21 Aug
2016
21 Aug
'16
2:24 a.m.
Thank you for all who replay.
I have use tcpdump to check how working iptables
The problem is that "white noise" from bots, hackers etc is incoming from
internet and from IP 169.228.66.251.
The 169.228.66.251 is main IP router for 44/8 network in internet and
unwanted traffic is incoming via IPIP tunnel via 169.228.66.251
for this reason default police in firewall REJECT or DROP, instead of
ACCEPT don't help filtering this unwanted traffic.
Pleas use following syntax
tcpdump -i eth0 -n ip proto 4
where eth0 is your internet interface
you can see how many frames with source 169.228.66.251 in IPIP which
contain frames form boots , scans network , ports your local 44.xx network.
for exmaple:
09:10:09.315252 IP 169.228.66.251 > 192.168.1.2: IP 85.234.252.133.43248 >
44.165.33.1.179: Flags [S], seq 311544230, win 14600, options [mss
1460,sackOK,TS val 7895041 ecr 0,nop,wscale 3], length 0 (ipip-proto-4)
I have try block this traffic by
but not working for me
but one problem with block traffic with source 169.228.66.251 is with
information RIP2
09:10:06.730661 IP 169.228.66.251 > 192.168.1.2: IP 44.0.0.1.520 >
224.0.0.9.520: RIPv2, Response, length: 504 (ipip-proto-4)
for this reason I will be block update encap.txt tables via ampr-ripd
Itw ill be nice who write how to use iptables to block nonwanted internet
traffic via IPIP with source IP 169.228.66.251 without lose information of
RIPv2
We are hamradio and we use amprnet as hobby to run amprnet gateway connect
across internet hamradio network and in most case
we want to only have links between our local radio network with others
hamradio networks and we don't need traffic from internet (boots, hackers ,
users ) to our local radio networks.
How to run iptables to filter out incoming traffic from intenrte to our
local hamradio network via IPIP ????
Please remember that many local amprnet gateways admins are not
professional admins and don't have high level knowledge about all problems.
Many amprnet gateway have problems with attacks , scans from internet users
via traffic incoming from 169.228.66.251
and for thhis reason many radio local networks , servers are not very good
protected because many users in local radio network run own WWW server etc
without high level protect because they are run/use this server as hobby
not processional services.
For my opinion default police on 169.228.66.251 main 44/8 network internet
router are set as only pass traffic between amprnet gateways and block
internet traffic to amprnet gateways. If anybody like have incoming
internet traffic to local 44 radio network you can use for example
additional option set ON on portal.ampr..org properties own gateway
73 Waldek SP2ONG
2016-08-20 14:29 GMT+02:00 lleachii--- via 44Net <44net(a)hamradio.ucsd.edu>du>:
(Please trim inclusions from previous messages)
_______________________________________________
To add on to what Rob said.
I also considered you may be simply seeing traffic reaching the inbound
side of your tunl0 interface.
This is normal, and is general Internet "white noise" from bots,
misconfigured software, viruses, etc. Proper routing and firewalling will
ensure that this unwanted traffic is not inputed/forwarded.
- KB3VWG
_________________________________________
44Net mailing list
44Net(a)hamradio.ucsd.edu
http://hamradio.ucsd.edu/mailman/listinfo/44net
--
Waldek sp2ong