up, the only downside is that it does everything in
/etc/rc.local instead of a proper init script or /etc/network/interfaces
usage. /etc/network/interfaces configuration allows ifup/ifdown usage for
bringing the interface up or down.
http://wiki.ampr-gateways.org/index.php?title=Rip44d
- Hessu
3:11 a.m.
Marius, do you mind if I
convert that to Wiki format on http://wiki.ampr-gateways.org/ ? I'd make
a separate page for the /etc/network/interfaces config and tune the
Rip44d
install guide a bit based on that.
Hessu, please feel free to use it as you like. And such a page would be a
great enhancement since it takes some time to figure all out.
Marius, YO2LOJ
3:14 a.m.
On Wed, 2012-02-22 at 09:55 +0200, Heikki Hannikainen wrote:
On Wed, 22 Feb 2012, Marius Petrescu wrote:
Do keep in mind that /etc/network/interfaces is debian-centric and only
works on debian-derived systems. I am a debian guy, and this is what I
use, but I know there are Other Ways of doing things. IMHO, rip44d
should not assume /etc/network/interfaces is the One True Way until
redhat, suse and *bsd also adopt it.
bash + iproute2 is a pretty good bet on most modern linux-based distros
sh + ifconfig is pretty common across most linux, freebsd, OS X, solaris
and openbsd setups.
cmd + netsh might work on windows
I post my working setup () with step by step
instructions... Could be wrong
(but it works)
That's pretty good, especially how it uses the standard
/etc/network/interfaces file for configuration. Marius, do you mind if I
convert that to Wiki format on http://wiki.ampr-gateways.org/ ? I'd make a
separate page for the /etc/network/interfaces config and tune the Rip44d
install guide a bit based on that.
Brian, the rip44d guide currently does contain all of the necessary bits
to get amprnet routing up, the only downside is that it does everything in
/etc/rc.local instead of a proper init script or /etc/network/interfaces
usage. /etc/network/interfaces configuration allows ifup/ifdown usage for
bringing the interface up or down.
http://wiki.ampr-gateways.org/index.php?title=Rip44d
- Hessu 
4:31 a.m.
C.J. Adams-Collier KF7BMP wrote:
Do keep in mind that /etc/network/interfaces is
debian-centric and only works on debian-derived systems. I am a debian guy, and this is
what I use, but I know there are Other Ways of doing things.
This is what makes the original question "not so easy to answer", I'm
afraid.
There is no such thing as standard Linux, and thus there is no way to write an example
configuration that will work on all Linux systems.
Not only are the network config files different for every distribution and most every
version number, but also there have been several ways to do the tunneling over time, and
there is difference between systems regarding what is supported now.
Even for things like "ip rule" you may need to install an optional
"advanced routing" package, whose name of course differs between distributions.
It is hard to admit, but Linux is lacking in this area. The proponents of this
"diversity" usually call it advantageous and not a problem for them, but it
really is a hindrance when trying to write simple cookbooks for getting something done.
On my SUSE system I have written a /etc/init.d script that brings up the tunneling, I
think I have posted it on the list before, but it also won't work on other
distributions.
Rob
2:20 a.m.
Greetings Brian,
On Tue, 21 Feb 2012, Brian Kantor wrote:
Does anyone have a step-by-step set of instructions
for configuring a
Linux host as a tunnel subnet gateway for AMPRNet?
I'd like to have a proven list of all the commands that have to be
entered to set one up.
I think it would be very helpful and I don't have such a document in
my archives.
Here is the snippett from the /NOS/AUTOEXEC.NOS where it sets up the
TUN0 interface. Below that, I show the output of IFCONFIG and ROUTE on
the Linux box, for your reference.
In this example, 192.168.0.5 is the address of the Linux
ethernet card and 192.168.0.44 is the address of the JNOS application
running on Linux. BOTH address "appear" to exist on your LAN as if they
were two independent machines.
# --------------------------
# - TUN0 Configuration -
# --------------------------
# NOTE: Remember to turn on IPv4 Forwarding in the kernel !!!!
# echo 1 > /proc/sys/net/ipv4/ip_forward
#
attach tun tun0 1500 0
#
# Whenever any host on your ethernet sends an ARP asking "Who-Has
# 192.168.0.44", the ethernet in the Linux box will respond that it knows
# how to reach this address. This 'feature' negates the need to assign an
# Alias address to the Linux box's Eth0 interface (eth0:44), nor the need
# to put anything special in the Linux route table :)
#
ifconfig tun0 ipaddress 192.168.0.44
ifconfig tun0 netmask 255.255.255.0
ifconfig tun0 mtu 1500
ifconfig tun0 description "TUN0 to Ethernet"
#
shell ifconfig tun0 192.168.0.5 pointopoint 192.168.0.44 mtu 1500 up
#
# Shouldn't be any need to ARP on a Point-to-Point link
# so this has been commented out.
# Note: The MAC addr would be that of the Linux eth card
##shell arp -s 192.168.0.44 00:11:43:c4:b3:48 pub
#
echo ***** TUN0 Configuration Complete *****
pause 2
#
#
All done!
# ifconfig
eth0 Link encap:Ethernet HWaddr 00:11:43:c4:b3:48
inet addr:192.168.0.5 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::211:43ff:fec4:b348/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:60 errors:0 dropped:0 overruns:0 frame:0
TX packets:54 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:14669 (14.3 KB) TX bytes:7099 (6.9 KB)
Interrupt:16
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:192.168.0.5 P-t-P:192.168.0.44 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:7 errors:0 dropped:0 overruns:0 frame:0
TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:392 (392.0 B) TX bytes:526 (526.0 B)
# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.0.6 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 192.168.0.1 0.0.0.0 UG 100 0 0 eth0
On your gateway router remember to port forward (to 192.168.0.44)
Telnet, Finger, and any other 'services' you want to reach on your JNOS
application from the Internet. I do *not* recomend forwarding SMTP unless
you have a solid way to prevent spam from the public Internet getting out
onto your RF network.
If your JNOS application is running the ENCAP.TXT route table and uses
the 'encap' interface, DO NOT PORT FORWARD ANYTHING! Instead, define the
192.168.0.5 ip address of the JNOS application as your "DMZ Host" so that
ALL protocols (TCP, IPIP Protocol-4, and others) will be automatically
routed to the JNOS application where JNOS'es 'ip access' and 'tcp
access'
firewall rules will decide what gets through for processing/routing.
Hope this helps!
--- Jay Nugent WB8TKL
o Chair, ARRL Michigan Section "Digital Radio Group" (DRG)
[www.MI-DRG.org]
() ascii ribbon campaign in
/\ support of plain text e-mail
+------------------------------------------------------------------------+
| Jay Nugent jjn(a)nuge.com (734)484-5105 (734)649-0850/Cell |
| Nugent Telecommunications [www.nuge.com] |
| Internet Consulting/Linux SysAdmin/Engineering & Design/ISP Reseller |
| ISP Monitoring [www.ispmonitor.org] ISP & Modem Performance Monitoring |
| Web-Pegasus [www.webpegasus.com] Web Hosting/DNS Hosting/Shell Accts|
+------------------------------------------------------------------------+
02:01:01 up 170 days, 8:39, 3 users, load average: 0.07, 0.14, 0.06
4656
days inactive
4656
days old
7 comments
7 participants
participants (7)
-
Brian Kantor -
C.J. Adams-Collier KF7BMP -
Heikki Hannikainen -
Jay Nugent -
Marius Petrescu -
marius@yo2loj.ro
-
Rob Janssen