• New one in the making

    From Michiel van der Vlist@2:280/5555 to All on Sun Apr 22 14:31:20 2018
    Hello All,

    75 1:340/201 Michael Pierce Native ComCast OO


    At the moment he is outgoing only. It would appear that he has firewall issues.


    Cheers, Michiel

    --- GoldED+/W32-MSVC 1.1.5-b20170303
    * Origin: he.net certified sage (2:280/5555)
  • From Andrew Leary@1:320/219 to Michiel van der Vlist on Mon Apr 23 02:16:01 2018
    Hello Michiel!

    22 Apr 18 14:31, you wrote to all:

    75 1:340/201 Michael Pierce Native ComCast OO

    At the moment he is outgoing only. It would appear that he has
    firewall issues.

    A good possibility... Do you have any idea what OS he's running? I'll reach out and see if I can assist.

    Andrew

    --- GoldED+/LNX 1.1.5-b20170303
    * Origin: Phoenix BBS * phoenix.bnbbbs.net (1:320/219)
  • From Michiel van der Vlist@2:280/5555 to Andrew Leary on Mon Apr 23 09:30:50 2018
    Hello Andrew,

    On Monday April 23 2018 02:16, you wrote to me:

    75 1:340/201 Michael Pierce Native ComCast OO

    At the moment he is outgoing only. It would appear that he has
    firewall issues.

    A good possibility... Do you have any idea what OS he's running?

    - 22 Apr 16:33:48 [3572] incoming from 2601:1c2:100:33a0:34e6:be1f:973:93b5 (44322)
    + 22 Apr 16:33:48 [3692] incoming session with 2601:1c2:100:33a0:34e6:be1f:973:93b5
    - 22 Apr 16:33:48 [3692] SYS fluxcap.dynv6.net
    - 22 Apr 16:33:48 [3692] ZYZ Michael Pierce
    - 22 Apr 16:33:48 [3692] LOC Portland, Or
    - 22 Apr 16:33:48 [3692] NDL 115200,TCP,BINKP
    - 22 Apr 16:33:48 [3692] TIME Sun, 22 Apr 2018 07:33:46 -0700
    - 22 Apr 16:33:48 [3692] VER binkd/1.0.4/Linux binkp/1.1
    + 22 Apr 16:33:48 [3692] addr: 1:340/201@fidonet
    - 22 Apr 16:33:48 [3692] OPT NDA EXTCMD CRYPT GZ

    So he is running Linux.

    I'll reach out and see if I can assist.

    That would be a good idea, zo please do.


    Cheers, Michiel

    --- GoldED+/W32-MSVC 1.1.5-b20170303
    * Origin: he.net certified sage (2:280/5555)
  • From Michiel van der Vlist@2:280/5555 to Andrew Leary on Mon Apr 23 09:57:11 2018
    Hello Andrew,

    Monday April 23 2018 09:30, I wrote to you:

    I'll reach out and see if I can assist.

    That would be a good idea, zo please do.

    Please note that to call him on IPv4, you have to use fluxcap.synchro.net.


    Cheers, Michiel

    --- GoldED+/W32-MSVC 1.1.5-b20170303
    * Origin: he.net certified sage (2:280/5555)
  • From Tony Langdon@3:633/410 to Andrew Leary on Mon Apr 23 18:05:00 2018
    Andrew Leary wrote to Michiel van der Vlist <=-

    Hello Michiel!

    22 Apr 18 14:31, you wrote to all:

    75 1:340/201 Michael Pierce Native ComCast OO

    At the moment he is outgoing only. It would appear that he has
    firewall issues.

    A good possibility... Do you have any idea what OS he's running? I'll reach out and see if I can assist.

    I'm wondering if he has a router that he can't disable the firewall on. That's where I would look first, because routers should block all incoming IPv6 traffic by default. And there should be firewall controls (often erroneously called "IPv6 port forwarding") to open up individual ports, or disable the firewall for a particular IPv6 host.


    ... If I had a hammer, I'd get hammered in the morning.
    === MultiMail/Win32 v0.49
    --- SBBSecho 3.03-Linux
    * Origin: Freeway BBS Bendigo,Australia freeway.apana.org.au (3:633/410)
  • From Michiel van der Vlist@2:280/5555 to Tony Langdon on Mon Apr 23 11:30:50 2018
    Hello Tony,

    On Monday April 23 2018 18:05, you wrote to Andrew Leary:

    I'm wondering if he has a router that he can't disable the firewall
    on. That's where I would look first, because routers should block all incoming IPv6 traffic by default.

    The early routers often had no firewall for IPv6 at all, but those should be history by now. Everything less tham five years old should have a firewall that blocks all incoming IPv6 by default.

    And there should be firewall controls (often erroneously called "IPv6
    port forwarding") to open up individual ports, or disable the firewall
    for a particular IPv6 host.

    I have yet to come across a router with an IPv6 firewall that does not have an option to selectively open ports for incoming. It may be a bit hard to find though because indeed it often is maisnamed "port forwarding" and sometimes combined with the IPv4 port forwarding and sometimes it is in a completey different menu.

    Andrew has native IPv6 from Comcast, just like Michael Pierce, so they may have the same or a similar router. Andrew is the right one to provide the helping hand...

    Mischael said he was connected to this echo, but I do not see him yet. There may be broken links...


    Cheers, Michiel

    --- GoldED+/W32-MSVC 1.1.5-b20170303
    * Origin: he.net certified sage (2:280/5555)
  • From Andrew Leary@1:320/219 to Michiel van der Vlist on Mon Apr 23 07:11:56 2018
    Hello Michiel!

    23 Apr 18 11:30, you wrote to Tony Langdon:

    Andrew has native IPv6 from Comcast, just like Michael Pierce, so they
    may have the same or a similar router. Andrew is the right one to
    provide the helping hand...

    I'm using a Netgear WNDR3700 v4 with OpenWRT firmware. Some of Comcast's WiFi routers are known to be buggy, which is why I made them give me a modem and used my own router.

