I am sorry about my multitude of questions but sometimes I can read things a million times and still not understand. Would I have to use either ampr-ripd http://wiki.ampr.org/wiki/Ampr-ripd, or rip44d http://wiki.ampr.org/wiki/Rip44d on the server to forward the traffic to my AMPRnet box? Would I have to use either ampr-ripd http://wiki.ampr.org/wiki/Ampr-ripd, or rip44d http://wiki.ampr.org/wiki/Rip44d to tell the server where to send the AMPRnet traffic cumming from the box.
Rip44 is not for forwarding. It is used to populate the routing table for the IPIP tunnel system. The forwarding is done by the kernel and is configured the usual way. I.e. forwarding is to be enabled in the kernel and the proper interfaces and subnets are added.
You would be setting up the AMPR IPIP tunneling on your brother's computer (first ask if he agrees with that) and you get a subnet from your coordinator, e.g. a /28 network, where your brother's computer gets an AMPRnet address and your own computer gets another address in the same subnet, you set your brother's computer as the default gateway, and all AMPRnet traffic is forwarded via your brother's computer that will tunnel it over the IPIP network.
The ampr-ripd running on your brother's computer will receive the AMPRnet RIP packets and maintain a routing table with about 400 routes, plus it has the locally attached AMPRnet subnet that was assigned to you. All AMPRnet traffic is forwarded between the IPIP tunnels and your local subnet.
Or can I use a "simple" tool such as BIRD Internet Routing Daemon http://bird.network.cz/ http://bird.network.cz/ (the first thing that came up when I searched for ipip routing deamons).
No. That software only handles standard protocols, and RIP44 isn't one. (well, it almost is, it is just RIPv2, but the handling of the information by the routing daemon is different)
An alternative when you do not want to do as much on your brother's computer and do have a Linux system yourself, is to just forward all IPIP traffic received by your brother's computer to your computer over the local network, and run ampr-ripd etc on your own computer.
Rob
"An alternative when you do not want to do as much on your brother's computer
and do have a Linux system yourself, is to just forward all IPIP traffic received by your brother's computer to your computer over the local network, and run ampr-ripd etc on your own computer. "
This is exactly what I want to do but I have no Idea how to do it. By "all IPIP traffic" do you mean _only_ the IP Protocol 4 Traffic or do you mean effectivly all IP traffic (I dont think that would be ok.)? I ask this because my brothers computer has several websites and a few other web services (IRC, SSH, FTP, Minecraft) running on it and everything that I do cannot interfere with them.
Further, what would the technical termanology be for " forwarding all IPIP traffic received by your brother's computer to your computer over the local network" ??
Thanks, Augustine On 3/24/2017 7:36 AM, Augustine Tabeling, W8AWT wrote:
(Please trim inclusions from previous messages) _______________________________________________
"An alternative when you do not want to do as much on your brother's computer
and do have a Linux system yourself, is to just forward all IPIP traffic received by your brother's computer to your computer over the local network, and run ampr-ripd etc on your own computer. "
This is exactly what I want to do but I have no Idea how to do it. By "all IPIP traffic" do you mean _only_ the IP Protocol 4 Traffic or do you mean effectivly all IP traffic (I dont think that would be ok.)? I ask this because my brothers computer has several websites and a few other web services (IRC, SSH, FTP, Minecraft) running on it and everything that I do cannot interfere with them.
Hello Augustine,
Further, what would the technical termanology be for " forwarding all IPIP traffic received by your brother's computer to your computer over the local network" ??
It would be called "forwarding" or "routing". Anyway, I was thinking about your problem last night and I have a question and a fifth option:
- WHY is your brother's computer on the DMZ segment? Is there a specific reason? If his computer is serving standard traffic like HTTP/HTTPS, DNS, SMTP, whatever, all of those things can be forwarded via your ISP provided router using a technology called "port forwarding. At this point, you could put YOUR computer on the DMZ segment and make things simpler. The only reason I can think of that your brother would want to keep his machine on the DMZ port is for some other specific GAMING reason. PC computer games that aren't NAT friendly are pretty rare these days but they still exist
If you rather keep your brother's computer on the DMZ port, I would recommend the final option at the end of Rob's email to keep things simple. A few things are going to be required per the Ubuntu HOWTO at http://wiki.ampr.org/wiki/Ubuntu_Linux_Gateway_Example :
- You'll ideally want a static IP from your ISP - it's not absolutely required and if you don't have one, you'll want to setup a DynamicDNS system on the router from your ISP. Setting that up is outside the scope of this AMPR list and will be specific to your particular ISP supported router
As for the actual IPENCAP forwarding on your brother's computer, it's mostly strait forward. To make your Internet searches more successful if you have initial questions, do a search for "iptables gre protocol forwarding". GRE is another IP protocol similar to IPIP but far more common and thus you'll get more hits. From that search list, you'll find posts like:
http://www.linuxquestions.org/questions/linux-networking-3/port-forward-gre-...
and more to the point
https://lists.debian.org/debian-firewall/2004/04/msg00103.html
In that second URL, you'll want to substitute protocol 47 for protocol 4.
