To those on the list;
Happy and memorable holiday wishes to you and your families. The amprnet
has gone through many changes and developments bringing it great
success. Here's to even more success in 2015 *raises glass of spiked egg
nog* cheers!
--
If Microsoft intended Windows to be for ham usage,
they would have incorporated our protocols into their kernel.
73 de Brian Rogers - N1URO
email: <n1uro(a)n1uro.ampr.org>
Web: http://www.n1uro.net/
Ampr1: http://n1uro.ampr.org/
Ampr2: http://nos.n1uro.ampr.org
Linux Amateur Radio Services
axMail-Fax & URONode
AmprNet coordinator for:
Connecticut, Delaware, Maine,
Maryland, Massachusetts,
New Hampshire, Pennsylvania,
Rhode Island, and Vermont.
Hi,
I have been running a gateway since 1991 either in Texas or in France.
I have a serious problem with the new security policy which does not allow
to add a subnet if it is not allocated to you in the portal database.
First it is preventing a single gateway to serve multiple hamradios and
their subnets. This is completely against the spirit of hamradio.
It is also preventing to serve IP addresses which are not registered in the
portal.ampr.org. (i.e. HAMNET Europe (44.168.x.x for France) are defined in
hamnetdb.net portal. Some 44.76.x.x addresses are not in the portal too but
only in the host file)
In the Paris area we are developing a HAMNET network using the French
allocation 44.168.x.y. This network is using wifi equipments in 2.3 and
5.6GHz hamradio band. There is a single gateway (mine) and a lot of
sites/subnet/host and backbones which are not mine of course. I have
currently several subnets to add to my gateway but unfortunately I cannot.
This is holding the deployment of several sites and applications like DMR
repeaters connections thru HAMNET and other.
I hope that a solution will be find very quickly.
73 de Remi F6CNB (or W5/F6CNB)
44net-request(a)hamradio.ucsd.edu wrote:
> Subject:
> [44net] ampr-ripd 1.12 released
> From:
> "Marius Petrescu" <marius(a)yo2loj.ro>
> Date:
> 11/16/2014 01:36 PM
>
> To:
> "'AMPRNet working group'" <44net(a)hamradio.ucsd.edu>
>
>
> Hello OMs,
>
> Following the idea from Rob, PE1CHL, I added the possibility to execute a
> system command from ampr-ripd if routes are set or changed.
> This will happen on startup, after an existing encap is found in
> /var/lib/ampr-ripd, or after 30 seconds after a RIP update, if there is a
> change in the encap data (AFTER saving the new encap file if requested).
Thanks Marius! I have installed it on my own gateway and the 44.137 gateway and
first tests shows it works fine.
For the others: I requested this feature to modify a firewall when gateways change
address. Before I accepted IPIP packets from everyone, but this is a weakness in the
system that maybe could be exploited. I observed rogue IPIP packets from the far east.
So instead of:
iptables -A firewall -p 4 -j ACCEPT
on the incoming interface, I now have:
iptables -A firewall -p 4 -j ipipfilter
and I have the following script that inserts/updates the ipipfilter list:
#!/bin/sh
# load encap.txt into ipipfilter list
PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
AMPRGW="169.228.66.251"
gwfile="/tmp/gw"
cd /var/lib/ampr-ripd || exit 1
grep addprivate encap.txt | sed -e 's/.*encap //' | sort -u >$gwfile
if iptables -N ipipfilter 2>/dev/null
then
iptables -F ipipfilter
iptables -A ipipfilter -s $AMPRGW -j ACCEPT
while read ip
do
iptables -A ipipfilter -s $ip -j ACCEPT
done <$gwfile
iptables -A ipipfilter -j DROP
else
iptables -L ipipfilter -n | grep ACCEPT | fgrep -v $AMPRGW | \
sed -e 's/.*-- //' -e 's/ .*//' | sort | diff - $gwfile | \
while read d ip
do
case "$d" in
">")
iptables -I ipipfilter -s $ip -j ACCEPT
;;
"<")
iptables -D ipipfilter -s $ip -j ACCEPT
;;
*)
;;
esac
done
fi
rm -f $gwfile
The full pathname of this script /usr/local/sbin/load_ipipfilter is passed with the new -x
option to ampr-ripd. It will load the entire filter the first time, and later it will only update
the filters that have changed. It is required that the -s option is passed as well, so the
encap.txt file is created by ampr-ripd.
Now I only accept IPIP packets from addresses in the gateway list, which makes me feel a
bit safer. (of course sanity checks were already done on the incoming IPIP packets)
Rob
Hi,
Some dutch hams did a great job to bring the Gateway to Holland.
Roundtrip time drops to about 17ms now.
I wanted to do some tests and logged in into the portal to add a gateway
and subnets.
Using the portal it didn't succeed to add it and I tried the email robot
instead.
When I take a look to my gateway address it's in use by Chris, G1FEF.
I don't see anything from me in the gateway list now.
How solve this problem?
73, Erwin
Good afternoon,
in the original layout it was possible to add any network to a gateway.
Now you can only add networks assigned to the account holding the
gateway, at the same time it seems impossible to add a gateway more than
once or to share a gateway between several network holders.
While I agree that users should be unable to add foreign networks to
their gateway, it also creates an issue where several OMs decided to
share 1 single gateway for various reasons.
Can someone please advise how to share a gateway between several
resource holders under the current portal design and logic?
vy 73
--
Marc, LX1DUC
--
www.laru.lu - Luxembourg Amateur Radio Union
www.emcomm.services - Emergency Communication
www.ham-dmr.lu - DMR Infos for HAMs
> Subject:
> Re: [44net] Add network to gateway
> From:
> Chris <chris(a)g1fef.co.uk>
> Date:
> 11/28/2014 08:13 PM
>
> To:
> AMPRNet working group <44net(a)hamradio.ucsd.edu>
>
>
> Guys,
>
> The intention was not to cut anyone off, but there were a lot of folk adding 44 networks to gateways that had not been allocated to them, or indeed allocated at all.
Of course that is because your view on "allocated" is different from others'
I think any address that has an entry in the .ampr.org DNS is "allocated".
That it does not have an entry in your list of allocated subnets is a different matter.
> The whole point of the Portal is to document who has been allocated (and is using) what IPs. So the gateway code has been updated to only allow allocated networks to be added to gateways.
I would have considered it better when the work on managing allocations (addresses and DNS entries) had been finished first. But of course it is a hobby project so you can set your own priorities.
Rob
I have implemented an API for accessing the Portal data programatically, if you login and select “API” from the menu there is some info there about it.
So far I have only implemented one function: the ability to retrieve the encap routes.
I would appreciated comments / feedback / suggestions as well as any bug reports.
Thanks,
Chris
> Re: [44net] Bogus route entries
> From:
> "Marius Petrescu" <marius(a)yo2loj.ro>
> Date:
> 11/25/2014 07:26 PM
>
> To:
> "'AMPRNet working group'" <44net(a)hamradio.ucsd.edu>
>
>
> Hello,
>
> With the last apr-ripd version (1.13), this entry (or any other having the
> gateway inside its own subnet) gets ignored and can be direct routed (since
> it is BGP-ed).
> Unlike the entry 44.140.0.0/24 via some public IP which does not work.
> I would prefer to see it as it is via 44.140.0.1...
>
> Marius, YO2LOJ
Ok I must tell I have not yet installed the latest version, I am using 1.12 with the -x option
and I noted this one (as it appears near the top of the list) is coming and going all the time.
I captured a trace and this entry was not among the RIP entries sent at that time.
So the problem is somewhere upstream, not in ampr-ripd.
Next tuesday we will move our gateway to the datacenter of our ISP and we will start doing BGP
routing of 44.137 (permission from ARDC is already obtained), so then I will update ampr-ripd
and see what I can do to have entries like this working OK.
