Hi All,
I am new to 44net and I am trying to create a gateway into it. but I am running into problems. My brother runs a Ubuntu server on our LAN and has the router DMZ'd to it. I would like to create a gateway to 44net on the LAN but not on his server. Would it be possible to set up 44net access on the LAN and working with but not on his server. if possible I would like to start by using a Ubuntu Server Virtual Machine and later move to a Linksys wifi router If I get it working well. I am new to networking and learning slowly. My brother is willing to work with me if I tell him what I need him to do but wont put a lot of energy into figuring out how to make it work.
73!, Augustine, W8AWT
is it possible to do ampr-ripd or something similar without getting DMZ to the linux box running it?
~Augustine, W8AWT
On 3/23/2017 3:12 PM, Augustine Tabeling, W8AWT wrote:
(Please trim inclusions from previous messages) _______________________________________________ Hi All,
I am new to 44net and I am trying to create a gateway into it. but I am running into problems. My brother runs a Ubuntu server on our LAN and has the router DMZ'd to it. I would like to create a gateway to 44net on the LAN but not on his server. Would it be possible to set up 44net access on the LAN and working with but not on his server. if possible I would like to start by using a Ubuntu Server Virtual Machine and later move to a Linksys wifi router If I get it working well. I am new to networking and learning slowly. My brother is willing to work with me if I tell him what I need him to do but wont put a lot of energy into figuring out how to make it work.
73!, Augustine, W8AWT
44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
Most consumer grade "routers" and their DMZ feature will only support a single IP address. As such, only ONE computer will be able to receive the IPIP packets. As such, I see that you have a few options:
1. Use a VPN to tunnel IPIP traffic into your system (no DMZ access needed; possibly no port forwards required either). Can be an SSL-VPN, IPSEC VPN, etc. Search the archives here in this list to see who's offering such services for free or options with commercial providers
2. You don't mention what kind of computer your brother is running but if it can enable routing on it, you should able to configure his machine to accept and FORWARD the IPIP packets to your machine. This obviously will mean that his machine will need to be turned on and working when you want to use the AMPR network
3. Replace your router with a device that supports more advanced routing. This could be anything from a home brewed Linux/Free/OpenBSD computer with a few network ports, a Microtik router, RouterBoard computer, a Cisco/Juniper/etc commercial router, etc. You'll find lots of users on this AMPR list doing things this way with a variety of devices.
4 .don't use IPIP for your connection to the AMPR system. Instead use AXUDP to develop communications to remote stations. This will require port forwards on your router to work. It should be noted that not all stations support AXUDP as a forwarding mechanism so you will be limiting your access to the AMPR system
There might be other options out there that people can comment on here too!
--David KI6ZHD
Hi David,
Thanks for your prompt response.
Option two looks hopeful. The DMZ`ed computer is an always-on server that is serving content to the internet. Would it be possible to only route the IPIP packets while leaving everything else for the server? How could that be done?
73!, Augustine, W8AWT On 3/23/2017 4:03 PM, David Ranch wrote:
(Please trim inclusions from previous messages) _______________________________________________
Most consumer grade "routers" and their DMZ feature will only support a single IP address. As such, only ONE computer will be able to receive the IPIP packets. As such, I see that you have a few options:
- Use a VPN to tunnel IPIP traffic into your system (no DMZ access
needed; possibly no port forwards required either). Can be an SSL-VPN, IPSEC VPN, etc. Search the archives here in this list to see who's offering such services for free or options with commercial providers
- You don't mention what kind of computer your brother is running
but if it can enable routing on it, you should able to configure his machine to accept and FORWARD the IPIP packets to your machine. This obviously will mean that his machine will need to be turned on and working when you want to use the AMPR network
- Replace your router with a device that supports more advanced
routing. This could be anything from a home brewed Linux/Free/OpenBSD computer with a few network ports, a Microtik router, RouterBoard computer, a Cisco/Juniper/etc commercial router, etc. You'll find lots of users on this AMPR list doing things this way with a variety of devices.
4 .don't use IPIP for your connection to the AMPR system. Instead use AXUDP to develop communications to remote stations. This will require port forwards on your router to work. It should be noted that not all stations support AXUDP as a forwarding mechanism so you will be limiting your access to the AMPR system
There might be other options out there that people can comment on here too!
--David KI6ZHD
Hello Augustine,
Option two looks hopeful. The DMZ`ed computer is an always-on server that is serving content to the internet. Would it be possible to only route the IPIP packets while leaving everything else for the server? How could that be done?
Yes, that's completely possible as that's what proper routers "do". The key points / issues will be:
- What OS is running on your brother's computer? I believe any Linux, Free/Open/NetBSD will work fine - You will need to setup a proper firewall on your brother's computer to allow the good, block the bad traffic - You will need to enable forwarding of protocol 4 traffic (that's the IPIP protocol which is different than say TCP or UDP) to your AMPR computer
Much of all of this is covered on the AMPR Wiki, etc - http://wiki.ampr.org/wiki/Main_Page (scroll down on the front page) to see various OS-specific documents. Also search the Ampr email archives at http://hamradio.ucsd.edu/mailman/listinfo/44net . The Mailman system doesn't offer decent searching functions and some of the previous popular email search engines like gmane.org are gone. Hopefully you can find another search system which will work for you.
--David KI6ZHD
The computer is running the latest version of Ubuntu Server. As far as I know he has already set up a firewall. How can I set up forwarding of IPIP Protocol 4 traffic on Ubuntu Server?
~Augustine, W8AWT On 3/23/2017 6:37 PM, David Ranch wrote:
(Please trim inclusions from previous messages) _______________________________________________
Hello Augustine,
Yes, that's completely possible as that's what proper routers "do". The key points / issues will be:
- What OS is running on your brother's computer? I believe any
Linux, Free/Open/NetBSD will work fine
- You will need to setup a proper firewall on your brother's
computer to allow the good, block the bad traffic
- You will need to enable forwarding of protocol 4 traffic (that's
the IPIP protocol which is different than say TCP or UDP) to your AMPR computer
--David KI6ZHD
Please read the specific article for Ubuntu on the Ampr WIki:
http://wiki.ampr.org/wiki/Setting_up_a_gateway_on_Linux
You need to read these docs and other links, do first and say second level question research via Google, and use this list when you get completely stuck.
--David KI6ZHD
I am sorry about my multitude of questions but sometimes I can read things a million times and still not understand. Would I have to use either ampr-ripd http://wiki.ampr.org/wiki/Ampr-ripd, or rip44d http://wiki.ampr.org/wiki/Rip44d on the server to forward the traffic to my AMPRnet box? Would I have to use either ampr-ripd http://wiki.ampr.org/wiki/Ampr-ripd, or rip44d http://wiki.ampr.org/wiki/Rip44d to tell the server where to send the AMPRnet traffic cumming from the box.
Or can I use a "simple" tool such as BIRD Internet Routing Daemon http://bird.network.cz/ (the first thing that came up when I searched for ipip routing deamons).
73, Augustine, W8AWT
On 3/23/2017 7:37 PM, David Ranch wrote:
(Please trim inclusions from previous messages) _______________________________________________
Please read the specific article for Ubuntu on the Ampr WIki:
http://wiki.ampr.org/wiki/Setting_up_a_gateway_on_Linux
You need to read these docs and other links, do first and say second level question research via Google, and use this list when you get completely stuck.
--David KI6ZHD
-
Augustine Tabeling -
Augustine Tabeling, W8AWT
-
David Ranch