Corey,
I get ping replies from 44.88.0.9
To traceroute over a tunnel, you may have to change the TTL to 64 like so:
This is from my gateway, 44.92.21.1
root@ampr-gw:~# ip tunnel change ttl 64 mode ipip tunl0 root@ampr-gw:~# traceroute 44.88.0.9 traceroute to 44.88.0.9 (44.88.0.9), 30 hops max, 60 byte packets 1 gw.ct.ampr.org (44.88.0.1) 62.346 ms 68.416 ms 68.897 ms 2 n1uro.ampr.org (44.88.0.9) 71.669 ms 72.287 ms 72.554 ms
root@ampr-gw:~# ip route show table 44 | grep 44.88.0 44.88.0.0/27 via 76.28.121.159 dev tunl0 proto 44 onlink window 840 44.88.0.2 via 76.28.121.159 dev tunl0 proto 44 onlink window 840 44.88.0.192/29 via 76.28.121.159 dev tunl0 proto 44 onlink window 840 44.88.0.200 via 66.162.28.8 dev tunl0 proto 44 onlink window 840 44.88.0.201 via 66.162.28.8 dev tunl0 proto 44 onlink window 840
If I remember correctly N1URO uses the munge method, and exactly how he has that configured is best to leave to him explain.
Steve, KB9MWR
Steve,
I already tried that, actually I think it is in the script you sent me.
Anyway....
root@stimpy:~# ip tunnel change ttl 64 mode ipip tunl0 root@stimpy:~# traceroute 44.88.0.9 traceroute to 44.88.0.9 (44.88.0.9), 30 hops max, 60 byte packets 1 * * * 2 * * * 3 * * *
now here is to you... no problem at all.
root@stimpy:~# traceroute 44.92.21.35 traceroute to 44.92.21.35 (44.92.21.35), 30 hops max, 60 byte packets 1 hsmm-gw.kb9mwr.ampr.org (44.92.21.1) 59.777 ms 65.366 ms 65.341 ms 2 kb9mwr.ampr.org (44.92.21.35) 65.361 ms 65.359 ms 65.352 ms
Corey N3FE
On Sat, Jul 25, 2015 at 10:55 PM, Steve L kb9mwr@gmail.com wrote:
(Please trim inclusions from previous messages) _______________________________________________ Corey,
I get ping replies from 44.88.0.9
To traceroute over a tunnel, you may have to change the TTL to 64 like so:
This is from my gateway, 44.92.21.1
root@ampr-gw:~# ip tunnel change ttl 64 mode ipip tunl0 root@ampr-gw:~# traceroute 44.88.0.9 traceroute to 44.88.0.9 (44.88.0.9), 30 hops max, 60 byte packets 1 gw.ct.ampr.org (44.88.0.1) 62.346 ms 68.416 ms 68.897 ms 2 n1uro.ampr.org (44.88.0.9) 71.669 ms 72.287 ms 72.554 ms
root@ampr-gw:~# ip route show table 44 | grep 44.88.0 44.88.0.0/27 via 76.28.121.159 dev tunl0 proto 44 onlink window 840 44.88.0.2 via 76.28.121.159 dev tunl0 proto 44 onlink window 840 44.88.0.192/29 via 76.28.121.159 dev tunl0 proto 44 onlink window 840 44.88.0.200 via 66.162.28.8 dev tunl0 proto 44 onlink window 840 44.88.0.201 via 66.162.28.8 dev tunl0 proto 44 onlink window 840
If I remember correctly N1URO uses the munge method, and exactly how he has that configured is best to leave to him explain.
Steve, KB9MWR _________________________________________ 44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
On Sat, Jul 25, 2015 at 09:55:32PM -0500, Steve L wrote:
To traceroute over a tunnel, you may have to change the TTL to 64 like so:
Strange advice, considering how traceroute works, which is to send packets with very low TTLs (starting with a TTL of 1 and working up to 30 in most implementations). If it really makes a difference to set the tunnel TTL to 64 in order to get traceroute to work, something very strange is going on.
As for n1uro's site, the last word I got from him was that he was working on some tricky firewalling rules and he may have gotten some of them wrong. I'd suggest we stop picking at his site until he has a chance to see what's up himself. Presumably he'll let us know what the story is when all is done. - Brian
Brian,
I am new to the 44 network and was just making sure I have things setup right. I didn't mean anything negative with my postings. Sorry if it came across like that. I assure you it was not my intentions.
Corey N3FE
Hi Corey,
Just a trace from my side, and all seems ok for all sites under discussion (ICMP and UDP - to check the reverse path, use 44.182.21.1). Is it possible that you have different routing/rules on incoming and outgoing connections? Connection tracking could ensure proper responses but initial requests from your side could fail.
Marius, YO2LOJ
C:\Users\Marius>tracert n3fe.ampr.org Tracing route to n3fe.ampr.org [44.56.6.1] over a maximum of 30 hops: 1 <1 ms <1 ms <1 ms 44.182.20.254 2 160 ms 158 ms 167 ms n3fe.ampr.org [44.56.6.1] Trace complete.
C:\Users\Marius>tracert 44.137.0.1 Tracing route to gw-44-137.ampr.org [44.137.0.1] over a maximum of 30 hops: 1 <1 ms <1 ms <1 ms 44.182.20.254 2 42 ms 41 ms 42 ms gw-44-137.ampr.org [44.137.0.1] Trace complete.
C:\Users\Marius>tracert 44.137.41.97 Tracing route to linux.pe1chl.ampr.org [44.137.41.97] over a maximum of 30 hops: 1 <1 ms <1 ms <1 ms 44.182.20.254 2 42 ms 42 ms 42 ms gw-44-137.ampr.org [44.137.0.1] 3 51 ms 51 ms 51 ms pi9noz.pi1utr.ampr.org [44.137.60.2] 4 53 ms 53 ms 53 ms gw.pe1chl.ampr.org [44.137.41.110] 5 52 ms 53 ms 52 ms linux.pe1chl.ampr.org [44.137.41.97] Trace complete.
C:\Users\Marius>tracert 44.88.0.9 Tracing route to n1uro.ampr.org [44.88.0.9] over a maximum of 30 hops: 1 <1 ms 1 ms <1 ms 44.182.20.254 2 158 ms 159 ms 159 ms gw.ct.ampr.org [44.88.0.1] 3 160 ms 159 ms 171 ms n1uro.ampr.org [44.88.0.9] Trace complete.
As for n1uro's site, the last word I got from him was that he was working on some tricky firewalling rules and he may have gotten some of them wrong. I'd suggest we stop picking at his site until he has a chance to see what's up himself. Presumably he'll let us know what the story is when all is done.
My firewall rules were already installed fine and without incident 4th of July weekend when botnets were flooding my subnet, including the internet searching to exploit LogJam (which killed eBay and Yahoo as examples)
-
Brian -
Brian Kantor -
Corey Dean -
Marius Petrescu -
Steve L