[nos-bbs] ip-ip

Jim Smith lanshark at charter.net
Mon Nov 22 16:19:18 EST 2010


Kerry,

  That sounds more like your system wasn't using IP-IP to pass the traffic
out of the network, JNOS should have encapsulated the traffic outbound just
the same as the other station encapsulated the traffic to you. That way the
traffic would have gone outbound from the JNOS system wrapped in an IP
packet with a source of your local net. Odd.

  Oh well, if it is working, it is working!

Cheers,

Jim N8AVX

-----Original Message-----
From: nos-bbs-bounces at tapr.org [mailto:nos-bbs-bounces at tapr.org] On Behalf
Of Kerry Smith
Sent: Monday, November 22, 2010 4:07 PM
To: nos-bbs at tapr.org
Subject: Re: [nos-bbs] ip-ip

Jim,
The problem I ran into was such

If you were sitting on an outside machine and would ping example my ip of
44.112.32.186, I could see the encap packet come into the system fine.  When
the jnos would reply with the source packet of 44.112.32.186, the linksys
AND DD-WRT box would not let it out since it was not within the subnet of
the boxes themselves.  The rest of the internal network was set at
192.168.x.x.  

The box would not pass the 44.x.x.x packet out on it's own, it wanted to NAT
Everything outbound and since the 44.x.x.x packet was not of it's network,
it would drop the packet.
Now the box DID pass IP-IP encap packets without any problems, since they
were encapsulated inside a 192.168.x.x packet.

Now with the Cisco 2600 Router, I am able to have the nat only respond on
the local network packets, and not touch anything else outbound.  Thus, the
44.x.x.x packets will go out of the box without being touched by NAT.

If anyone out there needs a sample config for a Cisco NON-HOME Router, feel
free to drop me a line of list and i'll send you copy.

Kerry - n3nxo

--- On Mon, 11/22/10, Jim Smith <lanshark at charter.net> wrote:

> From: Jim Smith <lanshark at charter.net>
> Subject: Re: [nos-bbs] ip-ip
> To: "'TAPR xNOS Mailing List'" <nos-bbs at tapr.org>
> Date: Monday, November 22, 2010, 2:20 PM Kerry,
> 
>   AFAIK, the IP-IP encap does use local IP and tolerates NAT just 
> fine. That is how I run it here with no problems. What *may* have been 
> the problem (I've seen this often) is that the return packet will not 
> make it back because it is not TCP or UDP, but IP-IP, which has a 
> different protocol number than either TCP or UDP. Many of the Linksys 
> style appliances drop this incoming traffic with no chance to have it 
> passed. It goes out fine, but does not come back through.
> 
>   The solution (at least in my case) was to use a firmware image that 
> understood the concept of a "DMZ Host" and would pass *all* traffic to 
> that designated DMZ Host *including* IP-IP traffic. The dd-wrt 
> firmware will not run on my old Linksys, but I bet in there somewhere 
> is a config for a "DMZ Host" or equivalent.
> 
>   Anyway, just my $.02 to the conversation.
> 
> Cheers!
> 
> Jim N8AVX
> (who is now eyeing his small stack of Cisco 2600 in a new light. Care 
> to share your config?)
> 
> -----Original Message-----
> From: nos-bbs-bounces at tapr.org
> [mailto:nos-bbs-bounces at tapr.org]
> On Behalf
> Of Kerry Smith
> Sent: Monday, November 22, 2010 7:47 AM
> To: TAPR xNOS Mailing List
> Subject: Re: [nos-bbs] ip-ip
> 
> Jerry,
> 
> Something to keep in mind.  I'm not sure what version of DD-WRT they 
> were speaking about, but DD-WRT will not let a NON Local ip pass out.  
> It want's to NAT everything, so you might be right back where you 
> started.  I tried DD-WRT and had NO LUCK.
> My next step was to run directly into the jnos machine, as you said 
> for your second option, which WILL WORK, or find a router that would 
> let me do what I wanted.
> 
> A friend of mine found me a Cisco 2600, so i'm sitting good and can 
> tell this monster what to do and how to do it, unlike the linksys 
> style appliance.
> 
> Kerry - n3nxo
> 
> 
> --- On Sun, 11/21/10, N0MR <n0mr at lakenet.com>
> wrote:
> 
> > From: N0MR <n0mr at lakenet.com>
> > Subject: Re: [nos-bbs] ip-ip
> > To: "TAPR xNOS Mailing List" <nos-bbs at tapr.org>
> > Date: Sunday, November 21, 2010, 10:50 PM Thanks Bob
> and Jay for words
> > on ip-ip. Looks like I have two options. Get a router
> that I can use
> > the dd-wrt conversion or run my internet service right
> into the
> > Linux/JNOS computer then out a second ethernet port to
> my home router.
> > 
> > Jerry, N0MR
> > 
> > ----- Original Message ----- From: "Bob Tenty" <bobtenty at gmail.com>
> > To: "TAPR xNOS Mailing List" <nos-bbs at tapr.org>
> > Sent: Tuesday, November 16, 2010 2:19 PM
> > Subject: Re: [nos-bbs] ip-ip
> > 
> > 
> > > Some of these consumer routers don't pass the
> ip-ip/
> > ipencap protocol.
> > > 
> > > Re-flashing them with open source "dd-wrt"
> > (www.dd-wrt.com) can offer a solution to this.
> > > (If dd-wrt is available for your model)
> > > 
> > > 73,
> > > 
> > > Bob VE3TOK
> > > 
> > > On 10-11-14 11:53 PM, N0MR wrote:
> > >> I'm told ip-ip contacts to my JNOS system do
> not
> > work. I don't know what is wrong, but I can describe
> my setup and hope
> > someone has a suggestion.
> > >> 
> > >> I'm running JNOS 2.0h. I'm running Ubuntu 8.
> I
> > have a static IP on a Linksys router with a LAN side
> address
> > 192.168.0.51. The router has DMZ open to the address
> of the JNOS
> > software and ports 1 through 600 are open to that
> address.
> > >> 
> > >> My Linux computer has an address 192.168.0.75
> and
> > JNOS 192.168.0.76. JNOS is configured with all ports
> open except port
> > 25. Port 25 is open to only two trusted addresses. My
> ISP does not
> > block any ports.
> > >> 
> > >> I have two ampernet AXIP ports running. I do
> > transfer mail by telnet. I do get rip broadcasts about
> every
> > 5 minutes. Everything seems to be running fine except
> I'm told my
> > system will not accept ip-ip connections.
> > >> 
> > >> With that description, can anyone see any
> problem
> > or suggest something that might be missing.
> > >> 
> > >> Jerry, N0MR
> > >> 
> > >> 
> > >>
> _______________________________________________
> > >> nos-bbs mailing list
> > >> nos-bbs at tapr.org
> > >> https://www.tapr.org/cgi-bin/mailman/listinfo/nos-bbs
> > > 
> > > 
> > > _______________________________________________
> > > nos-bbs mailing list
> > > nos-bbs at tapr.org
> > > https://www.tapr.org/cgi-bin/mailman/listinfo/nos-bbs
> > > 
> > > 
> > 
> > 
> > 
> > _______________________________________________
> > nos-bbs mailing list
> > nos-bbs at tapr.org
> > https://www.tapr.org/cgi-bin/mailman/listinfo/nos-bbs
> > 
> 
> 
>       
> 
> _______________________________________________
> nos-bbs mailing list
> nos-bbs at tapr.org
> https://www.tapr.org/cgi-bin/mailman/listinfo/nos-bbs
> 
> 
> 
> _______________________________________________
> nos-bbs mailing list
> nos-bbs at tapr.org
> https://www.tapr.org/cgi-bin/mailman/listinfo/nos-bbs
> 


      

_______________________________________________
nos-bbs mailing list
nos-bbs at tapr.org
https://www.tapr.org/cgi-bin/mailman/listinfo/nos-bbs






More information about the nos-bbs mailing list