But this time my main question is why is this route changing all the time even when it is not
updated in the portal? (unlike the French one and now a Spanish one where users apparently
are experimenting and do not understand the system so they insert and delete their entry all the
time until it works)
Rob
Can somebody explain why the entry "44.140.0.0/16 via 44.140.0.1" keeps appearing and disappearing?
Of course it was already discussed before that this entry has limited usefulness, but ok when someone wants to
have it, let them (I won't be able to use it).
However, it appearing and not appearing in the routing table in a blinkenlight fashion, while the portal says:
Last modified 2014-04-12 17:46:33
Something is going wrong somewhere, but where?
Rob
> Subject:
> Re: [44net] Attn LX gateway
> From:
> "Marc, LX1DUC" <lx1duc(a)laru.lu>
> Date:
> 11/14/2014 12:25 AM
>
> To:
> 44net(a)hamradio.ucsd.edu
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 12/11/2014 21:46, Rob Janssen wrote:
>
> As Rob seems to have had issues finding the correct contact email
> address for the IP address mentioned, I thought this might be helpful
> to share with the group:
>
> For IP addresses allocated by RIPE there is the Abuse (Contact) Finder:
> https://apps.db.ripe.net/search/abuse-finder.html
>
> Not each and every network has updated to the latest RIPE policies,
> but it's always worth a shot:-)
>
> 73 de Marc
It is also helpful when some contact or identifying information is present in the
gateway listing on portal.ampr.org.
In this case it only points to a clubstation with an info address, but via that I was
able to get the message forwarded to you.
It would have been helpful when your callsign and/or e-mail had been present
in the portal listing.
73,
Rob
> Subject:
> Re: [44net] amprgw ok?
> From:
> "Marius Petrescu" <marius(a)yo2loj.ro>
> Date:
> 11/18/2014 06:05 PM
>
> To:
> "'AMPRNet working group'" <44net(a)hamradio.ucsd.edu>
>
>
> Brian, Chris, thank you for your efforts.
>
> I took a look at the latest sent encap info and I want to bring in
> discussion the way how some gateways are announced.
>
>> >route addprivate 44.24.240/20 encap 44.24.221.1
> Now this one is ok. The gateway (44.24.221.1) is BGP announced, but not in
> the encap file. Everything ok and working.
Ok, with the exception that my systems cannot route to there, because the gateway is
within network-44. Discussed before. Hopefully will change after we are on BGP ourselves,
on a connection that does not do source address filtering.
But we won't be using a gateway within network-44 unless absolutely required, I still think
it is something to be avoided because quite a lot of gateways will not be able to route there,
and the reason of "reliability" that was given for this setup in fact results in permanent failure.
>
> Now to the other two IMHO are wrong:
>
>> >route addprivate 44.151.94.28/32 encap 44.151.94.28
> So this host expects to get encapsulated traffic to a gateway which is the
> host itself. This leeds to a routing loop and is not possible with a regular
> setup.
> This encap entry is in fact plain and simple useless: It states 'you can
> reach me via me' which gives not much information.
This one appears and disappears. Sometimes it is in my list, sometimes not. It
could be that he does not understand how to setup his system, and is not able to
read English very well. Maybe a French or otherwise Francophone person can try
to contact him and ask what is going on.
>
>> >route addprivate 44.140/16 encap 44.140.0.1
> The same applies to the above, just that the whole subnet is routed to a
> gateway which is part of that subnet itself.
>
This one also appears and disappears.
When I looked in the portal gateway list, the last two gateways were not appearing there.
Could it be that they are old gateways that have already been deleted by their owners
but are irregularly being re-announced due to the damaged database?
Rob
It appears some subnets have been purged from the portal. Can we restore
from a backup?
--
If Microsoft intended Windows to be for ham usage,
they would have incorporated our protocols into their kernel.
73 de Brian Rogers - N1URO
email: <n1uro(a)n1uro.ampr.org>
Web: http://www.n1uro.net/
Ampr1: http://n1uro.ampr.org/
Ampr2: http://nos.n1uro.ampr.org
Linux Amateur Radio Services
axMail-Fax & URONode
AmprNet coordinator for:
Connecticut, Delaware, Maine,
Maryland, Massachusetts,
New Hampshire, Pennsylvania,
Rhode Island, and Vermont.
44net-request(a)hamradio.ucsd.edu wrote:
> Subject:
> Re: [44net] ampr-ripd 1.12 released
> From:
> "SP2L-wp" <sp2l(a)wp.pl>
> Date:
> 11/17/2014 08:02 AM
>
> To:
> AMPRNet working group <44net(a)hamradio.ucsd.edu>
>
>
> Rob, Marius et al.
>
> WOW!!!
> What a nifty script!
>
> Isn't small mistype here:
>
> while read d ip <--- "d" is it correct?
> do
Hi Tom,
Yes, it is correct. It reads the output of the diff command which has lines like:
< 1.2.3.4
> 5.6.7.9
It puts the < or > into $d and the IP address into $ip.
Then it either deletes or inserts the IP address in the list using the case/esac on $d.
You can copy/paste the script and run it and check using:
iptables -L ipipfilter -vn
to see if it works OK. You can run it again and nothing should change. When all is OK
you can change the ampr-ripd startup to add the -x option and modify the firewall to use
ipipfilter instead of ACCEPT for -p 4.
Make sure in the startup sequence of the system you run the script once before the
firewall is loaded, so that the ipipfilter target does exist before the rule for -p 4 is loaded.
I have my own script that sets up the entire firewall, so I call the script from there.
Rob
For those who have not yet implemented RIP or automatic import of encap.txt:
The external address of the gateway for 44.137 has changed from 194.109.64.198
to 213.222.29.194 in preparation of the setup of direct BGP routing of 44.137.0.0/16
Rob
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dear YLs and OMs,
beware of the latest Mikrotik RouterOS version 6.21 and 6.22.
It generates strange IPIP packets adressed to the remote endpoint of
an IPIP tunnel. The IPIP packets itself contains an IP packet that is
addressed from the remote endpoint to the mikrotik router.
Pseudo packet capture
Frame: 1
Time: 0
Internet Protocol Version 4, Src: Mi.Kr.Ot.Ik (Mi.Kr.Ot.Ik), Dst:
Re.Mo.Te.IP (Re.Mo.Te.IP)
Internet Protocol Version 4, Src: Re.Mo.Te.IP (Re.Mo.Te.IP), Dst:
Mi.Kr.Ot.Ik (Mi.Kr.Ot.Ik)
Frame: 2
Time: 10
Internet Protocol Version 4, Src: Mi.Kr.Ot.Ik (Mi.Kr.Ot.Ik), Dst:
Re.Mo.Te.IP (Re.Mo.Te.IP)
Internet Protocol Version 4, Src: Re.Mo.Te.IP (Re.Mo.Te.IP), Dst:
Mi.Kr.Ot.Ik (Mi.Kr.Ot.Ik)
and so on, almost every 10 seconds.
Once I downgraded to version 6.20 the strange packets seem to have
stopped appearing.
If someone discovers the origin of this issue and knows of a way to
avoid the issue other than downgrading, please let me know.
Thanks to PE1CH for notifying me after seeing the strange IPIP packets
on his system.
