27 Jan
2020
27 Jan
'20
4:26 p.m.
Bill,
I attempted to look through my records for 138.88.77.89 on my interface and I see quite a
bit of packets from you - so much so that it crashed my NetFlow console upon searching
your IP with a setting of 10,000 flows.
I am receiving encapsulated packets from you, and it seems you've pointed traffic
towards me.
Firewall:
203.87 K 11.09 MB zone_amprwan_dest_DROP all * * 0.0.0.0/0 0.0.0.0/0 - AMPR_DropLoop
Encapsulated:
Date first seen Duration Proto Src IP Addr:Port Dst IP Addr:Port
Packets Bytes Flows
2020-01-26 10:01:01.733 202.005 IPIP 138.88.77.89:0 -> 141.75.245.225:0
28 8758 1
2020-01-26 10:01:01.733 202.005 IPIP 141.75.245.225:0 -> 138.88.77.89:0
28 2371 1
2020-01-26 10:18:02.902 419.571 IPIP 138.88.77.89:0 -> 90.155.50.1:0
116 9976 1
2020-01-26 10:26:40.783 13495.994 IPIP 176.121.81.53:0 -> 138.88.77.89:0
107 8922 1
de-encapsulated:
Date first seen Duration Proto Src IP Addr:Port Dst IP Addr:Port
Packets Bytes Flows
2020-01-26 09:18:45.097 88198.195 TCP 138.88.77.89:41958 -> 3.219.211.244:8883
7209 879799 1
2020-01-26 09:18:45.097 88198.195 TCP 3.219.211.244:8883 ->
138.88.77.89:41958 5618 341324 1
2020-01-26 09:31:05.692 86085.778 TCP 138.88.77.89:38410 -> 69.147.82.61:443
8792 2.7 M 1
2020-01-26 09:31:05.692 86085.778 TCP 69.147.82.61:443 ->
138.88.77.89:38410 7968 1.6 M 1
- KB3VWG
27 Jan
27 Jan
5:24 p.m.
New subject: PKTerrors.
Ok, just this afternoon I'd shut down the amprd and set up ampr-ripd with this in
/etc/network/interfaces :
auto ampr0
iface ampr0 inet static
address 44.131.170.1
netmask 255.255.255.255
metric 100
pre-up ip tun add ampr0 mode ipip ttl 64 local 192.168.1.2 dev eth0
up ip route add default via 169.228.34.84 dev ampr0 onlink table default
up ip rule add from 44.131.170.1 table default
up /usr/local/sbin/ampr-ripd -s -i ampr0 -m 50 -a 192.168.1.2 -f eth0 -x "ip route
| grep 'proto 44' >/var/lib/ampr-ripd/routes" -L M1BKF@JO02pp
up ping -c1 -Iampr0 44.0.0.1 > /dev/null 2>&1
pre-down ip route del default via 169.228.34.84 dev ampr0 onlink table default
post-down killall ampr-ripd
post-down ip rule del from 44.131.170.1 table default
post-down ip tunnel del ampr0
post-down rmmod ipip
All seemed to be working:
ping -q -c3 -Iampr0 44.182.21.1 ; ping -q -c3 -Iampr0 44.92.21.35 ; ping -q -c3 -Iampr0
44.92.21.50
PING 44.182.21.1 (44.182.21.1) from 44.131.170.1 ampr0: 56(84) bytes of data.
--- 44.182.21.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 46.887/47.348/47.702/0.341 ms
PING 44.92.21.35 (44.92.21.35) from 44.131.170.1 ampr0: 56(84) bytes of data.
--- 44.92.21.35 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2001ms
rtt min/avg/max/mdev = 119.530/119.693/119.977/0.201 ms
PING 44.92.21.50 (44.92.21.50) from 44.131.170.1 ampr0: 56(84) bytes of data.
--- 44.92.21.50 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 118.846/124.840/136.335/8.135 ms
And ip route | grep 'proto 44' | wc -l
749
And I can reach 44.131.170.1 from an AWS machine.
Any obvious problems there? I'll check the PKTerrors again, but how often does that
update?
I haven't yet set up filtering...
Thanks. Bill (M1BKF)
6:04 p.m.
New subject: PKTerrors.
LW> I can now reach 44.131.170.1 from the Public Internet; but not over AMPR.
In my experiences to resolve that one must have a default route for
the directly tunneled traffic different from the default route of the
system. (ie: 169.228.34.84)
I didn't see anything like that below in what you shared.
Also the -a option for ampr-rip should be a 44 address.
Per the manual this is for ampr subnets to be ignored (remove your
allocation from the table)
On Mon, Jan 27, 2020 at 11:26 AM W.B.Hill via 44Net
<44net(a)mailman.ampr.org> wrote:
Ok, just this afternoon I'd shut down the amprd and set up ampr-ripd with this in
/etc/network/interfaces :
auto ampr0
iface ampr0 inet static
address 44.131.170.1
netmask 255.255.255.255
metric 100
pre-up ip tun add ampr0 mode ipip ttl 64 local 192.168.1.2 dev eth0
up ip route add default via 169.228.34.84 dev ampr0 onlink table default
up ip rule add from 44.131.170.1 table default
up /usr/local/sbin/ampr-ripd -s -i ampr0 -m 50 -a 192.168.1.2 -f eth0 -x "ip route
| grep 'proto 44' >/var/lib/ampr-ripd/routes" -L M1BKF@JO02pp
up ping -c1 -Iampr0 44.0.0.1 > /dev/null 2>&1
pre-down ip route del default via 169.228.34.84 dev ampr0 onlink table default
post-down killall ampr-ripd
post-down ip rule del from 44.131.170.1 table default
post-down ip tunnel del ampr0
post-down rmmod ipip
All seemed to be working:
ping -q -c3 -Iampr0 44.182.21.1 ; ping -q -c3 -Iampr0 44.92.21.35 ; ping -q -c3 -Iampr0
44.92.21.50
PING 44.182.21.1 (44.182.21.1) from 44.131.170.1 ampr0: 56(84) bytes of data.
