ampr.org routing -- latest adventures with...


Ugh, well I have been fussing with my ampr.org ip addresses. I had a problem -- that is I was connecting to ip's in the 44.0.0.0/9 okay but 44.128.0.0/9 was not making it. Those packets were getting stuck.

Basically it means you can now visit my website at

http://ke6i.ampr.org

without getting a lost connection. Even if you are sitting on some ranges of ip's that I had trouble. (Give it a shot.)

I am running packet on Linux, and the it can be slightly fussy to adjust this routing. I use something called 'source based routing' to send everything that comes to my ampr.org addresses to the other ampr.org machines. Anyway, after a late night of fussing with this, I think I have it finally setup right.

I'll post a little bit of code here for those interested in sorting through some of these problems.

These lines create the tunnels port 44.4.92.50 is my local IP and HUB0 is the ip of the 44.0 hub and HUB128 is the ip of the 44.128 hub. Replace HUB0 and HUB128 with the actual IP's. (I'm not sure if the ampr guys are sensitive about revealing these.)

/sbin/ifconfig tunl0 up 44.4.92.50 netmask 255.255.255.255

These replace commands, send destination stuff to the hubs, though mostly this it doesn't use this path.

/sbin/ip route replace 44/9 via HUB0 dev tunl0 proto static onlink
/sbin/ip route replace 44.128/9 via HUB128 dev tunl0 proto static onlink

These routines setup the source based routing. The iptables commands are all magic to me.

/sbin/iptables -I INPUT 1 -j ACCEPT --proto 4
/sbin/iptables -I INPUT 1 -j ACCEPT --proto 94
/sbin/iptables -I OUTPUT 1 -j ACCEPT --proto 4
/sbin/iptables -I OUTPUT 1 -j ACCEPT --proto 94
/sbin/iptables -I FORWARD 1 -j ACCEPT --proto 4
/sbin/iptables -I FORWARD 1 -j ACCEPT --proto 94

This sets up the source routing.

/sbin/ip rule add from 44/8 pref 1 table 1

Here are a couple lines that show how I setup routes that come from the encap.txt files, which lists out all the ampr hosts. These are my routes, so as to not reveal IP's which some people are sensitive about. I have a monster table of these #created from encap.txt. 66.134.69.212 should be a remote gateway ip from encap.txt. 44.4.92.50 and 44.4.28.50 are examples of ip ranges to gateway from the encap.txt files.

/sbin/ip route replace 44.4.92.50 via 66.134.69.212 dev tunl0 proto static onlink table 1
/sbin/ip route replace 44.4.28.50 via 66.134.69.212 dev tunl0 proto static onlink table 1
/sbin/ip route replace 44.0/9 via HUB0 dev tunl0 proto static onlink table 1
/sbin/ip route replace 44.128/9 via HUB128 dev tunl0 proto static onlink table 1
/sbin/ip route replace default via HUB0 dev tunl0 onlink table 1

My default is hub0 because I'm on the 44.0 side of the universe.

If you are at all interested in this stuff, make sure to visit fuller.net and to sign up for the ampr-gateways mailing list.
Back