4 Jan
2021
4 Jan
'21
12:37 a.m.
Hi Steve,
thanks a lot. Again...very useful info.
Well, my gateway is not present in the current gwlog.txt.
I will monitor it to see if there will be new occurrences.
Marco
73 de iw2ohx
On 1/3/2021 6:02 PM, Steve L via 44Net wrote:
Maro,
I don't have an answer for you, but hope someone else will chime it.
I combed through my notes to see if I had any clues. I'll share these
notes for everyone's benefit:
---
The collecting ripsender ICMP data is available for you to look at on
the web site in file /private/gwlog.txt.
It has as the last two columns the ICMP type and code; so 'port
unreachable' (code 3)
can be distinguished from
'host unreachable' (code 1),
'net unreachable' (code 0), and
'protocol unreachable' (code 2), etc.
I'm currently recording all 16 kinds of 'unreachable' in that file.
(2017-May)
---
I assume you mean the gwlog.txt file.
This is raw data, designed for a program to read, not humans.
column 1 is the IP address of the gateway
columns 2 & 3 are the UTC date and time
column 4 is the icmp type, always '3' for 'destination unreachable'
column 5 is the icmp code why. '2' is 'unreachable protocol', '3'
is
'unreachable port'.
Refer to RFC792 and later RFCs, or the Unix/Linux source code for the
meanings of the type/code combinations. Or do a google search for
'icmp type 3'.
For example:
69.85.86.85 17-05-24 02:30:00 3 2
So '3 2' means that the gateway rejected a packet with the message
'unreachable protocol'.
(https://mailman.ampr.org/mailman/private/44net/2017-May/007420.html)
On Sun, Jan 3, 2021 at 1:27 AM Marco Di Martino (IW2OHX) via 44Net
<44net(a)mailman.ampr.org> wrote:
Hi all,
Thanks for sharing!
That's a very interesting troubleshooting utility.
And yet more useful when someone suggests a possible fix.
Is there anyone that could help me to understand what's the issue here ?
93.51.76.174 44.134.160.1 97 [ 3] dropped: no source gateway
93.51.76.174 44.134.160.2 178 [ 3] dropped: no source gateway
Regards,
Marco
iw2ohx
On 1/3/2021 7:01 AM, Steve L via 44Net wrote:
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
89.33.44.100 44.182.21.1 67631 [ 8]
dropped: encap to encap
That data is from the stats collector that the late Brian Kantor
wrote, which can be seen here:
https://gw.ampr.org/private/
The login uses the old gateways login credentials from when Jim Fuller
ran it. See:
https://mailman.ampr.org/mailman/private/44net/2020-January/010633.html
I highly recommend these rules:
# This prevents nested ipencap
iptables -t raw -I PREROUTING -p 4 -i tunl0 -j DROP
# This prevents a general loop
iptables -I FORWARD -i tunl0 -o tunl0 -j DROP
# Drops outbound unassigned IPs from looping though tunl0 via ipencap
# You Must add accept rules under this line to make exceptions
iptables -I FORWARD ! -s 44.92.21.0/24 -o tunl0 -j DROP
# ^ adjust to your subnet
On Sat, Jan 2, 2021 at 7:40 AM Marius Petrescu via 44Net
<44net(a)mailman.ampr.org> wrote:
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net The same question goes for 89.33.44.100. I dumped
it and found no
outgoing packets from other sources for your gateway.
Is it possible you actually capture some spoofing attempts?
Do you account for replies to requests that may be addressed to non-44
addresses via your tunnels, like ICM unreachable and similar?
On 02.01.2021 05:36, Charles - N2NOV via 44Net wrote:
> What is the error for 162.247.76.129 (my gateway address)?
>
> --
> 73 de N2NOV
> _________________________________________
> 44Net mailing list
> 44Net(a)mailman.ampr.org
> https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net