- 44net - mailman.ardc.net

Re: [44net] 44Net Digest, Vol 3, Issue 131

by Ernest.Tse＠Pacswitch

An embedded and charset-unspecified text was scrubbed... Name: not available URL: <http://hamradio.ucsd.edu/mailman/private/44net/attachments/20140812/5319c5f…>

10 years, 8 months

1
0
0 0

URONode on Summer 2014 issue of TAPR PSR

by Dimitrios Valaris

Hi all, I just received the "Summer 2014 issue of TAPR PSR" and saw a nice article about UROnode in page 5. Congrats to Brian N1URO. It is the best NODE software I have ever used. --- 73 de Demetre - SV1UY e-mail: demetre.sv1uy(a)gmail.com Radio e-mail: sv1uy(a)winlink.org AMPRnet e-mail: sv1uy(a)sv1uy.ampr.org PACKET mail: SV1UY(a)SV1UY.ATH.GRC.EU WEB: http://www.qsl.net/sv1uy

10 years, 8 months

2
4
0 0

testing for source address filtering....

by Eric Fort

Occasionally I have access to 2 Verizon DSL connections in the same location. the connections while being the same provider are generally a dynamic IP from different /24 subnets and there's about 4 hops between them. (once they reach a common point a couple hops away all other traceroute data is the same. how can I test to see if one connection filters source addresses belonging to the other? (and any guesses as to what the results may be?) Eric

10 years, 8 months

2
1
0 0

Re: [44net] 44Net Digest, Vol 3, Issue 128

by Ernest.Tse＠Pacswitch

An embedded and charset-unspecified text was scrubbed... Name: not available URL: <http://hamradio.ucsd.edu/mailman/private/44net/attachments/20140808/2f26caa…>

10 years, 9 months

1
0
0 0

Re: [44net] Performance of DNS

by Rob Janssen

44net-request(a)hamradio.ucsd.edu wrote: > Subject: > Re: [44net] Performance of DNS > From: > David Ranch <amprgw(a)trinnet.net> > Date: > 08/07/2014 03:04 AM > > To: > AMPRNet working group <44net(a)hamradio.ucsd.edu> > > > > Beyond filtering, are you looking at your named logs too? There are a ton of old / misconfigured DNS servers out there that don't support EDNS: > > success resolving 'blns71.spamcop.net/A' (in 'spamcop.net'?) after disabling EDNS success resolving 'bcwww.enet.cu/A' (in 'enet.cu'?) after reducing the advertised EDNS UDP packet size to 512 octets > > success resolving 'hispructs.com/A' (in 'hispructs.com'?) after reducing the advertised EDNS UDP packet size to 512 octets I recognize that problem but it is not occurring on this server. Probably the ampr.org nameservers are not affected by that, and the machine does not make many other queries. The only recurring error messages are about IPv6 DNS server addresses being unreachable, but only one or two a day. I have now started it with -4 option but it will probably not change much. Also disabled dnssec. Let's see... Rob

10 years, 9 months

1
0
0 0

Re: [44net] Performance of DNS

by Rob Janssen

44net-request(a)hamradio.ucsd.edu wrote: > Subject: > Re: [44net] Performance of DNS > From: > Jeroen Massar <jeroen(a)massar.ch> > Date: > 08/06/2014 11:22 AM > > To: > AMPRNet working group <44net(a)hamradio.ucsd.edu> > Jeroen, In general: please read the entire mail before starting to comment on individual paragraphs, so you don't need to ask questions that are answered a few paragraphs down the same mail. The system is running Debian Wheezy, all uptodate, with bind9 version 9.8.4 plus Debian patches. It is not available to the outside no so security worries. What I see is that it does not cache ampr.org addresses very long, but that does not surprise me because the default TTL in the zone is only one hour. Of course everything would perform better when the TTL was the more usual 24hours, but undoubtedly there was a good reason to set this TTL. (lately it was useful for me as I changed the external address of the machine and the update was propagated quickly in DNS, but in general I would think the zone is very static) What I am surprised about is that the measured relative performance of the 7 alternative DNS servers is apparently not kept by bind long enough to be useful. The TTL at that level is 24 hours but I think I have often seen that when doing the same lookups within 24 hours I see lookup delays again. The statistics command you gave does not provide that info, I wonder if there is some bind command to query its measured timers and preferred servers. We have several timeservers on net-44 addresses and I do "ntpq -p -c rv -c mrulist" a couple of times a day now that we are testing and deploying. It was slow every time, of course the cached lookups are gone because the previous try was more than an hour ago, but apparently the DNS preference info was gone too and queries were again sent to slow (for me) servers. After my experimental change with the hardwired forwarders everything works much better. I'm not sure I want to keep it, but it certainly indicates that there *is* a way in which bind could handle it more efficiently. Maybe I am missing some setting, I have experimented with setting a forwarder (and forward first) at top level as well. Probably I should turn off the DNSSEC that has been enabled by default by bind and Debian, that appears to cause a lot of extra overhead too. Rob

10 years, 9 months

3
2
0 0

New services idea.

by kb9mwr＠gmail.com

First, Lynwood thanks for sharing PHP code snippet. Does anyone know much about google maps? More than 15 years ago a younger local ham friend of mine wrote some web based interactive tools for wireless link planning. Maybe you have run into them: http://n9zia.ampr.org/ This isn't presently on 44-net. I have just been using the ampr dns to give it a hostname that has been pointing to my home cable modem for a long time now. They run horribly slow (same computer for 15 years and slow upload speed) I'd love to see these tools freshened up a bit to use PHP, and possibly integrate google maps. Neither the original author, Joe N9ZIA or myself really have a lot of experience with either. But we are both surprised someone hasn't already done this. Just throwing the idea out there for anyone who would like a project, the code is open under GPL. The tools help promote modern RF network planning. After a rewrite perhaps they could be hosted on a 44 IP, and put a paypal please donate nag screen if you come in from a commercial IP. The paypal proceeds can go to helping ARDC with Brian's ok. Steve, KB9MWR

10 years, 9 months

3
3
0 0

Re: [44net] Performance of DNS

by Rob Janssen

More tracing reveals why the times are sometimes as high as I reported... It first got my attention because commands like "netstat -t" and "ntpq -p" took quite some time to execute when 44.x.x.x addresses were in the listing, stopping for each reverse lookup. I had also noticed that "ping callsign.ampr.org" always takes some time before it sends the first ping. So I decided to investigate. I used this command to time it: time host callsign.ampr.org It appears that when the callsign exists, this does two lookups, for the A and MX record. When the callsign does not exist (I also tested that), it also does two lookups: the specified one, and the one with .ampr.org appended a second time. This is caused by "search ampr.org" in /etc/resolv.conf. It was put there by the Linux installer, I know many Linux distributors do that. (you specifiy a hostname and domainname during install, and it will put the domainname in /etc/resolv.conf as a search line) That explains the long execution time of "host" that could not be explained by a single lookup. I think it is not very clever of the resolver library to append a search domain that already was in the query, but maybe there are some cases where this is useful? Anyway, I removed that from resolv.conf as this machine is not for end-users anyway, and I don't mind typing full domain names. It doubles the speed of all lookups of nonexisting names, and reduces the load on the ampr.org nameservers as well. This doubles the speed of the host command, but of course the reverse lookups are not affected. When using those two local DNS servers first, they are fast. Bind should learn and remember that, I think. It is only good that ampr.org DNS servers are around the globe, and a pity that bind does not take that to an advantage. It does do that for forwarders, at least that is written in the docs. (this machine runs bind as a caching resolver and the nameserver in resolv.conf is 127.0.0.1) Rob

10 years, 9 months

3
2
0 0

Re: [44net] Performance of DNS

by Rob Janssen

44net-request(a)hamradio.ucsd.edu wrote: > Subject: > Re: [44net] Performance of DNS > From: > Brian Kantor <Brian(a)UCSD.Edu> > Date: > 08/05/2014 07:21 PM > > To: > AMPRNet working group <44net(a)hamradio.ucsd.edu> > > > On Tue, Aug 05, 2014 at 07:14:12PM +0200, Rob Janssen wrote: >> >I often experience relatively slow lookups of DNS records in .ampr.org and 44.in-addr.arpa. > It can be instructive to use the 'dig' '+trace' option to do lookups > as that will give you timing results as the query descends the tree. > That way you can get an idea of where the delay may be. Together with > the '@' option to direct your query to a particular nameserver you might > be able to identify the bottleneck when it occurs. > - Brian > I did some testing and I find that the two servers closest to me (in DE and UK) return results very quickly, under 80ms, while munnari.OZ.AU is very slow, it takes a second per query. Of course it is on the other end of the world, the pingtime is 350ms. The lookup of org and ampr (when not in cache) also take 300ms each, so in total a lookup takes quite some time. When I trick the whole thing using these bind9 zones in my local caching resolver: zone "ampr.org" IN { type forward; forward first; forwarders { 192.109.42.4; 195.66.148.101; }; }; zone "44.in-addr.arpa" IN { type forward; forward first; forwarders { 192.109.42.4; 195.66.148.101; }; }; everything is very very fast. of course this is to be expected, as the tree lookups are no longer required and the fastest (for me) servers are used first. But of course it is a dirty trick, and it will fail when those servers change address. It looks like bind does not remember performance of DNS servers as it does for forwarders, or when it does it may have forgotten that info by the time it is required again and therefore does not use only the fastest servers? Rob

10 years, 9 months

1
0
0 0

seeking recommendations for VPN capible (home) router

by Eric Fort

I'm presently seeking recommendations for a consumer grade home router that will work as both a vpn client and vpn server for PPTP, L2TP, OpenVPN, and IPSEC protocols. support for plain GRE would be useful as well. the router should be easy to configure with a fill in the boxes and check marks type web interface. Ideally an unlimited number of VPN tunnels would be supported along with support for RIP and OSPF. what does this list know of that comes at least close to this? Eric AF6EP

10 years, 9 months

5
4
0 0

Performance of DNS

by Rob Janssen

I often experience relatively slow lookups of DNS records in .ampr.org and 44.in-addr.arpa. Not every time, but lookup times of 2-3 seconds occur quite often, especially for the first one in a series (the TTL in the zones is only an hour, so there is little caching). 44.in-addr.arpa also sometimes fail for existing hosts, to succeed when they are re-tried later. Do other people see this? It looks like there are 7 DNS servers, which seems to be plenty. Are they overloaded? Do we need or like to have more DNS servers? Should I volunteer to provide one? Or could there be another reason for this phenomenon? Rob

10 years, 9 months

3
2
0 0

total monthly traffic count for 44/8

by Eric Fort

What is the total monthly amount of traffic produced and responded to by ALL hosts on 44/8? anyonh have a vague number for this? how much traffic passes monthly through amprgw? Eric AF6EP

10 years, 9 months

5
6
0 0

Test Please ignore

by gm4upx＠gb7jd.co.uk

test

10 years, 9 months

2
2
0 0

ampr.org hostname resolves to non 44/8 ip - what's up here?

by Eric Fort

doing some testing here this morning and went to login to af6hf.ampr.org and saw the following: debian@arm:~$ telnet af6hf.ampr.org Trying 92.242.140.21... just curious what's going on here. can we now assign any ip addresses to our delegated domain namespace? I had always thought that foo.ampr.org would be placed in 44/8 ip space. Eric AF6EP

10 years, 9 months

5
9
0 0

Co-ordinate ??

by gm4upx＠gb7jd.co.uk

Hello, Anyone else experiencing this ?? When I click on the [ Co-ordinators ] part I should be directed to [ https://portal.ampr.org/coord_index.php ] but I am re-directed to [ https://portal.ampr.org/index.php ] Regards, Ian..

10 years, 9 months

4
4
0 0

Re: [44net] 44Net Digest, Vol 3, Issue 119

by Rob Janssen

44net-request(a)hamradio.ucsd.edu wrote: > Subject: > Re: [44net] VPN or Gatwaying without control of NAT router WAS: 44Net Digest, Vol 3, Issue 118 > From: > Eric Fort <eric.fort(a)gmail.com> > Date: > 07/28/2014 06:16 AM > > To: > AMPRNet working group <44net(a)hamradio.ucsd.edu> > > > thanks geoff. I did login and look it up, then sent it on. looks > like this subnet will finally be coming online..... even if packets > need to route via romania on their way here! those in the us, really > ought pitch in and find some isp willing to bgp announce for us in > exchange for a moderate fee for hosting a vpn concentrator for the > announced subnets. with the low expected traffic usage it "shouldn't" > be that costly to do. anyone know a friendly us based isp? Please note that there is no relation whatsoever between announcing via BGP and offering an OpenVPN or other VPN access instead of IPIP tunnels. Those are two completely ortogonal subjects. It is possible to setup an OpenVPN or other VPN access on a gateway that is connected to others via IPIP tunnels, that is what I have now. And it is possible to have a BGP announced gateway that does not offer OpenVPN. And it is possible to combine the two. You can setup an OpenVPN access system that operates as a normal IPIP gateway on any of the low-cost virtual servers that you can get everywhere today. No need for ISP cooperation or BGP routing. Just get a Linux virtual server, install a couple of packages, configure them, and there you go. Rob

10 years, 9 months

2
1
0 0

Re: [44net] 44Net Digest, Vol 3, Issue 118

by Rob Janssen

44net-request(a)hamradio.ucsd.edu wrote: > Subject: > Re: [44net] 44Net Digest, Vol 3, Issue 117 > From: > Eric Fort <eric.fort(a)gmail.com> > Date: > 07/27/2014 06:49 AM > > To: > AMPRNet working group <44net(a)hamradio.ucsd.edu> > > > Rob, > > for the specific situation I'm in we ought chat. I do eventually want > to set up my own 44net vpn hub.... but for the moment it would work > just fine to have an ip out of finland or elsewhere. now if someone > wanted to setup a vpn server host for various yet to be routed subnets > that would be even cooler..... but yes, let's chat. a vpn connection > to you would be most welcome. > > Thanks, > > Eric Eric, My VPN server is only configured for Dutch IP adresses, as I have configured it in such a way that it can use existing allocated net-44 addresses, for which I am the coordinator for 44.137.0.0/16, and I am setting up a server for this network to be announced on BGP. That is not finished (waiting for permission from the ISP and then from ARDC), but it already operates as a gateway. On that machine I installed the OpenVPN server. So it only works for existing adresses in the 44.137.0.0/16 network, that are not within a subnet registered at the portal. However, others have taken a different approach, they allocate new addresses from a special subnet. I think the Finnish server does this as well. Best would be if someone nearer to you provides this service, as this yields much better performance. Rob

10 years, 9 months

4
6
0 0

Re: [44net] 44Net Digest, Vol 3, Issue 118

by Ernest.Tse＠Pacswitch

An embedded and charset-unspecified text was scrubbed... Name: not available URL: <http://hamradio.ucsd.edu/mailman/private/44net/attachments/20140728/71d2ac1…>