    Mischael said he was connected to this echo, but I do not see him yet. There may be broken links...

    When I netmail him I will ask what he's using.

    Andrew

    --- GoldED+/LNX 1.1.5-b20170303
    * Origin: Phoenix BBS * phoenix.bnbbbs.net (1:320/219)
  • From Michiel van der Vlist@2:280/5555 to Andrew Leary on Mon Apr 23 16:24:49 2018
    Hello Andrew,

    On Monday April 23 2018 07:11, you wrote to me:

    I'm using a Netgear WNDR3700 v4 with OpenWRT firmware. Some of
    Comcast's WiFi routers are known to be buggy, which is why I made them give me a modem and used my own router.

    Ah, that is good. Here the best they can do is disable the router function in the CPE they give you. Then you can use your own router, but then you are IPv4 only. There is an EU law in the making that will compell ISPs to allow customers to buy their own modem/routers but at this time it is unclear how that will evolve. In Germany a law against "Zwangsrouter" has been in effect for some time now. About a year IIRC. It seems to work.

    Mischael said he was connected to this echo, but I do not see him
    yet. There may be broken links...

    When I netmail him I will ask what he's using.

    Ok, we wait...


    Cheers, Michiel

    --- GoldED+/W32-MSVC 1.1.5-b20170303
    * Origin: he.net certified sage (2:280/5555)
  • From Björn Felten@2:203/2 to Michiel van der Vlist on Mon Apr 23 17:05:29 2018
    MvdV> Ah, that is good. Here the best they can do is disable the router
    MvdV> function in the CPE they give you. Then you can use your own router, but
    MvdV> then you are IPv4 only. There is an EU law in the making that will
    MvdV> compell ISPs to allow customers to buy their own modem/routers but at
    MvdV> this time it is unclear how that will evolve. In Germany a law against
    MvdV> "Zwangsrouter" has been in effect for some time now. About a year IIRC.
    MvdV> It seems to work.

    What hurdles we have to pass.

    As you may know by now I'm on fibre (is it OK if I spell it fiber?) and I was sure that my new ISP was going to give me native IPv6. But not. I've questioned all my 20+, available on my open fiber, ISPs and not a single one has responded positively.

    So here I am, stuck with a he.net tunnel...

    Yeup, that's what our greedy ISPs are giving us so far...

    ..

    --- Mozilla/5.0 (Windows; U; Windows NT 5.1; sv-SE; rv:1.9.1.16) Gecko/20101125
    * Origin: news://eljaco.se (2:203/2)
  • From Tony Langdon@3:633/410 to Michiel van der Vlist on Tue Apr 24 07:32:00 2018
    Michiel van der Vlist wrote to Tony Langdon <=-

    The early routers often had no firewall for IPv6 at all, but those
    should be history by now. Everything less tham five years old should
    have a firewall that blocks all incoming IPv6 by default.

    I haven't encountered any of those in the wild. The routers I've had have always blocked incoming IPv6 by default.

    I have yet to come across a router with an IPv6 firewall that does not have an option to selectively open ports for incoming. It may be a bit hard to find though because indeed it often is maisnamed "port forwarding" and sometimes combined with the IPv4 port forwarding and sometimes it is in a completey different menu.

    Yes, I think a bit of hunting around may be in order.

    Andrew has native IPv6 from Comcast, just like Michael Pierce, so they may have the same or a similar router. Andrew is the right one to
    provide the helping hand...

    Let's hope so. :) I have a feeling that this one has a simple solution.

    Mischael said he was connected to this echo, but I do not see him yet. There may be broken links...

    Hmm.


    ... I am Procrastitron. I will destroy you, eventually.
    === MultiMail/Win32 v0.49
    --- SBBSecho 3.03-Linux
    * Origin: Freeway BBS Bendigo,Australia freeway.apana.org.au (3:633/410)
  • From Tony Langdon@3:633/410 to Michiel van der Vlist on Tue Apr 24 07:49:00 2018
    Michiel van der Vlist wrote to Andrew Leary <=-

    Ah, that is good. Here the best they can do is disable the router function in the CPE they give you. Then you can use your own router,
    but then you are IPv4 only. There is an EU law in the making that will compell ISPs to allow customers to buy their own modem/routers but at this time it is unclear how that will evolve. In Germany a law against "Zwangsrouter" has been in effect for some time now. About a year IIRC. It seems to work.

    Interesting. Here, different ISPs do different things. The supplied router is often tweaked specifically for an ISP, sometimes with customised (often "brain dead") firmware, but I am yet to encounter a case where I couldn't substitute a third party router. When I was on cable (pre-2010), the modem was only a bridge, so I could add my own router to it (which in those days was a customised Linux box :) ).

    My own ISP does sell routers, but you're not compelled to use their offerings. If you buy from them, the router comes configured so it will "just work", and they guarantee all of the gear they sell is IPv6 capable. But there's nothing stopping you from using anything else if you prefer.


    ... You're sick, sick, sick. How can you continue to write such drivel?
    === MultiMail/Win32 v0.49
    --- SBBSecho 3.03-Linux
    * Origin: Freeway BBS Bendigo,Australia freeway.apana.org.au (3:633/410)
  • From Tony Langdon@3:633/410 to Björn Felten on Tue Apr 24 07:54:00 2018
    Bj”rn Felten wrote to Michiel van der Vlist <=-

    As you may know by now I'm on fibre (is it OK if I spell it fiber?)
    and I was sure that my new ISP was going to give me native IPv6. But
    not. I've questioned all my 20+, available on my open fiber, ISPs and
    not a single one has responded positively.

    This part of the world is not much better, but it is, because there is at least 1 ISP of the dozens available on our VDSL NBN that supports native IPv6 (and no prizes for guessing which ISP I'm using ;) ). As for the VDSL, well it was originally supposed to be FTTP, but a change of government caused the downgrade just before this area was due to be rolled out. :( Now it's got rather controversial, because many people are not getting the speeds they ordered. I'm lucky, the node is relatively close and I'm not far off the 100/40 I'm paying for (usually around 90/35 sync speed in practice), and 80/30 actual throughput to nearby sites.

