Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Using pfsense to route 44net traffic

    Scheduled Pinned Locked Moved
    webGUI
    gui ham radio ax.25 ip-in-ip ipencap
    2
    2
    166
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dad98253
      last edited by dad98253

      44net is a special network used by amateur (ham) radio operators to route digital data via radio links. Stations are often interconnected over the internet using ip-in-ip protocol to tunnel the amateur ax.25 traffic from one station to another. The necessary protocols are built into freebsd, but pfsense does not provide a way to manage these protocols from the GUI. In the past, hams have resorted to modifying the .php files manually to add these protocols. However, whenever pfsense is updated, these changes must be re-applied. It would be very little work to permanently add these protocols to the pfsense GUI, and it would certainly save a lot of headaches to those who use them.

      The following 3 patches are the changes necessary on my SG-1000. All total, they are less than half a dozen lines of code. The three specific protocols that these lines expose are ax.25, ipip, and ipencap.

      If this feature could be pulled into a future release of the base code it would be really nice. The same change should work for any pfsense platform/version.

      --- firewall_nat_edit.php 2024-04-16 15:35:02.574785000 -0700
      +++ /usr/local/www/firewall_nat_edit.php 2022-06-22 11:53:33.000000000 -0700
      @@ -192,7 +192,7 @@
      filter_get_interface_list()
      ))->setHelp('Choose which interface this rule applies to. In most cases "WAN" is specified.');

      -$protocols = "TCP UDP TCP/UDP ICMP ESP AH GRE IPV6 IGMP PIM OSPF AX.25 IPIP ipencap Any";
      +$protocols = "TCP UDP TCP/UDP ICMP ESP AH GRE IPV6 IGMP PIM OSPF Any";

      $section->addInput(new Form_Select(
      'ipprotocol',

      --- firewall_nat_out_edit.php 2024-04-16 15:35:26.620039000 -0700
      +++ /usr/local/www/firewall_nat_out_edit.php 2022-06-22 11:53:33.000000000 -0700
      @@ -112,7 +112,7 @@
      )
      ))->setHelp('Select the Internet Protocol version this rule applies to.');

      -$protocols = "any TCP UDP TCP/UDP ICMP ESP AH GRE IPV6 IGMP carp pfsync AX.25 IPIP ipencap";
      +$protocols = "any TCP UDP TCP/UDP ICMP ESP AH GRE IPV6 IGMP carp pfsync";

      $section->addInput(new Form_Select(
      'protocol',

      --- firewall_rules_edit.php 2024-04-16 15:36:32.245387000 -0700
      +++ /usr/local/www/firewall_rules_edit.php 2022-06-22 11:53:33.000000000 -0700
      @@ -1369,9 +1369,6 @@
      'sctp' => 'SCTP',
      'carp' => 'CARP',
      'pfsync' => 'PFSYNC',

      •   'ax.25' => 'AX.25',

      •   'ipip' => 'IPIP',

      •   'ipencap' => 'IP-ENCAP',
        )
        ))->setHelp('Choose which IP protocol this rule should match.');
      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @dad98253
        last edited by

        @dad98253
        You should probably better submit a feature request.

        In the meantime maybe you can go with the System Patches Package and configure a custom patch.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post