73 de Marc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJUZTQXAAoJEHFIN1T8ZA8vGwAP/2qJuWXQLG4x3S2zPkQFll15
PA9H/ytSxxfdDsKe7tCf7Ky0qmxUV6WNVbq19/Ag1q6Ld+cBhKbWHa7BOVK9hjV0
8NO2ZV5D7KtYkhSLpNE9othhdtU/hRouevEQy/qoO6EvJxE4fEpbOrMiNX6aTAeQ
bnqBWeGsuds7/qHFjOrID0jrfYXdddMW4e9cXwRJRfiFafBIwwLaNHhlKXORaXQy
23mPs+woFskGPk4VXDxWXMuOe3TeWzpxpwldYHaPRhzfUmGBj0ogQ1tSJPiMYMy8
Rc8iE4NtmZMyP0b6IdnoIjveloCpILDIwCHD8ZRba4KSs3aRVcyLih3v67zuu3Jf
i+K7BCKXNFIQtGoY7IQQawRF8AP7vxL30r9J9pgKk7IjURDTBWRDbyZb201gdfbp
PKV+XBlm+Hq9kxs04BIYeYBES+iVLMOJYtLPQtF906EEc1RuzjjvoKu+BVqIB+vk
IRLSBqLsU4V7CM/aj2gvik4TyC2huBjhqpvxNUXeAP5CyMSfqJ8OZZmOYEGyWmZc
vif4F5HhwCjPCaQr0OCqUIKuH/hd+/4qXrFtSnTOYPT+mRCMNg1PW/IvkysS86+5
orQ1J+OeqUnfwHrXvR26l9Yo+SqKie3k+1v9iYyv6ZS7eKFKqseL+lPgQmdnnJl4
gY65U+kkGw27RtlLYw5+
=+9vG
-----END PGP SIGNATURE-----
> Subject:
> Re: [44net] Gateways with external address in net-44
> From:
> Brian <n1uro(a)n1uro.ampr.org>
> Date:
> 11/12/2014 02:07 PM
>
> To:
> AMPRNet working group <44net(a)hamradio.ucsd.edu>
>
>
> On Wed, 2014-11-12 at 10:16 +0100, Rob Janssen wrote:
>
>> >Ok, but then I think those gateway entries should not be distributed via RIP.
>> >When they are directly routable, should we use a tunnel to reach them?
> That's only half the equasion. The other half is when one is SAFed
> (Source Address FilterED) and they policy route 44/8 via their tunnel
> interface, and anything else via UCSD...
Yes that is the problem. I need to policy route on source address because of SAF
and I use a separate routing table for the tunnels with a default to UCSD. This fails with
that 44.24.240/20 with gateway 44.24.221.1 network.
We are building a gateway for 44.137.0.0/16 which in fact has already been running since
the summer but the process of getting the provider to agree to route BGP has taken much
longer than anticipated. Anyway, this gateway (which of course is not affected by SAF itself)
has a separate public IP (194.109.64.198) for use by the IPIP tunnels to other gateways.
I think that is a better method, it avoids lots of confusion and complicated policy routing
rules.
Maybe the routing will work again once we have our country gateway up and running
with BGP and direct outbound routing of net-44 traffic (without having to tunnel to UCSD).
I plan to work out a routing configuration without separate net-44 routing table at that time.
Rob
Brian Kantor wrote:
> Those are valid gateway entries; those particular 44-net addresses
> are directly routed via BGP advertisement.
> - Brian
>
Ok, but then I think those gateway entries should not be distributed via RIP.
When they are directly routable, should we use a tunnel to reach them?
There is a problem because when the destination of the tunnel is within the net-44,
the routing gets in an encapsulation loop.
Rob
+1
On November 12, 2014 12:15:25 PM EST, Tom Hayward <esarfl(a)gmail.com> wrote:
>
>I think we're getting a bit ahead of ourselves here proposing new
>special announcements.
>
>Here's another idea: don't assume anything spans the whole 44/8.
>Instead of policy-routing 44/8, policy route for each of the routes
>found in the encap. 44.24.221.0/24 isn't in the encap, so you should
>source packets to it from your commercial ISP source IP. UCSD is not
>involved.
>
>Tom KD7LXL
--
Bryan Fields
727-409-1194
http://bryanfields.net
When I was working on my gateway I noticed that stations use a 44-address as their external address.
For some time there has been the gateway to 44.24.240/20 with gateway 44.24.221.1
This morning I noticed gateways with address 44.151.94.28 and 44.140.0.1 but they have been removed
in the meantime.
I want to notice that my gateway cannot route traffic to gateways like that, due to the policy routing used
to separate internet traffic and tunnel traffic. And I think that many other gateways have a similar setup
and have the same problem.
Is there any official policy on the external gateway address? Is it allowed to be in net-44, and if not, wouldn't
it be better to check this in the portal and reject submissions like this with a suitable error message?
I suspect part of those entries are just the result of misunderstanding by a newcomer, and we help them
getting things working by hinting at this incorrect configuration.
Rob
Hello Rob/PE1CHL et al.
Rob, thank you very much for "pushing me" into right direction!
Today I made interesting and promissing tests with OpenVPN.
My question and goal was:
"Whether and how one can allocate any-in-size subnet to particular VPN
client?"
Of course, from the address space being at disposal.
Hardware setup:
- AMPRNet gateway server, Debian-7.5 (LAN + WAN)
utilizing 44.165.2.0/28 address space
- OpenVPN server running on above mentioned gateway
utilizing 44.165.15.0/24 address space
- Desktop PC - Debian-7.5 (on LAN, behind router)
- VirtualBox machines: Debian-7.5 Fedora-20 OpenBSD-5.5
(running on Desktop PC)
- Sony Xperia Z1 running OpenVPN client
OpenVPN addresses allocation:
- OpenVPN server - 44.165.15.0/24
- Desktop PC - 44.165.15.16/28
- VirtualBox Debian-7.5 - 44.165.15.32/29
- VirtualBox Fedora-20 - 44.165.15.40
- VirtualBox OpenBSD-5.5 - 44.165.15.253
- Sony Xperia Z1 - 44.165.15.2
Commands giving such nice possibility (example for Desktop PC):
- in the OpenVPN server config file
topology subnet
route 44.165.15.16 255.255.255.240 44.165.15.30
- in the OpenVPN client config file (on server!!!)
ifconfig-push 44.165.15.17 255.255.255.0
iroute 44.165.15.16 255.255.255.240
Already allocated subnets may appear and will be
reachable EXCLUSIVELY on previously assigned machines.
All other addresses may emerge anywhere.
Finally very brief answer is:
YES, it is possible to assign subnet to a particular VPN client!
For more detailed descriptions please refer to OpenVPN manual.
Best regards.
Tom - sp2lob
Hi folks
Anyone running rip44d with ubuntu server 14.04 ?
I have been for a while but after a recent update its now causing the server to hang on reboots :-(
Running kernel 3.13.0-37
I can get in to the server using recovery mode and disable the loading and all is OK so I know its a compatibility issue.
Andy
G0HXT
Hello,
Anyone here using CSF (ConfigServerFirewall) with net44...
I seem to have an issue ..
Seems Chinese hackers are obliterating my URONODE/JNOS Box... and I cannot
even run it long enough to do a tcpdump without losing all network
activity...
I have my config and allow and ignore files if anyone has an idea Id send
them off list for review..
What I see when I start it CSF does great job of stopping the hackers.. and
shortly thereafter it also stops net44..
I have in both allow and ignore files...
192.0.0.0/8
44.0.0.0/8
127.0.0.1
And I have ignore allow set to 1 in the config..
I see what I run csf -l
A line where its is deny tun0 !44.0.0.0/8
Even though just up from there is a listing of
Source and destinations where its allowed..
I think the lfd function of csf is the reason..
But from what I read in the docs if I allow and ignore an ip or /8 it should
allow via csf and lfd should ignore it.
Not sure what I am doing wrong.. But this has my system offline till figured
out.
If I turn on the CSF FW it shuts me out of the 44net altogether..
If I turn it off same results due to hackers. Plus I am off the internet as
well.
Many thanks 73 jerry N9LYA
-----
No virus found in this message.
Checked by AVG - www.avg.com
Version: 2015.0.5557 / Virus Database: 4181/8439 - Release Date: 10/23/14
Hi,
Does anyone know the answer to no pty legacy ports in 7.6 ?
I tried to enable it in the grub,cfg file - pty.legacy_count=32 but it
no longer works ?
Regards ..... Peter ZL2BAU
I'm doing a presentation to the local ham radio club here in St Pete, FL and
have put this together.
http://keekles.org/~bryan/Ham%20radio%20networking.pptx
It may be of interest to the group, feel free to use it or take from it for
you own needs.
any feedback would be great too.