10 years, 9 months

1
0
0 0

Re: [44net] 44Net Digest, Vol 3, Issue 117

by Rob Janssen

44net-request(a)hamradio.ucsd.edu wrote: > Subject: > Re: [44net] getting a debian wheezy host connected to 44net > From: > Eric Fort <eric.fort(a)gmail.com> > Date: > 07/26/2014 06:42 PM > > To: > AMPRNet working group <44net(a)hamradio.ucsd.edu> > > > ok it seems everyone is missing the point of the question here. see > my threaded comments below: > > On Sat, Jul 26, 2014 at 3:41 AM, Marius Petrescu<marius(a)yo2loj.ro> wrote: >> >(Please trim inclusions from previous messages) >> >_______________________________________________ >> >Eric, >> > >> >Actually you can use any stateful VPN tunnel: OpenVPN, PPtP, L2TP, SSTP etc. >> >OpenVPN is kind of complicated to set up (certifcates and other details). >> > >> >The idea is to initiate the connection from the dynamic IP to a static IP, >> >and reconnect on IP change from the new dynamc IP. >> > >> >I personally favor PPtP or L2TP (optional with MPPE encryption), since this >> >protocol is supported by almost any OS (Windows, Mac, Linux) and is light on >> >the processor. >> > > yes I get that the tunnel type is mostly irrelevant and I'm pretty > agnostic as to it's type as hey I could tunnel over dns, http, or even > icmp if I had to. The question is tunnel to where? If I had a box > somewhere with a static endpoint / static ip address a big part of > this question would not be being asked and yes, I'd use it as a vpn > server - problem solved. at present, I do not have that luxury. > > is there no possible way to connect hosts to amprnet that are behind a > nat firewall router that has a dynamic public ip without the use of a > (my own) vpn server with a static ip placed elsewhere? > > Eric > It depends on where you are and what kind of address you want to have. Here in the Netherlands I have just setup an OpenVPN server that can be used for this for addresses within 44.137.0.0/16. Anyone with such an address can just mail me and I'll send them a certificate and example config file. I plan to enable PPTP, L2TP/IPsec and IPsec as well as demand arises. There is an OpenVPN service in Finland as well, see http://wiki.ampr.org/index.php/AMPRNet_VPN I think they are open for registration from anywhere (not just Finland). Of course best is when you start a server in your own area. Rob

10 years, 9 months

2
1
0 0

getting a debian wheezy host connected to 44net

by Eric Fort

I have a group of hosts that at present must sit behind a home router with a dynamic public IP which I have not access to the settings of that acts as a nat firewall. how can I get these boxen joined to amprnet where they can be accessed by amprnet and the internet at large? vpn anyone? Thanks, Eric

10 years, 9 months

6
12
0 0

TAPR DCC 2014?

by Brian Kantor

The annual TAPR Digital Communications Conference is September 5-7 this year in Austin Texas USA. https://www.tapr.org/dcc.html Are any of you folks planning to attend? - Brian

10 years, 9 months

4
3
0 0

Re: [44net] dcc

by f6cnb＠hutin.org

I'll attend the DCC 73 Remi W5/F6CNB Sent from my android device.

10 years, 9 months

1
0
0 0

44.140.0.0/16 via 44.140.0.1 unreachable on mikrotik

by lx1duc＠laru.lu

Good evening, I have the following routes concerning 44.140.0.1 on my system: [lx1duc(a)LX044-17.ampr.org] > ip route print detail where 44.140.0.1 in dst-address Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit 0 ADb dst-address=0.0.0.0/0 gateway=46.29.182.225 gateway-status=46.29.182.225 reachable via ether10 distance=20 scope=40 target-scope=10 bgp-as-path="60391" bgp-origin=igp received-from=AS60391_v4 2 A S dst-address=44.140.0.0/16 gateway=ampr-44.140.0.1 gateway-status=ampr-44.140.0.1 reachable distance=210 scope=30 target-scope=10 3 Db dst-address=44.140.0.0/16 gateway=46.29.182.225 gateway-status=46.29.182.225 reachable via ether10 distance=250 scope=40 target-scope=10 bgp-as-path="60391,51405,24611,3549,1299,1299,1299,2603,1653,2839, 8973" bgp-atomic-aggregate=yes bgp-origin=igp bgp-communities=3549:2682,3549:31528,51405:352,51405:1100,51405:2003, 51405:10010,51405:10012 received-from=AS60391_v4 (I deleted rule #1 as it is disabled). When I do a traceroute to 44.140.128.7 from a system behind that router, I can see that the packets come in via ethernet and they are forwarded to the IPIP tunnel interface for 44.140.0.1, however the Mikrotik router never sends any IPIP packets out via my upstream ethernet connection. When I add the following route: 4 A S dst-address=44.140.0.1/32 gateway=46.29.182.225 gateway-status=46.29.182.225 reachable via ether10 distance=1 scope=30 target-scope=10 are actually sent out of the ethernet to the upstream. However there is no response from 44.140.0.1 in any case. (There is a possible work around by using different routing tables, but depending on the type of rules, this could still have the same effect.) I'm not very sure how this can be solved, eventually by announcing 44.140.0.0/24 via commercial BGP. Any ideas are welcome. 73 de Marc, LX1DUC

10 years, 9 months

1
0
0 0

Re: [44net] (no subject)

by kb9mwr＠gmail.com

On a PC not connected to the amprnet, when I point a browser to n1uro.ampr.org I get Brians' website with the java warning. On that same PC not connected to the amprnet: http://44.135.85.151/ Nothing http://44.135.85.30/ Nothing On a PC connected to the amprnet http://n1uro.ampr.org Nothing http://44.135.85.30/ - VE3MCH TCP/IP AMATEUR RADIO PACKET GATEWAY http://44.135.85.151/ - VE3MCH TCP/IP AMATEUR RADIO PACKET GATEWAY >From 44.92.21.50 Gateway: 75.87.213.229 --- Quote--- Not that it helps but I get a lovely web page show up when I point my browser at n1uro.ampr.org. Brian's javascript is causing an "Java out of date" error on my machine so something is working.

10 years, 9 months

4
4
0 0

Re: [44net] [HamWAN PSDR] Fwd: 44net and internal BGP tests

by Tom Hayward

On Thu, Jul 10, 2014 at 10:21 AM, K7VE - John <k7ve(a)k7ve.org> wrote: > These are the applications we need to bring to 44-Net We're [HamWAN] doing pretty good so far! Hostnames below... > On Thu, Jul 10, 2014 at 4:56 AM, <lx1duc(a)laru.lu> wrote: >> - 2 DMR repeaters >> - several D-Star HotSpots None yet. >> - DNS resolvers open to 44net (Anycasted), secondary DNS Service available for fellow YLs and OMs HamWAN's recursive DNS is at 44.24.244.1 and 44.24.245.1, anycasted of course. This will work within 44.24.240.0/20 for resolving any domain. Authoritative DNS is a.ns.hamwan.net (44.24.244.2) b.ns.hamwan.net (44.24.245.2) >> - NTP servers (Anycasted) NTP.hamwan.net (44.24.244.4) NTP.hamwan.net (44.24.245.4) Also anycasted. At least one of the members in this anycast pool is GPS-synced statum-1. >> - VoIP (SIP) voip.k7nvh.hamwan.net (44.24.255.5) Ask Nigel for an extension if you want to register your SIP phone. We have three local numbers for dialing in and out, but I believe they lack long distance service and are limited to Seattle, Bellevue, and Olympia (don't quote me on that). We do conference calls semi-regularly. >> - VPN >> - (planned) APRS Server northwest.aprs2.net (on HamWAN's Seattle-SRV1) >> - (planned) connect existing APRS I-GATEs baldi-aprs.kd7lxl.hamwan.net (44.24.240.203) is a dual-channel igate (144.39 @ 1200 baud and 144.35 @ 9600 baud) connected to northwest.aprs2.net >> - (planned) Hosting of HAM webs >> - (planned) Hosting of HAM email services We have postfix configured so that outgoing mail works, but no one has bothered with incoming. Tom KD7LXL

10 years, 9 months

9
10
0 0

(no subject)

by kb9mwr＠gmail.com

I can't reach n1uro.ampr.org either. I don't have any problems with 44.135.85.151 or 44.135.85.30 >From 44.92.21.X If you really want to know what I found reachable on the amprnet: http://www.qsl.net/k/kb9mwr//wapr/tcpip/amrprnet-nmap-2014.txt

10 years, 9 months

3
2
0 0

44net and internal BGP tests

by lx1duc＠laru.lu

Good afternoon, just to let you know, we are testing a new BGP setup between our 44net routers. (This has *nothing* to do with a BGP connection to the internet!!) As the 1023 16-bit ASN numbers are in use mostly in DL and surrounding countries, we were looking for another larger ASN space. The logical alternative is the 32-bit ASN space. The ASNs 42XXXXXXXX are reserved for private use by IANA (except the last ASN!). In order to avoid potential collisions we intend to use the ASNs 42270XXXXX in LX. 270 is the MNC (E.212) for LX (with some inspiration from DMR). We will soon publish the exact ranges in use and I will publish the URL here asap. If anybody of you is already using ASNs from the ranges mentioned above, please let me know. Nothing is written in stone, so we can still rearrange our setup HI :-). If someone of you is interested to setup a BGP session on the existing IPIP tunnel or on a dedicated IPIP, GRE, ... tunnel, please also get in touch with me. We are currently running the following services in our 44net: - 2 DMR repeaters - several D-Star HotSpots - DNS resolvers open to 44net (Anycasted), secondary DNS Service available for fellow YLs and OMs - NTP servers (Anycasted) - VoIP (SIP) and Jabber (XMPP) server - VPN - (planned) APRS Server - (planned) connect existing APRS I-GATEs - (planned) Hosting of HAM webs - (planned) Hosting of HAM email services 73 de Marc, LX1DUC

10 years, 9 months

3
4
0 0

IPIP with pfSense Firewalls

by Rod Ekholm

I have set up a new firewall for my network, and am wanting to use it to also perform either the encap.txt updates, or even a few isolated IPIP tunnels to get my connections back to the 44/8 network. Is anyone else running pfSense to do this? I would be interested in some help in making this work. Screenshots, a write up.. Anything!!! I'll explore it more today for a bit, but I'm still baffled by some of the way pfSense does things and still trying to figure it out. Thanks for any help you can offer! -- Rod Ekholm kc7aad(a)gmail.com

10 years, 9 months

3
3
0 0

rip44d seg faults

by Jason R Begley

I am having an issue running rip44d on Arch after a recent update (perl (5.18.2-2 -> 5.20.0-5) I suspect). Please see the below BT and let me know if you can help. gdb -args perl rip44d GNU gdb (GDB) 7.7.1 Copyright (C) 2014 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-unknown-linux-gnu". Type "show configuration" for configuration details. For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>. Find the GDB manual and other documentation resources online at: <http://www.gnu.org/software/gdb/documentation/>. For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from perl...(no debugging symbols found)...done. (gdb) r Starting program: /usr/bin/perl rip44d warning: Could not load shared library symbols for linux-vdso.so.1. Do you need "set solib-search-path" or "set sysroot"? [Thread debugging using libthread_db enabled] Using host libthread_db library "/usr/lib/libthread_db.so.1". Program received signal SIGSEGV, Segmentation fault. 0x00007ffff67019ce in boot_IO__Interface () from /usr/lib/perl5/site_perl/auto/IO/Interface/Interface.so (gdb) bt #0 0x00007ffff67019ce in boot_IO__Interface () from /usr/lib/perl5/site_perl/auto/IO/Interface/Interface.so #1 0x00007ffff7aeb93b in Perl_pp_entersub () from /usr/lib/perl5/core_perl/CORE/libperl.so #2 0x00007ffff7ae41f6 in Perl_runops_standard () from /usr/lib/perl5/core_perl/CORE/libperl.so #3 0x00007ffff7a6dde5 in Perl_call_sv () from /usr/lib/perl5/core_perl/CORE/libperl.so #4 0x00007ffff7a70133 in Perl_call_list () from /usr/lib/perl5/core_perl/CORE/libperl.so #5 0x00007ffff7a53d51 in S_process_special_blocks () from /usr/lib/perl5/core_perl/CORE/libperl.so #6 0x00007ffff7a67592 in Perl_newATTRSUB_x () from /usr/lib/perl5/core_perl/CORE/libperl.so #7 0x00007ffff7a6a630 in Perl_utilize () from /usr/lib/perl5/core_perl/CORE/libperl.so #8 0x00007ffff7a9d0b9 in Perl_yyparse () from /usr/lib/perl5/core_perl/CORE/libperl.so #9 0x00007ffff7b1d942 in S_doeval () from /usr/lib/perl5/core_perl/CORE/libperl.so #10 0x00007ffff7b2a72c in Perl_pp_entereval () from /usr/lib/perl5/core_perl/CORE/libperl.so #11 0x00007ffff7ae41f6 in Perl_runops_standard () from /usr/lib/perl5/core_perl/CORE/libperl.so #12 0x00007ffff7a6dde5 in Perl_call_sv () from /usr/lib/perl5/core_perl/CORE/libperl.so #13 0x00007ffff7a70133 in Perl_call_list () from /usr/lib/perl5/core_perl/CORE/libperl.so #14 0x00007ffff7a53d51 in S_process_special_blocks () from /usr/lib/perl5/core_perl/CORE/libperl.so #15 0x00007ffff7a67592 in Perl_newATTRSUB_x () from /usr/lib/perl5/core_perl/CORE/libperl.so #16 0x00007ffff7a9d781 in Perl_yyparse () from /usr/lib/perl5/core_perl/CORE/libperl.so #17 0x00007ffff7b1d942 in S_doeval () from /usr/lib/perl5/core_perl/CORE/libperl.so #18 0x00007ffff7b29510 in Perl_pp_require () from /usr/lib/perl5/core_perl/CORE/libperl.so #19 0x00007ffff7ae41f6 in Perl_runops_standard () from /usr/lib/perl5/core_perl/CORE/libperl.so #20 0x00007ffff7a6dde5 in Perl_call_sv () from /usr/lib/perl5/core_perl/CORE/libperl.so #21 0x00007ffff7a70133 in Perl_call_list () from /usr/lib/perl5/core_perl/CORE/libperl.so #22 0x00007ffff7a53d51 in S_process_special_blocks () from /usr/lib/perl5/core_perl/CORE/libperl.so #23 0x00007ffff7a67592 in Perl_newATTRSUB_x () from /usr/lib/perl5/core_perl/CORE/libperl.so #24 0x00007ffff7a6a630 in Perl_utilize () from /usr/lib/perl5/core_perl/CORE/libperl.so #25 0x00007ffff7a9d0b9 in Perl_yyparse () from /usr/lib/perl5/core_perl/CORE/libperl.so #26 0x00007ffff7a74215 in perl_parse () from /usr/lib/perl5/core_perl/CORE/libperl.so #27 0x0000000000400d9b in main () (gdb)

10 years, 9 months

3
3
0 0

tunl0

by gm4upx＠gb7jd.co.uk

Hello, While waiting for my allocation to be actioned and having little or no experience I decided to experiment to learn more about the use of the tunnel interface and what would be possible with it. I have all ports forwarded from my ISP's modem to a PC I am using as a router. I have a tunnel set up on a one to one basis with a forwarding partner and it works well. My router PC has three network cards, one with a 192.x.x.x/24 address and the other two with a 44.x.x.x/29 and 44.x.x.x/27 address. Connections between both 44.x.x.x addresses work with my forwarding partner and I can forward between my 44.x.x.x addresses using [ eth0 ] but not when I set the route at each via [ tunl0 ]. Is it something simple I have missed ?? Regards, Ian..

