Hello friends, After a hard weekend installing 2 JNOS machines to serve each a middle split 44.152.0.0./16 The 44.152.128.1 working the second part of the subnet (yv5sat.ampr.org) 44.152.128.0/17 in this first time the second subnet that cover all cities out of Capital District in YV. The other first split 44.152.0.0/17 Capital District with yv5kxe.ampr.org 44.152.0.60, this machine now with ubuntu desktop (3 formats this weekend) to reach the cause of the problem with RIP and encap tunnels. Thanks to Tom SL2LOB and Pedro LU7ABF, that help me to test and find the solution of why dont work the ampr tunnels in my system. Yet the RIP dont work but may find a solution, the mayor problem is the impossibility to SYN encap packets datagrams trougth Internet, think first the Ubuntu, then the JNOS, or any ISP ADSL filter, and last find the problem in the Tp-Link firewall TL-R480T that dont want pass any encapsulated datagram, I check all parameters but dont is possible, change to other D-link with DD-WRT v24-sp2 and work perfect. Meanwhile I find other firewall to change the TL-R480T TPLINK the first 44.152 split subnet is down, only with comercial IP yv5kxe.org. Thanks for your attention. 73 de Gabriel YV5KXE. YV Local AmprNet Coordinator ---------- From: Gabriel Medinas <gmedinas(a)gmail.com> Date: 2014/1/18 Subject: Help with 44.152 subnet To: 44net(a)hamradio.ucsd.edu Hello fellows hams. We want restart again here the 44.152 subnet from Venezuela amprnet. In this first step mount the first gateway with 44.152.0.0./17 network, this is a Ubuntu 12.04 server machine in a dinamic IP service. Now for resume, think i miss something: Internet IP-->TpLink TL-R480T firewall->UbuntuServer12.04->JNOS2.0j Internet IP (dinamic from ISP)->Tplink LAN 192.168.1.2->Ubuntu Server eth0 192.168.1.109->JNOS IP 44.152.0.60, tun0 192.168.1.110 in JNOS autoexec.nos: attach tun tun0 1500 0 ifconfig tun0 ipaddress 192.168.1.110 ifconfig tun0 netmask 255.255.255.0 ifconfig tun0 mtu 1500 # shell ifconfig tun0 192.168.1.109 pointopoint 192.168.1.110 mtu 1500 up shell arp -s 192.168.1.110 00:19:DB:4A:CE:2A pub shell arp -s 44.152.0.60 00:19:DB:4A:CE:2A pub shell route add 44.152.0.60 gw 192.168.1.110 tun0 # shell arp -sD 192.168.1.110 eth0 pub # shell iptables -I INPUT 1 -j ACCEPT --proto 4 shell iptables -I INPUT 1 -j ACCEPT --proto 94 shell iptables -I OUTPUT 1 -j ACCEPT --proto 4 shell iptables -I OUTPUT 1 -j ACCEPT --proto 94 shell iptables -I FORWARD 1 -j ACCEPT --proto 4 shell iptables -I FORWARD 1 -j ACCEPT --proto 94 shell /sbin/iptables -I INPUT -i tun0 -j ACCEPT shell /sbin/iptables -I FORWARD -i tun0 -j ACCEPT # shell iptables -t nat -A PREROUTING -d 192.168.1.110/32 --proto 4 \-j DNAT --to 44.152.0.60 shell iptables -t nat -A PREROUTING -d 192.168.1.110/32 --proto 94 \-j DNAT --to 44.152.0.60 shell iptables -t nat -A POSTROUTING -s 44.152.0.60/32 -o eth0 -p 4 shell iptables -t nat -A POSTROUTING -s 44.152.0.60/32 -o eth0 -p 94 # I am little lost here, the JNOS 44.152.0.60/ lan 192.168.1.110 work with all Internet IP well but with ampr dont (think for encap routes and rip2 dont work) in Linux console: ./rip44d -v found local address: 192.168.1.109 found local address: 127.0.0.1 found local address: 192.168.1.109 opening UDP socket 520... entering main loop, waiting for RIPv2 datagrams and stop here dont receive the routes BUT in JNOS trace monitor see the incoming the rip UDP from 169.228.66.251 but my JNOS ip lan 192.168.1.110 replay a ICMP UnreachablePort Please, I need be clear about what is the better way to RIP amproutes in linux or jnos? I think have any very wrong here in the routing, please any advice is welcome to me (gmedinas(a)gmail.com) Thanks for help, 73 de Gabriel YV5KXE