73's
--
Bryan Fields
727-409-1194 - Voice
727-214-2508 - Fax
http://bryanfields.net
Bob;
Can you email me off-list please using a 44-net mailbox?
--
If Microsoft intended Windows to be for ham usage,
they would have incorporated our protocols into their kernel.
73 de Brian Rogers - N1URO
email: <n1uro(a)n1uro.ampr.org>
Web: http://www.n1uro.net/
Ampr1: http://n1uro.ampr.org/
Ampr2: http://nos.n1uro.ampr.org
Linux Amateur Radio Services
axMail-Fax & URONode
AmprNet coordinator for:
Connecticut, Delaware, Maine,
Maryland, Massachusetts,
New Hampshire, Pennsylvania,
Rhode Island, and Vermont.
On 10/20/14, 10:11 PM, Bill Vodall wrote:
> The ultimate application is ... Facebook. Really!
idk, as a 30 yr old single male, I have some great things to say about pof and
tinder.
--
Bryan Fields
727-409-1194 - Voice
727-214-2508 - Fax
http://bryanfields.net
I'm presently looking for a virtual private server host to setup as a hub
for my 44net address block. it has been mentioned when I tried this in the
past that some virtualization technologies work better than others when it
comes to setting up a linux virtual machine with the tunnel mesh (then
subneting the netblock and routing it over various vpn links). i.e. xen
hvm vs xen pvm vs kvm vs vmware.... Also does anyone know a vps provider
that might bgp announce a /24 block and properly feed it to a vps on their
network?
Thanks,
Eric
AF6EP
Hi All,
After a long wait I finally have my 44 address space and my security
certificate.
Following the steps on the wiki I have set up the raspberry pi as a vpn
client and during boot I see the VPN client start.
However just a couple of questions.
Do I need to open and redirect a port on my router pointing to the
raspberry pi running the vpn and if so which port?
Once I have done that, what is the recommended method (software) that
should be installed to protect the network both to and from me?
Before I add any other software is there a way to test the functionality
of what I have done so far? at the moment all it appears to be doing is
sitting there and blinking the wireless access LED
Equipment is a raspberry B+ running off a UPS with wireless access to my
network.
Thanks in anticipation,
Regards Tony VK3API
44net-request(a)hamradio.ucsd.edu wrote:
> Subject:
> [44net] Pirate Packet Radio Node CB0AFU
> From:
> Jann Traschewski <jann(a)gmx.de>
> Date:
> 10/10/2014 09:22 AM
>
> To:
> 44net(a)hamradio.ucsd.edu
>
>
> Hi,
>
> for those of you running a Packet Radio Link to CB0AFU: It seems it is
> *not* located in Chile but running a gateway to CB-Radio (through two
> links to Nodes in CB-Nodes in Austria).
Also watch out when stations use an NL prefix, the CB stations in the Netherlands
commonly use(d) that, so be careful to check if they are really from Alaska.
Rob
The issue is only on my DNS server. I have a zone transfer from 44.in-addr.arpa and ampr.org, so a copy of the zones are located on my BIND server at 44.60.44.3
I've been using nslookup to look at the records from multiple machines. It only occurs on certain IPs where the fourth octet is less than 10.
I'll try dig as well.
- KB3VWG
44net-request(a)hamradio.ucsd.edu wrote:
> Subject:
> [44net] Odd DNS Issue
> From:
> lleachii(a)aol.com
> Date:
> 10/10/2014 11:28 PM
>
> To:
> 44net(a)hamradio.ucsd.edu
>
>
> All,
>
> I'm wondering if anyone else has seen this issue. I'm running BIND version 9.9.5 at 44.60.44.3. I just recently upgraded from 9.8 because I thought it would solve a very weird issue that I'm experiencing.
>
> I allow all to to lookup 44.in-addr.arpa and ampr.org; and it works. BUT, some reverse records always time out.
I have seen this many times and never have been able to solve it. Some ampr.org DNS servers time out on some PTR records.
It comes and goes, can be OK for months and then come back.
When you focus on it to debug the issue it often disappears under your hands.
No idea what it is.
Rob
On 10/11/14, 10:31 AM, Brian wrote:
> Andy et al; On Sat, 2014-10-11 at 13:18 +0100, Andy Brittain wrote:
>>> I think opening up 44 net is potentially a good idea but then we run in
>>> to trouble where RF is involved. Would we not be passing traffic that
>>> technically doesn’t fit under our license t’s&c’s?
> Absolutely. That would easier open us up to pirating (why bother get a
> license if it's freely available?) and put us in jeopardy for possible
> violation of 3rd party communications regulations depending what the 3rd
> party does.
1. There is no guarantee that 44/8 traffic is sourced from licensed radio
amateurs.
2. There is no guarantee that 44/8 traffic is suitable for use over licensed
amateur radio frequencies in $REGULATORY_DOMAIN.
The only thing there is guaranteed about 44/8 is that is must be used for bona
fide amateur radio purposes. What these purposes are, is loosely defined and
open to interpretation.
Guys, it's just IP space. The sooner we separate networking from IP space,
the better IMO.
--
Bryan Fields
727-409-1194 - Voice
727-214-2508 - Fax
http://bryanfields.net
All,
I'm wondering if anyone else has seen this issue. I'm running BIND version 9.9.5 at 44.60.44.3. I just recently upgraded from 9.8 because I thought it would solve a very weird issue that I'm experiencing.
I allow all to to lookup 44.in-addr.arpa and ampr.org; and it works. BUT, some reverse records always time out.
So far, I have tested the following IP addresses which have PTR records, but do not produce results:
44.102.1.1
44.102.1.2
44.108.1.1
44.108.1.2
44.108.1.3
44.60.44.1
44.60.44.2
44.60.44.3
44.60.44.6
44.60.44.7
The only pattern that I've discovered when a lookup times out, is that the fourth octet is always less than 10. I've checked the system log, and there is no denial for the DSN query. I was wondering if anyone had ideas/suggestions.
Thanks and 73,
Lynwood
KB3VWG
Well I know this obviously, but we did get a 180 degree sector up on a
broadcast tower, so I have a bunch of newbies to microwave and
networking in general to deal with.
The consensus is to probably use the BBHN firmware as that is what the
Emcomm and not so tech guys will have a liking to.
So overall I don't think adding that kind of support to a ham rolled
firmware is a bad idea if someone out there had the urge to try and
figure it out. A few years back Ubiquiti AirOS supported those
frequencies natively. So one wonders if one day even Mikrotik might
have those features removed.
Speaking of BBHN is there any kind of video showing the more nuts and
bolts of it working for those of us who (or want to) understand
things a bit deeper?
A video that perhaps shows
broadband hamnet speed test (FTP transfer to a localhost, etc)
traceroutes to show hops when a node disappears or comes online
broadband hamnet route command output when a node disappears
Steve
---- Quote -----
If you want to get out of the part 15 jungle just use Mikrotik gear...
It won't run HSMM mesh but that's not a bad thing if you don't want
to pay the performance penalty of a mesh...
Bill
Atheros Chipset Radios are capable of operation between 2312-2732,
4920-6100 MHz. The purpose of this message is to hopefully draw a few
talented hams out of the wood work that can make a programming
contribution to an the existing Broadband Ham Network firmware
project.
You can look at how the ham radio frequency allocations overlap the
Part 15 bands here:
http://www.qsl.net/kb9mwr/projects/wireless/allocations.html
The Part 15 overlap where all consumer devices operate is heavily
crowded, and thusly the noise floor is high hampering long range links
that we as hams would like to establish. There are a couple third
party solutions to enable the extended frequency support to be able to
shift operations into the ham only portions of the bands. Neither of
them presently have native OLSR support in addition to the extended
frequency support. It would be highly desirable to see our own ham
firmware support the extended frequency support.
HSMM-Mesh / Broadband Hamnet Firmware
In the Fall of 2008, a group of amateurs from the Texas area announced
development of their own custom firmware for the WRT-54G to enable
HSMM-Mesh networking. This is the first ham specific firmware build.