10 years, 10 months

2
1
0 0

New member - VE5EIS

by Jim MacKenzie

Hi all, Just joining the list... I applied for a 44net subnet last week and am beginning the steps to do something cool and interesting with this. I'm a new ham as of April 2013 (VE5EIS) and work on both VHF/UHF and the HF bands. I also am involved with a hobby project in Canada called the Metanetwork, where we link disparate networks together and learn about networking, route advertising, and so on. The project has gotten me to learn about all sorts of useful networking things such as using OpenVPN and deploying IPv6. My routers and my most interesting computers run Linux or BSD. I'm hoping to learn more about packet radio and deploy some RF hops on my subnet. I have some ideas of some useful projects that could be done, e.g. UUCP over RF for email links between sites that don't have Internet or telephone connectivity. At this point I'm working on getting either a tunnel or permission to set up BGP advertising for my subnet, and then it'll be time to figure out what to do with this project. I'm hoping to have a lot of fun with it and learn from you guys - see what you're doing, grab some great ideas, maybe leverage them with some of my own experience and knowledge. Thanks, Jim VE5EIS Regina, Saskatchewan, Canada DO70

10 years, 10 months

2
2
0 0

Re: [44net] Draytek Vigor 2710Vn

by kb9mwr＠gmail.com

The solution is in section 3.3.2 of the user guide : DMZ Host http://www.draytek.co.uk/support/downloads Another option is is to put the modem in a Bridge Mode see page 35.

10 years, 11 months

1
0
0 0

Draytek Vigor 2710Vn

by demetre.sv1uy

Hi all, Does anyone know if a Draytek Vigor 2710Vn ADSL router can do IPENCAP (Protocol 4) so that I can use it in my AMPRnet GATEWAY? I can't make it work, although my GATEWAY works OK when I use a TP-Link WR1043ND Broadband Router with DD-WRT Firmware! -- 73 de Demetre - SV1UY e-mail: demetre.sv1uy(a)gmail.com Radio e-mail: sv1uy(a)winlink.org AMPRnet e-mail: sv1uy(a)sv1uy.ampr.org PACKET mail: SV1UY(a)SV1UY.ATH.GRC.EU WEB: http://www.qsl.net/sv1uy

10 years, 11 months

1
0
0 0

AMPR Gateway down?

by lx1duc＠laru.lu

Good afternoon/morning, I'm unable traceroute from the internet to 44.161.200.11, the trace stops at ebu3b-6509-nodem-core-interconnect-vl910-bcast-255-131.ucsd.edu (132.239.255.131). Is anybody experiencing similar issues? 73 de Marc, LX1DUC

10 years, 11 months

4
4
0 0

Gateways to where?

by kb9mwr＠gmail.com

I have been reading this common thread on the.broadband hamnet forums. "Are there any lists with available tunnel connections?" On the portal, unless noted in the notes area, the only way to really tell is from looking up the geographic area for the listed subnet. This is probably something we should re-think. You shouldn't have to do all that leg work to see what areas have tunnels available. If we can make that easier to determine, I'd like to think more people will find what we are doing here on 44net more useful to them. Back to painful data loss recovery..

10 years, 11 months

3
2
0 0

Strange route entry: 44.140.0.0/16

by Marius Petrescu

Just peeked in th RIP broadcasts today: 44.140.0.0/16 via 44.140.0.1 This entry is invalid, since the gateway is in its own subnet and no other entry for 44.140.0.1 exists. Please correct the entry. Marius, YO2LOJ

10 years, 11 months

6
8
0 0

Re: [44net] 802.11 link planning

by Steve Wright

On Thu, May 22, 2014 at 7:00 AM, <44net-request(a)hamradio.ucsd.edu> wrote: > http://www.scc-ares-races.org/mesh/preso/Basic_WiFi_Net_Planning_v140516.pdf That's a really good document. This really needs to be in the wiki, or else no one can find it. It can be dangerous for total newbs to read this, because it suggests the process is fraught with danger, which of course it's not. We all agree that it's actually completely trivial to put up an AP and connect to it from miles away. rmonline is also a good tool to quickly check links for LOS. There is also some Android app as well. http://www.ve2dbe.com/rmonline.html I don't do link calcs any more - there's just no need to. A pair of Nanobridges will work real well over a huge distance provided there is line-of-sight. Really, this stuff is point-and-shoot trivial now. A really important consideration with an 802.11 ham network, is keeping the snake-oil protocols separate from the ones that actually work! Viz, don't run mesh on an AirMax channel. AirMax can push a huge amount of data, even on a busy channel. Advice I'd give to a group of total newbies who want to build a network, is ignore all the tech talk and go buy a 2.4GHz AirMax sector access point, install on a nice high line-of-sight location, and just play with connecting to it from all around the place. There's nothing complicated about it at all. The tricky stuff does come later, but you'll get to that once you see the network up and alive, and your enthusiasm starts to take off. Newbs giving up early because it looks too hard is an avoidable tragedy. Steve ZL1BHD

10 years, 11 months

1
0
0 0

Re: [44net] 44Net Digest, Vol 3, Issue 104

by Rob Janssen

44net-request(a)hamradio.ucsd.edu wrote: > Subject: > Re: [44net] 44Net Digest, Vol 3, Issue 103 > From: > Pedro Converso <pconver(a)gmail.com> > Date: > 05/21/2014 12:17 AM > > To: > AMPRNet working group <44net(a)hamradio.ucsd.edu> > > > Hello Rob et all crew aboard this 44 ship, > > Thanks for taking time to answer, > > If I ping from my jnos> ping pe1chl.ampr.org then ping is answered. > > If I ping from any operating system pe1chl.ampr.org or using remote ping > fromhttps://www.wormly.com/test_remote_ping then ping is not answered. > > Therefore any other function as web, telnet, nntp, etc are not answered or > handled using a PC with any operating system other than a linux with encap. > > This is my concern that also happens to others ampr system including yours. Oh but that is because pe1chl.ampr.org allows only traffic from net-44. It is a NET system and I don't want to open it to the abusers and portscanners. Try sys2.pe1chl.ampr.org or www.pe1chl.ampr.org. Those are Linux systems and you can ping them both from net-44 and from the entire internet. > > In fact a ping to any ampr.org does go to amprgw (169.228.66.251) as shown > by traces, and that happens using any system being or not a linux. > > Question is how to resolve this, and reason of seeking help/advice from > amprnet experts to guide toward finding a solution. > > Best 73, > lu7abf, Pedro Converso What I deduced from your trace was that incoming the packets were encapped as IP-in-IP but outgoing they were not. But maybe it is a characteristic of the way you traced, sometimes those extra encapsulations are not shown in a trace. I think the best solution today is to handle the net-44 routing in Linux and then when you want to run jnos put that behind an extra address that you route locally. Rob

10 years, 11 months

1
0
0 0

Re: [44net] 802.11 link planning

by Bryan Fields

I have 3.4 ghz mini pci cards for 8.50 USD each. On May 21, 2014 1:09:52 AM EDT, Michael E Fox - N6MEF <n6mef(a)mefox.org> wrote: >(Please trim inclusions from previous messages) >_______________________________________________ >I haven't seen any commercial equipment available. If you're aware of >any, >can you provide links? > >M > >-----Original Message----- >From: 44net-bounces+n6mef=mefox.org(a)hamradio.ucsd.edu >[mailto:44net-bounces+n6mef=mefox.org@hamradio.ucsd.edu] On Behalf Of >Tom >Hayward >Sent: Tuesday, May 20, 2014 1:48 PM >To: AMPRNet working group >Subject: Re: [44net] 802.11 link planning > >(Please trim inclusions from previous messages) >_______________________________________________ >On Tue, May 20, 2014 at 12:44 PM, Michael E Fox - N6MEF ><n6mef(a)mefox.org> >wrote: >> >http://www.scc-ares-races.org/mesh/preso/Basic_WiFi_Net_Planning_v140516.pdf > >You might add 3.4 GHz and 5.9 GHz to you list of bands. These are >worth mentioning because they're [US] ham-only and therefore avoid >many common noise sources. > >Tom KD7LXL >_________________________________________ >44Net mailing list >44Net(a)hamradio.ucsd.edu >http://hamradio.ucsd.edu/mailman/listinfo/44net > >_________________________________________ >44Net mailing list >44Net(a)hamradio.ucsd.edu >http://hamradio.ucsd.edu/mailman/listinfo/44net -- Bryan Fields 727-409-1194 http://bryanfields.net

10 years, 11 months

2
1
0 0

Re: [44net] 802.11 link planning

by kb9mwr＠gmail.com

I have a nice summary here: http://www.qsl.net/k/kb9mwr/projects/wireless/ham-how-to.html ---- Quote ---- I haven't seen any commercial equipment available. If you're aware of any, can you provide links? M

10 years, 11 months

2
1
0 0

802.11 link planning

by Michael E Fox - N6MEF

All, I know some on this list have already rolled out substantial 802.11 outdoor networks. For those who are getting started, this preso might be helpful. I put it together to help new folks in our area understand how all the numbers and terminology fits together. http://www.scc-ares-races.org/mesh/preso/Basic_WiFi_Net_Planning_v140516.pdf At some point, I may follow up with a white paper on how to calculate various items of interest, such as: -- what speed can I expect from a given link? -- what is the minimum antenna gain I need for a given link? -- etc. Michael, N6MEF

10 years, 11 months

2
3
0 0

Re: [44net] 44Net Digest, Vol 3, Issue 103

by Rob Janssen

44net-request(a)hamradio.ucsd.edu wrote: > Subject: > [44net] Pings to 44... from Internet not returning > From: > Pedro Converso <pconver(a)gmail.com> > Date: > 05/19/2014 11:26 PM > > To: > AMPRNet working group <44net(a)hamradio.ucsd.edu> > > > Hello fellows 44 crew > > I have a ping not returning syndrome from my 44 address via Internet. It looks like you are not sending your pings back encapped to 169.228.66.251 You send them directly without encap. That may work if you have a bad ISP, but normally it should not work. You should have separate route tables for net-44 and public-IP traffic and send all traffic originating at net-44 back out via 169.228.66.251. I don't think jnos can do that. It really is outdated, you should consider migrating to Linux where this is no problem. (see earlier recipes provided on this list) Rob

10 years, 11 months

2
1
0 0

Pings to 44... from Internet not returning

by Pedro Converso

Hello fellows 44 crew I have a ping not returning syndrome from my 44 address via Internet. >From any ampr system ping to 44.153.0.1 are answered ok, but from internet don't receive answer to pings sent to 44.153.0.1 To try thru Internet I use https://www.wormly.com/test_remote_ping setting 44.153.0.1 as destination for pings. System is an ubuntu 10.03 and jnos2.0i, locally pings returns ok. I made some traces that follows, some related autoexec.nos are at end. Same symptom happens with several 44 systems, pings from Internet don't return. As pings don't return any other tcp function doesn't work either. Any help/guidance/sugestion will be much appreciated. Best 73, lu7abf, Pedro Converso PD: Router: TL-MR3420 DMZ: 44.153.0.10 (IP of my jnos2) ================================================================ Trace of tun0 interfase made by jnos> trace tun0 211 Here can be seen that tun0 receives Echo request encapsulated thru amprgw and Reply with no encapsulation, which originating pinger doesn't receive Mon May 19 16:36:37 2014 - tun0 recv: IP: len 104 169.228.66.251->44.153.0.1 ihl 20 ttl 39 prot IP IP: len 84 184.72.226.23->44.153.0.1 ihl 20 ttl 38 DF prot ICMP ICMP: type Echo Request id 58952 seq 1 0000 45 00 00 68 63 95 00 00 27 04 16 84 a9 e4 42 fb E..hc...'...)dB{ 0010 2c 99 00 01 45 00 00 54 33 75 40 00 26 01 5a 3a ,...E..T3u@.&.Z: 0020 b8 48 e2 17 2c 99 00 01 08 00 f1 bb e6 48 00 01 8Hb.,.....q;fH.. 0030 2e 5d 7a 53 00 00 00 00 ab 76 0d 00 00 00 00 00 .]zS....+v...... 0040 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f ................ 0050 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f !"#$%&'()*+,-./ 0060 30 31 32 33 34 35 36 37 01234567 Mon May 19 16:36:37 2014 - tun0 recv: IP: len 104 169.228.66.251->44.153.0.1 ihl 20 ttl 39 prot IP IP: len 84 184.72.226.23->44.153.0.1 ihl 20 ttl 38 DF prot ICMP ICMP: type Echo Request id 58952 seq 1 0000 45 00 00 68 63 95 00 00 27 04 16 84 a9 e4 42 fb E..hc...'...)dB{ 0010 2c 99 00 01 45 00 00 54 33 75 40 00 26 01 5a 3a ,...E..T3u@.&.Z: 0020 b8 48 e2 17 2c 99 00 01 08 00 f1 bb e6 48 00 01 8Hb.,.....q;fH.. 0030 2e 5d 7a 53 00 00 00 00 ab 76 0d 00 00 00 00 00 .]zS....+v...... 0040 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f ................ 0050 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f !"#$%&'()*+,-./ 0060 30 31 32 33 34 35 36 37 01234567 Mon May 19 16:36:37 2014 - tun0 sent: IP: len 84 44.153.0.1->184.72.226.23 ihl 20 ttl 175 prot ICMP ICMP: type Echo Reply id 58952 seq 1 0000 45 00 00 54 71 c7 00 00 af 01 d2 e7 2c 99 00 01 E..TqG../.Rg,... 0010 b8 48 e2 17 00 00 f9 bb e6 48 00 01 2e 5d 7a 53 8Hb...y;fH...]zS 0020 00 00 00 00 ab 76 0d 00 00 00 00 00 10 11 12 13 ....+v.......... 0030 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 ............ !"# 0040 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 32 33 $%&'()*+,-./0123 0050 34 35 36 37 4567 ======================================================================= Trace of encap interfase made by jnos> trace encap 211 Here can be seen that encap interfase receives echo req but don't answer Mon May 19 16:36:37 2014 - encap recv: IP: len 84 184.72.226.23->44.153.0.1 ihl 20 ttl 38 DF prot ICMP ICMP: type Echo Request id 58952 seq 1 0000 45 00 00 54 33 75 40 00 26 01 5a 3a b8 48 e2 17 E..T3u@.&.Z:8Hb. 0010 2c 99 00 01 08 00 f1 bb e6 48 00 01 2e 5d 7a 53 ,.....q;fH...]zS 0020 00 00 00 00 ab 76 0d 00 00 00 00 00 10 11 12 13 ....+v.......... 0030 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 ............ !"# 0040 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 32 33 $%&'()*+,-./0123 0050 34 35 36 37 4567 Mon May 19 16:36:37 2014 - encap recv: IP: len 84 184.72.226.23->44.153.0.1 ihl 20 ttl 38 DF prot ICMP ICMP: type Echo Request id 58952 seq 2 0000 45 00 00 54 33 76 40 00 26 01 5a 39 b8 48 e2 17 E..T3v@.&.Z98Hb. 0010 2c 99 00 01 08 00 38 ce e6 48 00 02 2f 5d 7a 53 ,.....8NfH../]zS 0020 00 00 00 00 6f 63 01 00 00 00 00 00 10 11 12 13 ....oc.......... 0030 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 ............ !"# 0040 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 32 33 $%&'()*+,-./0123 0050 34 35 36 37 4567 Mon May 19 16:36:37 2014 - encap recv: IP: len 84 184.72.226.23->44.153.0.1 ihl 20 ttl 38 DF prot ICMP ICMP: type Echo Request id 58952 seq 3 0000 45 00 00 54 33 77 40 00 26 01 5a 38 b8 48 e2 17 E..T3w@.&.Z88Hb. 0010 2c 99 00 01 08 00 c7 a0 e6 48 00 03 2f 5d 7a 53 ,.....G fH../]zS 0020 00 00 00 00 dd 8f 04 00 00 00 00 00 10 11 12 13 ....]........... 0030 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 ............ !"# 0040 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 32 33 $%&'()*+,-./0123 0050 34 35 36 37 4567 ======================================================================= Related autoexec.nos commands to routes & interfaces hostname lu7abf.ampr.org. ip address 44.153.0.1 ax25 mycall lu7abf attach tun tun0 1500 0 ifconfig tun0 ipaddress 44.153.0.10 ifconfig tun0 netmask 255.255.255.0 ifconfig tun0 mtu 1500 shell ifconfig tun0 44.153.0.3 pointopoint 44.153.0.10 mtu 1500 up shell route add 44.153.0.1 gw 44.153.0.3 tun0 shell sudo arp -sD 44.153.0.10 eth0 pub shell echo 0 > /proc/sys/net/ipv4/conf/tun0/rp_filter # disable arp_filter shell echo 1 > /proc/sys/net/ipv4/ip_forward # enable ip_forward shell iptables -t nat -A PREROUTING -d 44.153.0.10/32 --proto 4 \-j DNAT --to 44.153.0.1 shell iptables -t nat -A PREROUTING -d 44.153.0.10/32 --proto 94 \-j DNAT --to 44.153.0.1 shell iptables -t nat -A POSTROUTING -s 44.153.0.1/32 -o eth0 -p 4 shell iptables -t nat -A POSTROUTING -s 44.153.0.1/32 -o eth0 -p 94 shell sudo -s iptables -t nat -A PREROUTING -d 44.153.0.3/32 -p tcp --dport 23 \-j DNAT --to 44.153.0.1:23 shell sudo -s iptables -t nat -A PREROUTING -d 44.153.0.3/32 -p tcp --dport 6300 \-j DNAT --to 44.153.0.1:23 shell sudo -s iptables -t nat -A PREROUTING -d lu7abf.org.ar -p tcp --dport 6300 \-j DNAT --to 44.153.0.1:23 shell sudo -s iptables -t nat -A POSTROUTING -s 44.153.0.1/32 -o eth0 -j MASQUERADE shell sudo -s iptables -t nat -A POSTROUTING -s 44.153.0.10/32 -o eth0 -j MASQUERADE ifconfig encap ip 44.153.0.1 ifconfig encap mtu 1500 ifconfig encap netmask 0xffffffff ifconfig encap broadcast 255.255.255.255 ifc encap descript "IPIP Encapulation interface" arp eaves tun0 on arp eaves encap on arp poll tun0 on arp poll encap on arp maxq 20 route addprivate default tun0 44.153.0.3 route add 44.153.0.1 tun0 44.153.0.10 route add 44.153.0.2 tun0 44.153.0.10 route add 44.153.0.3 tun0 44.153.0.10 ========================================================