    So here I am, stuck with a he.net tunnel...

    :(


    ... Change is good; especially when it relates to underwear.
    === MultiMail/Win32 v0.49
    --- SBBSecho 3.03-Linux
    * Origin: Freeway BBS Bendigo,Australia freeway.apana.org.au (3:633/410)
  • From Björn Felten@2:203/2 to Tony Langdon on Tue Apr 24 03:29:34 2018
    I'm lucky, the node is relatively close and I'm not far off the 100/40 I'm paying for (usually around 90/35 sync speed in practice), and 80/30 actual throughput to nearby sites.

    At least I'm lucky with that respect. I pay for 100/100 and I usually get 125/125.

    But then I know, of course, that I'm one of the first nodes to be connected with this new fibre. When the rest of my neighbours are connected (some 50 or so) I don't think I'll get such a positive result. 8-)



    ..

    --- Mozilla/5.0 (Windows; U; Windows NT 5.1; sv-SE; rv:1.9.1.16) Gecko/20101125
    * Origin: news://eljaco.se (2:203/2)
  • From Tony Langdon@3:633/410 to Björn Felten on Tue Apr 24 12:42:00 2018
    Bj”rn Felten wrote to Tony Langdon <=-

    At least I'm lucky with that respect. I pay for 100/100 and I
    usually get 125/125.

    Nice! :D

    But then I know, of course, that I'm one of the first nodes to be connected with this new fibre. When the rest of my neighbours are connected (some 50 or so) I don't think I'll get such a positive
    result. 8-)

    Yes, time will tell. Or maybe you're on your own wavelength. :)


    ... Me no wanna goto work. Me wanna bang on keyboard!
    === MultiMail/Win32 v0.49
    --- SBBSecho 3.03-Linux
    * Origin: Freeway BBS Bendigo,Australia freeway.apana.org.au (3:633/410)
  • From Michiel van der Vlist@2:280/5555 to Björn Felten on Tue Apr 24 14:29:00 2018
    Hello Bj”rn,

    On Tuesday April 24 2018 03:29, you wrote to Tony Langdon:

    At least I'm lucky with that respect. I pay for 100/100 and I
    usually get 125/125.

    Lucky you. :)

    But then I know, of course, that I'm one of the first nodes to be connected with this new fibre. When the rest of my neighbours are connected (some 50 or so) I don't think I'll get such a positive
    result. 8-)

    I wonder. You DO have your own fibre to the "exchange" or whatever it is called do you? Unlike the green coax here that is a shared medium, shard with all customers on the same CMTS. Usually overbooked by 300 to 1000%.

    BTW, why did you not query all the potential providers on that open fibre (or fiber?) about IPv6 /before/ commiting yourself?


    Cheers, Michiel

    --- GoldED+/W32-MSVC 1.1.5-b20170303
    * Origin: he.net certified sage (2:280/5555)
  • From Michiel van der Vlist@2:280/5555 to Tony Langdon on Tue Apr 24 15:20:36 2018
    Hello Tony,

    On Tuesday April 24 2018 07:49, you wrote to me:

    Ah, that is good. Here the best they can do is disable the
    router function in the CPE they give you. Then you can use your
    own router, but then you are IPv4 only. There is an EU law in
    the making that will compell ISPs to allow customers to buy
    their own modem/routers but at this time it is unclear how that
    will evolve. In Germany a law against "Zwangsrouter" has been in
    effect for some time now. About a year IIRC. It seems to work.

    Interesting. Here, different ISPs do different things.

    Hmm.. I see that I should have been more specific than "they" in the 2nd sentence of the quote above.

    I was talking about my ISP. Here there is just one ISP on the cable. That is the "they" I meant above. But there also is xDSL available on the old copper from the POTS era. On the old POTS copper one has a choice of about a dozen ISPs. Albeit at lower speed...

    The supplied router is often tweaked specifically for an ISP,
    sometimes with customised (often "brain dead") firmware, but I am yet
    to encounter a case where I couldn't substitute a third party router.
    When I was on cable (pre-2010), the modem was only a bridge, so I
    could add my own router to it (which in those days was a customised
    Linux box :) ).

    My first cable modem was a Motorola Surfboard. Indeeed just a bridge after which I had my own router. The modem was on loan from the ISP, the router was my own. Now "they" only have modems with a build in router. They do not sell them, you get them on loan.

    My own ISP does sell routers, but you're not compelled to use their offerings. If you buy from them, the router comes configured so it
    will "just work", and they guarantee all of the gear they sell is IPv6 capable. But there's nothing stopping you from using anything else if
    you prefer.

    Most xDSL providers have the same or a similar policy. Some of them even offer full stack native IPv6.

    The reason I stay with the cable is that they have an attractive "all in one" offer. TV + Telephone + internet. With much more bandwith than xDSL.

    No fiber in this area... And no IPv6 on any of the mobile providers...


    Cheers, Michiel

    --- GoldED+/W32-MSVC 1.1.5-b20170303
    * Origin: he.net certified sage (2:280/5555)
  • From Björn Felten@2:203/2 to Michiel van der Vlist on Tue Apr 24 18:07:32 2018
    MvdV> I wonder. You DO have your own fibre to the "exchange" or whatever it is
    MvdV> called do you?

    Yes I do. But all fibres are sooner or later connected to each other -- when for instance thousands of iPhone owners suddenly all are
    updating there phones it shows...

    MvdV> BTW, why did you not query all the potential providers on that open
    MvdV> fibre (or fiber?) about IPv6 /before/ commiting yourself?

    I had absolutely no idea that it was so difficult to get IPv6, I was under impression that you always got it with the fibre.

    All Swedish IXs are IPv6 ready, it's the ISPs that are waiting as long as possible.


    ..