It is also one of the first firmware builds to support OLSR, an ad-hoc
wireless mesh routing daemon. Initially this ham firmware build was
limited to the Linksys WRT54 series of wireless routers. In February
2014 the development team announced support for Ubiquiti 2.4 GHz
devices. In July 2014 support was extended to Ubiquiti 5 GHz
devices.
I should clarify that this firmware does not yet support non-part 15
channels, aka, extended channels / custom frequencies. Nor does it
yet support half-rate (10 MHz wide), or quarter-rate (5 MHz wide)
bandwidth channels to accompany use on ham only spectrum.
If you are knowledgeable with the Linux Kernel programming please
consider reaching out to the development team.
http://www.broadband-hamnet.org/download/firmware/
A discussion on the Broadband Hamnet / HSMM-Mesh ham firmware about
using channels outside of the Part 15 space:
http://www.broadband-hamnet.org/hsmm-mesh-forums/view-postlist/forum-1113/t…
If we can develop the firmware that enables ham channels, Heikki
Hannikainen OH7LZB presented at the 2013 DCC a way to authenticate the
person who might like to download it is a ham.
http://www.youtube.com/watch?v=7anDmQQfyu8 Video presentation from the DCC
http://authtest.aprs.fi - authentication demo site
https://github.com/hessu/ham-cert-web-demo - Apache configuration and
PHP scripts
Greetings;
I have created a file at
http://n1uro.ampr.org/amprdns.brk
This file contains a ton of stray MX and CNAME records. If a coordinator
wishes to sort through it and clean up invalid entries, it's there.
--
73 de Brian Rogers - N1URO
email: <n1uro(a)n1uro.ampr.org>
Web: http://www.n1uro.net/
Ampr1: http://n1uro.ampr.org/
Ampr2: http://nos.n1uro.ampr.org
Linux Amateur Radio Services
axMail-Fax & URONode
AmprNet coordinator for:
Connecticut, Delaware, Maine,
Maryland, Massachusetts,
New Hampshire, Pennsylvania,
Rhode Island, and Vermont.
Greetings to everybody.
Following Shellshock...
There is another hole, called tmUnblock.cgi
targetted on some Cisco Linksys routers:
http://www.scip.ch/en/?vuldb.12362
More info on Internet, for instance:
http://security.stackexchange.com/questions/68405/what-is-tmunblock-cgi-and…
Even targeted at specific hardware, it is poking everywhere...
Short extract from my apache2.log
50.193.84.18 - - [05/Oct/2014:14:03:33 +0200] "GET /tmUnblock.cgi
HTTP/1.1" 400 518 "-" "-"
Best regards.
Tom - sp2lob
Hello Brian(N1URO) et al.
My list of "abusing" subnets and single IP's
contains 56 lines and still grows almost every day.
All of them blocked continuously by iptables.
For securing all amprnet interfaces I have one PERFECT cure:
-A INPUT ! -s 44.0.0.0/8 -i tunl0 -j DROP
-A INPUT ! -s 44.0.0.0/8 -i tun0 -j DROP
-A INPUT ! -s 44.0.0.0/8 -i tun1 -j DROP
-A INPUT ! -s 44.0.0.0/8 -i tun2 -j DROP
-A INPUT ! -s 44.0.0.0/8 -i sl0 -j DROP
-A INPUT ! -s 44.0.0.0/8 -i sl1 -j DROP
-A INPUT ! -s 44.0.0.0/8 -i sl2 -j DROP
Really deadly weapon, Hi!
Nothing, literally nothing, what isn't originated
from 44 network is explicitly DROPped.
JNOS-2.0j4, TNOS-2.40, OpenVPN(44net), TNOS-3.01a1
and two (X)net's are as safe as never before.
Sending email to the "abuse" mailbox is nice and pollite
way but do not change situation right away.
Just my personal point of view...
One day somebody said: if I run taxi business, say in Texas,
I do not want customer from LaLaLand poking around!
Best regards.
Tom - sp2lob
Send from Sony Xperia Z1
http://www.aqua-mail.com
Tom,
I am also using Fail2BAN.
I created my own jail for JNOS and it works great.
That is also why I needed to change the JNOS log file name to something
static. That way I could avoid having to reload/restart Fail2Ban every
morning at midnight to look for a new log.
If you need the Jail regex I created for JNOS (assuming you're using JNOS),
contact me off-list (kg6baj(a)n1oes.org) and I can email it to you.
Bill
KG6BAJ
At 09:13 AM 09/29/14, you wrote:
>I do this with a program called fail2ban. You configure it to watch
>log files for authentication failures or other suspicious activity. It
>then blocks the suspicious source IP in iptables for the configured
>period of time. When the time expires, the IP is unbanned, so false
>positives or new users of an IP address aren't adversely affected.
>
>I get many bans per day and don't put much energy into monitoring or
>reporting them.
>
>Tom KD7LXL
>_________________________________________
Greetings to everybody.
****I want direct your attention to two networks
that lately I'm seeing in my Apache2 log files:
5.141.0.0/16
213.33.130.0/24
Log entries are at least suspicious.
I keep sharp lookout.
Best regards.
Tom - sp2lob
Greetings;
Is anyone running a global buckmaster or similar server on 44/8 that I
can query from xNOS? It would be greatly appreciated. Thanks much.
--
73 de Brian Rogers - N1URO
email: <n1uro(a)n1uro.ampr.org>
Web: http://www.n1uro.net/
Ampr1: http://n1uro.ampr.org/
Ampr2: http://nos.n1uro.ampr.org
Linux Amateur Radio Services
axMail-Fax & URONode
AmprNet coordinator for:
Connecticut, Delaware, Maine,
Maryland, Massachusetts,
New Hampshire, Pennsylvania,
Rhode Island, and Vermont.
To whom it may concern.
Quote:
Niall Parker
2013/12/14 at 06:28
I suspect the intent (of Heikki et al)
was to keep that password from being published…
I suspect it would have helped me though if I hadn’t
been paranoid to read all the docs anyway.
Unqote
Just wonder, whether this security measure is still
in force and should be obeyed without any exempts?
Best regards.
Tom - sp2lob
Sent from Sony Xperia Z1
http://www.aqua-mail.com
I noticed that around 2014-09-20 06:00 UTC, the line:
route addprivate 44.136/21 encap 124.171.137.31
started appearing twice in the encap file. Before this, all entries in
the encap file were unique.
Did something change about how the encap file is generated?
Is this line intentionally included twice?
If so, what value does the second entry serve?
Tom KD7LXL
I just got the following. One month is way, WAY too short. If my records
needed updating every month, it would be a mess and I'd rather just shut
down.
Perhaps once a year is a good requirement, just to verify that we're all
still alive. But if things are stable, forcing a login every month is just
too much.
Michael
N6MEF
Hello Michael,
THIS IS A SYSTEM GENERATED EMAIL FROM THE AMPRNET PORTAL.
Your account on the AMPRNet portal has been dormant for over one month.
It is important that you login regularly to ensure that your personal
details
are up to date, as well as ensuring that any AMPRNet resources allocated
to you are correct, e.g. IP allocations, DNS entries, etc.
Please login to the AMPRNet portal soon:
https://portal.ampr.org
If you have any questions relating to this email, you may reply to it and a
human being will read it and respond.
Kind Regards,
Marvin,
The AMPRNet Robot
On 9/18/14, 5:42 PM, Marc, LX1DUC wrote:
> Changing the Subject line of a digest email isn't enough for "modern"
> email clients (probably post 2005 email clients) which use the
> "References" header to organize messages into threads.
>
> I consider digest mode a nice mode for those that want to stay
> informed but it is a bad choice for those who want to participate.
Digest replies really need to go away, as no one can truly reply to a single
message in it. It breaks threading. Changing the subject does not fix this as
threading is done on the references header, it has nothing to do with the
subject.
I consider the 44net list to be people that "get" how email and networking
works, and even here see so many replies that break threading due to using
broken MUA's and generally not taking 30 seconds to ensure the email is
correctly formatted.
