Marc's Blog

Things from me about me …

HowTo setup an AMPRnet Gateway on Linux

| 23 Comments

I had to setup many AMPRnet gateways on Linux machines and I always had a hard time remembering the different steps, so I try to provide a quick start over here.

I have been using the RIP44d deamon for all my installations, so we’ll start with downloading the current version of RIP44d:

sudo wget -O /usr/local/sbin/rip44d https://raw.github.com/hessu/rip44d/master/rip44d

The file needs to be executable by root

sudo chmod 744 /usr/local/sbin/rip44d

Next we need is a starter script which does all the magic around RIP44d, the IPIP tunnel interface, enable ip forwarding in sysctl etc, etc. I usually create a file in /usr/local/sbin called startampr with the following content

##################################################################
## This script was developed by KB3VWG on a standard Ubuntu 12.04.1 LTS PC
## with IPv4 forwarding enabled in /etc/sysctl.conf by changing the
## net.ipv4.ip_forward variable to 1, eth0 configured to the Public facing
## LAN and eth1 to the 44LAN. It is designed to enable an AMPR Router using the
## rip44d_table44 file, the standard rip44d, using the -t switch to add routes
## to routing table ’44’ with no fruther configuration needed (firewall optional)
##################################################################
## This script was modified by LX1DUC to automate even more tasks.
##################################################################

########################################
### ENABLE IP FORWARDING ###
sysctl -w net.ipv4.ip_forward=1

########################################
### ENABLE IPIP TUNNEL INTERFACE tunl0 ###
### you must enable the tunnel before specifying routes using the tunnel
modprobe ipip
ip addr add 44.256.0.1/32 dev tunl0
### gives tunnel its own TTL of 64 enabling traceroute over tunnel
ip tunnel change ttl 64 mode ipip tunl0
ip link set dev tunl0 up

########################################
### FIREWALL TO COMPLY WITH AMPR ROUTING RULES ###
### REGARDING TEST SUBNET ###
iptables -A FORWARD -s 44.128.0.0/16 -j REJECT
iptables -A FORWARD -d 44.128.0.0/16 -j REJECT

########################################
### LAN ROUTING RULES (required if used as the LAN’s gateway) ###
### Allows 44LAN to use main routing table to access LAN (optional)
### (NAT/masquerade from 44.60.44.0/24 to must be configured
### if LAN hosts do not use AMPR Router as their LAN Gateway)
#ip rule add from 44.60.44.0/24 to table main priority 1

########################################
### AMPR ROUTING RULES ###
### Per PE1CHL: ‘This is “required” to get routing of the net-44 traffic correct ###
### and have a default route for the tunneled traffic different from the default ###
### route of the system. It may be possible to get it working without this, but ###
### policy based routing is so much easier.’ ###
### Packets to and from the 44 Network use Route Table 44
ip rule add to 44.0.0.0/8 table 44 priority 44
ip rule add from 44.256.0.0/24 table 44 priority 45

########################################
### TABLE 44 ROUTES ###
### Default Route [Internet Access] using AMPRGW for 44/8 hosts (optional)
### do NOT change the IP 169.228.66.251, this is the central AMPR Gateway
### and all traffic leaving AMPRnet towards the internet MUST pass this router.
ip route add default dev tunl0 via 169.228.66.251 onlink table 44
### Leave the 44.0.0.1 route below commented if the default route is used,
### in which case, RIP44 will create it automatically
### ip route add 44.0.0.1 dev tunl0 via 169.228.66.251 onlink table 44 window 840
### Adds 44LAN Network to Table 44
ip route add 44.256.0.0/24 dev eth1 table 44
########################################

### STARTS THE rip44d ROUTER DAMEON – removing the WAN IP address of the local gateway ###
### (rip44d announcements, 44LAN route, and removing local WAN IP with -a switch
### equals full AMPR routing table)
/usr/local/sbin/rip44d -a 192.0.2.1 -p pAsSwOrDgOeShErE -t 44 < /dev/null &

Many thanks to KB3VWG and PE1CHL.

The file must also be executable by root

sudo chmod 744 /usr/local/sbin/startampr

IMPORTANT, please replace the invalid IP address network 44.256.0.0/24, the invalid IP address 44.256.0.1 and the documentation IP 192.0.2.1 according to your local setup:

  • 44.256.0.0/24 must be replaced with your network and netmask (your netmask may differ from /24!!!)
  • 44.256.0.1 should be replaced by the IP address assigned to the gateway on your AMPRnet LAN
  • 192.0.2.1 should be replaced by your public static IP address

Next you can run execute

sudo startampr &

TODO:

  • setup iptables to limit access to the system
  • setup AMPRnet gatway behind NAT (hoepfully there will be another solution for this soon)
  • detect external public IP address automatically

UPDATES:

  • make startampr script executable
  • show how to launch startampr
  • explain the IP address 169.228.66.251

23 Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.