    --- Mozilla/5.0 (Windows; U; Windows NT 5.1; sv-SE; rv:1.9.1.16) Gecko/20101125
    * Origin: news://eljaco.se (2:203/2)
  • From Michiel van der Vlist@2:280/5555 to Björn Felten on Tue Apr 24 21:42:53 2018
    Hello Bj”rn,

    On Tuesday April 24 2018 18:07, you wrote to me:

    MvdV>> I wonder. You DO have your own fibre to the "exchange" or
    MvdV>> whatever it is called do you?

    Yes I do. But all fibres are sooner or later connected to each
    other -- when for instance thousands of iPhone owners suddenly all are
    updating there phones it shows...

    Of course, but you mentioned 50 other neighbours. Those 50 won't update thousands of iPhones all at ones.

    The bottleneck will be much further down te road...

    MvdV>> BTW, why did you not query all the potential providers on that
    MvdV>> open fibre (or fiber?) about IPv6 /before/ commiting yourself?

    I had absolutely no idea that it was so difficult to get IPv6, I
    was under impression that you always got it with the fibre.

    So much for impressions...

    All Swedish IXs are IPv6 ready, it's the ISPs that are waiting as
    long as possible.

    Here everything is ready except for that last meter. The IXs are ready, the backbone is ready, the DSLAMs and CMTSs are ready. The bottleneck is the CPEs.

    Cheers, Michiel

    --- GoldED+/W32-MSVC 1.1.5-b20170303
    * Origin: he.net certified sage (2:280/5555)
  • From Tony Langdon@3:633/410 to Michiel van der Vlist on Wed Apr 25 07:52:00 2018
    Michiel van der Vlist wrote to Tony Langdon <=-

    Hmm.. I see that I should have been more specific than "they" in the
    2nd sentence of the quote above.

    Yes, had we been conversing in person, I would have asked for clarification of which "they" you mentioned. :)

    I was talking about my ISP. Here there is just one ISP on the cable.
    That is the "they" I meant above. But there also is xDSL available on
    the old copper from the POTS era. On the old POTS copper one has a
    choice of about a dozen ISPs. Albeit at lower speed...

    That was the situation with cable here, but with the HFC networks in Australia (No HFC around my location anyway)

    My first cable modem was a Motorola Surfboard. Indeeed just a bridge after which I had my own router. The modem was on loan from the ISP,

    I can't remember what my first cable modem was, but the second one was a Surfboard. Both were bridges.

    the router was my own. Now "they" only have modems with a build in router. They do not sell them, you get them on loan.

    I'm not sure exactly what the arrangement was when I had cable. Yes, they "supplied" the modem, but I can't recall the exact arrangement. All I know is when I had to upgrade, it was like "turn everything off, swap modems, wait 5 minutes and then restart everything - oh, and throw the old modem away...".

    Most xDSL providers have the same or a similar policy. Some of them
    even offer full stack native IPv6.

    Yep. :)

    The reason I stay with the cable is that they have an attractive "all
    in one" offer. TV + Telephone + internet. With much more bandwith than xDSL.

    Yeah, I don't do cable TV, even when I was on the cable - I never found it good value. Netflix is the first subscription service I've found worth paying for, for TV.

    No fiber in this area... And no IPv6 on any of the mobile providers...

    I'm not aware of any mobile providers with IPv6 here either. :(


    ... If you try to fail, and succeed, which have you done?
    === MultiMail/Win32 v0.49
    --- SBBSecho 3.03-Linux
    * Origin: Freeway BBS Bendigo,Australia freeway.apana.org.au (3:633/410)
  • From Michiel van der Vlist@2:280/5555 to Andrew Leary on Sat Apr 28 00:31:43 2018
    Hello Andrew,

    On Monday April 23 2018 09:30, I wrote:

    So he is running Linux.

    I'll reach out and see if I can assist.

    That would be a good idea, zo please do.

    In the meantime he got back to me via netmail and reported that the problem was indeed a firewall issue. He now accepts incoming binkp IPv6.

    But there seems to be a broken link in this area. He says he posted several messages...


    Cheers, Michiel

    --- GoldED+/W32-MSVC 1.1.5-b20170303
    * Origin: he.net certified sage (2:280/5555)
  • From Tony Langdon@3:633/410 to Michiel van der Vlist on Sat Apr 28 09:58:00 2018
    Michiel van der Vlist wrote to Andrew Leary <=-

    In the meantime he got back to me via netmail and reported that the problem was indeed a firewall issue. He now accepts incoming binkp
    IPv6.

    Cool, glad it was a simple fix.

    But there seems to be a broken link in this area. He says he posted several messages...

    Hmm, bummer. :(


    ... Counting time is not so important as making time count.
    === MultiMail/Win32 v0.49
    --- SBBSecho 3.03-Linux
    * Origin: Freeway BBS Bendigo,Australia freeway.apana.org.au (3:633/410)
  • From Michiel van der Vlist@2:280/5555 to Tony Langdon on Sat Apr 28 15:13:34 2018
    Hello Tony,

    On Saturday April 28 2018 09:58, you wrote to me:

    In the meantime he got back to me via netmail and reported that
    the problem was indeed a firewall issue. He now accepts incoming
    binkp IPv6.

    Cool, glad it was a simple fix.

    It may not have been easy for him.

    My imprewssion is that he is relatively new to Fidonet and that he has not yet gotten all of the basics yet.

    But there seems to be a broken link in this area. He says he
    posted several messages...

    Hmm, bummer. :(

    I am trying to pry some relevant information from him. Such as who is his uplink, does he see any messages at all there, if so what are the seen by and path, etc etc...

    It is a slow process...


    Cheers, Michiel

    --- GoldED+/W32-MSVC 1.1.5-b20170303
    * Origin: he.net certified sage (2:280/5555)
  • From Tony Langdon@3:633/410 to Michiel van der Vlist on Sun Apr 29 06:38:00 2018
    Michiel van der Vlist wrote to Tony Langdon <=-

    Cool, glad it was a simple fix.

    It may not have been easy for him.

    True, but still "simple" in that it didn't require purchasing new equipment or getting the ISP involved.

    My imprewssion is that he is relatively new to Fidonet and that he has not yet gotten all of the basics yet.