I'm on a number of other ham lists, and most are good, there is a certain
subset who are willfully ignorant of proper grammar, spelling, formatting,
top-posting, proper replies, etc. The ones on yahoo groups tend to be the
worst for this (ex. Repeater-Builder).
Some of the best how-to on posting to a list is from #10 on the qmail list guide.
http://pyropus.ca/personal/writings/12-steps-to-qmail-list-bliss.html#step10
Some of this is of course not applicable to a general list, but most is.
I've considered writing up a Ham list specific how-to, but I doubt it would
change anything. I think it's why I'm checked in here engaging in some good
passionate discussion from time to time, and then take a couple weeks off not
replying at all. :)
73's
--
Bryan Fields
727-409-1194 - Voice
727-214-2508 - Fax
http://bryanfields.net
On 9/19/14, 4:59 PM, K7VE - John wrote:
> Once a year or 6 months (if we are clearing out inactive accounts)
How about if it's in the global routing table I shouldn't need to verify it?
--
Bryan Fields
727-409-1194 - Voice
727-214-2508 - Fax
http://bryanfields.net
Gavin,
I just today saw your application for IP space in the portal. Whilst I
am the regional co-ordinater for NJ your request did not reach me.
Would you please contact me off-list. We can work out a subnet for you.
Mean time, please read this document
http://mrprosser.g7ltt.com/docs/New%20Jersey%20ampr.org%20addressing%20sche…
Thanks
Mark
44net-request(a)hamradio.ucsd.edu wrote:
> Subject:
> Re: [44net] Thread changes
> From:
> "Marc, LX1DUC" <lx1duc(a)laru.lu>
> Date:
> 09/18/2014 11:42 PM
>
> To:
> 44net(a)hamradio.ucsd.edu
>
> I consider digest mode a nice mode for those that want to stay
> informed but it is a bad choice for those who want to participate.
>
> 73 de Marc
>
I switched to digest mode when there was the umpteenth discussion about
how everything we do is bad and everything needs to be overhauled, with
>30 messages per day. I really cannot have these come in my mailbox one by one.
It would be better when we used a newsgroup (possibly on a closed server) where
you can, with a suitable reader, just kill an entire thread and future replies to it.
For now, digest mode it is.
Rob
> Subject:
> Re: [44net] Thread changes
> From:
> Brian Kantor <Brian(a)UCSD.Edu>
> Date:
> 09/12/2014 04:37 PM
>
> To:
> AMPRNet working group <44net(a)hamradio.ucsd.edu>
>
>
> It's when people reply to the digest and don't remember to edit
> the subject line.
> - Brian
I try to remember to copy the subject back to the subject field but sometimes I forget.
Actually it is a bug in the mail program, as everything is available in the digest to reply
to individual messages.
Rob
Luc VE3JGL,
You can configure DD-WRT to pass 44net traffic through the device. I'm not certain that the WRT54GL has enough capacity to install the gateway routing daemon and VPN server:
**Command for Static Public IP (tested on DD-WRT and OpenWRT):
iptables -t nat -I PREROUTING -p ipencap -d <GW Public IP> -j DNAT --to-destination <GW LAN IP>
iptables -t filter -I FORWARD -p ipencap -d <GW LAN IP> -j ACCEPT
**Command for Dynamic Public IP - (WAN is vlan1 in DD-WRT in OpenWRT it is usually eth0.1):
iptables -t nat -I PREROUTING -p ipencap -i vlan1 -j DNAT --to-destination <GW LAN IP>
iptables -t filter -I FORWARD -p ipencap -d <GW LAN IP> -j ACCEPT
73,
KB3VWG
Hi, is there a web page for setting up a WRT54GL with DD-WRT as a 44net
gateway and VPN server
For those who are curious or run URONode, TAPR was kind enough to make
an email list on their mailman server. You can find it at:
http://www.tapr.org/mailman/listinfo/uronode
Thanks to WA1LOU and the TAPR BOD.
--
73 de Brian Rogers - N1URO
email: <n1uro(a)n1uro.ampr.org>
Web: http://www.n1uro.net/
Ampr1: http://n1uro.ampr.org/
Ampr2: http://nos.n1uro.ampr.org
Linux Amateur Radio Services
axMail-Fax & URONode
AmprNet coordinator for:
Connecticut, Delaware, Maine,
Maryland, Massachusetts,
New Hampshire, Pennsylvania,
Rhode Island, and Vermont.
Would anyone with HTML / PHP / MySQL experience like to collaborate with continuing the development of the portal code?
Anyone interested, please email me and I will arrange access to the repository.
You will need to be familiar with Subversion and how to checkout a local copy of the project, do updates and commits.
Thanks,
Chris
The SJVBBS (W6RAY) will be reinstalled at Park Ridge today, Saturday 13 September, 2014. It will have a new public IP address, which has been updated on the portal. For those of you who exchanges traffic to the system will need to use the new ip address once installed. The AMPRnet address will remain the same.
OLD: 71.130.72.52
NEW: 104.49.13.173
This new Internet feed is strictly for amateur radio and the Tulare County Amateur Club (WA6BAI).
73 de Ray W6RAY
Visalia, CA DM06ih
Can anyone answer why threads keep getting relabled?
I don't recall a thread starting with: 44Net Digest, Vol 3, Issue 146
It makes it very difficult to follow a thread, and in a sense kills the
flow of the topic.
Thanks.
--
73 de Brian Rogers - N1URO
email: <n1uro(a)n1uro.ampr.org>
Web: http://www.n1uro.net/
Ampr1: http://n1uro.ampr.org/
Ampr2: http://nos.n1uro.ampr.org
Linux Amateur Radio Services
axMail-Fax & URONode
AmprNet coordinator for:
Connecticut, Delaware, Maine,
Maryland, Massachusetts,
New Hampshire, Pennsylvania,
Rhode Island, and Vermont.
44net-request(a)hamradio.ucsd.edu wrote:
> Subject:
> Re: [44net] 44Net Digest, Vol 3, Issue 145
> From:
> sp2lob <sp2lob(a)tlen.pl>
> Date:
> 09/10/2014 10:02 PM
>
> To:
> 44net(a)hamradio.ucsd.edu
>
>
> Rob at al.
>
> I am reaching this site:
> ftp://n1uro.ampr.org/packet/xfbb/fbbquit.patch
> without any problems, via browser or ftp client.
>
> Best regards.
> Tom - sp2lob
It still does not work from here. Strange... I can ping the public address
that claims to be the gateway for network 44.88.0.0/24 but no reply from 44.88.0.9
(tried from 44.137.40.2)
Brian, do you see occasional incoming SMTP connects? There is a mail queued to
your address but it does not get delivered. Can you ping 44.137.40.2 or 89.18.172.156?
Rob
Tom, SP2LOB has very kindly been working with me to translate the portal into Polish, so we now have English and Polish to choose from. It would be nice to have a few more languages, e.g. French? German?
Does anyone who has English plus at least one other language have the time to help with translations please?
It will be an ongoing job, initially there will be quite a lot of work to translate every page, afterwards it will just be a case of keeping it up to date as the English version is update occasionally. So there is a commitment involved, not just a one off translation.
You will need a basic understanding of HTML but nothing too technical, no PHP coding experience is required as the portal uses a simple template system, so there are HTML template pages to translate, a text file with error messages and a handful of text files for emails sent by the system.
The portal is now under a Subversion repository, so you will also need to be familiar with how to checkout a project, make your modifications then commit the changes back to the repository.
If anyone is interested, please email me: chris(a)g1fef.co.uk
Thanks,
Chris
44net-request(a)hamradio.ucsd.edu wrote:
> Subject:
> [44net] LinFBB patch
> From:
> Brian <n1uro(a)n1uro.ampr.org>
> Date:
> 09/10/2014 02:05 AM
>
> To:
> AMPRNet working group <44net(a)hamradio.ucsd.edu>
>
>
> For those who run LinFBB 7.05f on the amprnet, I have a patch for it
> that I released last night. All it does is adds a (Q)uit command which
> parallels the existing (B)ye command. Considering with FlexNet and Xnet,
> and other softwares leaning more towards Quit than Bye for an "exit
> application" command, this patch will make FBB more user friendly.
