[nos-bbs] ip-ip

Kerry Smith n3nxo at yahoo.com
Mon Nov 22 18:55:42 EST 2010 

Jim,
Let me clear this up a little bit IF I CAN?

During the ping test I mentioned, I was sitting on a public
IP, not a 44.x.x.x ip.  Since jnos itself can talk back to 
the public ip's, if things are setup correctly, it doesn't use
encap for that reason.  One of the times it might use encap to
talk back to a public ip is if your using someone else as a 
gateway out, for example those poor people that are source
filtered by there isp.  In that case it would be encap back.

If your on a public ip, ping a 44.x.x.x ip, the packet will
go to ucsd, get encapsulated, then go to the machine via the
encap file map.  Once jnos receives this ip, it should return
the ip back to the public ip within it's shortest route.

Now, if you ping with a 44.x.x.x to a 44.x.x.x, AND you don't
have an axip route created with that person, THEN, you will
have your encapsulation in both directions, and if both stations
are listed in the encap.txt file, the uscd won't even see it.

Kerry - n3nxo


--- On Mon, 11/22/10, Jim Smith <lanshark at charter.net> wrote:

> From: Jim Smith <lanshark at charter.net>
> Subject: Re: [nos-bbs] ip-ip
> To: "'TAPR xNOS Mailing List'" <nos-bbs at tapr.org>
> Date: Monday, November 22, 2010, 4:19 PM
> Kerry,
> 
>   That sounds more like your system wasn't using IP-IP
> to pass the traffic
> out of the network, JNOS should have encapsulated the
> traffic outbound just
> the same as the other station encapsulated the traffic to
> you. That way the
> traffic would have gone outbound from the JNOS system
> wrapped in an IP
> packet with a source of your local net. Odd.
> 
>   Oh well, if it is working, it is working!
> 
> Cheers,
> 
> Jim N8AVX
> 
> -----Original Message-----
> From: nos-bbs-bounces at tapr.org
> [mailto:nos-bbs-bounces at tapr.org]
> On Behalf
> Of Kerry Smith
> Sent: Monday, November 22, 2010 4:07 PM
> To: nos-bbs at tapr.org
> Subject: Re: [nos-bbs] ip-ip
> 
> Jim,
> The problem I ran into was such
> 
> If you were sitting on an outside machine and would ping
> example my ip of
> 44.112.32.186, I could see the encap packet come into the
> system fine.  When
> the jnos would reply with the source packet of
> 44.112.32.186, the linksys
> AND DD-WRT box would not let it out since it was not within
> the subnet of
> the boxes themselves.  The rest of the internal
> network was set at
> 192.168.x.x.  
> 
> The box would not pass the 44.x.x.x packet out on it's own,
> it wanted to NAT
> Everything outbound and since the 44.x.x.x packet was not
> of it's network,
> it would drop the packet.
> Now the box DID pass IP-IP encap packets without any
> problems, since they
> were encapsulated inside a 192.168.x.x packet.
> 
> Now with the Cisco 2600 Router, I am able to have the nat
> only respond on
> the local network packets, and not touch anything else
> outbound.  Thus, the
> 44.x.x.x packets will go out of the box without being
> touched by NAT.
> 
> If anyone out there needs a sample config for a Cisco
> NON-HOME Router, feel
> free to drop me a line of list and i'll send you copy.
> 
> Kerry - n3nxo
> 
> --- On Mon, 11/22/10, Jim Smith <lanshark at charter.net>
> wrote:
> 
> > From: Jim Smith <lanshark at charter.net>
> > Subject: Re: [nos-bbs] ip-ip
> > To: "'TAPR xNOS Mailing List'" <nos-bbs at tapr.org>
> > Date: Monday, November 22, 2010, 2:20 PM Kerry,
> > 
> >   AFAIK, the IP-IP encap does use local IP and
> tolerates NAT just 
> > fine. That is how I run it here with no problems. What
> *may* have been 
> > the problem (I've seen this often) is that the return
> packet will not 
> > make it back because it is not TCP or UDP, but IP-IP,
> which has a 
> > different protocol number than either TCP or UDP. Many
> of the Linksys 
> > style appliances drop this incoming traffic with no
> chance to have it 
> > passed. It goes out fine, but does not come back
> through.
> > 
> >   The solution (at least in my case) was to use a
> firmware image that 
> > understood the concept of a "DMZ Host" and would pass
> *all* traffic to 
> > that designated DMZ Host *including* IP-IP traffic.
> The dd-wrt 
> > firmware will not run on my old Linksys, but I bet in
> there somewhere 
> > is a config for a "DMZ Host" or equivalent.
> > 
> >   Anyway, just my $.02 to the conversation.
> > 
> > Cheers!
> > 
> > Jim N8AVX
> > (who is now eyeing his small stack of Cisco 2600 in a
> new light. Care 
> > to share your config?)
> > 
> > -----Original Message-----
