Hello,
I seem to have something broken on my firewall for redirecting incoming
ipip packets to my gateway box. It appears to work fine at times but
fails periodically, typically after a reset/power failure. Usually it
comes back after several reboots of firewall and router but this process
is inconsistent.
The latest reboot had me digging deeper to try to find the real problem
and I have discovered that only the rule in FORWARD chain of the filter
table is firing, not the DNAT in the nat table. I suspect the firewall
is only working when some connection (outgoing ?) wakes up the
masquerade rules but haven't actually found the rule that is active.
The firewall is running on OpenWRT using iptables (old version 1.3.8)
and the rules as I think they should work are
## for ampr.org tunnels
iptables -t nat -I PREROUTING -p 4 -i eth0.1 -j DNAT \
--to-destination 192.168.99.66
iptables -t filter -I FORWARD -p 4 -i eth0.1 -j ACCEPT
As I understand it, the first re-writes the destination for ipip packets
to my gateway and the second allows them to be forwarded however the
counter on first stays stuck at 0.
A reference to what sounds like a similar problem:
https://sourceforge.net/p/ipcop/mailman/message/17780204/
It would be really nice to get this sorted properly, any debugging hints
appreciated. In particular, am I correct in expecting both rule counters
to match ?
thx ...
... Niall
Hi folks,
I have a /29 subnet allocated and have been with interconnecting a few systems but want to expand that connectivity to other systems round the world.
Last time I experimented with amprnet was 15 years ago and I had a ipip tunnel to a packet node that also had amprnet connectivity. That node is long gone so looking for something else to use.
Reading info on the wiki, it sounds like I can now use rip and connect via the UCSD router. Have I under stood this correctly?
Any idiot guides out there on how to do this or any suggestions on other ways I can connect to a gateway?
Thanks
Jon
M1CQO
I'm unable to attend the 2016 TAPR DCC next month in St Petersburg
Florida. If anyone on this mailing list is going to be there, could
you please let us know the substance of any discussions relevant
to the AMPRNet.
Thank you.
- Brian
Hello,
I know the people on this maillist work on the real internet infrastructure types of networks,
but I was wondering if anyone thought an overlay network, such as CJDNS [1],
that uses cryptographic-generated addressing to ensure an FC::/8 address corresponds to a public certificate.
would be more practical for everyday hams who only have a behind-the-ISP or dynamic IP connection to the internet.
[1] https://en.wikipedia.org/wiki/Cjdns
!!Dean
KC4KSU
> It's frustrating when one has deployed IPv6 and has to keep battling
> with the evils of NAT. :/
But we have a large IPv4 space available so why would we battle with NAT???
It should not be a problem to get an IPv4 address from net-44 for any of your
experiments and not have to use NAT.
Not that I am against experimenting with IPv6, but I am not sure which way
that should go:
- somehow get an "own" IPv6 range that we can manage in a similar way as
the net-44 space
- just use the IPv6 space everyone can get from their local provider and
have only DNS support for it in ampr.org and maybe some service for listing
of prefixes in use on ampr hosts to be used in firewall address lists.
Having an own range appears nice, but it means we will again have the problems with
internet tunneling and BGP routing that we are having now.
Rob
I have replaced my cisco with mikrotik
the ipip works ok
i have two questions (for time being)
1) how do i synchronize the time ? do i need to install ntp client ? i see no ntp under the system in the gui window
2) i want to run the routing script that Marius wrote but it say it need a password ? what is the password for ? how do i get it ?
Thanks forward
Ronen 4Z4ZQ
http://www.ronen.org
Ronen Pinchooks (4Z4ZQ) WebSite<http://www.ronen.org/>
www.ronen.orgronen.org (Ronen Pinchooks (4Z4ZQ) WebSite) is hosted by domainavenue.com
Hi there
when Connecting amprnet via openvpn
is it limited to USA only users ?
what is the IP the one that connect get ? is it a special IP assigned for the vpn server ? or the user get his country IP allocation ...and can a block of ip pass ? or only single ip ?
What PC software can be used ? or only linux supported ?
thanks forward
Ronen - 4Z4ZQ
http://www.ronen.org
Ronen Pinchooks (4Z4ZQ) WebSite<http://www.ronen.org/>
www.ronen.orgronen.org (Ronen Pinchooks (4Z4ZQ) WebSite) is hosted by domainavenue.com
Because many of the people on this list run Linux, I mention
the following article:
http://www.theregister.co.uk/2016/08/10/linux_tor_users_open_corrupted_comm…
"Linux security backfires: Flaw lets hackers inject malware into downloads, disrupt Tor users, etc"
If you're running Linux kernel 3.6 or later and your system is
exposed to the internet, this is something you should consider
taking care of.
- Brian
Hello,
I have some problem with requesting an alocatation block.
I sent two alocation request on portal.ampr.org on 44.181.0.0/16 (Slovakia)
one week ago.
My requests are still in "waiting for coordinator" status.
I tried to send "Contact us" message to portal two day ago, but my request
is without changes.
I am not sure that my coordinator is active on portal.
Please, Who can help me with this issue, or give advice, or some mail
contact.
Is possible to activate some subregion block witout my inactive coordinator
to me ?
Thanks.
73, Marcel OM0ATE
Hello,
I had a problem to let rip44d after an OpenWrt Chaos Calmer 15.05, but was
dropped dmz traffic ipencap 169.228.66.251 not passed to the second
router.
In openwrt menu: Network -> Firewall -> Custom Rules
I add:
---
iptables -A INPUT -p 4 -j ACCEPT
iptables -A INPUT -p udp --dport 520 -j ACCEPT
iptables -t nat -A PREROUTING -p 4 -j DNAT --to 192.168.1.2
---
192.168.1.2 is ip of second router or 44 gateway with rip44d
After adding these lines and reboot the router all problems are corrected.
Let's hope it will be useful.
73, Miro, LZ4NY
-------------------------------------
P.S Вместо да разпитваш приятели и познати как се прави онлайн магазин, тествай безплатно 14 дни Shopiko – за да започнеш да продаваш.
https://www.superhosting.bg/web-hosting-compare-shop-plans.php?utm_source=M…
