All,
Overnight I've observed the following:
- I removed an explicit firewall rule not permitting UDP-based traceroute. 44/8 and IPENCAP Endpoints should be able to trace my WAN and AMPR IPs. In addition, your UDP-based traces are accepted before the TTL <= 7 rule. I will work on ICMP-based tools like MTR (MyTraceRoute).
- I'm receiving routes (my encap.txt is only an hour old as my writing, it has updated at some point overnight), but no longer get hits on my firewall for port 520. I believe this may be due to a design change in ampr-ripd, I previously ran 1.13. Also, the routes don't appear to be updating in 5 minutes intervals...
- I see a route for - 45.79.175.44 via 71.163.58.1 dev eth0.2 proto 44 onlink and - amprwan 44.135.124.0/24 45.79.175.44 0 44 I'm almost certain the former rule would send an un encapsulated packet over my WAN link
root@router:/etc/config# ip route get from 44.60.44.1 to 45.79.175.44 45.79.175.44 from 44.60.44.1 via 71.163.58.1 dev eth0.2 table 44 cache
- I see hits for DNS, and I only allow DNS from AMPRNet, so someone is able to reach me (I'll review the netflow to determine from whom later).
- I've successfully attempted http://44.60.44.10 from the Public Internet many times and from multiple IPs.
- I'm very interested if any can reach me and run http://speedtest.ampr.org from YOUR AMPR IPs (I'm not trying to bog down Brian's AMPRGW tunnel).
- Lynwood