89.33.44.100 44.182.21.1 67631 [ 8] dropped: encap to encap
That data is from the stats collector that the late Brian Kantor wrote, which can be seen here:
The login uses the old gateways login credentials from when Jim Fuller ran it. See:
https://mailman.ampr.org/mailman/private/44net/2020-January/010633.html
I highly recommend these rules:
# This prevents nested ipencap iptables -t raw -I PREROUTING -p 4 -i tunl0 -j DROP # This prevents a general loop iptables -I FORWARD -i tunl0 -o tunl0 -j DROP # Drops outbound unassigned IPs from looping though tunl0 via ipencap # You Must add accept rules under this line to make exceptions iptables -I FORWARD ! -s 44.92.21.0/24 -o tunl0 -j DROP # ^ adjust to your subnet
On Sat, Jan 2, 2021 at 7:40 AM Marius Petrescu via 44Net 44net@mailman.ampr.org wrote:
The same question goes for 89.33.44.100. I dumped it and found no outgoing packets from other sources for your gateway.
Is it possible you actually capture some spoofing attempts? Do you account for replies to requests that may be addressed to non-44 addresses via your tunnels, like ICM unreachable and similar?
On 02.01.2021 05:36, Charles - N2NOV via 44Net wrote:
What is the error for 162.247.76.129 (my gateway address)?
-- 73 de N2NOV _________________________________________ 44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net