You are here

ampr ip block ussage

4 posts / 0 new
Last post
kj6dzb
kj6dzb's picture
ampr ip block ussage

Im deploying 44.net ip's on the mesh side of things. when i change over to the public ip addresses, i can SSH in to the nodes but the httpd responds with: 

{Rejected request from RFC1918 IP to public server address}
So I did some research and developed a fix. 
 
Q; dose any one eles have this problem? 
Q: Dose any one see a problem with what i did?
 
Im plan to run the ampr.net VPN gateway on a node or just locate a RPI on the lan side and create static routes.  
--------------------------------------
if you get the:
{Rejected request from RFC1918 IP to public server address}
fix:
SSH into the node 
cd /etc/config
nano uhttpd
Edit the line to...
option rfc1918_filter 0
exit and Reboot

---------------------------------

 

73 Mathison kj6dzb

KG6JEI
Mesh IP expected in 10.x range

(Admin note: moved to ragchew)

A note that all testing is done under the V3 protocol with mesh IP's being in the 10.x range. There is currently no plan to change this as AMPR allocations do not fit well with the self configuring priority that AREDN has adopted.

This could be just the tip of the iceberg on issues one may encounter as such use on a production emcomm mesh would not be recommended.

N2MH
N2MH's picture
Win 10?
Is this on a Windows 10 box? I get that on one of my windows 10 machines but not the same machine running Debian linux.
KG6H
Two work-arounds
There are two work-arounds: connect to the non-44 address of the mesh node, or manually edit the "option rfc1918_filter" lines in /etc/config*/uhttpd to be a "0" value. I understand this project's auto-configuration goal of 10-net addressing, but I too would like to use AMPR 44-net allocations (even if it was an "advanced" solution). I tried changing my 3-node net this way, including all WiFi addresses, using NAT and DHCP (so I could input custom IPs and ranges) so all LAN segments were on 44. I really didn't want NAT, but DIRECT doesn't allow custom IPs. The NAT solution doesn't really work or do what I want. At this point I'm just going to NAT all of my off-net access to 44-net addresses. I'd rather not NAT at all and just have firewall rulesets to filter everything.

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer