[nos-bbs] JNOS >< Linux communication problem

Alan Sieg WB5RMG wb5rmg at somenet.net
Thu Jun 14 05:14:19 EDT 2012 

Misko said :

> ACCEPT net fw tcp ssh,www,https,smtp,pop3,pop3s,imap2,imaps,submission

Perhaps you want to add TELNET to this list of accepted protocols ..?..
Good luck   /;^)




> On 06/10/2012 11:52 PM, Maiko Langelaar wrote:
>
>>
>> Look at this diagram, perhaps it will help you :
>>
>> http://www.langelaar.net/projects/jnos2/documents/practical/jnosntwk.jpg
>>
>> Regards,
>>
>> Maiko
>>
>
> Hi Maiko and others,
>
> Thank you for that suggestion. I looked at the diagram and tried to make
> something similar here (see autoexec.nos attached). But it did not work.
> I mean, I am still only able to telnet to JNOS mailbox from Debian
> terminal (and even that only if my firewall, Shorewall, is temporarily
> stopped).
>
> Unfortunately, as soon as I stop the firewall, I can not ping anymore
> the IP address of Linux eth0 card from the other machine in the LAN. So,
> in order to ping Linux comp again from the LAN, I have to restart
> Shorewall (see its 'rules' file attached) - but then the local telnet
> Linux-to-JNOS becomes disabled somehow.
>
> Besides these issues with telnet access, I tried to use AXIP and/or
> AXUDP to link JNOS machine with BPQ32 computers. (Before doing that, and
> in order to check if AXIP/UDP works in my LAN, I booted Debian comp as
> WinXP/BPQ32 and everything went well with those three BPQ32 nodes.) But
> when returned the first comp to Linux/JNOS again, I realized that AXIP
> and/or AXUDP did not work in between Linux comp and its neighboring machine.
>
> Here is the structure of my LAN:
>
> (1)                     (2)                    (3)
> Debian/JNOS (or WinXP)  WinXP/BPQ32 (or Deb)   WinXP/BPQ32 (or Ubuntu)
> eth0 192.168.1.2 <----> NIC1 192.168.1.1
> tun0 192.168.1.3        NIC2 192.168.0.1 <---> NIC 192.168.0.2
> JNOS 192.168.1.4
>
> Here are the files, the 'autoexec.nos' at the first (1) computer:
>
> # Enable JNOS to log events to dated files in /jnos/logs directory
> #
> log on
> #
> # Maximize TCP performance for standard LAN having MTU 1500
> #
> tcp mss 1460
> tcp window 5840
> #
> tcp maxwait 30000
> tcp retries 5
> #
> ip address 192.168.1.4
> #
> # Hostname and default ax25 call
> #
> hostname yt7mpb
> ax25 mycall yt7mpb
> #
> # Local DNS is done via the 'domain.txt' file !
> #
> # Create a network interface. This allows us to talk to the linux
> # box on which JNOS is running - and in turn - to the internet.
> #
> attach tun tun0 1500 0
> #
> ifconfig tun0 ipaddress 192.168.1.4
> ifconfig tun0 netmask 255.255.255.0
> ifconfig tun0 mtu 1500
> #
> # Give it a chance to come up
> #
> pause 1
> #
> # JNOS creates the TUN device, so JNOS needs to do some post configuration,
> # by shelling out to the linux command line and running 'ifconfig' command.
> #
> shell ifconfig tun0 192.168.1.3 pointopoint 192.168.1.4 mtu 1500 up
> #
> route add default tun0
> #
> # Attach AXIP wormhole to a remote system
> #
> attach axip axi0 256 192.168.1.1
> #
> ifconfig axi0 description "axip wormhole"
> #
> # Attach AXUDP wormhole to a remote system
> #
> attach axudp axu0 256 192.168.1.1
> #
> ifconfig axu0 description "axudp wormhole"
> #
> # Attach a kiss enabled TNC
> #
> attach asy ttyS0 - ax25 vhf 4096 256 9600
> #
> ifconfig vhf description "vhf - 1200 baud port"
> #
> param vhf 2 256
> param vhf 3 1
> param vhf 5 1
> #
> param vhf TxDelay 25
> #
> # Beacon out the RF port every 20 minutes
> #
> #
> ax25 bctext "internet gateway"
> ax25 bcinterval 1200
> ax25 bc vhf
> ax25 bc axi0
> ax25 bc axu0
> #
> # Netrom configuration
> #
> attach netrom
> netrom alias R1
> netrom call yt7mpb-1
