I know a couple of groups now have proper reverse delegation of DNS for their subnets… Wondering who to drop a line to so I can get 44.103.0.0/19 delegated to a.ns.mi6wan.net and b.ns.mi6wan.net ?
Didn’t see it in the portal or wiki and my notes from a few months ago are foggy...
--
Fredric Moses - W8FSM - WQOG498
fred(a)moses.bz
All,
I've added a new tool that I'd like you to test. This web application
should provide the registration code required by APRS software suites.
In order to use it, you must browse to:
http://kb3vwg-010.ampr.org/tools/aprscode
or
http://44.60.44.10/tools/aprscode
If you're on AMPRNet, you should be able to enter the callsign and look
up the registration code. If you access it from outside of AMPRNet, you
will be prompted for an access code (1234).
Please let me know how it works
73,
KB3VWG
44net-request(a)hamradio.ucsd.edu wrote:
> Subject:
> [44net] ampr-ripd 1.12 released
> From:
> "Marius Petrescu" <marius(a)yo2loj.ro>
> Date:
> 11/16/2014 01:36 PM
>
> To:
> "'AMPRNet working group'" <44net(a)hamradio.ucsd.edu>
>
>
> Hello OMs,
>
> Following the idea from Rob, PE1CHL, I added the possibility to execute a
> system command from ampr-ripd if routes are set or changed.
> This will happen on startup, after an existing encap is found in
> /var/lib/ampr-ripd, or after 30 seconds after a RIP update, if there is a
> change in the encap data (AFTER saving the new encap file if requested).
Thanks Marius! I have installed it on my own gateway and the 44.137 gateway and
first tests shows it works fine.
For the others: I requested this feature to modify a firewall when gateways change
address. Before I accepted IPIP packets from everyone, but this is a weakness in the
system that maybe could be exploited. I observed rogue IPIP packets from the far east.
So instead of:
iptables -A firewall -p 4 -j ACCEPT
on the incoming interface, I now have:
iptables -A firewall -p 4 -j ipipfilter
and I have the following script that inserts/updates the ipipfilter list:
#!/bin/sh
# load encap.txt into ipipfilter list
PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
AMPRGW="169.228.66.251"
gwfile="/tmp/gw"
cd /var/lib/ampr-ripd || exit 1
grep addprivate encap.txt | sed -e 's/.*encap //' | sort -u >$gwfile
if iptables -N ipipfilter 2>/dev/null
then
iptables -F ipipfilter
iptables -A ipipfilter -s $AMPRGW -j ACCEPT
while read ip
do
iptables -A ipipfilter -s $ip -j ACCEPT
done <$gwfile
iptables -A ipipfilter -j DROP
else
iptables -L ipipfilter -n | grep ACCEPT | fgrep -v $AMPRGW | \
sed -e 's/.*-- //' -e 's/ .*//' | sort | diff - $gwfile | \
while read d ip
do
case "$d" in
">")
iptables -I ipipfilter -s $ip -j ACCEPT
;;
"<")
iptables -D ipipfilter -s $ip -j ACCEPT
;;
*)
;;
esac
done
fi
rm -f $gwfile
The full pathname of this script /usr/local/sbin/load_ipipfilter is passed with the new -x
option to ampr-ripd. It will load the entire filter the first time, and later it will only update
the filters that have changed. It is required that the -s option is passed as well, so the
encap.txt file is created by ampr-ripd.
Now I only accept IPIP packets from addresses in the gateway list, which makes me feel a
bit safer. (of course sanity checks were already done on the incoming IPIP packets)
Rob
Good afternoon,
in the original layout it was possible to add any network to a gateway.
Now you can only add networks assigned to the account holding the
gateway, at the same time it seems impossible to add a gateway more than
once or to share a gateway between several network holders.
While I agree that users should be unable to add foreign networks to
their gateway, it also creates an issue where several OMs decided to
share 1 single gateway for various reasons.
