[nos-bbs] iptables help...

jerome schatten romers at shaw.ca
Wed Jun 17 19:45:01 EDT 2015 

OK... here's what I've been seeing:

Wed Jun 17 16:26:35 2015 - tun0 recv:
IP: len 64 169.228.66.251->192.168.1.149 ihl 20 ttl 51 prot IP
IP: len 44 167.114.208.65->44.135.160.40 ihl 20 ttl 48 DF prot TCP
TCP: 80->63286 Seq xc5f1887c Ack x2b87a028 ACK SYN Wnd 14600 MSS 1460

Wed Jun 17 16:26:35 2015 - tun0 recv:
IP: len 64 169.228.66.251->192.168.1.149 ihl 20 ttl 51 prot IP
IP: len 44 167.114.208.65->44.135.160.40 ihl 20 ttl 48 DF prot TCP
TCP: 80->63286 Seq xc5f1887c Ack x2b87a028 ACK SYN Wnd 14600 MSS 1460

Wed Jun 17 16:26:35 2015 - tun0 sent:
IP: len 40 44.135.160.40->167.114.208.65 ihl 20 ttl 254 prot TCP
TCP: 63286->80 Seq x2b87a028 RST Wnd 0

 From reading 44 List, I now realize that 169.22866.251 is part of 
AMPRGW -- to wit:

####### TABLE 44 ROUTES ###
### Default Route [Internet Access] using AMPRGW for 44/8 hosts (optional)
### do NOT change the IP 169.228.66.251, this is the central AMPR Gateway
### and all traffic leaving AMPRnet towards the internet MUST pass this router.
ip route add default dev tunl0 via 169.228.66.251 onlink table 44
#
# Adds local 44 Wireless LAN network to Table 44
ip route add 44.92.21.0/24 dev eth1 table 44
####################################

Anyway... the abstracted three packets at the top show a a source commercial ip encapping a commercial ip, no?  That's what I was talking about in the first place.

Best,
jerome





On 2015-06-16 16:29, Boudewijn (Bob) Tenty wrote:
> That is new.
> Did you analyze where its source carrying address is coming from? (so 
> not the commercial address what is inside)
> I wonder of one of our regular amprnet gateways is not functioning 
> without proper settings.
>
> 73,
>
> Bob VE3TOK
>
> On 15-06-16 06:48 PM, jerome schatten wrote:
>> Hi...
>>
>> I'm trying to write some firewall rules to keep the bad guys out of 
>> my jnos  system running on a Raspberry Pi.  So far, I've been 
>> reasonably successful -- nice improvements, but I've hit a brick wall.
>>
>> I'm stuck trying to write a rule that does the following:
>>
>> In the FORWARD chain, take an IPIP ( protocol 4) packet that is found 
>> on the jnos side of tun0 interface and examine the encapsulated 
>> source address.  If it is not a 44.0.0.0/8 address, drop it; if it 
>> is, send it on.
>>
>> There are ipip packets that appear on the jnos side of tun0 that are 
>> encapping a commercial ip address with another commercial ip address 
>> and then targeting my 44 address -- this is what I'm trying to get 
>> rid of at the moment.
>>
>> Maybe this is not possible with iptables?
>>
>> Ideas?
>>
>> Thanks
>> jerome - ve7ass
>>
>
> _______________________________________________
> nos-bbs mailing list
> nos-bbs at tapr.org
> http://www.tapr.org/mailman/listinfo/nos-bbs

More information about the nos-bbs mailing list