On 10/06/2017 4:28 PM, Josh wrote:
I think my next step is to contact my service provider, it is possible that they saw "suspicious" ipip traffic coming from amprgw to me so blocked it.
I've now confirmed with my service provider that they are not blocking traffic either to or from amprgw. About 12 hours ago I started logging inbound ipip connections on my wan interface, but so far have seen nothing from 169.228.34.84.
# Pkts Traffic Action Prot Fl In Out Source Dest Options 6 0 0.00 B ACCEPT 4 -- * * 169.228.34.84 0.0.0.0/0 - 7 0 0.00 B ACCEPT 4 -- * * 169.228.66.251 0.0.0.0/0 - 8 7652 9.94 MB LOG 4 -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix "(IPIP)"
I've run out of things to try, and am pretty well convinced that the ipip packets from amprgw are not getting to my WAN interface. I can ping amprgw, and a traceroute makes it as far as rci-nodem-p2p.ucsd.edu (which I think is amprgw's gateway?) so there are no obvious routing issues. I added a rule at the top of my input table an hour ago to log all inbound connections from amprgw, and so far the only matches have been the 4 ICMP replies from my ping test. Any thoughts on where the problem might be?
Josh - VK2HFF