On 6 Apr 2024, at 12:02, lleachii--- via 44net <44net@mailman.ampr.org> wrote:

Chris,

I suspect some failure in the location that maintains what AMPR IPs have DNS entries - hence allowing FORWARD on AMPRGW.

Rationale:

* My ingress TCP traces are blocked for 44.60.44.128, yet work for 44.60.44.1, 44.60.44.3 and 44.60.44.10

- On a side note, I also observe that on my DNS server (44.60.44.3) - that the 44.in-addr.arpa Zone seems to be failing (checking logs). I can no longer get authoritative answers, but I can still query 44.0.0.1 and get Zone Transfers (port 53/TCP) for AMPR.ORG. Was the Reverse Zone edited somehow?

- Lynwood

On Saturday, April 6, 2024 at 05:47:53 AM EDT, lleachii@aol.com <lleachii@aol.com> wrote:

Chris,

Another interesting observation occurred when testing egress from my LAN and router with various SRC IPs. My LAN is configured with a SNAT and IP/Rules to use 44.60.44.128 for traffic from a certain LAN SRC IP is set on the client.

* With my usual SNAT setting of SRC 44.60.44.128 - ping DOESN'T WORK

* When pining from the router with 44.60.44.1 and changing the LAN SNAT rule to also use SRC 44.60.44.1 - ping WORKS

root@OpenWrt:~# ping -c 5 1.1.1.1 -I 44.60.44.1

PING 1.1.1.1 (1.1.1.1) from 44.60.44.1: 56 data bytes

64 bytes from 1.1.1.1: seq=0 ttl=55 time=67.178 ms

64 bytes from 1.1.1.1: seq=1 ttl=55 time=65.657 ms

64 bytes from 1.1.1.1: seq=2 ttl=55 time=65.435 ms

64 bytes from 1.1.1.1: seq=3 ttl=55 time=65.314 ms

64 bytes from 1.1.1.1: seq=4 ttl=55 time=65.462 ms

--- 1.1.1.1 ping statistics ---

5 packets transmitted, 5 packets received, 0% packet loss

round-trip min/avg/max = 65.314/65.809/67.178 ms

---

- Lynwood

KB3VWG

_______________________________________________
44net mailing list -- 44net@mailman.ampr.org
To unsubscribe send an email to 44net-leave@mailman.ampr.org