Joining DN42: A MikroTik Border, Three WireGuard Peerings, and a FreeBSD Jail in the Hobbyist Internet

Table of Contents Table of Contents At a Glance What is DN42? Architecture The Registry The MikroTik Border Router Interfaces BGP Filters Firewall MSS Clamping NAT44 and NAT66 The Native DN42 VLAN The FreeBSD Service Jail A RouterOS ND Quirk What This Looks Like From The Outside Lessons Learned Conclusion References After a few months of running AS201379 on the public internet, the obvious next experiment was DN42 - the parallel, hobbyist-run BGP network that mirrors the structure of the real internet but lives entirely on private address space, glued together by WireGuard tunnels. It runs the same protocols, presents the same operational challenges, and uses many of the same configuration patterns. The difference is that you can break things at three in the morning without anyone losing access to anything important. The moment it felt real wasn’t a routing-table dump or a show ip bgp summary - it was an https:// URL that worked from somewhere it had no business working from. From a…