10 years, 11 months

2
2
0 0

Re: [44net] Avoid/delete own gw entry broadcast from amprgw (resend)

by Pedro Converso

Wow! Nice and elegant solution !! I did it that way, it works ! route lookup shows now correct despicte amprgw sets wider route. Thanks!!! 73, lu7abf, Pedro > > On Mon, May 19, 2014 at 3:26 AM, Steve Fraser <sfraser(a)sky.apana.org.au> wrote: >> Hi Pedro >> >> (oops, typo) >> >> I think if you have two static routes that are smaller (more specific) than >> the amprgw route (e.g. /24) then they should take priority over the /23 >> amprgw route. >> >> So add routes to 44.153.0.0/24 and 44.153.1.0/24 , to your default. >> >> regards >> >> Steve, vk5asf >> >> On 19/05/14 15:16, Pedro Converso wrote: >>> >>> (Please trim inclusions from previous messages) >>> _______________________________________________ >>> Hello fellow crew aboard this 44 ship, >>> >>> I receive ok every 5 min update routes from amprgw in my jnos2 using rip2. >>> >>> Along with all gateways my own gateway is included affecting my local >>> route that should be pointing to my default route, not to my gw >>> internet IP. >>> >>> Question is: how I can avoid receive/load my own gateway entry ? or >>> else how I can drop this entry coming from amprgw from my route table >>> ? or how to make a permanent route that is not overlaid ? >>> >>> I tried with an at command: at 15 "route drop 44.153.0.0/23 encap+" >>> but in less than 5 minutes the route is again overlaid with my gw >>> entry from amprgw. >>> >>> Appreciate any suggestion/advice, >>> Tks in advance >>> lu7abf, Pedro Converso >>> >>> 73, lu7abf, Pedro >>> _________________________________________ >>> 44Net mailing list >>> 44Net(a)hamradio.ucsd.edu >>> http://hamradio.ucsd.edu/mailman/listinfo/44net >> >>

10 years, 11 months

1
0
0 0

AMPR VPN

by lleachii＠aol.com

Ok, I finally took the time to setup my VPN. I made all the necessary CRT and KEY files, and was able to connect with OpenVPN for Android. I haven't had any success reaching any 44 hosts while connected, except the 44 devices local to the VPN server (I assume). Any ideas anyone? -KB3VWG

10 years, 11 months

2
9
0 0

Avoid/delete own gw entry broadcast from amprgw

by Pedro Converso

Hello fellow crew aboard this 44 ship, I receive ok every 5 min update routes from amprgw in my jnos2 using rip2. Along with all gateways my own gateway is included affecting my local route that should be pointing to my default route, not to my gw internet IP. Question is: how I can avoid receive/load my own gateway entry ? or else how I can drop this entry coming from amprgw from my route table ? or how to make a permanent route that is not overlaid ? I tried with an at command: at 15 "route drop 44.153.0.0/23 encap+" but in less than 5 minutes the route is again overlaid with my gw entry from amprgw. Appreciate any suggestion/advice, Tks in advance lu7abf, Pedro Converso 73, lu7abf, Pedro

10 years, 11 months

2
1
0 0

Re: [44net] Pi Query

by Brian

Thanks Marius; I'll give it a shot when I get home. Sent via the Samsung Galaxy Note® 3, an AT&T 4G LTE smartphone <div>-------- Original message --------</div><div>From: Marius Petrescu <marius(a)yo2loj.ro> </div><div>Date:05/18/2014 11:37 AM (GMT-05:00) </div><div>To: 'AMPRNet working group' <44net(a)hamradio.ucsd.edu> </div><div>Subject: Re: [44net] Pi Query </div><div> </div>(Please trim inclusions from previous messages) _______________________________________________ Hi Brian, Try to set the TTL at tunnel creation: ip tun add tunl0 mode ipip ttl 64 local <your_local_ip> I had the same problem and it works for me. Marius, YO2LOJ -----Original Message----- From: 44net-bounces+marius=yo2loj.ro(a)hamradio.ucsd.edu [mailto:44net-bounces+marius=yo2loj.ro@hamradio.ucsd.edu] On Behalf Of Brian Sent: Sunday, May 18, 2014 16:15 To: AMPRNet working group Subject: Re: [44net] Pi Query (Please trim inclusions from previous messages) _______________________________________________ On Sat, 2014-05-17 at 17:08 -0400, lleachii.aol.com spake: > If your referring to what I think you are. My startup script mentions the command to make traceroute work on a Linux tunnel. > http://44.60.44.13/startampr I use the same command on my boxes and it works fine, however, on the Pi with the latest wheezy (and updates) it does not: root@gw:/home/n1uro# ip tunnel change ttl 64 mode ipip tunl0 add tunnel tunl0 failed: No such file or directory root@gw:/proc# cat version Linux version 3.10.25+ (dc4@dc4-arm-01) (gcc version 4.7.2 20120731 (prerelease) (crosstool-NG linaro-1.13.1+bzr2458 - Linaro GCC 2012.08) ) #622 PREEMPT Fri Jan 3 18:41:00 GMT 2014 root@gw:/proc# ip -V ip utility, iproute2-ss120521 -- 73 de Brian Rogers - N1URO email: <n1uro(a)n1uro.ampr.org> Web: http://www.n1uro.net/ Ampr1: http://n1uro.ampr.org/ Ampr2: http://nos.n1uro.ampr.org Linux Amateur Radio Services axMail-Fax & URONode AmprNet coordinator for: Connecticut, Delaware, Maine, Maryland, Massachusetts, New Hampshire, Pennsylvania, Rhode Island, and Vermont. _________________________________________ 44Net mailing list 44Net(a)hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net _________________________________________ 44Net mailing list 44Net(a)hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net

10 years, 11 months

1
0
0 0

Pi Query

by lleachii.aol.com

Brian, If your referring to what I think you are. My startup script mentions the command to make traceroute work on a Linux tunnel. http://44.60.44.13/startampr - KB3VWG

10 years, 11 months

3
2
0 0

Pi Query

by Brian

Greetings list members; I'm just wondering if anyone's been able (besides creating dupe tunnel interfaces) to fix the traceroute bug on the Raspberry Pi units when tracing through a standard tunl0 ipencap tunnel interface on the updated wheezy distro? -- 73 de Brian Rogers - N1URO email: <n1uro(a)n1uro.ampr.org> Web: http://www.n1uro.net/ Ampr1: http://n1uro.ampr.org/ Ampr2: http://nos.n1uro.ampr.org Linux Amateur Radio Services axMail-Fax & URONode AmprNet coordinator for: Connecticut, Delaware, Maine, Maryland, Massachusetts, New Hampshire, Pennsylvania, Rhode Island, and Vermont.

10 years, 11 months

1
0
0 0

Re: [44net] AMPR VPN

by kb9mwr＠gmail.com

My OpenVPN server doesn't use keys compatible with LoTW like Hessu's. It's mostly just for myself and other local applications. However if you wanted I could email you a ovpn file and the keys off-list. In reality adding a OpenVPN server to your own gateway is a snap.

10 years, 11 months

1
0
0 0

Re: [44net] AMPR VPN

by kb9mwr＠gmail.com

My bad, I missed the part that you were using Hessu's VPN server. I have not tried that yet. Nor do I know how he has things configured. I do run a OpenVPN server on my IPIP gateway. And as I mentioned; the OpenVPN server hands out a 44 address in my subnet and routes all 44 client traffic back to the OpenVPN / IPIP server and it works great. 73' Steve, KB9MWR

10 years, 11 months

2
1
0 0

Re: [44net] AMPR VPN

by kb9mwr＠gmail.com

Did you configure the OpenVPN server to push the route? push "route 44.0.0.0 255.0.0.0"

10 years, 11 months

1
0
0 0

Re: [44net] network summary software?

by kb9mwr＠gmail.com

ntop is awesome! Thanks for telling me about it.

10 years, 11 months

1
0
0 0

network summary software?

by kb9mwr＠gmail.com

I am looking for something like webalizer, but more encompassing. It has to run on a webserver. It should show a summary of various different types of network traffic. Things that come to mind that are close to what I am looking for: http://awstats.sourceforge.net/ http://oss.oetiker.ch/mrtg/ http://humdi.net/vnstat/ Something that analyzes the packets passing through and keeps statistics; ie. -most active IP addresses on the network in terms of traffic -stats on the types of traffic, www, ftp, etc/ Something that can provide insight into what applications and services are being used on the network. Does anything come to mind that fits this description?

10 years, 11 months

6
5
0 0

Re: [44net] 44Net Digest, Vol 3, Issue 96

by Steve Wright

can someone please volunteer to add this to the wiki? On Sun, May 11, 2014 at 7:00 AM, <44net-request(a)hamradio.ucsd.edu> wrote: > Send 44Net mailing list submissions to > 44net(a)hamradio.ucsd.edu > > To subscribe or unsubscribe via the World Wide Web, visit > http://hamradio.ucsd.edu/mailman/listinfo/44net > or, via email, send a message with subject or body 'help' to > 44net-request(a)hamradio.ucsd.edu > > You can reach the person managing the list at > 44net-owner(a)hamradio.ucsd.edu > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of 44Net digest..." > > > Today's Topics: > > 1. Re: 44Net Digest, Vol 3, Issue 89 (David Ranch) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Sat, 10 May 2014 09:22:32 -0700 > From: David Ranch <amprgw(a)trinnet.net> > To: AMPRNet working group <44net(a)hamradio.ucsd.edu> > Subject: Re: [44net] 44Net Digest, Vol 3, Issue 89 > Message-ID: <536E5248.2020404(a)trinnet.net> > Content-Type: text/plain; charset=ISO-8859-1; format=flowed > > > > Do we need a standard ruleset, and documentation to use it, and have this > > in the wiki? iptables or iproute2? Does anyone HAVE a working iproute2 > > setup? > > There are tons of example iptables examples out there though I always > recommend people to review and tailor the ruleset for their own needs. > One such non-AMPR example is the IP Masquerade HOWTO example: > > > http://www.tldp.org/HOWTO/IP-Masquerade-HOWTO/stronger-firewall-examples.ht… > > The above example is distribution agnostic so it should work on your > preferred flavor but there can be benefits of adapting it to either your > distribution's native firewall syntax or to some higher level tool that > incorporates features like QoS, etc (shorewall, etc). I'm willing to > take a stab at putting a baseline config into the Wiki but give me a bit > to troll through the archives, review various people's submitted > configs, etc. and hopefully come up a config that will work for most > base deployments. > > --David > KI6ZHD > > > > ------------------------------ > > _______________________________________________ > 44Net mailing list > 44Net(a)hamradio.ucsd.edu > http://hamradio.ucsd.edu/mailman/listinfo/44net > > > End of 44Net Digest, Vol 3, Issue 96 > ************************************ > -- Meshnetworks - Rangitaiki Plains Rural Broadband Internet Providers +64 21 040 5067

10 years, 11 months

3
2
0 0

Re: [44net] Ubiquiti XR3-3.5 Cards (9cm 802.11a radios)

by Bryan Fields

On 5/11/14, 9:58 PM, Tom Hayward wrote: > What speeds are you seeing between these cards? > > What host board would you recommend? I've not got them setup outside just yet, but I have them in a routerboard rb532 where I was getting 30mbit/s in a 20mhz channel. http://44.98.254.227/ is the SU http://44.98.254.226/ 44net is the user and no password. You can play around with them if you want, as they are connected with an 80 dB pad, you can see it on my gallery. 73's -- Bryan Fields 727-409-1194 - Voice 727-214-2508 - Fax http://bryanfields.net

10 years, 11 months

1
0
0 0

Ubiquiti XR3-3.5 Cards (9cm 802.11a radios)

by Bryan Fields

I've bought a lot of these cards (over 200), and am making them available for 8.50 per card. They are tested for TX/RX being with in 3db of each other to a known good card on 3410 MHz, which you will not find on eBay :) These cover 3400 to 3700 mhz, and do 5, 10, 20 and 40 mhz channel sizes with +25dBm (600mW) output. These cover the top 100 mhz of the 9cm ham band in the US (3300-3500), and this is one of the few bands that is not shared with ISM users. Mikrotik sees them as 5ghz cards, and you just subtract 2ghz from the frequency to get the real operating frequency. Pictures of the innards: http://gallery.keekles.org/v/Radio_stuff/UBNT-XR3/ The UBNT website on them http://www.ubnt.com/xr3 Bart, AE7SJ, from the hamwan project has done some testing on them across the entire band and has the results up here https://www.hamwan.org/t/tiki-index.php?page=Ubiquiti+XR3&structure=HamWAN If you want some please email me offlist. I'll be bringing some with to Dayton and can meet people Thursday afternoon till Friday night to get them to you. If you want to do this I need your cell number and the number you want. 73's and lets get some high speed packet going on 9cm! -- Bryan Fields 727-409-1194 - Voice 727-214-2508 - Fax http://bryanfields.net

10 years, 11 months

2
1
0 0

Re: [44net] 44Net Digest, Vol 3, Issue 89

by Steve Wright

> Warning to 'echo', 'discard' and 'daytime' services too > since as per the 'chargen' they can otherwise be > used for some nasty denial-of-service attacks. This is a frequently encountered problem, stemming either from lazyness or inexperience. Do we need a standard ruleset, and documentation to use it, and have this in the wiki? iptables or iproute2? Does anyone HAVE a working iproute2 setup? This stuff can be a pain I know - a bit like mowing your lawns, but if you don't do it, eventually you'll be sorry.

