AX25 Firewall rules

I have a WRT3200ACM and have a DMZ set up that goes to a Linux system and it does all firewall rules for AX25, Node , FBB, Cluster ext.
I would like to change to openwrt is way to do the same? if how?

Also have the website on another box with single port forwarding, Do not see should be any problem with this.

Sure. Openwrt doesn’t have a ‘DMZ’ feature, but you can create the same thing by forwarding all ports to the device in question. It is pretty easy.

Alternatively (and recommended), only forward the ports actually in use by your downstream device instead of forwarding all ports.

Does it have the option to configure AX25 Layer 2 Protocol?
Do you I configure AX25 Protocol to forward ?

Can you show a screenshot of what your existing router has?

There are a handful of lower level protocols (like tcp, udp, igmp, etc) that are used for the base level ip communications. Most higher level protocols sit on top of these.

Can also send Linux firewall if that would help.

This just fowards all protocols, all ports to the IP address specified. You can do the same thing with OpenWrt.

1 Like

How do I do that?

Yes, the OpenWrt router only speaks Ethernet and 802.11 by default. The OpenWrt doesn't speak AX.25.

As a reminder AX.25-in-IP is IP Protocol No. 93.


(I sent you a PM with my callsign)

Also: Error while compiling aprx - #3 by lleachii (This OP wasn't really interested in having the router speak AX.25 natively, he just wanted to compile software.)

Perhaps first:

  • You can explain how the OpenWrt is connected
  • The software you showed a screenshot of (it's not OpenWrt - which was what was expected)
  • Can you elaborate more

(If this is an AMPRNet node you wish to collapse into the OpenWrt, you don't say that anywhere. I provided a link to the AMPRNet Wiki for making an OpenWrt-based node in your PM. There's also the AMPRNet mailing list.)

config redirect                         
        option target 'DNAT'                    
        option src 'wan'
        option name 'Allow-AMPR_IPENCAP'
        option dest_ip '192.168.1.x'  
        option family 'ipv4'            
        option proto '4'
        option target 'ACCEPT'

This is the firewall rule I used when I ran an AMPR Node on an Linux machine instead of the OpenWrt.

(FYI - this information is available at AMPRNet.)