Subject: Re: [44net] dd-wrt and ipip From: lleachii@aol.com Date: 08/13/2013 05:04 PM

To: 44net@hamradio.ucsd.edu

All,

I think the reason that nodes on the 44 Network cannot reach me is that my router is not allowing connections from the Internet to pass through.

My setup:

Router 1 WAN 76.114.216.250 <> LAN 192.168.x.x <>

Router 2 WAN 192.168.x.2 <> LAN 192.168.y.x

AMPRGW 192.168.y.5

In trying to setup IPTABLES commands to allow IPIP traffic, I've had no success thus far.

On Router1: iptables -t filter -I INPUT -p ipip -j ACCEPT iptables -t filter -I FORWARD -p ipip -j ACCEPT iptables -t nat -I PREROUTING -i vlan1 -p ipip -j DNAT --to-destination 192.168.x.2

On Router2:

iptables -t filter -I INPUT -p ipip -j ACCEPT iptables -t filter -I FORWARD -p ipip -j ACCEPT iptables -t nat -I PREROUTING 1 -s 169.228.66.251 -p ipip -i vlan1 -j DNAT --to-destination 192.168.y.5 iptables -t nat -I PREROUTING 2 -p ipip -i vlan1 -j DNAT --to-destination 192.168.y.5

Any ideas?

Your problem is the protocol number used for encapsulation, I think. The "ipip" protocol is protocol 94, the one that was registered mistakenly at a time when protocol 4, which does exactly the same, already existed. Now the protocol 4 is used, which is in /etc/protocols under its name "ip". So use -p ip or just -p 4.

Rob