    Yeah, it does take a bit to get your head around, I remember my original learning curve, decades ago. :)

    But there seems to be a broken link in this area. He says he
    posted several messages...

    Hmm, bummer. :(

    I am trying to pry some relevant information from him. Such as who is
    his uplink, does he see any messages at all there, if so what are the seen by and path, etc etc...

    Good luck, hopefully you can help him get connected again.


    ... Where quality is just a word we like to use.
    === MultiMail/Win32 v0.49
    --- SBBSecho 3.03-Linux
    * Origin: Freeway BBS Bendigo,Australia freeway.apana.org.au (3:633/410)
  • From Alan Ianson@1:153/757 to Michael Pierce on Mon Jul 23 08:53:34 2018
    Re: New one in the making
    By: Michael Pierce to All on Tue Apr 24 2018 11:42 am

    I have disabled the firewall so I should be able to receive now in ipv6

    I just polled your node from the command line with jsexec. The output scrolled off my screen and I get no logging when I poll that way from the command line but I did connect to your mailer.

    Do you see an inbound IPv6 connaction from my mailer?

    Ttyl :-),
    Al


    ... It's not the money I want, it's the stuff.
    --- SBBSecho 3.05-Linux
    * Origin: The Rusty MailBox - Penticton, BC Canada (1:153/757)
  • From Alan Ianson@1:153/757 to Michael Pierce on Mon Jul 23 11:14:00 2018
    Re: New one in the making
    By: Alan Ianson to Michael Pierce on Mon Jul 23 2018 08:53 am

    Do you see an inbound IPv6 connaction from my mailer?

    Opps. I see your post was from April. Not sure why I just got it.. but I got
    it today.. :)

    Ttyl :-),
    Al


    ... I tried to drown my problems.. they like beer too!
    --- SBBSecho 3.05-Linux
    * Origin: The Rusty MailBox - Penticton, BC Canada (1:153/757)
  • From Stas Mishchenkov@2:460/58 to Alan Ianson on Tue Jul 24 14:36:18 2018
    Hi Alan!

    Monday July 23 2018 08:53, you wrote to Michael Pierce:

    I have disabled the firewall so I should be able to receive now in
    ipv6

    I just polled your node from the command line with jsexec. The output scrolled off my screen and I get no logging when I poll that way from the command line but I did connect to your mailer.

    Do you see an inbound IPv6 connaction from my mailer?

    + 24 Jul 14:34:54 [19140] call to 1:340/201@fidonet
    24 Jul 14:34:55 [19140] trying fluxcap.synchro.net [2601:1c2:100:33a0:34e6:be1f:973:93b5]...
    24 Jul 14:34:55 [19140] connected
    + 24 Jul 14:34:55 [19140] outgoing session with fluxcap.synchro.net:24554 [2601:1c2:100:33a0:34e6:be1f:973:93b5]
    - 24 Jul 14:34:55 [19140] OPT CRAM-MD5-0e60d515a2988d0e242cd1653708e1ee
    + 24 Jul 14:34:55 [19140] Remote requests MD mode
    - 24 Jul 14:34:55 [19140] SYS fluxcap.dynv6.net
    - 24 Jul 14:34:55 [19140] ZYZ Michael Pierce
    - 24 Jul 14:34:55 [19140] LOC Portland, Or
    - 24 Jul 14:34:55 [19140] NDL 115200,TCP,BINKP
    - 24 Jul 14:34:55 [19140] TIME Tue, 24 Jul 2018 04:34:54 -0700
    - 24 Jul 14:34:55 [19140] VER binkd/1.0.4/Linux binkp/1.1
    + 24 Jul 14:34:55 [19140] addr: 1:340/201@fidonet
    + 24 Jul 14:34:55 [19140] addr: 21:2/145@fsxnet (n/a or busy)
    - 24 Jul 14:34:56 [19140] OPT EXTCMD GZ
    + 24 Jul 14:34:56 [19140] Remote supports EXTCMD mode
    + 24 Jul 14:34:56 [19140] Remote supports GZ mode
    + 24 Jul 14:34:56 [19140] done (to 1:340/201@fidonet, OK, S/R: 0/0 (0/0 bytes))
    24 Jul 14:34:56 [19140] session closed, quitting...


    Have a nice night.
    Stas Mishchenkov.

    --- NudeGrand
    * Origin: Lame Users Breeding. Simferopol, Crimea. (2:460/58)
  • From Stas Mishchenkov@2:460/58 to Alan Ianson on Tue Jul 24 14:36:36 2018
    Hi Alan!

    Monday July 23 2018 11:14, you wrote to Michael Pierce:

    Do you see an inbound IPv6 connaction from my mailer?

    Opps. I see your post was from April. Not sure why I just got it.. but I got it today.. :)

    I got it today too...

    Have a nice night.
    Stas Mishchenkov.

    --- NudeGrand
    * Origin: Lame Users Breeding. Simferopol, Crimea. (2:460/58)
  • From Michael Pierce@1:340/201 to All on Tue Jul 24 04:39:44 2018
    Re: New one in the making
    By: Alan Ianson to Michael Pierce on Mon Jul 23 2018 08:53 am

    Do you see an inbound IPv6 connaction from my mailer?

    I did show a connect but it resolved to your IP4 address
    you might try fluxcap.synchro.net as Digital Man has added ipv6 support for synchronet

    Michael

    ... Who is General Failure, and why is he reading my disk?
    --- SBBSecho 3.03-Linux
    * Origin: fluxcap.dynv6.net:2323 * Portland, OR (1:340/201)
  • From Alan Ianson@1:153/757 to Michael Pierce on Thu Jul 26 08:01:13 2018
    Re: New one in the making
    By: Michael Pierce to All on Tue Jul 24 2018 04:39 am

    Do you see an inbound IPv6 connaction from my mailer?

    I did show a connect but it resolved to your IP4 address
    you might try fluxcap.synchro.net as Digital Man has added ipv6 support for synchronet

    I have also been using the synchro.net dynamic dns. Mine is trmb.synchro.net. Looking up your IP with host is see your IPv4 and IPv6 addresses listed so maybe the mailer pics the first IP (IPv4) and uses that.