Can someone please advise how to share a gateway between several
resource holders under the current portal design and logic?
vy 73
--
Marc, LX1DUC
--
www.laru.lu - Luxembourg Amateur Radio Union
www.emcomm.services - Emergency Communication
www.ham-dmr.lu - DMR Infos for HAMs
> Subject:
> Re: [44net] Add network to gateway
> From:
> Chris <chris(a)g1fef.co.uk>
> Date:
> 11/28/2014 08:13 PM
>
> To:
> AMPRNet working group <44net(a)hamradio.ucsd.edu>
>
>
> Guys,
>
> The intention was not to cut anyone off, but there were a lot of folk adding 44 networks to gateways that had not been allocated to them, or indeed allocated at all.
Of course that is because your view on "allocated" is different from others'
I think any address that has an entry in the .ampr.org DNS is "allocated".
That it does not have an entry in your list of allocated subnets is a different matter.
> The whole point of the Portal is to document who has been allocated (and is using) what IPs. So the gateway code has been updated to only allow allocated networks to be added to gateways.
I would have considered it better when the work on managing allocations (addresses and DNS entries) had been finished first. But of course it is a hobby project so you can set your own priorities.
Rob
I have implemented an API for accessing the Portal data programatically, if you login and select “API” from the menu there is some info there about it.
So far I have only implemented one function: the ability to retrieve the encap routes.
I would appreciated comments / feedback / suggestions as well as any bug reports.
Thanks,
Chris
> Re: [44net] Bogus route entries
> From:
> "Marius Petrescu" <marius(a)yo2loj.ro>
> Date:
> 11/25/2014 07:26 PM
>
> To:
> "'AMPRNet working group'" <44net(a)hamradio.ucsd.edu>
>
>
> Hello,
>
> With the last apr-ripd version (1.13), this entry (or any other having the
> gateway inside its own subnet) gets ignored and can be direct routed (since
> it is BGP-ed).
> Unlike the entry 44.140.0.0/24 via some public IP which does not work.
> I would prefer to see it as it is via 44.140.0.1...
>
> Marius, YO2LOJ
Ok I must tell I have not yet installed the latest version, I am using 1.12 with the -x option
and I noted this one (as it appears near the top of the list) is coming and going all the time.
I captured a trace and this entry was not among the RIP entries sent at that time.
So the problem is somewhere upstream, not in ampr-ripd.
Next tuesday we will move our gateway to the datacenter of our ISP and we will start doing BGP
routing of 44.137 (permission from ARDC is already obtained), so then I will update ampr-ripd
and see what I can do to have entries like this working OK.
But this time my main question is why is this route changing all the time even when it is not
updated in the portal? (unlike the French one and now a Spanish one where users apparently
are experimenting and do not understand the system so they insert and delete their entry all the
time until it works)
Rob
Can somebody explain why the entry "44.140.0.0/16 via 44.140.0.1" keeps appearing and disappearing?
Of course it was already discussed before that this entry has limited usefulness, but ok when someone wants to
have it, let them (I won't be able to use it).
However, it appearing and not appearing in the routing table in a blinkenlight fashion, while the portal says:
Last modified 2014-04-12 17:46:33
Something is going wrong somewhere, but where?
Rob
> Subject:
> Re: [44net] Attn LX gateway
> From:
> "Marc, LX1DUC" <lx1duc(a)laru.lu>
> Date:
> 11/14/2014 12:25 AM
>
> To:
> 44net(a)hamradio.ucsd.edu
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 12/11/2014 21:46, Rob Janssen wrote:
>
> As Rob seems to have had issues finding the correct contact email
> address for the IP address mentioned, I thought this might be helpful
> to share with the group:
>
> For IP addresses allocated by RIPE there is the Abuse (Contact) Finder:
> https://apps.db.ripe.net/search/abuse-finder.html
>
> Not each and every network has updated to the latest RIPE policies,
> but it's always worth a shot:-)
>
> 73 de Marc
It is also helpful when some contact or identifying information is present in the
gateway listing on portal.ampr.org.
In this case it only points to a clubstation with an info address, but via that I was
able to get the message forwarded to you.
It would have been helpful when your callsign and/or e-mail had been present
in the portal listing.
73,
Rob
