44net October 2017

44net@mailman.ampr.org

47 participants
42 discussions

misconfigured gateways
by Brian Kantor 01 Nov '17

01 Nov '17

There are two gateway systems with misconfigured routing tables that are attempting to route all of net44 through amprgw instead of using mesh connections. These may have a default route instead of using the correct routing table. Whatever the case, they aren't going to have much luck reaching other net44 hosts. Those gateway operators should check their configurations. - Brian Last update at Sun Oct 22 06:30:01 2017 PDT [-0700] gateway inner src #errs indx error type ---------------- ---------------- ----- ---- ------------------------------- 79.0.254.164 44.134.96.1 5408 [ 8] dropped: encap to encap 173.230.244.130 44.68.41.1 1349 [ 8] dropped: encap to encap

2 1

Re: [44net] AMPRnet Allocation for a Club?
by Rob Janssen 25 Oct '17

25 Oct '17

> That is, if your repeaters are at different sites, you'll probably > need different tunnels for each site, and therefore different allocations, > one per site. (It's a restriction of the portal/tunnel system that > you can't further subnet an allocation for different gateways). Really? We do have that, and it appears to work fine... Or has there been a change that disallows new creation of subnets that way?

3 3

44net gateway downstream routing
by Pedro Ribeiro 24 Oct '17

24 Oct '17

Hello, I've mapped 2 blocks ( 44.158.128.0/20 & 44.158.158.0/23 ) in the AMPR portal, to the gateway 193.137.237.9 Both blocks have the "Tunnel" checkbox active. When I generate traffic from the Internet to the IP 44.158.128.1 I can see some encapsulated (IPoIP porto 4) arriving but when the target is 44.158.158.1 (or any other IP from the 2nd IP block) no traffic arrives. The routes are being advertised in the RIPv2 announces and in the "encap" file, as expected. I'm I missing something? thanks for all the work done keeping this net! regards. tcpdump: > 16:58:38.871024 IP 169.228.34.84 > 193.137.237.9: IP 194.210.189.129 > > 44.158.128.1: ICMP echo request, id 19244, seq 1, length 64 (ipip-proto-4) > 16:58:39.871090 IP 169.228.34.84 > 193.137.237.9: IP 194.210.189.129 > > 44.158.128.1: ICMP echo request, id 19244, seq 2, length 64 (ipip-proto-4) > 16:58:40.870884 IP 169.228.34.84 > 193.137.237.9: IP 194.210.189.129 > > 44.158.128.1: ICMP echo request, id 19244, seq 3, length 64 (ipip-proto-4) > 16:58:41.871032 IP 169.228.34.84 > 193.137.237.9: IP 194.210.189.129 > > 44.158.128.1: ICMP echo request, id 19244, seq 4, length 64 (ipip-proto-4) > 16:58:42.870926 IP 169.228.34.84 > 193.137.237.9: IP 194.210.189.129 > > 44.158.128.1: ICMP echo request, id 19244, seq 5, length 64 (ipip-proto-4) -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Callsign: CT7ABP QRA: Pedro Ribeiro GRID Locator: IM58mr QTH: São Francisco, Alcochete, Portugal NET: http://www.qrz.com/db/CT7ABP CT7ABP is also home station of CR7AJI Diogo =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

2 2

AMPRnet Allocation for a Club?
by Michael Casadevall 24 Oct '17

24 Oct '17

Greetings all, I'm working on helping renovating a repeater system for the Southern Catskill Amateur Radio Society (KC2AXO - http://wireless2.fcc.gov/UlsApp/UlsSearch/license.jsp?licKey=421389), and was interested in figuring out the rules for getting an AMPRnet assignment for the club. I'd like to get a /24 though we could probably work with smaller as long as it's a large enough allocation to subnet it. Right now, we have a simple 2m repeater, but we're building two 33cm links up to the repeater shack to get connectivity up there. Right now, we're interested in setting up EchoLink/IRLP/AllStar for the repeater, and pending a second antenna/additional equipment, possibly a digipeater, APRS gateway, and packet BBS. Right now, we've got three sites (the primary repeater, a fill-in site, and the base station in town). The rough plan right now is as follows: - svxlink up at the shack for repeater control - 33cm downlinks to the fill-in repeater/club station - svxlink instance in the club which terminates traffic going to the internet (this acts as a Link Station, and keeps us within Part 97 compliance w.r.t Internet traffic and RF links) - aprsd running on the repeater, direct connection to APRS-IS (since this is all ham-to-ham traffic with callsigns, this should be legal per Part 97). - As resources allow, RF link to AMPRnet in general We'll have to get gateways to the other AMPR networks like HamWAN and such for 44net traffic to be reachable elsewhere. What I'd like to do is use an AMPRnet allocation from our base station, and then pipe service up to the repeater via a second fill-in site we have. AMPRnet seems like a logical way to do this, and as we expand the club, also allow folks to play with packet radio. I looked through the archives and the wiki and saw nothing about club allocations for AMPRnet so I figured I'd try here before filling out the application form as well as getting suggestions from the 44net community. I'm not the trustee (N2TDX) for the club sign, but I'm acting w/ his permission and can have him do the registration process if need be. Just trying to figure out the process and get our feet wet with AMPRnet. 72 de KD2JRT