10 years, 12 months

2
1
0 0

static ip..

by Jerry

Ok about to lose my ISP. And my Static IP. Is there a way YET to do net44 without a static IP. As far as service in my area.. I think I live in a 3rd world country. Oh wait they have better service.. lol Join Dropbox today <https://db.tt/72qWEIC2> https://db.tt/72qWEIC2 N9LYA/K9BBS <http://w9bbs.no-ip.org:8080/> http://w9bbs.no-ip.org:8080 K9BBS IP 44.48.0.42 Linbpq 6.0.7.2 Debian Linux 6.0.7 Dell_Server_2600_4GBRAM_73GBHD_Dual_Dual_Core_CPU_1.8Ghz W9HU <http://w9bbs.no-ip.org:8081/> http://w9bbs.no-ip.org:8081 W9HU IP 44.48.0.44 PilinBPQ 6.0.7.2 Raspbian-wheezy-7_Rpi_B_700MHz_256MBram_128GB-SD-class10 N9LYA-5 IP 44.48.0.46 Jnos 2.0j N9LYA-9 IP 44.48.0.41 Uronode 2.1 Debian Linux 6.0.7 HP 3.4Ghz 2GB Ram 2TB Hard drive W9BBS-3 IP 44.48.0.45 MSYS 1.20Beta4 Dell XP Sp3 40GB HD 756 MB Ram NODE's I CO-SYSOP KC9JIH-7:LEHIGH K9UY-7:NOIRAM <http://www.mitchellwx.com/> http://www.mitchellwx.com wview 5.20.2 <http://www.n9lya.com/> http://www.n9lya.com <http://www.hfskipnet.net/> http://www.hfskipnet.net <http://www/indianapacketcouncil.com> http://www/indianapacketcouncil.com <http://aprs.fi/#!mt=roadmap&z=11&call=a%2FN9LYA-5&timerange=3600&tail=3600> http://aprs.fi/#!mt=roadmap&z=11&call=a%2FN9LYA-5&timerange=3600&tail=3600 <http://aprs.fi/#!mt=roadmap&z=11&call=a%2FN9LYA-3&timerange=3600&tail=3600> http://aprs.fi/#!mt=roadmap&z=11&call=a%2FN9LYA-3&timerange=3600&tail=3600 My net44 subnet 44.48.0.41 uronode.n9lya.ampr.org uronode.n9lya 44.48.0.42 k9bbs.ampr.org k9bbs 44.48.0.43 w9otr.ampr.org w9otr 44.48.0.44 w9hu.ampr.org w9hu 44.48.0.45 w9bbs.ampr.org w9bbs 44.48.0.46 n9lya.ampr.org n9lya n9lya-3 73 Jerry N9LYA HF Skipnet Coordinator HF Skipnet Midwest HUB ARRL Net Manager - Packet Indiana AmprNet IP Coordinator Indiana Indiana Packet Coordinator Sysop N9LYA/K9BBS/W9BBS/W9OTR W9OTR Hoosier Amateur Radio Digital Society W9HU Hoosier Radio Society

10 years, 12 months

2
1
0 0

Re: [44net] 44Net Digest, Vol 3, Issue 94

by Steve Wright

On Tue, May 6, 2014 at 7:00 AM, <44net-request(a)hamradio.ucsd.edu> wrote: >Client modems will scan for the three frequencies in use by the three sectors, and connect to whichever cell site is available. (Generally one you have pointed your antenna at.) Hehehe, then its not "cellular" is it.. hehe, it's going to connect to the only signal it can see - the AP (sorry, cell site) that it's pointed at. > Far be it for Steve Write, a newcomer to the field of packet radio, > who hasn't even successfully built and connected his own TCP/IP node, > to embarrass himself on a mailing list by correcting the terminology > used by someone with more technical experience in the field than he. > No, that wouldn't be right would it? After all he hasn't even finished > reading all those unwritten Wiki's - and corrected them, loudly and at > great personal sacrifice - since newcomers are a fount of knowledge > and wisdom about the errors and omissions in the documentation by > those who have gone before them. Hehehe, no I said "point taken and conceded", you read back and see! I AGREED with the man, AND conceded the point. Actually, I had allocated a 44/30 25 years ago, ran NOS over laggy 1200bd AFSK links on a 386 PC with one floppy, and my Internet connection was VT100 unix shell until I was allowed to run a SLIP link, so I am no newcomer, as you incorrectly state as fact. Egg on face again! Actually, hehehe there is also the situation where I have connected many many TCP/IP units in remote areas over wireless links, but the professional equipment I use is not really supported by the piecemeal approach so far with the 44net crowd - I hope to change that. What do you hope to achieve? Your sarcasm regarding the wiki is also noted. Why you might attack me about this is very surprising. Quite frankly, there was nothing of value in the wiki before I pointed out the glaringly obvious fact, and now that is changing fast, and it will keep changing until the path forward for all people is abundantly clear. I think you would just like to take the opportunity to be abusive. I address the issue concisely, learn from what is said, retract when incorrect, yet you evade all logic and pursue your ad hominem approach. I offer regret for offence taken, but you offer more offence? I don't think you are part of the solution, or part of any solution. For anything. 8-/

10 years, 12 months

1
0
0 0

rip44d

by Peter - ZL2BAU

Hi All, Does any one know if there is a problem with UDP port 520 and rip44d, I am monitoring it but I see no data arriving here at all. Have tested from an outside source and the port is receiving all ok. Comments ? -- Regards ..... Peter ZL2BAU ZL2BAU - Waimate BBS - South Canterbury APRS iGate Located In - Waimate - South Island - New Zealand Grid Location : RE55MG ( 44.44.26S / 171.03.23E ) New Zealand / World Wide Telnet BBS Forwarding E-Mail : peter.zl2bau(a)gmail.com Skype : ZL2BAU or Peter Mallett Packet Mail : ZL2BAU @ ZL2BAU.#79.NZL.OC NZART Member Number : 104431 Internet LinBBS : telnet://118.82.200.153:6303 Internet Xrouter Node : telnet://118.82.200.153 Internet Xrouter Node : BAUNOD:ZL2BAU-3 (44.147.210.26) Xrouter Chat Server : telnet://118.82.200.153:3600 Xrouter APRS Server : telnet://118.82.200.153:1448 LinFBB HTTP Server : http://118.82.200.153:8085 Tcp/Ip Routing : 44.147.210.0/24 (Gateway 44.147.210.26) Default UDP Port : 93 (Other ports to suite)

11 years

3
5
0 0

44/8 allocation

by lleachii.aol.com

John, Lol...you know I meant the major /8's that were handed out long ago that, to date, have never signed an agreement with their RIR. I stand corrected, though, there are Legacy allocations smaller than /8 that exist as well...but they are not listed in RFCs (as fixtures of the 'DARPA Internet'). -KB3VWG

11 years

12
35
0 0

Fwd: HamWAN DNS update

by John D. Hays

paine-s1.hamwan ADD CNAME ether1.paine-s1.hamwan.net ether1.paine-s1.hamwan ADD A 44.24.240.131 wlan1.paine-s1.hamwan ADD A 44.24.240.145 corvallis-er1.hamwan ADD A 198.178.136.80 seattle-er1.corvallis-er1.hamwan ADD A 44.24.242.20 capitolpark.nq1e.corvallis-er1.hamwan ADD A 44.24.242.0 paine.k7nvh.corvallis-er1.hamwan ADD A 44.24.242.8 corvallis-srv1-kvm.corvallis-er1.hamwan ADD A 44.24.242.25 baldi.corvallis-er1.hamwan ADD A 44.24.242.2 paine.ae7sj.corvallis-er1.hamwan ADD A 44.24.242.4 wlan1.paine-s3.hamwan ADD A 44.24.240.177 ether1.paine-s3.hamwan ADD A 44.24.240.133 wlan1.paine.ae7sj.hamwan ADD A 44.24.242.7 corvallis-er1.hamwan ADD A 198.178.136.80

11 years

1
0
0 0

Re: [44net] 44Net Digest, Vol 3, Issue 93

by Steve Wright

On Mon, May 5, 2014 at 7:00 AM, <44net-request(a)hamradio.ucsd.edu> wrote: > What are you talking about? Who said anything about professionals, and > why did you bring it up? 44net is for ham radio networks. A "Cell Site", for the uninformed, is a "Cellular Phone site". What he appears to have been working on, in hindsight, appears to be commonly referred to as an "Access Point", or in ham-radio speak, a "Node". A genuine misunderstanding arising from the incorrect placement of a technical term, however I do regret that offence was taken(sic). Reminder to use the correct terminology, and to filter for misunderstandings before unleashing the offence. > I don't see how this has any relation to politics. Bart wants to > identify ISPs that may not work well with 44net due to blocking > tunneling protocols. GRE is just an example, but an ISP could easily > block IPIP, too. > > It would be really helpful to have some software that would tell you > "You're ISP is blocking it" instead of just emailing the 44net list > with "Why don't my tunnels route traffic?" Point taken and conceded. Best way to ask ISPs what they filter, is to simply ASK them. Why would you connect with some ISP and then spend months trying to debug something, when you could simply ASK them beforehand? Perhaps you like your head down such rabbitholes? I do not - I want to plug it in and it works.

11 years

4
3
0 0

Re: [44net] IP Protocol Filtering

by Jerry Kutche

I'll mess with it when I get home. With no interest when I unplug the linbpq box it stop cycling router when I plug it back in starts immediately. No other PCs on network. On May 4, 2014 12:25 AM, Brian <n1uro(a)n1uro.ampr.org> wrote: > > (Please trim inclusions from previous messages) > _______________________________________________ > Greetings; > > I have noticed that some of the internal routing within comcast hasn't > been as stable lately as it once was, and have especially noticed > extremely high latency between comcast.net and other cable based > networks such as rr.com from doing non-ipencap traces. This of course > would affect any ipencap frames trying to use the same path. > > In regards to the thread that's _unnecessarily_ spawned off from this > same one, there's a huge difference between a protocol and a service. > ISP can filter protocols as most do OSPF, and some may indeed charge for > an OSPF based peer. I've yet, however, to see an ISP charge for a > protocol that a potential VPN would run on... I would think that would > kill corporate-based accounts for them. > -- > 73 de Brian Rogers - N1URO > email: <n1uro(a)n1uro.ampr.org> > Web: http://www.n1uro.net/ > Ampr1: http://n1uro.ampr.org/ > Ampr2: http://nos.n1uro.ampr.org > Linux Amateur Radio Services > axMail-Fax & URONode > AmprNet coordinator for: > Connecticut, Delaware, Maine, > Maryland, Massachusetts, > New Hampshire, Pennsylvania, > Rhode Island, and Vermont. > > _________________________________________ > 44Net mailing list > 44Net(a)hamradio.ucsd.edu > http://hamradio.ucsd.edu/mailman/listinfo/44net >

11 years

1
0
0 0

Re: [44net] 44Net Digest, Vol 3, Issue 92

by Steve Wright

On Sun, May 4, 2014 at 7:00 AM, <44net-request(a)hamradio.ucsd.edu> wrote: > During some cell site work last night, I seem to have experienced > Comcast dropping packets from point A to point B simply based on the > fact that their IP protocol was GRE (IP protocol 47). I also found some > posts on the Internet that claim Comcast wishes to charge more money to > transport GRE packets. I'm not sure if this is true, or if I made a > mistake somehow in my traffic handling. Therefore... If you really WERE working in a professional role on such equipment, and you ACTUALLY DID notice GRE packets missing, I would hazard a guess that you were perfectly capable of scripting up nc, nmap etc, with some bash or python to do as you ask, instead of trolling this networking group with your political goals. On topic though, I do recall some recent amendments to law (actually rules of a corporation, not real law) where it was specifically forbidden that any ISP rate-limit any service whatsoever, and then charge to un-limit it, so likely the govt is ahead of you on this one. Perhaps an email to the company concerned with a polite request for the same information, and an implied threat to write some network discovery tool might net you dividends you seek, or at least a straight answer - rare as they are.

11 years

2
1
0 0

Request for Software - IP Protocol Filtering Measurement

by Bart Kus

Hi, During some cell site work last night, I seem to have experienced Comcast dropping packets from point A to point B simply based on the fact that their IP protocol was GRE (IP protocol 47). I also found some posts on the Internet that claim Comcast wishes to charge more money to transport GRE packets. I'm not sure if this is true, or if I made a mistake somehow in my traffic handling. Therefore... Would someone be willing to create software instruments to measure this claim in general? I'd like to see a transmitter and a receiver piece of software that can run on Linux to generate and record a sweep of IP packets carrying all possible protocol numbers (0-255). The protocol payloads themselves don't need to be well-formatted, just the protocol number in the IP header needs to be set. Your software will be considered successful if it measures 100% of all protocols as available over an unfiltered (eg: LAN) link. The results of such a measurement would be useful in gauging the ISP quality of any given carrier. It seems we're moving closer to Selective Protocol Service Providers (SPSP) and away from true Internet Service Providers (ISP) if this GRE finding turns out to be right. --Bart

11 years

1
0
0 0

spam

by Steve Wright

> On Mon, Apr 28, 2014 at 7:00 AM, <44net-request(a)hamradio.ucsd.edu> wrote: > > BTW, your emails trigger gmail's spam filter -- I'm surprised any of this weeks' postings got past the spam filter whatsoever.... Can we get some tech content please, people? Enough of this rules and politics crap.

