Hey y'all! I wanna set up a DHCP server on my gateway to hand my 44.x.x.x IPs to my various ham radio devices and provide them with internet access, as well as direct access to the outside world, allowing them to be accessed remotely via the 44.x.x.x IPs, is this possible?
On Sun, Jan 8, 2023 at 4:14 AM kj7omo--- via 44net 44net@mailman.ampr.org wrote:
Hey y'all! I wanna set up a DHCP server on my gateway to hand my 44.x.x.x IPs to my various ham radio devices and provide them with internet access, as well as direct access to the outside world, allowing them to be accessed remotely via the 44.x.x.x IPs, is this possible?
I don't see why you can't use a DHCP server locally, but there's a caveat in that, for the gateway at 44.0.0.1 to pass traffic, your addresses must have A (name) records in the ampr.org DNS domain. This implies that the addresses handed out by DHCP are going to be relatively static (unless, I guess, you register a bunch of names in DNS in advance).
BUT, if all you want is a central place to configure address information, then most DHCP servers can be configured to hand out static addresses to specific devices identified by MAC addresses.
- Dan C. (KZ2X)
Copy that. I went ahead and got one setup and it actually works, all devices are making use of the 44net IPs and they all have direct internet access for inbound and outbound traffic, but I ran into a problem... The second I issue the "ufw enable" commend to bring up my firewall, everything stops working, no more traffic flowing in either direction. What can I do to fix this? I'm not great at Linux networking, I'm still learning it.
On Sun, Jan 8, 2023, 6:27 AM Dan Cross crossd@gmail.com wrote:
On Sun, Jan 8, 2023 at 4:14 AM kj7omo--- via 44net 44net@mailman.ampr.org wrote:
Hey y'all! I wanna set up a DHCP server on my gateway to hand my
44.x.x.x IPs to my various ham radio devices and provide them with internet access, as well as direct access to the outside world, allowing them to be accessed remotely via the 44.x.x.x IPs, is this possible?
I don't see why you can't use a DHCP server locally, but there's a caveat in that, for the gateway at 44.0.0.1 to pass traffic, your addresses must have A (name) records in the ampr.org DNS domain. This implies that the addresses handed out by DHCP are going to be relatively static (unless, I guess, you register a bunch of names in DNS in advance).
BUT, if all you want is a central place to configure address information, then most DHCP servers can be configured to hand out static addresses to specific devices identified by MAC addresses.
- Dan C. (KZ2X)
It seems that you did something wrong in ufw, but generally you are much better off running shorewall as firewall as it is so much easier to configure.
Bob
On 2023-01-08 14:37, Kimberly Chase via 44net wrote:
Copy that. I went ahead and got one setup and it actually works, all devices are making use of the 44net IPs and they all have direct internet access for inbound and outbound traffic, but I ran into a problem... The second I issue the "ufw enable" commend to bring up my firewall, everything stops working, no more traffic flowing in either direction. What can I do to fix this? I'm not great at Linux networking, I'm still learning it.
On Sun, Jan 8, 2023, 6:27 AM Dan Cross crossd@gmail.com wrote:
On Sun, Jan 8, 2023 at 4:14 AM kj7omo--- via 44net <44net@mailman.ampr.org> wrote: > Hey y'all! I wanna set up a DHCP server on my gateway to hand my 44.x.x.x IPs to my various ham radio devices and provide them with internet access, as well as direct access to the outside world, allowing them to be accessed remotely via the 44.x.x.x IPs, is this possible? I don't see why you can't use a DHCP server locally, but there's a caveat in that, for the gateway at 44.0.0.1 to pass traffic, your addresses must have A (name) records in the ampr.org <http://ampr.org> DNS domain. This implies that the addresses handed out by DHCP are going to be relatively static (unless, I guess, you register a bunch of names in DNS in advance). BUT, if all you want is a central place to configure address information, then most DHCP servers can be configured to hand out static addresses to specific devices identified by MAC addresses. - Dan C. (KZ2X)
44net mailing list --44net@mailman.ampr.org To unsubscribe send an email to44net-leave@mailman.ampr.org
That certainly works without problems if you don't have as a requirement the use of a 44 src address on the public internet (and the BGP announces subnets if there is no need to preserve the 44 address).
For this, on you gateway you need to set up the IPIP tunnels as usual EXCEPT adding a default route via the gw and do NAT on you WAN (the usual setup). Use your 44 subnet as the DHCP pool.
IPIP connected networks will be reachable via the tunnels using the 44 addresses, incoming connections from the tunnels are also possible, and all non-ampr traffic will go via the default WAN using its public IP.
If you need access from the public internet to your local 44's, you need to register the specific devices in the ampr DNS and set up some policy routing to return the traffic coming via the GW back to the GW by marking the connections and routing them back. This is done depending on what gateway you use.
E.g. on Linux you can use a separate routing tables, say 44 for ampr and 45 for internet replies (interface in the example is called tun44, $MY_IP is your gw IP an is detected by the script), to achieve this. Make sure your firewall rules allow forwarding between the tunnel interface and the ones you want to be accessible from the tunnels and the internet...
#!/bin/sh
MY_IP=`ip addr list dev tun44 | grep -w "inet" | awk '{print $2}'`
# wait for tunnel interface while [ "$MY_IP" == "" ]; do sleep 1 MY_IP=`ip addr list dev tun44 | grep -w "inet" | awk '{print $2}'` done
# AMPR routes go to table 44 # ip rule add from $MY_IP table 44 ip rule add to 44.0.0.0/9 table 44 ip rule add to 44.128.0.0/10 table 44
# default AMPR routes for BGP announced hosts - comment to access directly via GW IP # ip route add 44.0.0.0/9 via 169.228.34.84 dev tun44 onlink ip route add 44.128.0.0/10 via 169.228.34.84 dev tun44 onlink
# default AMPR reply route is in table 45 # ip route add default via 169.228.34.84 dev tun44 table 45 onlink
# mark incoming and route replies via table 45 # ip rule add fwmark 45 table 45 iptables -t mangle -A PREROUTING -i tun44 -s 44.0.0.0/9 -j RETURN iptables -t mangle -A PREROUTING -i tun44 -s 44.128.0.0/10 -j RETURN iptables -t mangle -A PREROUTING -i tun44 -j CONNMARK --set-mark 45 iptables -t mangle -A PREROUTING ! -i tun44 -m connmark --mark 45 -j CONNMARK --restore-mark iptables -t mangle -A OUTPUT -m connmark --mark 45 -j CONNMARK --restore-mark
# start ampr-ripd (add your -a parameter if needed) ampr-ripd -s -t 44 -i tun44 -m 90
Marius, YO2LOJ
On 08/01/2023 11:14, kj7omo--- via 44net wrote:
Hey y'all! I wanna set up a DHCP server on my gateway to hand my 44.x.x.x IPs to my various ham radio devices and provide them with internet access, as well as direct access to the outside world, allowing them to be accessed remotely via the 44.x.x.x IPs, is this possible? _______________________________________________ 44net mailing list -- 44net@mailman.ampr.org To unsubscribe send an email to 44net-leave@mailman.ampr.org
-
Boudewijn (Bob) Tenty -
Dan Cross -
Kimberly Chase -
kj7omo@gmail.com
-
Marius Petrescu