Alright just when you think you are a pro, I am a bit puzzled:
I am trying to deploy a new gateway. The router runs tomato shibby
firmware with DMZ pointed to 192.168.1.44, the ampr-gw.
When I run tcpdump I see the rip announcements and my route table is
populating, but I don't see my test pings, etc coming from the general
internet (and there is a dns entry)
Do you have to set a special ip rule vs if the wan interface is an
outside IP. I have a tried a few things that I thought made sense
with no luck. Could someone who is also behind nat share their start
script with me?
I guess I need to build a gateways with different hardware more often.
Thanks
11:50:01.034204 IP (tos 0x0, ttl 49, id 11797, offset 0, flags [none],
proto IPIP (4), length 552)
169.228.34.84 > 192.168.1.44: IP (tos 0x0, ttl 255, id 0, offset
0, flags [none], proto UDP (17), length 532)
44.0.0.1.520 > 224.0.0.9.520: [no cksum]
RIPv2, Response, length: 504, routes: 25 or less
Simple Text Authentication data: pLaInTeXtpAsSwD.
AFI IPv4, 44.151.62.1/32, tag 0x0004, metric: 1,
next-hop: 88.161.142.195
AFI IPv4, 44.151.67.67/32, tag 0x0004, metric: 1,
next-hop: 78.226.112.146
AFI IPv4, 44.151.67.100/32, tag 0x0004, metric: 1,
next-hop: 77.202.52.153
AFI IPv4, 44.151.67.101/32, tag 0x0004, metric: 1,
next-hop: 82.231.84.133
AFI IPv4, 44.151.69.52/32, tag 0x0004, metric: 1,
next-hop: 78.193.255.113
AFI IPv4, 44.151.74.102/32, tag 0x0004, metric: 1,
next-hop: 151.80.196.50
AFI IPv4, 44.151.75.15/32, tag 0x0004, metric: 1,
next-hop: 82.251.146.223
AFI IPv4, 44.151.77.1/32, tag 0x0004, metric: 1,
next-hop: 89.92.44.3
AFI IPv4, 44.151.91.7/32, tag 0x0004, metric: 1,
next-hop: 90.63.239.151
AFI IPv4, 44.151.91.12/32, tag 0x0004, metric: 1,
next-hop: 90.63.239.151
AFI IPv4, 44.151.91.13/32, tag 0x0004, metric: 1,
next-hop: 90.63.239.151
AFI IPv4, 44.151.91.45/32, tag 0x0004, metric: 1,
next-hop: 91.160.176.199
AFI IPv4, 44.151.92.10/32, tag 0x0004, metric: 1,
next-hop: 78.123.177.245
AFI IPv4, 44.151.92.21/32, tag 0x0004, metric: 1,
next-hop: 213.41.152.199
AFI IPv4, 44.151.95.10/32, tag 0x0004, metric: 1,
next-hop: 78.225.88.39
AFI IPv4, 44.151.127.1/32, tag 0x0004, metric: 1,
next-hop: 217.182.129.131
AFI IPv4, 44.151.240.66/32, tag 0x0004, metric: 1,
next-hop: 91.176.67.16
AFI IPv4, 44.153.0.0/23, tag 0x0004, metric: 1,
next-hop: 186.124.165.82
AFI IPv4, 44.153.32.97/32, tag 0x0004, metric: 1,
next-hop: 190.105.83.232
AFI IPv4, 44.153.35.0/24, tag 0x0004, metric: 1,
next-hop: 190.105.83.232
AFI IPv4, 44.153.52.6/32, tag 0x0004, metric: 1,
next-hop: 209.13.176.78
AFI IPv4, 44.153.54.0/28, tag 0x0004, metric: 1,
next-hop: 190.97.49.15
AFI IPv4, 44.153.54.16/30, tag 0x0004, metric: 1,
next-hop: 190.97.49.15
AFI IPv4, 44.153.54.20/32, tag 0x0004, metric: 1,
next-hop: 190.1.38.237
0x0000: 0202 0000 ffff 0002 704c 6149 6e54 6558
0x0010: 7470 4173 5377 4400 0002 0004 2c97 3e01
0x0020: ffff ffff 58a1 8ec3 0000 0001 0002 0004
0x0030: 2c97 4343 ffff ffff 4ee2 7092 0000 0001
0x0040: 0002 0004 2c97 4364 ffff ffff 4dca 3499
0x0050: 0000 0001 0002 0004 2c97 4365 ffff ffff
0x0060: 52e7 5485 0000 0001 0002 0004 2c97 4534
0x0070: ffff ffff 4ec1 ff71 0000 0001 0002 0004
0x0080: 2c97 4a66 ffff ffff 9750 c432 0000 0001
0x0090: 0002 0004 2c97 4b0f ffff ffff 52fb 92df
0x00a0: 0000 0001 0002 0004 2c97 4d01 ffff ffff
0x00b0: 595c 2c03 0000 0001 0002 0004 2c97 5b07
0x00c0: ffff ffff 5a3f ef97 0000 0001 0002 0004
0x00d0: 2c97 5b0c ffff ffff 5a3f ef97 0000 0001