11 years

2
1
0 0

Last minute DDoS attackers

by Gustavo Ponza

... as per information. gus i0ojj ------------- com. 0 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1398772092 1800 900 604800 86400 dnsscan.shadowserver.org. 0 IN A 184.105.143.133 fema.gov. 0 IN NS asia2.akam.net. fema.gov. 0 IN NS eur2.akam.net. fema.gov. 0 IN NS use3.akam.net. fema.gov. 0 IN NS usw4.akam.net. fema.gov. 0 IN NS usc2.akam.net. fema.gov. 0 IN NS usw3.akam.net. fema.gov. 0 IN NS use1.akam.net. . 0 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2014042800 1800 900 604800 86400 com. 0 IN NS f.gtld-servers.net. com. 0 IN NS j.gtld-servers.net. com. 0 IN NS g.gtld-servers.net. com. 0 IN NS e.gtld-servers.net. com. 0 IN NS l.gtld-servers.net. com. 0 IN NS k.gtld-servers.net. admin.wilyee.com. 0 IN A 216.187.94.181 130.99.20.198.IN-ADDR.ARPA. 0 IN PTR census4.shodan.io. 1000.e920862c.dnsr.if-is.net. 0 IN A 134.147.203.115 ddosforums.pw. 0 IN SOA dina.ns.cloudflare.com. dns.cloudflare.com. 2014945315 10000 2400 604800 3600 ddosforums.pw. 0 IN NS dina.ns.cloudflare.com. ddosforums.pw. 0 IN NS ian.ns.cloudflare.com. ianawww.vip.icann.org. 0 IN A 192.0.32.8 www.iana.org. 0 IN CNAME ianawww.vip.icann.org. openresolvertest.net. 0 IN A 204.42.254.5 65cf69a0.openresolvertest.net. 0 IN CNAME openresolvertest.net. 1x1.cz. 0 IN A 46.234.99.18 114.70.20.198.IN-ADDR.ARPA. 0 IN PTR census3.shodan.io. isc.org. 0 IN NS ns.isc.afilias-nst.info. isc.org. 0 IN NS ord.sns-pb.isc.org. dnsamplificationattacks.cc. 0 IN SOA a.dns.gandi.net. hostmaster.gandi.net. 1349871047 10800 3600 604800 10800 dnsamplificationattacks.cc. 0 IN MX 10 spool.mail.gandi.net. dnsamplificationattacks.cc. 0 IN MX 50 fb.mail.gandi.net. dnsamplificationattacks.cc. 0 IN A 217.70.184.38 dnsamplificationattacks.cc. 0 IN NS c.dns.gandi.net. dnsamplificationattacks.cc. 0 IN NS b.dns.gandi.net. dnsamplificationattacks.cc. 0 IN NS a.dns.gandi.net. shodan.io. 0 IN NS b.dns.gandi.net. shodan.io. 0 IN NS a.dns.gandi.net. shodan.io. 0 IN NS c.dns.gandi.net. openresolverproject.org. 0 IN A 204.42.254.5 65cf69a0.openresolverproject.org. 0 IN CNAME openresolverproject.org. ietf.org. 0 IN NS ns1.yyz1.afilias-nst.info. ietf.org. 0 IN NS ns1.ams1.afilias-nst.info. ietf.org. 0 IN NS ns1.mia1.afilias-nst.info. ietf.org. 0 IN NS ns0.amsl.com. ietf.org. 0 IN NS ns1.sea1.afilias-nst.info. ietf.org. 0 IN NS ns1.hkg1.afilias-nst.info. iorr.ru. 0 IN SOA ns1.reg.ru. hostmaster.ns1.reg.ru. 1397802273 14400 3600 604800 43200 iorr.ru. 0 IN A 123.123.123.26 iorr.ru. 0 IN A 123.123.123.70 iorr.ru. 0 IN A 123.123.123.17 iorr.ru. 0 IN A 123.123.123.41 iorr.ru. 0 IN A 123.123.123.158 iorr.ru. 0 IN A 123.123.123.67 iorr.ru. 0 IN A 123.123.123.137 iorr.ru. 0 IN A 123.123.123.101 iorr.ru. 0 IN A 123.123.123.61 iorr.ru. 0 IN A 123.123.123.119 iorr.ru. 0 IN A 123.123.123.79 iorr.ru. 0 IN A 123.123.123.190 iorr.ru. 0 IN A 123.123.123.229 iorr.ru. 0 IN A 123.123.123.237 iorr.ru. 0 IN A 123.123.123.4 iorr.ru. 0 IN A 123.123.123.66 iorr.ru. 0 IN A 123.123.123.224 iorr.ru. 0 IN A 123.123.123.183 iorr.ru. 0 IN A 123.123.123.110 74.69.20.198.IN-ADDR.ARPA. 0 IN PTR census1.shodan.io. -----------------

11 years

1
0
0 0

chargen service

by Brian Kantor

You should check to make sure that you have the 'chargen' service disabled on your hosts, and block it in your routers if you can. I've already contacted the people whose system was involved in this attack. - Brian ----- Forwarded message ----- Subject: Exploitable chargen service used for an attack: 44.x.x.x. It appears that a public "chargen" service on your network, running on IP address 44.x.x.x, participated in a large-scale attack against a customer of ours today, generating large UDP responses to spoofed probes that claimed to be from the attack target. chargen is an old testing service that generates large quantities of traffic with only a small request required. It is commonly enabled by default on old printers and other connected appliances, but it has no useful purpose over the open internet. Please block UDP port 19 (inbound and outbound) at your network edge, as this should stop these chargen attacks without blocking legitimate traffic. If the endpoint device that generated this traffic is configurable, please further investigate whether it is running a chargen service (and disable it, if so) -- commonly exploited devices include Cisco hardware that has "udp small servers" mistakenly enabled, old printers, old UNIX boxes with "chargen" running under inetd, and Windows boxes with the "Simple TCP/IP services" package installed. Also, it is worth checking if it is a machine that has been compromised, as some malware directly generates port 19 traffic, simulating chargen, and in this way masks its presence. If you are an ISP, please also look at your network configuration and make sure that you do not allow spoofed traffic (that pretends to be from external IP addresses) to leave the network. Hosts that allow spoofed traffic make possible this type of attack. ----- End forwarded message -----

11 years

2
1
0 0

Re: [44net] chargen service

by kb9mwr＠gmail.com

Jerry, Stick this in the DD-WRT administration command shell box: /sbin/iptables -A OUTPUT -p udp --dport 19 -j DROP

11 years

1
0
0 0

Re: [44net] chargen service

by Jerry Kutche

Brian. Can u tell me how. Been having some kind of issues here. Also think my router it sick. Have a new one on way. Buffalo wzr-600dhp running dd-wrt latest .. Non beta.. 73 jerry On Apr 29, 2014 1:34 PM, Brian Kantor <Brian(a)UCSD.Edu> wrote: > > (Please trim inclusions from previous messages) > _______________________________________________ > You should check to make sure that you have the 'chargen' service > disabled on your hosts, and block it in your routers if you can. > > I've already contacted the people whose system was involved in this attack. > - Brian > > > ----- Forwarded message ----- > > Subject: Exploitable chargen service used for an attack: 44.x.x.x. > > It appears that a public "chargen" service on your network, running > on IP address 44.x.x.x, participated in a large-scale attack against a > customer of ours today, generating large UDP responses to spoofed probes > that claimed to be from the attack target. > > chargen is an old testing service that generates large quantities of > traffic with only a small request required. It is commonly enabled by > default on old printers and other connected appliances, but it has no > useful purpose over the open internet. > > Please block UDP port 19 (inbound and outbound) at your network > edge, as this should stop these chargen attacks without blocking > legitimate traffic. If the endpoint device that generated this traffic > is configurable, please further investigate whether it is running a > chargen service (and disable it, if so) -- commonly exploited devices > include Cisco hardware that has "udp small servers" mistakenly enabled, > old printers, old UNIX boxes with "chargen" running under inetd, and > Windows boxes with the "Simple TCP/IP services" package installed. Also, > it is worth checking if it is a machine that has been compromised, as > some malware directly generates port 19 traffic, simulating chargen, > and in this way masks its presence. > > If you are an ISP, please also look at your network configuration and > make sure that you do not allow spoofed traffic (that pretends to be from > external IP addresses) to leave the network. Hosts that allow spoofed > traffic make possible this type of attack. > > ----- End forwarded message ----- > > _________________________________________ > 44Net mailing list > 44Net(a)hamradio.ucsd.edu > http://hamradio.ucsd.edu/mailman/listinfo/44net >

11 years

1
0
0 0

help?

by Jerry

I have been having severe issues staying connected to the internet all day.. I did two things as a test.. I think its related to my Net 44 box. 1) Turned off the JNOS/URO box 2) Removed it from DMZ Going to see how things look. I think it is getting hit with junk from the internet . If so I may be forced to leave it off.. if so.. But not sure how to tell.. Other than if I can stay connected and so far it has improved a thousand fold.. If anyone knows how to stop this let me know. A Script I can install on my dd-wrt enabled buffalo wzr600dhp router would be best or anything I can run on linux. Thanks 73 jerry n9lya Join Dropbox today <https://db.tt/72qWEIC2> https://db.tt/72qWEIC2 N9LYA/K9BBS <http://w9bbs.no-ip.org:8080/> http://w9bbs.no-ip.org:8080 K9BBS IP 44.48.0.42 Linbpq 6.0.7.2 Debian Linux 6.0.7 Dell_Server_2600_4GBRAM_73GBHD_Dual_Dual_Core_CPU_1.8Ghz W9HU <http://w9bbs.no-ip.org:8081/> http://w9bbs.no-ip.org:8081 W9HU IP 44.48.0.44 PilinBPQ 6.0.7.2 Raspbian-wheezy-7_Rpi_B_700MHz_256MBram_128GB-SD-class10 N9LYA-5 IP 44.48.0.46 Jnos 2.0j N9LYA-9 IP 44.48.0.41 Uronode 2.1 Debian Linux 6.0.7 HP 3.4Ghz 2GB Ram 2TB Hard drive W9BBS-3 IP 44.48.0.45 MSYS 1.20Beta4 Dell XP Sp3 40GB HD 756 MB Ram NODE's I CO-SYSOP KC9JIH-7:LEHIGH K9UY-7:NOIRAM <http://www.mitchellwx.com/> http://www.mitchellwx.com wview 5.20.2 <http://www.n9lya.com/> http://www.n9lya.com <http://www.hfskipnet.net/> http://www.hfskipnet.net <http://www/indianapacketcouncil.com> http://www/indianapacketcouncil.com <http://aprs.fi/#!mt=roadmap&z=11&call=a%2FN9LYA-5&timerange=3600&tail=3600> http://aprs.fi/#!mt=roadmap&z=11&call=a%2FN9LYA-5&timerange=3600&tail=3600 <http://aprs.fi/#!mt=roadmap&z=11&call=a%2FN9LYA-3&timerange=3600&tail=3600> http://aprs.fi/#!mt=roadmap&z=11&call=a%2FN9LYA-3&timerange=3600&tail=3600 My net44 subnet 44.48.0.41 uronode.n9lya.ampr.org uronode.n9lya 44.48.0.42 k9bbs.ampr.org k9bbs 44.48.0.43 w9otr.ampr.org w9otr 44.48.0.44 w9hu.ampr.org w9hu 44.48.0.45 w9bbs.ampr.org w9bbs 44.48.0.46 n9lya.ampr.org n9lya n9lya-3 73 Jerry N9LYA HF Skipnet Coordinator HF Skipnet Midwest HUB ARRL Net Manager - Packet Indiana AmprNet IP Coordinator Indiana Indiana Packet Coordinator Sysop N9LYA/K9BBS/W9BBS/W9OTR W9OTR Hoosier Amateur Radio Digital Society W9HU Hoosier Radio Society

11 years

5
6
0 0

How-To BGP?

by Jim Alles

Ok, so I am a licensed HAM, an amateur that has no formal education or job experience regarding networking. However, I believe I have a better handle on IT than most hams in general, present company excluded. (Anything I can do to help) I am assisting the Penn State Amateur Radio Club, a student organization, to get a couple of 1Gb network backbone connections lit up. One is dedicated to a D-star gateway (K3CR). The other location is the ham shack, for web browsing and other future uses, such as APRS Igate, IRLP or Asterisk. We will have a /29 assigned by the University. The two Microtik routers we have purchased are capable of BGP. The university will not advertise 44net, or allow me to announce BGP. sigh. Does anyone have any suggestions? Another regional resource we have in the state of Pennsylvania is PennREN. It is a partnership that built out fiber optics in a figure-eight footprint all around the state. They can provide connectivity (I would like to get a VPN server co-located in their facilities), but they also have dark fiber available. My long-term vision is to have a 501c(3) organized by hams light up a couple of those strands to create a regional 44net. Local hams/clubs would each have to provide their own 'last mile' I believe there is a group in Pittsburgh already doing something similar. I want to learn enough to understand the conversation. Thanks for the video! Jim Alles, KB3TBX

11 years

4
3
0 0

Re: [44net] What is 44net?

by Bryan Fields

On 4/24/14, 6:54 PM, K7VE - John wrote: > I think the better model is BGP "nodes" which provide VPN to subnets. > The BGP node admins would provide the VPN authentication to know what > subnets were attaching and BGP would provide Internet connectivity > (including subnets). +1 I trust my VPN users and announce via BGP to the global routing table. If you want to trust my routes cool, if not that's cool too. I think everyone is over-thinking this. It does no good if the majority of traffic over 44net allocations is ping and traceroute. Let shit flow and see what happens. IF some one starts abusing it, shut it down and fix it. It's like a repeater when there is a jammer. Once you're aware of it, you shut it down till they go away and you're not liable for it. -- Bryan Fields 727-409-1194 - Voice 727-214-2508 - Fax http://bryanfields.net

11 years

17
49
0 0

Re: [44net] What is 44net?

by Michael E Fox - N6MEF

Ridiculous. Amprgw was out for 4 plus hours some months ago. Your plan would put two such failure points between most end-points. A comment like that could ONLY come from someone with ZERO experience running production networks. The last thing we need is a bunch of self important amateurs with little to no succesful carrier experience and zero contractual obligation for performance inserting themselves in the middle of our existing traffic. Michael N6MEF Sent from my Verizon Wireless 4G LTE smartphone -------- Original message -------- From: K7VE - John <k7ve(a)k7ve.org> Date:04/25/2014 4:01 PM (GMT-08:00) To: AMPRNet working group <44net(a)hamradio.ucsd.edu> Subject: Re: [44net] What is 44net? (Please trim inclusions from previous messages) _______________________________________________ Most failures are localized and temporary. ------------------------------ John D. Hays K7VE PO Box 1223, Edmonds, WA 98020-1223 <http://k7ve.org/blog> <http://twitter.com/#!/john_hays> <http://www.facebook.com/john.d.hays> On Fri, Apr 25, 2014 at 3:41 PM, Michael E Fox - N6MEF <n6mef(a)mefox.org>wrote: > (Please trim inclusions from previous messages) > _______________________________________________ > > > -----Original Message----- > > >So how do you do it now? You use an IPIP tunnel (another type of > >VPN), nothing changes for the end user except, his tables get much > >smaller, she routes local 44.x.x.x traffic locally and uses an IPIP > >tunnel to a tier or border router. > > So you're creating multiple new single points of failure. With your plan, > I > can get to a few other local gateways. Anything else has to go through > this > new single point of failure locally, plus, presumably, and another single > point of failure near my destination. So most worldwide connectivity would > now have to traverse two single points of failure that currently don't > exist. This is good because ...? > > Michael > N6MEF > > > > _________________________________________ > 44Net mailing list > 44Net(a)hamradio.ucsd.edu > http://hamradio.ucsd.edu/mailman/listinfo/44net >