    I'm going to add your node to my sbbsecho.ini and poll that way so I can see what the logs have to say.

    If you see inbound polls I'm just testing.. :)

    Ttyl :-),
    Al


    ... Me no wanna work... Wanna bang on keyboard!
    --- SBBSecho 3.05-Linux
    * Origin: The Rusty MailBox - Penticton, BC Canada (1:153/757)
  • From Alan Ianson@1:153/757 to Michael Pierce on Thu Jul 26 08:50:52 2018
    Re: New one in the making
    By: Michael Pierce to All on Tue Jul 24 2018 04:39 am

    I did show a connect but it resolved to your IP4 address
    you might try fluxcap.synchro.net as Digital Man has added ipv6 support for synchronet

    I added your node and polled, this is the log.

    Jul 26 08:11:10 trmb synchronet: evnt BINKPOLL poll_node 1:340/201@fidonet, out bound_dir: /sbbs/fido/outbound
    Jul 26 08:11:10 trmb synchronet: evnt BINKPOLL Locking /sbbs/fido/outbound/0154 00c9.bsy
    Jul 26 08:11:10 trmb synchronet: evnt BINKPOLL Lock successful.
    Jul 26 08:11:10 trmb synchronet: evnt BINKPOLL Attempting poll for node 1:340/2 01@fidonet
    Jul 26 08:11:10 trmb synchronet: evnt BINKPOLL JSBinkP/1.109 callout to 1:340/2 01@fidonet started
    Jul 26 08:11:10 trmb synchronet: evnt BINKPOLL connecting to 1:340/201@fidonet at fluxcap.synchro.net
    Jul 26 08:11:10 trmb synchronet: evnt BINKPOLL Connecting to fluxcap.synchro.ne t:24554
    Jul 26 08:11:10 trmb synchronet: evnt BINKPOLL Connection to fluxcap.synchro.ne t:24554 successful
    Jul 26 08:11:10 trmb synchronet: evnt BINKPOLL Sending M_NUL command args: SYS The Rusty MailBox
    Jul 26 08:11:10 trmb synchronet: evnt BINKPOLL Sent M_NUL command
    Jul 26 08:11:10 trmb synchronet: evnt BINKPOLL Sending M_NUL command args: ZYZ Alan Ianson
    Jul 26 08:11:10 trmb synchronet: evnt BINKPOLL Sent M_NUL command
    Jul 26 08:11:10 trmb synchronet: evnt BINKPOLL Sending M_NUL command args: LOC Penticton, BC Canada
    Jul 26 08:11:10 trmb synchronet: evnt BINKPOLL Sent M_NUL command
    Jul 26 08:11:10 trmb synchronet: evnt BINKPOLL Sending M_NUL command args: NDL 115200,TCP,BINKP
    Jul 26 08:11:10 trmb synchronet: evnt BINKPOLL Sent M_NUL command
    Jul 26 08:11:10 trmb synchronet: evnt BINKPOLL Sending M_NUL command args: TIME
    Thu Jul 26 2018 08:11:10 GMT-0700 (PDT)
    Jul 26 08:11:10 trmb synchronet: evnt BINKPOLL Sent M_NUL command
    Jul 26 08:11:10 trmb synchronet: evnt BINKPOLL Sending M_NUL command args: VER BinkIT/2.6,JSBinkP/1.109,sbbs3.17a/Linux binkp/1.1
    Jul 26 08:11:10 trmb synchronet: evnt BINKPOLL Sent M_NUL command
    Jul 26 08:11:10 trmb synchronet: evnt BINKPOLL Sending M_ADR command args: 1:15 3/0@fidonet 1:153/757@fidonet 44:250/0@dorenet 21:4/106@fsxnet 32:1/5@gamenet 6 37:1/104@happynet 24:240/2@sportnet 24:240/1@sportnet 24:240/0@sportnet 316:403 /5@whispnet 11:1/201@wwivftn
    Jul 26 08:11:10 trmb synchronet: evnt BINKPOLL Sent M_ADR command
    Jul 26 08:11:11 trmb synchronet: evnt BINKPOLL Got M_NUL command args: OPT CRAM -MD5-41a4b1919a03813c416969734f4342ee
    Jul 26 08:11:11 trmb synchronet: evnt BINKPOLL Got M_NUL command args: SYS flux cap.dynv6.net
    Jul 26 08:11:11 trmb synchronet: evnt BINKPOLL Got M_NUL command args: ZYZ Mich ael Pierce
    Jul 26 08:11:11 trmb synchronet: evnt BINKPOLL Got M_NUL command args: LOC Port land, Or
    Jul 26 08:11:11 trmb synchronet: evnt BINKPOLL Got M_NUL command args: NDL 1152 00,TCP,BINKP
    Jul 26 08:11:11 trmb synchronet: evnt BINKPOLL Got M_NUL command args: TIME Thu , 26 Jul 2018 08:11:11 -0700
    Jul 26 08:11:11 trmb synchronet: evnt BINKPOLL Got M_NUL command args: VER bink d/1.0.4/Linux binkp/1.1
    Jul 26 08:11:11 trmb synchronet: evnt BINKPOLL Peer version: binkd/1.0.4/Linux binkp/1.1
    Jul 26 08:11:11 trmb synchronet: evnt BINKPOLL Got M_ADR command args: 1:340/2 01@fidonet 21:2/145@fsxnet
    Jul 26 08:11:11 trmb synchronet: evnt BINKPOLL Sending M_PWD command args: CRAM -MD5-f681b1576345669af1fd17cb7b5c6e69
    Jul 26 08:11:11 trmb synchronet: evnt BINKPOLL Sent M_PWD command
    Jul 26 08:11:11 trmb synchronet: evnt BINKPOLL Got M_NUL command args: OPT EXTC MD GZ
    Jul 26 08:11:11 trmb synchronet: evnt BINKPOLL Got M_OK command args: non-secur e
    Jul 26 08:11:11 trmb synchronet: evnt BINKPOLL Authentication successful: non-s ecure
    Jul 26 08:11:11 trmb synchronet: evnt BINKPOLL Adding outbound files for 1:340/ 201@fidonet
    Jul 26 08:11:11 trmb synchronet: evnt BINKPOLL Got M_EOB command args:
    Jul 26 08:11:11 trmb synchronet: evnt BINKPOLL Sending M_EOB command args:
    Jul 26 08:11:11 trmb synchronet: evnt BINKPOLL Sent M_EOB command
    Jul 26 08:11:11 trmb synchronet: evnt BINKPOLL Sending M_EOB command args:
    Jul 26 08:11:11 trmb synchronet: evnt BINKPOLL Sent M_EOB command
    Jul 26 08:11:11 trmb synchronet: evnt BINKPOLL Remote host closed socket
    Jul 26 08:11:11 trmb synchronet: evnt BINKPOLL Unlocking /sbbs/fido/outbound/01 5400c9.bsy.