> > From: nos-bbs-bounces at tapr.org
> > [mailto:nos-bbs-bounces at tapr.org]
> > On Behalf
> > Of Kerry Smith
> > Sent: Monday, November 22, 2010 7:47 AM
> > To: TAPR xNOS Mailing List
> > Subject: Re: [nos-bbs] ip-ip
> > 
> > Jerry,
> > 
> > Something to keep in mind.  I'm not sure what version
> of DD-WRT they 
> > were speaking about, but DD-WRT will not let a NON
> Local ip pass out.  
> > It want's to NAT everything, so you might be right
> back where you 
> > started.  I tried DD-WRT and had NO LUCK.
> > My next step was to run directly into the jnos
> machine, as you said 
> > for your second option, which WILL WORK, or find a
> router that would 
> > let me do what I wanted.
> > 
> > A friend of mine found me a Cisco 2600, so i'm sitting
> good and can 
> > tell this monster what to do and how to do it, unlike
> the linksys 
> > style appliance.
> > 
> > Kerry - n3nxo
> > 
> > 
> > --- On Sun, 11/21/10, N0MR <n0mr at lakenet.com>
> > wrote:
> > 
> > > From: N0MR <n0mr at lakenet.com>
> > > Subject: Re: [nos-bbs] ip-ip
> > > To: "TAPR xNOS Mailing List" <nos-bbs at tapr.org>
> > > Date: Sunday, November 21, 2010, 10:50 PM Thanks
> Bob
> > and Jay for words
> > > on ip-ip. Looks like I have two options. Get a
> router
> > that I can use
> > > the dd-wrt conversion or run my internet service
> right
> > into the
> > > Linux/JNOS computer then out a second ethernet
> port to
> > my home router.
> > > 
> > > Jerry, N0MR
> > > 
> > > ----- Original Message ----- From: "Bob Tenty"
> <bobtenty at gmail.com>
> > > To: "TAPR xNOS Mailing List" <nos-bbs at tapr.org>
> > > Sent: Tuesday, November 16, 2010 2:19 PM
> > > Subject: Re: [nos-bbs] ip-ip
> > > 
> > > 
> > > > Some of these consumer routers don't pass
> the
> > ip-ip/
> > > ipencap protocol.
> > > > 
> > > > Re-flashing them with open source "dd-wrt"
> > > (www.dd-wrt.com) can offer a solution to this.
> > > > (If dd-wrt is available for your model)
> > > > 
> > > > 73,
> > > > 
> > > > Bob VE3TOK
> > > > 
> > > > On 10-11-14 11:53 PM, N0MR wrote:
> > > >> I'm told ip-ip contacts to my JNOS
> system do
> > not
> > > work. I don't know what is wrong, but I can
> describe
> > my setup and hope
> > > someone has a suggestion.
> > > >> 
> > > >> I'm running JNOS 2.0h. I'm running
> Ubuntu 8.
> > I
> > > have a static IP on a Linksys router with a LAN
> side
> > address
> > > 192.168.0.51. The router has DMZ open to the
> address
> > of the JNOS
> > > software and ports 1 through 600 are open to
> that
> > address.
> > > >> 
> > > >> My Linux computer has an address
> 192.168.0.75
> > and
> > > JNOS 192.168.0.76. JNOS is configured with all
> ports
> > open except port
> > > 25. Port 25 is open to only two trusted
> addresses. My
> > ISP does not
> > > block any ports.
> > > >> 
> > > >> I have two ampernet AXIP ports running.
> I do
> > > transfer mail by telnet. I do get rip broadcasts
> about
> > every
> > > 5 minutes. Everything seems to be running fine
> except
> > I'm told my
> > > system will not accept ip-ip connections.
> > > >> 
> > > >> With that description, can anyone see
> any
> > problem
> > > or suggest something that might be missing.
> > > >> 
> > > >> Jerry, N0MR
> > > >> 
> > > >> 
> > > >>
> > _______________________________________________
> > > >> nos-bbs mailing list
> > > >> nos-bbs at tapr.org
> > > >> https://www.tapr.org/cgi-bin/mailman/listinfo/nos-bbs
> > > > 
> > > > 
> > > >
> _______________________________________________
> > > > nos-bbs mailing list
> > > > nos-bbs at tapr.org
> > > > https://www.tapr.org/cgi-bin/mailman/listinfo/nos-bbs
> > > > 
> > > > 
> > > 
> > > 
> > > 
> > > _______________________________________________
> > > nos-bbs mailing list
> > > nos-bbs at tapr.org
> > > https://www.tapr.org/cgi-bin/mailman/listinfo/nos-bbs
> > > 
> > 
> > 
> >       
> > 
> > _______________________________________________
> > nos-bbs mailing list
> > nos-bbs at tapr.org
> > https://www.tapr.org/cgi-bin/mailman/listinfo/nos-bbs
> > 
> > 
> > 
> > _______________________________________________
> > nos-bbs mailing list
> > nos-bbs at tapr.org
> > https://www.tapr.org/cgi-bin/mailman/listinfo/nos-bbs
> > 
> 
> 
>       
> 
> _______________________________________________
> nos-bbs mailing list
> nos-bbs at tapr.org
> https://www.tapr.org/cgi-bin/mailman/listinfo/nos-bbs
> 
> 
> 
> _______________________________________________
> nos-bbs mailing list
> nos-bbs at tapr.org
> https://www.tapr.org/cgi-bin/mailman/listinfo/nos-bbs
>

More information about the nos-bbs mailing list