Bill,
I attempted to look through my records for 138.88.77.89 on my interface and I see quite a bit of packets from you - so much so that it crashed my NetFlow console upon searching your IP with a setting of 10,000 flows.
I am receiving encapsulated packets from you, and it seems you've pointed traffic towards me. Firewall:
203.87 K 11.09 MB zone_amprwan_dest_DROP all * * 0.0.0.0/0 0.0.0.0/0 - AMPR_DropLoop
Encapsulated:
Date first seen Duration Proto Src IP Addr:Port Dst IP Addr:Port Packets Bytes Flows 2020-01-26 10:01:01.733 202.005 IPIP 138.88.77.89:0 -> 141.75.245.225:0 28 8758 1 2020-01-26 10:01:01.733 202.005 IPIP 141.75.245.225:0 -> 138.88.77.89:0 28 2371 1 2020-01-26 10:18:02.902 419.571 IPIP 138.88.77.89:0 -> 90.155.50.1:0 116 9976 1 2020-01-26 10:26:40.783 13495.994 IPIP 176.121.81.53:0 -> 138.88.77.89:0 107 8922 1
de-encapsulated:
Date first seen Duration Proto Src IP Addr:Port Dst IP Addr:Port Packets Bytes Flows 2020-01-26 09:18:45.097 88198.195 TCP 138.88.77.89:41958 -> 3.219.211.244:8883 7209 879799 1 2020-01-26 09:18:45.097 88198.195 TCP 3.219.211.244:8883 -> 138.88.77.89:41958 5618 341324 1 2020-01-26 09:31:05.692 86085.778 TCP 138.88.77.89:38410 -> 69.147.82.61:443 8792 2.7 M 1 2020-01-26 09:31:05.692 86085.778 TCP 69.147.82.61:443 -> 138.88.77.89:38410 7968 1.6 M 1
- KB3VWG
Ok, just this afternoon I'd shut down the amprd and set up ampr-ripd with this in /etc/network/interfaces :
auto ampr0 iface ampr0 inet static address 44.131.170.1 netmask 255.255.255.255 metric 100 pre-up ip tun add ampr0 mode ipip ttl 64 local 192.168.1.2 dev eth0 up ip route add default via 169.228.34.84 dev ampr0 onlink table default up ip rule add from 44.131.170.1 table default up /usr/local/sbin/ampr-ripd -s -i ampr0 -m 50 -a 192.168.1.2 -f eth0 -x "ip route | grep 'proto 44' >/var/lib/ampr-ripd/routes" -L M1BKF@JO02pp up ping -c1 -Iampr0 44.0.0.1 > /dev/null 2>&1 pre-down ip route del default via 169.228.34.84 dev ampr0 onlink table default post-down killall ampr-ripd post-down ip rule del from 44.131.170.1 table default post-down ip tunnel del ampr0 post-down rmmod ipip
All seemed to be working: ping -q -c3 -Iampr0 44.182.21.1 ; ping -q -c3 -Iampr0 44.92.21.35 ; ping -q -c3 -Iampr0 44.92.21.50 PING 44.182.21.1 (44.182.21.1) from 44.131.170.1 ampr0: 56(84) bytes of data. --- 44.182.21.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2002ms rtt min/avg/max/mdev = 46.887/47.348/47.702/0.341 ms PING 44.92.21.35 (44.92.21.35) from 44.131.170.1 ampr0: 56(84) bytes of data. --- 44.92.21.35 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2001ms rtt min/avg/max/mdev = 119.530/119.693/119.977/0.201 ms PING 44.92.21.50 (44.92.21.50) from 44.131.170.1 ampr0: 56(84) bytes of data. --- 44.92.21.50 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2003ms rtt min/avg/max/mdev = 118.846/124.840/136.335/8.135 ms
And ip route | grep 'proto 44' | wc -l 749
And I can reach 44.131.170.1 from an AWS machine.
Any obvious problems there? I'll check the PKTerrors again, but how often does that update?
I haven't yet set up filtering...
Thanks. Bill (M1BKF)
LW> I can now reach 44.131.170.1 from the Public Internet; but not over AMPR.
In my experiences to resolve that one must have a default route for the directly tunneled traffic different from the default route of the system. (ie: 169.228.34.84)
I didn't see anything like that below in what you shared.