11 years

2
1
0 0

Fwd: HamWAN DNS update

by John D. Hays

dhcp-44-24-240-172.paine-s2.hamwan ADD A 44.24.240.172 dhcp-44-24-240-165.paine-s2.hamwan ADD A 44.24.240.165 dhcp-44-24-240-162.paine-s2.hamwan ADD A 44.24.240.162 dhcp-44-24-240-173.paine-s2.hamwan ADD A 44.24.240.173 dhcp-44-24-240-164.paine-s2.hamwan ADD A 44.24.240.164 dhcp-44-24-240-171.paine-s2.hamwan ADD A 44.24.240.171 dhcp-44-24-240-161.paine-s2.hamwan ADD A 44.24.240.161 dhcp-44-24-240-174.paine-s2.hamwan ADD A 44.24.240.174 dhcp-44-24-240-163.paine-s2.hamwan ADD A 44.24.240.163 dhcp-44-24-240-166.paine-s2.hamwan ADD A 44.24.240.166 dhcp-44-24-240-168.paine-s2.hamwan ADD A 44.24.240.168 dhcp-44-24-240-169.paine-s2.hamwan ADD A 44.24.240.169 dhcp-44-24-240-167.paine-s2.hamwan ADD A 44.24.240.167 dhcp-44-24-240-170.paine-s2.hamwan ADD A 44.24.240.170

11 years

1
1
0 0

Re: [44net] What is 44net?

by Bryan Fields

On 4/25/14, 3:25 PM, lleachii(a)aol.com wrote: > Some of those who announce their allocations now refuse to maintain tunnels for others. I will maintain tunnels for others (excluding aol users), even have IPsec vpn going for dial on demand hamnet goodness. 73's -- Bryan Fields 727-409-1194 - Voice 727-214-2508 - Fax http://bryanfields.net

11 years

2
1
0 0

Re: [44net] What is 44net?

by William Lewis

At 10:15 AM 04/25/14, you wrote: >There is a class B space 172.16.x.x Keep in mind that 172.16 is actually 172.16.0.0/12 and not /16 Bill Lewis KG6BAJ

11 years

1
0
0 0

What is 44net?

by Cory (NQ1E)

Hello fellow radio/network geeks! While trying as much as I can to not come off as condescending, I would like to try and provide a little perspective so that we can hopefully clear up some confusion and speak in mutually agreeable terms. There seems to be many misconceptions by several people on this list who may be seeing 44net as a single service or network where everyone needs to be able to speak to each other and where all traffic sourced from it can be trusted. Oh, and RADIO :) The global internet isn't even one large network in that sense. It's actually just a concept that allows many different individual autonomous networks to coordinate and cooperate with each other while allowing them to share traffic among their users. Those in control of things like allocating IP space and DNS are only in that position because the majority of networks recognize their authority. Just like similar authorities on the internet, ARDC is just a registry that provides chunks of the globally unique IP space to individual networks which allows them to interoperate with each other or any other global network without conflict (but does not mean that they *must* work with other networks). In this case, they only agree to provide these services to networks that support amateur radio in one form or another. It just so happens that they also provide a service that coordinates IPIP tunnels so these networks can send encapsulated traffic to each other without needing to make their own peering arrangements with other networks on the internet at large. Since most people are only used to the idea of the internet being a "service" provided to them, it's easy to see why this can be confused. Those familiar with the HSMM projects may have noticed that they chose to operate in the non-unique 10/8 space in order to support autoconfiguration. However, once their project grew beyond those specific linksys models, they started having conflicts. Even now, those HSMM networks that are up and running can't communicate with users on other networks without complicated NAT tables. It would be much better to take advantage of our 44/8 resources for those projects by assigning blocks to each mesh island. That way they can start peering with other networks or other mesh islands directly. When asked why having 44/8 is important, this is a perfect example and there are many others. When talking about technical solutions to problems we come across, it's also important to consider that as hams, it's likely that our networks are experimental and will therefore have a wide range of configurations that could prohibit their ability to share traffic with some others. This should absolutely be encouraged as long as what they do does not impact any other network's ability to operate normally. Therefore, there is no "right" or "wrong" way to configure your network as long as you get your expected result. Just keep in mind that following best-practices is the best way to ensure compatibility. Ideally, those who operate the registry will shift closer to this way of thinking and start supporting more advanced users to do non-standard things (such as DNS or PTR delegation, for example). We also need to be careful about the terminology we use when referring to security, in order to avoid mistaken assumptions. Source addresses can be used in our case to provide a convenient filter against the majority of incoming junk internet traffic. However, this must not be confused for "authentication" or knowing *who* is sending you the packets. Make sure you understand the risks when opening up a service on your network. If you're trying to filter out most undesirables, source filtering can be okay. However, if you need to know who you are talking to, you must use another method. Also, myself and several others on this list may be in a good position to help if you need assistance in this area. Best regards, -Cory NQ1E Your friendly neighborhood radio hacker

11 years

11
17
0 0

Re: [44net] What is 44net?

by Michael E Fox - N6MEF

What would this mean for the existing tunnel mesh? Today, with the existing full mesh of tunnels, there is no single point of failure between any gateway and any other. Surely you're not suggesting the introduction of multiple, regional single points of failure. Or are you? Michael N6MEF Sent from my Verizon Wireless 4G LTE smartphone -------- Original message -------- From: K7VE - John <k7ve(a)k7ve.org> Date:04/24/2014 11:07 PM (GMT-08:00) To: AMPRNet working group <44net(a)hamradio.ucsd.edu> Subject: Re: [44net] What is 44net? (Please trim inclusions from previous messages) _______________________________________________ Don, You are missing the whole point - Not everyone needs to run BGP, or have a datacenter, they just need to find a border node who does and VPN/Tunnel to it. It's called cooperation. Those who can provide a BGP border node, can 'advertise' through this list or portal.ampr.org that fact and how to get setup to tunnel/VPN to them. Like I said some of these routers have 'unlimited' support for VPN/Tunnel clients. You can also tier this architecture. A single border router might be supporting 20 /16 VPNs/Tunnels to tier 2 routers, those routers might support 30 smaller subnets and so on --- There are some peering points that are relatively inexpensive (or free) and some individuals are in a position to be generous. This is no different than the FM repeater operator who pays for a site, equipment, and power costs to benefit a community of users, who may or may not make donations to that cost. Right now the total traffic on 44net could probably ride on a single home broadband connection. http://wiki.mikrotik.com/wiki/Manual:Interface/Gre The VPNs can be full up using available protocols MikroTik runs a variety of VPN protocols PPTP, L2TP, IPIP, ... Cisco has DMVPN -- you just have to find a common one between two routers. I run my personal /24 (non-44net) over a VPN 24x7 and have several hosts, including D-STAR gateways running over it. http://www.seattleix.net/rules.htm ________________________________ John D. Hays K7VE PO Box 1223, Edmonds, WA 98020-1223 _________________________________________ 44Net mailing list 44Net(a)hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net

11 years

1
0
0 0

Re: [44net] What is 44net?

by Assi Friedman

Again, we are going into the weeds, and certainly beyond the intent of our licenses, and the regulating agencies. How do you know the identity of a ham on RF? When I make FM/SSB contact, I have NO means to authenticate the other parties - nor do they have a means to authenticate me. There is no rationale to apply authentication scrutiny to one mode of ham radio communications, yet, entirely ignore it on another. Assi kk7kx/4x1kx (<- does any of you know I am who I say I am???) -----Original Message----- From: 44net-bounces+assi=kiloxray.com(a)hamradio.ucsd.edu [mailto:44net-bounces+assi=kiloxray.com@hamradio.ucsd.edu] On Behalf Of Tom Hayward Sent: Thursday, April 24, 2014 8:58 AM To: AMPRNet working group Subject: Re: [44net] What is 44net? (Please trim inclusions from previous messages) _______________________________________________ If Hans is operating a gateway on local RF, we need to know the identity of the local ham on RF, not the gateway operator. There are various ways to accomplish this, many of which have been discussed on the list. For example, emails can be authenticated with a PGP digital signature. The equivalent layer 3 technology is IPsec(AH). Tom KD7LXL

11 years

1
0
0 0

Re: [44net] What is 44net?

by Bryan Fields

On 4/24/14, 9:52 AM, lleachii(a)aol.com wrote: > 44.0.0.0/8 is, in fact, one network, as specified in RFC1166. This predates CIDR, and it's not valid for anything in today's internet other than establishing the provenance of 44/8 ownership by ARDC. > Many folk > have noted that they don't wish to have their allocation connect to others <snip> > 44.0.0.0/8 is announced - your argument that 44/8 is not one network fails > on that one notion. 44/8 is not one network, claiming so is like saying the Internet is one network. > You mentioned spoofing. This is the reason the encap file and route table > should be kept private. Only other amateurs would know the location of the > other endpoints. Wow, did you just make a security though obscurity argument? I don't trust anything with a 44.x address, and you shouldn't either. -- Bryan Fields 727-409-1194 - Voice 727-214-2508 - Fax http://bryanfields.net

11 years

1
0
0 0

Re: [44net] Running for ARDC director position

by Rob Janssen

44net-request(a)hamradio.ucsd.edu wrote: > Subject: > Re: [44net] Running for ARDC director position > From: > Tom Hayward <esarfl(a)gmail.com> > Date: > 04/17/2014 08:23 PM > > To: > AMPRNet working group <44net(a)hamradio.ucsd.edu> > > > I believe Bart got frustrated with the lack of change-management and > specifications in AMPR. How your script is written depends on these > things. What we see every time again when those issues are discussed is that there are people who approach AMPRnet not as a hobby amateur packet radio network, what it is, but as an extension of their network at work, usually they work in a professional datacenter or at an ISP. They want documentation and specifications because that is what they have at work. But this is a hobby, and there are not going to be specifications and documentation until someone who feels the need for them is going to write it. And they do not volunteer! The usual way to gather information has been to ask here, and possibly to dig in the archives of this list. That may be a frustrating endeavour for a professional network admin, but for the average hobbyist it is a learning experience and a way to get things working by gradually tweaking the configuration. Please note that once you got everything working, it is pretty much useless. So we should not take away the challenge of getting things working. When there is a clear recipe to get everything working, or worse yet: automatic configuration, what reason would there be left to start the experiment to begin with? A lot of AMPRnet is about learning, not about achieving the end result: a perfectly working network. Because the fun ends once that goal is reached. Another thing I want to note is that Bart and some of his peers like to use a lot of inside terminology they speak with their colleagues at work. They disregard the fact that the people on this list are radio amateurs, people with a technical interest but not experts in internet technology as he is. Every couple of months the same discussion springs alive and people start to pingpong technical terms between them and lose everyone else. And worst, they don't hesitate to slash the existing system, claiming all the time that it is legacy technology, that it is very unreliable, that it has to be replaced by the stuff they use at work because at work everything is so much better, etc. But remember: that is at work. And this is our hobby. We may have different objectives, like being able to comprehend things. It may well be that the optimal solution for an amateur packet network is not the one that is optimal for the large internet with the professional admins. We also use NBFM to talk to our friends, a technology that is considered "legacy" by the professionals as well. Some even use morse code. They are not going to abandon that because all the professionals have switched. > > It seems that to be allowed/compliant in AMPR, it just has to work > with the existing system. But what is the existing system? There are a > lot of existing systems and most of them are not documented. For > example, we learned via the mailing list that many AMPR gateways have > a static route to 44/8. This isn't documented in the encap file, it's > just added by their scripts. Where is the specification for this? I don't think many gateways have a static route for 44/8. I certainly don't have one myself. I could add such a route (as a null route), maybe that is a good idea. I'll think about it. What I do have is a default route in table 44 that points to amprgw. But the purpose of that is NOT to serve as a route for 44/8, its purpose is to route everything OUTSIDE 44/8 back out via amprgw. I require that because my ISP acts responsibly and has BCP38 in place. In the past, before I installed ampr-ripd, I manually ran a script that downloaded the encap file and installed the routes. I never put that in a cron job because the server for that file failed so often and I felt it was better to monitor the process and fall back to the previous encap file when things went wrong. As a result, my routes were often not completely uptodate and it was a good idea to route traffic for which I had no correct tunnel route back to amprgw. In those days that still worked, amprgw (mirrorshades in those days) would forward that traffic to the actual gateway. Nowadays amprgw does not perform that function anymore, so indeed it good be a good idea to add a 44/8 null route. But I don't think small issues like this warrant all the uproar, and I think it is much more fun to discuss pro's and con's of a certain configuration on the list than to throw stones at the existing system and demand everything to be overturned to look like an enterprise network. Rob

11 years

6
5
0 0

Re: [44net] routable or private?

by Assi Friedman

There is no unified policy governing non-ham traffic on 44 networks. Each of us is bound to the terms and conditions of the respective national agency that issued our ham radio licenses. This is somewhat consistent with the mishmash of national regulations governing the global internet traffic. Also, most (if not all) amateur radio licenses weren't crafted with the internet in mind, and hence they don't provide clear cut guidance. Therefore, it is our responsibility as gateway operatorw to balance advancing the state of the art while maintaining compliance with our licenses. Assi kk7kx/4x1kx -----Original Message----- From: 44net-bounces+assi=kiloxray.com(a)hamradio.ucsd.edu [mailto:44net-bounces+assi=kiloxray.com@hamradio.ucsd.edu] On Behalf Of Paul Lewis Sent: Wednesday, April 23, 2014 2:16 PM To: AMPRNet working group Subject: Re: [44net] routable or private? (Please trim inclusions from previous messages) _______________________________________________ > >Personally I block all traffic with a non-44/8 source or destination, >but I was never sure if that is the "correct" policy?. > >73, Paula G8PZT > -- paul(a)skywaves.demon.co.uk _________________________________________ 44Net mailing list 44Net(a)hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net

11 years

2
1
0 0

routable or private?

by Steve Wright

> If this is, " a hack to backbone a semi-private network on top of the > public internet" then why do we need 44/8? Please explain why 10/8 would > not work just as well? > >[....] if it's not going to be routable then why do we need 44/8? use > RFC1918 space and give 44/8 back. [...] We could attract many > into this hobby if we'd simply offer to be the teachers of the IP > networking craft using standards based methods used by everyone else across > the internet. > PRECISELY. Can we please make a decision on this and move ahead? I'd like to know, one way or the other, because I sure aint interested in all this private 44net stuff.. Is 44net routable or private? Steve

