Marc's Blog

Things from me about me …

HowTo setup an AMPRnet Gateway on Linux

| 23 Comments

I had to setup many AMPRnet gateways on Linux machines and I always had a hard time remembering the different steps, so I try to provide a quick start over here.

I have been using the RIP44d deamon for all my installations, so we’ll start with downloading the current version of RIP44d:

sudo wget -O /usr/local/sbin/rip44d https://raw.github.com/hessu/rip44d/master/rip44d

The file needs to be executable by root

sudo chmod 744 /usr/local/sbin/rip44d

Next we need is a starter script which does all the magic around RIP44d, the IPIP tunnel interface, enable ip forwarding in sysctl etc, etc. I usually create a file in /usr/local/sbin called startampr with the following content

##################################################################
## This script was developed by KB3VWG on a standard Ubuntu 12.04.1 LTS PC
## with IPv4 forwarding enabled in /etc/sysctl.conf by changing the
## net.ipv4.ip_forward variable to 1, eth0 configured to the Public facing
## LAN and eth1 to the 44LAN. It is designed to enable an AMPR Router using the
## rip44d_table44 file, the standard rip44d, using the -t switch to add routes
## to routing table ’44’ with no fruther configuration needed (firewall optional)
##################################################################
## This script was modified by LX1DUC to automate even more tasks.
##################################################################

########################################
### ENABLE IP FORWARDING ###
sysctl -w net.ipv4.ip_forward=1

########################################
### ENABLE IPIP TUNNEL INTERFACE tunl0 ###
### you must enable the tunnel before specifying routes using the tunnel
modprobe ipip
ip addr add 44.256.0.1/32 dev tunl0
### gives tunnel its own TTL of 64 enabling traceroute over tunnel
ip tunnel change ttl 64 mode ipip tunl0
ip link set dev tunl0 up

########################################
### FIREWALL TO COMPLY WITH AMPR ROUTING RULES ###
### REGARDING TEST SUBNET ###
iptables -A FORWARD -s 44.128.0.0/16 -j REJECT
iptables -A FORWARD -d 44.128.0.0/16 -j REJECT

########################################
### LAN ROUTING RULES (required if used as the LAN’s gateway) ###
### Allows 44LAN to use main routing table to access LAN (optional)
### (NAT/masquerade from 44.60.44.0/24 to must be configured
### if LAN hosts do not use AMPR Router as their LAN Gateway)
#ip rule add from 44.60.44.0/24 to table main priority 1

########################################
### AMPR ROUTING RULES ###
### Per PE1CHL: ‘This is “required” to get routing of the net-44 traffic correct ###
### and have a default route for the tunneled traffic different from the default ###
### route of the system. It may be possible to get it working without this, but ###
### policy based routing is so much easier.’ ###
### Packets to and from the 44 Network use Route Table 44
ip rule add to 44.0.0.0/8 table 44 priority 44
ip rule add from 44.256.0.0/24 table 44 priority 45

########################################
### TABLE 44 ROUTES ###
### Default Route [Internet Access] using AMPRGW for 44/8 hosts (optional)
### do NOT change the IP 169.228.66.251, this is the central AMPR Gateway
### and all traffic leaving AMPRnet towards the internet MUST pass this router.
ip route add default dev tunl0 via 169.228.66.251 onlink table 44
### Leave the 44.0.0.1 route below commented if the default route is used,
### in which case, RIP44 will create it automatically
### ip route add 44.0.0.1 dev tunl0 via 169.228.66.251 onlink table 44 window 840
### Adds 44LAN Network to Table 44
ip route add 44.256.0.0/24 dev eth1 table 44
########################################

### STARTS THE rip44d ROUTER DAMEON – removing the WAN IP address of the local gateway ###
### (rip44d announcements, 44LAN route, and removing local WAN IP with -a switch
### equals full AMPR routing table)
/usr/local/sbin/rip44d -a 192.0.2.1 -p pAsSwOrDgOeShErE -t 44 < /dev/null &

Many thanks to KB3VWG and PE1CHL.

The file must also be executable by root

sudo chmod 744 /usr/local/sbin/startampr

IMPORTANT, please replace the invalid IP address network 44.256.0.0/24, the invalid IP address 44.256.0.1 and the documentation IP 192.0.2.1 according to your local setup:

  • 44.256.0.0/24 must be replaced with your network and netmask (your netmask may differ from /24!!!)
  • 44.256.0.1 should be replaced by the IP address assigned to the gateway on your AMPRnet LAN
  • 192.0.2.1 should be replaced by your public static IP address

Next you can run execute

sudo startampr &

TODO:

  • setup iptables to limit access to the system
  • setup AMPRnet gatway behind NAT (hoepfully there will be another solution for this soon)
  • detect external public IP address automatically

UPDATES:

  • make startampr script executable
  • show how to launch startampr
  • explain the IP address 169.228.66.251

23 Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this:

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close