--- 44.182.21.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 46.887/47.348/47.702/0.341 ms
PING 44.92.21.35 (44.92.21.35) from 44.131.170.1 ampr0: 56(84) bytes of data.
--- 44.92.21.35 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2001ms
rtt min/avg/max/mdev = 119.530/119.693/119.977/0.201 ms
PING 44.92.21.50 (44.92.21.50) from 44.131.170.1 ampr0: 56(84) bytes of data.
--- 44.92.21.50 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 118.846/124.840/136.335/8.135 ms
And ip route | grep 'proto 44' | wc -l
749
And I can reach 44.131.170.1 from an AWS machine.
Any obvious problems there? I'll check the PKTerrors again, but how often does that
update?
I haven't yet set up filtering...
Thanks. Bill (M1BKF)
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
28 Jan
28 Jan
9:33 a.m.
New subject: PKTerrors.
Hi,
For the -a parameter, ampr-ripd accepts either GW IPs or complete 44 subnets as used in
the RIP broadcasts.
E.g. it can be like either -a 123.234.1.2 (GW) or -a 44.182.128.0/26 (subnet/mask like in
the portal).
Marius, YO2LOJ
January 27, 2020 8:04 PM, "Steve L via 44Net" <44net(a)mailman.ampr.org>
wrote:
LW> I can now reach 44.131.170.1 from the Public
Internet; but not over AMPR.
In my experiences to resolve that one must have a default route for
the directly tunneled traffic different from the default route of the
system. (ie: 169.228.34.84)
I didn't see anything like that below in what you shared.
Also the -a option for ampr-rip should be a 44 address.
Per the manual this is for ampr subnets to be ignored (remove your
allocation from the table)
On Mon, Jan 27, 2020 at 11:26 AM W.B.Hill via 44Net
<44net(a)mailman.ampr.org> wrote:
Ok, just this afternoon I'd shut down the
amprd and set up ampr-ripd with this in
/etc/network/interfaces :
auto ampr0
iface ampr0 inet static
address 44.131.170.1
netmask 255.255.255.255
metric 100
pre-up ip tun add ampr0 mode ipip ttl 64 local 192.168.1.2 dev eth0
up ip route add default via 169.228.34.84 dev ampr0 onlink table default
up ip rule add from 44.131.170.1 table default
up /usr/local/sbin/ampr-ripd -s -i ampr0 -m 50 -a 192.168.1.2 -f eth0 -x "ip route |
grep 'proto
44' >/var/lib/ampr-ripd/routes" -L M1BKF@JO02pp
up ping -c1 -Iampr0 44.0.0.1 > /dev/null 2>&1
pre-down ip route del default via 169.228.34.84 dev ampr0 onlink table default
post-down killall ampr-ripd
post-down ip rule del from 44.131.170.1 table default
post-down ip tunnel del ampr0
post-down rmmod ipip
All seemed to be working:
ping -q -c3 -Iampr0 44.182.21.1 ; ping -q -c3 -Iampr0 44.92.21.35 ; ping -q -c3 -Iampr0
44.92.21.50
PING 44.182.21.1 (44.182.21.1) from 44.131.170.1 ampr0: 56(84) bytes of data.
--- 44.182.21.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 46.887/47.348/47.702/0.341 ms
PING 44.92.21.35 (44.92.21.35) from 44.131.170.1 ampr0: 56(84) bytes of data.
--- 44.92.21.35 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2001ms
rtt min/avg/max/mdev = 119.530/119.693/119.977/0.201 ms
PING 44.92.21.50 (44.92.21.50) from 44.131.170.1 ampr0: 56(84) bytes of data.
--- 44.92.21.50 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 118.846/124.840/136.335/8.135 ms
And ip route | grep 'proto 44' | wc -l
749
And I can reach 44.131.170.1 from an AWS machine.
Any obvious problems there? I'll check the PKTerrors again, but how often does that
update?
I haven't yet set up filtering...
Thanks. Bill (M1BKF)
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net 
27 Jan
27 Jan
11:15 p.m.
New subject: ping probes from Amazomnaws to 44-net?
wondering if this should be of any concern?
19:06:04.421749 IP (tos 0x8, ttl 64, id 19981, offset 0, flags [none],
proto ICMP (1), length 84)
44.135.32.201 > 13.230.52.198: ICMP echo reply, id 14, seq 4001,
length 64
probably just background noise, if so, sorry about noise...
73
John
1556
days inactive
1557
days old
4 comments
5 participants
participants (5)
-
jj -
lleachii@aol.com -
marius@yo2loj.ro -
Steve L -
W.B.Hill