Using the Mesh to provide access to an Icom D-Star repeater

Using the Mesh to provide access to an Icom D-Star repeater

I'm currently using an AREDN mesh to provide internet access to a non-Icom D-Star repeater. It works perfectly, because the G4KLX software I'm running on the Raspberry Pi doesn't have two of the Icom requirements: 1. Lan ip for the gateway must be on the network with a /8 mask!  2. Inbound connections for various ports are required.

With the G4KLX software, running behind multple layers of NAT is not a problem...and no inbound routing is required unless you want to allow inbound linking. We don't, we stay connected to a reflector all the time.  :-)

So to meet the requirement for being on, I would have to move the mesh IPs to something else. No big deal, that's just on the config page, right? I just need to set the WAN ip address and mask to something else (yes, lots of implications to that, but just that one place, right?). For the inbound routing, I found a post for using iptables to do this for another open-wrt variant. Yes that's manual config away from the gui, but it is only on the gateway node. Adding some iptables commands in firewall.user should do the trick. Any other precautions I should take? 

And final thought, while not secure at all, would changing away from the automatically assigned 10.x addresses provide another way to limit auto-joining of the mesh? Sure you could capture the wifi packets and figure it out, but that's an extra hurdle for your typical troublemaker. Thinking about a use case where I want to control nodes being added to this mesh. Not the typical AREDN use case, but I've never been called typical.

Thanks, Mike KG9DW



you cannot move the mesh off

you cannot move the mesh off of the network.  You'll need to double nat with another router perhaps.

Ok, so assuming I have to double-nat this thing, any concerns with adding iptables entries on the internet gateway mesh node to forward traffic to the router at the end point?

We would like to hang an AREDN node on the same LAN as an ICOM DSTAR repeater gateway.
I am trying to understand what the problem is with doing this.  Is the issue that you cannot specify a 10.x.x.x address for the WAN side of the AREDN node?

yes.  From my understanding
yes.  From my understanding (AE6XE can confirm), you would need to do something to NAT the external network so that it does not directly appear as a 10.x network to the mesh.  (ie. two-back-to-back NAT routers perhaps)