11 years

14
19
0 0

Re: [44net] 44Net Digest, Vol 3, Issue 80

by Steve Wright

> http://www.ampr.org/pubs.html > > http://www.ampr.org/faq.html > > I don't see what's missing. Build a Ham RF IP network. Hook if up > to the 44net community if desired. A very select few would need to > go the next step and get their own BGP ISP setup. If anything, that's > mentioned too much on the website and should be de-emphasized. > What's missing is, it's not in the wiki so people can find it. Edit, annotate, and add it to the wiki please. Thank you. Steve

11 years

3
3
0 0

Re: [44net] New Wiki Page - Services

by sp2lob＠tlen

Neil et al, Yes, it is active. I use it very often. Best regards. Tom - sp2lob

11 years

1
0
0 0

Directly connect 44nets

by Steve Wright

Wow a big flow of good information, and instant updates to the wiki! Well this is the problem isn't - noobs causing problems broadcasting the wrong information on the Internet and getting blocked by their ISP. We seriously need a properly written checklist, so that ordinary ham radio 'engineers' can actually build this stuff themselves. Approaching my ISP with some half-baked idea would be a quick way to get permanently ignored. -- Meshnetworks - Rangitaiki Plains Rural Broadband Internet Providers +64 21 040 5067

11 years

2
1
0 0

Re: [44net] 44Net Digest, Vol 3, Issue 78

by Steve Wright

> my thought is we need > more people working on finishing the portal first. What exactly is that going to DO? Here I am sitting on my hands trying to figure out how to get my (already allocated MONTHS AGO) /24 connected to the flamin internet. No one seems focussed on making a wiki entry about THAT. Rather, they'd be happier tunneling their little private network to someone elses'. It seems that many other groups have been waiting YEARS for this assistance or documentation, and MANY other groups who have just given up in disgust. Would the people who ACTUALLY HAVE a properly connected (live to the internet) 44 subnet that they openly brag about, kindly document the bloody thing in the wiki so I can do it as well? This isn't a dick measuring group, its a networking group. You know what you're doing, so write it up so mere mortals can achieve a positive result as well. There needs to be a sample equipment list with DIY workarounds for those with time but not money, and there needs to be a VERY well written document-set to hand to my ISP so I don't scare them into just plain refusing my request, or unduly taxing their tech team. Thank you.

11 years

5
5
0 0

Re: [44net] how to announce directly (Was 44Net Digest, Vol 3, Issue 78)

by Bryan Fields

On 4/20/14, 7:27 PM, Neil Johnson wrote: > I've summarized Eric's explanation and added an entry to the wiki. > > http://wiki.ampr.org/index.php/Announcing_your_allocation_directly +1. I think the point is if you have to ask how to connect (announce) your /24 to the internet you probably shouldn't be doing it on your own, your ISP needs to do it for you. Perhaps a overview of internet routing process is needed, as I want the 44/net to be a place to learn, but we need to ensure people understand what they are doing before messing with the global table. This is quite simple, but the LoA (letter of authority) and required information can be daunting to those who've never done it before. Also, if you're on the digest version, can you change the subject of your reply? I've been ignoring this thread since I didn't feel like reading it all at once. 73's -- Bryan Fields 727-409-1194 - Voice 727-214-2508 - Fax http://bryanfields.net

11 years

3
3
0 0

Re: [44net] how to announce directly (Was 44Net Digest, Vol 3, Issue 78)

by Bryan Fields

On 4/20/14, 9:24 PM, Neil Johnson wrote: > and do my part > for keeping the global BGP routing table from expanding faster I disagree, I work for a company that sells routers. :D -- Bryan Fields 727-409-1194 - Voice 727-214-2508 - Fax http://bryanfields.net

11 years

1
0
0 0

Re: [44net] 44Net Digest, Vol 3, Issue 78

by Tim Osburn

Steve, Part of the request for 44-IP space from Brian for the intent to advertise it on the Internet is a ISP who is already willing and offered to do this. If this hasn't already been done the IP space you have may not have Brian's approval for that type of use. (But rather used for just IP-in-IP tunnel service) So before you go down that path you may want to check with him first. Once that is completed and you have a LoA (Letter of Authority) from Brian stating you have his approval to advertise this space on the Internet you should be able to do the following. (Some ISP's ask for a LoA, and most should ask). Also note the other requirements that one agrees too: http://www.ampr.org/tos.txt 1) Once you've already discussed this with yoru ISP and they are willing to do this, let the ISP know the IP space and send them the LoA. They will need this so that they can setup the required configs, notify their upstreams, and setup routing of that block to your router. This could take a couple of days, and unless they are HAM friendly (this really helps) or you also purchase a lot of services form them, I would have to guess they may charge for this service. 2) Have your ISP advertise the 44 space assigned to you using their existing BGP ASN and then have them route you your 44 block to your router. 3) This is probably why no one has written this because each person setup will be different depending on how you will use the space. But for yours (with not having any details at all) I will assume you have a router that connects to your ISP with three interfaces. One interface will connect to your ISP and that interface will have a external public routable IP, one interface will point to your internal network with perhaps a 192.168.0.1/24 IP running NAT on that interface. The 3rd interface will be a DMZ network where the 44-net addresses will live. Perhaps a switch plugs into this interface and a different switch plugs into your Internet NAT interface. (don't mix the two within the same logical network/switch/vlan). NOTE: This is only one very simplified example. https://www.osburn.com/ampr_network-140420-1.0.0-example_network.jpg Tim Osburn www.osburn.com W7RSZ On Mon, 21 Apr 2014, Steve Wright wrote: > Date: Mon, 21 Apr 2014 09:22:02 +1200 > From: Steve Wright <stevewrightnz(a)gmail.com> > Reply-To: AMPRNet working group <44net(a)hamradio.ucsd.edu> > To: 44net(a)hamradio.ucsd.edu > Subject: Re: [44net] 44Net Digest, Vol 3, Issue 78 > > (Please trim inclusions from previous messages) > _______________________________________________ >> my thought is we need >> more people working on finishing the portal first. > > What exactly is that going to DO? > > Here I am sitting on my hands trying to figure out how to get my (already > allocated MONTHS AGO) /24 connected to the flamin internet. No one seems > focussed on making a wiki entry about THAT. Rather, they'd be happier > tunneling their little private network to someone elses'. It seems that > many other groups have been waiting YEARS for this assistance or > documentation, and MANY other groups who have just given up in disgust. > > Would the people who ACTUALLY HAVE a properly connected (live to the > internet) 44 subnet that they openly brag about, kindly document the bloody > thing in the wiki so I can do it as well? This isn't a dick measuring > group, its a networking group. You know what you're doing, so write it up > so mere mortals can achieve a positive result as well. > > There needs to be a sample equipment list with DIY workarounds for those > with time but not money, and there needs to be a VERY well written > document-set to hand to my ISP so I don't scare them into just plain > refusing my request, or unduly taxing their tech team. > > Thank you. >

11 years

1
0
0 0

Re: [44net] Test New Tool - APRS Code Recovery

by kb9mwr＠gmail.com

It appears to work. You mentioned you weren't intending to provide access to the code, but how about the code that looks at the source IP / password requirement part? I'm one of those guys who still hasn't fully wrapped their head around PHP yet, so I'd like to see how you did that part. On that topic, maybe we should have a place/repository on the amprnet to put ham specific software. A while back I posted a link to a web based rig control application I was running. It uses hamlib for backend and php for a front end. Here is more info: http://kb9mwr.blogspot.com/2013/04/raspberry-pi-web-based-rig-control.html As for the ARDC director position discussions, my thought is we need more people working on finishing the portal first. I am sure Chris would appreciate that.

11 years

1
0
0 0

Re: [44net] 44Net Digest, Vol 3, Issue 77

by Steve Wright

> > The IP space is owned by > > > > Amateur Radio Digital Communications > > > > per the whois. > > > > ARIN requires a legal entity to exist in order to receive the IP space. > Actually it doesn't sound like it's "owned" by ardc at all. Why do you state this to be so? Your mention of your lawyers smacks of stand over tactics. > 1. Minor: That everyone include his/her callsign as part of the > message, either in the "From" line (my preference) or in the signature. > 2. Major: That messages with a subject line that includes the name of a > digest, be blocked/rejected. This is not to be cruel or mean, but > to insure that others (like me) actually read the message. I doubt > that I'm the only one that refuses to read messages with a subject > line that is a digest name. No. No one is interested in your extra rules. Think up something actually useful and interesting, and contribute that.

11 years

1
0
0 0

44/8 allocation

by lleachii.aol.com

Regarding the 44/8 and IANA: Please don't "shake the hornets' nest," by asking IANA or ARIN. While IANA issued the /8 when it ran "Internet Registry," it is actually referenced in RFCs. It is a technical fixture of the "DARPA Internet" that the 44/8 addresses are AMPRNET. The legal question of: "is an IP address property, and if so, do legacy IP holders have different property rights than those allocated from RIRs" is a DANGEROUS question to venture into having solved before IPv4 "goes the way" of thrift store dialup modems. Why? Because of all those who still hold legacy allocations: AMPRNet is the only one that is: - non-commercial - nonprofit - not part of military-industrial complex - not part of the big-pharmaceutical industry - not governmental - not part of big-telecom - not part of the financial industry - not part one the major corporations, nations or firms that help rebuild/establish/maintain the infrastructure of the globe during/after World War II What /8 do you think they'll try to take first when the world's number resources approach 0.01 /8's remaining to allocate??? -KB3VWG

11 years

3
2
0 0

Running for ARDC director position

by Bart Kus

Hello, I'd like to join the board of ARDC. Having studied the situation a bit, it looks to me like ARDC is in a bad situation right now. Should Brian get hit by a bus, the corporation will no longer have any directors or officers. Its assets would then be disseminated by a court during the dismantling of the corporation. This means the address space would be given away to whoever the court decides, which could include ARIN for re-purposing as commercial space. I'm not 100% on this, since there is scant documentation on the heritage of 44/8 and its present legal ownership status. I believe it's "legacy space", but ARIN doesn't seem to agree: the netblock suffix does not end with -Z. As "legacy space" there should be some chain of ownership documented somewhere, and I'm just not finding it. Having read the bylaws, I also haven't managed to find how I might go about becoming elected. The processes for replacement and removal of directors are defined (majority vote of board members), but I don't see how elections to vacant positions are supposed to take place. I'd also like to say that a board electing itself is not the best model of governance for a non-profit corporation. Non-profits are supposed to serve some need: in this case the needs of amateurs who wish to make use of 44/8 space. I'd like to see a governance model where the users elect the directors who best represent their needs. This is one crucial governance change that I think absolutely needs to happen. Aside from governance, there are several technical issues that I'd like to see brought up to speed with modern standards, and published as part of official interface specifications for AMPRnet. I don't want to get too detailed in this email, but a top-level list of technical things I'd push for as director includes: 1) Support for BGP 2) Support for IPsec(AH) 3) Support for anycasting 4) An improved gateway registration process with IP ownership verification 5) Support for DNS delegation 6) Support for DNSSEC signing 7) Deployment of multiple regional Internet gateways to remove the UCSD single point of failure 8) Adoption of the Extensible Provisioning Protocol 9) Publication of official multi-platform software which simplifies the AMPRnet user experience I've experienced opposition on implementing points 3 and 5 so far, and I'm reluctant to attempt any more of these agenda items without some changes to how the organization makes decisions. There are no technical blockers here, as all of these technologies I mentioned are widely used on the Internet today. However, it's nearly impossible to achieve technical leadership when decisions require universal consensus, and/or the decision making process is undefined. AMPR needs more board members who can push such technologies forward, and participate in the official decision making process while relying on their deep technical expertise to ensure their votes are sound. In terms of my qualifications for board duty, I founded the HamWAN organization in Washington which has deployed a regional microwave network, uses AMPRnet IP space, and has based its standard designs on the latest & greatest hardware and software has to offer. Professionally, I'd been running Internet services since 1996. Presently I work on routing for a major cloud provider. I'd like to bring the same kind of innovation to AMPRnet as I did with HamWAN. On the governance standpoint, I drafted the HamWAN bylaws in very intentional ways. Ways that empower the volunteers who are doing the active work that contributes to progress. Governance overhead is minimal so everyone can just mostly focus on the problems at hand. So, what are the next steps here? --Bart

11 years

8
9
0 0

Mailing list suggestions

by Dean Gibson AE7Q

1. Minor: That everyone include his/her callsign as part of the message, either in the "From" line (my preference) or in the signature. 2. Major: That messages with a subject line that includes the name of a digest, be blocked/rejected. This is not to be cruel or mean, but to insure that others (like me) actually read the message. I doubt that I'm the only one that refuses to read messages with a subject line that is a digest name.

11 years

1
0
0 0

Re: [44net] 44Net Digest, Vol 3, Issue 75

by Rob Janssen

44net-request(a)hamradio.ucsd.edu wrote: > Subject: > Re: [44net] Running for ARDC director position > From: > "." <lleachii(a)aol.com> > Date: > 04/18/2014 04:59 PM > > To: > 44net(a)hamradio.ucsd.edu > > > I keep a little copy/paste history and info athttp://kb3vwg-010.ampr.org but I'm definitely not the AMPR historian, by experience. I checked there and I read: There are two negative aspects I can think of: - Speed: Even an IP frame from one host in Germany to another has to go via ucsd.edu . That way it has to cross the Atlantic two times. That is not correct. The tunnel mesh does not work like that. Traffic between 44net hosts flows directly from gateway to gateway in an IPIP tunnel between them. amprgw is not involved in that at all. Only traffic from outside to inside 44net is via amprgw, and there are now other gateways as well that serve smaller subnets (e.g. in Belgium and Germany). All gateways have IPIP tunnels to all other gateways, and the traffic flows according to the shortest route via internet between the gateways. Rob

11 years

1
0
0 0

Re: [44net] 44Net Digest, Vol 3, Issue 75

by Rob Janssen

44net-request(a)hamradio.ucsd.edu wrote: > Subject: > Re: [44net] Running for ARDC director position > From: > YT9TP Pedja <yt9tp(a)uzice.net> > Date: > 04/18/2014 12:38 PM > > To: > AMPRNet working group <44net(a)hamradio.ucsd.edu> > > > > This is very strange approach that I, frankly met nowhere else in ham world but here. > > I participated in number of noncommercial and hobby projects and the one of the main goals I always had was to document things to make it easier for people to learn, get involved and contribute. IMHO there is more than enough documentation around for people to learn, get involved and contribute. It is only for the types that want to know the reason for each and every bit that there may be a lack of documentation. It is my opinion that when they really need the detailed specification they claim is not available, they should write that themselves asking for input here on the mailinglist. But they rather prefer slashing everything that is there and claiming that it is all inferior. There really is not much to it, it is simply a meshed IPIP tunnel network with a gateway to the outside internet, and everyone with basic understanding of routing should be able to comprehend how it works. The software it is running on has changed over time so directions on how to get it working have to evolve as well. I have posted simple scripts for Linux on this list and I don't see what is wrong with them. Of course they are not "specification and documentation" but hey, there are only some 10 shell commands to it. Rob

11 years

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

44net