    The log shows a successful connection but only says that I connected to fluxcap.synchro.net. I don't know if the mailer used IPv4 or IPv6.

    I can only tell when I receive an IPv6 connection the log says something like this..

    Jul 26 08:15:15 trmb synchronet: srvc 0067 BINKP connection accepted from: 2001 :470:d:123:79eb:bb95:a703:9ee2 port 50708

    Ttyl :-),
    Al


    ... All those updates, and still imperfect!
    --- SBBSecho 3.05-Linux
    * Origin: The Rusty MailBox - Penticton, BC Canada (1:153/757)
  • From Benny Pedersen@2:230/0 to michael pierce on Fri Jul 27 11:30:36 2018
    Hello michael!

    23 Apr 2018 06:40, michael pierce wrote to All:

    75 1:340/201 Michael Pierce Native ComCast OO

    At the moment he is outgoing only. It would appear that he has
    firewall issues.

    if I disable IPV6 firewall. everything works

    if thats the case you need another firewall setup

    i post here shorewall6 show

    ----- ipv6 begins -----
    Shorewall6 5.2.0.4 filter Table at localhost - Fri Jul 27 11:29:03 UTC 2018

    Counters reset Wed Jul 25 19:50:32 UTC 2018

    Chain INPUT (policy DROP 0 packets, 0 bytes)
    pkts bytes target prot opt in out source destination
    10094 17M net-fw all eth0 * ::/0 ::/0
    0 0 ACCEPT all lo * ::/0 ::/0
    0 0 AllowICMPs icmpv6 * * ::/0 ::/0
    0 0 Broadcast all * * ::/0 ::/0
    0 0 DROP all * * ::/0 ff00::/8
    0 0 LOG all * * ::/0 ::/0 limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix "INPUT REJECT "
    0 0 reject all * * ::/0 ::/0 [goto]

    Chain FORWARD (policy DROP 0 packets, 0 bytes)
    pkts bytes target prot opt in out source destination
    0 0 AllowICMPs icmpv6 * * ::/0 ::/0
    0 0 Broadcast all * * ::/0 ::/0
    0 0 DROP all * * ::/0 ff00::/8
    0 0 LOG all * * ::/0 ::/0 limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix "FORWARD REJECT "
    0 0 reject all * * ::/0 ::/0 [goto]

    Chain OUTPUT (policy DROP 0 packets, 0 bytes)
    pkts bytes target prot opt in out source destination
    4731 1375K ACCEPT all * eth0 ::/0 ::/0
    0 0 ACCEPT all * lo ::/0 ::/0
    0 0 AllowICMPs icmpv6 * * ::/0 ::/0
    0 0 Broadcast all * * ::/0 ::/0
    0 0 DROP all * * ::/0 ff00::/8
    0 0 LOG all * * ::/0 ::/0 limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix "OUTPUT REJECT "
    0 0 reject all * * ::/0 ::/0 [goto]

    Chain AllowICMPs (4 references)
    pkts bytes target prot opt in out source destination
    0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 1 /* Needed ICMP types (RFC4890) */
    0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 2 /* Needed ICMP types (RFC4890) */
    0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 3 /* Needed ICMP types (RFC4890) */
    0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 4 /* Needed ICMP types (RFC4890) */
    0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 133 /* Needed ICMP types (RFC4890) */
    4827 502K ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 134 /* Needed ICMP types (RFC4890) */
    406 29232 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 135 /* Needed ICMP types (RFC4890) */
    417 30024 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 136 /* Needed ICMP types (RFC4890) */
    0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 137 /* Needed ICMP types (RFC4890) */
    0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 141 /* Needed ICMP types (RFC4890) */
    0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 142 /* Needed ICMP types (RFC4890) */
    0 0 ACCEPT icmpv6 * * fe80::/10 ::/0 ipv6-icmptype 130 /* Needed ICMP types (RFC4890) */
    0 0 ACCEPT icmpv6 * * fe80::/10 ::/0 ipv6-icmptype 131 /* Needed ICMP types (RFC4890) */
    0 0 ACCEPT icmpv6 * * fe80::/10 ::/0 ipv6-icmptype 132 /* Needed ICMP types (RFC4890) */
    0 0 ACCEPT icmpv6 * * fe80::/10 ::/0 ipv6-icmptype 143 /* Needed ICMP types (RFC4890) */
    0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 148 /* Needed ICMP types (RFC4890) */
    0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 149 /* Needed ICMP types (RFC4890) */
    0 0 ACCEPT icmpv6 * * fe80::/10 ::/0 ipv6-icmptype 151 /* Needed ICMP types (RFC4890) */
    0 0 ACCEPT icmpv6 * * fe80::/10 ::/0 ipv6-icmptype 152 /* Needed ICMP types (RFC4890) */
    0 0 ACCEPT icmpv6 * * fe80::/10 ::/0 ipv6-icmptype 153 /* Needed ICMP types (RFC4890) */

    Chain Broadcast (4 references)
    pkts bytes target prot opt in out source destination