In the old days, everyone had an FBB BBS (or maybe RLI or 4RE) and used B for Bye,
except the Germans who had "DIEBOX" where B meant "Bell (alert the sysop)"!
Always fun.
>
> You may find it at:
> ftp://n1uro.ampr.org/packet/xfbb/fbbquit.patch
>
> if interested.
The system is not reachable from here (44.137)
Rob
Hello,
i am coord offrench network 44.151.
I want to make gateways :
For example, i want ping 44.151.29.1 and i would like to have an
answer from my localIP 78.241.81.29.
What is the command to the server.
I knows these command
f5pbg add a 78.241.xxx.xxx
etc...
but i don't know the command to make gateways...
Thank's a lot for the answer.
All the best
Ludovic - F5PBG.
For those who run LinFBB 7.05f on the amprnet, I have a patch for it
that I released last night. All it does is adds a (Q)uit command which
parallels the existing (B)ye command. Considering with FlexNet and Xnet,
and other softwares leaning more towards Quit than Bye for an "exit
application" command, this patch will make FBB more user friendly.
You may find it at:
ftp://n1uro.ampr.org/packet/xfbb/fbbquit.patch
if interested.
--
73 de Brian Rogers - N1URO
email: <n1uro(a)n1uro.ampr.org>
Web: http://www.n1uro.net/
Ampr1: http://n1uro.ampr.org/
Ampr2: http://nos.n1uro.ampr.org
Linux Amateur Radio Services
axMail-Fax & URONode
AmprNet coordinator for:
Connecticut, Delaware, Maine,
Maryland, Massachusetts,
New Hampshire, Pennsylvania,
Rhode Island, and Vermont.
Are we anywhere close to being able to support an RF-based mesh network?
Or is it just simplest to have backhaul to a single tunnel device?
I'm thinking the RF network side would be using OSLR or some other
routing protocol, providing it with the information it needs, but for
the tunnel announcing a single IP makes the most sense. Otherwise, the
large network would show up with multiple diverse routes, but may in
reality be partitioned.
--
Kris Kirby, KE4AHR
Disinformation Architect
To anyone that reported the “Please select your country” bug when editing an IP request allocation.
This has now been fixed.
Please let me know if anyone finds anymore bugs.
Thanks,
Chris
Jean ve2pkt asked me to setup a axip link between our gateways.
ve2pkt 44.135.49.2
and
ve2uqh 44.135.52.33
When trying to ping ve2pkt I get no response, a few hours later it works
fine.
The next day again no response.
Same results from n1uro.
Route to ve2pkt is via n1uro.
I can ping other gateways fine.
Could this be a firewall problem ?
I run jnos2.0j on Debian wheezy with rip44d.
thanks,
Michel
ve2bcw
sysop ve2uqh.ampr.org
Gatineau/Ottawa
Hello,
i am coord offrench network 44.151.
I want to make gateways :
For example, i want ping 44.151.29.1 and i would like to have an
answer from my localIP 78.241.81.29.
What is the command to the server.
I knows these command
f5pbg add a 78.241.xxx.xxx
etc...
but i don't know the command to make gateways...
Thank's a lot for the answer.
All the best
Ludovic - F5PBG.
44net-request(a)hamradio.ucsd.edu wrote:
> Subject:
> Re: [44net] 44Net Digest, Vol 3, Issue 136
> From:
> Libor Berka <ok2pen(a)seznam.cz>
> Date:
> 08/27/2014 10:24 PM
>
> To:
> 44net(a)hamradio.ucsd.edu
>
>
> Re wrong server IP, Brian sorry but that was my writing msg error, the IP in my
> ampr-run start script is correct 169.228.66.251
> There must be some other problem.
> Libor
Libor,
You should not need the address of the ampr gateway in your script, so that is probably where the error is.
The RIP packets are sent by 44.0.0.1, that is what you should allow to pass your firewall.
Don't be misled by RIP packets sent by 169.228.66.251, they have source and destination port numbers
reversed and will not be processed by the ampr-ripd. I think they would better be removed because they add
confusion.
Rob
Re wrong server IP, Brian sorry but that was my writing msg error, the
IP in my
ampr-run start script is correct 169.228.66.251
There must be some other problem.
Libor
On 08/27/2014 04:00 PM, 44net-request(a)hamradio.ucsd.edu wrote:
> Send 44Net mailing list submissions to
> 44net(a)hamradio.ucsd.edu
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://hamradio.ucsd.edu/mailman/listinfo/44net
> or, via email, send a message with subject or body 'help' to
> 44net-request(a)hamradio.ucsd.edu
>
> You can reach the person managing the list at
> 44net-owner(a)hamradio.ucsd.edu
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of 44Net digest..."
>
>
> Today's Topics:
>
> 1. Getting no response from 251.66.228.169 (Libor Berka)
> 2. Re: Getting no response from 251.66.228.169 (Brian Kantor)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Wed, 27 Aug 2014 11:52:23 -0300
> From: Libor Berka <ok2pen(a)seznam.cz>
> To: 44net(a)hamradio.ucsd.edu
> Subject: [44net] Getting no response from 251.66.228.169
> Message-ID: <53FDF0A7.50501(a)seznam.cz>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> Hello i am sysop of OK2KOJ-5 gateway in Brno, Czech Rep. The gateway has known amprIP 44.177.10.253 and
> public IP 176.74.143.164 hostname ok2koj.ddns.net.
> I registered this gateway here for the encap table. I have run on OK2KOJ the ampr-rip program with proper tunl0 interface
> but there is no response packets from amprnet server 251.66.228.169 (port 520 is open). I use appropriate text
> password which I put in text into registration of that gateway. The problem is that I don't know how to get
> coded string of that text password. So I think that is the problem why I do not get response from amprnet server.
> How can I get that text password in coded form?
> Thank you for help
> Dalibor
> P.S. I am laso sysop of OK2PEN-5 gateway (44.77.10.10) where I get successfull response from amprnet gateway.
>
>
>
>
>
> ------------------------------
>
> Message: 2
> Date: Wed, 27 Aug 2014 08:14:05 -0700
> From: Brian Kantor <Brian(a)UCSD.Edu>
> To: AMPRNet working group <44net(a)hamradio.ucsd.edu>
> Subject: Re: [44net] Getting no response from 251.66.228.169
> Message-ID: <20140827151405.GA2825(a)UCSD.Edu>
> Content-Type: text/plain; charset=us-ascii
>
> This may be caused by an incorrect address; you mention 251.66.228.169
> but the correct address is 169.228.66.251.
> - Brian
>
>
> On Wed, Aug 27, 2014 at 11:52:23AM -0300, Libor Berka wrote:
>> (Please trim inclusions from previous messages)
>> _______________________________________________
>> Hello i am sysop of OK2KOJ-5 gateway in Brno, Czech Rep. The gateway has known amprIP 44.177.10.253 and
>> public IP 176.74.143.164 hostname ok2koj.ddns.net.
>> I registered this gateway here for the encap table. I have run on OK2KOJ the ampr-rip program with proper tunl0 interface
>> but there is no response packets from amprnet server 251.66.228.169 (port 520 is open). I use appropriate text
>> password which I put in text into registration of that gateway. The problem is that I don't know how to get
>> coded string of that text password. So I think that is the problem why I do not get response from amprnet server.
>> How can I get that text password in coded form?
>> Thank you for help
>> Dalibor
>> P.S. I am laso sysop of OK2PEN-5 gateway (44.77.10.10) where I get successfull response from amprnet gateway.