> netrom interface vhf 192 10
> netrom interface axi0 192 10
> netrom interface axu0 192 10
> #
> # Start the engines
> #
> start ax25
> start telnet
> start smtp
> start netrom
> #
>
> ... the next file is the output of 'ifconfig' after JNOS is started:
>
> root at localhost:/usr/local/jnos# ifconfig
> eth0      Link encap:Ethernet  HWaddr 00:4f:4e:62:e3:f5
>            inet addr:192.168.1.2  Bcast:192.168.1.255  Mask:255.255.255.0
>            inet6 addr: fe80::24f:4eff:fe62:e3f5/64 Scope:Link
>            UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>            RX packets:1207 errors:0 dropped:0 overruns:0 frame:0
>            TX packets:304 errors:0 dropped:0 overruns:0 carrier:0
>            collisions:0 txqueuelen:1000
>            RX bytes:105999 (103.5 KiB)  TX bytes:30642 (29.9 KiB)
>            Interrupt:17 Base address:0xa000
>
> eth1      Link encap:Ethernet  HWaddr 00:00:00:21:6e:a9
>            UP BROADCAST MULTICAST  MTU:1500  Metric:1
>            RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>            TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>            collisions:0 txqueuelen:1000
>            RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
>            Interrupt:22 Base address:0xa000
>
> lo        Link encap:Local Loopback
>            inet addr:127.0.0.1  Mask:255.0.0.0
>            inet6 addr: ::1/128 Scope:Host
>            UP LOOPBACK RUNNING  MTU:16436  Metric:1
>            RX packets:52439 errors:0 dropped:0 overruns:0 frame:0
>            TX packets:52439 errors:0 dropped:0 overruns:0 carrier:0
>            collisions:0 txqueuelen:0
>            RX bytes:5870330 (5.5 MiB)  TX bytes:5870330 (5.5 MiB)
>
> tun0      Link encap:UNSPEC  HWaddr
> 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
>            inet addr:192.168.1.3  P-t-P:192.168.1.4  Mask:255.255.255.255
>            UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
>            RX packets:20 errors:0 dropped:0 overruns:0 frame:0
>            TX packets:20 errors:0 dropped:0 overruns:0 carrier:0
>            collisions:0 txqueuelen:500
>            RX bytes:1088 (1.0 KiB)  TX bytes:1648 (1.6 KiB)
> root at localhost:/usr/local/jnos#
>
> ... finally, here is the content of the Shorewall's 'rules' file:
>
> #SECTION ESTABLISHED
> #SECTION RELATED
> SECTION NEW
> ACCEPT net fw icmp 8
> ACCEPT net fw tcp ssh,www,https,smtp,pop3,pop3s,imap2,imaps,submission
> ACCEPT net fw udp https
> ACCEPT loc fw icmp
> ACCEPT fw loc icmp
> ACCEPT net loc icmp
>
> ********
>
> So, I know that Maiko is busy with programming but wondered if maybe
> somebody else here has enough experience with similar setup. Btw, I
> forgot to say that on the third comp (3) I also run WinPack and my basic
> idea was to try it to connect to the JNOS mailbox. In fact, I am in the
> final step of writing a book chapter on security in ham packet networks,
> and I used that LAN setup for simulating real digi/bbs network. (Until
> now, I covered several tests with accessing WinFBB and/or LinFBB by
> using WinPack and its MD2 password ability, so the final idea was to see
> what JNOS offers related to the secure user/sysop authentication.) Until
> the deadline I still have a week or so to perform some tests with JNOS,
> so any advise will be appreciated.
>
> Regards,
>
> Misko
>
> _______________________________________________
> nos-bbs mailing list
> nos-bbs at tapr.org
> https://www.tapr.org/cgi-bin/mailman/listinfo/nos-bbs
>


-- 
  #  Alan Sieg, WB5RMG since 1976
  #  http://about.me/alansieg
  #  http://wb5rmg.wordpress.com
  #  wb5rmg(at)amsat(dot)org AMSAT#20554

More information about the nos-bbs mailing list