    Chain logflags (7 references)
    pkts bytes target prot opt in out source destination
    0 0 LOG all * * ::/0 ::/0 limit: up to 1/sec burst 10 mode srcip LOG flags 4 level 6 prefix "logflags DROP "
    0 0 DROP all * * ::/0 ::/0

    Chain net-fw (1 references)
    pkts bytes target prot opt in out source destination
    4423 17M tcpflags tcp * * ::/0 ::/0
    4306 17M ACCEPT all * * ::/0 ::/0 ctstate RELATED,ESTABLISHED
    92 7360 ACCEPT tcp * * ::/0 ::/0 multiport dports 24554,21 /* BINKD, FTP */
    5651 561K AllowICMPs icmpv6 * * ::/0 ::/0
    44 3440 Broadcast all * * ::/0 ::/0
    44 3440 DROP all * * ::/0 ::/0

    Chain reject (3 references)
    pkts bytes target prot opt in out source destination
    0 0 DROP all * * ff00::/8 ::/0
    0 0 DROP 2 * * ::/0 ::/0
    0 0 REJECT tcp * * ::/0 ::/0 reject-with tcp-reset
    0 0 REJECT udp * * ::/0 ::/0 reject-with icmp6-port-unreachable
    0 0 REJECT icmpv6 * * ::/0 ::/0 reject-with icmp6-addr-unreachable
    0 0 REJECT all * * ::/0 ::/0 reject-with icmp6-adm-prohibited

    Chain sha-lh-634e06816c9e1b9e44e8 (0 references)
    pkts bytes target prot opt in out source destination

    Chain sha-rh-a8ae74fbde81fb36695f (0 references)
    pkts bytes target prot opt in out source destination

    Chain shorewall (0 references)
    pkts bytes target prot opt in out source destination
    0 0 all * * ::/0 ::/0 recent: SET name: %CURRENTTIME side: source mask: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff

    Chain tcpflags (1 references)
    pkts bytes target prot opt in out source destination
    0 0 logflags tcp * * ::/0 ::/0 [goto] tcp flags:0x3F/0x29
    0 0 logflags tcp * * ::/0 ::/0 [goto] tcp flags:0x3F/0x00
    0 0 logflags tcp * * ::/0 ::/0 [goto] tcp flags:0x06/0x06
    0 0 logflags tcp * * ::/0 ::/0 [goto] tcp flags:0x05/0x05
    0 0 logflags tcp * * ::/0 ::/0 [goto] tcp flags:0x03/0x03
    0 0 logflags tcp * * ::/0 ::/0 [goto] tcp flags:0x19/0x09
    0 0 logflags tcp * * ::/0 ::/0 [goto] tcp spt:0 flags:0x17/0x02
    ----- ipv6 ends -----

    and to help ipv4 only nodes

    ----- ipv4 begins -----
    Shorewall 5.2.0.4 filter Table at localhost - Fri Jul 27 11:30:04 UTC 2018

    Counters reset Wed Jul 25 19:50:32 UTC 2018

    Chain INPUT (policy DROP 0 packets, 0 bytes)
    pkts bytes target prot opt in out source destination
    34691 11M net-fw all -- eth0 * 0.0.0.0/0 0.0.0.0/0
    0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
    0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST
    0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type ANYCAST
    0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type MULTICAST
    0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix "INPUT REJECT "
    0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 [goto]

    Chain FORWARD (policy DROP 0 packets, 0 bytes)
    pkts bytes target prot opt in out source destination
    0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST
    0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type ANYCAST
    0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type MULTICAST
    0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix "FORWARD REJECT "
    0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 [goto]

    Chain OUTPUT (policy DROP 0 packets, 0 bytes)
    pkts bytes target prot opt in out source destination
    28670 16M ACCEPT all -- * eth0 0.0.0.0/0 0.0.0.0/0
    0 0 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
    0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST
    0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type ANYCAST
    0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type MULTICAST
    0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip LOG flags 0 level 6 prefix "OUTPUT REJECT "
    0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 [goto]

    Chain logflags (7 references)
    pkts bytes target prot opt in out source destination
    0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: up to 1/sec burst 10 mode srcip LOG flags 4 level 6 prefix "logflags DROP "
    0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0

    Chain net-fw (1 references)
    pkts bytes target prot opt in out source destination
    28728 9904K tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
    29198 10M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
    161 8908 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 24554,21 /* BINKD, FTP */
    5329 464K DROP all -- * * 0.0.0.0/0 0.0.0.0/0

    Chain reject (3 references)
    pkts bytes target prot opt in out source destination
    0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match src-type BROADCAST
    0 0 DROP all -- * * 224.0.0.0/4 0.0.0.0/0
    0 0 DROP 2 -- * * 0.0.0.0/0 0.0.0.0/0
    0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset
    0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
    0 0 REJECT icmp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-unreachable
    0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

    Chain sha-lh-808ab60cd53e1b279efe (0 references)
    pkts bytes target prot opt in out source destination

    Chain sha-rh-38f33b07baed13723f96 (0 references)
    pkts bytes target prot opt in out source destination

    Chain shorewall (0 references)
    pkts bytes target prot opt in out source destination
    0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 recent: SET name: %CURRENTTIME side: source mask: 255.255.255.255

    Chain tcpflags (1 references)
    pkts bytes target prot opt in out source destination
    0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 [goto] tcp flags:0x3F/0x29
    0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 [goto] tcp flags:0x3F/0x00
    0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 [goto] tcp flags:0x06/0x06
    0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 [goto] tcp flags:0x05/0x05
    0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 [goto] tcp flags:0x03/0x03
    0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 [goto] tcp flags:0x19/0x09
    0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 [goto] tcp spt:0 flags:0x17/0x02
    ----- ipv4 ends -----

    all firewalls works for me

    but I really don't want to have do that

    +1

    shorewall is my friend


    Regards Benny

    ... there can only be one way of life, and it works :)

    --- Msged/LNX 6.1.2 (Linux/4.17.10-gentoo (x86_64))
    * Origin: I will always keep a PC running CPM 3.0 (2:230/0)