ewpratten/startampr.sh

## startampr.sh
#!/bin/sh
# KB9MWR 07/2019 amprnet routing including rules.
# Uses ampr-ripd 1.16.3 by Marius, YO2LOJ
# Further explained at:
# http://www.qsl.net/kb9mwr/wapr/tcpip/ampr-ripd.html
##################################################################
### ENABLE IP FORWARDING ###
sysctl -w net.ipv4.ip_forward=1
########################################
### ENABLE IPIP TUNNEL INTERFACE tunl0 ###
### you must enable the tunnel before specifying routes using the tunnel
modprobe ipip
# My server AmprNet IP
ip addr add 44.63.7.33/32 dev tunl0
### gives tunnel its own TTL of 64 enabling traceroute over tunnel
ip tunnel change ttl 64 mode ipip tunl0
ip link set dev tunl0 up
ifconfig tunl0 mtu 1480
########
### AMPR ROUTING RULES ###
# Per PE1CHL: This is required to get routing of the net-44 traffic correct  #
# and have a default route for the tunneled traffic different from the default #
# route of the system. It may be possible to get it working without this, but #
# policy based routing is so much easier. #
### Packets to and from the 44 Network use Route Table 44
ip rule add to 44.0.0.0/9 table 44 priority 44
ip rule add to 44.128.0.0/10 table 44 priority 44
ip rule add from 44.63.7.32/29 table 44 priority 45
####### TABLE 44 ROUTES ###
### Default Route [Internet Access] using AMPRGW for 44/8 hosts (optional)
### do NOT change the IP 169.228.34.84, this is the central AMPR Gateway
### and all traffic leaving AMPRnet towards the internet MUST pass this router.
ip route add default dev tunl0 via 169.228.34.84 onlink table 44
#                                   ^new ucsd address 5/2017
#
# Adds local 44 Wireless LAN network to Table 44
#ip route add 44.92.21.0/24 dev eth1 table 44
####################################
#
# For OpenVPN tunnel
#ip route add 44.92.21.128/25 dev tun0 table 44
# Needed to get data to flow between eth1 and tun0 (OpenVPN):
#iptables -t nat -A POSTROUTING -s 44.92.21.128/25 -d 44.92.21.0/25 -j MASQUERADE
#
#Firewall Rules to drop all network 44 traffic
#iptables -A INPUT -i tunl0 -p all ! -s 44.0.0.0/9 -j DROP
#iptables -A INPUT -i tunl0 -p all ! -s 44.128.0.0/10 -j DROP
#
#Other good practice rules:
# This prevents nested ipencap
iptables -t raw -I PREROUTING -p 4 -i tunl0 -j DROP
# This prevents a general loop
iptables -I FORWARD -i tunl0 -o tunl0 -j DROP
# Drops outbound unassigned IPs from looping though tunl0 via ipencap
iptables -I FORWARD ! -s 44.63.7.32/29 -o tunl0 -j DROP
#
########################################
### STARTS THE ampr-ripd ROUTER DAMEON
# -s saves routes to /var/lib/ampr-ripd/encap.txt
# -r use raw socket instead of multicast
# -t routing table to use
# -i tunnel interface to use
# -p RIPv2 password (latest ampr-ripd defaults to the current valid password)
# -a ampr subnets to be ignored (remove your allocation from the table)
/usr/sbin/ampr-ripd -s -t 44 -i tunl0 -a 44.63.7.32/29 -L VA3ZZA@fn03dl
	#!/bin/sh
	# KB9MWR 07/2019 amprnet routing including rules.
	# Uses ampr-ripd 1.16.3 by Marius, YO2LOJ
	# Further explained at:
	# http://www.qsl.net/kb9mwr/wapr/tcpip/ampr-ripd.html
	##################################################################
	### ENABLE IP FORWARDING ###
	sysctl -w net.ipv4.ip_forward=1
	########################################
	### ENABLE IPIP TUNNEL INTERFACE tunl0 ###
	### you must enable the tunnel before specifying routes using the tunnel
	modprobe ipip
	# My server AmprNet IP
	ip addr add 44.63.7.33/32 dev tunl0
	### gives tunnel its own TTL of 64 enabling traceroute over tunnel
	ip tunnel change ttl 64 mode ipip tunl0
	ip link set dev tunl0 up
	ifconfig tunl0 mtu 1480
	########
	### AMPR ROUTING RULES ###
	# Per PE1CHL: This is required to get routing of the net-44 traffic correct #
	# and have a default route for the tunneled traffic different from the default #
	# route of the system. It may be possible to get it working without this, but #
	# policy based routing is so much easier. #
	### Packets to and from the 44 Network use Route Table 44
	ip rule add to 44.0.0.0/9 table 44 priority 44
	ip rule add to 44.128.0.0/10 table 44 priority 44
	ip rule add from 44.63.7.32/29 table 44 priority 45
	####### TABLE 44 ROUTES ###
	### Default Route [Internet Access] using AMPRGW for 44/8 hosts (optional)
	### do NOT change the IP 169.228.34.84, this is the central AMPR Gateway
	### and all traffic leaving AMPRnet towards the internet MUST pass this router.
	ip route add default dev tunl0 via 169.228.34.84 onlink table 44
	# ^new ucsd address 5/2017
	#
	# Adds local 44 Wireless LAN network to Table 44
	#ip route add 44.92.21.0/24 dev eth1 table 44
	####################################
	#
	# For OpenVPN tunnel
	#ip route add 44.92.21.128/25 dev tun0 table 44
	# Needed to get data to flow between eth1 and tun0 (OpenVPN):
	#iptables -t nat -A POSTROUTING -s 44.92.21.128/25 -d 44.92.21.0/25 -j MASQUERADE
	#
	#Firewall Rules to drop all network 44 traffic
	#iptables -A INPUT -i tunl0 -p all ! -s 44.0.0.0/9 -j DROP
	#iptables -A INPUT -i tunl0 -p all ! -s 44.128.0.0/10 -j DROP
	#
	#Other good practice rules:
	# This prevents nested ipencap
	iptables -t raw -I PREROUTING -p 4 -i tunl0 -j DROP
	# This prevents a general loop
	iptables -I FORWARD -i tunl0 -o tunl0 -j DROP
	# Drops outbound unassigned IPs from looping though tunl0 via ipencap
	iptables -I FORWARD ! -s 44.63.7.32/29 -o tunl0 -j DROP
	#
	########################################
	### STARTS THE ampr-ripd ROUTER DAMEON
	# -s saves routes to /var/lib/ampr-ripd/encap.txt
	# -r use raw socket instead of multicast
	# -t routing table to use
	# -i tunnel interface to use
	# -p RIPv2 password (latest ampr-ripd defaults to the current valid password)
	# -a ampr subnets to be ignored (remove your allocation from the table)
	/usr/sbin/ampr-ripd -s -t 44 -i tunl0 -a 44.63.7.32/29 -L VA3ZZA@fn03dl