0x00e0: 0002 0004 2c97 5b0d ffff ffff 5a3f ef97
0x00f0: 0000 0001 0002 0004 2c97 5b2d ffff ffff
> I have sendmail's 'greetdelay' function enabled, which delays sending
> the initial greeting herald by 5 seconds after the connection opens,
> and flushes any mail where commands arrive before that time has elapsed.
> This pre-greeting-flush catches one or two senders a day, presumably
> spammers because they don't come back.
That isn't much... but maybe a lot of those clients have implemented a workaround
for that sendmail trick, because it has been around for a while and is part of the
default config on some systems. So this particular check might not be effective anymore.
However, I did other things in my mailserver:
- sending intermediate replies (a minus sign immediately after the 3-digit code)
and checking for a few seconds if that makes them send the next command (it shouldn't)
- doing the delaying not only on the greeting but also on other commands
- perform rigid syntax checking (e.g.: there should NOT be a space after the colon
in the "mail from:<address>" and "rcpt to:<address>" commands, according to the RFC,
but a popular free smtp client that is often used by spammers puts it there)
The outcome of those tests only added to the spamscore so faulty mail clients were
not completely blocked.
Rob
> The problem is that the large email purveyors like AOL, Yahoo, Microsoft, etc,
> use large server farms that balance the load between multiple hosts, so
> when the mail retries it comes from different IP addresses on every retry.
> Microsoft, for example, lists thousands of IP addresses as part of their
> email service.
> Greylisting by IP address hasn't got a chance of working in that
> environment.
When I ran my own mailserver I had greylisting that only worked by sender mail address.
Additionally, it did the usual SPF checking etc.
This did not cause the abovementioned problem, but I'm not sure it added much spam prevention.
I had other methods to detect trojaned PCs with bad SMTP senders (e.g. doing PIPELINING without
having negotiated it) and that was much more effective.
Rob
Hi Ronen,
Yes I can make my ntp server available to non amprnet host just let me know the ips its comming from.. I can expect to receive from. host name: kc3ipf-01.ampr.org.
Philip KC3IPF
>What about the kc3ipf server ? is it available also to non amprnet hosts ?
>
>
>Ronen - 4Z4ZQ
Thanks Lynwood. Could you change the location of ntp.vk2hff.ampr.org from UK to AU please?
Josh VK2HFF
-------- Original message --------
From: lleachii--- via 44Net <44net(a)mailman.ampr.org>
Date: 11/10/2017 01:54 (GMT+10:00)
To: 44net(a)mailman.ampr.org
Cc: lleachii(a)aol.com
Subject: Re: [44net] new ntp server for amprnet
All,
I've added the NTP servers in this email thread to the Services Wiki (I
didn't include Bigben since that's not on AMPRNet, let me know if you
think I should add it, Brian).
Also, my NTP server is a Stratum 2 that pulls from various military,
industrial, government and educational Stratum 1 servers in North
America (including AMPRGW).
John, be sure to let us know when you've assigned a 44 IP to your server.
For reference, my NTP Server address is: kb3vwg-001.ampr.org (44.60.44.1)
73,
- Lynwood
KB3VWG
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
> The Motorola device has no NMEA output, but can produce 2.5, 5, 10,
> 12.5, or 25MHz reference frequencies depending on jumper settings inside
> the box.