>>
>>
>>
>> _________________________________________
>> 44Net mailing list
>> 44Net(a)hamradio.ucsd.edu
>> http://hamradio.ucsd.edu/mailman/listinfo/44net
>
> ------------------------------
>
> _______________________________________________
> 44Net mailing list
> 44Net(a)hamradio.ucsd.edu
> http://hamradio.ucsd.edu/mailman/listinfo/44net
>
>
> End of 44Net Digest, Vol 3, Issue 136
> *************************************
>
Hello i am sysop of OK2KOJ-5 gateway in Brno, Czech Rep. The gateway has known amprIP 44.177.10.253 and
public IP 176.74.143.164 hostname ok2koj.ddns.net.
I registered this gateway here for the encap table. I have run on OK2KOJ the ampr-rip program with proper tunl0 interface
but there is no response packets from amprnet server 251.66.228.169 (port 520 is open). I use appropriate text
password which I put in text into registration of that gateway. The problem is that I don't know how to get
coded string of that text password. So I think that is the problem why I do not get response from amprnet server.
How can I get that text password in coded form?
Thank you for help
Dalibor
P.S. I am laso sysop of OK2PEN-5 gateway (44.77.10.10) where I get successfull response from amprnet gateway.
On 8/20/14, 2:51 AM, Brian Kantor wrote:
> Sounds like a plan. I think Friday evening is unscheduled at this
> point so maybe we can meet and grab some drinks and food.
ok, I'll figure out something. Anyone have any thing they won't eat/keep
kosher/etc.?
--
Bryan Fields
727-409-1194 - Voice
727-214-2508 - Fax
http://bryanfields.net
On 8/20/14, 12:57 AM, Brian Kantor wrote:
> I'll be there Thurs evening thru Sunday morning.
We should do a 44net get together/dinner/drinks/etc. kinda thing.
Anyone up for it?
--
Bryan Fields
727-409-1194 - Voice
727-214-2508 - Fax
http://bryanfields.net
I just booked Sep 5-7 TPA-AUS for $250 on AA. I'll be there, but staying down
the road at a Hilton.
I'm landing at 12:40 on the 5th and leaving at 1pm on Sunday, it's all I could
fit into my schedule.
Anyone else coming?
--
Bryan Fields
727-409-1194 - Voice
727-214-2508 - Fax
http://bryanfields.net
Okay I have my network issues resolved. I had to implement policy
based routing to get things work consistently.
I was able to receive mail successfully too.
Onward and upward!
Actually what I said doesn't make any sense. I don't understand where
the problem is.
I'd still like to hear from anyone running a SMTP server on Linux, not NOS.
I was going to run a pipermail email list on a 44 IP. While I am sure
I can get it to work fine between other 44 hosts, my guess is that it
will see little use if I can't make it work like any other host on the
wide internet.
The latest problem again is with outside connectivity. There seems to
be some sort of TTL issue going on. My network /host isn't always
reachable from the internet. And it seems to depend on who you are
using for internet.
My host: 44.92.21.35
Seems to work fine from a time warner cable connection in Green Bay.
But other people report not being able to reach it.
Looking at other 44net hosts connected to the internet:
pinging 44.88.0.9 - Fine
pinging 44.4.92.50 yes but with packet loss
So it turns out a lot of my SMTP headaches track back to this bigger problem.
- Are you willing to establish an email server and be willing to maintain it?
- Who would be responsible for maintaining the accounts?
- Do you have a privacy policy in place?
- What is your ISP's bandwidth limit?
- Do you have the facilities to backup and store emails for all users?
- The same DNS entries would be required, and the ampr.org domain (or subdomain) would have to be the only one used.
-KB3VWG
> At the very least shouldn't AMPRnet folks be able to send and receive
> email from other AMPRnet stations? I'd think that would be a good
> first step for dealing with EMail. A bit easier and safer than
> dealing with the whole Internet.
> Bill
Steve,
I have ran mail servers, but I do not currently run one on AMPRNet; my last attempt was to setup a home server was an IPv6-only server for the purposes of passing a certification exam. There are many reasons for not maintaining it (some of which may be why you're having issues, hope this helps):
- The domain you're using for email must have an MX record
- That MX record must point to a valid A Record (it doesn't have to be the same domain)
- Your mail server must be configured with the hostname name noted in the A Record
- The IP noted in the A record must have a PTR record that returns the same hostname in the A Record (this can only be done by one of our friendly Brians, this has to be done in 44.in-addr.arpa)
also make sure that
- you have configured the SMTP server to receive email for the domain in which you created a global MX record entry
- make sure that email account exists on the server
- if it is multi-homed, make sure the gateway/default route is over 44NET
While mail servers should work with the first two, many ISPs configure their servers only to "talk" with mail servers who also have the PTR record in place.
-Lynwood
KB3VWG
Thanks for the explanation Tim.
I haven't messed with running a mail server since 1999 so a lot has
apparently changed, and I am a bit concerned about doing it right.
Presently I am trying trying exim on a CentOS platform. It seems to
send out mail just fine, but when it comes to answering someone else
connecting to it from the general internet that is were I apparently
don't have something configured right yet.
Anyone care to create a nice write up :-)
I found that Comcast only blocks "Residential" subscribers from port 25.
The minute I upgraded to a "Commercial" account, all restrictions were removed.
The best part was that for a commercial account with one dedicated IP
address, it was cheaper than the residential service was.
Not sure this approach will work for all though.
Bill
KG6BAJ
At 05:39 PM 08/11/14, you wrote:
>(Please trim inclusions from previous messages)
>_______________________________________________
>Is anyone running a SMTP server on their gateway?
>
>Most ISP's block port 25 outgoing, the problem I am seeing.
What ISP are you using. Most do block outbound 25. ATT will unblock if you get the right person on the phone.
KY9J
-------- Original message --------
From: kb9mwr(a)gmail.com
Date: 08/11/2014 8:50 PM (GMT-05:00)
To: 44net(a)hamradio.ucsd.edu
Subject: Re: [44net] SMTP port 25
(Please trim inclusions from previous messages)
_______________________________________________
Actually what I said doesn't make any sense. I don't understand where
the problem is.
I'd still like to hear from anyone running a SMTP server on Linux, not NOS.
_________________________________________
44Net mailing list
44Net(a)hamradio.ucsd.edu
http://hamradio.ucsd.edu/mailman/listinfo/44net
Turns out you have to specify the interface address for sendmail to
respond to, 127.0.0.1 is default so that is why that always worked. I
never ran into that one before,
That explains this weirdness.. Two boxes on my local LAN with no
iptables software firewalls or hardware firewalls between them, and
selinux off on both:
[root@kb9mwr ~]# ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:21:85:9C:60:42
inet addr:192.168.1.100 Bcast:192.168.255.255 Mask:255.255.0.0
inet6 addr: fe80::221:85ff:fe9c:6042/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5421757 errors:0 dropped:0 overruns:0 frame:0
TX packets:4042659 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1012253009 (965.3 MiB) TX bytes:2506193160 (2.3 GiB)
Interrupt:58 Base address:0xe000
[root@kb9mwr ~]# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 kb9mwr.host.org ESMTP Sendmail 8.13.8/8.13.8; Mon, 11 Aug 2014
19:59:42 -0500
^]
telnet>
root@pbx:~ $ telnet 192.168.1.100 25
Trying 192.168.1.100...
telnet: connect to address 192.168.1.100: Connection refused
telnet: Unable to connect to remote host: Connection refused
I was well aware that most ISP's block that port but was really
stumped as to why to PC's on the same network could not talk to each
other on that port yet could on all other ports.
You learn something new every day.
Is anyone running a SMTP server on their gateway?
Most ISP's block port 25 outgoing, the problem I am seeing.
I see a email handshake come in and forward over the wireless LAN, But
when it comes from a non 44 IP is tries to reply using my assigned ISP
provided IP and obviously that doesn't work.
So is there some way with IP tables or something else to set and
advanced IP rule where is it's a destination on port 25 to route thru
amprgw.sysnet.ucsd.edu using my 44 address?