3 5

[44-announce] amprgw OS upgrade Sunday
by Brian Kantor via 44-announce 22 Oct '17

22 Oct '17

I'm currently planning to upgrade the operating system and packages on amprgw (aka gw.ampr.org) Sunday morning Pacific time. This will take the system from FreeBSD 10.3-RELEASE to 11.1-RELEASE, since the 10.3 version will be going end-of-life in early 2018. There will be a few times where the system will be out of service while it reboots. Each time, you may notice that packet forwarding is briefly not working. - Brian -- 44-announce mailing list 44-announce(a)mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44-announce

6 5

Re: [44net] [44-announce] amprgw OS upgrade Sunday
by Rob Janssen 19 Oct '17

19 Oct '17

> I'm currently planning to upgrade the operating system and packages on > amprgw (aka gw.ampr.org) Sunday morning Pacific time. This will take > the system from FreeBSD 10.3-RELEASE to 11.1-RELEASE, since the 10.3 > version will be going end-of-life in early 2018. Good luck - and thanks for the effort you spend! No drastic changes like putting VMware ESXi underneath? :-) Rob

1 0

Wireless security flaw revealed
by Brian Kantor 19 Oct '17

19 Oct '17

This appears to be somewhat serious; it will probably require people to reflash the firmware in some or all of their wireless devices when fixes become available. How one reflashes IoT devices is problematic. - Brian From ARSTechnica: "The proof-of-concept exploit is called KRACK, short for Key Reinstallation Attacks. The research has been a closely guarded secret for weeks ahead of a coordinated disclosure that's scheduled for 8 a.m. Monday, east coast time. An advisory the US CERT recently distributed to about 100 organizations described the research this way: "US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected. The CERT/CC and the reporting researcher KU Leuven, will be publicly disclosing these vulnerabilities on 16 October 2017." https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-…

5 10

Re: [44net] Firewall logs settings recommendations
by Rob Janssen 18 Oct '17

18 Oct '17

> I get a screen ful of garbadge because most of it are fail login attempt and then i can not see any usefull info because the garbadge is so big it cover the few line of real info i want to see It is not a good idea to have the admin interface of your router open to the entire internet. Fix that using the input chain of the firewall, and the messages will be far fewer. Of course you may also want to limit what the router forwards to systems behind it, depending on your network config. Rob

1 0

Firewall logs settings recommendations
by R P 17 Oct '17

17 Oct '17

Hi there I have a Mikrotik for the 44 net It have a firewall and currently it logs to the screen and the ram (not to the disk) any fail login ... and some rules (not too much as i want open network) such as SIP signals that are many and some other big intruders protocols Now i have some deliberation (i hope it is the right word i used google translate) how to configure the logs ? I get a screen ful of garbadge because most of it are fail login attempt and then i can not see any usefull info because the garbadge is so big it cover the few line of real info i want to see I wanted to change the log rules that only successful login will be logged so i will not see so much traffic .. but then i will not see the break in attempt and might loose real break in currently i check the fail login and im more aware so if i see a raise in login failures i check the reason and even make rule to block the IP im afraid when i will rely only on logging the successful logins it might be too late when i will discover that someone have already logged in to the system Indeed ist not a top secret router and network behind it its only ham radio // but still ... Is there are experts here that might tell me what is the best way to do ? when i was long ago sys admin i followed a rule that said what you dont look at you dont know what is going on behind but the garbage info today is so big that it require hours to real look at it Regards Ronen - 4Z4ZQ

2 1

Getting Started Requesting ips
by Loren Tedford 17 Oct '17

17 Oct '17

Ok so i sent off to get a /24 however the statement that came back to me was i need to put this under IL so my question is... Is this because i live in IL or because you think i will be routing this from all from IL.. I own several servers around the country I rent and release servers all the time.. I have currently servers in Canada, London and just shut down one in Dallas Texas so what i am trying to say is that all ip's may not be pointed to IL all the time is this an issue? I guess i am kinda confused as to why under IL.. Here is the message. Request rejected. You are located in Illinois, please apply in the Illinois subnet, 44.72. -- LOREN TEDFORD (KC9ZHV) Phone:618-553-0806 Fax: 1-618-551-2755 http://www.lorentedford.com *************************************************** CONFIDENTIALITY NOTICE: Confidential information, such as identifiable patient health information or business information, is subject to protection under state and federal law. If you are not the intended recipient of this message, you may not disclose, print, copy or disseminate this information. If you have received this in error, please reply and notify the sender (only) and delete the message. Unauthorized interception of this e-mail is a violation of federal criminal law. **************************************************

6 10

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

44net October 2017