XRPi Home Documentation Index Alphabetic Index |
XRPi Documentation - System FilesIPROUTE.SYSIP Router Configuration FileThis optional file is only required if you wish to route IP traffic, or use any of XRPi's IP facilities such as Telnet, Ping, Traceroute, HTTP server etc. I.e. it is not required if you are operating a pure AX25 / Netrom system. If present, IPROUTE.SYS must be located in the same directory as XRPi.EXE The file is read only at XRPi boot-up, or by an "IP ROUTE LOAD" command so if you make changes to it, they won't take effect until you reboot or use that command. XRPi does not write to this file. If IPROUTE.SYS is present, it saves you having to enter the IP routing manually. This file also contains the permanent ARP (Address Resolution Protocol), NAT (Network Address Translation), RIP (Routing Information Protocol) entries, and IP filtering rules. File FormatIPROUTE.SYS is a text file. Within the file, each entry must be on a separate line, and there must be one or more spaces or tabs between each field. Entries are not case sensitive. Comments are allowed, providing they are on a line beginning with a semicolon ';' or hash '#'. Blank lines are ignored and lines may be up to 255 characters long. CommandsCommands accepted in this file are as follows: ACL <PERMIT | DENY> ARP <ADD | PUBLISH> DUN <ADD | LOG> IP <CMD | ROUTE ADD | ROUTE DEFAULT | QUIET | TTL> NAT <ADD> RIP <ADD | LEARN | REFUSE | TIMEOUT> ACL commands control the Access Control List, which specifies the IP addresses which are allowed to access and be accessed by XRPi. ARP commands are used to add "static" entries to the ARP table. These are mainly used for slow RF links. DUN commands are used to configure "dial-up" routing. IP commands are used to add routes to the IP routing table and to configure the TTL, stealth level, and availability of the IPROUTE command. NAT commands add Network Address Translation entries to the NAT table. RIP commands control the RIP98 automatic route learning system. All of these commands are described in more detail in their own section 1 MAN pages. Example IPROUTE.SYS File:# IPROUTE.SYS # # IP Configuration & routing tables for XRPi without Ndis driver # (if you are using the NdisXpkt driver, you may wish to set the # default route via XRPi's IP stack instead of Windows) # ###################################################################### # # # IP Routing # # # ###################################################################### # # IP ROUTE ADD <target>[/len] <gateway> <port> [mode [metric]] # IP ROUTE ADDPRIVATE <target/bits> encap <gateway> # IP ROUTE DEFAULT <port> [gateway [mode]] # # <target> The destination hostname or IP address. IP address is # preferred, as it is more efficient. Route default must # always be an IP address. # # <bits> The "subnet mask" specified as the number of bits (0-32) # of the address (from left to right) which should be # compared when making routing decisions. For example, 24 # would compare the left-most 24 bits (3 bytes) of the # datagram's destination address with the "target" address, # and would thus route up to 255 destinations. # # <gateway> IP address or hostname of the machine to which matching # datagrams should be routed. A gateway address of "*" # or "0.0.0.0" will route the datagram direct to target. # # <portnum> The "radio port" via which the gateway is reached. # # <mode> How the datagram is routed, as follows.. # # d = Datagram (direct) # e = Encap (ip-over-ip protocol 4) # i = IPIP (ip-over-ip protocol 94) # k = Kernal (Linux) # n = Netrom (ip-over-netrom) # r = Reject # s = Silent discard # u = IPUDP (ip-over-UDP) # v = Virtual circuit (ip-over-ax25) # # (If not specified, <mode> defaults to (d)atagram) # # #===================================================================== # Default route for all datagrams not matched by any other entry. # # IP ROUTE DEFAULT <portnum> [gateway [mode]] # ==================================================================== # ; Try all unknown routes via Linux kernal ; ip route default 0 * k #===================================================================== # Non-default routing # # IP ROUTE <add> <target>[/bits] <gateway> <portnum> <mode> # ==================================================================== # ; Default for 44 via ax25 link on port 32 ; ;ip route add 44.0.0.0/8 44.131.142.220 32 d ; ; Primary router is 44.131.91.246 / 192.168.0.240 via