25 Sep
2019
25 Sep
'19
1:55 p.m.
Hi,
I joined to ampr network recently, set up IPIP tunnel on Cisco router and directly
connected Raspberry Pi 3 (44.165.1.50/28) to one of its interfaces (44.165.1.49). It works
great, I can ping and connect to and from this Pi device from outside.
The problem is that I cannot ping this Cisco's 44.165.1.49/28 interface from outside.
It should work as 44 packet leaves a tunnel, finds this internal interface and should get
back to tunnel. I have PBR route who directs all packets from this interface directly to
tunell.
Each host has a valid 44 DNS address.
Interfaces:
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0 91.199.89.253 YES NVRAM up up
FastEthernet2/0 44.165.1.49 YES manual up up
Tunnel0 unassigned YES unset up up
Routing table:
44.0.0.0/8 is variably subnetted, 244 subnets, 12 masks
C 44.165.1.48/28 is directly connected, FastEthernet2/0
L 44.165.1.49/32 is directly connected, FastEthernet2/0
Config:
interface Tunnel0
no ip address
tunnel source GigabitEthernet0/0
tunnel mode ipip
tunnel destination 169.228.34.84
route-map AMPR-ROUTE permit 10
match ip address 11
set default interface Tunnel0
access-list 11 permit 44.165.1.48 0.0.0.15
ARP:
Protocol Address Age (min) Hardware Addr Type Interface
Internet 44.165.1.49 - 001e.f7af.4cd9 ARPA FastEthernet2/0
Internet 44.165.1.50 27 b827.eb7e.840a ARPA FastEthernet2/0
Any ideas?
Regards,
Tomek
25 Sep
25 Sep
2:23 p.m.
Are you running rip to tell the amprgw of your prefix?
On Wed, Sep 25, 2019 at 2:14 PM hf8n via 44Net <44net(a)mailman.ampr.org>
wrote:
Hi,
I joined to ampr network recently, set up IPIP tunnel on Cisco router and
directly connected Raspberry Pi 3 (44.165.1.50/28) to one of its
interfaces (44.165.1.49). It works great, I can ping and connect to and
from this Pi device from outside.
The problem is that I cannot ping this Cisco's 44.165.1.49/28 interface
from outside. It should work as 44 packet leaves a tunnel, finds this
internal interface and should get back to tunnel. I have PBR route who
directs all packets from this interface directly to tunell.
Each host has a valid 44 DNS address.
Interfaces:
Interface IP-Address OK? Method Status
Protocol
GigabitEthernet0/0 91.199.89.253 YES NVRAM up
up
FastEthernet2/0 44.165.1.49 YES manual up
up
Tunnel0 unassigned YES unset up
up
Routing table:
44.0.0.0/8 is variably subnetted, 244 subnets, 12 masks
C 44.165.1.48/28 is directly connected, FastEthernet2/0
L 44.165.1.49/32 is directly connected, FastEthernet2/0
Config:
interface Tunnel0
no ip address
tunnel source GigabitEthernet0/0
tunnel mode ipip
tunnel destination 169.228.34.84
route-map AMPR-ROUTE permit 10
match ip address 11
set default interface Tunnel0
access-list 11 permit 44.165.1.48 0.0.0.15
ARP:
Protocol Address Age (min) Hardware Addr Type Interface
Internet 44.165.1.49 - 001e.f7af.4cd9 ARPA
FastEthernet2/0
Internet 44.165.1.50 27 b827.eb7e.840a ARPA
FastEthernet2/0
Any ideas?
Regards,
Tomek
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
2:31 p.m.
On Wed, Sep 25, 2019 at 02:23:06PM +0100, Alistair Mackenzie via 44Net wrote:
Are you running rip to tell the amprgw of your prefix?
Amprgw doesn't listen for RIP. All its routing information comes
from the encap file published by the portal, which contains the route
44.165.1.48/28 via 91.199.89.253
However, only the addresses 44.165.1.49 and 44.165.1.50 are entered
in the DNS, so only they will be pingable from outside 44net. Any
other address on that subnet will not due to /32-level filtering on
amprgw. If it is desired to be able to ping 44.165.1.48, for example,
there must be an entry in the DNS for it to enable the ingress filter.
- Brian
3:10 p.m.
It seems PBR doesn't apply by default to locally generated traffic. Have
you tried to use "ip local policy route-map AMPR-ROUTE"
If this doesn't help could you give device model and software release for
others trying to help.
Regards,
Scott
On Wed, Sep 25, 2019, 9:15 AM hf8n via 44Net <44net(a)mailman.ampr.org> wrote:
Hi,
I joined to ampr network recently, set up IPIP tunnel on Cisco router and
directly connected Raspberry Pi 3 (44.165.1.50/28) to one of its
interfaces (44.165.1.49). It works great, I can ping and connect to and
from this Pi device from outside.
The problem is that I cannot ping this Cisco's 44.165.1.49/28 interface
from outside. It should work as 44 packet leaves a tunnel, finds this
internal interface and should get back to tunnel. I have PBR route who
directs all packets from this interface directly to tunell.
Each host has a valid 44 DNS address.
Interfaces:
Interface IP-Address OK? Method Status
Protocol
GigabitEthernet0/0 91.199.89.253 YES NVRAM up
up
FastEthernet2/0 44.165.1.49 YES manual up
up
Tunnel0 unassigned YES unset up
up
Routing table:
44.0.0.0/8 is variably subnetted, 244 subnets, 12 masks
C 44.165.1.48/28 is directly connected, FastEthernet2/0
L 44.165.1.49/32 is directly connected, FastEthernet2/0
Config:
interface Tunnel0
no ip address
tunnel source GigabitEthernet0/0
tunnel mode ipip
tunnel destination 169.228.34.84
route-map AMPR-ROUTE permit 10
match ip address 11
set default interface Tunnel0
access-list 11 permit 44.165.1.48 0.0.0.15
ARP:
Protocol Address Age (min) Hardware Addr Type Interface
Internet 44.165.1.49 - 001e.f7af.4cd9 ARPA
FastEthernet2/0
Internet 44.165.1.50 27 b827.eb7e.840a ARPA
FastEthernet2/0
Any ideas?
Regards,
Tomek
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
1684
days inactive
1684
days old
3 comments
4 participants
participants (4)
-
Alistair Mackenzie -
Brian Kantor -
HF8N@winlink.org -
Scott Nicholas