Also the -a option for ampr-rip should be a 44 address. Per the manual this is for ampr subnets to be ignored (remove your allocation from the table)
On Mon, Jan 27, 2020 at 11:26 AM W.B.Hill via 44Net 44net@mailman.ampr.org wrote:
Ok, just this afternoon I'd shut down the amprd and set up ampr-ripd with this in /etc/network/interfaces :
auto ampr0 iface ampr0 inet static address 44.131.170.1 netmask 255.255.255.255 metric 100 pre-up ip tun add ampr0 mode ipip ttl 64 local 192.168.1.2 dev eth0 up ip route add default via 169.228.34.84 dev ampr0 onlink table default up ip rule add from 44.131.170.1 table default up /usr/local/sbin/ampr-ripd -s -i ampr0 -m 50 -a 192.168.1.2 -f eth0 -x "ip route | grep 'proto 44' >/var/lib/ampr-ripd/routes" -L M1BKF@JO02pp up ping -c1 -Iampr0 44.0.0.1 > /dev/null 2>&1 pre-down ip route del default via 169.228.34.84 dev ampr0 onlink table default post-down killall ampr-ripd post-down ip rule del from 44.131.170.1 table default post-down ip tunnel del ampr0 post-down rmmod ipip
All seemed to be working: ping -q -c3 -Iampr0 44.182.21.1 ; ping -q -c3 -Iampr0 44.92.21.35 ; ping -q -c3 -Iampr0 44.92.21.50 PING 44.182.21.1 (44.182.21.1) from 44.131.170.1 ampr0: 56(84) bytes of data. --- 44.182.21.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2002ms rtt min/avg/max/mdev = 46.887/47.348/47.702/0.341 ms PING 44.92.21.35 (44.92.21.35) from 44.131.170.1 ampr0: 56(84) bytes of data. --- 44.92.21.35 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2001ms rtt min/avg/max/mdev = 119.530/119.693/119.977/0.201 ms PING 44.92.21.50 (44.92.21.50) from 44.131.170.1 ampr0: 56(84) bytes of data. --- 44.92.21.50 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2003ms rtt min/avg/max/mdev = 118.846/124.840/136.335/8.135 ms
And ip route | grep 'proto 44' | wc -l 749
And I can reach 44.131.170.1 from an AWS machine.
Any obvious problems there? I'll check the PKTerrors again, but how often does that update?
I haven't yet set up filtering...
Thanks. Bill (M1BKF)
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
Hi,
For the -a parameter, ampr-ripd accepts either GW IPs or complete 44 subnets as used in the RIP broadcasts.
E.g. it can be like either -a 123.234.1.2 (GW) or -a 44.182.128.0/26 (subnet/mask like in the portal).
Marius, YO2LOJ
January 27, 2020 8:04 PM, "Steve L via 44Net" 44net@mailman.ampr.org wrote:
LW> I can now reach 44.131.170.1 from the Public Internet; but not over AMPR.
In my experiences to resolve that one must have a default route for the directly tunneled traffic different from the default route of the system. (ie: 169.228.34.84)
I didn't see anything like that below in what you shared.
Also the -a option for ampr-rip should be a 44 address. Per the manual this is for ampr subnets to be ignored (remove your allocation from the table)
On Mon, Jan 27, 2020 at 11:26 AM W.B.Hill via 44Net 44net@mailman.ampr.org wrote:
Ok, just this afternoon I'd shut down the amprd and set up ampr-ripd with this in /etc/network/interfaces :
auto ampr0 iface ampr0 inet static address 44.131.170.1 netmask 255.255.255.255 metric 100 pre-up ip tun add ampr0 mode ipip ttl 64 local 192.168.1.2 dev eth0 up ip route add default via 169.228.34.84 dev ampr0 onlink table default up ip rule add from 44.131.170.1 table default up /usr/local/sbin/ampr-ripd -s -i ampr0 -m 50 -a 192.168.1.2 -f eth0 -x "ip route | grep 'proto 44' >/var/lib/ampr-ripd/routes" -L M1BKF@JO02pp up ping -c1 -Iampr0 44.0.0.1 > /dev/null 2>&1 pre-down ip route del default via 169.228.34.84 dev ampr0 onlink table default post-down killall ampr-ripd post-down ip rule del from 44.131.170.1 table default post-down ip tunnel del ampr0 post-down rmmod ipip
All seemed to be working: ping -q -c3 -Iampr0 44.182.21.1 ; ping -q -c3 -Iampr0 44.92.21.35 ; ping -q -c3 -Iampr0 44.92.21.50 PING 44.182.21.1 (44.182.21.1) from 44.131.170.1 ampr0: 56(84) bytes of data. --- 44.182.21.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2002ms rtt min/avg/max/mdev = 46.887/47.348/47.702/0.341 ms PING 44.92.21.35 (44.92.21.35) from 44.131.170.1 ampr0: 56(84) bytes of data. --- 44.92.21.35 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2001ms rtt min/avg/max/mdev = 119.530/119.693/119.977/0.201 ms PING 44.92.21.50 (44.92.21.50) from 44.131.170.1 ampr0: 56(84) bytes of data. --- 44.92.21.50 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2003ms rtt min/avg/max/mdev = 118.846/124.840/136.335/8.135 ms
And ip route | grep 'proto 44' | wc -l 749
And I can reach 44.131.170.1 from an AWS machine.
Any obvious problems there? I'll check the PKTerrors again, but how often does that update?
I haven't yet set up filtering...
Thanks. Bill (M1BKF)
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
wondering if this should be of any concern?
19:06:04.421749 IP (tos 0x8, ttl 64, id 19981, offset 0, flags [none], proto ICMP (1), length 84) 44.135.32.201 > 13.230.52.198: ICMP echo reply, id 14, seq 4001, length 64
probably just background noise, if so, sorry about noise...
73
John
-
jj -
lleachii@aol.com -
marius@yo2loj.ro -
Steve L -
W.B.Hill