ipudp ; ;ip route add 44.131.91.246 192.168.0.240 0 u ###################################################################### # # # Miscellaneous IP Configuration Commands # # # ###################################################################### # # IP ROUTE CMD [0-1] # IP TTL [ttl] # # IP ROUTE CMD is used to allow / disallow the IP ROUTES and # IPR[outes] commands from being used by non-sysops. On amateur # networks however, it is considered bad practice to hide IP # routing. # # IP TTL specifies the default "Time To Live" for datagrams # originating at this host. # ;ip route cmd 1 ; ;ip ttl 50 ###################################################################### # # # Adress Resolution Protocol (ARP) # # # ###################################################################### # # ARP <ADD | PUBLISH> <host> <hwtype> <hwaddr> # ARP CMD [0-255] # ARP MAXQ [0-32767] # ARP LEARN <port | default> [ON | OFF] # ARP <TIMEOUT | WAIT> [secs] # # <hwtype> = Hardware address type: "ax25", "ether", or "netrom" # <hwaddr> = Hardware adress, i.e. callsign or ethernet address # # Note: Routing via AX25 digipeaters is supported. To use this, the # destination ax25 callsign and up to 8 digis must form a # single, comma-delimited string, e.g. "G8PZT,G6YAK,G8EPR". You # cannot *publish* addresses containing digipeaters.. # ;arp add 44.131.91.245 ax25 G8PZT ###################################################################### # # # Network Address Translation (NAT) # # # ###################################################################### # # NAT <add> static <localaddr>[:port] <globaladdr>[:port] [tcp | udp] # NAT <add> overload <localaddr> <globaladdr> <subnet mask> # ;nat add overload 192.168.0.5 44.131.91.5 255.255.255.0 ;nat add static 192.168.0.5 44.131.91.5 ; ; This is for acting as Internet Connection Sharing machine ; nat add overload 192.168.0.1 0.0.0.0 255.255.255.0 ###################################################################### # # # RIP98 Routing Information Protocol # # # ###################################################################### # # RIP ADD <ipdest> <secs> # RIP REFUSE <ipaddr> # RIP TIMEOUT <secs> # ;rip add 44.131.91.245 10 ###################################################################### # # # Stealth Mode # # # ###################################################################### # # The (experimental) command IP QUIET <0-255> controls whether or not # ICMP error messages are generated. The value is the sum of the # selected options from the following list: (default=0) # # 1 Suppress ICMP echo replies. # 2 Suppress ICMP "Unknown Protocol" messages # 4 Suppress TCP resets # 8 Suppress all other ICMP error messages. # # A non-zero value may help to reduce the number of responses to # hackers using port scanners, but it won't confer any extra security, # and will certainly have a detrimental effect on normal TCP/IP # operations, because network problems will not be detectable. # The use of this command is not condoned. See the MAN page entitled # STEALTH for more details. # ; IP QUIET 0 ###################################################################### # # # IP packet filtering (access control) rules # # # ###################################################################### # # If no rules are specified: no filtering is performed. # else: If one or more rules are specified, datagrams will be ignored # unless they match a "permit" rule. # # 0.0.0.0/32 is a special case matching any of XRPi's addresses # # ACL <action> <src_ip>[/mask][:port] <dst_ip>[/mask][:port] [proto] # # <action> PERMIT Allow routing / access # DENY Prevent routing / access # <src_ip> Source IP address of datagrams # <dst_ip> Destination IP address of datagrams # [mask] Either: No. bits (0-32) to match from left to right # Or: Subnet mask in form n.n.n.n # [port] TCP / UDP service numbers (0-65535) 0 = all ports. # [proto] Protocol number (TCP=6, UDP=17. 0=all protocols) # ; Allow LAN sources to access any dest ;acl permit 192.168.0.0/16 0.0.0.0/0 ; ; Allow 44 sources to access any dest ;acl permit 44.0.0.0/8 0.0.0.0/0 ; ; Allow XRPi to access any dest ;acl permit 0.0.0.0/32 0.0.0.0/0 ; ; Prevent Internet users from accessing XRPi TCP port 513 ;acl deny 0.0.0.0/0 192.168.0.245:513 6 ; ; Allow non-44 sources to access KIDDER (e.g. axudp) ;acl permit 0.0.0.0/0 0.0.0.0/32 ; ; Prevent non-44 sources from accessing any other 44 dest ;acl deny 0.0.0.0.0 44.0.0.0/8 |