19 Apr
2017
19 Apr
'17
8:45 a.m.
All,
Overnight I've observed the following:
- I removed an explicit firewall rule not permitting UDP-based
traceroute. 44/8 and IPENCAP Endpoints should be able to trace my WAN
and AMPR IPs. In addition, your UDP-based traces are accepted before the
TTL <= 7 rule. I will work on ICMP-based tools like MTR (MyTraceRoute).
- I'm receiving routes (my encap.txt is only an hour old as my writing,
it has updated at some point overnight), but no longer get hits on my
firewall for port 520. I believe this may be due to a design change in
ampr-ripd, I previously ran 1.13. Also, the routes don't appear to be
updating in 5 minutes intervals...
- I see a route for - 45.79.175.44 via 71.163.58.1 dev eth0.2 proto 44
onlink
and - amprwan 44.135.124.0/24 45.79.175.44 0 44
I'm almost certain the former rule would send an un encapsulated packet
over my WAN link
root@router:/etc/config# ip route get from 44.60.44.1 to 45.79.175.44
45.79.175.44 from 44.60.44.1 via 71.163.58.1 dev eth0.2 table 44
cache
- I see hits for DNS, and I only allow DNS from AMPRNet, so someone is
able to reach me (I'll review the netflow to determine from whom later).
- I've successfully attempted http://44.60.44.10 from the Public
Internet many times and from multiple IPs.
- I'm very interested if any can reach me and run
http://speedtest.ampr.org from YOUR AMPR IPs (I'm not trying to bog down
Brian's AMPRGW tunnel).
- Lynwood