> I wish I had a use for them. Right now they're just another piece of
> the junk piled up in my garage. I use the NTP-syncronized clocks in
> my computers as my primary time reference because they're on all the
> time anyway.
Not so useful as a time reference but you could use it as a frequency reference
for a microwave station, a beacon or a repeater.
Rob
> In the US, the surplus equipment market occasionally had GPS-trained
> oscillators that could provide 10Mhz and 1pps clocking as well as NMEA
> output. They were parts of CDMA cellphone base stations, each of which
> had at least two. The one I have was made by HP. I also have one that
> is a Motorola device that was used to synchronize simulcast transmitters
> in repeaters.
That is the kind of box (from other manufacturers) that we use as well, attached
to a PC with 1PPS and NMEA and to the repeater with 10 MHz.
Chrony on the PC keeps the Linux clock within 10us (usually within 1-2us) which
we require for the simulcast, and 10 MHz provides the exact transmit frequency
reference.
Power... well, maybe it has an oven stabilized crystal oscillator. Or very
old digital logic that is a bit too power-hungry. Of course a lowcost uBlox/
SiRF module is easy to get going and provide 1PPS for ntpd.
The LeoNTP box is a plugin-and-forget network clock, of course not the cheapest
solution. A Raspberry Pi can be used, I have one in the IPv6 NTP pool at
2a00:f10:103:201:ba27:ebff:fefd:984
Rob
> I also have a stratum 1 NTP server, it is on 44.13.151.3 (ntp.g1fef.ampr.org) and it is open to 44/8
> It’s a Symmetricom S200 with Rubidium clock and GPS and is located in the UK for anyone in Europe it would be better choice than the US based clocks.
For people who want an easy stratum 1 server and don't have money for such gear, have a look at the LeoNTP.
It is made by a UK radio amateur and it is a GPS locked NTP server in a very small package.
It costs "only" 300 pounds (about $400). We have considered it for repeaters but unfortunately it cannot
provide 10 MHz and 1PPS at the same time, which we do require.
Rob
Hi team,
My name is is Philip (KC3IPF) and I'm making my network ntp server available to the amprnet. All I ask is pre-notification of the subnets being served so I can open my firewalls and permit the ntp daemon to service the networks. You can contact me pm1183 at messiah dot edu. It is a stratum 3 server and all I ask is don't be abusive. The address is kc3ipf-01.ampr.org.
Philip
I remember well from when I started in electronics how much money had to be spent on measurement
equipment, e.g. a multimeter or a scope. Today, there are some very interesting devices available
from Chinese suppliers e.g. via Aliexpress or Ebay. Can be very useful for quick measurements/testing
in the amateur radio station, to get new (young) people interested in electronics, etc.
For about $25 you can get the Aneng AN-8008 DMM that has 4 digits (9999 count) and measures
DC and AC (true RMS!) voltage and current, resistance, capacitance, frequency and can even generate
audio tones. It has very low ranges, the least significant digit displays uV or uA on the lowest range.
Very useful, as long as you don't use it to measure dangerous voltages or currents.
I also got a kit for a 200kHz (1 MSPS) single-channel storage scope for less than $25. Takes about 2hrs
to assemble, and you have a pocket size storage scope that I would really have liked to have back in the
days of packet radio, you can have one of them connected to each receiver and see the audio quality
all the time. It can display peak and RMS voltage, frequency etc on-screen.
JYE TECH Digital Oscilloscope DIY Kit (can be found with or without case)
Another nice toy is the M328 LCR-T4 component tester. Based on a design originally published in a
magazine, there are several different versions available that differ in connections and if it does/does
not include a case. I have one that uses a ZIF socket for the connection. It has 3 test terminals and
you can connect a transistor, fet, triac, resistor, capacitor, inductor, diode, zener etc to the test terminals
and it will display the type of component, pinout, and value on the LCD screen. Includes other useful info
like the ESR of a capacitor, capacitance of a diode, etc. Can be found for less than $10.
Of course it all isn't professional test equipment, but it is a lot of fun for the money if you ask me...
Rob
