To mitigate this, I generally Deny by default - login/access to my AMPR hosts from 44.0.0.0/8 addresses or to the specific port/protocol (e.g. tcp/22 Denied by default from tun0, etc.)
- Lynwood KB3VWG
I have replaced my FiOS border router with a OpenWRT Based device. The Verizon border router can be replaced, as long as you receive Internet via Ethernet (versus MOCA/coax). If you have set-top boxes, you must use a MOCA device for your LAN connection.
Prior to swapping my border device, I used my Verizon device (FiOS Quantum Gateway G1100). It permitted forwarding of IPENCAP; but I had an issue caused by unknown reasons:
- at intermittent times, the FiOS router would loose the IPENCAP forward - it would simply disappear from the firewall entries - the only determination I could make is that the ISP was remote controlling the router and deleting the IPENCAP forward
To solve this, I made my OpenWRT device the border device and NATed/IGMP proxies the MOCA (coax) LAN via the ISP's router.
73,
- Lynwood KB3VWG
On Tue, 5 Apr 2016 16:11:54 -0400, lleachii--- via 44Net 44net@hamradio.ucsd.edu wrote:
I have replaced my FiOS border router with a OpenWRT Based device. The Verizon border router can be replaced, as long as you receive Internet via Ethernet (versus MOCA/coax). If you have set-top boxes, you must use a MOCA device for your LAN connection.
The WAN is active on the UTP port of the router. I have confirmed this by unplugging the WAN port cable and pinging google.com, the pings are lost when disconnected and are not lost when it's reconnected.
Your last statement is interesting because I have one STB (the DVR) which is connected to the TV via HDMI and to the coax. There's an indicator immediately below the Ethernet active light that indicates WAN coax active and it is not lit. The STB shows active in the router's configuration interface and it's pingable but there is no indication on the LAN coax light of any activity, it stays lit and never blinks. Apparently the MOCA is active but not for access to anything but the STB. The router management shows only 1 channel and one device on the coax.
Geoff,
I'm not certain if the carrier at your location has configured the set top boxes in the same manner as in my "head end office."
In my area, the set top boxes appear (through my packet inspection) to receive Guide and Firmware updates via information contained in multicast streams.
see: http://www.dslreports.com/forum/r30352262-Networking-Tivo-as-MOCA-Bridge-for...
and
http://www.dslreports.com/forum/r27432475-Verizon-Router-Multicasting-To-My-...
In order for me to properly configure my network:
- I requested the ISP deliver Internet on the Ethernet RJ-45 interface of the ONT - They deliver TV on Coax and network access for the set top boxes on Coax (they don't offer access using the RJ-45 port) - I connect my own router to the demarcation with the ISP - I connect the FiOS router to a LAN port with a VLAN for the FiOS network - I enable IGMP proxy on the FiOS router - I enable IGMP Proxy on my OpenWRT border router for the VLAN with the FiOS router - I port forward 4567/tcp (appears to be a proprietary access port to FiOS routers) - I port forward the UDP port automatically created for the DVR/Media Server set top box in the FiOS router (usually a high port above 60000)
73,
- Lynwood KB3VWG
Ronen,
This is correct.
AMPR users observe that they cannot reach 44.0.0.1 from AMPRNet.
One of the reasons are to prevent IP spoofing to our (IPENCAP-enabled) hosts...I also understand this is the behavior of the Kernel in operation (you'd have to verify that point with Brain).
73,
Lynwood KB3VWG
-
Geoff Joy -KE6QH- -
lleachii@aol.com