--David KI6ZHD
Greetings Augustine,
On Fri, 24 Mar 2017, David Ranch wrote:
Further, what would the technical termanology be for " forwarding all IPIP traffic received by your brother's computer to your computer over the local network" ??
It would be called "forwarding" or "routing". Anyway, I was thinking about your problem last night and I have a question and a fifth option:
- WHY is your brother's computer on the DMZ segment? Is there a specific
reason? If his computer is serving standard traffic like HTTP/HTTPS, DNS, SMTP, whatever, all of those things can be forwarded via your ISP provided router using a technology called "port forwarding. At this point, you could put YOUR computer on the DMZ segment and make things simpler. The only reason I can think of that your brother would want to keep his machine on the DMZ port is for some other specific GAMING reason. PC computer games that aren't NAT friendly are pretty rare these days but they still exist
If you rather keep your brother's computer on the DMZ port, I would recommend the final option at the end of Rob's email to keep things simple. A few things are going to be required per the Ubuntu HOWTO at http://wiki.ampr.org/wiki/Ubuntu_Linux_Gateway_Example :
- You'll ideally want a static IP from your ISP - it's not absolutely
required and if you don't have one, you'll want to setup a DynamicDNS system on the router from your ISP. Setting that up is outside the scope of this AMPR list and will be specific to your particular ISP supported router
As for the actual IPENCAP forwarding on your brother's computer, it's mostly strait forward. To make your Internet searches more successful if you have initial questions, do a search for "iptables gre protocol forwarding". GRE is another IP protocol similar to IPIP but far more common and thus you'll get more hits. From that search list, you'll find posts like:
http://www.linuxquestions.org/questions/linux-networking-3/port-forward-gre-...
and more to the pointhttps://lists.debian.org/debian-firewall/2004/04/msg00103.html
In that second URL, you'll want to substitute protocol 47 for protocol 4.
--David KI6ZHD
o Are you just trying to reach the worldwide AMRnet? o Do you have an antenna in the air and radio on 144.93 MHz? o Do you have an AMPRnet IP address assigned to you from the 44.102.1/24 subnet for Washtenaw county?
--- If so, then why not just set the JNOS default route (44/8) via your RF port to 44.102.1.1 (Hamgate.Washtenaw.AMPR.org). Then ALL 44 traffic will flow to and from you via the county Hamgate.
--- Otherwise, you have to request an entry be placed in the worldwide IPENCAP route table and *everyone* you ever wish to communicate with will *HAVE* to load that new table into their boxes in order to have a route back to you. For just ONE home station, that kinda sucks!
You are just a few miles from me, and you should be part of the Washtenaw subnet. Nope, just checked and you never aquired an IP address from the Michigan IP Coordinator (assuming w8awt.ampr.org) or you used something other than your callsign as your Hostname.
--- Jay WB8TKL
On Fri, Mar 24, 2017 at 12:06 PM, Jay Nugent jjn@nuge.com wrote:
o Are you just trying to reach the worldwide AMRnet? o Do you have an antenna in the air and radio on 144.93 MHz? o Do you have an AMPRnet IP address assigned to you from the 44.102.1/24 subnet for Washtenaw county?
--- If so, then why not just set the JNOS default route (44/8) via your RF port to 44.102.1.1 (Hamgate.Washtenaw.AMPR.org). Then ALL 44 traffic will flow to and from you via the county Hamgate.
This would have some disappointing side effects. I'm guessing 144.93 MHz supports rather low speed data transfer. If you were to load http://hamwan.org/, which resolves to 44.24.241.98 and 2604:5000:20:1000:20c:29ff:fe55:1ef0, a static 44/8 route would force that web traffic over the slow 144.98 MHz RF port.
Instead, a more specific route on the RF port, such as 44.102.1.0/24, would be a better way to handle it. That would request local resources via the RF port and other resources (like hamwan.org) via the default gateway.
Tom KD7LXL
-
Augustine Tabeling, W8AWT -
David Ranch -
Jay Nugent -
Rob Janssen -
Tom Hayward