[nos-bbs] ip-ip

Kerry Smith n3nxo at yahoo.com
Mon Nov 22 16:07:00 EST 2010


Jim,
The problem I ran into was such

If you were sitting on an outside machine and would ping
example my ip of 44.112.32.186, I could see the encap packet
come into the system fine.  When the jnos would reply with
the source packet of 44.112.32.186, the linksys AND DD-WRT
box would not let it out since it was not within the subnet
of the boxes themselves.  The rest of the internal network
was set at 192.168.x.x.  

The box would not pass the 44.x.x.x packet out on it's own,
it wanted to NAT Everything outbound and since the 44.x.x.x
packet was not of it's network, it would drop the packet.
Now the box DID pass IP-IP encap packets without any problems,
since they were encapsulated inside a 192.168.x.x packet.

Now with the Cisco 2600 Router, I am able to have the nat
only respond on the local network packets, and not touch
anything else outbound.  Thus, the 44.x.x.x packets will go
out of the box without being touched by NAT.

If anyone out there needs a sample config for a Cisco 
NON-HOME Router, feel free to drop me a line of list and i'll
send you copy.

Kerry - n3nxo

--- On Mon, 11/22/10, Jim Smith <lanshark at charter.net> wrote:

> From: Jim Smith <lanshark at charter.net>
> Subject: Re: [nos-bbs] ip-ip
> To: "'TAPR xNOS Mailing List'" <nos-bbs at tapr.org>
> Date: Monday, November 22, 2010, 2:20 PM
> Kerry,
> 
>   AFAIK, the IP-IP encap does use local IP and
> tolerates NAT just fine. That
> is how I run it here with no problems. What *may* have been
> the problem
> (I've seen this often) is that the return packet will not
> make it back
> because it is not TCP or UDP, but IP-IP, which has a
> different protocol
> number than either TCP or UDP. Many of the Linksys style
> appliances drop
> this incoming traffic with no chance to have it passed. It
> goes out fine,
> but does not come back through.
> 
>   The solution (at least in my case) was to use a
> firmware image that
> understood the concept of a "DMZ Host" and would pass *all*
> traffic to that
> designated DMZ Host *including* IP-IP traffic. The dd-wrt
> firmware will not
> run on my old Linksys, but I bet in there somewhere is a
> config for a "DMZ
> Host" or equivalent.
> 
>   Anyway, just my $.02 to the conversation.
> 
> Cheers!
> 
> Jim N8AVX
> (who is now eyeing his small stack of Cisco 2600 in a new
> light. Care to
> share your config?)
> 
> -----Original Message-----
> From: nos-bbs-bounces at tapr.org
> [mailto:nos-bbs-bounces at tapr.org]
> On Behalf
> Of Kerry Smith
> Sent: Monday, November 22, 2010 7:47 AM
> To: TAPR xNOS Mailing List
> Subject: Re: [nos-bbs] ip-ip
> 
> Jerry,
> 
> Something to keep in mind.  I'm not sure what version
> of DD-WRT they were
> speaking about, but DD-WRT will not let a NON Local ip pass
> out.  It want's
> to NAT everything, so you might be right back where you
> started.  I tried
> DD-WRT and had NO LUCK.
> My next step was to run directly into the jnos machine, as
> you said for your
> second option, which WILL WORK, or find a router that would
> let me do what I
> wanted.
> 
> A friend of mine found me a Cisco 2600, so i'm sitting good
> and can tell
> this monster what to do and how to do it, unlike the
> linksys style
> appliance.
> 
> Kerry - n3nxo
> 
> 
> --- On Sun, 11/21/10, N0MR <n0mr at lakenet.com>
> wrote:
> 
> > From: N0MR <n0mr at lakenet.com>
> > Subject: Re: [nos-bbs] ip-ip
> > To: "TAPR xNOS Mailing List" <nos-bbs at tapr.org>
> > Date: Sunday, November 21, 2010, 10:50 PM Thanks Bob
> and Jay for words 
> > on ip-ip. Looks like I have two options. Get a router
> that I can use 
> > the dd-wrt conversion or run my internet service right
> into the 
> > Linux/JNOS computer then out a second ethernet port to
> my home router.
> > 
> > Jerry, N0MR
> > 
> > ----- Original Message ----- From: "Bob Tenty" <bobtenty at gmail.com>
> > To: "TAPR xNOS Mailing List" <nos-bbs at tapr.org>
> > Sent: Tuesday, November 16, 2010 2:19 PM
> > Subject: Re: [nos-bbs] ip-ip
> > 
> > 
> > > Some of these consumer routers don't pass the
> ip-ip/
> > ipencap protocol.
> > > 
> > > Re-flashing them with open source "dd-wrt"
> > (www.dd-wrt.com) can offer a solution to this.
> > > (If dd-wrt is available for your model)
> > > 
> > > 73,
> > > 
> > > Bob VE3TOK
> > > 
> > > On 10-11-14 11:53 PM, N0MR wrote:
> > >> I'm told ip-ip contacts to my JNOS system do
> not
> > work. I don't know what is wrong, but I can describe
> my setup and hope 
> > someone has a suggestion.
> > >> 
> > >> I'm running JNOS 2.0h. I'm running Ubuntu 8.
> I
> > have a static IP on a Linksys router with a LAN side
> address 
> > 192.168.0.51. The router has DMZ open to the address
> of the JNOS 
> > software and ports 1 through 600 are open to that
> address.
> > >> 
> > >> My Linux computer has an address 192.168.0.75
> and
> > JNOS 192.168.0.76. JNOS is configured with all ports
> open except port 
> > 25. Port 25 is open to only two trusted addresses. My
> ISP does not 
> > block any ports.
> > >> 
> > >> I have two ampernet AXIP ports running. I do
> > transfer mail by telnet. I do get rip broadcasts about
> every
> > 5 minutes. Everything seems to be running fine except
> I'm told my 
> > system will not accept ip-ip connections.
> > >> 
> > >> With that description, can anyone see any
> problem
> > or suggest something that might be missing.
> > >> 
> > >> Jerry, N0MR
> > >> 
> > >> 
> > >>
> _______________________________________________
> > >> nos-bbs mailing list
> > >> nos-bbs at tapr.org
> > >> https://www.tapr.org/cgi-bin/mailman/listinfo/nos-bbs
> > > 
> > > 
> > > _______________________________________________
> > > nos-bbs mailing list
> > > nos-bbs at tapr.org
> > > https://www.tapr.org/cgi-bin/mailman/listinfo/nos-bbs
> > > 
> > > 
> > 
> > 
> > 
> > _______________________________________________
> > nos-bbs mailing list
> > nos-bbs at tapr.org
> > https://www.tapr.org/cgi-bin/mailman/listinfo/nos-bbs
> > 
> 
> 
>       
> 
> _______________________________________________
> nos-bbs mailing list
> nos-bbs at tapr.org
> https://www.tapr.org/cgi-bin/mailman/listinfo/nos-bbs
> 
> 
> 
> _______________________________________________
> nos-bbs mailing list
> nos-bbs at tapr.org
> https://www.tapr.org/cgi-bin/mailman/listinfo/nos-bbs
> 


      




More information about the nos-bbs mailing list