Mirrored from: http://n1uro.ampr.org/linuxconf/amprnat.txt and http://n1uro.ampr.org/linuxconf/ampr-with-nat.html

Set up an AMPR Net Gateway


The AMPRNet or network is a global Internet-routed network reserved for use by Amateur Radio. The URL names are suffixed with .ampr.org and are resolvable by almost any properly configured DNS name server you wish to use. There's also some exclusively for use on the AMPRNet if you know where they are.

While some softwares available for Internet routing uses public network IPs and dynamic hostname resolvers such as ddns.org or no-ip.org, there is NO security on these networks. You are at the mercy of your ISP and any port filtering they may impose. By using the AMPRNet, you can bypass the blocks your consumer-grade ISP places on you and create a whole learning experence for yourself - such as network security, web server configurations, mail server management, and more.

What's the secret?

The AMPRNet uses a special protocol not a port, so there are no ports to forward in your router! AMPRNet uses IP protocol number 4, in simple terms IPEncapsulation. This is a means of tunneling IP packets through an existing IP path. to bypass the filters and blocks on consumer ISP circuits.

If your OS is incapable of running protocol 4, you will not get connectivity. This includes all Microsoft products. This is because Microsoft improperly mislabeled protocol 4 as IP Version 4.
See http://support.microsoft.com/kb/949848 for more details.

Setting up an AMPRNet account.

With your Browser, go to the AMPRNet Portal http://portal.ampr.org and open an account by registering.

Log on, go to Home > Networks and follow the instructions to request a block of addresses. Typically a small subnet of 6 or 14 usable IPs is all you need. A /29 subnet is 6 addresses and a /28 subnet is 14 addresses.

You will receive your address allocation by email.

Don't forget to fill in the bottom part of that form.

Setting up a Router.

I suggest using an older computer which runs the Linux OS. You can configure your AMPRNet Gateway and link your Microsoft machine, smartphone, etc to it.

The Raspberry Pi is an excellent choice for a router. It is a small $35 unit with a 100BaseT Ethernet connection and at least 2 USB interfaces, one Port may be used for a Wifi dongle. You can plug your Pi into your Main Router and use wifi out... or vice-versa.

If you link your RPi as a Client you can use an external router as a Bridge to supply Ethernet and/or Wifi to Hosts you wish to put on the AMPRNet. You can get as creative as you want configuring a DHCP server, turn Linux/Pi into a full access point Wifi router, etc.

Is RIP required?

Typically speaking, a normal amprnet gateway would use RIPv2 and set a default route to UCSD, however not all consumer grade routers can handle a DMZ or they still attempt to NAT your DMZ. In this instance, you'll need to coordinate with an existing amprnet host to handle routing for you and install what I call a "keep-alive" timer so that the NAT socket holds the ipencap session going. This is done by setting a cron-job to send a simple ping every 4 minutes to the host handling your IP/block. In your /etc/crontab: */4 * * * * root /bin/ping -c 1 your.ampr.host.ip > /dev/null 2>&1 and this will send out a ping every 4 minutes to keep your ipencap session alive. If you're on a dynamic IP and it does infact change you'll be required to contact your host with your new IP.

Setting the address of your Router.

Assign a Static IP address to your AMPRNet Router's Host to your router.
This is typically a 192.168.x.x address, some may use 10-net space. Either address scheme will work depending on your brand of consumer router. Which is sometimes referred to as CPE equipment.

Configure the Router.

Copy and paste the script (below) and edit in the information on the 4 lines to include your addresses.

AMPRIP='x.x.x.x'	# Your Gateway address ex:
IPMASK='x.x.x.x'	# Your Netmask ex:
COMMIP='x.x.x.x'	# Your Router's Ip address ex:
NOSIP is only needed if you have installed one of the xNOS programs - such as JNOS, maintained by Maiko VE4KLM. However with a Linux based OS, xNOS is no longer needed for packet services.
NOSIP='x.x.x.x'		# Next:

Place the "dotun.sh" script in /usr/local/bin/ and flag it executable.
chmod +x /usr/local/bin/dotun.sh

To Initialize your AMPRNet router: enter the command /usr/local/bin/dotun.sh start

Use the command /usr/local/bin/dotun.sh stop to shutdown the AMPRNet router.

Comments are included in the script so you can follow step by step what the script is doing. If you have questions, please join the 44-net list and someone will be happy to assist you.

To have true global internet routing on the AMPRNet submit DNS entries for your gateway to your coordinator.

# --- ipip ---
## Installation:
## name this file: /usr/local/bin/ipip
## chmod +x !$
## ln -s /etc/init.d/ipip
## yum install/apt-get install chkconfig
## chkconfig ipip 2345
## service ipip restart

#! /bin/bash

# Start ipip amprnet networking daemons.
# Script written and modified by Brian Rogers N1URO
# Date of last modification: 1/21/2015
# Provides:          ipip
# Required-Start:    $syslog
# Required-Stop:     $syslog
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Starts and stops ipencapsulation
# Description:       Starts and stops ipencapsulation for  ham services

# Author: Brian Rogers 

AMPRIP='x.x.x.x' # ampr IP of this specific machine.
IPMASK='x.x.x.x' # netmask of your amprnet block.
COMMIP='x.x.x.x' # the IP of your router/modem.
NOSIP='x.x.x.x'  # if you run xNOS, what's it's ip?

case "$1" in
        # Load your ipencap module in the kernel:
        modprobe ipip

        # Allow ip forwarding from amprnet to your ethernet interface
        echo "1" > /proc/sys/net/ipv4/ip_forward

        # Configure your ipencap tunnel interface - required for the amprnet
        ifconfig tunl0 $AMPRIP netmask $IPMASK up

        # Allow traceroutes to work on the amprnet:
        ip tunnel change tunl0 mode ipip ttl 64 pmtudisc

        # If you run xNOS, uncomment the below and configure a tun/tap interface:
#       ifconfig tun0 $AMPRIP pointopoint $NOSIP up

        # configure your rointing accordingly:
        # Note, if this node is behind an existing gw on your
        # lan, change the "via" ip below in the default line to
        # the lan IP of your gateway... and add a route in table 1
        # on your gateway to this node. Uncomment below if you run xNOS.
#       ip route add $NOSIP dev tun0 onlink table 1 src $AMPRIP
        ip route add default via [amprnet.hosts.commercial.ip] dev tunl0  src $AMPRIP onlink table 1

        # configure policy routing so that frames from/to your 44-net IP
        # know how to route accordingly:
        ip rule add from 44/8 pref 1 table 1
        ip rule add to 44/8 pref 1 table 1

        # script is done, exit as a clean flush.
        echo -n "Amprnet routing complete. "
        sleep 1
        echo "Script by N1URO."
        exit 0

        # Unload what we loaded above:
        ip rule del to 44/8 pref 1 table 1
        ip rule del from 44/8 pref 1 table 1
        ifconfig tunl0 down
        ifconfig tun0 down
        modprobe -r ipip
        echo "Amprnet routing disabled."
        exit 0

        echo "Restarting/resetting amprnet routing..."
        ipip stop
        sleep 3
        ipip start
        exit 0
        echo "Usage: ipip {start|stop|restart}"
        exit 0

exit 0
--- EOF ---
Documentation rewrite by Charley K4GBB.