44net

44net@mailman.ampr.org

1 participants
3194 discussions

iptables
by Niall Parker 16 Aug '16

16 Aug '16

Hello, I seem to have something broken on my firewall for redirecting incoming ipip packets to my gateway box. It appears to work fine at times but fails periodically, typically after a reset/power failure. Usually it comes back after several reboots of firewall and router but this process is inconsistent. The latest reboot had me digging deeper to try to find the real problem and I have discovered that only the rule in FORWARD chain of the filter table is firing, not the DNAT in the nat table. I suspect the firewall is only working when some connection (outgoing ?) wakes up the masquerade rules but haven't actually found the rule that is active. The firewall is running on OpenWRT using iptables (old version 1.3.8) and the rules as I think they should work are ## for ampr.org tunnels iptables -t nat -I PREROUTING -p 4 -i eth0.1 -j DNAT \ --to-destination 192.168.99.66 iptables -t filter -I FORWARD -p 4 -i eth0.1 -j ACCEPT As I understand it, the first re-writes the destination for ipip packets to my gateway and the second allows them to be forwarded however the counter on first stays stuck at 0. A reference to what sounds like a similar problem: https://sourceforge.net/p/ipcop/mailman/message/17780204/ It would be really nice to get this sorted properly, any debugging hints appreciated. In particular, am I correct in expecting both rule counters to match ? thx ... ... Niall

1 0

Connecting to amprnet
by Jon A 16 Aug '16

16 Aug '16

Hi folks, I have a /29 subnet allocated and have been with interconnecting a few systems but want to expand that connectivity to other systems round the world. Last time I experimented with amprnet was 15 years ago and I had a ipip tunnel to a packet node that also had amprnet connectivity. That node is long gone so looking for something else to use. Reading info on the wiki, it sounds like I can now use rip and connect via the UCSD router. Have I under stood this correctly? Any idiot guides out there on how to do this or any suggestions on other ways I can connect to a gateway? Thanks Jon M1CQO

4 4

TAPR DCC 2016 - anyone going?
by Brian Kantor 16 Aug '16

16 Aug '16

I'm unable to attend the 2016 TAPR DCC next month in St Petersburg Florida. If anyone on this mailing list is going to be there, could you please let us know the substance of any discussions relevant to the AMPRNet. Thank you. - Brian

8 13

IPv6 trust model
by Dean Hall 15 Aug '16

15 Aug '16

Hello, I know the people on this maillist work on the real internet infrastructure types of networks, but I was wondering if anyone thought an overlay network, such as CJDNS [1], that uses cryptographic-generated addressing to ensure an FC::/8 address corresponds to a public certificate. would be more practical for everyday hams who only have a behind-the-ISP or dynamic IP connection to the internet. [1] https://en.wikipedia.org/wiki/Cjdns !!Dean KC4KSU

1 0

Re: [44net] TAPR DCC 2016 - anyone going?
by Rob Janssen 15 Aug '16

15 Aug '16

> It's frustrating when one has deployed IPv6 and has to keep battling > with the evils of NAT. :/ But we have a large IPv4 space available so why would we battle with NAT??? It should not be a problem to get an IPv4 address from net-44 for any of your experiments and not have to use NAT. Not that I am against experimenting with IPv6, but I am not sure which way that should go: - somehow get an "own" IPv6 range that we can manage in a similar way as the net-44 space - just use the IPv6 space everyone can get from their local provider and have only DNS support for it in ampr.org and maybe some service for listing of prefixes in use on ampr hosts to be used in firewall address lists. Having an own range appears nice, but it means we will again have the problems with internet tunneling and BGP routing that we are having now. Rob

2 1

time sync in mikrotik
by R P 15 Aug '16

15 Aug '16

I have replaced my cisco with mikrotik the ipip works ok i have two questions (for time being) 1) how do i synchronize the time ? do i need to install ntp client ? i see no ntp under the system in the gui window 2) i want to run the routing script that Marius wrote but it say it need a password ? what is the password for ? how do i get it ? Thanks forward Ronen 4Z4ZQ http://www.ronen.org Ronen Pinchooks (4Z4ZQ) WebSite<http://www.ronen.org/> www.ronen.org ronen.org (Ronen Pinchooks (4Z4ZQ) WebSite) is hosted by domainavenue.com

2 2

Connecting amprnet via openvpn
by R P 14 Aug '16

14 Aug '16

Hi there when Connecting amprnet via openvpn is it limited to USA only users ? what is the IP the one that connect get ? is it a special IP assigned for the vpn server ? or the user get his country IP allocation ...and can a block of ip pass ? or only single ip ? What PC software can be used ? or only linux supported ? thanks forward Ronen - 4Z4ZQ http://www.ronen.org Ronen Pinchooks (4Z4ZQ) WebSite<http://www.ronen.org/> www.ronen.org ronen.org (Ronen Pinchooks (4Z4ZQ) WebSite) is hosted by domainavenue.com

2 1

TCP networking code scores own goal
by Brian Kantor 12 Aug '16

12 Aug '16

Because many of the people on this list run Linux, I mention the following article: http://www.theregister.co.uk/2016/08/10/linux_tor_users_open_corrupted_comm… "Linux security backfires: Flaw lets hackers inject malware into downloads, disrupt Tor users, etc" If you're running Linux kernel 3.6 or later and your system is exposed to the internet, this is something you should consider taking care of. - Brian

1 0

requesting an allocation block problem
by Marcel Neupauer 02 Aug '16

02 Aug '16

Hello, I have some problem with requesting an alocatation block. I sent two alocation request on portal.ampr.org on 44.181.0.0/16 (Slovakia) one week ago. My requests are still in "waiting for coordinator" status. I tried to send "Contact us" message to portal two day ago, but my request is without changes. I am not sure that my coordinator is active on portal. Please, Who can help me with this issue, or give advice, or some mail contact. Is possible to activate some subregion block witout my inactive coordinator to me ? Thanks. 73, Marcel OM0ATE

2 1

ipencap via oprnwrt
by lz4ny＠mail.bg 02 Aug '16

02 Aug '16

Hello, I had a problem to let rip44d after an OpenWrt Chaos Calmer 15.05, but was dropped dmz traffic ipencap 169.228.66.251 not passed to the second router. In openwrt menu: Network -> Firewall -> Custom Rules I add: --- iptables -A INPUT -p 4 -j ACCEPT iptables -A INPUT -p udp --dport 520 -j ACCEPT iptables -t nat -A PREROUTING -p 4 -j DNAT --to 192.168.1.2 --- 192.168.1.2 is ip of second router or 44 gateway with rip44d After adding these lines and reboot the router all problems are corrected. Let's hope it will be useful. 73, Miro, LZ4NY ------------------------------------- P.S Вместо да разпитваш приятели и познати как се прави онлайн магазин, тествай безплатно 14 дни Shopiko – за да започнеш да продаваш. https://www.superhosting.bg/web-hosting-compare-shop-plans.php?utm_source=M…

3 6

Jump to page:

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

44net