Hello everyone!
Does anyone have any experience setting up VyOS for use on the AMPR
network? I have the IPIP tunnel to UCSD set up, however, I don't know how
to proceed from there in terms of RIP.
This is what I did so far:
set interfaces tunnel tun0
set interfaces tunnel tun0 local-ip 'wanip'
set interfaces tunnel tun0 remote-ip 169.228.66.251
set interfaces tunnel tun0 encap ipip
set interfaces tunnel tun0 descr "Tunnel to AMPR Gateway"
set interfaces tunnel tun0 multicast enable
set protocols static table 1 interface-route 0.0.0.0/0 next-hop-interface
tun0
set policy route SOURCE_ROUTE rule 10 set table 1
set policy route SOURCE_ROUTE rule 10 source address 44.0.0.0/16
set interfaces ethernet eth1 vif 44 policy route SOURCE_ROUTE
set protocols rip interface eth1.44
set interfaces ethernet eth1 vif 44 ip rip authentication
plaintext-password [therippass]
--
Miguel Rodriguez
12th Grade Student
MIGUELR-DN42 / KM4VYU
miguemely101(a)gmail.com
Tel: *561-758-0631*
*Accredited District Since 2008; Re-certification - January 2013*
Home of Florida's first LEED Gold Certified School
*Disclaimer*: Under Florida law, e-mail addresses are *public records*. If
you do not want your e-mail address released in response to a public
records request, do not send electronic mail to this entity. Instead,
contact this office by phone or in writing.
Earlier I wrote:
> Well I did not get a mail from you, probably it has been lost somewhere due to spamfiltering.
I now found how that happened...
I use my @amsat.org address on this list, and I found that the forward address has been reset about 2 weeks
ago, back to a value that it was a few months ago. I had changed it since.
I still receive most of my mail because that other path still sort of works, but it tends to block a lot of mail that
from the amsat.org forwarder as spam.
So I now found a couple of mails in a spamfolder where I normally don't look anymore.
I'm not sure what happened, there appears to be no announcement on the amsat.org page, but it could be
that they had to restore a backup of the alias database. So when you use amsat.org and changed your
forwarding address, it might be worthwhile to check if it is still OK.
Rob
I have received repeated requests from a non licensed user. When I reject,
he resubmits. It is obvious that this person may have an alterior motive
as it is a hosting company.
What to do in such cases? I have just let the request sit. None of the
hams or it people in my area have ever heard of the hoster.
Any way to ban a submission?
Best,
Elias
Kd5jfe
On Feb 20, 2017 3:00 AM, "Rob Janssen" <pe1chl(a)amsat.org> wrote:
(Please trim inclusions from previous messages)
_______________________________________________
> I was thinking what would be helpful is if there was specific information
> required, it would be good to prompt for it ahead of time. In reading
> through these threads, it appears there can be some variance in what may be
> required by each coordinator. Perhaps instead of free form text block
> there could be a means to prompt for some of the information that would be
> considered qualifying fields.
>
That is a good point!
There should be an optional text record for each network, to be entered by
its coordinator, about the local requirements for allocation and that will
be displayed on the request form above the input section.
Rob
_________________________________________
44Net mailing list
44Net(a)hamradio.ucsd.edu
http://hamradio.ucsd.edu/mailman/listinfo/44net
> I was thinking what would be helpful is if there was specific information required, it would be good to prompt for it ahead of time. In reading through these threads, it appears there can be some variance in what may be required by each coordinator. Perhaps instead of free form text block there could be a means to prompt for some of the information that would be considered qualifying fields.
That is a good point!
There should be an optional text record for each network, to be entered by its coordinator, about the local requirements for allocation and that will be displayed on the request form above the input section.
Rob
> Thanks Tom. The portal already automatically sends reminder notices
> to coordinators with outstanding allocation requests, twice a month.
> If all the coordinators agree, we could change that to weekly.
I don't think that will help. In the cases where I did not get a response from
others it usually turned out they were moving, busy at work, etc.
Overwhelming them with more notices is not going to solve that.
> I find that the coordinations which take more than a few minutes to handle
> are those where the requester is confused and asking for something that
> is not sensible, so an email exchange is necessary to get the request
> straightened out.
That is correct. There should be an option for the coordinator to abandon
the request and take the thing to e-mail. Now the only option is to reject
the request, which often upsets the requester and also (because of language barriers)
the requester often clicks all links in the message, causing it to be re-submitted.
I would like to see a button on that screen that just deletes the request without
further mail towards the requester, so I can then send mail and explain the situation.
Rob
> Hello Rob,
> I have receive your email this morning and reply to it before your send
> on the group, I also close my amprnet for the moment. I'm new with the
> mikrotik router and don't know all, I get information on the internet to
> get it work. Sorry for the bad packet this is not intentionnal.
> 73 de Pascal
> ve2hom
Hi Pascal,
Well I did not get a mail from you, probably it has been lost somewhere due to spamfiltering.
Good to hear you use a MikroTik router! It is possible to fix it on this kind of router.
When you go to the IP->Firewall page and open the NAT tab, you will find an existing NAT
rule that you use for your internet connection. It will probably show something like
"masquerade", chain srcnat, out.interface ether1.
You can just add another item like that, with the settings:
chain srcnat
src.address 192.168.0.0/16
out interface ! ether1 (click in the empty box for the ! to appear and select your internet interface)
action src-nat
to address 44.135.50.x (select an address you want to use for this)
That should fix your problem, assuming you use this router only for internet and hamnet and
have no other interfaces to other networks.
This rule will make any traffic from the 192.168 range to be translated to a fixed address in hamnet
(but only when it is not sent to the internet interface, that is where the other rule applies)
Rob
> This also provides an opportunity for peer review in cases of misguided
> allocation schemes
>(such as breaking up a state block by county).
>
>Tom
Tom.
Can you validate why using a county scheme is misguided?
----------
Wm Lewis (KG6BAJ)
AMPR Net IP Address Coordinator - Northern and Central California Regions
(A 100% Volunteer Group)
______________________________________________
----------
This message is for the designated recipient only and MAY CONTAIN
PRIVILEGED OR CONFIDENTIAL INFORMATION.
If you have received it in error, please notify the sender immediately and
delete the original. Any other use of this E-mail is prohibited.
Does anyone know how to reach VE2HOM? He is keeping his contact information well-hidden, it appears.
His gateway at 206.80.251.222 is sending a lot of traffic with RFC1918 source address:
Feb 19 15:00:53 Packet DROP: IN=tunl0 OUT=eth1 TUNL=206.80.251.222 SRC=192.168.0.5 DST=44.137.42.18 LEN=60 TOS=0x00 PREC=0x00 TTL=62 ID=13455 DF PROTO=TCP SPT=40510 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0
Feb 19 15:00:57 Packet DROP: IN=tunl0 OUT=eth1 TUNL=206.80.251.222 SRC=192.168.0.5 DST=44.137.42.18 LEN=60 TOS=0x00 PREC=0x00 TTL=62 ID=38262 DF PROTO=TCP SPT=40512 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0
Feb 19 15:01:01 Packet DROP: IN=tunl0 OUT=eth1 TUNL=206.80.251.222 SRC=192.168.0.5 DST=44.137.42.18 LEN=60 TOS=0x00 PREC=0x00 TTL=62 ID=14124 DF PROTO=TCP SPT=40480 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0
Everyone remember: when you are combining the routing of AMPRnet and other network traffic, make sure you
have the proper routing and/or NAT rules in place, and preferably also a filter, to make sure you don't send traffic
with a source address like 192.168.0.5 into an AMPRnet tunnel.
Rob
