We shot video of the presentations last week, when we get them processed
and posted, I'll make sure the link gets sent out to the group.
73,
Kenny, KU7M
> Message: 1
> Date: Thu, 5 Apr 2012 11:23:43 -0700
> From: "John D. Hays" <john(a)hays.org>
> To: AMPRNet working group <44net(a)hamradio.ucsd.edu>
> Subject: [44net] Slides from Presentation
> Message-ID:
> <CAN77r3xzhdtYrJLZYj3LYM0H3Recxii3-3AgofVkyyiKPbWOGQ(a)mail.gmail.com
> >
> Content-Type: text/plain; charset="utf-8"
>
> http://www.microhams.com/digitalconf2012/K7VE_N7IPB_RebootNET44.pdf
>
> ------------------------------
> John D. Hays
> K7VE
> PO Box 1223, Edmonds, WA 98020-1223
> <http://k7ve.org/blog> <http://twitter.com/#!/john_hays>
> <http://www.facebook.com/john.d.hays>
>
Hi Sam VK4FQ
I ask look on side: http://www.wwconvers.ampr.org
and write them for cairns all data not to be anonymous
--
73 de Janusz / SP1LOP
===== Janusz J. Przybylski, SP1LOP ==========
Poland AmprNet Co-ordinator [44.165.0.0/16]
=============================================
All,
Many have posted good responses on what would be needed to continue this project. I don't want to repeat any good suggestions (which I am also re-reading); but wanted to add a few; as I originally requested a subnet for the purpose of peering with Amateur Digital Radio Communications, or up to consideration of a Layer 1 connections to PoPs (I am working on such arraignments for our area using multi-homed non-commercial means).
I have polished up on my BGP routing concepts and found these things:
- in the MDC section, we would be seeking local peers via other non-commercial backbones
- Doing BGP, the assumption we were to arrange at least layer 1 connectivity (via wireless and/or terrestrial [our area is fiber or greater to peer] which we're working on), at least back to Brian, this will require an AS Number
- the concern in my area, want to pursue non-commercial means of announcement, redundancy to the non-commercial/commercial backbone, etc, in case the commercial network went down
- Internet2.edu is being built out from stimulus funds, it is primarily non-commercial - just a thought, and a path we're looking into
- I am willing to assist in this endeavor, and would like to sit-in on a conference call, if convened
- There are other networks I'm sure are willing to carry a VLANs over their fiber
- BGP to a PoP for most who wishes to peer with us would require us to really lobby our CFR Title 47 §97.1(a), that we have other Peers willing to provide Layer 1 Transport (working on this) - I see no need for us to work seperately, and wanted to mention this
Anyone interested in being homed with another Autonomous System, please consider working with together on a National Amateur Wireless Society, if we receive International Interest, we may have to see other regional interest. Also, would a regional authority be willing to donate us an AS number (made requests)?
~73,
Lynwood
KB3VWG
I'm also using a standard Ubuntu Linux Server 11.10 using rip44d and a Web Application providing a GUI named Webmin. This is a quick overview on setup.
This setup can be done with telent and SSH; for simplicity of those who know the command line syntax, I will omit the necessaries.
1.) - with IP forwarding (Routing) enabled in /etc/sysctl.conf
# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1
2.) - I installed webmin (a Web GUI application for servers) package to better enable on the fly IPtables Firewall configurations, NAT, masquerade, etc. (these configurations allowed me to have this server as router for my 44.60.44/24 subnet over AMPR, while having the ability to also have a private 192.168/24 subnet that uses my standard non-tunneled gateway IP address from my ISP. PE1CHL recommended table-based policy routing; it configures any 44/8 address to use a routing tabled named "44," all other traffic is routed on main. If you setup this router to use NAT or Masquerade for a private network using your ISP's gateway, there will also be entries in the "nat" table. An edit to the rip44d script is necessary to place the 44/8 routes into a routing table named "table 44."
3.) - eth0 was configured at setup as the device connected to the Gateway address.
4.) - In this example, eth1 is the Ethernet interface that will be used as you LAN side providing your 44 Addresses (in this example 44.128.0.0/24) of the router connection (if you do not have access to another NIC, you may also want to set this up virtually to the address on your LAN if this is not the routing device for your physical network). Interface tunl0 is the default Linux IPIP encapsulation tunnel. The example/testing subnet 44.128.0.0/24 will be the subnet assigned to the gateway on tunl0 and eth1 used here.
5.) - with the help of Brian and PE1CHL, I then created a script named /usr/local/sbin/startampr to run on boot (it can be setup to run at boot in the webmin GUI under "Bootup and Shutdown"
### Enables AMPR IPIP Tunnel Interface
modprobe ipip
ip addr add 44.128.0.2/24 dev tunl0
# gives tunnel its own TTL enabling traceroute over tunnel
ip tunnel change ttl 64 mode ipip tunl0
ip link set dev tunl0 up
### Creates AMPR Default Routes on main Route Table
#route to 44.128.0.0/24 on main route table
ip rule add to 44.128.0.0/24 table main priority 1
### Specifies Routes to and from 44/8 are entered on Route Table 44
ip rule add from 44.0.0.0/8 table 44 priority 44
ip rule add to 44.0.0.0/8 table 44 priority 45
### Creates Default Route to the AMPRGW and the
### Internet At-large, on the 44 Router
## Per PE1CHL: 'This is "required" to get routing of the net-44 traffic correct
## and have a default route for the tunneled traffic different from the default
## route of the system. It may be possible to get it working without this,
## but policy based routing is so much easier'
# AMPRGW connects via eth0
ip route add 169.228.66.251 dev eth0 table 44
# Connection to 0/0 by 44/8 Hosts on AMPRGW, commenting disables Internet Access for your 44 subnet
ip route add default dev tunl0 via 169.228.66.251 onlink table 44
### this can be omitted if your device will not provide separate local traffic - KB3VWG - This adds a route to the local subnet on the 44 route table
ip route add 192.168.0.0/24 dev eth0 table 44
### Begins the rip44d Router
./usr/local/sbin/rip44d_table44 -a <my public gateway IP> -p <the password> < /dev/null &
6.) Table rip44d_table44 is a script editing the rip44d file to place the AMPR routing table into "Table 44":
Line 201
- $cmd = "LANG=C $routebin route add $rkey via $nexthop dev $tunnel_if window $tcp_window onlink";
+ $cmd = "LANG=C $routebin route add $rkey via $nexthop dev $tunnel_if window $tcp_window onlink table 44";
7.) The routers 'main' Firewall
Accept If state of connection is ESTABLISHED
Accept If state of connection is RELATED
* Accept If protocol is ICMP and ICMP type is echo-request
* Accept If protocol is UDP and destination port is 33434:33534
+ Accept If protocol is TCP and destination port is 10000
+ Accept If protocol is UDP and source is 44.0.0.1 and input interface is tunl0 and source and destination ports are 520
+ Accept If protocol is TCP and destination destination port is 22
(if you have other services on your Router machine, you would accept their IP's, source, destinations, etc. here)
+ - enables: webmin, rip44d and SSH respectively, you may further restrict this access to SSH or Webmin configuration by specifying allowed hosts, subnets, etc.
8.) IP Forwarding [the Router's] Firewall
Accept If state of connection is ESTABLISHED
Accept If state of connection is RELATED
* Accept If protocol is ICMP and ICMP type is echo-request
* Accept If protocol is UDP and destination port is 33434:33534
Accept If source is 44.128.0.0/24
Accept If source is 192.168.0.0/24
(if you have services on devices inside your subnet, you would accept their destination IP's ports, source, destination ports, etc.)
9.) Network Address Translation Firewall (only needed if routing traffic from a private network [eg 192.168.0.0/24] not carrying 44 Traffic)
Accept If source is 192.168.0.0/24 and destination is 44.128.0.0/24
Masquerade If source is 192.168.0.0/24 and destination is 0.0.0.0/0
Accept If source is 44.128.0.0/24
Accept If destination is 44.128.0.0/24
10.) as you create AX.25 interfaces, etc, ensure you enable those protocols, etc in the firewalls.
NOTE: Accepting echo-request and protocol is UDP ports 33434-33534 enable Unix and windows based ping and traceroutes from the Internet, you can also place further restrictions on those rules.
11.) Typing the command
# ip route list table 44
default via 169.228.66.251 dev tunl0 onlink
<between here should be many lines of 44.x.x.x direct IPIP Encapsulated routes that are populated by rip44d from 44.0.0.1 over the tunnel (e.g. '44.x.x.x/x via x.x.x.x dev tunl0 onlink window 840')>
169.228.66.251 dev eth0 scope link
192.168.0.0/24 dev eth0 scope link
~73,
KB3VWG
All,
I actually had a thought on this before I read the current line of discussion. Alot has been highlighted on the nature of a 501(c)3 and what it can and cannot do (feel free to read up on the IRS.gov publications). A 501(c)7 is also a route we may wish to take (depending on California Law and if the filing for determination process had not already proceeded). I also noted that keeping it for Amateur use by Hams is a very good idea.
Also recall that we need to keep the network flexible, as testing and development of new protocols and types of equipment, etc. is also something that may become of interest in the future. Also, if you are going to announce space, I am capable of having it housed; so agreements regarding equipment, etc. would be on an Intergovernmental network in my area that RACES and local Emergency Radio Foundation will petition for a seat on, we don't happen to have any carrier-grade network equipment in our shacks on the East Coast (lol).. HSMM-MESH seems like something we want to experiment on right now.
In addition, we peer with non-commercial networks; NetworkMaryland is the ISP that we wish to approach for holding an announcement. And it will be Internally BGPed to my County. I'd like to talk with my State Coordinator about this. I know that we are a network neighbour to the Internet2.edu backbone and other carries as well.
~73,
Lynwood
KB3VWG
44.60.44/24
I've gotten several requests for directly routed subnets
(ie, BGP announced CIDR blocks as subnets of 44/8, not tunneled)
for ham radio use. These are people who want to set up HSMM
networks in the ham bands, D-Star constellations, etc.
I thought I'd ask folks what they think of the idea of
setting aside part of the address space for that purpose?
What issues do you see arising from doing so?
- Brian
Hi N7VR
I have to alter for Gateway IP I send mail there now copies, that bad password
I ask about switch because your mail server n7vr throws aside my mail's
<<< 450 4.7.1<n7vr(a)n7vr.org>: Recipient address rejected: IP still greylisted - Please try again later
<n7vr(a)n7vr.org>... Deferred: 450 4.7.1<n7vr(a)n7vr.org>: Recipient address rejected: IP still greylisted - Please try again later
--
73 de Janusz / SP1LOP
===== Janusz J. Przybylski, SP1LOP ==========
Poland AmprNet Co-ordinator [44.165.0.0/16]
=============================================
Bill,
Thanks, I have installed multiple versions of JRE, I'm currently using Oracle JRE 1.7.0_03, still a connection reset to the analyser and any pages served on the domain http://netalyzr.icsi.berkeley.edu So, it's not simply a Java issue, as accessing non-Java content returns the same error. I'm using Linux w/ a firewall, so no Anti-Virus/Malware running preventing the connection. I can browse to the page if I connect the device a the non 44 node at my home QTH.
I should note all other sites needing JRE to run (such as the Test your Java Page) work perfectly fine on all other network connections, all devices, with all versions of JRE tested, this only occurs if the device is connected to 44net.
I just wanted to verify that the results you noted to me were obtained over the 44 connection before I contact Berkley.edu about inability to access the tool.
~Lynwood
KB3VWG
I've received a request regarding AMPRNet activity in Sweden.
The email address I have for the coordinator there dates from
back in 2000 and is no longer valid.
There are over 1000 DNS entries for the 44.140 Swedish subnet;
surely somebody must still be active.
Any information would be appreciated.
- Brian
